001: /*
002: * Copyright (c) 2001 - 2005 ivata limited.
003: * All rights reserved.
004: * -----------------------------------------------------------------------------
005: * ivata groupware may be redistributed under the GNU General Public
006: * License as published by the Free Software Foundation;
007: * version 2 of the License.
008: *
009: * These programs are free software; you can redistribute them and/or
010: * modify them under the terms of the GNU General Public License
011: * as published by the Free Software Foundation; version 2 of the License.
012: *
013: * These programs are distributed in the hope that they will be useful,
014: * but WITHOUT ANY WARRANTY; without even the implied warranty of
015: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
016: *
017: * See the GNU General Public License in the file LICENSE.txt for more
018: * details.
019: *
020: * If you would like a copy of the GNU General Public License write to
021: *
022: * Free Software Foundation, Inc.
023: * 59 Temple Place - Suite 330
024: * Boston, MA 02111-1307, USA.
025: *
026: *
027: * To arrange commercial support and licensing, contact ivata at
028: * http://www.ivata.com/contact.jsp
029: * -----------------------------------------------------------------------------
030: * $Log: AddressBookRightsImpl.java,v $
031: * Revision 1.5 2005/04/29 02:48:13 colinmacleod
032: * Data bugfixes.
033: * Changed primary key back to Integer.
034: *
035: * Revision 1.4 2005/04/28 18:47:10 colinmacleod
036: * Fixed XHMTL, styles and resin compatibility.
037: * Added support for URL rewriting.
038: *
039: * Revision 1.3 2005/04/10 20:09:38 colinmacleod
040: * Added new themes.
041: * Changed id type to String.
042: * Changed i tag to em and b tag to strong.
043: * Improved PicoContainerFactory with NanoContainer scripts.
044: *
045: * Revision 1.2 2005/04/09 17:19:08 colinmacleod
046: * Changed copyright text to GPL v2 explicitly.
047: *
048: * Revision 1.1.1.1 2005/03/10 17:50:22 colinmacleod
049: * Restructured ivata op around Hibernate/PicoContainer.
050: * Renamed ivata groupware.
051: *
052: * Revision 1.4 2004/11/12 18:17:10 colinmacleod
053: * Ordered imports.
054: *
055: * Revision 1.3 2004/11/12 15:57:06 colinmacleod
056: * Removed dependencies on SSLEXT.
057: * Moved Persistence classes to ivata masks.
058: *
059: * Revision 1.2 2004/11/03 15:34:42 colinmacleod
060: * Changed todo comments to all caps.
061: *
062: * Revision 1.1 2004/07/13 19:41:14 colinmacleod
063: * Moved project to POJOs from EJBs.
064: * Applied PicoContainer to services layer (replacing session EJBs).
065: * Applied Hibernate to persistence layer (replacing entity EJBs).
066: * -----------------------------------------------------------------------------
067: */
068: package com.ivata.groupware.business.addressbook.right;
069:
070: import java.util.Collection;
071: import java.util.Iterator;
072: import java.util.List;
073: import java.util.Vector;
074:
075: import com.ivata.groupware.admin.security.server.SecuritySession;
076: import com.ivata.groupware.business.BusinessLogic;
077: import com.ivata.groupware.business.addressbook.person.PersonDO;
078: import com.ivata.groupware.business.addressbook.person.employee.EmployeeDO;
079: import com.ivata.groupware.business.addressbook.person.group.GroupConstants;
080: import com.ivata.groupware.business.addressbook.person.group.GroupDO;
081: import com.ivata.groupware.business.addressbook.person.group.right.RightConstants;
082: import com.ivata.groupware.business.addressbook.person.group.right.RightDO;
083: import com.ivata.groupware.business.addressbook.person.group.right.detail.RightDetailDO;
084: import com.ivata.groupware.container.persistence.QueryPersistenceManager;
085: import com.ivata.mask.persistence.PersistenceSession;
086: import com.ivata.mask.util.SystemException;
087:
088: /**
089: * <p>Address book rights determine what each user can and cannot do within the
090: * address book subsystem.</p>
091: *
092: * @since 2002-07-22
093: * @author Colin MacLeod
094: * <a href='mailto:colin.macleod@ivata.com'>colin.macleod@ivata.com</a>
095: * @version $Revision: 1.5 $
096: */
097: public class AddressBookRightsImpl extends BusinessLogic implements
098: AddressBookRights {
099: /**
100: * Persistence manger used to store/retrieve data objects.
101: */
102: private QueryPersistenceManager persistenceManager;
103:
104: /**
105: * Construct a new address book rights instance.
106: *
107: * @param persistenceManager used to store objects in db.
108: */
109: public AddressBookRightsImpl(
110: QueryPersistenceManager persistenceManager) {
111: this .persistenceManager = persistenceManager;
112: }
113:
114: /**
115: * <p>Change user rights for group.</p>
116: *
117: * @param id of group
118: * @param rights collection of group ids which will have ACCESS right to that group
119: * @param set to one of the <code>ACCESS_...</code> constants in <code>RightConstants</code>.
120: */
121: public void amendRightsForGroup(
122: final SecuritySession securitySession, final GroupDO group,
123: final Collection rights, final Integer access)
124: throws SystemException {
125: PersistenceSession persistenceSession = persistenceManager
126: .openSession(securitySession);
127:
128: try {
129: // find detail for group rights
130: RightDetailDO rightDetail = (RightDetailDO) persistenceManager
131: .findByPrimaryKey(persistenceSession,
132: RightDetailDO.class,
133: RightConstants.DETAIL_PERSON_GROUP_MEMBER);
134:
135: // I am only working with groupIds which user can view.
136: Collection groupIdsCanViewByUser = persistenceManager
137: .find(
138: persistenceSession,
139: "rightByUserNameAccessDetail",
140: new Object[] {
141: securitySession.getUser().getName(),
142: RightConstants.ACCESS_VIEW,
143: RightConstants.DETAIL_PERSON_GROUP_MEMBER });
144: // find rights for GROUP with access level specified
145: List tmp = persistenceManager.find(persistenceSession,
146: "rightByUserNameAccessDetailTargetId",
147: new Object[] { securitySession.getUser().getName(),
148: access,
149: RightConstants.DETAIL_PERSON_GROUP_MEMBER,
150: group.getId() });
151:
152: // go thro' and remove the ones which are there already
153: for (int i = 0; i < tmp.size(); i++) {
154: RightDO right = (RightDO) tmp.get(i);
155: Integer groupId = right.getGroup().getId();
156:
157: if (groupIdsCanViewByUser.contains(groupId)) {
158: if (rights.contains(groupId)) {
159: rights.remove(groupId);
160: } else if (!GroupConstants.equals(groupId,
161: GroupConstants.GROUP_ADMINISTRATOR)) {
162: persistenceManager.remove(persistenceSession,
163: right);
164: }
165: }
166: }
167:
168: // if you have right to add, amend or remove, so you have right to view
169: // -> check if you have view right, if not -> create
170: Collection viewRights = null;
171: if (!RightConstants.ACCESS_VIEW.equals(access)) {
172: viewRights = persistenceManager
173: .find(
174: persistenceSession,
175: "rightByAccessDetailTargetId",
176: new Object[] {
177: RightConstants.ACCESS_VIEW,
178: RightConstants.DETAIL_PERSON_GROUP_MEMBER,
179: group.getId() });
180: }
181:
182: for (Iterator i = rights.iterator(); i.hasNext();) {
183: Integer groupId = (Integer) i.next();
184: GroupDO this Group = (GroupDO) persistenceManager
185: .findByPrimaryKey(persistenceSession,
186: GroupDO.class, groupId);
187:
188: RightDO right = new RightDO();
189: right.setAccess(access);
190: right.setDetail(rightDetail);
191: right.setGroup(this Group);
192: right.setTargetId(group.getId());
193: persistenceManager.add(persistenceSession, right);
194:
195: // if any of the other rights apply, the view right automatically
196: // does too
197: if (!RightConstants.ACCESS_VIEW.equals(access)
198: && !viewRights.contains(groupId)) {
199: RightDO viewRight = new RightDO();
200: viewRight.setAccess(RightConstants.ACCESS_VIEW);
201: viewRight.setDetail(rightDetail);
202: viewRight.setGroup(this Group);
203: viewRight.setTargetId(group.getId());
204: persistenceManager.add(persistenceSession,
205: viewRight);
206: }
207: }
208: } catch (Exception e) {
209: persistenceSession.cancel();
210: throw new SystemException(e);
211: } finally {
212: persistenceSession.close();
213: }
214: }
215:
216: /**
217: * <p>TODO: add a comment here.</p>
218: */
219: public boolean canAddEmployeeToPerson(
220: final SecuritySession securitySession, final PersonDO person)
221: throws SystemException {
222: return true;
223: }
224:
225: /**
226: * <p>Find out if a used is allowed to add entries to a given group.</p>
227: *
228: * @param userName the name of the user to check the user rights for.
229: * @param groupId the unique identifier of the group to check.
230: * @return <code>true</code> if the user is entitled to add to the group,
231: * otherwise <code>false</code>.
232: */
233: public boolean canAddToGroup(final SecuritySession securitySession,
234: final GroupDO group) throws SystemException {
235: if (didUserCreateGroup(securitySession, group)) {
236: return true;
237: } else {
238: return canUser(securitySession, group,
239: RightConstants.ACCESS_ADD);
240: }
241: }
242:
243: /**
244: * <p>TODO: add a comment here.</p>
245: */
246: public boolean canAmendEmployee(
247: final SecuritySession securitySession,
248: final EmployeeDO employeeDO) throws SystemException {
249: // TODO:
250: return true;
251: }
252:
253: /**
254: * <p>Find out if a used is allowed to amend entries in a given group.</p>
255: *
256: * @param userName the name of the user to check the user rights for.
257: * @param groupId the unique identifier of the group to check.
258: * @return <code>true</code> if the user is entitled to amend entries in the
259: * group, otherwise <code>false</code>.
260: */
261: public boolean canAmendInGroup(
262: final SecuritySession securitySession, final GroupDO group)
263: throws SystemException {
264: if (didUserCreateGroup(securitySession, group)) {
265: return true;
266: } else {
267: return canUser(securitySession, group,
268: RightConstants.ACCESS_AMEND);
269: }
270: }
271:
272: /**
273: * <p>TODO: add a comment here.</p>
274: */
275: public boolean canRemoveEmployee(
276: final SecuritySession securitySession,
277: final EmployeeDO employeeDO) throws SystemException {
278: // TODO:
279: return true;
280: }
281:
282: /**
283: * <p>Find out if a used is allowed to remove entries from a given group.</p>
284: *
285: * @param userName the name of the user to check the user rights for.
286: * @param groupId the unique identifier of the group to check.
287: * @return <code>true</code> if the user is entitled to remove from the
288: * group, otherwise <code>false</code>.
289: */
290: public boolean canRemoveFromGroup(
291: final SecuritySession securitySession, final GroupDO group)
292: throws SystemException {
293: if (didUserCreateGroup(securitySession, group)) {
294: return true;
295: } else {
296: return canUser(securitySession, group,
297: RightConstants.ACCESS_REMOVE);
298: }
299: }
300:
301: /**
302: * <p>Internal helper method. Find out if a user is allowed to access
303: * entries in a given group.</p>
304: *
305: * @param userName the name of the user to check the user rights for.
306: * @param groupId the unique identifier of the group to check.
307: * @param access the access level as defined in {@link
308: * com.ivata.groupware.business.addressbook.person.group.right.RightConstants
309: * RightConstants}.
310: * @return <code>true</code> if the user is entitled to access entries in the
311: * group, otherwise <code>false</code>.
312: */
313: public boolean canUser(final SecuritySession securitySession,
314: final GroupDO group, final Integer access)
315: throws SystemException {
316: // for now, everyone else can do pretty much everything :-)
317: // only private address books are sacred
318: GroupDO addressBook = group.getAddressBook();
319: // is this a parent address book? if so, only return true if this
320: // is the address book of the current user
321: if (GroupConstants.equals(addressBook.getParent().getId(),
322: GroupConstants.ADDRESS_BOOK_PRIVATE)) {
323: return addressBook.getName().equals(
324: securitySession.getUser().getName());
325: }
326: return true;
327: }
328:
329: /**
330: * <p>Did user created this group?</p>
331: * @param userName
332: * @param groupId
333: * @return
334: */
335: private boolean didUserCreateGroup(
336: final SecuritySession securitySession, final GroupDO group)
337: throws SystemException {
338: return securitySession.getUser().equals(group.getCreatedBy());
339: }
340:
341: /**
342: * <p>Find the unique identifiers of all addressBooks which can be accessed by the
343: * group specified, with the access level given.</p>
344: *
345: * @param groupId unique identifier of the group for which to search for
346: * other groups.
347: * @param access the access level as defined in {@link
348: * com.ivata.groupware.business.addressbook.person.group.right.RightConstants
349: * RightConstants}.
350: * @return a <code>Collection</code> of <code>Integer</code> instances,
351: * matching all groups which can be access with this level of access
352: * by the group specified.
353: */
354: public Collection findAddressBooksByGroupAccess(
355: final SecuritySession securitySession, final GroupDO group,
356: final Integer access) throws SystemException {
357: Vector groups = new Vector();
358: PersistenceSession persistenceSession = persistenceManager
359: .openSession(securitySession);
360:
361: try {
362: // find all the ids, but take only public addressBooks
363: Collection groupIds = persistenceManager
364: .find(
365: persistenceSession,
366: "rightByGroupIdAccessDetail",
367: new Object[] {
368: group.getId(),
369: RightConstants.ACCESS_VIEW,
370: RightConstants.DETAIL_PERSON_GROUP_MEMBER });
371: for (Iterator i = groupIds.iterator(); i.hasNext();) {
372: RightDO right = (RightDO) i.next();
373:
374: GroupDO tmpGroup = (GroupDO) persistenceManager
375: .findByPrimaryKey(persistenceSession,
376: GroupDO.class, right.getTargetId());
377: if (GroupConstants.equals(tmpGroup.getParent().getId(),
378: GroupConstants.ADDRESS_BOOK_PUBLIC)) {
379: groups.add(tmpGroup);
380: }
381: }
382: } catch (Exception e) {
383: persistenceSession.cancel();
384: throw new SystemException(e);
385: } finally {
386: persistenceSession.close();
387: }
388:
389: return groups;
390: }
391:
392: /**
393: * <p>Find groups which have <code>access</code> to group.
394: * Return only those groups which can be see by that user.</p>
395: *
396: * @param userName user which is trying find rights
397: * @param id of group which we are interesting
398: * @param access find rights with this access
399: * @return Collection of IDS of groups which have <code>access</code> to that group
400: */
401: public Collection findRightsForGroup(
402: final SecuritySession securitySession, final GroupDO group,
403: final Integer access) throws SystemException {
404: PersistenceSession persistenceSession = persistenceManager
405: .openSession(securitySession);
406:
407: try {
408: // I will send only groupIds which user can view, no more.
409: Collection groupIdsCanViewByUser = persistenceManager
410: .find(
411: persistenceSession,
412: "rightByUserNameAccessDetail",
413: new Object[] {
414: securitySession.getUser().getName(),
415: RightConstants.ACCESS_VIEW,
416: RightConstants.DETAIL_PERSON_GROUP_MEMBER });
417:
418: // find rights for GROUP
419: List tmp = persistenceManager.find(persistenceSession,
420: "rightByUserNameAccessDetailTargetId",
421: new Object[] { securitySession.getUser().getName(),
422: access,
423: RightConstants.DETAIL_PERSON_GROUP_MEMBER,
424: group.getId() });
425:
426: List rights = new Vector();
427: for (int i = 0; i < tmp.size(); i++) {
428: RightDO right = (RightDO) tmp.get(i);
429: Integer groupId = right.getGroup().getId();
430:
431: if (groupIdsCanViewByUser.contains(groupId)
432: && !GroupConstants.equals(groupId,
433: GroupConstants.GROUP_ADMINISTRATOR)) {
434: rights.add(groupId);
435: }
436: }
437: return rights;
438: } catch (Exception e) {
439: persistenceSession.cancel();
440: throw new SystemException(e);
441: } finally {
442: persistenceSession.close();
443: }
444: }
445: }
|