예제 #1
0
  /** Filtering check to a list of contents based on the permission */
  @Override
  public <T> List<T> getFiltered(CallContext callContext, String repositoryId, List<T> contents) {
    List<T> result = new ArrayList<T>();

    // Validation
    // TODO refine the logic
    if (CollectionUtils.isEmpty(contents)) {
      return null;
    }

    // Filtering
    for (T _content : contents) {
      Content content = (Content) _content;
      Acl acl = contentService.calculateAcl(repositoryId, content);

      Boolean filtered =
          checkPermission(
              callContext,
              repositoryId,
              PermissionMapping.CAN_GET_PROPERTIES_OBJECT,
              acl,
              content.getType(),
              content);
      if (filtered) {
        result.add(_content);
      }
    }
    return result;
  }
  // TODO Show also stack errors
  @Override
  public void permissionDenied(
      CallContext context, String repositoryId, String key, Content content) {
    if (content == null) {
      System.out.println();
    }

    String baseTypeId = content.getType();
    Acl acl = contentService.calculateAcl(repositoryId, content);
    permissionDeniedInternal(context, repositoryId, key, acl, baseTypeId, content);

    permissionTopLevelFolder(context, repositoryId, key, content);
  }
예제 #3
0
  /**
   * TODO In the future, enable different configuration for Read/Update/Delete.
   *
   * @param callContext
   * @param repositoryId TODO
   * @param key
   * @param relationship
   * @return
   */
  private Boolean checkRelationshipPermission(
      CallContext callContext, String repositoryId, String key, Relationship relationship) {
    Content source = contentService.getRelationship(repositoryId, relationship.getSourceId());
    Content target = contentService.getRelationship(repositoryId, relationship.getTargetId());

    if (source == null || target == null) {
      log.warn(
          "[objectId="
              + relationship.getId()
              + "]Source or target of this relationship is missing");
      return false;
    }

    // Read action when a relationship is specified directly
    if (PermissionMapping.CAN_GET_PROPERTIES_OBJECT.equals(key)) {
      boolean readSource =
          checkPermission(
              callContext,
              repositoryId,
              PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT,
              contentService.calculateAcl(repositoryId, source),
              source.getType(),
              source);
      boolean readTarget =
          checkPermission(
              callContext,
              repositoryId,
              PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT,
              contentService.calculateAcl(repositoryId, target),
              target.getType(),
              target);
      return readSource | readTarget;
    }

    // Update action
    if (PermissionMapping.CAN_UPDATE_PROPERTIES_OBJECT.equals(key)) {
      boolean updateSource =
          checkPermission(
              callContext,
              repositoryId,
              PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT,
              contentService.calculateAcl(repositoryId, source),
              source.getType(),
              source);
      boolean updateTarget =
          checkPermission(
              callContext,
              repositoryId,
              PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT,
              contentService.calculateAcl(repositoryId, target),
              target.getType(),
              target);
      return updateSource | updateTarget;
    }

    // Delete action
    if (PermissionMapping.CAN_DELETE_OBJECT.equals(key)) {
      boolean deleteSource =
          checkPermission(
              callContext,
              repositoryId,
              PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT,
              contentService.calculateAcl(repositoryId, source),
              source.getType(),
              source);
      boolean deleteTarget =
          checkPermission(
              callContext,
              repositoryId,
              PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT,
              contentService.calculateAcl(repositoryId, target),
              target.getType(),
              target);
      return deleteSource | deleteTarget;
    }

    return false;
  }