ContentSecurityFilterResolver.java example

Explorer
cms-ce-master
- modules
/*
 * Copyright 2000-2013 Enonic AS
 * http://www.enonic.com/license
 */
package com.enonic.cms.core.content;

import java.util.Collection;
import java.util.HashSet;
import java.util.Set;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;

import com.enonic.cms.core.security.SecurityService;
import com.enonic.cms.core.security.group.GroupEntity;
import com.enonic.cms.core.security.group.GroupKey;
import com.enonic.cms.core.security.user.UserEntity;

@Component
public class ContentSecurityFilterResolver
{

    private SecurityService securityService;

    public Collection<GroupKey> resolveGroupKeys( UserEntity user )
    {

        Set<GroupKey> groupKeys = new HashSet<GroupKey>();

        if ( user.isRoot() )
        {
            // returning null means do not not perform access rights
            return null;
        }

        // add the given users all group keys
        groupKeys.addAll( user.getAllMembershipsGroupKeys() );

        // return at this stage if anonymous user
        if ( user.isAnonymous() )
        {
            return groupKeys;
        }

        // add also anonymous user group, since all users are implicit member of this group
        UserEntity anonymousUser = securityService.getUser( securityService.getAnonymousUserKey() );
        groupKeys.add( anonymousUser.getUserGroup().getGroupKey() );

        // add also authenticated users group
        if ( user.getUserStore() != null )
        {
            // PS! All users are always implicit member of authenticated users
            GroupEntity authenticatedUsersGroup = securityService.getAuthenticatedUsersGroup( user.getUserStore() );
            groupKeys.add( authenticatedUsersGroup.getGroupKey() );
            groupKeys.addAll( authenticatedUsersGroup.getAllMembershipsGroupKeys() );
        }

        // check "enterprise admins" group if user is member of that, because enterprise admin group does not have explisit rights
        GroupEntity enterpriseAdminsGroup = securityService.getGroup( securityService.getEnterpriseAdministratorGroup() );
        if ( user.isMemberOf( enterpriseAdminsGroup, true ) )
        {
            // returning null means do not not perform access rights
            return null;
        }

        return groupKeys;
    }


    @Autowired
    public void setSecurityService( @Qualifier("securityService") SecurityService value )
    {
        this.securityService = value;
    }
}