Source code

001/*
002 * (C) Copyright 2006-2018 Nuxeo (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Thomas Roger <troger@nuxeo.com>
018 */
019
020package org.nuxeo.ecm.multi.tenant;
021
022import static org.jboss.seam.ScopeType.STATELESS;
023import static org.jboss.seam.annotations.Install.FRAMEWORK;
024import static org.nuxeo.ecm.multi.tenant.Constants.TENANT_ID_PROPERTY;
025
026import java.io.Serializable;
027import java.util.List;
028
029import javax.faces.application.FacesMessage;
030import javax.faces.component.UIComponent;
031import javax.faces.context.FacesContext;
032import javax.faces.validator.ValidatorException;
033
034import org.apache.commons.lang3.StringUtils;
035import org.jboss.seam.annotations.In;
036import org.jboss.seam.annotations.Install;
037import org.jboss.seam.annotations.Name;
038import org.jboss.seam.annotations.Scope;
039import org.nuxeo.ecm.core.api.CoreSession;
040import org.nuxeo.ecm.core.api.DocumentModel;
041import org.nuxeo.ecm.core.api.NuxeoPrincipal;
042import org.nuxeo.ecm.directory.api.DirectoryService;
043import org.nuxeo.ecm.platform.ui.web.api.NavigationContext;
044import org.nuxeo.ecm.platform.ui.web.util.ComponentUtils;
045import org.nuxeo.ecm.webapp.directory.DirectoryUIActionsBean;
046import org.nuxeo.runtime.api.Framework;
047
048/**
049 * @author <a href="mailto:troger@nuxeo.com">Thomas Roger</a>
050 * @since 5.6
051 */
052@Name("multiTenantActions")
053@Scope(STATELESS)
054@Install(precedence = FRAMEWORK)
055public class MultiTenantActions implements Serializable {
056
057    private static final long serialVersionUID = 1L;
058
059    public static final String TENANT_ADMINISTRATORS_VALIDATION_ERROR = "label.tenant.administrators.validation.error";
060
061    @In(create = true)
062    protected transient CoreSession documentManager;
063
064    @In(create = true)
065    protected NavigationContext navigationContext;
066
067    @In(create = true)
068    protected DirectoryUIActionsBean directoryUIActions;
069
070    public List<DocumentModel> getTenants() {
071        MultiTenantService multiTenantService = Framework.getService(MultiTenantService.class);
072        return multiTenantService.getTenants();
073    }
074
075    public boolean isTenantIsolationEnabled() {
076        MultiTenantService multiTenantService = Framework.getService(MultiTenantService.class);
077        return multiTenantService.isTenantIsolationEnabled(documentManager);
078    }
079
080    public void enableTenantIsolation() {
081        MultiTenantService multiTenantService = Framework.getService(MultiTenantService.class);
082        multiTenantService.enableTenantIsolation(documentManager);
083    }
084
085    public void disableTenantIsolation() {
086        MultiTenantService multiTenantService = Framework.getService(MultiTenantService.class);
087        multiTenantService.disableTenantIsolation(documentManager);
088    }
089
090    public boolean isReadOnlyDirectory(String directoryName) {
091        MultiTenantService multiTenantService = Framework.getService(MultiTenantService.class);
092        if (multiTenantService.isTenantIsolationEnabled(documentManager)) {
093            if (multiTenantService.isTenantAdministrator(documentManager.getPrincipal())) {
094                DirectoryService directoryService = Framework.getService(DirectoryService.class);
095                return !directoryService.getDirectory(directoryName).isMultiTenant();
096            }
097        }
098        return directoryUIActions.isReadOnly(directoryName);
099    }
100
101    @SuppressWarnings("unchecked")
102    public void validateTenantAdministrators(FacesContext context, UIComponent component, Object value) {
103        DocumentModel currentDocument = navigationContext.getCurrentDocument();
104        String currentDocumentTenantId = (String) currentDocument.getPropertyValue(TENANT_ID_PROPERTY);
105        NuxeoPrincipal currentUser = documentManager.getPrincipal();
106        String currentUserTenantId = currentUser.getTenantId();
107        if (!StringUtils.isBlank(currentDocumentTenantId) && !StringUtils.isBlank(currentUserTenantId)
108                && currentUserTenantId.equals(currentDocumentTenantId)) {
109            String administratorGroup = MultiTenantHelper.computeTenantAdministratorsGroup(currentDocumentTenantId);
110            if (currentUser.isMemberOf(administratorGroup)) {
111                List<String> users = (List<String>) value;
112                if (!users.contains(currentUser.getName())) {
113                    FacesMessage message = new FacesMessage(FacesMessage.SEVERITY_ERROR,
114                            ComponentUtils.translate(context, TENANT_ADMINISTRATORS_VALIDATION_ERROR), null);
115                    throw new ValidatorException(message);
116                }
117            }
118        }
119    }
120
121}