Source code

001/*
002 *  Copyright 2023 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.plugins.forms.cache;
017
018import java.util.Set;
019
020import org.apache.avalon.framework.service.ServiceException;
021import org.apache.avalon.framework.service.ServiceManager;
022
023import org.ametys.core.right.AllowedUsers;
024import org.ametys.core.right.RightManager;
025import org.ametys.core.user.UserIdentity;
026import org.ametys.plugins.forms.repository.Form;
027import org.ametys.plugins.repository.AmetysObjectResolver;
028import org.ametys.plugins.repository.data.holder.ModelAwareDataHolder;
029import org.ametys.web.repository.page.Page;
030import org.ametys.web.repository.page.ZoneItem;
031import org.ametys.web.service.StaticService;
032
033/**
034 * Class representing a business service. <br>
035 * A service is identified by an id and a Cocoon-URL.<br>
036 * This URL corresponds to a pipeline called by a page template.<br>
037 * URL must be relative to the sitemap of the plugin containing the service.
038 */
039public class FormService extends StaticService
040{
041
042    /** The Ametys object resolver */
043    protected AmetysObjectResolver _resolver;
044
045    /** The right manager */
046    protected RightManager _rightManager;
047
048    @Override
049    public void service(ServiceManager manager) throws ServiceException
050    {
051        super.service(manager);
052        _resolver = (AmetysObjectResolver) manager.lookup(AmetysObjectResolver.ROLE);
053        _rightManager = (RightManager) manager.lookup(RightManager.ROLE);
054    }
055
056    @Override
057    public boolean isCacheable(Page currentPage, ZoneItem zoneItem)
058    {
059        ModelAwareDataHolder serviceParameters = zoneItem.getServiceParameters();
060        String formId = serviceParameters.getValue("formId");
061        Form form = (Form) _resolver.resolveById(formId);
062
063        // Both conditions must be fulfilled to be cacheable
064        return form.isCacheable() && _isLessRestrictive(form, currentPage);
065    }
066    
067    /**
068     *  Compare the form rights to the content rights : As both are independent, we can have a page were not every user can see the form
069     *  The form is cacheable only if form rights are less restrictive, so everyone seeing this page can see the form
070     * @param form the form
071     * @param page the page
072     * @return true if the forms right are less restrictive than the page using it
073     */
074    private boolean _isLessRestrictive(Form form, Page page)
075    {    
076        if (_rightManager.hasAnonymousReadAccess(form))
077        {
078            return true;
079        }
080        if (_rightManager.hasAnonymousReadAccess(page))
081        {
082            return false;
083        }
084        if (_rightManager.hasAnyConnectedUserReadAccess(form))
085        {
086            return true;
087        }
088        if (_rightManager.hasAnyConnectedUserReadAccess(page))
089        {
090            return false;
091        }
092        
093        AllowedUsers formAllowedUsers = _rightManager.getReadAccessAllowedUsers(form);
094        AllowedUsers pageAllowedUsers = _rightManager.getReadAccessAllowedUsers(page);
095        
096        Set<UserIdentity> formSet = formAllowedUsers.resolveAllowedUsers(true);
097        Set<UserIdentity> pageSet = pageAllowedUsers.resolveAllowedUsers(true);
098        
099        return formSet.containsAll(pageSet);
100    }
101}