Source code

001/*
002 *  Copyright 2018 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.plugins.userdirectory.rights;
017
018import java.util.Collections;
019import java.util.HashMap;
020import java.util.Map;
021import java.util.Set;
022
023import org.apache.avalon.framework.context.Context;
024import org.apache.avalon.framework.context.ContextException;
025import org.apache.avalon.framework.context.Contextualizable;
026import org.apache.avalon.framework.service.ServiceException;
027import org.apache.avalon.framework.service.ServiceManager;
028import org.apache.avalon.framework.service.Serviceable;
029import org.apache.cocoon.components.ContextHelper;
030
031import org.ametys.core.group.GroupIdentity;
032import org.ametys.core.right.AccessController;
033import org.ametys.core.right.AccessController.Permission.PermissionType;
034import org.ametys.core.right.AccessExplanation;
035import org.ametys.core.right.RightsException;
036import org.ametys.core.user.UserIdentity;
037import org.ametys.plugins.frontedition.AmetysFrontEditionHelper;
038import org.ametys.plugins.repository.AmetysObjectIterable;
039import org.ametys.plugins.userdirectory.UserDirectoryPageHandler;
040import org.ametys.plugins.userdirectory.page.UserPage;
041import org.ametys.runtime.i18n.I18nizableText;
042import org.ametys.runtime.plugin.component.PluginAware;
043import org.ametys.web.WebHelper;
044import org.ametys.web.repository.page.Page;
045import org.ametys.web.repository.site.Site;
046import org.ametys.web.repository.site.SiteManager;
047import org.ametys.web.repository.sitemap.Sitemap;
048import org.ametys.web.rights.PageAccessController;
049
050/**
051 * This controller will grant the right "Front_Edition_Access_Right" on the {@link UserPage} to any connected user
052 */
053public class EditionFOAccessController implements AccessController, Serviceable, Contextualizable, PluginAware
054{
055    /** the user generated page handler */
056    protected UserDirectoryPageHandler _udPageHandler;
057    /** The site manager */
058    protected SiteManager _siteManager;
059    private String _id;
060    private Context _context;
061
062    public void service(ServiceManager manager) throws ServiceException
063    {
064        _siteManager = (SiteManager) manager.lookup(SiteManager.ROLE);
065        _udPageHandler = (UserDirectoryPageHandler) manager.lookup(UserDirectoryPageHandler.ROLE);
066    }
067    
068    public void contextualize(Context context) throws ContextException
069    {
070        _context = context;
071    }
072    
073    public void setPluginInfo(String pluginName, String featureName, String id)
074    {
075        _id = id;
076    }
077    
078    public AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object)
079    {
080        if (AmetysFrontEditionHelper.FRONT_EDITION_RIGHT_ID.equals(rightId) && object instanceof UserPage)
081        {
082            return AccessResult.USER_ALLOWED;
083        }
084        else
085        {
086            return AccessResult.UNKNOWN;
087        }
088    }
089
090    public AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
091    {
092        return AccessResult.UNKNOWN;
093    }
094
095    public Map<String, AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
096    {
097        AccessResult accessResult = getPermission(user, userGroups, AmetysFrontEditionHelper.FRONT_EDITION_RIGHT_ID, object);
098        if (accessResult == AccessResult.UNKNOWN)
099        {
100            return Collections.EMPTY_MAP;
101        }
102        else
103        {
104            Map<String, AccessResult> permissions = new HashMap<>();
105            permissions.put(AmetysFrontEditionHelper.FRONT_EDITION_RIGHT_ID, accessResult);
106            return permissions;
107        }
108    }
109
110    public AccessResult getPermissionForAnonymous(String rightId, Object object)
111    {
112        return AccessResult.UNKNOWN;
113    }
114
115    public AccessResult getReadAccessPermissionForAnonymous(Object object)
116    {
117        return AccessResult.UNKNOWN;
118    }
119
120    public AccessResult getPermissionForAnyConnectedUser(String rightId, Object object)
121    {
122        if (AmetysFrontEditionHelper.FRONT_EDITION_RIGHT_ID.equals(rightId) && object instanceof UserPage)
123        {
124            return AccessResult.ANY_CONNECTED_ALLOWED;
125        }
126        else
127        {
128            return AccessResult.UNKNOWN;
129        }
130    }
131
132    public AccessResult getReadAccessPermissionForAnyConnectedUser(Object object)
133    {
134        return AccessResult.UNKNOWN;
135    }
136
137    public Map<UserIdentity, AccessResult> getPermissionByUser(String rightId, Object object)
138    {
139        return Collections.EMPTY_MAP;
140    }
141
142    public Map<UserIdentity, AccessResult> getReadAccessPermissionByUser(Object object)
143    {
144        return Collections.EMPTY_MAP;
145    }
146
147    public Map<GroupIdentity, AccessResult> getPermissionByGroup(String rightId, Object object)
148    {
149        return Collections.EMPTY_MAP;
150    }
151
152    public Map<GroupIdentity, AccessResult> getReadAccessPermissionByGroup(Object object)
153    {
154        return Collections.EMPTY_MAP;
155    }
156
157    public boolean hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId)
158    {
159        // We do not want that this accesscontroller give access to the backoffice (even if #supports would not match in this case)
160        return false;
161    }
162
163    public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups)
164    {
165        return false;
166    }
167
168    public boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
169    {
170        // We do not want that this accesscontroller give access to the backoffice (even if #supports would not match in this case)
171        return false;
172    }
173
174    public boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
175    {
176        return false;
177    }
178
179    public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
180    {
181        // We do not want that this accesscontroller give access to the backoffice (even if #supports would not match in this case)
182        return false;
183    }
184
185    public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
186    {
187        return false;
188    }
189
190    public boolean supports(Object object)
191    {
192        return object instanceof UserPage;
193    }
194    
195    public AccessExplanation explainPermissionForAnyConnectedUser(String rightId, Object object)
196    {
197        return _getAccessExplanation(getPermissionForAnyConnectedUser(rightId, object), object);
198    }
199    
200    public AccessExplanation explainPermission(UserIdentity user, Set<GroupIdentity> groups, String rightId, Object object)
201    {
202        return _getAccessExplanation(getPermission(user, groups, rightId, object), object);
203    }
204    
205    private AccessExplanation _getAccessExplanation(AccessResult result, Object object)
206    {
207        switch (result)
208        {
209            case USER_ALLOWED:
210            case ANY_CONNECTED_ALLOWED:
211            case UNKNOWN:
212                return new AccessExplanation(
213                        getId(),
214                        result,
215                        new I18nizableText("plugin.user-directory", "PLUGINS_USER_DIRECTORY_FO_ACCESS_CONTROLLER_" + result.name() + "_EXPLANATION",
216                                Map.of("page", getObjectLabel(object)))
217                    );
218            default:
219                return AccessController.getDefaultAccessExplanation(getId(), result);
220        }
221    }
222    
223    @Override
224    public Map<ExplanationObject, Map<Permission, AccessExplanation>> explainAllPermissions(UserIdentity identity, Set<GroupIdentity> groups)
225    {
226        Map<ExplanationObject, Map<Permission, AccessExplanation>> result = new HashMap<>();
227        
228        String siteName = WebHelper.getSiteName(ContextHelper.getRequest(_context));
229        Site site = _siteManager.getSite(siteName);
230        
231        try (AmetysObjectIterable<Sitemap> sitemaps = site.getSitemaps())
232        {
233            for (Sitemap sitemap : sitemaps)
234            {
235                Set<Page> rootPages = _udPageHandler.getUserDirectoryRootPages(siteName, sitemap.getSitemapName());
236                if (!rootPages.isEmpty())
237                {
238                    ExplanationObject context = new ExplanationObject(
239                            "all_user_pages",
240                            new I18nizableText("plugin.user-directory", "PLUGINS_USER_DIRECTORY_FO_ACCESS_CONTROLLER_ALL_USER_PAGE"),
241                            getObjectCategory(null),
242                            10
243                        );
244                    result.put(context, Map.of(new Permission(PermissionType.RIGHT, AmetysFrontEditionHelper.FRONT_EDITION_RIGHT_ID), _getAccessExplanation(AccessResult.USER_ALLOWED, rootPages.stream().findAny().get())));
245                    return result;
246                }
247            }
248        }
249        
250        return result;
251    }
252    
253    public Map<Permission, AccessExplanation> explainAllPermissionsForAnonymous(Object object)
254    {
255        return Map.of();
256    }
257    
258    public Map<Permission, AccessExplanation> explainAllPermissionsForAnyConnected(Object object)
259    {
260        return Map.of(
261                new Permission(PermissionType.RIGHT, AmetysFrontEditionHelper.FRONT_EDITION_RIGHT_ID),
262                explainPermissionForAnyConnectedUser(AmetysFrontEditionHelper.FRONT_EDITION_RIGHT_ID, object));
263    }
264    
265    public Map<UserIdentity, Map<Permission, AccessExplanation>> explainAllPermissionsByUser(Object object)
266    {
267        // This is not the actual answer as the controller explicitly grant USER_ALLOWED to any user
268        // But we won't list all the user…
269        return Map.of();
270    }
271    
272    public Map<GroupIdentity, Map<Permission, AccessExplanation>> explainAllPermissionsByGroup(Object object)
273    {
274        return Map.of();
275    }
276
277    public I18nizableText getObjectLabel(Object object)
278    {
279        if (object instanceof Page page)
280        {
281            return new I18nizableText(page.getTitle());
282        }
283        throw new RightsException("Unsupported context: " + object.toString());
284    }
285
286    public I18nizableText getObjectCategory(Object object)
287    {
288        return PageAccessController.PAGE_CONTEXT_CATEGORY;
289    }
290
291    public String getId()
292    {
293        return _id;
294    }
295}