Source code

001/*
002 *  Copyright 2017 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.plugins.thesaurus.right;
017
018import java.util.Map;
019import java.util.Set;
020
021import org.apache.avalon.framework.context.Context;
022import org.apache.avalon.framework.context.ContextException;
023import org.apache.avalon.framework.context.Contextualizable;
024import org.apache.avalon.framework.service.ServiceException;
025import org.apache.avalon.framework.service.ServiceManager;
026import org.apache.cocoon.components.ContextHelper;
027import org.apache.cocoon.environment.Request;
028import org.apache.commons.collections.MapUtils;
029import org.apache.commons.lang3.StringUtils;
030
031import org.ametys.cms.content.archive.ArchiveConstants;
032import org.ametys.cms.contenttype.ContentTypesHelper;
033import org.ametys.cms.repository.Content;
034import org.ametys.core.group.GroupIdentity;
035import org.ametys.core.right.AccessController;
036import org.ametys.core.user.UserIdentity;
037import org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController;
038import org.ametys.plugins.repository.provider.RequestAttributeWorkspaceSelector;
039import org.ametys.plugins.thesaurus.MicroThesaurus;
040import org.ametys.plugins.thesaurus.Thesaurus;
041import org.ametys.plugins.thesaurus.ThesaurusDAO;
042
043/**
044 * {@link AccessController} for a thesaurus objects. The rights are checked on '/cms' context.
045 * Read access is allowed to any connected user.
046 */
047public class ThesaurusAccessController extends AbstractProfileStorageBasedAccessController implements Contextualizable
048{
049    /** The right context for thesaurus */
050    private static final String __APPLICATION_RIGHT_CONTEXT = "/cms";
051    
052    private ContentTypesHelper _contentTypeHelper;
053
054    private ThesaurusDAO _thesaurusDAO;
055
056    private Context _context;
057    
058    @Override
059    public void contextualize(Context context) throws ContextException
060    {
061        _context = context;
062    }
063    
064    @Override
065    public void service(ServiceManager manager) throws ServiceException
066    {
067        super.service(manager);
068        _contentTypeHelper = (ContentTypesHelper) manager.lookup(ContentTypesHelper.ROLE);
069        _thesaurusDAO = (ThesaurusDAO) manager.lookup(ThesaurusDAO.ROLE);
070    }
071    
072    @Override
073    public boolean isSupported(Object object)
074    {
075        Request request = ContextHelper.getRequest(_context);
076        String currentWorkspace = RequestAttributeWorkspaceSelector.getForcedWorkspace(request);
077        
078        if (ArchiveConstants.ARCHIVE_WORKSPACE.equals(currentWorkspace))
079        {
080            return false;
081        }
082        
083        return object instanceof MicroThesaurus 
084                || object instanceof Thesaurus 
085                || (object instanceof Content && (_contentTypeHelper.isInstanceOf((Content) object, "org.ametys.plugins.thesaurus.Content.item") || _contentTypeHelper.isInstanceOf((Content) object, "org.ametys.plugins.thesaurus.Content.candidate")))
086                || object.equals(_thesaurusDAO.getRootNode());
087    }
088    
089    @Override
090    protected Object _convertContext(Object initialContext)
091    {
092        String siteName = _getSiteName();
093        return __APPLICATION_RIGHT_CONTEXT + (StringUtils.isNoneEmpty(siteName) ? "/" + siteName : "");
094    }
095    
096    private String _convertRightId(String rightId)
097    {
098        if ("CMS_Rights_DeleteContent".equals(rightId))
099        {
100            return "Thesaurus_Rights_DeleteTerm";
101        }
102        
103        return rightId;
104    }
105
106    @Override
107    public AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object)
108    {
109        return super.getPermission(user, userGroups, _convertRightId(rightId), object);
110    }
111
112    @Override
113    public AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
114    {
115        return AccessResult.ANY_CONNECTED_ALLOWED;
116    }
117
118    @Override
119    public Map<String, AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
120    {
121        return MapUtils.EMPTY_MAP;
122    }
123
124    @Override
125    public AccessResult getPermissionForAnonymous(String rightId, Object object)
126    {
127        return AccessResult.ANONYMOUS_DENIED;
128    }
129
130    @Override
131    public AccessResult getReadAccessPermissionForAnonymous(Object object)
132    {
133        return AccessResult.ANONYMOUS_DENIED;
134    }
135
136    @Override
137    public AccessResult getPermissionForAnyConnectedUser(String rightId, Object object)
138    {
139        return AccessResult.ANY_CONNECTED_DENIED;
140    }
141
142    @Override
143    public AccessResult getReadAccessPermissionForAnyConnectedUser(Object object)
144    {
145        return AccessResult.ANY_CONNECTED_ALLOWED;
146    }
147
148    @Override
149    public Map<UserIdentity, AccessResult> getPermissionByUser(String rightId, Object object)
150    {
151        return MapUtils.EMPTY_MAP;
152    }
153
154    @Override
155    public Map<GroupIdentity, AccessResult> getReadAccessPermissionByGroup(Object object)
156    {
157        return MapUtils.EMPTY_MAP;
158    }
159    
160    @Override
161    public Map<UserIdentity, AccessResult> getReadAccessPermissionByUser(Object object)
162    {
163        return MapUtils.EMPTY_MAP;
164    }
165
166    @Override
167    public Map<GroupIdentity, AccessResult> getPermissionByGroup(String rightId, Object object)
168    {
169        return MapUtils.EMPTY_MAP;
170    }
171    
172    @Override
173    protected Set< ? extends Object> _convertWorkspaceToRootRightContexts(Set<Object> workspacesContexts)
174    {
175        return null;
176    }
177    
178    // FIXME To remove https://issues.ametys.org/browse/THES-86
179    private String _getSiteName()
180    {
181        Request request = ContextHelper.getRequest(_context);
182        String siteName = request.getParameter("siteName");
183        
184        if (siteName == null)
185        {
186            siteName = (String) request.getAttribute("siteName");
187        }
188        return siteName;
189    }
190
191   
192}