001/* 002 * Copyright 2017 Anyware Services 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016package org.ametys.plugins.bpm.right; 017 018import java.util.Collections; 019import java.util.Map; 020import java.util.Set; 021 022import org.ametys.core.group.GroupIdentity; 023import org.ametys.core.right.AccessController; 024import org.ametys.core.user.CurrentUserProvider; 025import org.ametys.core.user.UserIdentity; 026import org.ametys.plugins.bpm.BPMWorkflowManager; 027import org.ametys.plugins.bpm.jcr.JCRWorkflow; 028import org.ametys.plugins.bpm.jcr.JCRWorkflowProcess; 029import org.ametys.plugins.explorer.resources.ResourceCollection; 030import org.ametys.plugins.repository.AmetysObject; 031import org.ametys.plugins.repository.AmetysObjectResolver; 032import org.apache.avalon.framework.service.ServiceException; 033import org.apache.avalon.framework.service.ServiceManager; 034import org.apache.avalon.framework.service.Serviceable; 035 036/** 037 * Access controller for BPM Workflow processes 038 */ 039public class BPMAccessController implements AccessController, Serviceable 040{ 041 private static final String BPM_WORKFLOWS_PATH = "/ametys:plugins/" + BPMWorkflowManager.BPM_ROOT_NODE + "/" + BPMWorkflowManager.BPMWORKFLOW_ROOT_NODE + "/"; 042 private CurrentUserProvider _currentUserProvider; 043 private BPMWorkflowManager _bpmWorkflowManager; 044 private AmetysObjectResolver _resolver; 045 046 public void service(ServiceManager manager) throws ServiceException 047 { 048 _currentUserProvider = (CurrentUserProvider) manager.lookup(CurrentUserProvider.ROLE); 049 _bpmWorkflowManager = (BPMWorkflowManager) manager.lookup(BPMWorkflowManager.ROLE); 050 _resolver = (AmetysObjectResolver) manager.lookup(AmetysObjectResolver.ROLE); 051 } 052 053 public boolean isSupported(Object object) 054 { 055 return object instanceof AmetysObject && ((AmetysObject) object).getPath().startsWith(BPM_WORKFLOWS_PATH); 056 } 057 058 public AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object) 059 { 060 JCRWorkflowProcess process = null; 061 if (object instanceof JCRWorkflowProcess) 062 { 063 process = (JCRWorkflowProcess) object; 064 } 065 if (object instanceof ResourceCollection) 066 { 067 AmetysObject parent = ((ResourceCollection) object).getParent(); 068 if (parent instanceof JCRWorkflowProcess) 069 { 070 process = (JCRWorkflowProcess) parent; 071 } 072 } 073 074 if (process == null) 075 { 076 return AccessResult.UNKNOWN; 077 } 078 079 if (process.getCreator().equals(_currentUserProvider.getUser())) 080 { 081 return AccessResult.USER_ALLOWED; 082 } 083 084 String workflowId = process.getWorkflow(); 085 JCRWorkflow workflow = _resolver.resolveById(workflowId); 086 087 return _bpmWorkflowManager.isUserInWorkflowVariables(workflow) ? AccessResult.USER_ALLOWED : AccessResult.UNKNOWN; 088 } 089 090 public AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object) 091 { 092 return getPermission(user, userGroups, null, object); 093 } 094 095 public Map<String, AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object) 096 { 097 return Collections.EMPTY_MAP; 098 } 099 100 public AccessResult getPermissionForAnonymous(String rightId, Object object) 101 { 102 return AccessResult.UNKNOWN; 103 } 104 105 106 public AccessResult getReadAccessPermissionForAnonymous(Object object) 107 { 108 return AccessResult.UNKNOWN; 109 } 110 111 public AccessResult getPermissionForAnyConnectedUser(String rightId, Object object) 112 { 113 return AccessResult.UNKNOWN; 114 } 115 116 public AccessResult getReadAccessPermissionForAnyConnectedUser(Object object) 117 { 118 return AccessResult.UNKNOWN; 119 } 120 121 public Map<UserIdentity, AccessResult> getPermissionByUser(String rightId, Object object) 122 { 123 return Collections.EMPTY_MAP; 124 } 125 126 public Map<UserIdentity, AccessResult> getReadAccessPermissionByUser(Object object) 127 { 128 return getPermissionByUser(null, object); 129 } 130 131 public Map<GroupIdentity, AccessResult> getPermissionByGroup(String rightId, Object object) 132 { 133 return Collections.EMPTY_MAP; 134 } 135 136 public Map<GroupIdentity, AccessResult> getReadAccessPermissionByGroup(Object object) 137 { 138 return Collections.EMPTY_MAP; 139 } 140 141 public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups) 142 { 143 return hasUserAnyPermissionOnWorkspace(workspacesContexts, user, userGroups, null); 144 } 145 146 public boolean hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId) 147 { 148 return false; 149 } 150 151 public boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts) 152 { 153 return false; 154 } 155 156 public boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId) 157 { 158 return false; 159 } 160 161 public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts) 162 { 163 return false; 164 } 165 166 public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId) 167 { 168 return false; 169 } 170 171}