/** Filtering check to a list of contents based on the permission */
@Override
public <T> List<T> getFiltered(CallContext callContext, String repositoryId, List<T> contents) {
List<T> result = new ArrayList<T>();
// Validation
// TODO refine the logic
if (CollectionUtils.isEmpty(contents)) {
return null;
}
// Filtering
for (T _content : contents) {
Content content = (Content) _content;
Acl acl = contentService.calculateAcl(repositoryId, content);
Boolean filtered =
checkPermission(
callContext,
repositoryId,
PermissionMapping.CAN_GET_PROPERTIES_OBJECT,
acl,
content.getType(),
content);
if (filtered) {
result.add(_content);
}
}
return result;
}
// TODO Show also stack errors
@Override
public void permissionDenied(
CallContext context, String repositoryId, String key, Content content) {
if (content == null) {
System.out.println();
}
String baseTypeId = content.getType();
Acl acl = contentService.calculateAcl(repositoryId, content);
permissionDeniedInternal(context, repositoryId, key, acl, baseTypeId, content);
permissionTopLevelFolder(context, repositoryId, key, content);
}
/**
* TODO In the future, enable different configuration for Read/Update/Delete.
*
* @param callContext
* @param repositoryId TODO
* @param key
* @param relationship
* @return
*/
private Boolean checkRelationshipPermission(
CallContext callContext, String repositoryId, String key, Relationship relationship) {
Content source = contentService.getRelationship(repositoryId, relationship.getSourceId());
Content target = contentService.getRelationship(repositoryId, relationship.getTargetId());
if (source == null || target == null) {
log.warn(
"[objectId="
+ relationship.getId()
+ "]Source or target of this relationship is missing");
return false;
}
// Read action when a relationship is specified directly
if (PermissionMapping.CAN_GET_PROPERTIES_OBJECT.equals(key)) {
boolean readSource =
checkPermission(
callContext,
repositoryId,
PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT,
contentService.calculateAcl(repositoryId, source),
source.getType(),
source);
boolean readTarget =
checkPermission(
callContext,
repositoryId,
PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT,
contentService.calculateAcl(repositoryId, target),
target.getType(),
target);
return readSource | readTarget;
}
// Update action
if (PermissionMapping.CAN_UPDATE_PROPERTIES_OBJECT.equals(key)) {
boolean updateSource =
checkPermission(
callContext,
repositoryId,
PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT,
contentService.calculateAcl(repositoryId, source),
source.getType(),
source);
boolean updateTarget =
checkPermission(
callContext,
repositoryId,
PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT,
contentService.calculateAcl(repositoryId, target),
target.getType(),
target);
return updateSource | updateTarget;
}
// Delete action
if (PermissionMapping.CAN_DELETE_OBJECT.equals(key)) {
boolean deleteSource =
checkPermission(
callContext,
repositoryId,
PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT,
contentService.calculateAcl(repositoryId, source),
source.getType(),
source);
boolean deleteTarget =
checkPermission(
callContext,
repositoryId,
PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT,
contentService.calculateAcl(repositoryId, target),
target.getType(),
target);
return deleteSource | deleteTarget;
}
return false;
}
