001: package org.apache.turbine.util.security;
002:
003: /*
004: * Licensed to the Apache Software Foundation (ASF) under one
005: * or more contributor license agreements. See the NOTICE file
006: * distributed with this work for additional information
007: * regarding copyright ownership. The ASF licenses this file
008: * to you under the Apache License, Version 2.0 (the
009: * "License"); you may not use this file except in compliance
010: * with the License. You may obtain a copy of the License at
011: *
012: * http://www.apache.org/licenses/LICENSE-2.0
013: *
014: * Unless required by applicable law or agreed to in writing,
015: * software distributed under the License is distributed on an
016: * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017: * KIND, either express or implied. See the License for the
018: * specific language governing permissions and limitations
019: * under the License.
020: */
021:
022: import java.util.Iterator;
023: import java.util.Map;
024:
025: import org.apache.turbine.om.security.Group;
026: import org.apache.turbine.om.security.Permission;
027: import org.apache.turbine.om.security.Role;
028: import org.apache.turbine.services.security.TurbineSecurity;
029:
030: /**
031: * This is a control class that makes it easy to find out if a
032: * particular User has a given Permission. It also determines if a
033: * User has a a particular Role.
034: *
035: * @author <a href="mailto:jmcnally@collab.net">John D. McNally</a>
036: * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
037: * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a>
038: * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
039: * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
040: * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a>
041: * @version $Id: TurbineAccessControlList.java 534527 2007-05-02 16:10:59Z tv $
042: */
043: public class TurbineAccessControlList implements AccessControlList {
044: /** Serial Version UID */
045: private static final long serialVersionUID = 2678947159949477950L;
046:
047: /** The sets of roles that the user has in different groups */
048: private Map roleSets;
049:
050: /** The sets of permissions that the user has in different groups */
051: private Map permissionSets;
052:
053: /** The name of this ACL. Needed for the SecurityEntity Interface */
054: private String name;
055:
056: /**
057: * Constructs a new AccessControlList.
058: *
059: * This class follows 'immutable' pattern - it's objects can't be modified
060: * once they are created. This means that the permissions the users have are
061: * in effect form the moment they log in to the moment they log out, and
062: * changes made to the security settings in that time are not reflected
063: * in the state of this object. If you need to reset an user's permissions
064: * you need to invalidate his session. <br>
065: * The objects that constructs an AccessControlList must supply hashtables
066: * of role/permission sets keyed with group objects. <br>
067: *
068: * @param roleSets a hashtable containing RoleSet objects keyed with Group objects
069: * @param permissionSets a hashtable containing PermissionSet objects keyed with Group objects
070: */
071: public TurbineAccessControlList(Map roleSets, Map permissionSets) {
072: this .roleSets = roleSets;
073: this .permissionSets = permissionSets;
074: }
075:
076: /**
077: * Returns the name of this ACL.
078: *
079: * @return The ACL Name
080: *
081: */
082: public String getName() {
083: return this .name;
084: }
085:
086: /**
087: * Sets the name of this ACL.
088: *
089: * @param name The new ACL name.
090: *
091: */
092: public void setName(String name) {
093: this .name = name;
094: }
095:
096: /**
097: * Retrieves a set of Roles an user is assigned in a Group.
098: *
099: * @param group the Group
100: * @return the set of Roles this user has within the Group.
101: */
102: public RoleSet getRoles(Group group) {
103: if (group == null) {
104: return null;
105: }
106: return (RoleSet) roleSets.get(group);
107: }
108:
109: /**
110: * Retrieves a set of Roles an user is assigned in the global Group.
111: *
112: * @return the set of Roles this user has within the global Group.
113: */
114: public RoleSet getRoles() {
115: return getRoles(TurbineSecurity.getGlobalGroup());
116: }
117:
118: /**
119: * Retrieves a set of Permissions an user is assigned in a Group.
120: *
121: * @param group the Group
122: * @return the set of Permissions this user has within the Group.
123: */
124: public PermissionSet getPermissions(Group group) {
125: if (group == null) {
126: return null;
127: }
128: return (PermissionSet) permissionSets.get(group);
129: }
130:
131: /**
132: * Retrieves a set of Permissions an user is assigned in the global Group.
133: *
134: * @return the set of Permissions this user has within the global Group.
135: */
136: public PermissionSet getPermissions() {
137: return getPermissions(TurbineSecurity.getGlobalGroup());
138: }
139:
140: /**
141: * Checks if the user is assigned a specific Role in the Group.
142: *
143: * @param role the Role
144: * @param group the Group
145: * @return <code>true</code> if the user is assigned the Role in the Group.
146: */
147: public boolean hasRole(Role role, Group group) {
148: RoleSet set = getRoles(group);
149: if (set == null || role == null) {
150: return false;
151: }
152: return set.contains(role);
153: }
154:
155: /**
156: * Checks if the user is assigned a specific Role in any of the given
157: * Groups
158: *
159: * @param role the Role
160: * @param groupset a Groupset
161: * @return <code>true</code> if the user is assigned the Role in any of
162: * the given Groups.
163: */
164: public boolean hasRole(Role role, GroupSet groupset) {
165: if (role == null) {
166: return false;
167: }
168: for (Iterator groups = groupset.iterator(); groups.hasNext();) {
169: Group group = (Group) groups.next();
170: RoleSet roles = getRoles(group);
171: if (roles != null) {
172: if (roles.contains(role)) {
173: return true;
174: }
175: }
176: }
177: return false;
178: }
179:
180: /**
181: * Checks if the user is assigned a specific Role in the Group.
182: *
183: * @param role the Role
184: * @param group the Group
185: * @return <code>true</code> if the user is assigned the Role in the Group.
186: */
187: public boolean hasRole(String role, String group) {
188: try {
189: return hasRole(TurbineSecurity.getRoleByName(role),
190: TurbineSecurity.getGroupByName(group));
191: } catch (Exception e) {
192: return false;
193: }
194: }
195:
196: /**
197: * Checks if the user is assigned a specifie Role in any of the given
198: * Groups
199: *
200: * @param rolename the name of the Role
201: * @param groupset a Groupset
202: * @return <code>true</code> if the user is assigned the Role in any of
203: * the given Groups.
204: */
205: public boolean hasRole(String rolename, GroupSet groupset) {
206: Role role;
207: try {
208: role = TurbineSecurity.getRoleByName(rolename);
209: } catch (TurbineSecurityException e) {
210: return false;
211: }
212: if (role == null) {
213: return false;
214: }
215: for (Iterator groups = groupset.iterator(); groups.hasNext();) {
216: Group group = (Group) groups.next();
217: RoleSet roles = getRoles(group);
218: if (roles != null) {
219: if (roles.contains(role)) {
220: return true;
221: }
222: }
223: }
224: return false;
225: }
226:
227: /**
228: * Checks if the user is assigned a specific Role in the global Group.
229: *
230: * @param role the Role
231: * @return <code>true</code> if the user is assigned the Role in the global Group.
232: */
233: public boolean hasRole(Role role) {
234: return hasRole(role, TurbineSecurity.getGlobalGroup());
235: }
236:
237: /**
238: * Checks if the user is assigned a specific Role in the global Group.
239: *
240: * @param role the Role
241: * @return <code>true</code> if the user is assigned the Role in the global Group.
242: */
243: public boolean hasRole(String role) {
244: try {
245: return hasRole(TurbineSecurity.getRoleByName(role));
246: } catch (Exception e) {
247: return false;
248: }
249: }
250:
251: /**
252: * Checks if the user is assigned a specific Permission in the Group.
253: *
254: * @param permission the Permission
255: * @param group the Group
256: * @return <code>true</code> if the user is assigned the Permission in the Group.
257: */
258: public boolean hasPermission(Permission permission, Group group) {
259: PermissionSet set = getPermissions(group);
260: if (set == null || permission == null) {
261: return false;
262: }
263: return set.contains(permission);
264: }
265:
266: /**
267: * Checks if the user is assigned a specific Permission in any of the given
268: * Groups
269: *
270: * @param permission the Permission
271: * @param groupset a Groupset
272: * @return <code>true</code> if the user is assigned the Permission in any
273: * of the given Groups.
274: */
275: public boolean hasPermission(Permission permission,
276: GroupSet groupset) {
277: if (permission == null) {
278: return false;
279: }
280: for (Iterator groups = groupset.iterator(); groups.hasNext();) {
281: Group group = (Group) groups.next();
282: PermissionSet permissions = getPermissions(group);
283: if (permissions != null) {
284: if (permissions.contains(permission)) {
285: return true;
286: }
287: }
288: }
289: return false;
290: }
291:
292: /**
293: * Checks if the user is assigned a specific Permission in the Group.
294: *
295: * @param permission the Permission
296: * @param group the Group
297: * @return <code>true</code> if the user is assigned the Permission in the Group.
298: */
299: public boolean hasPermission(String permission, String group) {
300: try {
301: return hasPermission(TurbineSecurity
302: .getPermissionByName(permission), TurbineSecurity
303: .getGroupByName(group));
304: } catch (Exception e) {
305: return false;
306: }
307: }
308:
309: /**
310: * Checks if the user is assigned a specific Permission in the Group.
311: *
312: * @param permission the Permission
313: * @param group the Group
314: * @return <code>true</code> if the user is assigned the Permission in the Group.
315: */
316: public boolean hasPermission(String permission, Group group) {
317: try {
318: return hasPermission(TurbineSecurity
319: .getPermissionByName(permission), group);
320: } catch (Exception e) {
321: return false;
322: }
323: }
324:
325: /**
326: * Checks if the user is assigned a specifie Permission in any of the given
327: * Groups
328: *
329: * @param permissionName the name of the Permission
330: * @param groupset a Groupset
331: * @return <code>true</code> if the user is assigned the Permission in any
332: * of the given Groups.
333: */
334: public boolean hasPermission(String permissionName,
335: GroupSet groupset) {
336: Permission permission;
337: try {
338: permission = TurbineSecurity
339: .getPermissionByName(permissionName);
340: } catch (TurbineSecurityException e) {
341: return false;
342: }
343: if (permission == null) {
344: return false;
345: }
346: for (Iterator groups = groupset.iterator(); groups.hasNext();) {
347: Group group = (Group) groups.next();
348: PermissionSet permissions = getPermissions(group);
349: if (permissions != null) {
350: if (permissions.contains(permission)) {
351: return true;
352: }
353: }
354: }
355: return false;
356: }
357:
358: /**
359: * Checks if the user is assigned a specific Permission in the global Group.
360: *
361: * @param permission the Permission
362: * @return <code>true</code> if the user is assigned the Permission in the global Group.
363: */
364: public boolean hasPermission(Permission permission) {
365: return hasPermission(permission, TurbineSecurity
366: .getGlobalGroup());
367: }
368:
369: /**
370: * Checks if the user is assigned a specific Permission in the global Group.
371: *
372: * @param permission the Permission
373: * @return <code>true</code> if the user is assigned the Permission in the global Group.
374: */
375: public boolean hasPermission(String permission) {
376: try {
377: return hasPermission(TurbineSecurity
378: .getPermissionByName(permission));
379: } catch (Exception e) {
380: return false;
381: }
382: }
383:
384: /**
385: * Returns all groups definded in the system.
386: *
387: * This is useful for debugging, when you want to display all roles
388: * and permissions an user is assingned. This method is needed
389: * because you can't call static methods of TurbineSecurity class
390: * from within WebMacro/Velocity template
391: *
392: * @return A Group [] of all groups in the system.
393: */
394: public Group[] getAllGroups() {
395: try {
396: return TurbineSecurity.getAllGroups().getGroupsArray();
397: } catch (TurbineSecurityException e) {
398: return new Group[0];
399: }
400: }
401: }
|