public boolean checkPermission(Document doc, NuxeoPrincipal principal, String permission) { if (principal.isAdministrator()) { return true; } // fully check each ACE in turn String[] resolvedPermissions = getPermissionsToCheck(permission); String[] additionalPrincipals = getPrincipalsToCheck(principal); // get the ordered list of ACE ACP acp = doc.getSession().getMergedACP(doc); // check pluggable policies Access access = securityPolicyService.checkPermission(doc, acp, principal, permission, resolvedPermissions, additionalPrincipals); if (access != null && !Access.UNKNOWN.equals(access)) { return access.toBoolean(); } if (acp == null) { return false; // no ACP on that doc - by default deny } access = acp.getAccess(additionalPrincipals, resolvedPermissions); return access.toBoolean(); }
/** * Filters the supplied permissions based on whether they are granted to a given principal for a given document. * * @since 9.1 */ public Collection<String> filterGrantedPermissions(Document doc, NuxeoPrincipal principal, Collection<String> permissions) { if (principal.isAdministrator()) { return permissions; } String[] additionalPrincipals = getPrincipalsToCheck(principal); ACP acp = doc.getSession().getMergedACP(doc); List<String> result = new ArrayList<>(); for(String permission : permissions) { String[] resolvedPermissions = getPermissionsToCheck(permission); Access access = securityPolicyService.checkPermission(doc, acp, principal, permission, resolvedPermissions, additionalPrincipals); if (access == null || Access.UNKNOWN.equals(access)) { access = acp == null ? null : acp.getAccess(additionalPrincipals, resolvedPermissions); } if (access != null && access.toBoolean()) { result.add(permission); } } return result; }
/** * Checks if the current user can still read and write access rights. If he can't, then the security data are * rebuilt. */ private boolean checkPermissions() { if (currentUser.isAdministrator()) { return true; } else { List<String> principals = new ArrayList<String>(); principals.add(currentUser.getName()); principals.addAll(currentUser.getAllGroups()); ACP acp = currentDocument.getACP(); new SecurityDataConverter(); List<UserEntry> modifiableEntries = SecurityDataConverter.convertToUserEntries(securityData); if (null == acp) { acp = new ACPImpl(); } acp.setRules(modifiableEntries.toArray(new UserEntry[0])); final boolean access = acp.getAccess(principals.toArray(new String[0]), getPermissionsToCheck()) .toBoolean(); if (!access) { rebuildSecurityData(); } return access; } }
String anonymousId = userManager.getAnonymousUserId(); Access access = acp.getAccess(anonymousId, SecurityConstants.READ); isAnonymous = access.toBoolean(); } catch (NuxeoException e) { if (e instanceof DocumentSecurityException) {