@Override
  public void deleteContentStream(
      CallContext callContext,
      String repositoryId,
      Holder<String> objectId,
      Holder<String> changeToken,
      ExtensionsData extension) {

    exceptionService.invalidArgumentRequiredHolderString("objectId", objectId);

    Lock lock = threadLockService.getWriteLock(repositoryId, objectId.getValue());
    try {
      lock.lock();

      // //////////////////
      // Exception
      // //////////////////
      Document document = contentService.getDocument(repositoryId, objectId.getValue());
      exceptionService.objectNotFound(DomainType.OBJECT, document, document.getId());
      exceptionService.constraintContentStreamRequired(repositoryId, document);

      // //////////////////
      // Body of the method
      // //////////////////
      contentService.deleteContentStream(callContext, repositoryId, objectId);

      nemakiCachePool.get(repositoryId).removeCmisCache(objectId.getValue());

    } finally {
      lock.unlock();
    }
  }
 @Override
 public void versioning(Document doc) {
   if (!doc.isLatestVersion() && !doc.isPrivateWorkingCopy()) {
     String msg = "The operation is not allowed on a non-current version of a document";
     throw new CmisVersioningException(buildMsgWithId(msg, doc.getId()), HTTP_STATUS_CODE_409);
   }
 }
  @Override
  public String createDocumentFromSource(
      CallContext callContext,
      String repositoryId,
      String sourceId,
      Properties properties,
      String folderId,
      VersioningState versioningState,
      List<String> policies,
      Acl addAces,
      Acl removeAces) {
    Document original = contentService.getDocument(repositoryId, sourceId);
    DocumentTypeDefinition td =
        (DocumentTypeDefinition)
            typeManager.getTypeDefinition(repositoryId, original.getObjectType());

    // //////////////////
    // General Exception
    // //////////////////
    exceptionService.invalidArgumentRequired("properties", properties);
    exceptionService.invalidArgumentRequiredParentFolderId(repositoryId, folderId);
    Folder parentFolder = contentService.getFolder(repositoryId, folderId);
    exceptionService.objectNotFoundParentFolder(repositoryId, folderId, parentFolder);
    exceptionService.permissionDenied(
        callContext, repositoryId, PermissionMapping.CAN_CREATE_FOLDER_FOLDER, parentFolder);

    // //////////////////
    // Specific Exception
    // //////////////////
    exceptionService.constraintBaseTypeId(repositoryId, properties, BaseTypeId.CMIS_DOCUMENT);
    exceptionService.constraintAllowedChildObjectTypeId(parentFolder, properties);
    exceptionService.constraintPropertyValue(
        repositoryId, td, properties, DataUtil.getIdProperty(properties, PropertyIds.OBJECT_ID));
    exceptionService.constraintControllableVersionable(td, versioningState, null);
    versioningState =
        (td.isVersionable() && versioningState == null) ? VersioningState.MAJOR : versioningState;
    exceptionService.constraintCotrollablePolicies(td, policies, properties);
    exceptionService.constraintCotrollableAcl(td, addAces, removeAces, properties);
    exceptionService.constraintPermissionDefined(repositoryId, addAces, null);
    exceptionService.constraintPermissionDefined(repositoryId, removeAces, null);
    exceptionService.nameConstraintViolation(properties, parentFolder);

    // //////////////////
    // Body of the method
    // //////////////////
    Document document =
        contentService.createDocumentFromSource(
            callContext,
            repositoryId,
            properties,
            parentFolder,
            original,
            versioningState,
            policies,
            addAces,
            removeAces);
    return document.getId();
  }
 @Override
 public void constraintAlreadyCheckedOut(String repositoryId, Document document) {
   VersionSeries vs = contentService.getVersionSeries(repositoryId, document);
   if (vs.isVersionSeriesCheckedOut()) {
     if (!(document.isPrivateWorkingCopy())) {
       constraint(document.getId(), "The version series is already checked out");
     }
   }
 }
 @Override
 public void constraintContentStreamRequired(String repositoryId, Document document) {
   String objectTypeId = document.getObjectType();
   DocumentTypeDefinition td =
       (DocumentTypeDefinition) typeManager.getTypeDefinition(repositoryId, objectTypeId);
   if (td.getContentStreamAllowed() == ContentStreamAllowed.REQUIRED) {
     if (document.getAttachmentNodeId() == null
         || contentService.getAttachment(repositoryId, document.getAttachmentNodeId()) == null) {
       constraint(document.getId(), "This document type does not allow no content stream");
     }
   }
 }
 @Override
 public void constraintContentStreamDownload(String repositoryId, Document document) {
   DocumentTypeDefinition documentTypeDefinition =
       (DocumentTypeDefinition) typeManager.getTypeDefinition(repositoryId, document);
   ContentStreamAllowed csa = documentTypeDefinition.getContentStreamAllowed();
   if (ContentStreamAllowed.NOTALLOWED == csa
       || ContentStreamAllowed.ALLOWED == csa
           && StringUtils.isBlank(document.getAttachmentNodeId())) {
     constraint(
         document.getId(),
         "This document has no ContentStream. getContentStream is not supported.");
   }
 }
  @Override
  public void contentAlreadyExists(Content content, Boolean overwriteFlag) {
    if (!overwriteFlag) {
      Document document = (Document) content; // FIXME
      String attachmentNodeId = document.getAttachmentNodeId(); // FIXME
      // getAttachmentNodes

      if (attachmentNodeId != null) {
        String msg = "Can't overwrite the content stream when overwriteFlag is false";
        throw new CmisContentAlreadyExistsException(
            buildMsgWithId(msg, content.getId()), HTTP_STATUS_CODE_409);
      }
    }
  }
  @Override
  public void appendContentStream(
      CallContext callContext,
      String repositoryId,
      Holder<String> objectId,
      Holder<String> changeToken,
      ContentStream contentStream,
      boolean isLastChunk,
      ExtensionsData extension) {

    exceptionService.invalidArgumentRequiredHolderString("objectId", objectId);

    Lock lock = threadLockService.getWriteLock(repositoryId, objectId.getValue());
    try {
      lock.lock();

      // //////////////////
      // General Exception
      // //////////////////

      exceptionService.invalidArgumentRequired("contentStream", contentStream);
      Document doc = (Document) contentService.getContent(repositoryId, objectId.getValue());
      exceptionService.objectNotFound(DomainType.OBJECT, doc, objectId.getValue());
      exceptionService.permissionDenied(
          callContext, repositoryId, PermissionMapping.CAN_SET_CONTENT_DOCUMENT, doc);
      DocumentTypeDefinition td =
          (DocumentTypeDefinition) typeManager.getTypeDefinition(repositoryId, doc.getObjectType());
      exceptionService.constraintImmutable(repositoryId, doc, td);

      // //////////////////
      // Specific Exception
      // //////////////////
      exceptionService.streamNotSupported(td, contentStream);
      exceptionService.updateConflict(doc, changeToken);
      exceptionService.versioning(doc);

      // //////////////////
      // Body of the method
      // //////////////////
      contentService.appendAttachment(
          callContext, repositoryId, objectId, changeToken, contentStream, isLastChunk, extension);

      nemakiCachePool.get(repositoryId).removeCmisCache(objectId.getValue());
    } finally {
      lock.unlock();
    }
  }
  @Override
  public void setContentStream(
      CallContext callContext,
      String repositoryId,
      Holder<String> objectId,
      boolean overwriteFlag,
      ContentStream contentStream,
      Holder<String> changeToken) {

    exceptionService.invalidArgumentRequiredHolderString("objectId", objectId);

    Lock lock = threadLockService.getWriteLock(repositoryId, objectId.getValue());
    try {
      lock.lock();
      // //////////////////
      // General Exception
      // //////////////////

      exceptionService.invalidArgumentRequired("contentStream", contentStream);
      Document doc = (Document) contentService.getContent(repositoryId, objectId.getValue());
      exceptionService.objectNotFound(DomainType.OBJECT, doc, objectId.getValue());
      exceptionService.permissionDenied(
          callContext, repositoryId, PermissionMapping.CAN_SET_CONTENT_DOCUMENT, doc);
      DocumentTypeDefinition td =
          (DocumentTypeDefinition) typeManager.getTypeDefinition(repositoryId, doc.getObjectType());
      exceptionService.constraintImmutable(repositoryId, doc, td);

      // //////////////////
      // Specific Exception
      // //////////////////
      exceptionService.contentAlreadyExists(doc, overwriteFlag);
      exceptionService.streamNotSupported(td, contentStream);
      exceptionService.updateConflict(doc, changeToken);
      exceptionService.versioning(doc);
      Folder parent = contentService.getParent(repositoryId, objectId.getValue());
      exceptionService.objectNotFoundParentFolder(repositoryId, objectId.getValue(), parent);

      // //////////////////
      // Body of the method
      // //////////////////
      String oldId = objectId.getValue();

      // TODO Externalize versioningState
      if (doc.isPrivateWorkingCopy()) {
        Document result = contentService.replacePwc(callContext, repositoryId, doc, contentStream);
        objectId.setValue(result.getId());
      } else {
        Document result =
            contentService.createDocumentWithNewStream(
                callContext, repositoryId, doc, contentStream);
        objectId.setValue(result.getId());
      }

      nemakiCachePool.get(repositoryId).removeCmisCache(oldId);
    } finally {
      lock.unlock();
    }
  }
 @Override
 public void constraintUpdateWhenCheckedOut(
     String repositoryId, String currentUserId, Document document) {
   VersionSeries vs = contentService.getVersionSeries(repositoryId, document);
   if (vs.isVersionSeriesCheckedOut()) {
     if (document.isPrivateWorkingCopy()) {
       // Can update by only the use who has checked it out
       String whoCheckedOut = vs.getVersionSeriesCheckedOutBy();
       if (!currentUserId.equals(whoCheckedOut)) {
         constraint(
             document.getId(),
             "This private working copy can be modified only by the user who has checked it out. ");
       }
     } else {
       // All versions except for PWC are locked.
       constraint(document.getId(), "All versions except for PWC are locked when checked out.");
     }
   }
 }
  // TODO Implement HTTP range(offset and length of stream), though it is not
  // obligatory.
  private ContentStream getContentStreamInternal(
      String repositoryId, Content content, BigInteger rangeOffset, BigInteger rangeLength) {
    if (!content.isDocument()) {
      exceptionService.constraint(
          content.getId(), "getContentStream cannnot be invoked to other than document type.");
    }
    Document document = (Document) content;
    exceptionService.constraintContentStreamDownload(repositoryId, document);
    AttachmentNode attachment =
        contentService.getAttachment(repositoryId, document.getAttachmentNodeId());
    attachment.setRangeOffset(rangeOffset);
    attachment.setRangeLength(rangeLength);

    // Set content stream
    BigInteger length = BigInteger.valueOf(attachment.getLength());
    String name = attachment.getName();
    String mimeType = attachment.getMimeType();
    InputStream is = attachment.getInputStream();
    ContentStream cs = new ContentStreamImpl(name, length, mimeType, is);

    return cs;
  }
  @Override
  public void constraintImmutable(
      String repositoryId, Document document, TypeDefinition typeDefinition) {
    Boolean defaultVal =
        (Boolean)
            typeManager.getSingleDefaultValue(
                PropertyIds.IS_IMMUTABLE, typeDefinition.getId(), repositoryId);

    boolean flag = false;
    if (document.isImmutable() == null) {
      if (defaultVal != null && defaultVal) {
        flag = true;
      }
    } else {
      if (document.isImmutable()) {
        flag = true;
      }
    }

    if (flag) {
      constraint(document.getId(), "Immutable document cannot be updated/deleted");
    }
  }
Пример #13
0
  // TODO Merge arguments(acl, content)
  // FIXME Refactor duplicate isAllowableBaseType
  @Override
  public Boolean checkPermission(
      CallContext callContext,
      String repositoryId,
      String key,
      Acl acl,
      String baseType,
      Content content) {

    // All permission checks must go through baseType check
    if (!isAllowableBaseType(key, baseType, content, repositoryId)) return false;

    // Admin always pass a permission check
    CallContextImpl cci = (CallContextImpl) callContext;
    Boolean _isAdmin = (Boolean) cci.get(CallContextKey.IS_ADMIN);
    boolean isAdmin = (_isAdmin == null) ? false : _isAdmin;
    if (isAdmin) return true;

    // PWC doesn't accept any actions from a non-owner user
    // TODO admin can manipulate PWC even when it is checked out ?
    if (content.isDocument()) {
      Document document = (Document) content;
      if (document.isPrivateWorkingCopy()) {
        VersionSeries vs = contentService.getVersionSeries(repositoryId, document);
        if (!callContext.getUsername().equals(vs.getVersionSeriesCheckedOutBy())) {
          return false;
        }
      }
    }

    // Relation has no ACL stored in DB.
    // Though some actions are defined in the specs,
    // Some other direct actions is needed to be set here.
    if (content.isRelationship()) {
      Relationship relationship = (Relationship) content;
      return checkRelationshipPermission(callContext, repositoryId, key, relationship);
    }

    // Void Acl fails(but Admin can do an action)
    if (acl == null) return false;

    // Even if a user has multiple ACEs, the permissions is pushed into
    // Set<String> and remain unique.
    // Get ACL for the current user
    String userName = callContext.getUsername();
    List<Ace> aces = acl.getAllAces();
    Set<String> userPermissions = new HashSet<String>();
    Set<String> groups = principalService.getGroupIdsContainingUser(repositoryId, userName);
    for (Ace ace : aces) {
      // Filter ace which has not permissions
      if (ace.getPermissions() == null) continue;

      // Add user permissions
      if (ace.getPrincipalId().equals(userName)) {
        userPermissions.addAll(ace.getPermissions());
      }
      // Add inherited permissions which user inherits
      if (CollectionUtils.isNotEmpty(groups) && groups.contains(ace.getPrincipalId())) {
        userPermissions.addAll(ace.getPermissions());
      }
    }

    // Check mapping between the user and the content
    return checkCalculatedPermissions(repositoryId, key, userPermissions);
  }