Source code

001/*
002 *  Copyright 2025 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.plugins.skineditor.skin;
017
018import java.util.Map;
019
020import org.apache.avalon.framework.parameters.Parameters;
021import org.apache.avalon.framework.service.ServiceException;
022import org.apache.avalon.framework.service.ServiceManager;
023import org.apache.cocoon.acting.ServiceableAction;
024import org.apache.cocoon.environment.Redirector;
025import org.apache.cocoon.environment.SourceResolver;
026
027import org.ametys.core.right.RightManager;
028import org.ametys.core.right.RightManager.RightResult;
029import org.ametys.core.user.CurrentUserProvider;
030import org.ametys.core.user.UserIdentity;
031import org.ametys.runtime.authentication.AccessDeniedException;
032import org.ametys.runtime.authentication.AuthorizationRequiredException;
033import org.ametys.web.skin.SkinsManager;
034
035/**
036 * Check that user can access to the feature
037 */
038public class CheckRightAction extends ServiceableAction
039{
040    private CurrentUserProvider _currentUserProvider;
041    private RightManager _rightManager;
042    private SkinsManager _skinManager;
043
044    @Override
045    public void service(ServiceManager smanager) throws ServiceException
046    {
047        _currentUserProvider = (CurrentUserProvider) smanager.lookup(CurrentUserProvider.ROLE);
048        _rightManager = (RightManager) smanager.lookup(RightManager.ROLE);
049        _skinManager = (SkinsManager) smanager.lookup(SkinsManager.ROLE);
050    }
051    
052    public Map act(Redirector redirector, SourceResolver resolver, Map objectModel, String source, Parameters parameters) throws Exception
053    {
054        UserIdentity user = _currentUserProvider.getUser();
055        String skinName = parameters.getParameter("skinName");
056        
057        if (user == null)
058        {
059            // User not yet authenticated
060            throw new AuthorizationRequiredException();
061        }
062        if (!(_rightManager.hasRight(user, SkinDAO.EDIT_SKINS_RIGHT_ID, "/${WorkspaceName}") == RightResult.RIGHT_ALLOW || _rightManager.hasRight(user, SkinDAO.EDIT_CURRENT_SKIN_RIGHT_ID, "/${WorkspaceName}") == RightResult.RIGHT_ALLOW && skinName.equals(_skinManager.getSkinNameFromRequest())))
063        {
064            // User is not authorized
065            throw new AccessDeniedException("User " + user + " try to access feature without convenient right");
066        }
067        
068        // User has access to the feature
069        return null;
070    }
071}