AccessUserPermissionsChecker.java example

Explorer
constellio-master
package com.constellio.model.entities.records.wrappers;

import static com.constellio.model.entities.records.Record.PUBLIC_TOKEN;
import static com.constellio.model.entities.records.wrappers.UserAuthorizationsUtils.containsAnyUserGroupTokens;
import static com.constellio.model.entities.records.wrappers.UserAuthorizationsUtils.hasMatchingAuthorization;
import static com.constellio.model.entities.schemas.Schemas.TOKENS;
import static com.constellio.model.entities.security.Role.DELETE;
import static com.constellio.model.entities.security.Role.READ;
import static com.constellio.model.entities.security.Role.WRITE;

import com.constellio.model.entities.records.Record;
import com.constellio.model.entities.schemas.MetadataSchemaTypes;
import com.constellio.model.entities.schemas.Schemas;
import com.constellio.model.entities.security.Role;

public class AccessUserPermissionsChecker extends UserPermissionsChecker {

	MetadataSchemaTypes types;

	public boolean readAccess;
	public boolean writeAccess;
	public boolean deleteAccess;

	AccessUserPermissionsChecker(User user, boolean readAccess, boolean writeAccess, boolean deleteAccess) {
		super(user);
		this.user = user;
		this.readAccess = readAccess;
		this.writeAccess = writeAccess;
		this.deleteAccess = deleteAccess;

	}

	public boolean globally() {

		boolean access = true;

		if (readAccess) {
			access &= user.hasCollectionReadAccess() || user.hasCollectionWriteAccess() || user.hasCollectionDeleteAccess();
		}

		if (writeAccess) {
			access &= user.hasCollectionWriteAccess();
		}

		if (deleteAccess) {
			access &= user.hasCollectionDeleteAccess();
		}

		return access;
	}

	public boolean on(Record record) {
		boolean access = true;

		if (readAccess) {
			boolean publicRecord = record.getList(TOKENS).contains(PUBLIC_TOKEN);
			boolean globalReadAccess =
					user.hasCollectionReadAccess() || user.hasCollectionWriteAccess() || user.hasCollectionDeleteAccess();
			access = globalReadAccess || publicRecord || hasReadAccessOn(record) || hasWriteAccessOn(record) ||
					hasDeleteAccessOn(record);
		}

		if (writeAccess) {
			access &= user.hasCollectionWriteAccess() || hasWriteAccessOn(record);
		}

		if (deleteAccess) {
			access &= user.hasCollectionDeleteAccess() || hasDeleteAccessOn(record);
		}

		return access;
	}

	private boolean hasDeleteAccessOn(Record record) {
		return containsAnyUserGroupTokens(user, record, DELETE)
				|| hasMatchingAuthorization(user, record, UserAuthorizationsUtils.DELETE_ACCESS)
				|| user.hasGlobalTypeAccess(record.getTypeCode(), Role.DELETE);
	}

	private boolean hasWriteAccessOn(Record record) {
		return containsAnyUserGroupTokens(user, record, WRITE)
				|| hasMatchingAuthorization(user, record, UserAuthorizationsUtils.WRITE_ACCESS)
				|| user.hasGlobalTypeAccess(record.getTypeCode(), Role.WRITE);
	}

	private boolean hasReadAccessOn(Record record) {
		return containsAnyUserGroupTokens(user, record, READ)
				|| record.getList(Schemas.TOKENS).contains(PUBLIC_TOKEN)
				|| UserAuthorizationsUtils.containsAUserToken(user, record)
				|| hasMatchingAuthorization(user, record, UserAuthorizationsUtils.READ_ACCESS)
				|| user.hasGlobalTypeAccess(record.getTypeCode(), Role.READ);
	}

	@Override
	public boolean onSomething() {
		throw new UnsupportedOperationException("onSomething() is not yet supported for this checker");
	}

}