Source code

001/*
002 *  Copyright 2016 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.odf.rights;
017
018import java.util.Collections;
019import java.util.HashMap;
020import java.util.List;
021import java.util.Map;
022import java.util.Set;
023
024import org.apache.avalon.framework.component.Component;
025import org.apache.avalon.framework.service.ServiceException;
026import org.apache.avalon.framework.service.ServiceManager;
027import org.apache.avalon.framework.service.Serviceable;
028
029import org.ametys.cms.repository.Content;
030import org.ametys.core.group.GroupIdentity;
031import org.ametys.core.right.AccessController;
032import org.ametys.core.user.UserIdentity;
033import org.ametys.odf.ODFHelper;
034import org.ametys.odf.ProgramItem;
035import org.ametys.odf.course.Course;
036import org.ametys.odf.orgunit.OrgUnit;
037import org.ametys.odf.program.AbstractProgram;
038import org.ametys.runtime.plugin.component.AbstractLogEnabled;
039
040/**
041 * This access controller give access the content's creator, regardless of the required right, if and only if the ODF content is still orphan (during creation process for example)
042 *
043 */
044public class ODFOrphanContentAccessController extends AbstractLogEnabled implements AccessController, Component, Serviceable
045{
046    private ODFHelper _odfHelper;
047
048    public void service(ServiceManager manager) throws ServiceException
049    {
050        _odfHelper = (ODFHelper) manager.lookup(ODFHelper.ROLE);
051    }
052    
053    @Override
054    public boolean isSupported(Object object)
055    {
056        return object instanceof ProgramItem || object instanceof OrgUnit;
057    }
058    
059    /**
060     * Determines if the object is a orphan program item (without parent)
061     * @param object the object
062     * @return true if the object is a orphan program item 
063     */
064    protected boolean _isOrphan(Object object)
065    {
066        if (object instanceof ProgramItem)
067        {
068            List<ProgramItem> parentProgramItems = _odfHelper.getParentProgramItems((ProgramItem) object);
069            return parentProgramItems.isEmpty();
070        }
071        else if (object instanceof OrgUnit)
072        {
073            return ((OrgUnit) object).getParentOrgUnit() == null;
074        }
075        
076        return false;
077    }
078    
079    /**
080     * Get the user permission on object
081     * @param user the user
082     * @param object the object
083     * @return The access result
084     */
085    protected AccessResult _getUserPermission(UserIdentity user, Object object)
086    {
087        if (_isOrphan(object) && !_hasOrgUnit(object))
088        {
089            if (user.equals(((Content) object).getCreator()))
090            {
091                return AccessResult.USER_ALLOWED;
092            }
093        }
094        return AccessResult.UNKNOWN;
095    }
096    
097    /**
098     * Determines if the object has a orgunit
099     * @param object the object
100     * @return true if the object is attach to a orgunit
101     */
102    protected boolean _hasOrgUnit(Object object)
103    {
104        if (object instanceof AbstractProgram)
105        {
106            return !((AbstractProgram) object).getOrgUnits().isEmpty();
107        }
108        else if (object instanceof Course)
109        {
110            return !((Course) object).getOrgUnits().isEmpty();
111        }
112        return false;
113    }
114    
115    /**
116     * Get the permission by users
117     * @param object the object
118     * @return the permission by users
119     */
120    protected Map<UserIdentity, AccessResult> _getPermissionByUser(Object object)
121    {
122        Map<UserIdentity, AccessResult> permissions = new HashMap<>();
123        if (_isOrphan(object) && !_hasOrgUnit(object))
124        {
125            permissions.put(((Content) object).getCreator(), AccessResult.USER_ALLOWED);
126        }
127        return permissions;
128    }
129
130    @Override
131    public AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object)
132    {
133        return _getUserPermission(user, object);
134    }
135
136    @Override
137    public AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
138    {
139        return _getUserPermission(user, object);
140    }
141
142    @Override
143    public Map<String, AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
144    {
145        return Collections.EMPTY_MAP;
146    }
147
148    @Override
149    public AccessResult getPermissionForAnonymous(String rightId, Object object)
150    {
151        return AccessResult.UNKNOWN;
152    }
153
154    public AccessResult getReadAccessPermissionForAnonymous(Object object)
155    {
156        return AccessResult.UNKNOWN;
157    }
158
159    @Override
160    public AccessResult getPermissionForAnyConnectedUser(String rightId, Object object)
161    {
162        return AccessResult.UNKNOWN;
163    }
164
165    @Override
166    public AccessResult getReadAccessPermissionForAnyConnectedUser(Object object)
167    {
168        return AccessResult.UNKNOWN;
169    }
170
171    @Override
172    public Map<UserIdentity, AccessResult> getPermissionByUser(String rightId, Object object)
173    {
174        return _getPermissionByUser(object);
175    }
176
177    @Override
178    public Map<UserIdentity, AccessResult> getReadAccessPermissionByUser(Object object)
179    {
180        return _getPermissionByUser(object);
181    }
182
183    @Override
184    public Map<GroupIdentity, AccessResult> getPermissionByGroup(String rightId, Object object)
185    {
186        return Collections.EMPTY_MAP;
187    }
188
189    @Override
190    public Map<GroupIdentity, AccessResult> getReadAccessPermissionByGroup(Object object)
191    {
192        return Collections.EMPTY_MAP;
193    }
194
195    @Override
196    public boolean hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId)
197    {
198        return false;
199    }
200
201    @Override
202    public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups)
203    {
204        return false;
205    }
206
207    @Override
208    public boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
209    {
210        return false;
211    }
212
213    @Override
214    public boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
215    {
216        return false;
217    }
218
219    @Override
220    public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
221    {
222        return false;
223    }
224
225    @Override
226    public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
227    {
228        return false;
229    }
230}