001: /*
002: * Copyright (c) 2001 - 2005 ivata limited.
003: * All rights reserved.
004: * -----------------------------------------------------------------------------
005: * ivata groupware may be redistributed under the GNU General Public
006: * License as published by the Free Software Foundation;
007: * version 2 of the License.
008: *
009: * These programs are free software; you can redistribute them and/or
010: * modify them under the terms of the GNU General Public License
011: * as published by the Free Software Foundation; version 2 of the License.
012: *
013: * These programs are distributed in the hope that they will be useful,
014: * but WITHOUT ANY WARRANTY; without even the implied warranty of
015: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
016: *
017: * See the GNU General Public License in the file LICENSE.txt for more
018: * details.
019: *
020: * If you would like a copy of the GNU General Public License write to
021: *
022: * Free Software Foundation, Inc.
023: * 59 Temple Place - Suite 330
024: * Boston, MA 02111-1307, USA.
025: *
026: *
027: * To arrange commercial support and licensing, contact ivata at
028: * http://www.ivata.com/contact.jsp
029: * -----------------------------------------------------------------------------
030: * $Log: SecurityRightsImpl.java,v $
031: * Revision 1.2 2005/04/09 17:19:04 colinmacleod
032: * Changed copyright text to GPL v2 explicitly.
033: *
034: * Revision 1.1.1.1 2005/03/10 17:50:44 colinmacleod
035: * Restructured ivata op around Hibernate/PicoContainer.
036: * Renamed ivata groupware.
037: *
038: * Revision 1.3 2004/11/12 18:17:09 colinmacleod
039: * Ordered imports.
040: *
041: * Revision 1.2 2004/11/12 15:56:45 colinmacleod
042: * Removed dependencies on SSLEXT.
043: * Moved Persistence classes to ivata masks.
044: *
045: * Revision 1.1 2004/07/13 19:41:11 colinmacleod
046: * Moved project to POJOs from EJBs.
047: * Applied PicoContainer to services layer (replacing session EJBs).
048: * Applied Hibernate to persistence layer (replacing entity EJBs).
049: * -----------------------------------------------------------------------------
050: */
051: package com.ivata.groupware.admin.security.right;
052:
053: import com.ivata.groupware.admin.security.server.SecuritySession;
054: import com.ivata.groupware.business.BusinessLogic;
055: import com.ivata.groupware.business.addressbook.person.group.right.RightConstants;
056: import com.ivata.groupware.container.persistence.QueryPersistenceManager;
057: import com.ivata.mask.util.SystemException;
058:
059: /**
060: * <p>Security rights determine what each user can and cannot do within the
061: * security subsystem. If you need to know where a user has sufficient rights
062: * to add, change or remove another user, then this is the class to tell you.</p>
063: *
064: *
065: * @since 2002-09-08
066: * @author Colin MacLeod
067: * <a href='mailto:colin.macleod@ivata.com'>colin.macleod@ivata.com</a>
068: * @version $Revision: 1.2 $
069: */
070: public class SecurityRightsImpl extends BusinessLogic implements
071: SecurityRights {
072: /**
073: * Persistence manger used to store/retrieve data objects.
074: */
075: private QueryPersistenceManager persistenceManager;
076:
077: /**
078: * Construct a new address book rights instance.
079: *
080: * @param persistenceManager used to store objects in db.
081: */
082: public SecurityRightsImpl(QueryPersistenceManager persistenceManager) {
083: this .persistenceManager = persistenceManager;
084: }
085:
086: /**
087: * <p>See if a user has sufficient rights to add user to the system - it's meen to everyOne group.</p>
088: *
089: * @param userName the user who wants to add another user.
090: * @param personId the unique identifier of the person who will be added.
091: * @return <code>true</code> if this action is authorized by the system,
092: * otherwise <code>false</code>.
093: *
094: * @ejb.interface-method
095: * view-type = "both"
096: */
097: public boolean canAddUser(final SecuritySession securitySession)
098: throws SystemException {
099: return canUser(securitySession, RightConstants.ACCESS_ADD);
100: }
101:
102: /**
103: * <p>See if a user has sufficient rights to amend user in the
104: * system - it's meen in everyone group.</p>
105: *
106: * @param userName the user who wants to add another user.
107: * @param userNameAmend the user who should be amended.
108: * @return <code>true</code> if this action is authorized by the system,
109: * otherwise <code>false</code>.
110: *
111: * @ejb.interface-method
112: * view-type = "both"
113: */
114: public boolean canAmendUser(final SecuritySession securitySession)
115: throws SystemException {
116: return canUser(securitySession, RightConstants.ACCESS_AMEND);
117: }
118:
119: /**
120: * <p>See if a user has sufficient rights to remove user from the
121: * system - it's meen from everone group.</p>
122: *
123: * @param userName the user who wants to add another user.
124: * @param userNameRemove the user who should be removed.
125: * @return <code>true</code> if this action is authorized by the system,
126: * otherwise <code>false</code>.
127: *
128: * @ejb.interface-method
129: * view-type = "both"
130: */
131: public boolean canRemoveUser(final SecuritySession securitySession)
132: throws SystemException {
133: return canUser(securitySession, RightConstants.ACCESS_REMOVE);
134: }
135:
136: /**
137: * <p>Internal helper method. Find out if a user is allowed to access
138: * entries in a given group.</p>
139: *
140: * @param userName the name of the user to check the user rights for.
141: * @param groupId the unique identifier of the group to check.
142: * @param access the access level as defined in {@link
143: * com.ivata.groupware.security.person.group.right.RightConstants
144: * RightConstants}.
145: * @return <code>true</code> if the user is entitled to access entries in the
146: * group, otherwise <code>false</code>.
147: */
148: public boolean canUser(final SecuritySession securitySession,
149: final Integer access) throws SystemException {
150: // for now, everyone can do everything!
151: return true;
152: /* TODO:
153: PersistenceSession persistenceSession =
154: persistenceManager.openSession(securitySession);
155: // see if we're allowed to insert this group into the parent
156: try {
157: Collection tmp = persistenceManager.find(persistenceSession,
158: "rightByUserNameAccessDetailTargetId",
159: new Object [] {
160: securitySession.getUser().getName(),
161: access,
162: RightConstants.DETAIL_PERSON_GROUP_MEMBER,
163: GroupConstants.USER_GROUP
164: });
165: if (tmp.size() == 0) {
166: return false;
167: }
168: } catch (FinderException e) {
169: // oops
170: return false;
171: } catch (Exception e) {
172: persistenceSession.cancel();
173: throw new SystemException(e);
174: } finally {
175: persistenceSession.close();
176: }
177: // only return true if we get this far :- )
178: return true;
179: */
180: }
181: }
|