001/* 002 * Copyright 2022 Anyware Services 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016package org.ametys.plugins.cart.accesscontroller; 017 018import java.util.Collection; 019import java.util.HashMap; 020import java.util.List; 021import java.util.Map; 022import java.util.Set; 023 024import org.apache.avalon.framework.service.ServiceException; 025import org.apache.avalon.framework.service.ServiceManager; 026import org.apache.avalon.framework.service.Serviceable; 027import org.apache.commons.collections.MapUtils; 028 029import org.ametys.core.group.GroupIdentity; 030import org.ametys.core.right.AccessController; 031import org.ametys.core.right.AccessExplanation; 032import org.ametys.core.right.RightsException; 033import org.ametys.core.user.UserIdentity; 034import org.ametys.plugins.cart.Cart; 035import org.ametys.plugins.cart.CartFactory; 036import org.ametys.plugins.core.impl.right.AbstractRightBasedAccessController; 037import org.ametys.plugins.repository.AmetysObjectResolver; 038import org.ametys.plugins.repository.query.QueryHelper; 039import org.ametys.plugins.repository.query.expression.Expression.Operator; 040import org.ametys.plugins.repository.query.expression.UserExpression; 041import org.ametys.runtime.i18n.I18nizableText; 042 043/** 044 * {@link AccessController} to allow read access and handle for author of a cart 045 * 046 */ 047public class CartAuthorAccessController extends AbstractRightBasedAccessController implements Serviceable 048{ 049 private static final List<String> __CREATOR_RIGHTS = List.of("Cart_Rights_Admin"); 050 /** the ametys object resolver */ 051 protected AmetysObjectResolver _resolver; 052 053 public void service(ServiceManager manager) throws ServiceException 054 { 055 _resolver = (AmetysObjectResolver) manager.lookup(AmetysObjectResolver.ROLE); 056 } 057 058 public boolean isSupported(Object object) 059 { 060 return object instanceof Cart; 061 } 062 063 public AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object) 064 { 065 if (((Cart) object).getAuthor().equals(user)) 066 { 067 return __CREATOR_RIGHTS.contains(rightId) ? AccessResult.USER_ALLOWED : AccessResult.UNKNOWN; 068 } 069 070 return AccessResult.UNKNOWN; 071 } 072 073 public AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object) 074 { 075 return ((Cart) object).getAuthor().equals(user) ? AccessResult.USER_ALLOWED : AccessResult.UNKNOWN; 076 } 077 078 /** 079 * If creator, access to a list of rights 080 */ 081 public Map<String, AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object) 082 { 083 Map<String, AccessResult> permissionByRight = new HashMap<>(); 084 085 if (((Cart) object).getAuthor().equals(user)) 086 { 087 for (String rightId : __CREATOR_RIGHTS) 088 { 089 permissionByRight.put(rightId, AccessResult.USER_ALLOWED); 090 } 091 } 092 093 return permissionByRight; 094 } 095 096 public AccessResult getPermissionForAnonymous(String rightId, Object object) 097 { 098 return AccessResult.UNKNOWN; 099 } 100 101 public AccessResult getReadAccessPermissionForAnonymous(Object object) 102 { 103 return AccessResult.UNKNOWN; 104 } 105 106 public AccessResult getPermissionForAnyConnectedUser(String rightId, Object object) 107 { 108 return AccessResult.UNKNOWN; 109 } 110 111 public AccessResult getReadAccessPermissionForAnyConnectedUser(Object object) 112 { 113 return AccessResult.UNKNOWN; 114 } 115 116 /** 117 * If right requested is in the list, the creator is added the list of USER_ALLOWED 118 */ 119 public Map<UserIdentity, AccessResult> getPermissionByUser(String rightId, Object object) 120 { 121 Map<UserIdentity, AccessResult> permissionByUser = new HashMap<>(); 122 123 if (__CREATOR_RIGHTS.contains(rightId)) 124 { 125 permissionByUser.put(((Cart) object).getAuthor(), AccessResult.USER_ALLOWED); 126 } 127 return permissionByUser; 128 } 129 130 public Map<UserIdentity, AccessResult> getReadAccessPermissionByUser(Object object) 131 { 132 return MapUtils.EMPTY_MAP; 133 } 134 135 public Map<GroupIdentity, AccessResult> getPermissionByGroup(String rightId, Object object) 136 { 137 return MapUtils.EMPTY_MAP; 138 } 139 140 public Map<GroupIdentity, AccessResult> getReadAccessPermissionByGroup(Object object) 141 { 142 return MapUtils.EMPTY_MAP; 143 } 144 145 public boolean hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId) 146 { 147 return false; 148 } 149 150 public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups) 151 { 152 return false; 153 } 154 155 public boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId) 156 { 157 return false; 158 } 159 160 public boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts) 161 { 162 return false; 163 } 164 165 public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId) 166 { 167 return false; 168 } 169 170 public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts) 171 { 172 return false; 173 } 174 175 @Override 176 public AccessExplanation getStandardAccessExplanation(AccessResult permission, Object object) 177 { 178 switch (permission) 179 { 180 case USER_ALLOWED: 181 case UNKNOWN: 182 return new AccessExplanation(getId(), permission, 183 new I18nizableText("plugin.cart", "PLUGINS_CART_CREATOR_ACCESS_CONTROLLER_" + permission.name() + "_EXPLANATION", 184 Map.of( 185 "title", getObjectLabel(object) 186 ) 187 ) 188 ); 189 default: 190 return super.getStandardAccessExplanation(permission, object); 191 } 192 } 193 194 @Override 195 public I18nizableText getObjectCategory(Object object) 196 { 197 return CartAccessController.CART_CONTEXT_CATEGORY; 198 } 199 200 @Override 201 public I18nizableText getObjectLabel(Object object) 202 { 203 if (object instanceof Cart cart) 204 { 205 return new I18nizableText(cart.getTitle()); 206 } 207 throw new RightsException("unsupported object :" + object.toString()); 208 } 209 210 @Override 211 protected Iterable< ? extends Object> getHandledObjects(UserIdentity identity, Set<GroupIdentity> groups) 212 { 213 UserExpression authorExpression = new UserExpression(Cart.AUTHOR, Operator.EQ, identity); 214 String query = QueryHelper.getXPathQuery(null, CartFactory.CART_NODETYPE, authorExpression); 215 return _resolver.query(query); 216 } 217 218 @Override 219 protected Collection<String> getHandledRights(UserIdentity identity, Set<GroupIdentity> groups, Object object) 220 { 221 return __CREATOR_RIGHTS; 222 } 223}