Source code

001/*
002 *  Copyright 2018 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.plugins.workspaces.wall;
017
018import java.util.ArrayList;
019import java.util.Arrays;
020import java.util.HashMap;
021import java.util.List;
022import java.util.Map;
023import java.util.Set;
024
025import org.apache.avalon.framework.service.ServiceException;
026import org.apache.avalon.framework.service.ServiceManager;
027import org.apache.avalon.framework.service.Serviceable;
028import org.apache.commons.collections.MapUtils;
029
030import org.ametys.cms.contenttype.ContentTypesHelper;
031import org.ametys.cms.repository.Content;
032import org.ametys.core.group.GroupIdentity;
033import org.ametys.core.right.AccessController;
034import org.ametys.core.right.AccessControllerExtensionPoint;
035import org.ametys.core.user.UserIdentity;
036import org.ametys.plugins.workspaces.project.ProjectManager;
037import org.ametys.plugins.workspaces.project.objects.Project;
038import org.ametys.plugins.workspaces.project.rights.ProjectAccessController;
039import org.ametys.web.repository.content.WebContent;
040
041/**
042 * {@link AccessController} for a wall content
043 *
044 */
045public class WallContentAccessController implements AccessController, Serviceable
046{
047    private static final String _EDIT_SUPER_RIGHT = "Plugins_Workspaces_Right_Edit_WallContent";
048    private static final String _DELETE_SUPER_RIGHT = "Plugins_Workspaces_Right_Delete_WallContent";
049    private static final String _PIN_SUPER_RIGHT = "Plugins_Workspaces_Right_Pin_WallContent";
050    
051    private static final String __FO_EDITION_RIGHT_ID = "Front_Edition_Access_Right";
052    private static final String __BO_EDITION_RIGHT_ID = "Workflow_Rights_Edition_Online";
053    private static final String __DELETION_RIGHT_ID = "CMS_Rights_DeleteContent";
054    
055    private static final List<String> __AUTHOR_RIGHTS = Arrays.asList(__FO_EDITION_RIGHT_ID, __BO_EDITION_RIGHT_ID, __DELETION_RIGHT_ID);
056    private static final List<String> __KNOWN_RIGHTS = Arrays.asList(__FO_EDITION_RIGHT_ID, __BO_EDITION_RIGHT_ID, __DELETION_RIGHT_ID, _EDIT_SUPER_RIGHT, _DELETE_SUPER_RIGHT, _PIN_SUPER_RIGHT);
057    
058    private ContentTypesHelper _cTypeHelper;
059    private ProjectManager _projectManager;
060    private AccessControllerExtensionPoint _accessControllerExtensionPoint;
061    
062    private AccessController _projectAccessController;
063    private AccessController _workspaceAccessController;
064    
065    public void service(ServiceManager smanager) throws ServiceException
066    {
067        _cTypeHelper = (ContentTypesHelper) smanager.lookup(ContentTypesHelper.ROLE);
068        _projectManager = (ProjectManager) smanager.lookup(ProjectManager.ROLE);
069        _accessControllerExtensionPoint = (AccessControllerExtensionPoint) smanager.lookup(AccessControllerExtensionPoint.ROLE);
070    }
071    
072    public boolean isSupported(Object object)
073    {
074        return object instanceof WebContent && _cTypeHelper.isInstanceOf((WebContent) object, WallContentManager.WALL_CONTENT_CONTENT_TYPE_ID);
075    }
076    
077    private AccessController _getProjectAccessController()
078    {
079        if (_projectAccessController == null)
080        {
081            _projectAccessController = _accessControllerExtensionPoint.getExtension(ProjectAccessController.class.getName());
082        }
083        return _projectAccessController;
084    }
085    
086    private AccessController _getWorkspaceAccessController()
087    {
088        if (_workspaceAccessController == null)
089        {
090            _workspaceAccessController = _accessControllerExtensionPoint.getExtension("workspace");
091        }
092        return _workspaceAccessController;
093    }
094    
095    public AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object)
096    {
097        if (((Content) object).getCreator().equals(user))
098        {
099            return __AUTHOR_RIGHTS.contains(rightId) ? AccessResult.USER_ALLOWED : AccessResult.UNKNOWN;
100        }
101        else if (__KNOWN_RIGHTS.contains(rightId))
102        {
103            return _getWorkspaceAccessController().getPermission(user, userGroups, _convertRightToSuperRight(rightId), "/cms/" + ((WebContent) object).getSiteName());
104        }
105        
106        return AccessResult.UNKNOWN;
107    }
108    
109    private String _convertRightToSuperRight(String rightId)
110    {
111        if (__DELETION_RIGHT_ID.equals(rightId))
112        {
113            return _DELETE_SUPER_RIGHT;
114        }
115        else if (__FO_EDITION_RIGHT_ID.equals(rightId) || __BO_EDITION_RIGHT_ID.equals(rightId))
116        {
117            return _EDIT_SUPER_RIGHT;
118        }
119        return rightId;
120    }
121
122    public AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
123    {
124        List<Project> projects = _getProjects(object);
125        for (Project project : projects)
126        {
127            if (_getProjectAccessController().getReadAccessPermission(user, userGroups, project) == AccessResult.USER_ALLOWED)
128            {
129                return AccessResult.USER_ALLOWED;
130            }
131        }
132        return AccessResult.UNKNOWN;
133    }
134
135    public Map<String, AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
136    {
137        Map<String, AccessResult> permissionByRight = new HashMap<>();
138        
139        if (((Content) object).getCreator().equals(user))
140        {
141            permissionByRight.put(__BO_EDITION_RIGHT_ID, AccessResult.USER_ALLOWED);
142            permissionByRight.put(__BO_EDITION_RIGHT_ID, AccessResult.USER_ALLOWED);
143            permissionByRight.put(__DELETION_RIGHT_ID, AccessResult.USER_ALLOWED);
144        }
145        
146        return permissionByRight;
147    }
148
149    public AccessResult getPermissionForAnonymous(String rightId, Object object)
150    {
151        return AccessResult.UNKNOWN;
152    }
153
154    public AccessResult getReadAccessPermissionForAnonymous(Object object)
155    {
156        return AccessResult.UNKNOWN;
157    }
158
159    public AccessResult getPermissionForAnyConnectedUser(String rightId, Object object)
160    {
161        return AccessResult.UNKNOWN;
162    }
163
164    public AccessResult getReadAccessPermissionForAnyConnectedUser(Object object)
165    {
166        return AccessResult.UNKNOWN;
167    }
168
169    public Map<UserIdentity, AccessResult> getPermissionByUser(String rightId, Object object)
170    {
171        Map<UserIdentity, AccessResult> permissionByUser = new HashMap<>();
172        
173        if (__AUTHOR_RIGHTS.contains(rightId))
174        {
175            permissionByUser.put(((Content) object).getCreator(), AccessResult.USER_ALLOWED);
176        }
177        return permissionByUser;
178    }
179
180    public Map<UserIdentity, AccessResult> getReadAccessPermissionByUser(Object object)
181    {
182        Map<UserIdentity, AccessResult> permissionByUser = new HashMap<>();
183        
184        List<Project> projects = _getProjects(object);
185        for (Project project : projects)
186        {
187            permissionByUser.putAll(_getProjectAccessController().getReadAccessPermissionByUser(project));
188        }
189        
190        return permissionByUser;
191    }
192
193    public Map<GroupIdentity, AccessResult> getPermissionByGroup(String rightId, Object object)
194    {
195        return MapUtils.EMPTY_MAP;
196    }
197
198    public Map<GroupIdentity, AccessResult> getReadAccessPermissionByGroup(Object object)
199    {
200        Map<GroupIdentity, AccessResult> permissionByGroup = new HashMap<>();
201        
202        List<Project> projects = _getProjects(object);
203        for (Project project : projects)
204        {
205            permissionByGroup.putAll(_getProjectAccessController().getReadAccessPermissionByGroup(project));
206        }
207        
208        return permissionByGroup;
209    }
210
211    public boolean hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId)
212    {
213        return false;
214    }
215
216    public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups)
217    {
218        return false;
219    }
220
221    public boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
222    {
223        return false;
224    }
225
226    public boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
227    {
228        return false;
229    }
230
231    public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
232    {
233        return false;
234    }
235
236    public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
237    {
238        return false;
239    }
240    
241    private List<Project> _getProjects(Object object)
242    {
243        if (object instanceof WebContent && _cTypeHelper.isInstanceOf((WebContent) object, WallContentManager.WALL_CONTENT_CONTENT_TYPE_ID))
244        {
245            // Find project
246            return _projectManager.getProjectsForSite(((WebContent) object).getSite());
247        }
248        
249        return new ArrayList<>();
250    }
251
252}