001: /* Copyright 2001 The JA-SIG Collaborative. All rights reserved.
002: * See license distributed with this file and
003: * available online at http://www.uportal.org/license.html
004: */
005:
006: package org.jasig.portal.channels.groupsmanager.permissions;
007:
008: import org.jasig.portal.AuthorizationException;
009: import org.jasig.portal.channels.groupsmanager.GroupsManagerConstants;
010: import org.jasig.portal.channels.groupsmanager.IGroupsManagerPermissions;
011: import org.jasig.portal.channels.groupsmanager.Utility;
012: import org.jasig.portal.groups.IGroupMember;
013: import org.jasig.portal.security.IAuthorizationPrincipal;
014:
015: /**
016: * GroupsManagerDefaultPermissions answers if the Authorization Principal is able to
017: * perform specific actions on the target Group Member.
018: * @author Don Fracapane
019: * @version $Revision: 34756 $
020: */
021: public class GroupsManagerDefaultPermissions implements
022: IGroupsManagerPermissions, GroupsManagerConstants {
023:
024: protected static IGroupsManagerPermissions _instance = null;
025:
026: /**
027: * put your documentation comment here
028: */
029: public GroupsManagerDefaultPermissions() {
030: }
031:
032: /**
033: * Return the single instance of GroupsManagerDefaultPermissions.
034: * @return IGroupsManagerPermissions
035: */
036: public static synchronized IGroupsManagerPermissions getInstance() {
037: if (_instance == null) {
038: _instance = new GroupsManagerDefaultPermissions();
039: }
040: return _instance;
041: }
042:
043: /**
044: * Answers if principal can assign permissions to the target group member.
045: * @param ap AuthorizationPrincipal
046: * @param gm IGroupMember
047: * @return boolean
048: */
049: public boolean canAssignPermissions(IAuthorizationPrincipal ap,
050: IGroupMember gm) {
051: //throw new java.lang.UnsupportedOperationException("Method canAssignPermissions() not yet implemented.");
052: return isAuthorized(ap, "ASSIGNPERMISSIONS", gm);
053: }
054:
055: /**
056: * Answers if principal can create a group in the target group member.
057: * @param ap AuthorizationPrincipal
058: * @param gm IGroupMember
059: * @return boolean
060: */
061: public boolean canCreateGroup(IAuthorizationPrincipal ap,
062: IGroupMember gm) {
063: //throw new java.lang.UnsupportedOperationException("Method canCreateGroup() not yet implemented.");
064: return isAuthorized(ap, "CREATE", gm);
065: }
066:
067: /**
068: * Answers if principal can manage the members in the target group member.
069: * @param ap AuthorizationPrincipal
070: * @param gm IGroupMember
071: * @return boolean
072: */
073: public boolean canManageMembers(IAuthorizationPrincipal ap,
074: IGroupMember gm) {
075: //throw new java.lang.UnsupportedOperationException("Method canManageMembers() not yet implemented.");
076: return isAuthorized(ap, "ADD/REMOVE", gm);
077: }
078:
079: /**
080: * Answers if principal can delete the target group member.
081: * @param ap AuthorizationPrincipal
082: * @param gm IGroupMember
083: * @return boolean
084: */
085: public boolean canDelete(IAuthorizationPrincipal ap, IGroupMember gm) {
086: //throw new java.lang.UnsupportedOperationException("Method canDelete() not yet implemented.");
087: return isAuthorized(ap, "DELETE", gm);
088: }
089:
090: /**
091: * Answers if principal can update the target group member.
092: * @param ap AuthorizationPrincipal
093: * @param gm IGroupMember
094: * @return boolean
095: */
096: public boolean canUpdate(IAuthorizationPrincipal ap, IGroupMember gm) {
097: //throw new java.lang.UnsupportedOperationException("Method canRename() not yet implemented.");
098: return isAuthorized(ap, "UPDATE", gm);
099: }
100:
101: /**
102: * Answers if principal can select the target group member.
103: * @param ap AuthorizationPrincipal
104: * @param gm IGroupMember
105: * @return boolean
106: */
107: public boolean canSelect(IAuthorizationPrincipal ap, IGroupMember gm) {
108: //throw new java.lang.UnsupportedOperationException("Method canSelect() not yet implemented.");
109: return (gm.isEntity() || isAuthorized(ap, "SELECT", gm));
110: }
111:
112: /**
113: * Answers if principal can view the target group member.
114: * @param ap AuthorizationPrincipal
115: * @param gm IGroupMember
116: * @return boolean
117: */
118: public boolean canView(IAuthorizationPrincipal ap, IGroupMember gm) {
119: //throw new java.lang.UnsupportedOperationException("Method canView() not yet implemented.");
120: return isAuthorized(ap, "VIEW", gm);
121: }
122:
123: /**
124: * Answers if the principal is able to view the group member properties. This is
125: * a new permission. No one should have this permission in the permission store.
126: * So initially, you may want to enforce your own policy for this permission in
127: * order to keep the behavior the same as before this update was applied. For
128: * example, you could always return a true or perhaps base this permission on
129: * another permission, such as canSelect.
130: * @param ap IAuthorizationPrincipal
131: * @param gm IGroupMember
132: * @return boolean
133: */
134: public boolean canViewProperties(IAuthorizationPrincipal ap,
135: IGroupMember gm) {
136: //throw new java.lang.UnsupportedOperationException("Method canView() not yet implemented.");
137: //return canSelect (ap, gm);
138: //return true;
139: return isAuthorized(ap, "VIEWPROPERTIES", gm);
140: }
141:
142: /**
143: * Answers if principal can perform the activity on the target group member.
144: * @param ap AuthorizationPrincipal
145: * @param activity String
146: * @param gm IGroupMember
147: * @return boolean
148: */
149: public boolean isAuthorized(IAuthorizationPrincipal ap,
150: String activity, IGroupMember gm) {
151: /* If the gm key is null, we cannot meaningfully determine authorizations. The transient
152: search element has a null key so all permissions should be denied.
153: */
154: boolean answer = false;
155: if (gm.getKey() != null) {
156: try {
157: answer = ap.hasPermission(OWNER, activity, gm.getKey());
158: } catch (AuthorizationException ae) {
159: Utility
160: .logMessage(
161: "ERROR",
162: "GroupsManagerDefaultPermission::isAuthorized(): Raised AuthorizationException exception",
163: ae);
164: answer = false;
165: }
166: }
167: return answer;
168: }
169: }
|