Source code

001/*
002 * (C) Copyright 2006-2012 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Thomas Roger <troger@nuxeo.com>
018 */
019
020package org.nuxeo.ecm.multi.tenant;
021
022import static org.jboss.seam.ScopeType.STATELESS;
023import static org.jboss.seam.annotations.Install.FRAMEWORK;
024import static org.nuxeo.ecm.multi.tenant.Constants.TENANT_ID_PROPERTY;
025
026import java.io.Serializable;
027import java.util.List;
028
029import org.apache.commons.lang.StringUtils;
030import org.jboss.seam.annotations.In;
031import org.jboss.seam.annotations.Install;
032import org.jboss.seam.annotations.Name;
033import org.jboss.seam.annotations.Scope;
034import org.nuxeo.ecm.core.api.CoreSession;
035import org.nuxeo.ecm.core.api.DocumentModel;
036import org.nuxeo.ecm.core.api.NuxeoPrincipal;
037import org.nuxeo.ecm.directory.DirectoryException;
038import org.nuxeo.ecm.directory.api.DirectoryService;
039import org.nuxeo.ecm.platform.ui.web.api.NavigationContext;
040import org.nuxeo.ecm.platform.ui.web.util.ComponentUtils;
041import org.nuxeo.ecm.webapp.directory.DirectoryUIActionsBean;
042import org.nuxeo.runtime.api.Framework;
043
044import javax.faces.application.FacesMessage;
045import javax.faces.component.UIComponent;
046import javax.faces.context.FacesContext;
047import javax.faces.validator.ValidatorException;
048
049/**
050 * @author <a href="mailto:troger@nuxeo.com">Thomas Roger</a>
051 * @since 5.6
052 */
053@Name("multiTenantActions")
054@Scope(STATELESS)
055@Install(precedence = FRAMEWORK)
056public class MultiTenantActions implements Serializable {
057
058    private static final long serialVersionUID = 1L;
059
060    public static final String TENANT_ADMINISTRATORS_VALIDATION_ERROR = "label.tenant.administrators.validation.error";
061
062    @In(create = true)
063    protected transient CoreSession documentManager;
064
065    @In(create = true)
066    protected NavigationContext navigationContext;
067
068    @In(create = true)
069    protected DirectoryUIActionsBean directoryUIActions;
070
071    public List<DocumentModel> getTenants() {
072        MultiTenantService multiTenantService = Framework.getLocalService(MultiTenantService.class);
073        return multiTenantService.getTenants();
074    }
075
076    public boolean isTenantIsolationEnabled() {
077        MultiTenantService multiTenantService = Framework.getLocalService(MultiTenantService.class);
078        return multiTenantService.isTenantIsolationEnabled(documentManager);
079    }
080
081    public void enableTenantIsolation() {
082        MultiTenantService multiTenantService = Framework.getLocalService(MultiTenantService.class);
083        multiTenantService.enableTenantIsolation(documentManager);
084    }
085
086    public void disableTenantIsolation() {
087        MultiTenantService multiTenantService = Framework.getLocalService(MultiTenantService.class);
088        multiTenantService.disableTenantIsolation(documentManager);
089    }
090
091    public boolean isReadOnlyDirectory(String directoryName) {
092        MultiTenantService multiTenantService = Framework.getLocalService(MultiTenantService.class);
093        if (multiTenantService.isTenantIsolationEnabled(documentManager)) {
094            if (multiTenantService.isTenantAdministrator(documentManager.getPrincipal())) {
095                DirectoryService directoryService = Framework.getLocalService(DirectoryService.class);
096                return !directoryService.getDirectory(directoryName).isMultiTenant();
097            }
098        }
099        return directoryUIActions.isReadOnly(directoryName);
100    }
101
102    @SuppressWarnings("unchecked")
103    public void validateTenantAdministrators(FacesContext context, UIComponent component, Object value)
104            {
105        DocumentModel currentDocument = navigationContext.getCurrentDocument();
106        String currentDocumentTenantId = (String) currentDocument.getPropertyValue(TENANT_ID_PROPERTY);
107        NuxeoPrincipal currentUser = (NuxeoPrincipal) documentManager.getPrincipal();
108        String currentUserTenantId = currentUser.getTenantId();
109        if (!StringUtils.isBlank(currentDocumentTenantId) && !StringUtils.isBlank(currentUserTenantId)
110                && currentUserTenantId.equals(currentDocumentTenantId)) {
111            String administratorGroup = MultiTenantHelper.computeTenantAdministratorsGroup(currentDocumentTenantId);
112            if (currentUser.isMemberOf(administratorGroup)) {
113                List<String> users = (List<String>) value;
114                if (!users.contains(currentUser.getName())) {
115                    FacesMessage message = new FacesMessage(FacesMessage.SEVERITY_ERROR, ComponentUtils.translate(
116                            context, TENANT_ADMINISTRATORS_VALIDATION_ERROR), null);
117                    throw new ValidatorException(message);
118                }
119            }
120        }
121    }
122
123}