private Boolean isAllowableBaseType(
String key, String baseType, Content content, String repositoryId) {
// NavigationServices
if (PermissionMapping.CAN_GET_DESCENDENTS_FOLDER.equals(key))
return BaseTypeId.CMIS_FOLDER.value().equals(baseType);
if (PermissionMapping.CAN_GET_CHILDREN_FOLDER.equals(key))
return BaseTypeId.CMIS_FOLDER.value().equals(baseType);
if (PermissionMapping.CAN_GET_FOLDER_PARENT_OBJECT.equals(key))
if (contentService.isRoot(repositoryId, content)) {
return false;
} else {
return BaseTypeId.CMIS_FOLDER.value().equals(baseType);
}
if (PermissionMapping.CAN_GET_PARENTS_FOLDER.equals(key))
if (contentService.isRoot(repositoryId, content)) {
return false;
} else {
return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
|| BaseTypeId.CMIS_FOLDER.value().equals(baseType)
|| BaseTypeId.CMIS_POLICY.value().equals(baseType)
|| BaseTypeId.CMIS_ITEM.value().equals(baseType));
}
// Object Services
if (PermissionMapping.CAN_CREATE_DOCUMENT_FOLDER.equals(key))
return BaseTypeId.CMIS_FOLDER.value().equals(baseType);
if (PermissionMapping.CAN_CREATE_FOLDER_FOLDER.equals(key))
return BaseTypeId.CMIS_FOLDER.value().equals(baseType);
if (PermissionMapping.CAN_CREATE_POLICY_FOLDER.equals(key))
return BaseTypeId.CMIS_FOLDER.value().equals(baseType);
if (PermissionMapping.CAN_CREATE_RELATIONSHIP_SOURCE.equals(key))
return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
|| BaseTypeId.CMIS_FOLDER.value().equals(baseType)
|| BaseTypeId.CMIS_POLICY.value().equals(baseType)
|| BaseTypeId.CMIS_ITEM.equals(baseType));
if (PermissionMapping.CAN_CREATE_RELATIONSHIP_TARGET.equals(key))
return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
|| BaseTypeId.CMIS_FOLDER.value().equals(baseType)
|| BaseTypeId.CMIS_POLICY.value().equals(baseType)
|| BaseTypeId.CMIS_ITEM.value().equals(baseType));
if (PermissionMapping.CAN_GET_PROPERTIES_OBJECT.equals(key))
return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
|| BaseTypeId.CMIS_FOLDER.value().equals(baseType)
|| BaseTypeId.CMIS_RELATIONSHIP.value().equals(baseType)
|| BaseTypeId.CMIS_POLICY.value().equals(baseType)
|| BaseTypeId.CMIS_ITEM.value().equals(baseType));
if (PermissionMapping.CAN_UPDATE_PROPERTIES_OBJECT.equals(key))
return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
|| BaseTypeId.CMIS_FOLDER.value().equals(baseType)
|| BaseTypeId.CMIS_RELATIONSHIP.value().equals(baseType)
|| BaseTypeId.CMIS_POLICY.value().equals(baseType)
|| BaseTypeId.CMIS_ITEM.value().equals(baseType));
if (PermissionMapping.CAN_MOVE_OBJECT.equals(key))
if (contentService.isRoot(repositoryId, content)) {
return false;
} else {
return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
|| BaseTypeId.CMIS_FOLDER.value().equals(baseType)
|| BaseTypeId.CMIS_POLICY.value().equals(baseType)
|| BaseTypeId.CMIS_ITEM.value().equals(baseType));
}
if (PermissionMapping.CAN_MOVE_TARGET.equals(key))
return BaseTypeId.CMIS_FOLDER.value().equals(baseType);
if (PermissionMapping.CAN_MOVE_SOURCE.equals(key))
return BaseTypeId.CMIS_FOLDER.value().equals(baseType);
if (PermissionMapping.CAN_DELETE_OBJECT.equals(key))
if (contentService.isRoot(repositoryId, content)) {
return false;
} else {
return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
|| BaseTypeId.CMIS_FOLDER.value().equals(baseType)
|| BaseTypeId.CMIS_RELATIONSHIP.value().equals(baseType)
|| BaseTypeId.CMIS_POLICY.value().equals(baseType)
|| BaseTypeId.CMIS_ITEM.value().equals(baseType));
}
if (PermissionMapping.CAN_VIEW_CONTENT_OBJECT.equals(key))
return BaseTypeId.CMIS_DOCUMENT.value().equals(baseType);
if (PermissionMapping.CAN_SET_CONTENT_DOCUMENT.equals(key))
return BaseTypeId.CMIS_DOCUMENT.value().equals(baseType);
if (PermissionMapping.CAN_DELETE_CONTENT_DOCUMENT.equals(key))
return BaseTypeId.CMIS_DOCUMENT.value().equals(baseType);
if (PermissionMapping.CAN_DELETE_TREE_FOLDER.equals(key))
return BaseTypeId.CMIS_FOLDER.value().equals(baseType);
// Filing Services
if (PermissionMapping.CAN_ADD_TO_FOLDER_OBJECT.equals(key))
return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
|| BaseTypeId.CMIS_POLICY.value().equals(baseType)
|| BaseTypeId.CMIS_ITEM.value().equals(baseType));
if (PermissionMapping.CAN_ADD_TO_FOLDER_OBJECT.equals(key))
return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
|| BaseTypeId.CMIS_POLICY.value().equals(baseType)
|| BaseTypeId.CMIS_ITEM.value().equals(baseType));
if (PermissionMapping.CAN_REMOVE_FROM_FOLDER_OBJECT.equals(key))
return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
|| BaseTypeId.CMIS_POLICY.value().equals(baseType)
|| BaseTypeId.CMIS_ITEM.value().equals(baseType));
if (PermissionMapping.CAN_REMOVE_FROM_FOLDER_FOLDER.equals(key))
return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
|| BaseTypeId.CMIS_POLICY.value().equals(baseType));
// Versioning Services
if (PermissionMapping.CAN_CHECKOUT_DOCUMENT.equals(key))
return BaseTypeId.CMIS_DOCUMENT.value().equals(baseType);
if (PermissionMapping.CAN_CANCEL_CHECKOUT_DOCUMENT.equals(key))
return BaseTypeId.CMIS_DOCUMENT.value().equals(baseType);
if (PermissionMapping.CAN_CHECKIN_DOCUMENT.equals(key))
return BaseTypeId.CMIS_DOCUMENT.value().equals(baseType);
if (PermissionMapping.CAN_GET_ALL_VERSIONS_VERSION_SERIES.equals(key))
return BaseTypeId.CMIS_DOCUMENT.value().equals(baseType);
// Relationship Services
if (PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT.equals(key))
return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
|| BaseTypeId.CMIS_FOLDER.value().equals(baseType)
|| BaseTypeId.CMIS_POLICY.value().equals(baseType)
|| BaseTypeId.CMIS_ITEM.value().equals(baseType));
// Policy Services
if (PermissionMapping.CAN_ADD_POLICY_OBJECT.equals(key))
return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
|| BaseTypeId.CMIS_FOLDER.value().equals(baseType)
|| BaseTypeId.CMIS_RELATIONSHIP.value().equals(baseType)
|| BaseTypeId.CMIS_POLICY.value().equals(baseType)
|| BaseTypeId.CMIS_ITEM.value().equals(baseType));
if (PermissionMapping.CAN_ADD_POLICY_POLICY.equals(key))
return BaseTypeId.CMIS_POLICY.value().equals(baseType);
if (PermissionMapping.CAN_REMOVE_POLICY_OBJECT.equals(key))
return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
|| BaseTypeId.CMIS_FOLDER.value().equals(baseType)
|| BaseTypeId.CMIS_RELATIONSHIP.value().equals(baseType)
|| BaseTypeId.CMIS_POLICY.value().equals(baseType)
|| BaseTypeId.CMIS_ITEM.value().equals(baseType));
if (PermissionMapping.CAN_REMOVE_POLICY_POLICY.equals(key))
return BaseTypeId.CMIS_POLICY.value().equals(baseType);
if (PermissionMapping.CAN_GET_APPLIED_POLICIES_OBJECT.equals(key))
return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
|| BaseTypeId.CMIS_FOLDER.value().equals(baseType)
|| BaseTypeId.CMIS_RELATIONSHIP.value().equals(baseType)
|| BaseTypeId.CMIS_POLICY.value().equals(baseType)
|| BaseTypeId.CMIS_ITEM.value().equals(baseType));
// ACL Services
if (PermissionMapping.CAN_GET_ACL_OBJECT.equals(key))
return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
|| BaseTypeId.CMIS_FOLDER.value().equals(baseType)
|| BaseTypeId.CMIS_RELATIONSHIP.value().equals(baseType)
|| BaseTypeId.CMIS_POLICY.value().equals(baseType)
|| BaseTypeId.CMIS_ITEM.value().equals(baseType));
if (PermissionMapping.CAN_APPLY_ACL_OBJECT.equals(key))
return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
|| BaseTypeId.CMIS_FOLDER.value().equals(baseType)
|| BaseTypeId.CMIS_RELATIONSHIP.value().equals(baseType)
|| BaseTypeId.CMIS_POLICY.value().equals(baseType)
|| BaseTypeId.CMIS_ITEM.value().equals(baseType));
return false;
}
/**
* TODO In the future, enable different configuration for Read/Update/Delete.
*
* @param callContext
* @param repositoryId TODO
* @param key
* @param relationship
* @return
*/
private Boolean checkRelationshipPermission(
CallContext callContext, String repositoryId, String key, Relationship relationship) {
Content source = contentService.getRelationship(repositoryId, relationship.getSourceId());
Content target = contentService.getRelationship(repositoryId, relationship.getTargetId());
if (source == null || target == null) {
log.warn(
"[objectId="
+ relationship.getId()
+ "]Source or target of this relationship is missing");
return false;
}
// Read action when a relationship is specified directly
if (PermissionMapping.CAN_GET_PROPERTIES_OBJECT.equals(key)) {
boolean readSource =
checkPermission(
callContext,
repositoryId,
PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT,
contentService.calculateAcl(repositoryId, source),
source.getType(),
source);
boolean readTarget =
checkPermission(
callContext,
repositoryId,
PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT,
contentService.calculateAcl(repositoryId, target),
target.getType(),
target);
return readSource | readTarget;
}
// Update action
if (PermissionMapping.CAN_UPDATE_PROPERTIES_OBJECT.equals(key)) {
boolean updateSource =
checkPermission(
callContext,
repositoryId,
PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT,
contentService.calculateAcl(repositoryId, source),
source.getType(),
source);
boolean updateTarget =
checkPermission(
callContext,
repositoryId,
PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT,
contentService.calculateAcl(repositoryId, target),
target.getType(),
target);
return updateSource | updateTarget;
}
// Delete action
if (PermissionMapping.CAN_DELETE_OBJECT.equals(key)) {
boolean deleteSource =
checkPermission(
callContext,
repositoryId,
PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT,
contentService.calculateAcl(repositoryId, source),
source.getType(),
source);
boolean deleteTarget =
checkPermission(
callContext,
repositoryId,
PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT,
contentService.calculateAcl(repositoryId, target),
target.getType(),
target);
return deleteSource | deleteTarget;
}
return false;
}