001/* 002 * (C) Copyright 2006-2012 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Thomas Roger <troger@nuxeo.com> 018 */ 019 020package org.nuxeo.ecm.multi.tenant; 021 022import static org.jboss.seam.ScopeType.STATELESS; 023import static org.jboss.seam.annotations.Install.FRAMEWORK; 024import static org.nuxeo.ecm.multi.tenant.Constants.TENANT_ID_PROPERTY; 025 026import java.io.Serializable; 027import java.util.List; 028 029import org.apache.commons.lang.StringUtils; 030import org.jboss.seam.annotations.In; 031import org.jboss.seam.annotations.Install; 032import org.jboss.seam.annotations.Name; 033import org.jboss.seam.annotations.Scope; 034import org.nuxeo.ecm.core.api.CoreSession; 035import org.nuxeo.ecm.core.api.DocumentModel; 036import org.nuxeo.ecm.core.api.NuxeoPrincipal; 037import org.nuxeo.ecm.directory.DirectoryException; 038import org.nuxeo.ecm.directory.api.DirectoryService; 039import org.nuxeo.ecm.platform.ui.web.api.NavigationContext; 040import org.nuxeo.ecm.platform.ui.web.util.ComponentUtils; 041import org.nuxeo.ecm.webapp.directory.DirectoryUIActionsBean; 042import org.nuxeo.runtime.api.Framework; 043 044import javax.faces.application.FacesMessage; 045import javax.faces.component.UIComponent; 046import javax.faces.context.FacesContext; 047import javax.faces.validator.ValidatorException; 048 049/** 050 * @author <a href="mailto:troger@nuxeo.com">Thomas Roger</a> 051 * @since 5.6 052 */ 053@Name("multiTenantActions") 054@Scope(STATELESS) 055@Install(precedence = FRAMEWORK) 056public class MultiTenantActions implements Serializable { 057 058 private static final long serialVersionUID = 1L; 059 060 public static final String TENANT_ADMINISTRATORS_VALIDATION_ERROR = "label.tenant.administrators.validation.error"; 061 062 @In(create = true) 063 protected transient CoreSession documentManager; 064 065 @In(create = true) 066 protected NavigationContext navigationContext; 067 068 @In(create = true) 069 protected DirectoryUIActionsBean directoryUIActions; 070 071 public List<DocumentModel> getTenants() { 072 MultiTenantService multiTenantService = Framework.getLocalService(MultiTenantService.class); 073 return multiTenantService.getTenants(); 074 } 075 076 public boolean isTenantIsolationEnabled() { 077 MultiTenantService multiTenantService = Framework.getLocalService(MultiTenantService.class); 078 return multiTenantService.isTenantIsolationEnabled(documentManager); 079 } 080 081 public void enableTenantIsolation() { 082 MultiTenantService multiTenantService = Framework.getLocalService(MultiTenantService.class); 083 multiTenantService.enableTenantIsolation(documentManager); 084 } 085 086 public void disableTenantIsolation() { 087 MultiTenantService multiTenantService = Framework.getLocalService(MultiTenantService.class); 088 multiTenantService.disableTenantIsolation(documentManager); 089 } 090 091 public boolean isReadOnlyDirectory(String directoryName) { 092 MultiTenantService multiTenantService = Framework.getLocalService(MultiTenantService.class); 093 if (multiTenantService.isTenantIsolationEnabled(documentManager)) { 094 if (multiTenantService.isTenantAdministrator(documentManager.getPrincipal())) { 095 DirectoryService directoryService = Framework.getLocalService(DirectoryService.class); 096 return !directoryService.getDirectory(directoryName).isMultiTenant(); 097 } 098 } 099 return directoryUIActions.isReadOnly(directoryName); 100 } 101 102 @SuppressWarnings("unchecked") 103 public void validateTenantAdministrators(FacesContext context, UIComponent component, Object value) 104 { 105 DocumentModel currentDocument = navigationContext.getCurrentDocument(); 106 String currentDocumentTenantId = (String) currentDocument.getPropertyValue(TENANT_ID_PROPERTY); 107 NuxeoPrincipal currentUser = (NuxeoPrincipal) documentManager.getPrincipal(); 108 String currentUserTenantId = currentUser.getTenantId(); 109 if (!StringUtils.isBlank(currentDocumentTenantId) && !StringUtils.isBlank(currentUserTenantId) 110 && currentUserTenantId.equals(currentDocumentTenantId)) { 111 String administratorGroup = MultiTenantHelper.computeTenantAdministratorsGroup(currentDocumentTenantId); 112 if (currentUser.isMemberOf(administratorGroup)) { 113 List<String> users = (List<String>) value; 114 if (!users.contains(currentUser.getName())) { 115 FacesMessage message = new FacesMessage(FacesMessage.SEVERITY_ERROR, ComponentUtils.translate( 116 context, TENANT_ADMINISTRATORS_VALIDATION_ERROR), null); 117 throw new ValidatorException(message); 118 } 119 } 120 } 121 } 122 123}