Source Code Cross Referenced for ScarabSecurity.java in  » Issue-Tracking » scarab-0.21 » org » tigris » scarab » services » security » Java Source Code / Java DocumentationJava Source Code and Java Documentation

001:        package org.tigris.scarab.services.security;
002:
003:        /* ================================================================
004:         * Copyright (c) 2001 Collab.Net.  All rights reserved.
005:         * 
006:         * Redistribution and use in source and binary forms, with or without
007:         * modification, are permitted provided that the following conditions are
008:         * met:
009:         * 
010:         * 1. Redistributions of source code must retain the above copyright
011:         * notice, this list of conditions and the following disclaimer.
012:         * 
013:         * 2. Redistributions in binary form must reproduce the above copyright
014:         * notice, this list of conditions and the following disclaimer in the
015:         * documentation and/or other materials provided with the distribution.
016:         * 
017:         * 3. The end-user documentation included with the redistribution, if
018:         * any, must include the following acknowlegement: "This product includes
019:         * software developed by Collab.Net <http://www.Collab.Net/>."
020:         * Alternately, this acknowlegement may appear in the software itself, if
021:         * and wherever such third-party acknowlegements normally appear.
022:         * 
023:         * 4. The hosted project names must not be used to endorse or promote
024:         * products derived from this software without prior written
025:         * permission. For written permission, please contact info@collab.net.
026:         * 
027:         * 5. Products derived from this software may not use the "Tigris" or 
028:         * "Scarab" names nor may "Tigris" or "Scarab" appear in their names without 
029:         * prior written permission of Collab.Net.
030:         * 
031:         * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
032:         * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
033:         * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
034:         * IN NO EVENT SHALL COLLAB.NET OR ITS CONTRIBUTORS BE LIABLE FOR ANY
035:         * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
036:         * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
037:         * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
038:         * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
039:         * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
040:         * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
041:         * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
042:         *
043:         * ====================================================================
044:         * 
045:         * This software consists of voluntary contributions made by many
046:         * individuals on behalf of Collab.Net.
047:         */
048:
049:        import java.util.List;
050:        import java.util.ArrayList;
051:
052:        import org.apache.commons.configuration.Configuration;
053:        import org.apache.fulcrum.Service;
054:        import org.apache.fulcrum.BaseService;
055:        import org.apache.fulcrum.TurbineServices;
056:
057:        /**
058:         * This class provides access to security properties
059:         *
060:         * @author <a href="mailto:jmcnally@collab.net">John McNally</a>
061:         * @version $Id: ScarabSecurity.java 10023 2006-03-21 15:37:06Z jorgeuriarte $
062:         */
063:        public class ScarabSecurity extends BaseService implements  Service {
064:            /** The name of the service */
065:            public static final String SERVICE_NAME = "ScarabSecurity";
066:
067:            public static final String TOOL_KEY = "services.PullService.tool.request.security";
068:
069:            private static final String SCREEN_PREFIX = "screen.";
070:            private static final String ACTION_PREFIX = "action.";
071:
072:            protected static final String MAP_PREFIX = "map.";
073:
074:            /**
075:             * String used to indicate that an Action module does not require
076:             * a permission.
077:             */
078:            public static final String NONE = "None";
079:
080:            /** 
081:             * Specifies that a User is valid as an assignee for an issue.
082:             */
083:            public static final String ISSUE__EDIT = getService()
084:                    .getPermissionImpl("Issue__Edit");
085:
086:            /**
087:             * Specifies that a User is able to mark an issue as 'deleted'
088:             */
089:            public static final String ISSUE__DELETE = getService()
090:                    .getPermissionImpl("Issue__Delete");
091:
092:            /** 
093:             * Specifies that a User is allowed to enter an issue.
094:             */
095:            public static final String ISSUE__ENTER = getService()
096:                    .getPermissionImpl("Issue__Enter");
097:
098:            /** 
099:             * Specifies that a User is allowed to view an issue.
100:             */
101:            public static final String ISSUE__VIEW = getService()
102:                    .getPermissionImpl("Issue__View");
103:
104:            /** 
105:             * Specifies that a User is allowed to search for issues.
106:             */
107:            public static final String ISSUE__SEARCH = getService()
108:                    .getPermissionImpl("Issue__Search");
109:
110:            /** 
111:             * Specifies that a User is allowed to move or copy an issue.
112:             */
113:            public static final String ISSUE__MOVE = getService()
114:                    .getPermissionImpl("Issue__Move");
115:
116:            /** 
117:             * Specifies that a User is allowed to search for issues.
118:             */
119:            public static final String ISSUE__ATTACH = getService()
120:                    .getPermissionImpl("Issue__Attach");
121:
122:            /** 
123:             * Specifies that a User is allowed to add comments to issues.
124:             */
125:            public static final String ISSUE__COMMENT = getService()
126:                    .getPermissionImpl("Issue__Comment");
127:
128:            /** 
129:             * Specifies that a User is allowed to search for issues.
130:             */
131:            public static final String ISSUE__ASSIGN = getService()
132:                    .getPermissionImpl("Issue__Assign");
133:
134:            /** 
135:             * Specifies that a User is allowed to approve a query.
136:             */
137:            public static final String ITEM__APPROVE = getService()
138:                    .getPermissionImpl("Item__Approve");
139:
140:            /** 
141:             * Specifies that a User is allowed to delete a query.
142:             */
143:            public static final String ITEM__DELETE = getService()
144:                    .getPermissionImpl("Item__Delete");
145:
146:            /** 
147:             * Specifies that a User is allowed to edit preferences.
148:             */
149:            public static final String USER__EDIT_PREFERENCES = getService()
150:                    .getPermissionImpl("User__Edit_Preferences");
151:
152:            /** 
153:             * Specifies that a User is allowed to administer a domain.
154:             */
155:            public static final String DOMAIN__ADMIN = getService()
156:                    .getPermissionImpl("Domain__Admin");
157:
158:            /** 
159:             * Specifies that a User is allowed to edit a domain.
160:             */
161:            public static final String DOMAIN__EDIT = getService()
162:                    .getPermissionImpl("Domain__Edit");
163:
164:            /** 
165:             * Specifies that a User is allowed to modify a project.
166:             */
167:            public static final String MODULE__EDIT = getService()
168:                    .getPermissionImpl("Module__Edit");
169:
170:            /** 
171:             * Specifies that a User is allowed to configure a project.
172:             */
173:            public static final String MODULE__CONFIGURE = getService()
174:                    .getPermissionImpl("Module__Configure");
175:
176:            /** 
177:             * Specifies that a User is allowed to add a project.
178:             */
179:            public static final String MODULE__ADD = getService()
180:                    .getPermissionImpl("Module__Add");
181:
182:            /**
183:             * User with this permission is allowed to approve roles requested
184:             * by other users.
185:             */
186:            public static final String USER__APPROVE_ROLES = getService()
187:                    .getPermissionImpl("User__Approve_Roles");
188:
189:            /** 
190:             * Specifies that a User is allowed to set up voting policies.
191:             */
192:            public static final String VOTE__MANAGE = getService()
193:                    .getPermissionImpl("Vote__Manage");
194:
195:            /** 
196:             * Specifies that a User can change its password.
197:             * This permission is not stored in the database, and not
198:             * shown in GUI, but rather is managed by properties file.       
199:             */
200:            public static final String USER__CHANGE_PASSWORD = getService()
201:                    .getPermissionImpl("User__Change_Password");
202:
203:            private Configuration props;
204:            private List allPermissions;
205:
206:            public ScarabSecurity() {
207:            }
208:
209:            public void init() {
210:                props = getConfiguration();
211:                setInit(true);
212:            }
213:
214:            /**
215:             * Used in getAllPermissionsImpl to build the list
216:             */
217:            private void addPerm(List perms, String perm) {
218:                if (perm != null && perm.length() > 0 && !perms.contains(perm)) {
219:                    perms.add(perm);
220:                }
221:            }
222:
223:            protected List getAllPermissionsImpl() {
224:                if (allPermissions == null) {
225:                    List tmpPerms = new ArrayList();
226:                    addPerm(tmpPerms, ScarabSecurity.ISSUE__EDIT);
227:                    addPerm(tmpPerms, ScarabSecurity.ISSUE__ENTER);
228:                    addPerm(tmpPerms, ScarabSecurity.ISSUE__SEARCH);
229:                    addPerm(tmpPerms, ScarabSecurity.ISSUE__VIEW);
230:                    addPerm(tmpPerms, ScarabSecurity.ISSUE__ASSIGN);
231:                    addPerm(tmpPerms, ScarabSecurity.ISSUE__ATTACH);
232:                    addPerm(tmpPerms, ScarabSecurity.ISSUE__COMMENT);
233:                    addPerm(tmpPerms, ScarabSecurity.ISSUE__MOVE);
234:                    addPerm(tmpPerms, ScarabSecurity.ITEM__APPROVE);
235:                    addPerm(tmpPerms, ScarabSecurity.ITEM__DELETE);
236:                    addPerm(tmpPerms, ScarabSecurity.DOMAIN__ADMIN);
237:                    addPerm(tmpPerms, ScarabSecurity.DOMAIN__EDIT);
238:                    addPerm(tmpPerms, ScarabSecurity.MODULE__EDIT);
239:                    addPerm(tmpPerms, ScarabSecurity.MODULE__CONFIGURE);
240:                    addPerm(tmpPerms, ScarabSecurity.MODULE__ADD);
241:                    addPerm(tmpPerms, ScarabSecurity.USER__EDIT_PREFERENCES);
242:                    addPerm(tmpPerms, ScarabSecurity.USER__APPROVE_ROLES);
243:                    addPerm(tmpPerms, ScarabSecurity.VOTE__MANAGE);
244:                    allPermissions = tmpPerms;
245:                }
246:
247:                return allPermissions;
248:            }
249:
250:            protected String getScreenPermissionImpl(String screen) {
251:                String t = screen.replace(',', '.');
252:                return getPermissionImpl(props.getString(SCREEN_PREFIX + t,
253:                        null));
254:            }
255:
256:            protected String getActionPermissionImpl(String action) {
257:                String perm = null;
258:                String property = props.getString(ACTION_PREFIX + action);
259:                if (NONE.equals(property)) {
260:                    perm = NONE;
261:                } else {
262:                    perm = getPermissionImpl(property);
263:                }
264:                return perm;
265:            }
266:
267:            protected String getPermissionImpl(String permConstant) {
268:                return props.getString(MAP_PREFIX + permConstant, null);
269:            }
270:
271:            // *******************************************************************
272:            // static accessors
273:            // *******************************************************************
274:
275:            public static List getAllPermissions() {
276:                return getService().getAllPermissionsImpl();
277:            }
278:
279:            public static String getScreenPermission(String screen) {
280:                return getService().getScreenPermissionImpl(screen);
281:            }
282:
283:            public static String getActionPermission(String action) {
284:                return getService().getActionPermissionImpl(action);
285:            }
286:
287:            /**
288:             * Gets the <code>ScarabSecurity</code> implementation.
289:             *
290:             * @return the ScarabSecurity implementation.
291:             */
292:            protected static final ScarabSecurity getService() {
293:                return (ScarabSecurity) TurbineServices.getInstance()
294:                        .getService(ScarabSecurity.SERVICE_NAME);
295:            }
296:
297:        }