Goal
In Assets, for dam-users group do NOT show jpg assets with metadata assetCategory is RESTRICTED, always show when assetCategory is ALLOWED and when assetCategory is missing/empty you may or may not want to show such assets( depending on admin having good day or bad day...) here is some authorization documentation
Demo | Package Install | Github
assetCategory Metadata
Empty assetCategory Allow
Empty assetCategory Deny
Solution
1) Add the assetCategory restriction apps.experienceaem.assets.core.acls.EAEMAssetCategoryRestriction
package apps.experienceaem.assets.core.acls;
import com.adobe.xfa.ut.StringUtils;
import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionPattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class EAEMAssetCategoryRestriction implements RestrictionPattern {
private static final Logger log = LoggerFactory.getLogger(EAEMAssetCategoryRestriction.class);
private final String restrictedValue;
public static final String ASSET_CATEGORY = "assetCategory";
EAEMAssetCategoryRestriction(String restrictedValue) {
this.restrictedValue = restrictedValue;
}
public boolean matches(Tree tree, PropertyState propertyState) {
PropertyState property = tree.getChild(JcrConstants.JCR_CONTENT).getChild("metadata").getProperty(ASSET_CATEGORY);
if(property == null){
if(restrictedValue.equals("EMPTY")){
return true;
}
return false;
}
String value = property.getValue(Type.STRING);
if(restrictedValue.equals("EMPTY") && StringUtils.isEmpty(value)){
return true;
}
return restrictedValue.equalsIgnoreCase(value);
}
public boolean matches(String path) {
return false;
}
public boolean matches() {
return false;
}
}
2) Add the restriction provider apps.experienceaem.assets.core.acls.EAEMRestrictionProvider
package apps.experienceaem.assets.core.acls;
import com.google.common.collect.ImmutableMap;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.*;
import org.osgi.service.component.annotations.Component;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Set;
@Component(
service = RestrictionProvider.class
)
public class EAEMRestrictionProvider extends AbstractRestrictionProvider {
private static final Logger log = LoggerFactory.getLogger(EAEMRestrictionProvider.class);
public EAEMRestrictionProvider() {
super(supportedRestrictions());
}
private static Map<String, RestrictionDefinition> supportedRestrictions() {
RestrictionDefinition assetCategoryRes = new RestrictionDefinitionImpl(EAEMAssetCategoryRestriction.ASSET_CATEGORY,
Type.STRING, false);
return ImmutableMap.of(assetCategoryRes.getName(), assetCategoryRes);
}
@Override
public RestrictionPattern getPattern(String oakPath, Tree tree) {
if (oakPath == null) {
return RestrictionPattern.EMPTY;
} else {
List<RestrictionPattern> patterns = new ArrayList(1);
PropertyState assetCategoryProperty = tree.getProperty(EAEMAssetCategoryRestriction.ASSET_CATEGORY);
if (assetCategoryProperty != null) {
patterns.add(new EAEMAssetCategoryRestriction(assetCategoryProperty.getValue(Type.STRING)));
}
return CompositePattern.create(patterns);
}
}
@Override
public RestrictionPattern getPattern(String oakPath, Set<Restriction> restrictions) {
if (oakPath == null || restrictions.isEmpty()) {
return RestrictionPattern.EMPTY;
} else {
List<RestrictionPattern> patterns = new ArrayList(1);
for (Restriction r : restrictions) {
String name = r.getDefinition().getName();
if (EAEMAssetCategoryRestriction.ASSET_CATEGORY.equals(name)) {
patterns.add(new EAEMAssetCategoryRestriction(r.getProperty().getValue(Type.STRING)));
break;
}else {
log.debug("Ignoring unsupported restriction " + name);
}
}
return CompositePattern.create(patterns);
}
}
}
No comments:
Post a Comment