001: //$HeadURL: https://svn.wald.intevation.org/svn/deegree/base/trunk/src/org/deegree/security/drm/model/Role.java $
002: /*---------------- FILE HEADER ------------------------------------------
003:
004: This file is part of deegree.
005: Copyright (C) 2001-2008 by:
006: EXSE, Department of Geography, University of Bonn
007: http://www.giub.uni-bonn.de/deegree/
008: lat/lon GmbH
009: http://www.lat-lon.de
010:
011: This library is free software; you can redistribute it and/or
012: modify it under the terms of the GNU Lesser General Public
013: License as published by the Free Software Foundation; either
014: version 2.1 of the License, or (at your option) any later version.
015:
016: This library is distributed in the hope that it will be useful,
017: but WITHOUT ANY WARRANTY; without even the implied warranty of
018: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
019: Lesser General Public License for more details.
020:
021: You should have received a copy of the GNU Lesser General Public
022: License along with this library; if not, write to the Free Software
023: Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
024:
025: Contact:
026:
027: Andreas Poth
028: lat/lon GmbH
029: Aennchenstr. 19
030: 53115 Bonn
031: Germany
032: E-Mail: poth@lat-lon.de
033:
034: Prof. Dr. Klaus Greve
035: Department of Geography
036: University of Bonn
037: Meckenheimer Allee 166
038: 53115 Bonn
039: Germany
040: E-Mail: greve@giub.uni-bonn.de
041:
042: ---------------------------------------------------------------------------*/
043: package org.deegree.security.drm.model;
044:
045: import java.util.HashSet;
046: import java.util.Set;
047: import java.util.Stack;
048:
049: import org.deegree.model.feature.Feature;
050: import org.deegree.security.GeneralSecurityException;
051: import org.deegree.security.drm.SecurityAccess;
052: import org.deegree.security.drm.SecurityRegistry;
053:
054: /**
055: * Implementation of role-objects. <code>Role</code> s define the
056: * <code>Privilege</code> of <code>User</code> s and <code>Groups</code>
057: * and their <code>Rights</code> on <code>SecurableObjects</code>.
058: *
059: * @author <a href="mailto:mschneider@lat-lon.de">Markus Schneider </a>
060: * @version $Revision: 9346 $
061: */
062: public class Role extends SecurableObject {
063:
064: public final static int ID_SEC_ADMIN = 3;
065:
066: /**
067: * Creates a new <code>Role</code> -instance.
068: *
069: * @param id
070: * @param name
071: * @param registry
072: */
073: public Role(int id, String name, SecurityRegistry registry) {
074: this .id = id;
075: this .name = name;
076: this .title = name;
077: this .registry = registry;
078: }
079:
080: /**
081: * Returns the <code>Group</code> s that are associated with this role
082: * DIRECTLY, i.e. not via membership in other roles.
083: *
084: * @param securityAccess
085: * @throws GeneralSecurityException
086: */
087: public Group[] getGroups(SecurityAccess securityAccess)
088: throws GeneralSecurityException {
089: return registry.getGroupsWithRole(securityAccess, this );
090: }
091:
092: /**
093: * Returns the <code>User</code> s that are associated with this role
094: * DIRECTLY, i.e. not via group membership.
095: *
096: * @param securityAccess
097: * @throws GeneralSecurityException
098: */
099: public User[] getUsers(SecurityAccess securityAccess)
100: throws GeneralSecurityException {
101: return registry.getUsersWithRole(securityAccess, this );
102: }
103:
104: /**
105: * Returns the <code>User</code> s that are associated with this role
106: * either directly or via group membership.
107: *
108: * @param securityAccess
109: * @throws GeneralSecurityException
110: */
111: public User[] getAllUsers(SecurityAccess securityAccess)
112: throws GeneralSecurityException {
113: Set<User> allUsers = new HashSet<User>();
114:
115: // directly associated users
116: User[] directUsers = registry.getUsersWithRole(securityAccess,
117: this );
118: for (int i = 0; i < directUsers.length; i++) {
119: allUsers.add(directUsers[i]);
120: }
121:
122: // traverse group hierarchy and add users
123: Group[] groups = registry.getGroupsWithRole(securityAccess,
124: this );
125: Stack<Group> groupsStack = new Stack<Group>();
126: for (int i = 0; i < groups.length; i++) {
127: groupsStack.push(groups[i]);
128: }
129: while (!groupsStack.isEmpty()) {
130: Group group = groupsStack.pop();
131: Group[] children = group.getGroups(securityAccess);
132: for (int i = 0; i < children.length; i++) {
133: groupsStack.push(children[i]);
134: }
135: User[] users = group.getUsers(securityAccess);
136: for (int i = 0; i < users.length; i++) {
137: allUsers.add(users[i]);
138: }
139: }
140:
141: return allUsers.toArray(new User[allUsers.size()]);
142: }
143:
144: /**
145: * Returns the <code>Privilege</code> s that this role has.
146: *
147: * @param securityAccess
148: */
149: public Privilege[] getPrivileges(SecurityAccess securityAccess)
150: throws GeneralSecurityException {
151: return registry.getPrivilegesForRole(securityAccess, this );
152: }
153:
154: /**
155: * Returns the rights that this role defines concerning the given
156: * <code>SecurableObject</code>.
157: *
158: * @param securityAccess
159: */
160: public RightSet getRights(SecurityAccess securityAccess,
161: SecurableObject object) throws GeneralSecurityException {
162: return new RightSet(registry.getRights(securityAccess, object,
163: this ));
164: }
165:
166: /**
167: * Returns whether the <code>Role</code> has a certain <code>Right</code>
168: * on a <code>SecurableObject</code> (directly or via group
169: * memberships).
170: */
171: public boolean hasRight(SecurityAccess securityAccess,
172: RightType type, Feature accessParams, SecurableObject object)
173: throws GeneralSecurityException {
174: return getRights(securityAccess, object).applies(object, type,
175: accessParams);
176: }
177:
178: /**
179: * Returns whether the <code>Role</code> has a certain <code>Right</code>
180: * on a <code>SecurableObject</code>.
181: */
182: public boolean hasRight(SecurityAccess securityAccess,
183: RightType type, SecurableObject object)
184: throws GeneralSecurityException {
185: return getRights(securityAccess, object).applies(object, type);
186: }
187:
188: /**
189: * Returns whether the <code>Role</code> has a certain right on a
190: * <code>SecurableObject</code>.
191: */
192: public boolean hasRight(SecurityAccess securityAccess, String s,
193: SecurableObject object) throws GeneralSecurityException {
194: RightType right = registry
195: .getRightTypeByName(securityAccess, s);
196: return hasRight(securityAccess, right, object);
197: }
198:
199: /**
200: * Returns whether the <code>Role</code> has a certain
201: * <code>Privilege</code>.
202: *
203: * @param privilege
204: */
205: public boolean hasPrivilege(SecurityAccess securityAccess,
206: Privilege privilege) throws GeneralSecurityException {
207: Privilege[] privileges = getPrivileges(securityAccess);
208: for (int i = 0; i < privileges.length; i++) {
209: if (privileges[i].equals(privilege)) {
210: return true;
211: }
212: }
213: return false;
214: }
215:
216: /**
217: * Returns whether the <code>Role</code> has a certain privilege.
218: *
219: * @param s
220: */
221: public boolean hasPrivilege(SecurityAccess securityAccess, String s)
222: throws GeneralSecurityException {
223: Privilege privilege = registry.getPrivilegeByName(
224: securityAccess, s);
225: return hasPrivilege(securityAccess, privilege);
226: }
227:
228: /**
229: * Returns a <code>String</code> representation of this object.
230: *
231: * @param securityAccess
232: */
233: public String toString(SecurityAccess securityAccess) {
234: StringBuffer sb = new StringBuffer("Name: ").append(name);
235:
236: try {
237: sb.append(", Users: [");
238: User[] users = getUsers(securityAccess);
239: for (int i = 0; i < users.length; i++) {
240: sb.append(users[i].getName());
241: if (i != users.length - 1) {
242: sb.append(", ");
243: }
244: }
245: sb.append("]");
246:
247: sb.append(", Groups: [");
248: Group[] groups = getGroups(securityAccess);
249: for (int i = 0; i < groups.length; i++) {
250: sb.append(groups[i].getName());
251: if (i != groups.length - 1) {
252: sb.append(", ");
253: }
254: }
255: sb.append("]");
256: } catch (GeneralSecurityException e) {
257: e.printStackTrace();
258: }
259: return sb.toString();
260: }
261: }
|