Source code

001/*
002 *  Copyright 2016 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.plugins.workspaces.requests;
017
018import java.util.Map;
019
020import org.apache.avalon.framework.parameters.Parameters;
021import org.apache.cocoon.environment.ObjectModelHelper;
022import org.apache.cocoon.environment.Redirector;
023import org.apache.cocoon.environment.SourceResolver;
024import org.apache.commons.lang3.StringUtils;
025
026import org.ametys.core.ui.Callable;
027import org.ametys.core.ui.ExecuteClientCallsAction;
028import org.ametys.runtime.authentication.AccessDeniedException;
029
030/**
031 * Action executing remote method calls coming from client-side elements.<br>
032 * Called methods should be annotated with {@link Callable}.<br>
033 */
034public class ExecuteWorkspacesClientCallsAction extends ExecuteClientCallsAction
035{
036    private static final String __WORKSPACES_COMPONENTS_PREFIX = "org.ametys.plugins.workspaces.";
037    
038    private static final String __COMMENTS_COMPONENT_ROLE = "org.ametys.cms.repository.comment.CommentsDAO";
039    
040    @Override
041    public Map act(Redirector redirector, SourceResolver resolver, Map objectModel, String source, Parameters parameters) throws Exception
042    {
043        @SuppressWarnings("unchecked")
044        Map<String, Object> jsParameters = (Map<String, Object>) objectModel.get(ObjectModelHelper.PARENT_CONTEXT);
045
046        // Find the corresponding object, either a component or an extension
047        String role = (String) jsParameters.get("role");
048        
049        if (role == null || (!StringUtils.startsWith(role, __WORKSPACES_COMPONENTS_PREFIX) && !__COMMENTS_COMPONENT_ROLE.equals(role)))
050        {
051            throw new AccessDeniedException("Only workspaces Callables are allowed to be executed.");
052        }
053        
054        return super.act(redirector, resolver, objectModel, source, parameters);
055    }
056}