001/* 002 * (C) Copyright 2006-2012 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the GNU Lesser General Public License 006 * (LGPL) version 2.1 which accompanies this distribution, and is available at 007 * http://www.gnu.org/licenses/lgpl-2.1.html 008 * 009 * This library is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * Contributors: 015 * Thomas Roger <troger@nuxeo.com> 016 */ 017 018package org.nuxeo.ecm.multi.tenant; 019 020import static org.jboss.seam.ScopeType.STATELESS; 021import static org.jboss.seam.annotations.Install.FRAMEWORK; 022import static org.nuxeo.ecm.multi.tenant.Constants.TENANT_ID_PROPERTY; 023 024import java.io.Serializable; 025import java.util.List; 026 027import org.apache.commons.lang.StringUtils; 028import org.jboss.seam.annotations.In; 029import org.jboss.seam.annotations.Install; 030import org.jboss.seam.annotations.Name; 031import org.jboss.seam.annotations.Scope; 032import org.nuxeo.ecm.core.api.CoreSession; 033import org.nuxeo.ecm.core.api.DocumentModel; 034import org.nuxeo.ecm.core.api.NuxeoPrincipal; 035import org.nuxeo.ecm.directory.DirectoryException; 036import org.nuxeo.ecm.directory.api.DirectoryService; 037import org.nuxeo.ecm.platform.ui.web.api.NavigationContext; 038import org.nuxeo.ecm.platform.ui.web.util.ComponentUtils; 039import org.nuxeo.ecm.webapp.directory.DirectoryUIActionsBean; 040import org.nuxeo.runtime.api.Framework; 041 042import javax.faces.application.FacesMessage; 043import javax.faces.component.UIComponent; 044import javax.faces.context.FacesContext; 045import javax.faces.validator.ValidatorException; 046 047/** 048 * @author <a href="mailto:troger@nuxeo.com">Thomas Roger</a> 049 * @since 5.6 050 */ 051@Name("multiTenantActions") 052@Scope(STATELESS) 053@Install(precedence = FRAMEWORK) 054public class MultiTenantActions implements Serializable { 055 056 private static final long serialVersionUID = 1L; 057 058 public static final String TENANT_ADMINISTRATORS_VALIDATION_ERROR = "label.tenant.administrators.validation.error"; 059 060 @In(create = true) 061 protected transient CoreSession documentManager; 062 063 @In(create = true) 064 protected NavigationContext navigationContext; 065 066 @In(create = true) 067 protected DirectoryUIActionsBean directoryUIActions; 068 069 public List<DocumentModel> getTenants() { 070 MultiTenantService multiTenantService = Framework.getLocalService(MultiTenantService.class); 071 return multiTenantService.getTenants(); 072 } 073 074 public boolean isTenantIsolationEnabled() { 075 MultiTenantService multiTenantService = Framework.getLocalService(MultiTenantService.class); 076 return multiTenantService.isTenantIsolationEnabled(documentManager); 077 } 078 079 public void enableTenantIsolation() { 080 MultiTenantService multiTenantService = Framework.getLocalService(MultiTenantService.class); 081 multiTenantService.enableTenantIsolation(documentManager); 082 } 083 084 public void disableTenantIsolation() { 085 MultiTenantService multiTenantService = Framework.getLocalService(MultiTenantService.class); 086 multiTenantService.disableTenantIsolation(documentManager); 087 } 088 089 public boolean isReadOnlyDirectory(String directoryName) { 090 MultiTenantService multiTenantService = Framework.getLocalService(MultiTenantService.class); 091 if (multiTenantService.isTenantIsolationEnabled(documentManager)) { 092 if (multiTenantService.isTenantAdministrator(documentManager.getPrincipal())) { 093 DirectoryService directoryService = Framework.getLocalService(DirectoryService.class); 094 return !directoryService.getDirectory(directoryName).isMultiTenant(); 095 } 096 } 097 return directoryUIActions.isReadOnly(directoryName); 098 } 099 100 @SuppressWarnings("unchecked") 101 public void validateTenantAdministrators(FacesContext context, UIComponent component, Object value) 102 { 103 DocumentModel currentDocument = navigationContext.getCurrentDocument(); 104 String currentDocumentTenantId = (String) currentDocument.getPropertyValue(TENANT_ID_PROPERTY); 105 NuxeoPrincipal currentUser = (NuxeoPrincipal) documentManager.getPrincipal(); 106 String currentUserTenantId = currentUser.getTenantId(); 107 if (!StringUtils.isBlank(currentDocumentTenantId) && !StringUtils.isBlank(currentUserTenantId) 108 && currentUserTenantId.equals(currentDocumentTenantId)) { 109 String administratorGroup = MultiTenantHelper.computeTenantAdministratorsGroup(currentDocumentTenantId); 110 if (currentUser.isMemberOf(administratorGroup)) { 111 List<String> users = (List<String>) value; 112 if (!users.contains(currentUser.getName())) { 113 FacesMessage message = new FacesMessage(FacesMessage.SEVERITY_ERROR, ComponentUtils.translate( 114 context, TENANT_ADMINISTRATORS_VALIDATION_ERROR), null); 115 throw new ValidatorException(message); 116 } 117 } 118 } 119 } 120 121}