001/*
002 *  Copyright 2016 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.runtime.plugins.admin.superuser;
017
018import java.util.ArrayList;
019import java.util.HashMap;
020import java.util.List;
021import java.util.Map;
022
023import org.apache.avalon.framework.service.ServiceException;
024import org.apache.avalon.framework.service.ServiceManager;
025
026import org.ametys.core.right.Profile;
027import org.ametys.core.right.ProfileAssignmentStorageExtensionPoint;
028import org.ametys.core.right.RightAssignmentContext;
029import org.ametys.core.right.RightAssignmentContextExtensionPoint;
030import org.ametys.core.right.RightProfilesDAO;
031import org.ametys.core.right.RightsExtensionPoint;
032import org.ametys.core.ui.Callable;
033import org.ametys.core.ui.StaticClientSideElement;
034import org.ametys.core.user.UserIdentity;
035import org.ametys.plugins.core.user.UserHelper;
036import org.ametys.runtime.workspace.WorkspaceMatcher;
037
038/**
039 * This implementation creates a control allowing to affect a super user to a given context
040 */
041public class SuperUserClientSideElement extends StaticClientSideElement
042{
043    /** The service manager */
044    protected ServiceManager _sManager;
045    /** The extension point for the rights */
046    protected RightsExtensionPoint _rightsEP;
047    /** The profiles DAO */
048    protected RightProfilesDAO _profilesDAO;
049    /** The profile assignments storage */
050    protected ProfileAssignmentStorageExtensionPoint _profileAssignmentStorageEP;
051    /** The extension point for right contexts */
052    protected RightAssignmentContextExtensionPoint _rightCtxEP;
053    /** The user helper */
054    protected UserHelper _userHelper;
055    
056    @Override
057    public void service(ServiceManager smanager) throws ServiceException
058    {
059        super.service(smanager);
060        _sManager = smanager;
061        _userHelper = (UserHelper) smanager.lookup(UserHelper.ROLE);
062    }
063    
064    /**
065     * Affect a user to the given profile on the given context
066     * @param user The user
067     * @param profileId The profile id
068     * @param jsParameters The client-side parameters
069     */
070    @Callable (rights = "Runtime_Rights_Admin_Access", context = "/admin")
071    public void affectUserToProfile(Map<String, String> user, String profileId, Map<String, Object> jsParameters)
072    {
073        try
074        {
075            if (_profileAssignmentStorageEP == null)
076            {
077                _profileAssignmentStorageEP = (ProfileAssignmentStorageExtensionPoint) _sManager.lookup(ProfileAssignmentStorageExtensionPoint.ROLE);
078            }
079            if (_rightCtxEP == null)
080            {
081                _rightCtxEP = (RightAssignmentContextExtensionPoint) _sManager.lookup(RightAssignmentContextExtensionPoint.ROLE);
082            }
083        }
084        catch (ServiceException e)
085        {
086            throw new IllegalStateException(e);
087        }
088        
089        // Get all root contexts for the configured workspace
090        List<Object> rootContexts = new ArrayList<>();
091        for (String id : _rightCtxEP.getExtensionsIds())
092        {
093            RightAssignmentContext rightCtx = _rightCtxEP.getExtension(id);
094            rootContexts.addAll(rightCtx.getRootContexts(getContextualParameters(jsParameters)));
095        }
096        
097        // Affect user to this profile
098        UserIdentity userIdentity = _userHelper.json2userIdentity(user);
099        for (Object rootContext : rootContexts)
100        {
101            _profileAssignmentStorageEP.removeDeniedProfileFromUser(userIdentity, profileId, rootContext);
102            _profileAssignmentStorageEP.allowProfileToUser(userIdentity, profileId, rootContext);
103        }
104    }
105    
106    /**
107     * Affect a user to a new super profile on the given context. First, a new profile with the given name will be created and filled with all rights, and then the user will be affected.
108     * @param user The user
109     * @param newProfileName The name of the super profile to create
110     * @param jsParameters The client-side parameters
111     * @return The id of the created profile
112     */
113    @Callable (rights = "Runtime_Rights_Admin_Access", context = "/admin")
114    public String affectUserToNewProfile(Map<String, String> user, String newProfileName, Map<String, Object> jsParameters)
115    {
116        try
117        {
118            if (_rightsEP == null)
119            {
120                _rightsEP = (RightsExtensionPoint) _sManager.lookup(RightsExtensionPoint.ROLE);
121            }
122            if (_profilesDAO == null)
123            {
124                _profilesDAO = (RightProfilesDAO) _sManager.lookup(RightProfilesDAO.ROLE);
125            }
126        }
127        catch (ServiceException e)
128        {
129            throw new IllegalStateException(e);
130        }
131        
132        // Create a super profile
133        Profile newSuperProfile = _profilesDAO.addProfile(newProfileName, null);
134        _profilesDAO.addRights(newSuperProfile, new ArrayList<>(_rightsEP.getExtensionsIds()));
135
136        affectUserToProfile(user, newSuperProfile.getId(), jsParameters);
137        
138        return newSuperProfile.getId();
139    }
140    
141    /**
142     * Get the contextual parameters used to determines the root contexts
143     * @param jsParameters the client-side parameters
144     * @return the contextual parameters
145     */
146    protected Map<String, Object> getContextualParameters(Map<String, Object> jsParameters)
147    {
148        Map<String, Object> contextParameters = new HashMap<>(jsParameters);
149        
150        String workspaceName = (String) _script.getParameters().get(WorkspaceMatcher.WORKSPACE_NAME);
151        contextParameters.put(WorkspaceMatcher.WORKSPACE_NAME, workspaceName);
152        return contextParameters;
153    }
154}