001: /*
002: * Copyright 2005-2007 The Kuali Foundation.
003: *
004: * Licensed under the Educational Community License, Version 1.0 (the "License");
005: * you may not use this file except in compliance with the License.
006: * You may obtain a copy of the License at
007: *
008: * http://www.opensource.org/licenses/ecl1.php
009: *
010: * Unless required by applicable law or agreed to in writing, software
011: * distributed under the License is distributed on an "AS IS" BASIS,
012: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013: * See the License for the specific language governing permissions and
014: * limitations under the License.
015: */
016: package org.kuali.core.authorization;
017:
018: import java.util.HashMap;
019: import java.util.HashSet;
020: import java.util.Iterator;
021: import java.util.Map;
022: import java.util.Set;
023:
024: import org.apache.commons.lang.StringUtils;
025: import org.apache.commons.logging.Log;
026: import org.apache.commons.logging.LogFactory;
027: import org.kuali.core.bo.user.UniversalUser;
028:
029: /**
030: * AuthorizationStore manages authorization information.
031: */
032: public class AuthorizationStore {
033: // logger
034: private static Log LOG = LogFactory
035: .getLog(AuthorizationStore.class);
036:
037: // authorizationsByTargetType = HashMap( targetType, HashMap( action, Set(groupName) ) )
038: private HashMap authorizationsByTargetType;
039:
040: /**
041: * Constructs an AuthorizationServiceImpl instance
042: */
043: public AuthorizationStore() {
044: authorizationsByTargetType = new HashMap();
045: }
046:
047: /**
048: * @see org.kuali.core.service.AuthorizationService#isAuthorized(String, String, String)
049: */
050: public boolean isAuthorized(UniversalUser user, String action,
051: String targetType) {
052: if (user == null) {
053: throw new IllegalArgumentException("invalid (null) user");
054: }
055: if (StringUtils.isBlank(action)) {
056: throw new IllegalArgumentException("invalid (blank) action");
057: }
058: if (StringUtils.isBlank(targetType)) {
059: throw new IllegalArgumentException(
060: "invalid (blank) targetType");
061: }
062:
063: LOG
064: .debug("checking authorization for (user,action,targetType) = ("
065: + user.getPersonUserIdentifier()
066: + ","
067: + action
068: + "," + targetType + ")");
069:
070: boolean isAuthorized = false;
071:
072: Set authorizedGroups = authorizedGroups(action, targetType);
073: if ((authorizedGroups != null) && !authorizedGroups.isEmpty()) {
074: for (Iterator i = authorizedGroups.iterator(); !isAuthorized
075: && i.hasNext();) {
076: String group = (String) i.next();
077:
078: isAuthorized = user.isMember(group);
079: }
080: }
081:
082: LOG.debug("returning "
083: + (isAuthorized ? "isAuthorized" : "isNotAuthorized")
084: + " for (user,action,targetType) = ("
085: + user.getPersonUserIdentifier() + "," + action + ","
086: + targetType + ")");
087:
088: return isAuthorized;
089: }
090:
091: /**
092: * Add authorization for <code>{@link org.kuali.core.service.AuthorizationService}</code>
093: *
094: * @param groupName
095: * @param action
096: * @param targetType
097: *
098: * @see org.kuali.core.service.AuthorizationService
099: */
100: public void addAuthorization(String groupName, String action,
101: String targetType) {
102: if (StringUtils.isBlank(groupName)) {
103: throw new IllegalArgumentException(
104: "invalid (blank) groupName");
105: }
106: if (StringUtils.isBlank(action)) {
107: throw new IllegalArgumentException("invalid (blank) action");
108: }
109: if (StringUtils.isBlank(targetType)) {
110: throw new IllegalArgumentException(
111: "invalid (blank) targetType");
112: }
113:
114: LOG
115: .debug("adding authorization for (group,action,targetType) = ("
116: + groupName
117: + ","
118: + action
119: + ","
120: + targetType
121: + ")");
122:
123: Map authorizedActions = authorizedActions(targetType);
124: if (authorizedActions == null) {
125: authorizedActions = new HashMap();
126: }
127: Set authorizedGroups = authorizedGroups(authorizedActions,
128: targetType);
129: if (authorizedGroups == null) {
130: authorizedGroups = new HashSet();
131: }
132:
133: authorizedGroups.add(groupName);
134: authorizedActions.put(action, authorizedGroups);
135: authorizationsByTargetType.put(targetType, authorizedActions);
136: }
137:
138: /**
139: * @param action
140: * @param targetType
141: * @return possibly empty Set of groupnames of groups which are authorized to perform the given action for the given targetType
142: */
143: private Set authorizedGroups(String action, String targetType) {
144: Set groupnameSet = null;
145:
146: Map actionMap = (Map) authorizationsByTargetType
147: .get(targetType);
148: if (actionMap != null) {
149: groupnameSet = (Set) actionMap.get(action);
150: }
151:
152: return groupnameSet;
153: }
154:
155: /**
156: * @param authorizedActions
157: * @param action
158: * @return possibly empty Set of groupnames of groups which are authorized to perform the given action from the given map of
159: * actions
160: */
161: public Set authorizedGroups(Map authorizedActions, String action) {
162: Set groupnameSet = (Set) authorizedActions.get(action);
163:
164: return groupnameSet;
165: }
166:
167: /**
168: * @param targetType
169: * @return possibly empty Map of actions associated with the given targetType
170: */
171: public Map authorizedActions(String targetType) {
172: Map actionMap = (Map) authorizationsByTargetType
173: .get(targetType);
174:
175: return actionMap;
176: }
177: }
|