AEM 6.5.10 - Assets Metadata Based Custom Restriction Provider

Goal

In Assets, for dam-users group do NOT show jpg assets with metadata assetCategory is RESTRICTED, always show when assetCategory is ALLOWED and when assetCategory is missing/empty you may or may not want to show such assets( depending on admin having good day or bad day...) here is some authorization documentation

Demo | Package Install | Github


assetCategory Metadata



Empty assetCategory Allow


Empty assetCategory Deny



Solution

1) Add the assetCategory restriction apps.experienceaem.assets.core.acls.EAEMAssetCategoryRestriction

package apps.experienceaem.assets.core.acls;

import com.adobe.xfa.ut.StringUtils;
import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionPattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class EAEMAssetCategoryRestriction  implements RestrictionPattern {
    private static final Logger log = LoggerFactory.getLogger(EAEMAssetCategoryRestriction.class);

    private final String restrictedValue;
    public static final String ASSET_CATEGORY = "assetCategory";

    EAEMAssetCategoryRestriction(String restrictedValue) {
        this.restrictedValue = restrictedValue;
    }

    public boolean matches(Tree tree, PropertyState propertyState) {
        PropertyState property = tree.getChild(JcrConstants.JCR_CONTENT).getChild("metadata").getProperty(ASSET_CATEGORY);

        if(property == null){
            if(restrictedValue.equals("EMPTY")){
                return true;
            }
            return false;
        }

        String value = property.getValue(Type.STRING);

        if(restrictedValue.equals("EMPTY") && StringUtils.isEmpty(value)){
            return true;
        }

        return restrictedValue.equalsIgnoreCase(value);
    }

    public boolean matches(String path) {
        return false;
    }

    public boolean matches() {
        return false;
    }
}


2) Add the restriction provider apps.experienceaem.assets.core.acls.EAEMRestrictionProvider

package apps.experienceaem.assets.core.acls;

import com.google.common.collect.ImmutableMap;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.*;
import org.osgi.service.component.annotations.Component;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Set;

@Component(
        service = RestrictionProvider.class
)
public class EAEMRestrictionProvider extends AbstractRestrictionProvider {
    private static final Logger log = LoggerFactory.getLogger(EAEMRestrictionProvider.class);

    public EAEMRestrictionProvider() {
        super(supportedRestrictions());
    }

    private static Map<String, RestrictionDefinition> supportedRestrictions() {
        RestrictionDefinition assetCategoryRes = new RestrictionDefinitionImpl(EAEMAssetCategoryRestriction.ASSET_CATEGORY,
                Type.STRING, false);
        return ImmutableMap.of(assetCategoryRes.getName(), assetCategoryRes);
    }

    @Override
    public RestrictionPattern getPattern(String oakPath, Tree tree) {
        if (oakPath == null) {
            return RestrictionPattern.EMPTY;
        } else {
            List<RestrictionPattern> patterns = new ArrayList(1);

            PropertyState assetCategoryProperty = tree.getProperty(EAEMAssetCategoryRestriction.ASSET_CATEGORY);

            if (assetCategoryProperty != null) {
                patterns.add(new EAEMAssetCategoryRestriction(assetCategoryProperty.getValue(Type.STRING)));
            }

            return CompositePattern.create(patterns);
        }
    }

    @Override
    public RestrictionPattern getPattern(String oakPath, Set<Restriction> restrictions) {
        if (oakPath == null || restrictions.isEmpty()) {
            return RestrictionPattern.EMPTY;
        } else {
            List<RestrictionPattern> patterns = new ArrayList(1);

            for (Restriction r : restrictions) {
                String name = r.getDefinition().getName();

                if (EAEMAssetCategoryRestriction.ASSET_CATEGORY.equals(name)) {
                    patterns.add(new EAEMAssetCategoryRestriction(r.getProperty().getValue(Type.STRING)));
                    break;
                }else {
                    log.debug("Ignoring unsupported restriction " + name);
                }
            }

            return CompositePattern.create(patterns);
        }
    }
}


No comments:

Post a Comment