001/* 002 * Copyright 2017 Anyware Services 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016package org.ametys.plugins.workspaces.wall; 017 018import java.util.Collections; 019import java.util.HashMap; 020import java.util.Map; 021import java.util.Set; 022 023import org.apache.avalon.framework.service.ServiceException; 024import org.apache.avalon.framework.service.ServiceManager; 025import org.apache.avalon.framework.service.Serviceable; 026import org.slf4j.Logger; 027 028import org.ametys.core.group.GroupIdentity; 029import org.ametys.core.right.AccessController; 030import org.ametys.core.user.UserIdentity; 031import org.ametys.plugins.frontedition.AmetysFrontEditionHelper; 032import org.ametys.plugins.workspaces.members.JCRProjectMember; 033import org.ametys.plugins.workspaces.members.JCRProjectMember.MemberType; 034import org.ametys.plugins.workspaces.members.ProjectMemberManager; 035import org.ametys.plugins.workspaces.project.ProjectManager; 036import org.ametys.plugins.workspaces.project.objects.Project; 037import org.ametys.runtime.plugin.component.LogEnabled; 038import org.ametys.web.repository.page.Page; 039import org.ametys.web.repository.page.PagesContainer; 040 041/** 042 * This controller is used to allowed FO edition for wall contents. 043 * This controller grants the right "Front_Edition_Access_Right" on home page (only) to all project's members. 044 */ 045public class WallContentFrontEditionAccessController implements AccessController, Serviceable, LogEnabled 046{ 047 private ProjectManager _projectManager; 048 private ProjectMemberManager _projectMemberManager; 049 050 private Logger _logger; 051 052 public void service(ServiceManager manager) throws ServiceException 053 { 054 _projectManager = (ProjectManager) manager.lookup(ProjectManager.ROLE); 055 _projectMemberManager = (ProjectMemberManager) manager.lookup(ProjectMemberManager.ROLE); 056 } 057 058 public void setLogger(Logger logger) 059 { 060 _logger = logger; 061 } 062 063 public boolean isSupported(Object object) 064 { 065 return object instanceof Page && "index".equals(((Page) object).getPathInSitemap()); 066 } 067 068 public AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object) 069 { 070 if (AmetysFrontEditionHelper.FRONT_EDITION_RIGHT_ID.equals(rightId)) 071 { 072 // User is allowed if he is a member of the project 073 Project project = _getProjectFromContext(object); 074 return project != null && _projectMemberManager.isProjectMember(project, user) ? AccessResult.USER_ALLOWED : AccessResult.UNKNOWN; 075 } 076 else 077 { 078 return AccessResult.UNKNOWN; 079 } 080 } 081 082 public AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object) 083 { 084 return AccessResult.UNKNOWN; 085 } 086 087 public Map<String, AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object) 088 { 089 Project project = _getProjectFromContext(object); 090 if (project != null && _projectMemberManager.isProjectMember(project, user)) 091 { 092 Map<String, AccessResult> permissions = new HashMap<>(); 093 permissions.put(AmetysFrontEditionHelper.FRONT_EDITION_RIGHT_ID, AccessResult.USER_ALLOWED); 094 return permissions; 095 } 096 097 return Collections.EMPTY_MAP; 098 } 099 100 public AccessResult getPermissionForAnonymous(String rightId, Object object) 101 { 102 return AccessResult.UNKNOWN; 103 } 104 105 public AccessResult getReadAccessPermissionForAnonymous(Object object) 106 { 107 return AccessResult.UNKNOWN; 108 } 109 110 public AccessResult getPermissionForAnyConnectedUser(String rightId, Object object) 111 { 112 return AccessResult.UNKNOWN; 113 } 114 115 public AccessResult getReadAccessPermissionForAnyConnectedUser(Object object) 116 { 117 return AccessResult.UNKNOWN; 118 } 119 120 public Map<UserIdentity, AccessResult> getPermissionByUser(String rightId, Object object) 121 { 122 Map<UserIdentity, AccessResult> permissionByUser = new HashMap<>(); 123 124 if (AmetysFrontEditionHelper.FRONT_EDITION_RIGHT_ID.equals(rightId)) 125 { 126 Project project = _getProjectFromContext(object); 127 if (project != null) 128 { 129 Set<JCRProjectMember> members = _projectMemberManager.getProjectMembers(project); 130 for (JCRProjectMember member : members) 131 { 132 if (MemberType.USER.toString().equals(member.getType())) 133 { 134 permissionByUser.put(member.getUser(), AccessResult.USER_ALLOWED); 135 } 136 } 137 } 138 } 139 140 return permissionByUser; 141 } 142 143 public Map<UserIdentity, AccessResult> getReadAccessPermissionByUser(Object object) 144 { 145 return Collections.EMPTY_MAP; 146 } 147 148 public Map<GroupIdentity, AccessResult> getPermissionByGroup(String rightId, Object object) 149 { 150 Map<GroupIdentity, AccessResult> permissionByGroup = new HashMap<>(); 151 152 if (AmetysFrontEditionHelper.FRONT_EDITION_RIGHT_ID.equals(rightId)) 153 { 154 Project project = _getProjectFromContext(object); 155 if (project != null) 156 { 157 Set<JCRProjectMember> members = _projectMemberManager.getProjectMembers(project); 158 for (JCRProjectMember member : members) 159 { 160 if (MemberType.GROUP.toString().equals(member.getType())) 161 { 162 permissionByGroup.put(member.getGroup(), AccessResult.USER_ALLOWED); 163 } 164 } 165 } 166 } 167 168 return permissionByGroup; 169 } 170 171 public Map<GroupIdentity, AccessResult> getReadAccessPermissionByGroup(Object object) 172 { 173 return Collections.EMPTY_MAP; 174 } 175 176 public boolean hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId) 177 { 178 // We do not want that this accesscontroller give access to the backoffice (even if #isSupported would not match in this case) 179 return false; 180 } 181 182 public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups) 183 { 184 return false; 185 } 186 187 public boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId) 188 { 189 // We do not want that this accesscontroller give access to the backoffice (even if #isSupported would not match in this case) 190 return false; 191 } 192 193 public boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts) 194 { 195 return false; 196 } 197 198 public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId) 199 { 200 // We do not want that this accesscontroller give access to the backoffice (even if #isSupported would not match in this case) 201 return false; 202 } 203 204 public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts) 205 { 206 return false; 207 } 208 209 private Project _getProjectFromContext(Object context) 210 { 211 String siteName = _getSiteFromContext(context); 212 if (siteName != null) 213 { 214 for (String projectName : _projectManager.getProjectsForSite(siteName)) 215 { 216 Project project = _projectManager.getProject(projectName); 217 if (project != null) 218 { 219 return project; 220 } 221 else 222 { 223 _logger.warn("Cannot find project '{}' associated to the site '{}'.", projectName, siteName); 224 } 225 } 226 227 _logger.debug("There is no project associated to the site '{}'.", siteName); 228 } 229 230 return null; 231 } 232 233 private String _getSiteFromContext(Object context) 234 { 235 if (context instanceof PagesContainer) 236 { 237 return ((PagesContainer) context).getSiteName(); 238 } 239 return null; 240 } 241 242}