Skip to content

Commit

Permalink
feat: Add Spaces Administrators by Template - MEED-7751 - Meeds-io/MI…
Browse files Browse the repository at this point in the history
…Ps#160

This change will allow to designate a space template super administrator in replacement to the previous Spaces Administrators concept, which wasn't related to the used Space Template to create the space.
  • Loading branch information
boubaker committed Nov 11, 2024
1 parent 0946c98 commit e27da62
Show file tree
Hide file tree
Showing 28 changed files with 244 additions and 107 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -558,7 +558,7 @@ default boolean canRedactOnSpace(Space space, String username) {
|| isManager(space, username))) {
return true;
} else {
return isSuperManager(username);
return isSuperManager(space, username);
}
}

Expand All @@ -576,7 +576,7 @@ default boolean canPublishOnSpace(Space space, String username) {
&& (isPublisher(space, username) || isManager(space, username))) {
return true;
} else {
return isSuperManager(username) || isContentPublisher(username);
return isSuperManager(space, username) || isContentPublisher(username);
}
}

Expand All @@ -593,7 +593,7 @@ default boolean canManageSpace(Space space, String username) {
} else if (isMember(space, username) && isManager(space, username)) {
return true;
} else {
return isSuperManager(username);
return isSuperManager(space, username);
}
}

Expand Down Expand Up @@ -641,7 +641,7 @@ default boolean canViewSpace(Space space, String username) {
} else if (isMember(space, username)) {
return true;
} else {
return isSuperManager(username);
return isSuperManager(space, username);
}
}

Expand Down Expand Up @@ -946,6 +946,28 @@ default boolean isSuperManager(String username) {
throw new UnsupportedOperationException();
}

/**
* Checks if the user is a super manager of designated space or not
*
* @param spaceId used {@link Space} identifier to check permissions
* @param username user name
* @return true if the user is a super manager, else false
*/
default boolean isSuperManager(long spaceId, String username) {
return isSuperManager(getSpaceById(spaceId), username);
}

/**
* Checks if the user is a super manager of designated space or not
*
* @param space used {@link Space} to check permissions
* @param username user name
* @return true if the user is a super manager, else false
*/
default boolean isSuperManager(Space space, String username) {
return isSuperManager(username);
}

/**
* Checks if the user is a content manager of all spaces
*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,18 +31,12 @@
import org.exoplatform.social.core.space.model.Space;
import org.exoplatform.social.core.space.spi.SpaceService;

import io.meeds.social.space.template.model.SpaceTemplate;
import io.meeds.social.space.template.service.SpaceTemplateService;

import lombok.Setter;

public class AuthorizationManager extends UserACL {

@Setter
private SpaceService spaceService;

@Setter
private SpaceTemplateService spaceTemplateService;
private SpaceService spaceService;

public AuthorizationManager(InitParams params) {
super(params);
Expand All @@ -51,8 +45,7 @@ public AuthorizationManager(InitParams params) {
@Override
public boolean hasEditPermission(Identity identity, String ownerType, String ownerId, String expression) {
if (PortalConfig.GROUP_TEMPLATE.equalsIgnoreCase(ownerType)) {
SpaceTemplate spaceTemplate = getSpaceTemplateService().getSpaceTemplateByLayout(ownerId);
return spaceTemplate == null ? isAdministrator(identity) : !spaceTemplate.isSystem() && isSpacesAdministrator(identity);
return isAdministrator(identity);
} else if (isSpaceSite(ownerType, ownerId)) {
Space space = getSpaceService().getSpaceByGroupId(ownerId);
return space != null
Expand All @@ -66,22 +59,18 @@ public boolean hasEditPermission(Identity identity, String ownerType, String own
@Override
public boolean hasAccessPermission(Identity identity, String ownerType, String ownerId, Stream<String> expressionsStream) {
if (PortalConfig.GROUP_TEMPLATE.equalsIgnoreCase(ownerType)) {
SpaceTemplate spaceTemplate = getSpaceTemplateService().getSpaceTemplateByLayout(ownerId);
return spaceTemplate == null ? isAdministrator(identity) : isSpacesAdministrator(identity);
return isAdministrator(identity);
} else {
return isSpacesAdministrator(identity, ownerType, ownerId)
|| super.hasAccessPermission(identity, ownerType, ownerId, expressionsStream);
}
return isSpacesAdministrator(identity, ownerType, ownerId)
|| super.hasAccessPermission(identity, ownerType, ownerId, expressionsStream);
}

private boolean isSpacesAdministrator(Identity identity, String ownerType, String ownerId) {
return isSpaceSite(ownerType, ownerId) && isSpacesAdministrator(identity);
}

private boolean isSpacesAdministrator(Identity identity) {
if (isAdministrator(identity)) {
return true;
private boolean isSpacesAdministrator(Identity identity, String ownerType, String groupId) {
if (isSpaceSite(ownerType, groupId)) {
return getSpaceService().isSuperManager(getSpaceService().getSpaceByGroupId(groupId), identity.getUserId());
} else {
return getSpaceService().isSuperManager(identity.getUserId());
return isAdministrator(identity);
}
}

Expand All @@ -97,10 +86,4 @@ private SpaceService getSpaceService() {
return spaceService;
}

public SpaceTemplateService getSpaceTemplateService() {
if (spaceTemplateService == null) {
spaceTemplateService = ExoContainerContext.getService(SpaceTemplateService.class);
}
return spaceTemplateService;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ public boolean canAccess(PermanentLinkObject object, Identity identity) throws O
throw new ObjectNotFoundException(String.format("Space with id %s not found", object.getObjectId()));
} else {
String username = identity.getUserId();
return spaceService.isSuperManager(username)
return spaceService.isSuperManager(space, username)
|| spaceService.isInvitedUser(space, username)
|| spaceService.isMember(space, username)
|| (!StringUtils.equals(Space.HIDDEN, space.getVisibility())
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -229,7 +229,7 @@ public Space createSpace(Space space, String username, List<Identity> identities
spaceLifeCycle.resetCurrentEvent(Type.SPACE_CREATED);
}

long bannerId = spaceTemplateService.getSpaceTemplateBannerId(spaceTemplate.getId());
long bannerId = getSpaceTemplateService().getSpaceTemplateBannerId(spaceTemplate.getId());
if (bannerId > 0) {
duplicateBannerById(createdSpace, bannerId, username);
}
Expand Down Expand Up @@ -599,6 +599,17 @@ public boolean canAccessSpacePublicSite(Space space, String username) {
return false;
}

@Override
public boolean canManageSpace(Space space, String username) {
if (username == null || space == null) {
return false;
} else if (isMember(space, username) && isManager(space, username)) {
return true;
} else {
return isSuperManager(space, username);
}
}

@Override
public boolean isInvitedUser(Space space, String username) {
return space != null && ArrayUtils.contains(space.getInvitedUsers(), username);
Expand Down Expand Up @@ -917,6 +928,25 @@ public boolean isSuperManager(String username) {
return userAcl.isAdministrator(userAcl.getUserIdentity(username));
}

@Override
public boolean isSuperManager(Space space, String username) {
if (space == null || space.getTemplateId() == 0) {
return isSuperManager(username);
} else {
SpaceTemplate spaceTemplate = getSpaceTemplateService().getSpaceTemplate(space.getTemplateId());
org.exoplatform.services.security.Identity userIdentity = userAcl.getUserIdentity(username);
if (spaceTemplate == null || spaceTemplate.isDeleted()) {
return isSuperManager(username);
} else {
return isSuperManager(username)
|| (CollectionUtils.isNotEmpty(spaceTemplate.getAdminPermissions())
&& spaceTemplate.getAdminPermissions()
.stream()
.anyMatch(permission -> userIdentity.isMemberOf(getMembershipEntry(permission))));
}
}
}

@Override
public boolean canManageSpacePublicSite(Space space, String username) {
return hasSpacePermission(space,
Expand Down Expand Up @@ -1080,10 +1110,10 @@ private boolean hasSpacePermission(Space space, List<String> permissions, String
if (space.getTemplateId() == 0 && CollectionUtils.isEmpty(permissions)) {
return canManageSpace(space, username);
} else if (CollectionUtils.isEmpty(permissions)) {
return isSuperManager(username);
return isSuperManager(space, username);
} else {
org.exoplatform.services.security.Identity userIdentity = userAcl.getUserIdentity(username);
return isSuperManager(username)
return isSuperManager(space, username)
|| (isMember(space, username)
&& permissions.stream().anyMatch(permission -> userIdentity.isMemberOf(getMembershipEntry(permission))));
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,11 @@ public class SpaceTemplateEntity {
@Convert(converter = StringListConverter.class)
@Column(name = "PERMISSIONS")
private List<String> permissions;


@Convert(converter = StringListConverter.class)
@Column(name = "ADMIN_PERMISSIONS")
private List<String> adminPermissions;

@Convert(converter = StringListConverter.class)
@Column(name = "SPACE_LAYOUT_PERMISSIONS")
private List<String> spaceLayoutPermissions;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,8 @@ public class SpaceTemplate implements Cloneable {

private List<String> permissions;

private List<String> adminPermissions;

private List<String> spaceLayoutPermissions;

private List<String> spaceDeletePermissions;
Expand All @@ -78,6 +80,7 @@ public SpaceTemplate clone() { // NOSONAR
system,
layout,
permissions,
adminPermissions,
spaceLayoutPermissions,
spaceDeletePermissions,
spacePublicSitePermissions,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -313,9 +313,12 @@ private boolean canViewTemplate(SpaceTemplate spaceTemplate, String username) {
}
Identity aclIdentity = userAcl.getUserIdentity(username);
return aclIdentity != null
&& spaceTemplate.getPermissions()
.stream()
.anyMatch(expression -> aclIdentity.isMemberOf(getMembershipEntry(expression)));
&& (spaceTemplate.getPermissions()
.stream()
.anyMatch(expression -> aclIdentity.isMemberOf(getMembershipEntry(expression)))
|| spaceTemplate.getAdminPermissions()
.stream()
.anyMatch(expression -> aclIdentity.isMemberOf(getMembershipEntry(expression))));
}

private MembershipEntry getMembershipEntry(String expression) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ public static SpaceTemplate fromEntity(SpaceTemplateEntity entity) {
entity.isSystem(),
entity.getLayout(),
getNonEmptyValueList(entity.getPermissions()),
getNonEmptyValueList(entity.getAdminPermissions()),
getNonEmptyValueList(entity.getSpaceLayoutPermissions()),
getNonEmptyValueList(entity.getSpaceDeletePermissions()),
getNonEmptyValueList(entity.getSpacePublicSitePermissions()),
Expand All @@ -61,6 +62,7 @@ public static SpaceTemplateEntity toEntity(SpaceTemplate model) {
model.isSystem(),
model.getLayout(),
getNonEmptyValueList(model.getPermissions()),
getNonEmptyValueList(model.getAdminPermissions()),
getNonEmptyValueList(model.getSpaceLayoutPermissions()),
getNonEmptyValueList(model.getSpaceDeletePermissions()),
getNonEmptyValueList(model.getSpacePublicSitePermissions()),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1120,4 +1120,10 @@
</addColumn>
</changeSet>

<changeSet author="social" id="1.0.0-121">
<addColumn tableName="SOC_SPACE_TEMPLATES">
<column name="ADMIN_PERMISSIONS" type="NVARCHAR(2000)" />
</addColumn>
</changeSet>

</databaseChangeLog>
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,6 @@
import org.exoplatform.social.core.space.spi.SpaceService;

import io.meeds.social.space.template.model.SpaceTemplate;
import io.meeds.social.space.template.service.SpaceTemplateService;

@RunWith(MockitoJUnitRunner.class)
public class AuthorizationManagerTest {
Expand Down Expand Up @@ -85,9 +84,6 @@ public class AuthorizationManagerTest {
@Mock
UserACL userAcl;

@Mock
SpaceTemplateService spaceTemplateService;

@Mock
InitParams params;

Expand Down Expand Up @@ -126,7 +122,6 @@ public void setup() {

authorizationManager = new AuthorizationManager(params);
authorizationManager.setSpaceService(spaceService);
authorizationManager.setSpaceTemplateService(spaceTemplateService);
}

@Test
Expand Down Expand Up @@ -204,12 +199,6 @@ public void testHasEditPermissionWhenSiteIsASpaceTemplate() {

when(identity.isMemberOf(ADMIN_SPACES_MEMBERSHIP.getGroup(), ADMIN_SPACES_MEMBERSHIP.getMembershipType())).thenReturn(true);
assertTrue(authorizationManager.hasEditPermission(page, identity));

when(spaceTemplateService.getSpaceTemplateByLayout(SPACE_TEMPLATE_PAGE_KEY.getSite().getName())).thenReturn(spaceTemplate);
assertTrue(authorizationManager.hasEditPermission(page, identity));

when(spaceTemplate.isSystem()).thenReturn(true);
assertFalse(authorizationManager.hasEditPermission(page, identity));
}

@Test
Expand Down
Loading

0 comments on commit e27da62

Please sign in to comment.