Source code

001/*
002 *  Copyright 2016 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.runtime.workspaces.admin.authentication;
017
018import java.util.Collections;
019import java.util.List;
020import java.util.Map;
021import java.util.Set;
022
023import org.apache.avalon.framework.parameters.Parameters;
024import org.apache.avalon.framework.service.ServiceException;
025import org.apache.avalon.framework.service.ServiceManager;
026import org.apache.cocoon.environment.ObjectModelHelper;
027import org.apache.cocoon.environment.Redirector;
028import org.apache.cocoon.environment.Request;
029import org.apache.cocoon.environment.SourceResolver;
030
031import org.ametys.core.authentication.AuthenticateAction;
032import org.ametys.core.right.RightManager;
033import org.ametys.runtime.plugin.PluginsManager;
034
035/**
036 * Cocoon action for authenticating users in the administration workspace. 
037 */
038public class AdminAuthenticateAction extends AuthenticateAction
039{
040    /** The runtime rights manager */
041    protected RightManager _rightManager;
042    
043    @Override
044    public void service(ServiceManager smanager) throws ServiceException
045    {
046        super.service(smanager);
047        _rightManager = (RightManager) manager.lookup(RightManager.ROLE);
048    }
049    
050    @Override
051    protected Set<String> _getAvailableUserPopulationsIds(Request request, List<String> contexts)
052    {
053        if (PluginsManager.getInstance().isSafeMode() || _userPopulationDAO.getEnabledUserPopulations(false).isEmpty())
054        {
055            return Collections.singleton(_userPopulationDAO.getAdminPopulation().getId());
056        }
057        else
058        {
059            return super._getAvailableUserPopulationsIds(request, contexts);
060        }
061    }
062
063    @Override
064    public Map act(Redirector redirector, SourceResolver resolver, Map objectModel, String source, Parameters parameters) throws Exception
065    {
066        boolean wasConnected = _currentUserProvider.getUser() != null;
067        
068        Map act = super.act(redirector, resolver, objectModel, source, parameters);
069
070        // When the user just connected, letting the HasNotAdminRightAction throw an AccessDeniedException will clear cookie, and the user will not be really connected
071        // So we do a redirect to here that will store the cookie and then we would let the AccessDeniedException plays
072        if (_currentUserProvider.getUser() != null && !wasConnected)
073        {
074            Request request = ObjectModelHelper.getRequest(objectModel);
075            String queryString = request.getQueryString();
076            redirector.globalRedirect(true, request.getRequestURI() + (queryString != null ? "?" + queryString : ""));
077        }
078        
079        return act;
080    }
081}