001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: *
017: */
018:
019: /* $Id: RoleCondition.java 473861 2006-11-12 03:51:14Z gregor $ */
020:
021: package org.apache.lenya.cms.workflow;
022:
023: import java.util.HashSet;
024: import java.util.Iterator;
025: import java.util.Set;
026:
027: import org.apache.avalon.framework.service.ServiceManager;
028: import org.apache.avalon.framework.service.ServiceSelector;
029: import org.apache.lenya.ac.AccessController;
030: import org.apache.lenya.ac.AccessControllerResolver;
031: import org.apache.lenya.ac.AccreditableManager;
032: import org.apache.lenya.ac.Identity;
033: import org.apache.lenya.ac.Policy;
034: import org.apache.lenya.ac.PolicyManager;
035: import org.apache.lenya.ac.Role;
036: import org.apache.lenya.ac.RoleManager;
037: import org.apache.lenya.workflow.Condition;
038: import org.apache.lenya.workflow.Workflow;
039: import org.apache.lenya.workflow.WorkflowException;
040: import org.apache.lenya.workflow.Workflowable;
041:
042: /**
043: * Role condition
044: */
045: public class RoleCondition implements Condition {
046:
047: private Set roleIds = new HashSet();
048:
049: protected static final String SEPARATOR = ",";
050:
051: /**
052: * @see org.apache.lenya.workflow.Condition#setExpression(java.lang.String)
053: */
054: public void setExpression(String expression)
055: throws WorkflowException {
056: this .expression = expression;
057:
058: String[] roles = expression.split(SEPARATOR);
059: for (int i = 0; i < roles.length; i++) {
060: this .roleIds.add(roles[i].trim());
061: }
062: }
063:
064: /**
065: * Returns if the condition is complied in a certain situation. The
066: * condition is complied when the current user has the role that is required
067: * by the RoleCondition.
068: *
069: * @see org.apache.lenya.workflow.impl.AbstractCondition#isComplied(Workflow,
070: * Workflowable)
071: */
072: public boolean isComplied(Workflow workflow, Workflowable instance) {
073:
074: DocumentWorkflowable workflowable = (DocumentWorkflowable) instance;
075: ServiceManager manager = workflowable.getServiceManager();
076: String url = workflowable.getDocument().getCanonicalWebappURL();
077:
078: ServiceSelector selector = null;
079: AccessControllerResolver acResolver = null;
080: AccessController accessController = null;
081: try {
082:
083: selector = (ServiceSelector) manager
084: .lookup(AccessControllerResolver.ROLE + "Selector");
085: acResolver = (AccessControllerResolver) selector
086: .select(AccessControllerResolver.DEFAULT_RESOLVER);
087: accessController = acResolver.resolveAccessController(url);
088:
089: PolicyManager policyManager = accessController
090: .getPolicyManager();
091: Identity identity = workflowable.getSession().getIdentity();
092: AccreditableManager accreditableMgr = accessController
093: .getAccreditableManager();
094: Policy policy = policyManager.getPolicy(accreditableMgr,
095: url);
096: RoleManager roleManager = accreditableMgr.getRoleManager();
097:
098: boolean complied = false;
099:
100: for (Iterator i = this .roleIds.iterator(); i.hasNext();) {
101: String roleId = (String) i.next();
102: Role role = roleManager.getRole(roleId);
103: if (policy.check(identity, role) == Policy.RESULT_GRANTED) {
104: complied = true;
105: }
106: }
107:
108: return complied;
109:
110: } catch (final Exception e) {
111: throw new RuntimeException(e);
112: } finally {
113: if (selector != null) {
114: if (acResolver != null) {
115: if (accessController != null) {
116: acResolver.release(accessController);
117: }
118: selector.release(acResolver);
119: }
120: manager.release(selector);
121: }
122: }
123:
124: }
125:
126: private String expression;
127:
128: /**
129: * Returns the expression of this condition.
130: *
131: * @return A string.
132: */
133: public String getExpression() {
134: return this .expression;
135: }
136:
137: /**
138: * @see java.lang.Object#toString()
139: */
140: public String toString() {
141: return getExpression();
142: }
143:
144: }
|