Example 1 with MatchLogic
use of org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint.MatchLogic in project records-management by Alfresco.
the class RMCaveatConfigComponentImpl method hasAccess.
/**
* Check whether access to 'record component' node is vetoed for current user due to caveat(s)
*
* @param nodeRef
* @return false, if caveat(s) veto access otherwise return true
*/
@SuppressWarnings("unchecked")
public boolean hasAccess(NodeRef nodeRef) {
try {
if ((!nodeService.exists(nodeRef)) || (caveatAspectQNames.size() == 0)) {
return true;
}
boolean found = false;
for (QName caveatAspectQName : caveatAspectQNames) {
if (nodeService.hasAspect(nodeRef, caveatAspectQName)) {
found = true;
break;
}
}
if (!found) {
// no caveat aspect
return true;
} else {
// check for caveats
String userName = AuthenticationUtil.getRunAsUser();
if (userName != null) {
// check all text properties
Map<QName, Serializable> props = nodeService.getProperties(nodeRef);
for (Map.Entry<QName, Serializable> entry : props.entrySet()) {
QName propName = entry.getKey();
PropertyDefinition propDef = dictionaryService.getProperty(propName);
if ((propDef != null) && (propDef.getDataType().getName().equals(DATATYPE_TEXT))) {
List<ConstraintDefinition> conDefs = propDef.getConstraints();
for (ConstraintDefinition conDef : conDefs) {
Constraint con = conDef.getConstraint();
if (con instanceof RMListOfValuesConstraint) {
RMListOfValuesConstraint rmCon = ((RMListOfValuesConstraint) con);
String conName = rmCon.getShortName();
MatchLogic matchLogic = rmCon.getMatchLogicEnum();
Map<String, List<String>> caveatConstraintDef = caveatConfig.get(conName);
if (caveatConstraintDef == null) {
continue;
} else {
Set<String> userGroupNames = authorityService.getAuthoritiesForUser(userName);
List<String> allowedValues = getRMAllowedValues(userName, userGroupNames, conName);
List<String> propValues = null;
Object val = entry.getValue();
if (val instanceof String) {
propValues = new ArrayList<String>(1);
propValues.add((String) val);
} else if (val instanceof List) {
propValues = (List<String>) val;
}
if (propValues != null && !isAllowed(propValues, allowedValues, matchLogic)) {
if (logger.isDebugEnabled()) {
logger.debug("Veto access: caveat=" + conName + ", userName=" + userName + ", nodeRef=" + nodeRef + ", propName=" + propName + ", propValues=" + propValues + ", allowedValues=" + allowedValues);
}
return false;
}
}
}
}
}
}
}
return true;
}
} catch (AccessDeniedException ade) {
return false;
}
}
Also used :
Serializable(java.io.Serializable)
AccessDeniedException(net.sf.acegisecurity.AccessDeniedException)
Constraint(org.alfresco.service.cmr.dictionary.Constraint)
QName(org.alfresco.service.namespace.QName)
MatchLogic(org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint.MatchLogic)
PropertyDefinition(org.alfresco.service.cmr.dictionary.PropertyDefinition)
ConstraintDefinition(org.alfresco.service.cmr.dictionary.ConstraintDefinition)
List(java.util.List)
ArrayList(java.util.ArrayList)
JSONObject(org.json.JSONObject)
Map(java.util.Map)
MimetypeMap(org.alfresco.repo.content.MimetypeMap)
HashMap(java.util.HashMap)
Aggregations
Serializable (java.io.Serializable)1
ArrayList (java.util.ArrayList)1
HashMap (java.util.HashMap)1
List (java.util.List)1
Map (java.util.Map)1
AccessDeniedException (net.sf.acegisecurity.AccessDeniedException)1
MatchLogic (org.alfresco.module.org_alfresco_module_rm.caveat.RMListOfValuesConstraint.MatchLogic)1
MimetypeMap (org.alfresco.repo.content.MimetypeMap)1
Constraint (org.alfresco.service.cmr.dictionary.Constraint)1
ConstraintDefinition (org.alfresco.service.cmr.dictionary.ConstraintDefinition)1
PropertyDefinition (org.alfresco.service.cmr.dictionary.PropertyDefinition)1
QName (org.alfresco.service.namespace.QName)1
JSONObject (org.json.JSONObject)1
