Source code

001package org.ametys.plugins.workspaces.project.rights.accesscontroller;
002/*
003 *  Copyright 2020 Anyware Services
004 *
005 *  Licensed under the Apache License, Version 2.0 (the "License");
006 *  you may not use this file except in compliance with the License.
007 *  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 *  Unless required by applicable law or agreed to in writing, software
012 *  distributed under the License is distributed on an "AS IS" BASIS,
013 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 *  See the License for the specific language governing permissions and
015 *  limitations under the License.
016 */
017import java.util.HashMap;
018import java.util.Map;
019import java.util.Set;
020
021import org.apache.avalon.framework.service.ServiceException;
022import org.apache.avalon.framework.service.ServiceManager;
023import org.apache.avalon.framework.service.Serviceable;
024
025import org.ametys.core.group.GroupIdentity;
026import org.ametys.core.right.AccessController;
027import org.ametys.core.right.AllowedUsers;
028import org.ametys.core.right.RightManager;
029import org.ametys.core.user.UserIdentity;
030import org.ametys.plugins.workspaces.project.ProjectManager;
031import org.ametys.plugins.workspaces.report.ReportHelper;
032import org.ametys.web.repository.page.Page;
033import org.ametys.web.repository.page.Page.PageType;
034import org.ametys.web.repository.page.ZoneItem;
035import org.ametys.web.repository.page.ZoneItem.ZoneType;
036
037/**
038 * This {@link AccessController} handles read access to the report page.
039 */
040public class ReportsPageAccessController implements AccessController, Serviceable
041{
042    /** The reports helper */
043    protected ReportHelper _reportHelper;
044    /** The project manager */
045    protected ProjectManager _projectManager;
046    private RightManager _rightManager;
047
048    public void service(ServiceManager manager) throws ServiceException
049    {
050        _projectManager = (ProjectManager) manager.lookup(ProjectManager.ROLE);
051        _reportHelper = (ReportHelper) manager.lookup(ReportHelper.ROLE);
052        _rightManager = (RightManager) manager.lookup(RightManager.ROLE);
053    }
054    
055    public boolean isSupported(Object object)
056    {
057        return object instanceof Page && isReportPage((Page) object);
058    }
059
060    public AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
061    {
062        if (_reportHelper.hasSuperRight() || _projectManager.isManager(user))
063        {
064            return AccessResult.USER_ALLOWED;
065        }
066        return AccessResult.USER_DENIED;
067    }
068
069    public AccessResult getReadAccessPermissionForAnonymous(Object object)
070    {
071        return AccessResult.ANONYMOUS_DENIED;
072    }
073    
074    public AccessResult getReadAccessPermissionForAnyConnectedUser(Object object)
075    {
076        return AccessResult.ANY_CONNECTED_DENIED;
077    }
078    
079    public Map<UserIdentity, AccessResult> getReadAccessPermissionByUser(Object object)
080    {
081        Map<UserIdentity, AccessResult> results = new HashMap<>();
082        
083        AllowedUsers allowedUsers = _rightManager.getAllowedUsers(ReportHelper.REPORT_ALL_RIGHT_ID, "/cms");
084        
085        for (UserIdentity user : allowedUsers.getAllowedUsers())
086        {
087            results.put(user, AccessResult.USER_ALLOWED);
088        }
089        
090        Set<UserIdentity> managers = _projectManager.getManagers();
091        for (UserIdentity manager : managers)
092        {
093            results.put(manager, AccessResult.USER_ALLOWED);
094        }
095        
096        return results;
097    }
098    
099    public Map<GroupIdentity, AccessResult> getReadAccessPermissionByGroup(Object object)
100    {
101        Map<GroupIdentity, AccessResult> results = new HashMap<>();
102        
103        AllowedUsers allowedUsers = _rightManager.getAllowedUsers(ReportHelper.REPORT_ALL_RIGHT_ID, "/cms");
104        
105        for (GroupIdentity group : allowedUsers.getAllowedGroups())
106        {
107            results.put(group, AccessResult.GROUP_ALLOWED);
108        }
109        
110        return results;
111    }
112    
113    public AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object)
114    {
115        return AccessResult.UNKNOWN;
116    }
117
118    public Map<String, AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
119    {
120        return Map.of();
121    }
122
123    public AccessResult getPermissionForAnonymous(String rightId, Object object)
124    {
125        return AccessResult.UNKNOWN;
126    }
127
128    public AccessResult getPermissionForAnyConnectedUser(String rightId, Object object)
129    {
130        return AccessResult.UNKNOWN;
131    }
132
133    public Map<UserIdentity, AccessResult> getPermissionByUser(String rightId, Object object)
134    {
135        return Map.of();
136    }
137
138    public Map<GroupIdentity, AccessResult> getPermissionByGroup(String rightId, Object object)
139    {
140        return Map.of();
141    }
142
143    public boolean hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId)
144    {
145        return false;
146    }
147
148    public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups)
149    {
150        return false;
151    }
152
153    public boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
154    {
155        return false;
156    }
157
158    public boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
159    {
160        return false;
161    }
162
163    public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
164    {
165        return false;
166    }
167
168    public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
169    {
170        return false;
171    }
172    
173    /**
174     * Determines if the page is a report page
175     * @param page the page
176     * @return true if the page is a report page
177     */
178    protected boolean isReportPage(Page page)
179    {
180        if (page.getSiteName().equals(_projectManager.getCatalogSiteName()) && PageType.CONTAINER == page.getType() && page.hasZone("default"))
181        {
182            ZoneItem cZoneItem = page.getZone("default").getZoneItems().stream()
183                .filter(z -> z.getType() == ZoneType.SERVICE)
184                .filter(z -> z.getServiceId().equals(ReportHelper.REPORT_SERVICE_ID))
185                .findFirst()
186                .orElse(null);
187            
188            return cZoneItem != null;
189        }
190        
191        return false;
192    }
193}