Goal
In Assets, for dam-users group do NOT show jpg assets with metadata assetCategory is RESTRICTED, always show when assetCategory is ALLOWED and when assetCategory is missing/empty you may or may not want to show such assets( depending on admin having good day or bad day...) here is some authorization documentation
Demo | Package Install | Github
assetCategory Metadata
Empty assetCategory Allow
Empty assetCategory Deny
Solution
1) Add the assetCategory restriction apps.experienceaem.assets.core.acls.EAEMAssetCategoryRestriction
package apps.experienceaem.assets.core.acls; import com.adobe.xfa.ut.StringUtils; import org.apache.jackrabbit.JcrConstants; import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionPattern; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class EAEMAssetCategoryRestriction implements RestrictionPattern { private static final Logger log = LoggerFactory.getLogger(EAEMAssetCategoryRestriction.class); private final String restrictedValue; public static final String ASSET_CATEGORY = "assetCategory"; EAEMAssetCategoryRestriction(String restrictedValue) { this.restrictedValue = restrictedValue; } public boolean matches(Tree tree, PropertyState propertyState) { PropertyState property = tree.getChild(JcrConstants.JCR_CONTENT).getChild("metadata").getProperty(ASSET_CATEGORY); if(property == null){ if(restrictedValue.equals("EMPTY")){ return true; } return false; } String value = property.getValue(Type.STRING); if(restrictedValue.equals("EMPTY") && StringUtils.isEmpty(value)){ return true; } return restrictedValue.equalsIgnoreCase(value); } public boolean matches(String path) { return false; } public boolean matches() { return false; } }
2) Add the restriction provider apps.experienceaem.assets.core.acls.EAEMRestrictionProvider
package apps.experienceaem.assets.core.acls; import com.google.common.collect.ImmutableMap; import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.*; import org.osgi.service.component.annotations.Component; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.util.ArrayList; import java.util.List; import java.util.Map; import java.util.Set; @Component( service = RestrictionProvider.class ) public class EAEMRestrictionProvider extends AbstractRestrictionProvider { private static final Logger log = LoggerFactory.getLogger(EAEMRestrictionProvider.class); public EAEMRestrictionProvider() { super(supportedRestrictions()); } private static Map<String, RestrictionDefinition> supportedRestrictions() { RestrictionDefinition assetCategoryRes = new RestrictionDefinitionImpl(EAEMAssetCategoryRestriction.ASSET_CATEGORY, Type.STRING, false); return ImmutableMap.of(assetCategoryRes.getName(), assetCategoryRes); } @Override public RestrictionPattern getPattern(String oakPath, Tree tree) { if (oakPath == null) { return RestrictionPattern.EMPTY; } else { List<RestrictionPattern> patterns = new ArrayList(1); PropertyState assetCategoryProperty = tree.getProperty(EAEMAssetCategoryRestriction.ASSET_CATEGORY); if (assetCategoryProperty != null) { patterns.add(new EAEMAssetCategoryRestriction(assetCategoryProperty.getValue(Type.STRING))); } return CompositePattern.create(patterns); } } @Override public RestrictionPattern getPattern(String oakPath, Set<Restriction> restrictions) { if (oakPath == null || restrictions.isEmpty()) { return RestrictionPattern.EMPTY; } else { List<RestrictionPattern> patterns = new ArrayList(1); for (Restriction r : restrictions) { String name = r.getDefinition().getName(); if (EAEMAssetCategoryRestriction.ASSET_CATEGORY.equals(name)) { patterns.add(new EAEMAssetCategoryRestriction(r.getProperty().getValue(Type.STRING))); break; }else { log.debug("Ignoring unsupported restriction " + name); } } return CompositePattern.create(patterns); } } }
No comments:
Post a Comment