001/*
002 *  Copyright 2017 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.plugins.calendar.events;
017
018import java.io.IOException;
019import java.net.URLDecoder;
020
021import org.apache.avalon.framework.service.ServiceException;
022import org.apache.avalon.framework.service.ServiceManager;
023import org.apache.cocoon.ProcessingException;
024import org.apache.cocoon.xml.XMLUtils;
025import org.apache.commons.lang.StringUtils;
026import org.xml.sax.SAXException;
027
028import org.ametys.cms.repository.Content;
029import org.ametys.core.right.RightManager;
030import org.ametys.core.user.CurrentUserProvider;
031import org.ametys.core.user.UserIdentity;
032import org.ametys.plugins.repository.AmetysObjectResolver;
033import org.ametys.runtime.authentication.AccessDeniedException;
034import org.ametys.runtime.authentication.AuthorizationRequiredException;
035
036/**
037 * Sax an event
038 */
039public class EventGenerator extends AbstractEventGenerator
040{
041    /** The ametys object resolver. */
042    protected AmetysObjectResolver _ametysResolver;
043    /** The right manager */
044    protected RightManager _rightManager;
045    /** The current user provider */
046    protected CurrentUserProvider _currentUserProvider;
047    
048    @Override
049    public void service(ServiceManager serviceManager) throws ServiceException
050    {
051        super.service(serviceManager);
052        _ametysResolver = (AmetysObjectResolver) serviceManager.lookup(AmetysObjectResolver.ROLE);
053        _currentUserProvider = (CurrentUserProvider) serviceManager.lookup(CurrentUserProvider.ROLE);
054        _rightManager = (RightManager) serviceManager.lookup(RightManager.ROLE);
055    }
056    
057    @Override
058    public void generate() throws IOException, SAXException, ProcessingException
059    {
060        String contentId = parameters.getParameter("contentId", "");
061        if (StringUtils.isNotEmpty(contentId))
062        {
063            contentId = URLDecoder.decode(contentId, "UTF-8");
064        }
065        Content content = _ametysResolver.resolveById(contentId);
066
067        // Check 'start-date' attribute exists
068        if (!content.hasValue("start-date"))
069        {
070            throw new IllegalArgumentException("The content must have a metadata named 'start-date' to be imported as an event");
071        }
072        // Check user access
073        _checkUserAccess(content);
074        
075        contentHandler.startDocument();
076        XMLUtils.startElement(contentHandler, "events");
077        XMLUtils.startElement(contentHandler, "contents");
078
079        saxContent(contentHandler, content, false, null, false);
080
081        XMLUtils.endElement(contentHandler, "contents");
082
083        XMLUtils.endElement(contentHandler, "events");
084        contentHandler.endDocument();
085    }
086    
087    private void _checkUserAccess(Content content)
088    {
089        UserIdentity user = _currentUserProvider.getUser();
090        boolean readAccess = _rightManager.hasReadAccess(user, content);
091        
092        if (!readAccess && user == null)
093        {
094            throw new AuthorizationRequiredException();
095        }
096        else if (!readAccess)
097        {
098            throw new AccessDeniedException("Access to event '" + content.getId() + "' is not allowed for user " + user);
099        }
100    }
101}