001: /*******************************************************************************
002: * Licensed to the Apache Software Foundation (ASF) under one
003: * or more contributor license agreements. See the NOTICE file
004: * distributed with this work for additional information
005: * regarding copyright ownership. The ASF licenses this file
006: * to you under the Apache License, Version 2.0 (the
007: * "License"); you may not use this file except in compliance
008: * with the License. You may obtain a copy of the License at
009: *
010: * http://www.apache.org/licenses/LICENSE-2.0
011: *
012: * Unless required by applicable law or agreed to in writing,
013: * software distributed under the License is distributed on an
014: * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015: * KIND, either express or implied. See the License for the
016: * specific language governing permissions and limitations
017: * under the License.
018: *******************************************************************************/package org.ofbiz.security;
019:
020: import java.util.Iterator;
021: import java.util.List;
022:
023: import javax.servlet.http.HttpSession;
024:
025: import org.ofbiz.base.util.cache.UtilCache;
026: import org.ofbiz.entity.GenericDelegator;
027: import org.ofbiz.entity.GenericValue;
028:
029: /**
030: * Security handler: This class is an abstract implementation for all commononly used security aspects.
031: */
032: public abstract class Security {
033:
034: /**
035: * UtilCache to cache a Collection of UserLoginSecurityGroup entities for each UserLogin, by userLoginId.
036: */
037: public static UtilCache userLoginSecurityGroupByUserLoginId = new UtilCache(
038: "security.UserLoginSecurityGroupByUserLoginId");
039:
040: /**
041: * UtilCache to cache whether or not a certain SecurityGroupPermission row exists or not.
042: * For each SecurityGroupPermissionPK there is a Boolean in the cache specifying whether or not it exists.
043: * In this way the cache speeds things up whether or not the user has a permission.
044: */
045: public static UtilCache securityGroupPermissionCache = new UtilCache(
046: "security.SecurityGroupPermissionCache");
047:
048: GenericDelegator delegator = null;
049:
050: public GenericDelegator getDelegator() {
051: return delegator;
052: }
053:
054: public void setDelegator(GenericDelegator delegator) {
055: this .delegator = delegator;
056: }
057:
058: /**
059: * Uses userLoginSecurityGroupByUserLoginId cache to speed up the finding of the userLogin's security group list.
060: *
061: * @param userLoginId The userLoginId to find security groups by
062: * @return An iterator made from the Collection either cached or retrieved from the database through the
063: * UserLoginSecurityGroup Delegator.
064: */
065: public abstract Iterator findUserLoginSecurityGroupByUserLoginId(
066: String userLoginId);
067:
068: /**
069: * Finds whether or not a SecurityGroupPermission row exists given a groupId and permission.
070: * Uses the securityGroupPermissionCache to speed this up.
071: * The groupId,permission pair is cached instead of the userLoginId,permission pair to keep the cache small and to
072: * make it more changeable.
073: *
074: * @param groupId The ID of the group
075: * @param permission The name of the permission
076: * @return boolean specifying whether or not a SecurityGroupPermission row exists
077: */
078: public abstract boolean securityGroupPermissionExists(
079: String groupId, String permission);
080:
081: /**
082: * Checks to see if the currently logged in userLogin has the passed permission.
083: *
084: * @param permission Name of the permission to check.
085: * @param session The current HTTP session, contains the logged in userLogin as an attribute.
086: * @return Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
087: */
088: public abstract boolean hasPermission(String permission,
089: HttpSession session);
090:
091: /**
092: * Checks to see if the userLogin has the passed permission.
093: *
094: * @param permission Name of the permission to check.
095: * @param userLogin The userLogin object for user to check against.
096: * @return Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
097: */
098: public abstract boolean hasPermission(String permission,
099: GenericValue userLogin);
100:
101: /**
102: * Like hasPermission above, except it has functionality specific to Entity permissions. Checks the entity for the
103: * specified action, as well as for "_ADMIN" to allow for simplified general administration permission.
104: *
105: * @param entity The name of the Entity corresponding to the desired permission.
106: * @param action The action on the Entity corresponding to the desired permission.
107: * @param session The current HTTP session, contains the logged in userLogin as an attribute.
108: * @return Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
109: */
110: public abstract boolean hasEntityPermission(String entity,
111: String action, HttpSession session);
112:
113: /**
114: * Like hasPermission above, except it has functionality specific to Entity permissions. Checks the entity for the
115: * specified action, as well as for "_ADMIN" to allow for simplified general administration permission.
116: *
117: * @param entity The name of the Entity corresponding to the desired permission.
118: * @param action The action on the Entity corresponding to the desired permission.
119: * @param userLogin The userLogin object for user to check against.
120: * @return Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
121: */
122: public abstract boolean hasEntityPermission(String entity,
123: String action, GenericValue userLogin);
124:
125: /**
126: * Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified
127: * general administration permission, but also checks action_ROLE and validates the user is a member for the
128: * application.
129: *
130: * @param application The name of the application corresponding to the desired permission.
131: * @param action The action on the application corresponding to the desired permission.
132: * @param primaryKey The primary key for the role check.
133: * @param role The roleTypeId which the user must validate with.
134: * @param session The current HTTP session, contains the logged in userLogin as an attribute.
135: * @return Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
136: */
137: public abstract boolean hasRolePermission(String application,
138: String action, String primaryKey, String role,
139: HttpSession session);
140:
141: /**
142: * Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified
143: * general administration permission, but also checks action_ROLE and validates the user is a member for the
144: * application.
145: *
146: * @param application The name of the application corresponding to the desired permission.
147: * @param action The action on the application corresponding to the desired permission.
148: * @param primaryKey The primary key for the role check.
149: * @param role The roleTypeId which the user must validate with.
150: * @param userLogin The userLogin object for user to check against.
151: * @return Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
152: */
153: public abstract boolean hasRolePermission(String application,
154: String action, String primaryKey, String role,
155: GenericValue userLogin);
156:
157: /**
158: * Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified
159: * general administration permission, but also checks action_ROLE and validates the user is a member for the
160: * application.
161: *
162: * @param application The name of the application corresponding to the desired permission.
163: * @param action The action on the application corresponding to the desired permission.
164: * @param primaryKey The primary key for the role check.
165: * @param roles List of roleTypeId of which the user must validate with (ORed).
166: * @param userLogin The userLogin object for user to check against.
167: * @return Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
168: */
169: public abstract boolean hasRolePermission(String application,
170: String action, String primaryKey, List roles,
171: GenericValue userLogin);
172:
173: /**
174: * Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified
175: * general administration permission, but also checks action_ROLE and validates the user is a member for the
176: * application.
177: *
178: * @param application The name of the application corresponding to the desired permission.
179: * @param action The action on the application corresponding to the desired permission.
180: * @param primaryKey The primary key for the role check.
181: * @param roles List of roleTypeId of which the user must validate with (ORed).
182: * @param session The current HTTP session, contains the logged in userLogin as an attribute.
183: * @return Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
184: */
185: public abstract boolean hasRolePermission(String application,
186: String action, String primaryKey, List roles,
187: HttpSession session);
188:
189: }
|