001/*
002 * (C) Copyright 2006-2012 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * All rights reserved. This program and the accompanying materials
005 * are made available under the terms of the GNU Lesser General Public License
006 * (LGPL) version 2.1 which accompanies this distribution, and is available at
007 * http://www.gnu.org/licenses/lgpl-2.1.html
008 *
009 * This library is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * Contributors:
015 *     Thomas Roger <troger@nuxeo.com>
016 */
017
018package org.nuxeo.ecm.multi.tenant;
019
020import static org.jboss.seam.ScopeType.STATELESS;
021import static org.jboss.seam.annotations.Install.FRAMEWORK;
022import static org.nuxeo.ecm.multi.tenant.Constants.TENANT_ID_PROPERTY;
023
024import java.io.Serializable;
025import java.util.List;
026
027import org.apache.commons.lang.StringUtils;
028import org.jboss.seam.annotations.In;
029import org.jboss.seam.annotations.Install;
030import org.jboss.seam.annotations.Name;
031import org.jboss.seam.annotations.Scope;
032import org.nuxeo.ecm.core.api.CoreSession;
033import org.nuxeo.ecm.core.api.DocumentModel;
034import org.nuxeo.ecm.core.api.NuxeoPrincipal;
035import org.nuxeo.ecm.directory.DirectoryException;
036import org.nuxeo.ecm.directory.api.DirectoryService;
037import org.nuxeo.ecm.platform.ui.web.api.NavigationContext;
038import org.nuxeo.ecm.platform.ui.web.util.ComponentUtils;
039import org.nuxeo.ecm.webapp.directory.DirectoryUIActionsBean;
040import org.nuxeo.runtime.api.Framework;
041
042import javax.faces.application.FacesMessage;
043import javax.faces.component.UIComponent;
044import javax.faces.context.FacesContext;
045import javax.faces.validator.ValidatorException;
046
047/**
048 * @author <a href="mailto:troger@nuxeo.com">Thomas Roger</a>
049 * @since 5.6
050 */
051@Name("multiTenantActions")
052@Scope(STATELESS)
053@Install(precedence = FRAMEWORK)
054public class MultiTenantActions implements Serializable {
055
056    private static final long serialVersionUID = 1L;
057
058    public static final String TENANT_ADMINISTRATORS_VALIDATION_ERROR = "label.tenant.administrators.validation.error";
059
060    @In(create = true)
061    protected transient CoreSession documentManager;
062
063    @In(create = true)
064    protected NavigationContext navigationContext;
065
066    @In(create = true)
067    protected DirectoryUIActionsBean directoryUIActions;
068
069    public List<DocumentModel> getTenants() {
070        MultiTenantService multiTenantService = Framework.getLocalService(MultiTenantService.class);
071        return multiTenantService.getTenants();
072    }
073
074    public boolean isTenantIsolationEnabled() {
075        MultiTenantService multiTenantService = Framework.getLocalService(MultiTenantService.class);
076        return multiTenantService.isTenantIsolationEnabled(documentManager);
077    }
078
079    public void enableTenantIsolation() {
080        MultiTenantService multiTenantService = Framework.getLocalService(MultiTenantService.class);
081        multiTenantService.enableTenantIsolation(documentManager);
082    }
083
084    public void disableTenantIsolation() {
085        MultiTenantService multiTenantService = Framework.getLocalService(MultiTenantService.class);
086        multiTenantService.disableTenantIsolation(documentManager);
087    }
088
089    public boolean isReadOnlyDirectory(String directoryName) {
090        MultiTenantService multiTenantService = Framework.getLocalService(MultiTenantService.class);
091        if (multiTenantService.isTenantIsolationEnabled(documentManager)) {
092            if (multiTenantService.isTenantAdministrator(documentManager.getPrincipal())) {
093                DirectoryService directoryService = Framework.getLocalService(DirectoryService.class);
094                return !directoryService.getDirectory(directoryName).isMultiTenant();
095            }
096        }
097        return directoryUIActions.isReadOnly(directoryName);
098    }
099
100    @SuppressWarnings("unchecked")
101    public void validateTenantAdministrators(FacesContext context, UIComponent component, Object value)
102            {
103        DocumentModel currentDocument = navigationContext.getCurrentDocument();
104        String currentDocumentTenantId = (String) currentDocument.getPropertyValue(TENANT_ID_PROPERTY);
105        NuxeoPrincipal currentUser = (NuxeoPrincipal) documentManager.getPrincipal();
106        String currentUserTenantId = currentUser.getTenantId();
107        if (!StringUtils.isBlank(currentDocumentTenantId) && !StringUtils.isBlank(currentUserTenantId)
108                && currentUserTenantId.equals(currentDocumentTenantId)) {
109            String administratorGroup = MultiTenantHelper.computeTenantAdministratorsGroup(currentDocumentTenantId);
110            if (currentUser.isMemberOf(administratorGroup)) {
111                List<String> users = (List<String>) value;
112                if (!users.contains(currentUser.getName())) {
113                    FacesMessage message = new FacesMessage(FacesMessage.SEVERITY_ERROR, ComponentUtils.translate(
114                            context, TENANT_ADMINISTRATORS_VALIDATION_ERROR), null);
115                    throw new ValidatorException(message);
116                }
117            }
118        }
119    }
120
121}