001/*
002 * Copyright (c) 2006-2011 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * All rights reserved. This program and the accompanying materials
005 * are made available under the terms of the Eclipse Public License v1.0
006 * which accompanies this distribution, and is available at
007 * http://www.eclipse.org/legal/epl-v10.html
008 *
009 * Contributors:
010 *     Florent Guillaume
011 */
012package org.nuxeo.ecm.core.storage.sql.security;
013
014import java.security.Principal;
015
016import org.nuxeo.ecm.core.query.sql.model.Operator;
017import org.nuxeo.ecm.core.query.sql.model.Predicate;
018import org.nuxeo.ecm.core.query.sql.model.Reference;
019import org.nuxeo.ecm.core.query.sql.model.SQLQuery;
020import org.nuxeo.ecm.core.query.sql.model.SQLQuery.Transformer;
021import org.nuxeo.ecm.core.query.sql.model.StringLiteral;
022import org.nuxeo.ecm.core.query.sql.model.WhereClause;
023
024/**
025 * Dummy security policy denying all access to File objects with a query transformer.
026 *
027 * @author Florent Guillaume
028 */
029public class NoFile2SecurityPolicy extends NoFileSecurityPolicy {
030
031    @Override
032    public boolean isExpressibleInQuery() {
033        return true;
034    }
035
036    /**
037     * Transformer that adds {@code AND ecm:primaryType <> 'File'} to the query.
038     */
039    public static class NoFileTransformer implements Transformer {
040        private static final long serialVersionUID = 1L;
041
042        public static final Predicate NO_FILE = new Predicate(new Reference("ecm:primaryType"), Operator.NOTEQ,
043                new StringLiteral("File"));
044
045        @Override
046        public SQLQuery transform(Principal principal, SQLQuery query) {
047            WhereClause where = query.where;
048            Predicate predicate;
049            if (where == null || where.predicate == null) {
050                predicate = NO_FILE;
051            } else {
052                predicate = new Predicate(NO_FILE, Operator.AND, where.predicate);
053            }
054            SQLQuery newQuery = new SQLQuery(query.select, query.from, new WhereClause(predicate), query.groupBy,
055                    query.having, query.orderBy, query.limit, query.offset);
056            return newQuery;
057        }
058    }
059
060    public static final Transformer NO_FILE_TRANSFORMER = new NoFileTransformer();
061
062    @Override
063    public Transformer getQueryTransformer() {
064        return NO_FILE_TRANSFORMER;
065    }
066
067}