com.adobe.cq.sites.ui.renderconditions.CanEditTemplateRenderCondition Maven / Gradle / Ivy

Go to download
/*************************************************************************
 *
 * ADOBE CONFIDENTIAL
 * __________________
 *
 *  Copyright 2016 Adobe Systems Incorporated
 *  All Rights Reserved.
 *
 * NOTICE:  All information contained herein is, and remains
 * the property of Adobe Systems Incorporated and its suppliers,
 * if any.  The intellectual and technical concepts contained
 * herein are proprietary to Adobe Systems Incorporated and its
 * suppliers and are protected by trade secret or copyright law.
 * Dissemination of this information or reproduction of this material
 * is strictly forbidden unless prior written permission is obtained
 * from Adobe Systems Incorporated.
 *
 **************************************************************************/
package com.adobe.cq.sites.ui.renderconditions;

import com.adobe.granite.ui.components.Config;
import com.adobe.granite.ui.components.ExpressionHelper;
import com.adobe.granite.ui.components.ExpressionResolver;
import com.adobe.granite.ui.components.rendercondition.RenderCondition;
import com.adobe.granite.ui.components.rendercondition.SimpleRenderCondition;
import com.day.cq.security.util.CqActions;
import com.day.cq.wcm.api.Page;
import com.day.cq.wcm.api.Template;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.sling.SlingServlet;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.servlets.SlingSafeMethodsServlet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.annotation.Nonnull;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.servlet.ServletException;
import java.io.IOException;
import java.security.Principal;
import java.util.Collection;
import java.util.LinkedHashSet;
import java.util.Set;

@SlingServlet(
        methods = {"GET"},
        resourceTypes = {"cq/gui/components/renderconditions/canedittemplate"}
)
/*
 * A condition to determine if the resource at a given path has an editable template and that the user can edit it.
 */
public class CanEditTemplateRenderCondition extends SlingSafeMethodsServlet {

    private final Logger log = LoggerFactory.getLogger(CanEditTemplateRenderCondition.class);

    @Reference
    private ExpressionResolver expressionResolver;

    protected void doGet(@Nonnull SlingHttpServletRequest request, @Nonnull SlingHttpServletResponse response)
            throws ServletException, IOException {

        if (expressionResolver == null) {
            return;
        }

        final ResourceResolver resourceResolver = request.getResourceResolver();

        final ExpressionHelper ex = new ExpressionHelper(expressionResolver, request);
        final Config rcCfg = new Config(request.getResource());
        final String path = ex.getString(rcCfg.get("path", String.class));

        boolean canEditTemplate = false;
        Page targetPage = null;

        if (path != null) {
            Resource pageResource = resourceResolver.resolve(path);
            targetPage = pageResource.adaptTo(Page.class);
        }

        if (targetPage != null) {
            Template template = targetPage.getTemplate();

            if (template != null && template.hasStructureSupport()) {
                try {
                    // Get the set of principals for authorizable
                    Session session = resourceResolver.adaptTo(Session.class);
                    Authorizable authorizable = resourceResolver.adaptTo(Authorizable.class);
                    Set principals = new LinkedHashSet();
                    Principal principal = authorizable.getPrincipal();
                    principals.add(principal);
                    for (PrincipalIterator it = ((JackrabbitSession) session).getPrincipalManager().getGroupMembership(principal); it.hasNext();) {
                        principals.add(it.nextPrincipal());
                    }
                    // Test the modify permission from allowed actions
                    CqActions cqActions = new CqActions(session);
                    Collection allowedActions = cqActions.getAllowedActions(template.getPath(), principals);
                    canEditTemplate = allowedActions.contains("modify");
                } catch (RepositoryException e) {
                    log.error("Unable to retrieve allowed user actions", e);
                }
            }
        }

        request.setAttribute(RenderCondition.class.getName(), new SimpleRenderCondition(canEditTemplate));
    }

}