View Javadoc
1   /*
2    * Copyright (C) 2003-2011 eXo Platform SAS.
3    *
4    * This program is free software; you can redistribute it and/or
5    * modify it under the terms of the GNU Affero General Public License
6    * as published by the Free Software Foundation; either version 3
7    * of the License, or (at your option) any later version.
8    *
9    * This program is distributed in the hope that it will be useful,
10   * but WITHOUT ANY WARRANTY; without even the implied warranty of
11   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12   * GNU General Public License for more details.
13   *
14   * You should have received a copy of the GNU General Public License
15   * along with this program; if not, see<http://www.gnu.org/licenses/>.
16   */
17  package org.exoplatform.wiki.mow.core.api.wiki;
18  
19  import org.chromattic.api.ChromatticSession;
20  import org.exoplatform.services.jcr.access.AccessControlEntry;
21  import org.exoplatform.services.jcr.access.AccessControlList;
22  import org.exoplatform.services.jcr.core.ExtendedNode;
23  import org.exoplatform.services.log.ExoLogger;
24  import org.exoplatform.services.log.Log;
25  import org.exoplatform.services.security.ConversationState;
26  import org.exoplatform.services.security.Identity;
27  import org.exoplatform.services.security.IdentityConstants;
28  import org.exoplatform.wiki.WikiException;
29  import org.exoplatform.wiki.mow.api.PermissionType;
30  import org.exoplatform.wiki.mow.core.api.MOWService;
31  import org.exoplatform.wiki.utils.JCRUtils;
32  
33  import javax.jcr.Node;
34  import javax.jcr.RepositoryException;
35  import java.util.ArrayList;
36  import java.util.Arrays;
37  import java.util.HashMap;
38  import java.util.List;
39  
40  public class PermissionImpl {
41    private static final Log log = ExoLogger.getLogger(PermissionImpl.class);
42  
43    protected MOWService mowService;
44  
45    public void setMOWService(MOWService mowService) {
46      this.mowService = mowService;
47    }
48  
49    public MOWService getMOWService() {
50      return mowService;
51    }
52  
53    public HashMap<String, String[]> getPermission(String jcrPath) throws WikiException {
54      try {
55        ExtendedNode extendedNode = (ExtendedNode) getJCRNode(jcrPath);
56        HashMap<String, String[]> perm = new HashMap<>();
57        AccessControlList acl = extendedNode.getACL();
58        List<AccessControlEntry> aceList = acl.getPermissionEntries();
59        for (int i = 0, length = aceList.size(); i < length; i++) {
60          AccessControlEntry ace = aceList.get(i);
61          String[] nodeActions = perm.get(ace.getIdentity());
62          List<String> actions;
63          if (nodeActions != null) {
64            actions = new ArrayList<>(Arrays.asList(nodeActions));
65          } else {
66            actions = new ArrayList<>();
67          }
68          actions.add(ace.getPermission());
69          perm.put(ace.getIdentity(), actions.toArray(new String[actions.size()]));
70        }
71        return perm;
72      } catch (Exception e) {
73        throw new WikiException("Cannot get permissions of node " + jcrPath, e);
74      }
75    }
76  
77    public boolean hasPermission(PermissionType permissionType, String jcrPath) {
78      ConversationState conversationState = ConversationState.getCurrent();
79      Identity user;
80      if (conversationState != null) {
81        user = conversationState.getIdentity();
82      } else {
83        user = new Identity(IdentityConstants.ANONIM);
84      }
85      return hasPermission(permissionType, jcrPath, user);
86    }
87  
88    public boolean hasPermission(PermissionType permissionType, String jcrPath, Identity user) {
89      // Convert permissionType to JCR permission
90      String[] permission = new String[] {};
91      if (PermissionType.VIEWPAGE.equals(permissionType) || PermissionType.VIEW_ATTACHMENT.equals(permissionType)) {
92        permission = new String[] { org.exoplatform.services.jcr.access.PermissionType.READ };
93      } else if (PermissionType.EDITPAGE.equals(permissionType) || PermissionType.EDIT_ATTACHMENT.equals(permissionType)) {
94        permission = new String[] { org.exoplatform.services.jcr.access.PermissionType.ADD_NODE,
95            org.exoplatform.services.jcr.access.PermissionType.REMOVE,
96            org.exoplatform.services.jcr.access.PermissionType.SET_PROPERTY };
97      }
98  
99      try {
100       // Get ACL
101       ExtendedNode extendedNode = (ExtendedNode) getJCRNode(jcrPath);
102       AccessControlList acl = extendedNode.getACL();
103 
104       return JCRUtils.hasPermission(acl, permission, user);
105     } catch(RepositoryException e) {
106       log.error("Cannot check permissions of user " + user.getUserId() + " on node " + jcrPath
107               + " - Cause : " + e.getMessage(), e);
108       return false;
109     }
110   }
111 
112   public void setPermission(HashMap<String, String[]> permissions, String jcrPath) throws WikiException {
113     getChromatticSession().save();
114     try {
115       ExtendedNode extendedNode = (ExtendedNode) getJCRNode(jcrPath);
116       if (extendedNode.canAddMixin("exo:privilegeable")) {
117         extendedNode.addMixin("exo:privilegeable");
118       }
119 
120       if (permissions != null && permissions.size() > 0) {
121         extendedNode.setPermissions(permissions);
122       } else {
123         extendedNode.clearACL();
124         extendedNode.setPermission(IdentityConstants.ANY, org.exoplatform.services.jcr.access.PermissionType.ALL);
125       }
126     } catch(RepositoryException e) {
127       throw new WikiException("Cannot set permissions on node " + jcrPath, e);
128     }
129   }
130 
131   protected ChromatticSession getChromatticSession() {
132     return mowService.getSession();
133   }
134 
135   protected Node getJCRNode(String path) throws RepositoryException {
136     return (Node) getChromatticSession().getJCRSession().getItem(path);
137   }
138 }