001/*
002 *  Copyright 2017 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.plugins.thesaurus.right;
017
018import java.util.Map;
019import java.util.Set;
020
021import org.apache.avalon.framework.context.Context;
022import org.apache.avalon.framework.context.ContextException;
023import org.apache.avalon.framework.context.Contextualizable;
024import org.apache.avalon.framework.service.ServiceException;
025import org.apache.avalon.framework.service.ServiceManager;
026import org.apache.cocoon.components.ContextHelper;
027import org.apache.cocoon.environment.Request;
028import org.apache.commons.collections.MapUtils;
029import org.apache.commons.lang3.StringUtils;
030
031import org.ametys.cms.content.archive.ArchiveConstants;
032import org.ametys.cms.contenttype.ContentTypesHelper;
033import org.ametys.cms.repository.Content;
034import org.ametys.core.group.GroupIdentity;
035import org.ametys.core.right.AccessController;
036import org.ametys.core.user.UserIdentity;
037import org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController;
038import org.ametys.plugins.repository.provider.RequestAttributeWorkspaceSelector;
039import org.ametys.plugins.thesaurus.ThesaurusDAO;
040
041/**
042 * {@link AccessController} for a thesaurus objects. The rights are checked on '/cms' context.
043 * Read access is allowed to any connected user.
044 */
045public class ThesaurusAccessController extends AbstractProfileStorageBasedAccessController implements Contextualizable
046{
047    /** The right context for thesaurus */
048    private static final String __APPLICATION_RIGHT_CONTEXT = "/cms";
049    
050    private ContentTypesHelper _contentTypeHelper;
051    private Context _context;
052    
053    @Override
054    public void contextualize(Context context) throws ContextException
055    {
056        _context = context;
057    }
058    
059    @Override
060    public void service(ServiceManager manager) throws ServiceException
061    {
062        super.service(manager);
063        _contentTypeHelper = (ContentTypesHelper) manager.lookup(ContentTypesHelper.ROLE);
064    }
065    
066    @Override
067    public boolean isSupported(Object object)
068    {
069        Request request = ContextHelper.getRequest(_context);
070        String currentWorkspace = RequestAttributeWorkspaceSelector.getForcedWorkspace(request);
071        
072        if (ArchiveConstants.ARCHIVE_WORKSPACE.equals(currentWorkspace))
073        {
074            return false;
075        }
076        
077        return object instanceof Content && _contentTypeHelper.isInstanceOf((Content) object, ThesaurusDAO.MICROTHESAURUS_ABSTRACT_CONTENT_TYPE);
078    }
079    
080    @Override
081    protected Object _convertContext(Object initialContext)
082    {
083        String siteName = _getSiteName();
084        return __APPLICATION_RIGHT_CONTEXT + (StringUtils.isNoneEmpty(siteName) ? "/" + siteName : "");
085    }
086    
087    /**
088     * Convert the asked right id to the real right to check
089     * @param rightId The asked right id
090     * @return the right to check
091     */
092    protected String _convertRightId(String rightId)
093    {
094        return "Thesaurus_Rights_EditTerm";
095    }
096
097    @Override
098    public AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object)
099    {
100        return super.getPermission(user, userGroups, _convertRightId(rightId), object);
101    }
102
103    @Override
104    public AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
105    {
106        return AccessResult.ANY_CONNECTED_ALLOWED;
107    }
108
109    @Override
110    public Map<String, AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
111    {
112        return MapUtils.EMPTY_MAP;
113    }
114
115    @Override
116    public AccessResult getPermissionForAnonymous(String rightId, Object object)
117    {
118        return AccessResult.ANONYMOUS_DENIED;
119    }
120
121    @Override
122    public AccessResult getReadAccessPermissionForAnonymous(Object object)
123    {
124        return AccessResult.ANONYMOUS_DENIED;
125    }
126
127    @Override
128    public AccessResult getPermissionForAnyConnectedUser(String rightId, Object object)
129    {
130        return AccessResult.ANY_CONNECTED_DENIED;
131    }
132
133    @Override
134    public AccessResult getReadAccessPermissionForAnyConnectedUser(Object object)
135    {
136        return AccessResult.ANY_CONNECTED_ALLOWED;
137    }
138
139    @Override
140    public Map<UserIdentity, AccessResult> getPermissionByUser(String rightId, Object object)
141    {
142        return MapUtils.EMPTY_MAP;
143    }
144
145    @Override
146    public Map<GroupIdentity, AccessResult> getReadAccessPermissionByGroup(Object object)
147    {
148        return MapUtils.EMPTY_MAP;
149    }
150    
151    @Override
152    public Map<UserIdentity, AccessResult> getReadAccessPermissionByUser(Object object)
153    {
154        return MapUtils.EMPTY_MAP;
155    }
156
157    @Override
158    public Map<GroupIdentity, AccessResult> getPermissionByGroup(String rightId, Object object)
159    {
160        return MapUtils.EMPTY_MAP;
161    }
162    
163    @Override
164    protected Set< ? extends Object> _convertWorkspaceToRootRightContexts(Set<Object> workspacesContexts)
165    {
166        return null;
167    }
168    
169    // FIXME To remove https://issues.ametys.org/browse/THES-86
170    private String _getSiteName()
171    {
172        Request request = ContextHelper.getRequest(_context);
173        String siteName = request.getParameter("siteName");
174        
175        if (siteName == null)
176        {
177            siteName = (String) request.getAttribute("siteName");
178        }
179        return siteName;
180    }
181
182   
183}