/** * TODO In the future, enable different configuration for Read/Update/Delete. * * @param callContext * @param repositoryId TODO * @param key * @param relationship * @return */ private Boolean checkRelationshipPermission( CallContext callContext, String repositoryId, String key, Relationship relationship) { Content source = contentService.getRelationship(repositoryId, relationship.getSourceId()); Content target = contentService.getRelationship(repositoryId, relationship.getTargetId()); if (source == null || target == null) { log.warn( "[objectId=" + relationship.getId() + "]Source or target of this relationship is missing"); return false; } // Read action when a relationship is specified directly if (PermissionMapping.CAN_GET_PROPERTIES_OBJECT.equals(key)) { boolean readSource = checkPermission( callContext, repositoryId, PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT, contentService.calculateAcl(repositoryId, source), source.getType(), source); boolean readTarget = checkPermission( callContext, repositoryId, PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT, contentService.calculateAcl(repositoryId, target), target.getType(), target); return readSource | readTarget; } // Update action if (PermissionMapping.CAN_UPDATE_PROPERTIES_OBJECT.equals(key)) { boolean updateSource = checkPermission( callContext, repositoryId, PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT, contentService.calculateAcl(repositoryId, source), source.getType(), source); boolean updateTarget = checkPermission( callContext, repositoryId, PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT, contentService.calculateAcl(repositoryId, target), target.getType(), target); return updateSource | updateTarget; } // Delete action if (PermissionMapping.CAN_DELETE_OBJECT.equals(key)) { boolean deleteSource = checkPermission( callContext, repositoryId, PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT, contentService.calculateAcl(repositoryId, source), source.getType(), source); boolean deleteTarget = checkPermission( callContext, repositoryId, PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT, contentService.calculateAcl(repositoryId, target), target.getType(), target); return deleteSource | deleteTarget; } return false; }