Source code

001/*
002 *  Copyright 2023 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.web.content.consistency;
017
018import java.util.ArrayList;
019import java.util.List;
020import java.util.Map;
021
022import org.apache.avalon.framework.context.Context;
023import org.apache.avalon.framework.context.ContextException;
024import org.apache.avalon.framework.context.Contextualizable;
025import org.apache.avalon.framework.service.ServiceException;
026import org.apache.avalon.framework.service.ServiceManager;
027import org.apache.cocoon.ProcessingException;
028import org.apache.cocoon.components.ContextHelper;
029import org.apache.cocoon.environment.Request;
030
031import org.ametys.cms.content.consistency.ContentConsistencyResult;
032import org.ametys.core.right.RightManager;
033import org.ametys.core.right.RightManager.RightResult;
034import org.ametys.core.ui.Callable;
035import org.ametys.plugins.repository.query.expression.Expression;
036import org.ametys.plugins.repository.query.expression.Expression.Operator;
037import org.ametys.plugins.repository.query.expression.MetadataExpression;
038import org.ametys.plugins.repository.query.expression.NotExpression;
039import org.ametys.plugins.repository.query.expression.OrExpression;
040import org.ametys.plugins.repository.query.expression.StringExpression;
041import org.ametys.runtime.authentication.AccessDeniedException;
042import org.ametys.web.WebHelper;
043
044/**
045 * Override to restrict the search to the current site or outside
046 */
047public class ContentConsistencySearcher extends org.ametys.cms.content.consistency.ContentConsistencySearcher implements Contextualizable
048{
049    /** right id to access consistency result for out of site content */
050    public static final String WEB_RIGHTS_TOOLS_GLOBAL_CONSISTENCY_NO_SITE = "Web_Rights_Tools_GlobalConsistency_No_Site";
051    private Context _context;
052    private RightManager _rightManager;
053
054    @Override
055    public void service(ServiceManager manager) throws ServiceException
056    {
057        super.service(manager);
058        _rightManager = (RightManager) manager.lookup(RightManager.ROLE);
059    }
060    
061    public void contextualize(Context context) throws ContextException
062    {
063        _context = context;
064    }
065    
066    // Override to add the no site right to the callable
067    @Override
068    @Callable
069    public Map<String, Object> searchResults(Map<String, Object> jsonParams) throws ProcessingException
070    {
071        if (RightResult.RIGHT_ALLOW.equals(_rightManager.currentUserHasRight(CMS_RIGHTS_TOOLS_GLOBAL_CONSISTENCY, "/${WorkspaceName}"))
072        || RightResult.RIGHT_ALLOW.equals(_rightManager.currentUserHasRight(WEB_RIGHTS_TOOLS_GLOBAL_CONSISTENCY_NO_SITE, "/${WorkspaceName}")))
073        {
074            return super.searchResults(jsonParams);
075        }
076        else
077        {
078            throw new AccessDeniedException("The current user  tried to access the callable method [ContentConsistencySearcher#searchResults] without sufficient rights");
079        }
080    }
081    
082    @Override
083    protected Expression getExpression(List<Expression> criteriaExpressions)
084    {
085        // Filter result based on allowed context for user
086        Request request = ContextHelper.getRequest(_context);
087        String siteName = WebHelper.getSiteName(request);
088        List<Expression> contextExpression = new ArrayList<>();
089        if (siteName != null && _rightManager.currentUserHasRight(CMS_RIGHTS_TOOLS_GLOBAL_CONSISTENCY, "/${WorkspaceName}") == RightResult.RIGHT_ALLOW)
090        {
091            contextExpression.add(new StringExpression(ContentConsistencyResult.CONTEXT, Operator.EQ, siteName));
092        }
093        
094        if (_rightManager.currentUserHasRight(WEB_RIGHTS_TOOLS_GLOBAL_CONSISTENCY_NO_SITE, "/${WorkspaceName}") == RightResult.RIGHT_ALLOW)
095        {
096            contextExpression.add(new NotExpression(new MetadataExpression(ContentConsistencyResult.CONTEXT)));
097        }
098        
099        criteriaExpressions.add(new OrExpression(contextExpression.toArray(size -> new Expression[size])));
100        
101        return super.getExpression(criteriaExpressions);
102    }
103}