001/* 002 * Copyright 2021 Anyware Services 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016package org.ametys.plugins.odfsync.cdmfr.rights; 017 018import java.util.Collections; 019import java.util.Map; 020import java.util.Set; 021import java.util.stream.Collectors; 022 023import org.apache.avalon.framework.service.ServiceException; 024import org.apache.avalon.framework.service.ServiceManager; 025import org.apache.avalon.framework.service.Serviceable; 026 027import org.ametys.cms.repository.Content; 028import org.ametys.core.group.GroupIdentity; 029import org.ametys.core.right.AccessController; 030import org.ametys.core.right.RightsExtensionPoint; 031import org.ametys.core.user.UserIdentity; 032import org.ametys.core.user.population.UserPopulationDAO; 033import org.ametys.plugins.contentio.synchronize.SynchronizableContentsCollection; 034import org.ametys.plugins.contentio.synchronize.SynchronizableContentsCollectionDAO; 035import org.ametys.plugins.contentio.synchronize.SynchronizableContentsCollectionHelper; 036import org.ametys.plugins.odfsync.cdmfr.RemoteCDMFrSynchronizableContentsCollection; 037 038/** 039 * {@link AccessController} for contents imported by remote CDM-fr SCC 040 */ 041public class RemoteCDMFrSCCAccessController implements AccessController, Serviceable 042{ 043 private SynchronizableContentsCollectionHelper _sccHelper; 044 private SynchronizableContentsCollectionDAO _collectionsDAO; 045 private RightsExtensionPoint _rightsExtensionPoint; 046 047 public void service(ServiceManager manager) throws ServiceException 048 { 049 _sccHelper = (SynchronizableContentsCollectionHelper) manager.lookup(SynchronizableContentsCollectionHelper.ROLE); 050 _collectionsDAO = (SynchronizableContentsCollectionDAO) manager.lookup(SynchronizableContentsCollectionDAO.ROLE); 051 _rightsExtensionPoint = (RightsExtensionPoint) manager.lookup(RightsExtensionPoint.ROLE); 052 } 053 054 public AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object) 055 { 056 return UserPopulationDAO.SYSTEM_USER_IDENTITY.equals(user) ? AccessResult.USER_ALLOWED : AccessResult.UNKNOWN; 057 } 058 059 public AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object) 060 { 061 return UserPopulationDAO.SYSTEM_USER_IDENTITY.equals(user) ? AccessResult.USER_ALLOWED : AccessResult.UNKNOWN; 062 } 063 064 public Map<String, AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object) 065 { 066 if (UserPopulationDAO.SYSTEM_USER_IDENTITY.equals(user)) 067 { 068 return _rightsExtensionPoint.getExtensionsIds().stream().collect(Collectors.toMap(rightId -> rightId, rightId -> AccessResult.USER_ALLOWED)); 069 } 070 else 071 { 072 return Collections.EMPTY_MAP; 073 } 074 } 075 076 public AccessResult getPermissionForAnonymous(String rightId, Object object) 077 { 078 return AccessResult.UNKNOWN; 079 } 080 081 public AccessResult getReadAccessPermissionForAnonymous(Object object) 082 { 083 return AccessResult.UNKNOWN; 084 } 085 086 public AccessResult getPermissionForAnyConnectedUser(String rightId, Object object) 087 { 088 return AccessResult.UNKNOWN; 089 } 090 091 public AccessResult getReadAccessPermissionForAnyConnectedUser(Object object) 092 { 093 return AccessResult.UNKNOWN; 094 } 095 096 public Map<UserIdentity, AccessResult> getPermissionByUser(String rightId, Object object) 097 { 098 return Map.of(UserPopulationDAO.SYSTEM_USER_IDENTITY, AccessResult.USER_ALLOWED); 099 } 100 101 public Map<UserIdentity, AccessResult> getReadAccessPermissionByUser(Object object) 102 { 103 return getPermissionByUser(null, object); 104 } 105 106 public Map<GroupIdentity, AccessResult> getPermissionByGroup(String rightId, Object object) 107 { 108 return Collections.EMPTY_MAP; 109 } 110 111 public Map<GroupIdentity, AccessResult> getReadAccessPermissionByGroup(Object object) 112 { 113 return Collections.EMPTY_MAP; 114 } 115 116 public boolean hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId) 117 { 118 return UserPopulationDAO.SYSTEM_USER_IDENTITY.equals(user); 119 } 120 121 public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups) 122 { 123 return hasUserAnyPermissionOnWorkspace(workspacesContexts, user, userGroups, null); 124 } 125 126 public boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId) 127 { 128 return false; 129 } 130 131 public boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts) 132 { 133 return false; 134 } 135 136 public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId) 137 { 138 return false; 139 } 140 141 public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts) 142 { 143 return false; 144 } 145 146 public boolean isSupported(Object object) 147 { 148 if (object instanceof Content) 149 { 150 Content content = (Content) object; 151 Set<String> collectionIds = _sccHelper.getSynchronizableCollectionIds(content); 152 for (String collectionId : collectionIds) 153 { 154 SynchronizableContentsCollection scc = _collectionsDAO.getSynchronizableContentsCollection(collectionId); 155 if (scc instanceof RemoteCDMFrSynchronizableContentsCollection) 156 { 157 return true; 158 } 159 } 160 } 161 162 return false; 163 } 164}