Source Code Cross Referenced for AuthzShim.java in  » ERP-CRM-Financial » sakai » org » sakaiproject » metaobj » security » impl » Java Source Code / Java DocumentationJava Source Code and Java Documentation

001:        /**********************************************************************************
002:         * $URL: https://source.sakaiproject.org/svn/metaobj/tags/sakai_2-4-1/metaobj-impl/api-impl/src/java/org/sakaiproject/metaobj/security/impl/AuthzShim.java $
003:         * $Id: AuthzShim.java 14225 2006-09-05 17:39:44Z chmaurer@iupui.edu $
004:         ***********************************************************************************
005:         *
006:         * Copyright (c) 2004, 2005, 2006 The Sakai Foundation.
007:         * 
008:         * Licensed under the Educational Community License, Version 1.0 (the "License"); 
009:         * you may not use this file except in compliance with the License. 
010:         * You may obtain a copy of the License at
011:         * 
012:         *      http://www.opensource.org/licenses/ecl1.php
013:         * 
014:         * Unless required by applicable law or agreed to in writing, software 
015:         * distributed under the License is distributed on an "AS IS" BASIS, 
016:         * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
017:         * See the License for the specific language governing permissions and 
018:         * limitations under the License.
019:         *
020:         **********************************************************************************/package org.sakaiproject.metaobj.security.impl;
021:
022:        import java.util.ArrayList;
023:        import java.util.Collection;
024:        import java.util.List;
025:
026:        import org.apache.commons.logging.Log;
027:        import org.apache.commons.logging.LogFactory;
028:        import org.sakaiproject.authz.api.AuthzGroup;
029:        import org.sakaiproject.authz.api.AuthzGroupService;
030:        import org.sakaiproject.authz.api.GroupNotDefinedException;
031:        import org.sakaiproject.metaobj.security.AuthorizationFacade;
032:        import org.sakaiproject.metaobj.security.AuthorizationFailedException;
033:        import org.sakaiproject.metaobj.shared.model.Agent;
034:        import org.sakaiproject.metaobj.shared.model.Id;
035:        import org.sakaiproject.thread_local.cover.ThreadLocalManager;
036:        import org.sakaiproject.tool.cover.ToolManager;
037:        import org.sakaiproject.user.api.UserDirectoryService;
038:
039:        /**
040:         * Created by IntelliJ IDEA.
041:         * User: John Ellis
042:         * Date: Jun 30, 2005
043:         * Time: 4:57:18 PM
044:         * To change this template use File | Settings | File Templates.
045:         */
046:        public class AuthzShim implements  AuthorizationFacade {
047:            protected final transient Log logger = LogFactory
048:                    .getLog(getClass());
049:
050:            private static final String AUTHZ_GROUPS_LIST = "org.sakaiproject.metaobj.security.impl.AuthzShim.groups";
051:
052:            private AuthzGroupService realmService;
053:            private UserDirectoryService userDirectoryService;
054:
055:            public void checkPermission(String function, Id id)
056:                    throws AuthorizationFailedException {
057:                if (!isAuthorized(function, id)) {
058:                    throw new AuthorizationFailedException(function, id);
059:                }
060:            }
061:
062:            public void checkPermission(Agent agent, String function, Id id)
063:                    throws AuthorizationFailedException {
064:                if (!isAuthorized(agent, function, id)) {
065:                    throw new AuthorizationFailedException(agent, function, id);
066:                }
067:            }
068:
069:            public boolean isAuthorized(String function, Id id) {
070:                return isAuthorized(null, function, id);
071:            }
072:
073:            public boolean isAuthorized(Agent agent, String function, Id id) {
074:                String agentId = null;
075:                if (agent == null) {
076:                    agentId = getUserDirectoryService().getCurrentUser()
077:                            .getId();
078:                }
079:                if (function.equals("maintain")) {
080:                    return checkMaintain(agentId);
081:                }
082:                return getRealmService().isAllowed(agentId, function,
083:                        getCurrentRealm());
084:            }
085:
086:            protected boolean checkMaintain(String agentId) {
087:                AuthzGroup siteRealm = null;
088:                try {
089:                    siteRealm = getRealmService().getAuthzGroup(
090:                            getCurrentRealm());
091:                } catch (GroupNotDefinedException e) {
092:                    logger.warn("unkown realm", e);
093:                }
094:                String maintain = siteRealm.getMaintainRole();
095:
096:                return siteRealm.hasRole(agentId, maintain);
097:            }
098:
099:            protected String getCurrentRealm() {
100:                if (getAuthzGroupsList().size() == 0) {
101:                    return "/site/"
102:                            + ToolManager.getCurrentPlacement().getContext();
103:                } else {
104:                    return "/site/" + getAuthzGroupsList().get(0);
105:                }
106:            }
107:
108:            protected String getReference(Id id) {
109:                return null;
110:            }
111:
112:            public List getAuthorizations(Agent agent, String function, Id id) {
113:                return new ArrayList();
114:            }
115:
116:            public void createAuthorization(Agent agent, String function, Id id) {
117:            }
118:
119:            public void deleteAuthorization(Agent agent, String function, Id id) {
120:            }
121:
122:            public void deleteAuthorizations(Id qualifier) {
123:            }
124:
125:            public void pushAuthzGroups(Collection authzGroups) {
126:                List authzGroupList = getAuthzGroupsList();
127:                authzGroupList.addAll(authzGroups);
128:            }
129:
130:            public void pushAuthzGroups(String siteId) {
131:                getAuthzGroupsList().add(siteId);
132:            }
133:
134:            public AuthzGroupService getRealmService() {
135:                return realmService;
136:            }
137:
138:            public void setRealmService(AuthzGroupService realmService) {
139:                this .realmService = realmService;
140:            }
141:
142:            public UserDirectoryService getUserDirectoryService() {
143:                return userDirectoryService;
144:            }
145:
146:            public void setUserDirectoryService(
147:                    UserDirectoryService userDirectoryService) {
148:                this .userDirectoryService = userDirectoryService;
149:            }
150:
151:            protected List getAuthzGroupsList() {
152:                List returned = (List) ThreadLocalManager
153:                        .get(AUTHZ_GROUPS_LIST);
154:
155:                if (returned == null) {
156:                    returned = new ArrayList();
157:                    ThreadLocalManager.set(AUTHZ_GROUPS_LIST, returned);
158:                }
159:                return returned;
160:            }
161:
162:        }