1 /**
2 * This file Copyright (c) 2015 Magnolia International
3 * Ltd. (http://www.magnolia-cms.com). All rights reserved.
4 *
5 *
6 * This file is dual-licensed under both the Magnolia
7 * Network Agreement and the GNU General Public License.
8 * You may elect to use one or the other of these licenses.
9 *
10 * This file is distributed in the hope that it will be
11 * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12 * implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14 * Redistribution, except as permitted by whichever of the GPL
15 * or MNA you select, is prohibited.
16 *
17 * 1. For the GPL license (GPL), you can redistribute and/or
18 * modify this file under the terms of the GNU General
19 * Public License, Version 3, as published by the Free Software
20 * Foundation. You should have received a copy of the GNU
21 * General Public License, Version 3 along with this program;
22 * if not, write to the Free Software Foundation, Inc., 51
23 * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24 *
25 * 2. For the Magnolia Network Agreement (MNA), this file
26 * and the accompanying materials are made available under the
27 * terms of the MNA which accompanies this distribution, and
28 * is available at http://www.magnolia-cms.com/mna.html
29 *
30 * Any modifications to this file must keep this entire header
31 * intact.
32 *
33 */
34 package info.magnolia.rest.service.command;
35
36 import info.magnolia.cms.security.operations.AccessDefinition;
37 import info.magnolia.commands.CommandsManager;
38 import info.magnolia.context.MgnlContext;
39 import info.magnolia.rest.AbstractEndpoint;
40 import info.magnolia.rest.service.command.definition.CommandDefinition;
41 import info.magnolia.rest.service.command.definition.CommandEndpointDefinition;
42
43 import javax.inject.Inject;
44
45 import org.apache.commons.lang.StringUtils;
46
47 /**
48 * Base class for all command endpoints.
49 *
50 * @param <D> The command endpoint definition
51 * @see info.magnolia.rest.service.command.definition.CommandEndpointDefinition
52 */
53 public class AbstractCommandEndpoint<D extends CommandEndpointDefinition> extends AbstractEndpoint<D> {
54
55 protected static final String STATUS_MESSAGE_OK = "Command execution successful.";
56 protected static final String STATUS_MESSAGE_FORBIDDEN = "Not authorized to execute command.";
57 protected static final String STATUS_MESSAGE_COMMAND_NOT_FOUND = "Command not found.";
58 protected static final String STATUS_MESSAGE_ERROR_OCCURRED = "Error executing command.";
59
60 protected final CommandsManager commandsManager;
61
62 @Inject
63 public AbstractCommandEndpoint(D endpointDefinition, final CommandsManager commandsManager) {
64 super(endpointDefinition);
65 this.commandsManager = commandsManager;
66 }
67
68 /**
69 * Checks whether the current user is allowed to execute the requested command.
70 *
71 * @param catalogName The catalog name (might be null)
72 * @param commandName The command name
73 * @return True if user is allowed to execute command
74 * @see info.magnolia.cms.security.operations.AccessDefinition
75 */
76 protected boolean isCommandExecutableByCurrentUser(String catalogName, String commandName) {
77 if (getEndpointDefinition().getEnabledCommands() == null || commandName == null) {
78 return false;
79 }
80
81 for (CommandDefinition commandDefinition : getEndpointDefinition().getEnabledCommands()) {
82 if (StringUtils.equals(catalogName, commandDefinition.getCatalogName()) && StringUtils.equals(commandName, commandDefinition.getCommandName())) {
83 final AccessDefinition accessDefinition = commandDefinition.getAccess();
84 return accessDefinition != null && accessDefinition.hasAccess(MgnlContext.getUser());
85 }
86 }
87
88 return false;
89 }
90 }