Source code

001/*
002 *  Copyright 2021 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.plugins.odfsync.cdmfr.rights;
017
018import java.util.Collections;
019import java.util.Map;
020import java.util.Set;
021import java.util.stream.Collectors;
022
023import org.apache.avalon.framework.service.ServiceException;
024import org.apache.avalon.framework.service.ServiceManager;
025import org.apache.avalon.framework.service.Serviceable;
026
027import org.ametys.cms.repository.Content;
028import org.ametys.core.group.GroupIdentity;
029import org.ametys.core.right.AccessController;
030import org.ametys.core.right.AccessExplanation;
031import org.ametys.core.right.RightsException;
032import org.ametys.core.right.RightsExtensionPoint;
033import org.ametys.core.user.UserIdentity;
034import org.ametys.core.user.population.UserPopulationDAO;
035import org.ametys.odf.rights.ODFContentHierarchicalAccessController;
036import org.ametys.odf.tree.ODFContentsTreeHelper;
037import org.ametys.plugins.contentio.synchronize.SynchronizableContentsCollection;
038import org.ametys.plugins.contentio.synchronize.SynchronizableContentsCollectionDAO;
039import org.ametys.plugins.contentio.synchronize.SynchronizableContentsCollectionHelper;
040import org.ametys.plugins.odfsync.cdmfr.RemoteCDMFrSynchronizableContentsCollection;
041import org.ametys.runtime.i18n.I18nizableText;
042import org.ametys.runtime.plugin.component.PluginAware;
043
044/**
045 * {@link AccessController} for contents imported by remote CDM-fr SCC
046 */
047public class RemoteCDMFrSCCAccessController implements AccessController, Serviceable, PluginAware
048{
049    /** The ODF contents tree helper */
050    protected ODFContentsTreeHelper _odfContentsTreeHelper;
051    private SynchronizableContentsCollectionHelper _sccHelper;
052    private SynchronizableContentsCollectionDAO _collectionsDAO;
053    private RightsExtensionPoint _rightsExtensionPoint;
054    private String _id;
055
056    public void service(ServiceManager manager) throws ServiceException
057    {
058        _odfContentsTreeHelper = (ODFContentsTreeHelper) manager.lookup(ODFContentsTreeHelper.ROLE);
059        _sccHelper = (SynchronizableContentsCollectionHelper) manager.lookup(SynchronizableContentsCollectionHelper.ROLE);
060        _collectionsDAO = (SynchronizableContentsCollectionDAO) manager.lookup(SynchronizableContentsCollectionDAO.ROLE);
061        _rightsExtensionPoint = (RightsExtensionPoint) manager.lookup(RightsExtensionPoint.ROLE);
062    }
063    
064    public void setPluginInfo(String pluginName, String featureName, String id)
065    {
066        _id = id;
067    }
068
069    public AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object)
070    {
071        return UserPopulationDAO.SYSTEM_USER_IDENTITY.equals(user) ? AccessResult.USER_ALLOWED : AccessResult.UNKNOWN;
072    }
073
074    public AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
075    {
076        return UserPopulationDAO.SYSTEM_USER_IDENTITY.equals(user) ? AccessResult.USER_ALLOWED : AccessResult.UNKNOWN;
077    }
078
079    public Map<String, AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
080    {
081        if (UserPopulationDAO.SYSTEM_USER_IDENTITY.equals(user))
082        {
083            return _rightsExtensionPoint.getExtensionsIds().stream().collect(Collectors.toMap(rightId -> rightId, rightId -> AccessResult.USER_ALLOWED));
084        }
085        else
086        {
087            return Collections.EMPTY_MAP;
088        }
089    }
090
091    public AccessResult getPermissionForAnonymous(String rightId, Object object)
092    {
093        return AccessResult.UNKNOWN;
094    }
095
096    public AccessResult getReadAccessPermissionForAnonymous(Object object)
097    {
098        return AccessResult.UNKNOWN;
099    }
100
101    public AccessResult getPermissionForAnyConnectedUser(String rightId, Object object)
102    {
103        return AccessResult.UNKNOWN;
104    }
105
106    public AccessResult getReadAccessPermissionForAnyConnectedUser(Object object)
107    {
108        return AccessResult.UNKNOWN;
109    }
110
111    public Map<UserIdentity, AccessResult> getPermissionByUser(String rightId, Object object)
112    {
113        return Map.of(UserPopulationDAO.SYSTEM_USER_IDENTITY, AccessResult.USER_ALLOWED);
114    }
115
116    public Map<UserIdentity, AccessResult> getReadAccessPermissionByUser(Object object)
117    {
118        return getPermissionByUser(null, object);
119    }
120
121    public Map<GroupIdentity, AccessResult> getPermissionByGroup(String rightId, Object object)
122    {
123        return Collections.EMPTY_MAP;
124    }
125
126    public Map<GroupIdentity, AccessResult> getReadAccessPermissionByGroup(Object object)
127    {
128        return Collections.EMPTY_MAP;
129    }
130
131    public boolean hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId)
132    {
133        return UserPopulationDAO.SYSTEM_USER_IDENTITY.equals(user);
134    }
135
136    public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups)
137    {
138        return hasUserAnyPermissionOnWorkspace(workspacesContexts, user, userGroups, null);
139    }
140
141    public boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
142    {
143        return false;
144    }
145
146    public boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
147    {
148        return false;
149    }
150
151    public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
152    {
153        return false;
154    }
155
156    public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
157    {
158        return false;
159    }
160
161    public boolean isSupported(Object object)
162    {
163        if (object instanceof Content)
164        {
165            Content content = (Content) object;
166            Set<String> collectionIds = _sccHelper.getSynchronizableCollectionIds(content);
167            for (String collectionId : collectionIds)
168            {
169                SynchronizableContentsCollection scc = _collectionsDAO.getSynchronizableContentsCollection(collectionId);
170                if (scc instanceof RemoteCDMFrSynchronizableContentsCollection)
171                {
172                    return true;
173                }
174            }
175        }
176
177        return false;
178    }
179    
180    @Override
181    public AccessExplanation explainReadAccessPermission(UserIdentity user, Set<GroupIdentity> groups, Object context)
182    {
183        if (UserPopulationDAO.SYSTEM_USER_IDENTITY.equals(user))
184        {
185            return new AccessExplanation(getId(), AccessResult.USER_ALLOWED,
186                    new I18nizableText("plugin.odf-sync", "PLUGINS_ODF_SYNC_CDMFR_ACCESS_CONTROLLER_SYSTEM_USER_ALLOWED",
187                            Map.of("title", new I18nizableText(((Content) context).getTitle()))));
188        }
189        return AccessController.getDefaultAccessExplanation(getId(), AccessResult.UNKNOWN);
190    }
191    
192    @Override
193    public AccessExplanation explainPermission(UserIdentity user, Set<GroupIdentity> groups, String rightId, Object context)
194    {
195        if (UserPopulationDAO.SYSTEM_USER_IDENTITY.equals(user))
196        {
197            return new AccessExplanation(getId(), AccessResult.USER_ALLOWED,
198                    new I18nizableText("plugin.odf-sync", "PLUGINS_ODF_SYNC_CDMFR_ACCESS_CONTROLLER_SYSTEM_USER_ALLOWED",
199                            Map.of("title", getObjectLabel(context))));
200        }
201        return AccessController.getDefaultAccessExplanation(getId(), AccessResult.UNKNOWN);
202    }
203    
204    public I18nizableText getObjectLabel(Object object)
205    {
206        if (object instanceof Content content)
207        {
208            return ODFContentHierarchicalAccessController.getContentObjectLabel(content, _odfContentsTreeHelper);
209        }
210        throw new RightsException("Unsupported context: " + object.toString());
211    }
212    
213    @Override
214    public Map<ExplanationObject, Map<Permission, AccessExplanation>> explainAllPermissions(UserIdentity identity, Set<GroupIdentity> groups)
215    {
216        // Only grant permission in admin context
217        return Map.of();
218    }
219    
220    public I18nizableText getObjectCategory(Object object)
221    {
222        return ODFContentHierarchicalAccessController.ODF_CONTEXT_CATEGORY;
223    }
224    
225    public String getId()
226    {
227        return _id;
228    }
229}