001/* 002 * (C) Copyright 2013 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Martin Pernollet 018 */ 019 020package org.nuxeo.ecm.platform.groups.audit.service.acl.filter; 021 022import java.util.Collection; 023 024import org.apache.commons.logging.Log; 025import org.apache.commons.logging.LogFactory; 026import org.nuxeo.ecm.core.api.security.SecurityConstants; 027import org.nuxeo.ecm.platform.usermanager.UserManager; 028import org.nuxeo.runtime.api.Framework; 029 030/** 031 * Ignore users and keep groups. Warning: this filter assumes a {@link UserManager} is available. 032 * 033 * @author Martin Pernollet <mpernollet@nuxeo.com> 034 */ 035public class AcceptsGroupOnly extends AbstractContentFilter implements IContentFilter { 036 protected static Log log = LogFactory.getLog(AcceptsGroupOnly.class); 037 038 protected UserManager um = Framework.getLocalService(UserManager.class); 039 040 protected Collection<String> groups = null; 041 042 /** 043 * Return true if the input string is the name of a group known by the {@link UserManager} service. Return also true 044 * if input is equal to {@link SecurityConstants.EVERYONE}, since this is a special user name intended to define 045 * inheritance blocker rules. 046 */ 047 @Override 048 public boolean acceptsUserOrGroup(String userOrGroup) { 049 if (isEveryone(userOrGroup)) 050 return true; 051 return isGroup(userOrGroup); 052 } 053 054 public boolean isGroup(String user) { 055 if (groups == null) 056 groups = um.getGroupIds(); 057 return groups.contains(user); 058 } 059}