/*
* #%L
* Alfresco Repository
* %%
* Copyright (C) 2005 - 2016 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
* the paid license agreement will prevail. Otherwise, the software is
* provided under the following open source license terms:
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see .
* #L%
*/
package org.alfresco.repo.template;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authority.AuthorityDAO;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.PersonService;
import org.springframework.extensions.surf.util.ParameterCheck;
import org.alfresco.util.ValueDerivingMapFactory;
import org.alfresco.util.ValueDerivingMapFactory.ValueDeriver;
import org.springframework.beans.factory.InitializingBean;
/**
* People and users support in FreeMarker templates.
*
* @author Kevin Roast
*/
public class People extends BaseTemplateProcessorExtension implements InitializingBean
{
/** Repository Service Registry */
private ServiceRegistry services;
private AuthorityDAO authorityDAO;
private AuthorityService authorityService;
private MutableAuthenticationService authenticationService;
private PersonService personService;
private StoreRef storeRef;
private ValueDerivingMapFactory valueDerivingMapFactory;
public void afterPropertiesSet() throws Exception
{
Map > capabilityTesters = new HashMap>(5);
capabilityTesters.put("isAdmin", new ValueDeriver()
{
public Boolean deriveValue(TemplateNode source)
{
return isAdmin(source);
}
});
capabilityTesters.put("isGuest", new ValueDeriver()
{
public Boolean deriveValue(TemplateNode source)
{
return isGuest(source);
}
});
capabilityTesters.put("isMutable", new ValueDeriver()
{
public Boolean deriveValue(TemplateNode source)
{
// Check whether the account is mutable according to the authentication service
String sourceUser = (String) source.getProperties().get(ContentModel.PROP_USERNAME);
if (!authenticationService.isAuthenticationMutable(sourceUser))
{
return false;
}
// Only allow non-admin users to mutate their own accounts
String currentUser = authenticationService.getCurrentUserName();
if (currentUser.equals(sourceUser) || authorityService.isAdminAuthority(currentUser))
{
return true;
}
return false;
}
});
this.valueDerivingMapFactory = new ValueDerivingMapFactory(capabilityTesters);
}
/**
* Set the default store reference
*
* @param storeRef the default store reference
*/
public void setStoreUrl(String storeRef)
{
// ensure this is not set again
if (this.storeRef != null)
{
throw new IllegalStateException("Default store URL can only be set once.");
}
this.storeRef = new StoreRef(storeRef);
}
/**
* Set the service registry
*
* @param serviceRegistry the service registry
*/
public void setServiceRegistry(ServiceRegistry serviceRegistry)
{
this.services = serviceRegistry;
}
/**
* Set the authority DAO
*
* @param authorityDAO authority dao
*/
public void setAuthorityDAO(AuthorityDAO authorityDAO)
{
this.authorityDAO = authorityDAO;
}
/**
* Set the authority service
*
* @param authorityService The authorityService to set.
*/
public void setAuthorityService(AuthorityService authorityService)
{
this.authorityService = authorityService;
}
/**
* Set the person service
*
* @param personService The personService to set.
*/
public void setPersonService(PersonService personService)
{
this.personService = personService;
}
/**
* Sets the authentication service.
*
* @param authenticationService
* the new authentication service
*/
public void setAuthenticationService(MutableAuthenticationService authenticationService)
{
this.authenticationService = authenticationService;
}
/**
* Gets the Person given the username
*
* @param username the username of the person to get
* @return the person node (type cm:person) or null if no such person exists
*/
public TemplateNode getPerson(String username)
{
ParameterCheck.mandatoryString("Username", username);
TemplateNode person = null;
if (personService.personExists(username))
{
NodeRef personRef = personService.getPerson(username);
person = new TemplateNode(personRef, services, getTemplateImageResolver());
}
return person;
}
/**
* Gets the Group given the group name
*
* @param groupName name of group to get
* @return the group node (type usr:authorityContainer) or null if no such group exists
*/
public TemplateNode getGroup(String groupName)
{
ParameterCheck.mandatoryString("GroupName", groupName);
TemplateNode group = null;
NodeRef groupRef = authorityDAO.getAuthorityNodeRefOrNull(groupName);
if (groupRef != null)
{
group = new TemplateNode(groupRef, services, getTemplateImageResolver());
}
return group;
}
/**
* Gets the members (people) of a group (including all sub-groups)
*
* @param group the group to retrieve members for
*
* @return list of nodes representing the group members
*/
public List getMembers(TemplateNode group)
{
ParameterCheck.mandatory("Group", group);
return getContainedAuthorities(group, AuthorityType.USER, true);
}
/**
* Gets the members (people) of a group
*
* @param group the group to retrieve members for
* @param recurse recurse into sub-groups
*
* @return list of nodes representing the group members
*/
public List getMembers(TemplateNode group, boolean recurse)
{
ParameterCheck.mandatory("Group", group);
return getContainedAuthorities(group, AuthorityType.USER, recurse);
}
/**
* Gets the groups that contain the specified authority
*
* @param person the user (cm:person) to get the containing groups for
*
* @return the containing groups as a List of TemplateNode objects, can be null
*/
public List getContainerGroups(TemplateNode person)
{
ParameterCheck.mandatory("Person", person);
List parents;
Set authorities = this.authorityService.getContainingAuthoritiesInZone(
AuthorityType.GROUP,
(String)person.getProperties().get(ContentModel.PROP_USERNAME),
AuthorityService.ZONE_APP_DEFAULT, null, 1000);
parents = new ArrayList(authorities.size());
for (String authority : authorities)
{
TemplateNode group = getGroup(authority);
if (group != null)
{
parents.add(group);
}
}
return parents;
}
/**
* Return true if the specified user is an Administrator authority.
*
* @param person to test
*
* @return true if an admin, false otherwise
*/
public boolean isAdmin(TemplateNode person)
{
ParameterCheck.mandatory("Person", person);
return this.authorityService.isAdminAuthority((String)person.getProperties().get(ContentModel.PROP_USERNAME));
}
/**
* Return true if the specified user is an Guest authority.
*
* @param person to test
*
* @return true if a guest user, false otherwise
*/
public boolean isGuest(TemplateNode person)
{
ParameterCheck.mandatory("Person", person);
return this.authorityService.isGuestAuthority((String)person.getProperties().get(ContentModel.PROP_USERNAME));
}
/**
* Gets a map of capabilities (boolean assertions) for the given person.
*
* @param person the person
* @return the capability map
*/
public Map getCapabilities(final TemplateNode person)
{
ParameterCheck.mandatory("Person", person);
return this.valueDerivingMapFactory.getMap(person);
}
/**
* Return true if the specified user account is enabled.
*
* @param person to test
*
* @return true if account enabled, false if disabled
*/
public boolean isAccountEnabled(TemplateNode person)
{
// Only admins have rights to check authentication enablement
if (this.authorityService.isAdminAuthority(AuthenticationUtil.getFullyAuthenticatedUser()))
{
return this.authenticationService.getAuthenticationEnabled((String) person.getProperties().get(
ContentModel.PROP_USERNAME));
}
return true;
}
/**
* Get Contained Authorities
*
* @param container authority containers
* @param type authority type to filter by
* @param recurse recurse into sub-containers
*
* @return contained authorities
*/
private List getContainedAuthorities(TemplateNode container, AuthorityType type, boolean recurse)
{
List members = null;
if (container.getType().equals(ContentModel.TYPE_AUTHORITY_CONTAINER))
{
String groupName = (String)container.getProperties().get(ContentModel.PROP_AUTHORITY_NAME);
Set authorities = authorityService.getContainedAuthorities(type, groupName, !recurse);
members = new ArrayList(authorities.size());
for (String authority : authorities)
{
AuthorityType authorityType = AuthorityType.getAuthorityType(authority);
if (authorityType.equals(AuthorityType.GROUP))
{
TemplateNode group = getGroup(authority);
if (group != null)
{
members.add(group);
}
}
else if (authorityType.equals(AuthorityType.USER))
{
TemplateNode person = getPerson(authority);
if (person != null)
{
members.add(person);
}
}
}
}
return members != null ? members : Collections.emptyList();
}
}