001/* 002 * Copyright 2016 Anyware Services 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016package org.ametys.runtime.plugins.admin.rights; 017 018import java.util.Collections; 019import java.util.Map; 020import java.util.Set; 021import java.util.stream.Collectors; 022 023import org.apache.avalon.framework.service.ServiceException; 024import org.apache.avalon.framework.service.ServiceManager; 025import org.apache.avalon.framework.service.Serviceable; 026import org.apache.commons.lang.StringUtils; 027 028import org.ametys.core.group.GroupIdentity; 029import org.ametys.core.right.AccessController; 030import org.ametys.core.right.RightsExtensionPoint; 031import org.ametys.core.user.UserIdentity; 032import org.ametys.core.user.UserManager; 033import org.ametys.core.user.population.UserPopulationDAO; 034 035/** 036 * Grant all rights to users from admin populations on admin context 037 */ 038public class AdminAccessController implements AccessController, Serviceable 039{ 040 /** The right context for administration area */ 041 public static final String ADMIN_RIGHT_CONTEXT = "/admin"; 042 /** The rights extension point */ 043 protected RightsExtensionPoint _rightsExtensionPoint; 044 /** The user manager */ 045 protected UserManager _userManager; 046 047 public void service(ServiceManager manager) throws ServiceException 048 { 049 _rightsExtensionPoint = (RightsExtensionPoint) manager.lookup(RightsExtensionPoint.ROLE); 050 _userManager = (UserManager) manager.lookup(UserManager.ROLE); 051 } 052 053 public AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object) 054 { 055 if (user != null && StringUtils.equals(user.getPopulationId(), UserPopulationDAO.ADMIN_POPULATION_ID)) 056 { 057 return AccessResult.USER_ALLOWED; 058 } 059 else 060 { 061 return AccessResult.UNKNOWN; 062 } 063 } 064 065 public AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object) 066 { 067 return getPermission(user, userGroups, null, object); 068 } 069 070 public Map<String, AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object) 071 { 072 if (user != null && StringUtils.equals(user.getPopulationId(), UserPopulationDAO.ADMIN_POPULATION_ID)) 073 { 074 return _rightsExtensionPoint.getExtensionsIds().stream().collect(Collectors.toMap(rightId -> rightId, rightId -> AccessResult.USER_ALLOWED)); 075 } 076 else 077 { 078 return Collections.EMPTY_MAP; 079 } 080 } 081 082 public AccessResult getPermissionForAnonymous(String rightId, Object object) 083 { 084 return AccessResult.UNKNOWN; 085 } 086 087 088 public AccessResult getReadAccessPermissionForAnonymous(Object object) 089 { 090 return AccessResult.UNKNOWN; 091 } 092 093 public AccessResult getPermissionForAnyConnectedUser(String rightId, Object object) 094 { 095 return AccessResult.UNKNOWN; 096 } 097 098 public AccessResult getReadAccessPermissionForAnyConnectedUser(Object object) 099 { 100 return AccessResult.UNKNOWN; 101 } 102 103 public Map<UserIdentity, AccessResult> getPermissionByUser(String rightId, Object object) 104 { 105 return _userManager.getUsers(UserPopulationDAO.ADMIN_POPULATION_ID).stream().collect(Collectors.toMap(user -> user.getIdentity(), user -> AccessResult.USER_ALLOWED)); 106 } 107 108 public Map<UserIdentity, AccessResult> getReadAccessPermissionByUser(Object object) 109 { 110 return getPermissionByUser(null, object); 111 } 112 113 public Map<GroupIdentity, AccessResult> getPermissionByGroup(String rightId, Object object) 114 { 115 return Collections.EMPTY_MAP; 116 } 117 118 public Map<GroupIdentity, AccessResult> getReadAccessPermissionByGroup(Object object) 119 { 120 return Collections.EMPTY_MAP; 121 } 122 123 public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups) 124 { 125 return hasUserAnyPermissionOnWorkspace(workspacesContexts, user, userGroups, null); 126 } 127 128 public boolean hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId) 129 { 130 return workspacesContexts.contains(ADMIN_RIGHT_CONTEXT) && StringUtils.equals(user.getPopulationId(), UserPopulationDAO.ADMIN_POPULATION_ID); 131 } 132 133 public boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts) 134 { 135 return false; 136 } 137 138 public boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId) 139 { 140 return false; 141 } 142 143 public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts) 144 { 145 return false; 146 } 147 148 public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId) 149 { 150 return false; 151 } 152 153 public boolean isSupported(Object object) 154 { 155 if (object instanceof String) 156 { 157 String context = (String) object; 158 return ADMIN_RIGHT_CONTEXT.equals(context) || context.startsWith(ADMIN_RIGHT_CONTEXT + '/'); 159 } 160 return false; 161 } 162}