Source code

001/*
002 *  Copyright 2025 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.plugins.forms;
017
018import java.util.Map;
019
020import org.apache.avalon.framework.parameters.Parameters;
021import org.apache.avalon.framework.service.ServiceException;
022import org.apache.avalon.framework.service.ServiceManager;
023import org.apache.cocoon.acting.ServiceableAction;
024import org.apache.cocoon.environment.Redirector;
025import org.apache.cocoon.environment.SourceResolver;
026
027import org.ametys.core.right.RightManager;
028import org.ametys.core.right.RightManager.RightResult;
029import org.ametys.core.user.CurrentUserProvider;
030import org.ametys.core.user.UserIdentity;
031import org.ametys.runtime.authentication.AccessDeniedException;
032import org.ametys.runtime.authentication.AuthorizationRequiredException;
033
034/**
035 * Check that user can access to the feature
036 */
037public class CheckRightAction extends ServiceableAction
038{
039    private CurrentUserProvider _currentUserProvider;
040    private RightManager _rightManager;
041
042    @Override
043    public void service(ServiceManager smanager) throws ServiceException
044    {
045        _currentUserProvider = (CurrentUserProvider) smanager.lookup(CurrentUserProvider.ROLE);
046        _rightManager = (RightManager) smanager.lookup(RightManager.ROLE);
047    }
048    
049    public Map act(Redirector redirector, SourceResolver resolver, Map objectModel, String source, Parameters parameters) throws Exception
050    {
051        UserIdentity user = _currentUserProvider.getUser();
052        String rightId = parameters.getParameter("rightId");
053        
054        if (user == null)
055        {
056            // User not yet authenticated
057            throw new AuthorizationRequiredException();
058        }
059        else if (_rightManager.hasRight(user, rightId, "/cms") == RightResult.RIGHT_ALLOW)
060        {
061            // User has read access
062            return null;
063        }
064        
065        // User is not authorized
066        throw new AccessDeniedException("User " + user + " try to acces feature without convenient right");
067    }
068}