From f8b9a18fee7c96f4dbe11011ba67bd4c4639fef5 Mon Sep 17 00:00:00 2001
From: Boubaker Khanfir <boubaker.khanfir@exoplatform.com>
Date: Thu, 14 Nov 2024 15:18:20 +0100
Subject: [PATCH] feat: Allow Space Master to edit space public site -
 MEED-7809 - Meeds-io/MIPs#160 (#4189)

This change will update Layout `UserACL` management API to allow a Space
Master to edit and access public site.
---
 .../authorization/AuthorizationManager.java   | 46 +++++++++++++++----
 .../AuthorizationManagerTest.java             | 24 ++++++++++
 2 files changed, 61 insertions(+), 9 deletions(-)

diff --git a/component/core/src/main/java/io/meeds/social/authorization/AuthorizationManager.java b/component/core/src/main/java/io/meeds/social/authorization/AuthorizationManager.java
index dd58c1a8010..5a1dff8f22b 100644
--- a/component/core/src/main/java/io/meeds/social/authorization/AuthorizationManager.java
+++ b/component/core/src/main/java/io/meeds/social/authorization/AuthorizationManager.java
@@ -26,6 +26,7 @@
 import org.exoplatform.container.xml.InitParams;
 import org.exoplatform.portal.config.UserACL;
 import org.exoplatform.portal.config.model.PortalConfig;
+import org.exoplatform.portal.mop.service.LayoutService;
 import org.exoplatform.services.security.Identity;
 import org.exoplatform.social.core.space.SpaceUtils;
 import org.exoplatform.social.core.space.model.Space;
@@ -36,7 +37,10 @@
 public class AuthorizationManager extends UserACL {
 
   @Setter
-  private SpaceService         spaceService;
+  private SpaceService  spaceService;
+
+  @Setter
+  private LayoutService layoutService;
 
   public AuthorizationManager(InitParams params) {
     super(params);
@@ -52,8 +56,8 @@ public boolean hasEditPermission(Identity identity, String ownerType, String own
              && identity != null
              && getSpaceService().canManageSpaceLayout(space, identity.getUserId());
     }
-    return isSpacesAdministrator(identity, ownerType, ownerId)
-           || super.hasEditPermission(identity, ownerType, ownerId, expression);
+    return super.hasEditPermission(identity, ownerType, ownerId, expression)
+           || isSpacesAdministrator(identity, ownerType, ownerId);
   }
 
   @Override
@@ -61,16 +65,23 @@ public boolean hasAccessPermission(Identity identity, String ownerType, String o
     if (PortalConfig.GROUP_TEMPLATE.equalsIgnoreCase(ownerType)) {
       return isAdministrator(identity);
     } else {
-      return isSpacesAdministrator(identity, ownerType, ownerId)
-             || super.hasAccessPermission(identity, ownerType, ownerId, expressionsStream);
+      return super.hasAccessPermission(identity, ownerType, ownerId, expressionsStream)
+             || isSpacesAdministrator(identity, ownerType, ownerId);
     }
   }
 
-  private boolean isSpacesAdministrator(Identity identity, String ownerType, String groupId) {
-    if (isSpaceSite(ownerType, groupId)) {
-      return getSpaceService().isSuperManager(getSpaceService().getSpaceByGroupId(groupId), identity.getUserId());
+  private boolean isSpacesAdministrator(Identity identity, String ownerType, String ownerId) {
+    if (isAdministrator(identity)) {
+      return true;
+    } else if (isSpaceSite(ownerType, ownerId)) {
+      return getSpaceService().isSuperManager(getSpaceService().getSpaceByGroupId(ownerId), identity.getUserId());
+    } else if (isSpacePublicSite(ownerType, ownerId)) {
+      Space space = getSpaceService().getSpaceById(getSpaceIdFromPublicSite(ownerType, ownerId));
+      return space != null
+             && identity != null
+             && getSpaceService().canManageSpacePublicSite(space, identity.getUserId());
     } else {
-      return isAdministrator(identity);
+      return false;
     }
   }
 
@@ -79,6 +90,16 @@ private boolean isSpaceSite(String ownerType, String ownerId) {
            && StringUtils.startsWith(ownerId, SpaceUtils.SPACE_GROUP_PREFIX);
   }
 
+  private String getSpaceIdFromPublicSite(String ownerType, String ownerId) {
+    PortalConfig portalConfig = getLayoutService().getPortalConfig(ownerType, ownerId);
+    return portalConfig.getProperty(SpaceUtils.PUBLIC_SITE_SPACE_ID);
+  }
+
+  private boolean isSpacePublicSite(String ownerType, String ownerId) {
+    PortalConfig portalConfig = getLayoutService().getPortalConfig(ownerType, ownerId);
+    return portalConfig != null && portalConfig.getProperty(SpaceUtils.PUBLIC_SITE_SPACE_ID) != null;
+  }
+
   private SpaceService getSpaceService() {
     if (spaceService == null) {
       spaceService = ExoContainerContext.getService(SpaceService.class);
@@ -86,4 +107,11 @@ private SpaceService getSpaceService() {
     return spaceService;
   }
 
+  private LayoutService getLayoutService() {
+    if (layoutService == null) {
+      layoutService = ExoContainerContext.getService(LayoutService.class);
+    }
+    return layoutService;
+  }
+
 }
diff --git a/component/core/src/test/java/io/meeds/social/authorization/AuthorizationManagerTest.java b/component/core/src/test/java/io/meeds/social/authorization/AuthorizationManagerTest.java
index 5e1ee5d898d..bdc8cf3d52f 100644
--- a/component/core/src/test/java/io/meeds/social/authorization/AuthorizationManagerTest.java
+++ b/component/core/src/test/java/io/meeds/social/authorization/AuthorizationManagerTest.java
@@ -39,8 +39,10 @@
 import org.exoplatform.portal.mop.page.PageContext;
 import org.exoplatform.portal.mop.page.PageKey;
 import org.exoplatform.portal.mop.page.PageState;
+import org.exoplatform.portal.mop.service.LayoutService;
 import org.exoplatform.services.security.Identity;
 import org.exoplatform.services.security.MembershipEntry;
+import org.exoplatform.social.core.space.SpaceUtils;
 import org.exoplatform.social.core.space.model.Space;
 import org.exoplatform.social.core.space.spi.SpaceService;
 
@@ -81,6 +83,9 @@ public class AuthorizationManagerTest {
   @Mock
   SpaceService                         spaceService;
 
+  @Mock
+  LayoutService                        layoutService;
+
   @Mock
   UserACL                              userAcl;
 
@@ -122,6 +127,7 @@ public void setup() {
 
     authorizationManager = new AuthorizationManager(params);
     authorizationManager.setSpaceService(spaceService);
+    authorizationManager.setLayoutService(layoutService);
   }
 
   @Test
@@ -249,4 +255,22 @@ public void testHasAccessPermissionWhenSiteIsASpace() {
     assertTrue(authorizationManager.hasAccessPermission(page, identity));
   }
 
+  @Test
+  public void testCanEditWhenSiteIsSpacePublicSite() {
+    String spaceId = "2";
+
+    when(identity.getUserId()).thenReturn(TEST_USER);
+    when(portalConfig.getType()).thenReturn(PortalConfig.PORTAL_TYPE);
+    when(portalConfig.getName()).thenReturn("publicSite");
+    assertFalse(authorizationManager.hasEditPermission(portalConfig, identity));
+
+    when(layoutService.getPortalConfig(PortalConfig.PORTAL_TYPE, "publicSite")).thenReturn(portalConfig);
+    when(portalConfig.getProperty(SpaceUtils.PUBLIC_SITE_SPACE_ID)).thenReturn(spaceId);
+    when(spaceService.getSpaceById(spaceId)).thenReturn(space);
+    assertFalse(authorizationManager.hasEditPermission(portalConfig, identity));
+
+    when(spaceService.canManageSpacePublicSite(space, TEST_USER)).thenReturn(true);
+    assertTrue(authorizationManager.hasEditPermission(portalConfig, identity));
+  }
+
 }