Exemplo n.º 1
0
  private Boolean isAllowableBaseType(
      String key, String baseType, Content content, String repositoryId) {
    // NavigationServices
    if (PermissionMapping.CAN_GET_DESCENDENTS_FOLDER.equals(key))
      return BaseTypeId.CMIS_FOLDER.value().equals(baseType);
    if (PermissionMapping.CAN_GET_CHILDREN_FOLDER.equals(key))
      return BaseTypeId.CMIS_FOLDER.value().equals(baseType);
    if (PermissionMapping.CAN_GET_FOLDER_PARENT_OBJECT.equals(key))
      if (contentService.isRoot(repositoryId, content)) {
        return false;
      } else {
        return BaseTypeId.CMIS_FOLDER.value().equals(baseType);
      }
    if (PermissionMapping.CAN_GET_PARENTS_FOLDER.equals(key))
      if (contentService.isRoot(repositoryId, content)) {
        return false;
      } else {
        return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
            || BaseTypeId.CMIS_FOLDER.value().equals(baseType)
            || BaseTypeId.CMIS_POLICY.value().equals(baseType)
            || BaseTypeId.CMIS_ITEM.value().equals(baseType));
      }

    // Object Services
    if (PermissionMapping.CAN_CREATE_DOCUMENT_FOLDER.equals(key))
      return BaseTypeId.CMIS_FOLDER.value().equals(baseType);
    if (PermissionMapping.CAN_CREATE_FOLDER_FOLDER.equals(key))
      return BaseTypeId.CMIS_FOLDER.value().equals(baseType);
    if (PermissionMapping.CAN_CREATE_POLICY_FOLDER.equals(key))
      return BaseTypeId.CMIS_FOLDER.value().equals(baseType);
    if (PermissionMapping.CAN_CREATE_RELATIONSHIP_SOURCE.equals(key))
      return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
          || BaseTypeId.CMIS_FOLDER.value().equals(baseType)
          || BaseTypeId.CMIS_POLICY.value().equals(baseType)
          || BaseTypeId.CMIS_ITEM.equals(baseType));
    if (PermissionMapping.CAN_CREATE_RELATIONSHIP_TARGET.equals(key))
      return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
          || BaseTypeId.CMIS_FOLDER.value().equals(baseType)
          || BaseTypeId.CMIS_POLICY.value().equals(baseType)
          || BaseTypeId.CMIS_ITEM.value().equals(baseType));
    if (PermissionMapping.CAN_GET_PROPERTIES_OBJECT.equals(key))
      return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
          || BaseTypeId.CMIS_FOLDER.value().equals(baseType)
          || BaseTypeId.CMIS_RELATIONSHIP.value().equals(baseType)
          || BaseTypeId.CMIS_POLICY.value().equals(baseType)
          || BaseTypeId.CMIS_ITEM.value().equals(baseType));
    if (PermissionMapping.CAN_UPDATE_PROPERTIES_OBJECT.equals(key))
      return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
          || BaseTypeId.CMIS_FOLDER.value().equals(baseType)
          || BaseTypeId.CMIS_RELATIONSHIP.value().equals(baseType)
          || BaseTypeId.CMIS_POLICY.value().equals(baseType)
          || BaseTypeId.CMIS_ITEM.value().equals(baseType));
    if (PermissionMapping.CAN_MOVE_OBJECT.equals(key))
      if (contentService.isRoot(repositoryId, content)) {
        return false;
      } else {
        return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
            || BaseTypeId.CMIS_FOLDER.value().equals(baseType)
            || BaseTypeId.CMIS_POLICY.value().equals(baseType)
            || BaseTypeId.CMIS_ITEM.value().equals(baseType));
      }
    if (PermissionMapping.CAN_MOVE_TARGET.equals(key))
      return BaseTypeId.CMIS_FOLDER.value().equals(baseType);
    if (PermissionMapping.CAN_MOVE_SOURCE.equals(key))
      return BaseTypeId.CMIS_FOLDER.value().equals(baseType);
    if (PermissionMapping.CAN_DELETE_OBJECT.equals(key))
      if (contentService.isRoot(repositoryId, content)) {
        return false;
      } else {
        return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
            || BaseTypeId.CMIS_FOLDER.value().equals(baseType)
            || BaseTypeId.CMIS_RELATIONSHIP.value().equals(baseType)
            || BaseTypeId.CMIS_POLICY.value().equals(baseType)
            || BaseTypeId.CMIS_ITEM.value().equals(baseType));
      }
    if (PermissionMapping.CAN_VIEW_CONTENT_OBJECT.equals(key))
      return BaseTypeId.CMIS_DOCUMENT.value().equals(baseType);
    if (PermissionMapping.CAN_SET_CONTENT_DOCUMENT.equals(key))
      return BaseTypeId.CMIS_DOCUMENT.value().equals(baseType);
    if (PermissionMapping.CAN_DELETE_CONTENT_DOCUMENT.equals(key))
      return BaseTypeId.CMIS_DOCUMENT.value().equals(baseType);
    if (PermissionMapping.CAN_DELETE_TREE_FOLDER.equals(key))
      return BaseTypeId.CMIS_FOLDER.value().equals(baseType);
    // Filing Services
    if (PermissionMapping.CAN_ADD_TO_FOLDER_OBJECT.equals(key))
      return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
          || BaseTypeId.CMIS_POLICY.value().equals(baseType)
          || BaseTypeId.CMIS_ITEM.value().equals(baseType));
    if (PermissionMapping.CAN_ADD_TO_FOLDER_OBJECT.equals(key))
      return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
          || BaseTypeId.CMIS_POLICY.value().equals(baseType)
          || BaseTypeId.CMIS_ITEM.value().equals(baseType));
    if (PermissionMapping.CAN_REMOVE_FROM_FOLDER_OBJECT.equals(key))
      return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
          || BaseTypeId.CMIS_POLICY.value().equals(baseType)
          || BaseTypeId.CMIS_ITEM.value().equals(baseType));
    if (PermissionMapping.CAN_REMOVE_FROM_FOLDER_FOLDER.equals(key))
      return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
          || BaseTypeId.CMIS_POLICY.value().equals(baseType));
    // Versioning Services
    if (PermissionMapping.CAN_CHECKOUT_DOCUMENT.equals(key))
      return BaseTypeId.CMIS_DOCUMENT.value().equals(baseType);
    if (PermissionMapping.CAN_CANCEL_CHECKOUT_DOCUMENT.equals(key))
      return BaseTypeId.CMIS_DOCUMENT.value().equals(baseType);
    if (PermissionMapping.CAN_CHECKIN_DOCUMENT.equals(key))
      return BaseTypeId.CMIS_DOCUMENT.value().equals(baseType);
    if (PermissionMapping.CAN_GET_ALL_VERSIONS_VERSION_SERIES.equals(key))
      return BaseTypeId.CMIS_DOCUMENT.value().equals(baseType);
    // Relationship Services
    if (PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT.equals(key))
      return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
          || BaseTypeId.CMIS_FOLDER.value().equals(baseType)
          || BaseTypeId.CMIS_POLICY.value().equals(baseType)
          || BaseTypeId.CMIS_ITEM.value().equals(baseType));
    // Policy Services
    if (PermissionMapping.CAN_ADD_POLICY_OBJECT.equals(key))
      return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
          || BaseTypeId.CMIS_FOLDER.value().equals(baseType)
          || BaseTypeId.CMIS_RELATIONSHIP.value().equals(baseType)
          || BaseTypeId.CMIS_POLICY.value().equals(baseType)
          || BaseTypeId.CMIS_ITEM.value().equals(baseType));
    if (PermissionMapping.CAN_ADD_POLICY_POLICY.equals(key))
      return BaseTypeId.CMIS_POLICY.value().equals(baseType);
    if (PermissionMapping.CAN_REMOVE_POLICY_OBJECT.equals(key))
      return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
          || BaseTypeId.CMIS_FOLDER.value().equals(baseType)
          || BaseTypeId.CMIS_RELATIONSHIP.value().equals(baseType)
          || BaseTypeId.CMIS_POLICY.value().equals(baseType)
          || BaseTypeId.CMIS_ITEM.value().equals(baseType));
    if (PermissionMapping.CAN_REMOVE_POLICY_POLICY.equals(key))
      return BaseTypeId.CMIS_POLICY.value().equals(baseType);
    if (PermissionMapping.CAN_GET_APPLIED_POLICIES_OBJECT.equals(key))
      return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
          || BaseTypeId.CMIS_FOLDER.value().equals(baseType)
          || BaseTypeId.CMIS_RELATIONSHIP.value().equals(baseType)
          || BaseTypeId.CMIS_POLICY.value().equals(baseType)
          || BaseTypeId.CMIS_ITEM.value().equals(baseType));
    // ACL Services
    if (PermissionMapping.CAN_GET_ACL_OBJECT.equals(key))
      return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
          || BaseTypeId.CMIS_FOLDER.value().equals(baseType)
          || BaseTypeId.CMIS_RELATIONSHIP.value().equals(baseType)
          || BaseTypeId.CMIS_POLICY.value().equals(baseType)
          || BaseTypeId.CMIS_ITEM.value().equals(baseType));
    if (PermissionMapping.CAN_APPLY_ACL_OBJECT.equals(key))
      return (BaseTypeId.CMIS_DOCUMENT.value().equals(baseType)
          || BaseTypeId.CMIS_FOLDER.value().equals(baseType)
          || BaseTypeId.CMIS_RELATIONSHIP.value().equals(baseType)
          || BaseTypeId.CMIS_POLICY.value().equals(baseType)
          || BaseTypeId.CMIS_ITEM.value().equals(baseType));

    return false;
  }
Exemplo n.º 2
0
  /**
   * TODO In the future, enable different configuration for Read/Update/Delete.
   *
   * @param callContext
   * @param repositoryId TODO
   * @param key
   * @param relationship
   * @return
   */
  private Boolean checkRelationshipPermission(
      CallContext callContext, String repositoryId, String key, Relationship relationship) {
    Content source = contentService.getRelationship(repositoryId, relationship.getSourceId());
    Content target = contentService.getRelationship(repositoryId, relationship.getTargetId());

    if (source == null || target == null) {
      log.warn(
          "[objectId="
              + relationship.getId()
              + "]Source or target of this relationship is missing");
      return false;
    }

    // Read action when a relationship is specified directly
    if (PermissionMapping.CAN_GET_PROPERTIES_OBJECT.equals(key)) {
      boolean readSource =
          checkPermission(
              callContext,
              repositoryId,
              PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT,
              contentService.calculateAcl(repositoryId, source),
              source.getType(),
              source);
      boolean readTarget =
          checkPermission(
              callContext,
              repositoryId,
              PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT,
              contentService.calculateAcl(repositoryId, target),
              target.getType(),
              target);
      return readSource | readTarget;
    }

    // Update action
    if (PermissionMapping.CAN_UPDATE_PROPERTIES_OBJECT.equals(key)) {
      boolean updateSource =
          checkPermission(
              callContext,
              repositoryId,
              PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT,
              contentService.calculateAcl(repositoryId, source),
              source.getType(),
              source);
      boolean updateTarget =
          checkPermission(
              callContext,
              repositoryId,
              PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT,
              contentService.calculateAcl(repositoryId, target),
              target.getType(),
              target);
      return updateSource | updateTarget;
    }

    // Delete action
    if (PermissionMapping.CAN_DELETE_OBJECT.equals(key)) {
      boolean deleteSource =
          checkPermission(
              callContext,
              repositoryId,
              PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT,
              contentService.calculateAcl(repositoryId, source),
              source.getType(),
              source);
      boolean deleteTarget =
          checkPermission(
              callContext,
              repositoryId,
              PermissionMapping.CAN_GET_OBJECT_RELATIONSHIPS_OBJECT,
              contentService.calculateAcl(repositoryId, target),
              target.getType(),
              target);
      return deleteSource | deleteTarget;
    }

    return false;
  }