Source code

001/*
002 *  Copyright 2026 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.plugins.extraction.rights;
017
018import java.util.Map;
019
020import org.apache.avalon.framework.parameters.Parameters;
021import org.apache.avalon.framework.service.ServiceException;
022import org.apache.avalon.framework.service.ServiceManager;
023import org.apache.cocoon.environment.Redirector;
024import org.apache.cocoon.environment.SourceResolver;
025
026import org.ametys.core.right.RightManager;
027import org.ametys.core.user.UserIdentity;
028import org.ametys.core.util.cocoon.AbstractCurrentUserProviderServiceableAction;
029import org.ametys.plugins.extraction.ExtractionConstants;
030import org.ametys.runtime.authentication.AccessDeniedException;
031
032/**
033 * Action checking read access right an extraction result file
034 */
035public class CheckReadAccessAction extends AbstractCurrentUserProviderServiceableAction
036{
037    private RightManager _rightManager;
038
039    @Override
040    public void service(ServiceManager smanager) throws ServiceException
041    {
042        super.service(smanager);
043        _rightManager = (RightManager) smanager.lookup(RightManager.ROLE);
044    }
045    
046    @Override
047    public Map act(Redirector redirector, SourceResolver resolver, Map objectModel, String rightId, Parameters parameters) throws Exception
048    {
049        UserIdentity user = _getCurrentUser();
050
051        // Check if the user has the right to read extraction result file, 
052        // - either by having read access to the root results context (only correct way to check right when downloading result file from mail)
053        // - or by having the execute extraction right on the CMS (from BO this right allows user to access to the tool of extraction results)
054        if (_rightManager.hasReadAccess(user, ExtractionAccessController.ROOT_RESULTS_CONTEXT) 
055                || _rightManager.hasRight(user, ExtractionConstants.EXECUTE_EXTRACTION_RIGHT_ID, "/cms") == RightManager.RightResult.RIGHT_ALLOW)
056        {
057            return null;
058        }
059        
060        throw new AccessDeniedException("User " + user + " tried to access to an extraction result file without convenient right.");
061    }
062
063}