Source code

001/*
002 *  Copyright 2022 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.odf.init;
017
018import java.util.Collections;
019import java.util.Map;
020import java.util.Set;
021
022import org.apache.avalon.framework.context.Context;
023import org.apache.avalon.framework.context.ContextException;
024import org.apache.avalon.framework.context.Contextualizable;
025import org.apache.avalon.framework.service.ServiceException;
026import org.apache.avalon.framework.service.ServiceManager;
027import org.apache.avalon.framework.service.Serviceable;
028import org.apache.cocoon.components.ContextHelper;
029import org.apache.cocoon.environment.Request;
030
031import org.ametys.cms.content.ContentHelper;
032import org.ametys.cms.repository.Content;
033import org.ametys.cms.rights.ReferenceTableAccessController;
034import org.ametys.core.group.GroupIdentity;
035import org.ametys.core.right.AccessController;
036import org.ametys.core.right.RightManager;
037import org.ametys.core.right.RightManager.RightResult;
038import org.ametys.core.user.UserIdentity;
039import org.ametys.runtime.plugins.admin.rights.AdminAccessController;
040
041/**
042 * Access controller to allow users with ODF_Rights_RefTableData_Sync right on context /admin to modify reference tables during initialization only.
043 */
044public class OdfRefTableDataSynchronizationAccessController implements AccessController, Contextualizable, Serviceable
045{
046    /** Attribute to add to activate the current access controller */
047    public static final String ODF_REF_TABLE_SYNCHRONIZATION = OdfRefTableDataSynchronizationAccessController.class.getName() + "$isSynchronization";
048    
049    /** Right to initialize ODF reference table data */
050    public static final String ODF_REF_TABLE_SYNCHRONIZATION_RIGHT = "ODF_Rights_RefTableData_Sync";
051    
052    private static final Set<String> __SUPPORTED_RIGHTS = Set.of("Workflow_Rights_Edition_Online");
053    
054    /** The avalon context */
055    protected Context _context;
056
057    /** The helper for contents */
058    protected ContentHelper _contentHelper;
059    
060    /** The right manager */
061    protected RightManager _rightManager;
062    
063    public void contextualize(Context context) throws ContextException
064    {
065        _context = context;
066    }
067
068    public void service(ServiceManager manager) throws ServiceException
069    {
070        _contentHelper = (ContentHelper) manager.lookup(ContentHelper.ROLE);
071        _rightManager = (RightManager) manager.lookup(RightManager.ROLE);
072    }
073    
074    @Override
075    public boolean isSupported(Object object)
076    {
077        Request request = ContextHelper.getRequest(_context);
078        if (request.getAttribute(ODF_REF_TABLE_SYNCHRONIZATION) != null)
079        {
080            return object instanceof Content && _contentHelper.isReferenceTable((Content) object)
081                    || ReferenceTableAccessController.CONTEXT.equals(object);
082        }
083        
084        return false;
085    }
086    
087    public AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object)
088    {
089        if (__SUPPORTED_RIGHTS.contains(rightId))
090        {
091            RightResult rightResult = _rightManager.hasRight(user, ODF_REF_TABLE_SYNCHRONIZATION, AdminAccessController.ADMIN_RIGHT_CONTEXT);
092            return switch (rightResult)
093            {
094                case RIGHT_ALLOW -> AccessResult.USER_ALLOWED;
095                case RIGHT_DENY -> AccessResult.USER_DENIED;
096                default -> AccessResult.UNKNOWN;
097            };
098        }
099        
100        return AccessResult.UNKNOWN;
101    }
102    
103    public AccessResult getPermissionForAnyConnectedUser(String rightId, Object object)
104    {
105        return AccessResult.UNKNOWN;
106    }
107    
108    public AccessResult getPermissionForAnonymous(String rightId, Object object)
109    {
110        return AccessResult.UNKNOWN;
111    }
112    
113    public Map<GroupIdentity, AccessResult> getPermissionByGroup(String rightId, Object object)
114    {
115        return Collections.EMPTY_MAP;
116    }
117    
118    public Map<UserIdentity, AccessResult> getPermissionByUser(String rightId, Object object)
119    {
120        return Collections.EMPTY_MAP;
121    }
122    
123    public Map<String, AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
124    {
125        return Collections.EMPTY_MAP;
126    }
127    
128    public AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
129    {
130        return AccessResult.UNKNOWN;
131    }
132    
133    public Map<GroupIdentity, AccessResult> getReadAccessPermissionByGroup(Object object)
134    {
135        return Collections.EMPTY_MAP;
136    }
137    
138    public Map<UserIdentity, AccessResult> getReadAccessPermissionByUser(Object object)
139    {
140        return Collections.EMPTY_MAP;
141    }
142    
143    public AccessResult getReadAccessPermissionForAnyConnectedUser(Object object)
144    {
145        return AccessResult.UNKNOWN;
146    }
147    
148    public AccessResult getReadAccessPermissionForAnonymous(Object object)
149    {
150        return AccessResult.UNKNOWN;
151    }
152    
153    public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups)
154    {
155        return false;
156    }
157    
158    public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
159    {
160        return false;
161    }
162    
163    public boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
164    {
165        return false;
166    }
167    
168    public boolean hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId)
169    {
170        return false;
171    }
172    
173    public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
174    {
175        return false;
176    }
177    
178    public boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
179    {
180        return false;
181    }
182}