Source code

001/*
002 *  Copyright 2025 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.plugins.workspaces.files;
017
018import java.time.ZonedDateTime;
019import java.util.HashMap;
020import java.util.Map;
021
022import javax.jcr.Node;
023import javax.jcr.NodeIterator;
024import javax.jcr.Repository;
025import javax.jcr.RepositoryException;
026import javax.jcr.Session;
027import javax.jcr.query.Query;
028
029import org.apache.avalon.framework.parameters.Parameters;
030import org.apache.avalon.framework.service.ServiceException;
031import org.apache.avalon.framework.service.ServiceManager;
032import org.apache.cocoon.acting.ServiceableAction;
033import org.apache.cocoon.environment.Redirector;
034import org.apache.cocoon.environment.SourceResolver;
035
036import org.ametys.core.util.DateUtils;
037import org.ametys.plugins.repository.AmetysObjectResolver;
038import org.ametys.plugins.repository.AmetysRepositoryException;
039import org.ametys.plugins.repository.provider.AbstractRepository;
040import org.ametys.plugins.repository.query.QueryHelper;
041import org.ametys.plugins.repository.query.expression.Expression.Operator;
042import org.ametys.plugins.repository.query.expression.StringExpression;
043import org.ametys.plugins.workspaces.documents.jcr.File;
044import org.ametys.plugins.workspaces.documents.jcr.File.PublicLinkToken;
045import org.ametys.runtime.authentication.AccessDeniedException;
046
047/**
048 * Check if a public token allows to download a File.
049 */
050public class CheckWorkspacesFileDownloadPublicTokenReadAccessAction extends ServiceableAction
051{
052    /** The Ametys object resolver. */
053    protected AmetysObjectResolver _resolver;
054    
055    private Repository _repository;
056    
057    @Override
058    public void service(ServiceManager smanager) throws ServiceException
059    {
060        super.service(smanager);
061        _resolver = (AmetysObjectResolver) smanager.lookup(AmetysObjectResolver.ROLE);
062        _repository = (Repository) smanager.lookup(AbstractRepository.ROLE);
063    }
064    
065    @Override
066    public Map act(Redirector redirector, SourceResolver resolver, Map objectModel, String source, Parameters parameters) throws Exception
067    {
068        String tokenId = parameters.getParameter("tokenId", "");
069        PublicLinkToken token = _getTokenByID(tokenId);
070        
071        if (token == null)
072        {
073            throw new AccessDeniedException("CheckPublicTokenReadAccessAction: a valid token must be provided.");
074        }
075        // Get the Ametys object from the token
076        File file = _resolver.resolveById(token.fileId());
077        Map<String, String> result = new HashMap<>();
078        result.put("filePath", file.getPath());
079        
080        return result;
081    }
082
083    private PublicLinkToken _getTokenByID(String tokenId)
084    {
085        Session session = null;
086        try
087        {
088            session = _repository.login();
089
090            StringExpression tokenExpression = new StringExpression(File.TOKEN_ID, Operator.EQ, tokenId);
091            String jcrQuery = QueryHelper.getXPathQuery(null, "ametys:compositeMetadata", tokenExpression);
092            
093            @SuppressWarnings("deprecation")
094            Query query = session.getWorkspace().getQueryManager().createQuery(jcrQuery, Query.XPATH);
095            NodeIterator nodes = query.execute().getNodes();
096            
097            while (nodes.hasNext())
098            {
099                Node node = (Node) nodes.next();
100                String fileId = node.getProperty(File.TOKEN_FILE_ID_PROPERTY).getString();
101                ZonedDateTime date = DateUtils.asZonedDateTime(node.getProperty(File.TOKEN_CREATION_DATE_PROPERTY).getDate());
102
103                // check if node parent parent id is file with correct file id
104                Node tokensNode = node.getParent();
105                Node fileNode = tokensNode.getParent();
106                String fileNodeId = "file://" + fileNode.getIdentifier();
107                if (fileNodeId.equals(fileId))
108                {
109                    return new File.PublicLinkToken(tokenId, date, fileId);
110                }
111            }
112            
113            return null;
114        }
115        catch (RepositoryException ex)
116        {
117            if (session != null)
118            {
119                session.logout();
120            }
121
122            throw new AmetysRepositoryException("An error occurred executing the JCR query to get token " + tokenId, ex);
123        }
124    }
125}