Source code

001/*
002 *  Copyright 2025 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.plugins.workspaces.files;
017
018import java.time.ZonedDateTime;
019import java.util.HashMap;
020import java.util.Map;
021
022import javax.jcr.Node;
023import javax.jcr.NodeIterator;
024import javax.jcr.Repository;
025import javax.jcr.RepositoryException;
026import javax.jcr.Session;
027import javax.jcr.query.Query;
028
029import org.apache.avalon.framework.parameters.Parameters;
030import org.apache.avalon.framework.service.ServiceException;
031import org.apache.avalon.framework.service.ServiceManager;
032import org.apache.cocoon.acting.ServiceableAction;
033import org.apache.cocoon.environment.Redirector;
034import org.apache.cocoon.environment.SourceResolver;
035
036import org.ametys.core.util.DateUtils;
037import org.ametys.plugins.repository.AmetysObjectResolver;
038import org.ametys.plugins.repository.AmetysRepositoryException;
039import org.ametys.plugins.repository.provider.AbstractRepository;
040import org.ametys.plugins.repository.query.QueryHelper;
041import org.ametys.plugins.repository.query.expression.Expression.Operator;
042import org.ametys.plugins.repository.query.expression.StringExpression;
043import org.ametys.plugins.workspaces.documents.jcr.File;
044import org.ametys.plugins.workspaces.documents.jcr.File.PublicLinkToken;
045import org.ametys.plugins.workspaces.documents.jcr.FileFactory;
046import org.ametys.runtime.authentication.AccessDeniedException;
047
048/**
049 * Check if a public token allows to download a File.
050 */
051public class CheckWorkspacesFileDownloadPublicTokenReadAccessAction extends ServiceableAction
052{
053    /** The Ametys object resolver. */
054    protected AmetysObjectResolver _resolver;
055    
056    private Repository _repository;
057    
058    @Override
059    public void service(ServiceManager smanager) throws ServiceException
060    {
061        super.service(smanager);
062        _resolver = (AmetysObjectResolver) smanager.lookup(AmetysObjectResolver.ROLE);
063        _repository = (Repository) smanager.lookup(AbstractRepository.ROLE);
064    }
065    
066    @Override
067    public Map act(Redirector redirector, SourceResolver resolver, Map objectModel, String source, Parameters parameters) throws Exception
068    {
069        String tokenId = parameters.getParameter("tokenId", "");
070        PublicLinkToken token = _getTokenByID(tokenId);
071        
072        if (token == null)
073        {
074            throw new AccessDeniedException("CheckPublicTokenReadAccessAction: a valid token must be provided.");
075        }
076        // Get the Ametys object from the token
077        File file = _resolver.resolveById(token.fileId());
078        Map<String, String> result = new HashMap<>();
079        result.put("filePath", file.getPath());
080        
081        return result;
082    }
083
084    private PublicLinkToken _getTokenByID(String tokenId)
085    {
086        Session session = null;
087        try
088        {
089            session = _repository.login();
090
091            StringExpression tokenExpression = new StringExpression(File.TOKEN_ID, Operator.EQ, tokenId);
092            String jcrQuery = QueryHelper.getXPathQuery(null, "ametys:compositeMetadata", tokenExpression);
093            
094            @SuppressWarnings("deprecation")
095            Query query = session.getWorkspace().getQueryManager().createQuery(jcrQuery, Query.XPATH);
096            NodeIterator nodes = query.execute().getNodes();
097            
098            while (nodes.hasNext())
099            {
100                Node node = (Node) nodes.next();
101                String fileId = node.getProperty(File.TOKEN_FILE_ID_PROPERTY).getString();
102                ZonedDateTime date = DateUtils.asZonedDateTime(node.getProperty(File.TOKEN_CREATION_DATE_PROPERTY).getDate());
103
104                // check if node parent parent id is file with correct file id
105                Node tokensNode = node.getParent();
106                Node fileNode = tokensNode.getParent();
107                String fileNodeId = FileFactory.FILE_PROTOCOL_PREFIX + fileNode.getIdentifier();
108                if (fileNodeId.equals(fileId))
109                {
110                    return new File.PublicLinkToken(tokenId, date, fileId);
111                }
112            }
113            
114            return null;
115        }
116        catch (RepositoryException ex)
117        {
118            if (session != null)
119            {
120                session.logout();
121            }
122
123            throw new AmetysRepositoryException("An error occurred executing the JCR query to get token " + tokenId, ex);
124        }
125    }
126}