001package org.ametys.plugins.workspaces.project.rights.accesscontroller; 002/* 003 * Copyright 2020 Anyware Services 004 * 005 * Licensed under the Apache License, Version 2.0 (the "License"); 006 * you may not use this file except in compliance with the License. 007 * You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017import java.util.HashMap; 018import java.util.Map; 019import java.util.Set; 020 021import org.apache.avalon.framework.service.ServiceException; 022import org.apache.avalon.framework.service.ServiceManager; 023import org.apache.avalon.framework.service.Serviceable; 024 025import org.ametys.core.group.GroupIdentity; 026import org.ametys.core.right.AccessController; 027import org.ametys.core.right.AllowedUsers; 028import org.ametys.core.right.RightManager; 029import org.ametys.core.user.UserIdentity; 030import org.ametys.plugins.workspaces.project.ProjectManager; 031import org.ametys.plugins.workspaces.report.ReportHelper; 032import org.ametys.web.repository.page.Page; 033import org.ametys.web.repository.page.Page.PageType; 034import org.ametys.web.repository.page.ZoneItem; 035import org.ametys.web.repository.page.ZoneItem.ZoneType; 036 037/** 038 * This {@link AccessController} handles read access to the report page. 039 */ 040public class ReportsPageAccessController implements AccessController, Serviceable 041{ 042 /** The reports helper */ 043 protected ReportHelper _reportHelper; 044 /** The project manager */ 045 protected ProjectManager _projectManager; 046 private RightManager _rightManager; 047 048 public void service(ServiceManager manager) throws ServiceException 049 { 050 _projectManager = (ProjectManager) manager.lookup(ProjectManager.ROLE); 051 _reportHelper = (ReportHelper) manager.lookup(ReportHelper.ROLE); 052 _rightManager = (RightManager) manager.lookup(RightManager.ROLE); 053 } 054 055 public boolean isSupported(Object object) 056 { 057 return object instanceof Page && isReportPage((Page) object); 058 } 059 060 public AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object) 061 { 062 if (_reportHelper.hasSuperRight() || _projectManager.isManager(user)) 063 { 064 return AccessResult.USER_ALLOWED; 065 } 066 return AccessResult.USER_DENIED; 067 } 068 069 public AccessResult getReadAccessPermissionForAnonymous(Object object) 070 { 071 return AccessResult.ANONYMOUS_DENIED; 072 } 073 074 public AccessResult getReadAccessPermissionForAnyConnectedUser(Object object) 075 { 076 return AccessResult.ANY_CONNECTED_DENIED; 077 } 078 079 public Map<UserIdentity, AccessResult> getReadAccessPermissionByUser(Object object) 080 { 081 Map<UserIdentity, AccessResult> results = new HashMap<>(); 082 083 AllowedUsers allowedUsers = _rightManager.getAllowedUsers(ReportHelper.REPORT_ALL_RIGHT_ID, "/cms"); 084 085 for (UserIdentity user : allowedUsers.getAllowedUsers()) 086 { 087 results.put(user, AccessResult.USER_ALLOWED); 088 } 089 090 Set<UserIdentity> managers = _projectManager.getManagers(); 091 for (UserIdentity manager : managers) 092 { 093 results.put(manager, AccessResult.USER_ALLOWED); 094 } 095 096 return results; 097 } 098 099 public Map<GroupIdentity, AccessResult> getReadAccessPermissionByGroup(Object object) 100 { 101 Map<GroupIdentity, AccessResult> results = new HashMap<>(); 102 103 AllowedUsers allowedUsers = _rightManager.getAllowedUsers(ReportHelper.REPORT_ALL_RIGHT_ID, "/cms"); 104 105 for (GroupIdentity group : allowedUsers.getAllowedGroups()) 106 { 107 results.put(group, AccessResult.GROUP_ALLOWED); 108 } 109 110 return results; 111 } 112 113 public AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object) 114 { 115 return AccessResult.UNKNOWN; 116 } 117 118 public Map<String, AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object) 119 { 120 return Map.of(); 121 } 122 123 public AccessResult getPermissionForAnonymous(String rightId, Object object) 124 { 125 return AccessResult.UNKNOWN; 126 } 127 128 public AccessResult getPermissionForAnyConnectedUser(String rightId, Object object) 129 { 130 return AccessResult.UNKNOWN; 131 } 132 133 public Map<UserIdentity, AccessResult> getPermissionByUser(String rightId, Object object) 134 { 135 return Map.of(); 136 } 137 138 public Map<GroupIdentity, AccessResult> getPermissionByGroup(String rightId, Object object) 139 { 140 return Map.of(); 141 } 142 143 public boolean hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId) 144 { 145 return false; 146 } 147 148 public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups) 149 { 150 return false; 151 } 152 153 public boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId) 154 { 155 return false; 156 } 157 158 public boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts) 159 { 160 return false; 161 } 162 163 public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId) 164 { 165 return false; 166 } 167 168 public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts) 169 { 170 return false; 171 } 172 173 /** 174 * Determines if the page is a report page 175 * @param page the page 176 * @return true if the page is a report page 177 */ 178 protected boolean isReportPage(Page page) 179 { 180 if (page.getSiteName().equals(_projectManager.getCatalogSiteName()) && PageType.CONTAINER == page.getType() && page.hasZone("default")) 181 { 182 ZoneItem cZoneItem = page.getZone("default").getZoneItems().stream() 183 .filter(z -> z.getType() == ZoneType.SERVICE) 184 .filter(z -> z.getServiceId().equals(ReportHelper.REPORT_SERVICE_ID)) 185 .findFirst() 186 .orElse(null); 187 188 return cZoneItem != null; 189 } 190 191 return false; 192 } 193}