001/*
002 *  Copyright 2020 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.plugins.ugc.accesscontroller;
017
018import java.util.HashMap;
019import java.util.List;
020import java.util.Map;
021import java.util.Set;
022
023import org.apache.avalon.framework.service.ServiceException;
024import org.apache.avalon.framework.service.ServiceManager;
025import org.apache.avalon.framework.service.Serviceable;
026import org.apache.commons.collections.MapUtils;
027
028import org.ametys.cms.contenttype.ContentTypesHelper;
029import org.ametys.cms.repository.Content;
030import org.ametys.core.group.GroupIdentity;
031import org.ametys.core.right.AccessController;
032import org.ametys.core.user.UserIdentity;
033import org.ametys.plugins.ugc.UGCConstants;
034
035/**
036 * {@link AccessController} so creator of a UGC content types receive edit/delete rights on it
037 *
038 */
039public class UGCCreatorContentAccessController implements AccessController, Serviceable
040{
041    private static final List<String> __CREATOR_RIGHTS = List.of(
042            "Front_Edition_Access_Right", 
043            "Workflow_Rights_Edition_Online",
044            "CMS_Rights_DeleteContent",
045            "Workflow_Rights_Validate"
046    );
047    
048    /** ContentTypes Helper */
049    protected ContentTypesHelper _cTypeHelper;
050    
051    public void service(ServiceManager smanager) throws ServiceException
052    {
053        _cTypeHelper = (ContentTypesHelper) smanager.lookup(ContentTypesHelper.ROLE);
054    }
055    
056    public boolean isSupported(Object object)
057    {
058        return object instanceof Content && _cTypeHelper.isInstanceOf((Content) object, UGCConstants.UGC_MIXIN_TYPE);
059    }
060    
061    public AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object)
062    {
063        if (object instanceof Content && ((Content) object).getCreator().equals(user))
064        {
065            return __CREATOR_RIGHTS.contains(rightId) ? AccessResult.USER_ALLOWED : AccessResult.UNKNOWN;
066        }
067        
068        return AccessResult.UNKNOWN;
069    }
070
071    public AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
072    {
073        return AccessResult.UNKNOWN;
074    }
075
076    /**
077     * If creator, access to a list of rights
078     */
079    public Map<String, AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
080    {
081        Map<String, AccessResult> permissionByRight = new HashMap<>();
082        
083        if (((Content) object).getCreator().equals(user))
084        {
085            for (String rightId : __CREATOR_RIGHTS)
086            {
087                permissionByRight.put(rightId, AccessResult.USER_ALLOWED);
088            }
089        }
090        
091        return permissionByRight;
092    }
093
094    public AccessResult getPermissionForAnonymous(String rightId, Object object)
095    {
096        return AccessResult.UNKNOWN;
097    }
098
099    public AccessResult getReadAccessPermissionForAnonymous(Object object)
100    {
101        return AccessResult.UNKNOWN;
102    }
103
104    public AccessResult getPermissionForAnyConnectedUser(String rightId, Object object)
105    {
106        return AccessResult.UNKNOWN;
107    }
108
109    public AccessResult getReadAccessPermissionForAnyConnectedUser(Object object)
110    {
111        return AccessResult.UNKNOWN;
112    }
113
114    /**
115     * If right requested is in the list, the creator is added the list of USER_ALLOWED
116     */
117    public Map<UserIdentity, AccessResult> getPermissionByUser(String rightId, Object object)
118    {
119        Map<UserIdentity, AccessResult> permissionByUser = new HashMap<>();
120        
121        if (__CREATOR_RIGHTS.contains(rightId))
122        {
123            permissionByUser.put(((Content) object).getCreator(), AccessResult.USER_ALLOWED);
124        }
125        return permissionByUser;
126    }
127
128    public Map<UserIdentity, AccessResult> getReadAccessPermissionByUser(Object object)
129    {
130        return MapUtils.EMPTY_MAP;
131    }
132
133    public Map<GroupIdentity, AccessResult> getPermissionByGroup(String rightId, Object object)
134    {
135        return MapUtils.EMPTY_MAP;
136    }
137
138    public Map<GroupIdentity, AccessResult> getReadAccessPermissionByGroup(Object object)
139    {
140        return MapUtils.EMPTY_MAP;
141    }
142
143    public boolean hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId)
144    {
145        return false;
146    }
147
148    public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups)
149    {
150        return false;
151    }
152
153    public boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
154    {
155        return false;
156    }
157
158    public boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
159    {
160        return false;
161    }
162
163    public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
164    {
165        return false;
166    }
167
168    public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
169    {
170        return false;
171    }
172}