001/* 002 * Copyright (c) 2006-2011 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the Eclipse Public License v1.0 006 * which accompanies this distribution, and is available at 007 * http://www.eclipse.org/legal/epl-v10.html 008 * 009 * Contributors: 010 * Florent Guillaume 011 */ 012package org.nuxeo.ecm.core.storage.sql.security; 013 014import java.security.Principal; 015 016import org.nuxeo.ecm.core.query.sql.model.Operator; 017import org.nuxeo.ecm.core.query.sql.model.Predicate; 018import org.nuxeo.ecm.core.query.sql.model.Reference; 019import org.nuxeo.ecm.core.query.sql.model.SQLQuery; 020import org.nuxeo.ecm.core.query.sql.model.SQLQuery.Transformer; 021import org.nuxeo.ecm.core.query.sql.model.StringLiteral; 022import org.nuxeo.ecm.core.query.sql.model.WhereClause; 023 024/** 025 * Dummy security policy denying all access to File objects with a query transformer. 026 * 027 * @author Florent Guillaume 028 */ 029public class NoFile2SecurityPolicy extends NoFileSecurityPolicy { 030 031 @Override 032 public boolean isExpressibleInQuery() { 033 return true; 034 } 035 036 /** 037 * Transformer that adds {@code AND ecm:primaryType <> 'File'} to the query. 038 */ 039 public static class NoFileTransformer implements Transformer { 040 private static final long serialVersionUID = 1L; 041 042 public static final Predicate NO_FILE = new Predicate(new Reference("ecm:primaryType"), Operator.NOTEQ, 043 new StringLiteral("File")); 044 045 @Override 046 public SQLQuery transform(Principal principal, SQLQuery query) { 047 WhereClause where = query.where; 048 Predicate predicate; 049 if (where == null || where.predicate == null) { 050 predicate = NO_FILE; 051 } else { 052 predicate = new Predicate(NO_FILE, Operator.AND, where.predicate); 053 } 054 SQLQuery newQuery = new SQLQuery(query.select, query.from, new WhereClause(predicate), query.groupBy, 055 query.having, query.orderBy, query.limit, query.offset); 056 return newQuery; 057 } 058 } 059 060 public static final Transformer NO_FILE_TRANSFORMER = new NoFileTransformer(); 061 062 @Override 063 public Transformer getQueryTransformer() { 064 return NO_FILE_TRANSFORMER; 065 } 066 067}