001: /*******************************************************************************
002: * Licensed to the Apache Software Foundation (ASF) under one
003: * or more contributor license agreements. See the NOTICE file
004: * distributed with this work for additional information
005: * regarding copyright ownership. The ASF licenses this file
006: * to you under the Apache License, Version 2.0 (the
007: * "License"); you may not use this file except in compliance
008: * with the License. You may obtain a copy of the License at
009: *
010: * http://www.apache.org/licenses/LICENSE-2.0
011: *
012: * Unless required by applicable law or agreed to in writing,
013: * software distributed under the License is distributed on an
014: * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015: * KIND, either express or implied. See the License for the
016: * specific language governing permissions and limitations
017: * under the License.
018: *******************************************************************************/package org.ofbiz.minilang.method.ifops;
019:
020: import java.util.Iterator;
021: import java.util.LinkedList;
022: import java.util.List;
023: import java.util.Map;
024:
025: import org.ofbiz.base.util.UtilProperties;
026: import org.ofbiz.base.util.UtilValidate;
027: import org.ofbiz.base.util.UtilXml;
028: import org.ofbiz.entity.GenericValue;
029: import org.ofbiz.minilang.SimpleMethod;
030: import org.ofbiz.minilang.method.ContextAccessor;
031: import org.ofbiz.minilang.method.MethodContext;
032: import org.ofbiz.minilang.method.MethodOperation;
033: import org.ofbiz.security.Security;
034: import org.w3c.dom.Element;
035:
036: /**
037: * Iff the user does not have the specified permission the fail-message
038: * or fail-property sub-elements are used to add a message to the error-list.
039: */
040: public class CheckPermission extends MethodOperation {
041:
042: String message = null;
043: String propertyResource = null;
044: boolean isProperty = false;
045:
046: /** If null no partyId env-name will be checked against the userLogin.partyId and accepted as permission */
047: ContextAccessor acceptUlPartyIdEnvNameAcsr = null;
048:
049: PermissionInfo permissionInfo;
050: ContextAccessor errorListAcsr;
051: List altPermissions = null;
052:
053: public CheckPermission(Element element, SimpleMethod simpleMethod) {
054: super (element, simpleMethod);
055: permissionInfo = new PermissionInfo(element);
056: this .errorListAcsr = new ContextAccessor(element
057: .getAttribute("error-list-name"), "error_list");
058:
059: Element acceptUserloginPartyElement = UtilXml
060: .firstChildElement(element, "accept-userlogin-party");
061: if (acceptUserloginPartyElement != null) {
062: acceptUlPartyIdEnvNameAcsr = new ContextAccessor(
063: acceptUserloginPartyElement
064: .getAttribute("party-id-env-name"),
065: "partyId");
066: }
067:
068: List altPermElements = UtilXml.childElementList(element,
069: "alt-permission");
070: Iterator apeIter = altPermElements.iterator();
071: if (apeIter.hasNext()) {
072: altPermissions = new LinkedList();
073: }
074: while (apeIter.hasNext()) {
075: Element altPermElement = (Element) apeIter.next();
076: altPermissions.add(new PermissionInfo(altPermElement));
077: }
078:
079: Element failMessage = UtilXml.firstChildElement(element,
080: "fail-message");
081: Element failProperty = UtilXml.firstChildElement(element,
082: "fail-property");
083: if (failMessage != null) {
084: this .message = failMessage.getAttribute("message");
085: this .isProperty = false;
086: } else if (failProperty != null) {
087: this .propertyResource = failProperty
088: .getAttribute("resource");
089: this .message = failProperty.getAttribute("property");
090: this .isProperty = true;
091: }
092: }
093:
094: public boolean exec(MethodContext methodContext) {
095: boolean hasPermission = false;
096:
097: List messages = (List) errorListAcsr.get(methodContext);
098: if (messages == null) {
099: messages = new LinkedList();
100: errorListAcsr.put(methodContext, messages);
101: }
102:
103: // if no user is logged in, treat as if the user does not have permission: do not run subops
104: GenericValue userLogin = methodContext.getUserLogin();
105: if (userLogin != null) {
106: Security security = methodContext.getSecurity();
107: if (this .permissionInfo.hasPermission(methodContext,
108: userLogin, security)) {
109: hasPermission = true;
110: }
111:
112: // if failed, check alternate permissions
113: if (!hasPermission && altPermissions != null) {
114: Iterator altPermIter = altPermissions.iterator();
115: while (altPermIter.hasNext()) {
116: PermissionInfo altPermInfo = (PermissionInfo) altPermIter
117: .next();
118: if (altPermInfo.hasPermission(methodContext,
119: userLogin, security)) {
120: hasPermission = true;
121: break;
122: }
123: }
124: }
125: }
126:
127: if (!hasPermission && acceptUlPartyIdEnvNameAcsr != null) {
128: String acceptPartyId = (String) acceptUlPartyIdEnvNameAcsr
129: .get(methodContext);
130: if (UtilValidate.isEmpty(acceptPartyId)) {
131: // try the parameters Map
132: Map parameters = (Map) methodContext
133: .getEnv("parameters");
134: if (parameters != null) {
135: acceptPartyId = (String) acceptUlPartyIdEnvNameAcsr
136: .get(parameters, methodContext);
137: }
138: }
139: if (UtilValidate.isNotEmpty(acceptPartyId)
140: && UtilValidate.isNotEmpty(userLogin
141: .getString("partyId"))
142: && acceptPartyId.equals(userLogin
143: .getString("partyId"))) {
144: hasPermission = true;
145: }
146: }
147:
148: if (!hasPermission) {
149: this .addMessage(messages, methodContext);
150: }
151:
152: return true;
153: }
154:
155: public void addMessage(List messages, MethodContext methodContext) {
156:
157: String message = methodContext.expandString(this .message);
158: String propertyResource = methodContext
159: .expandString(this .propertyResource);
160:
161: if (!isProperty && message != null) {
162: messages.add(message);
163: // if (Debug.infoOn()) Debug.logInfo("[SimpleMapOperation.addMessage] Adding message: " + message, module);
164: } else if (isProperty && propertyResource != null
165: && message != null) {
166: //String propMsg = UtilProperties.getPropertyValue(UtilURL.fromResource(propertyResource, loader), message);
167: String propMsg = UtilProperties.getMessage(
168: propertyResource, message, methodContext
169: .getEnvMap(), methodContext.getLocale());
170: if (propMsg == null || propMsg.length() == 0) {
171: messages
172: .add("Simple Method Permission error occurred, but no message was found, sorry.");
173: } else {
174: messages.add(methodContext.expandString(propMsg));
175: }
176: // if (Debug.infoOn()) Debug.logInfo("[SimpleMapOperation.addMessage] Adding property message: " + propMsg, module);
177: } else {
178: messages
179: .add("Simple Method Permission error occurred, but no message was found, sorry.");
180: // if (Debug.infoOn()) Debug.logInfo("[SimpleMapOperation.addMessage] ERROR: No message found", module);
181: }
182: }
183:
184: public static class PermissionInfo {
185: String permission;
186: String action;
187:
188: public PermissionInfo(Element altPermissionElement) {
189: this .permission = altPermissionElement
190: .getAttribute("permission");
191: this .action = altPermissionElement.getAttribute("action");
192: }
193:
194: public boolean hasPermission(MethodContext methodContext,
195: GenericValue userLogin, Security security) {
196: String permission = methodContext
197: .expandString(this .permission);
198: String action = methodContext.expandString(this .action);
199:
200: if (action != null && action.length() > 0) {
201: // run hasEntityPermission
202: return security.hasEntityPermission(permission, action,
203: userLogin);
204: } else {
205: // run hasPermission
206: return security.hasPermission(permission, userLogin);
207: }
208: }
209: }
210:
211: public String rawString() {
212: // TODO: add all attributes and other info
213: return "<check-permission/>";
214: }
215:
216: public String expandedString(MethodContext methodContext) {
217: // TODO: something more than a stub/dummy
218: return this.rawString();
219: }
220: }
|