001: /*
002: * File : $Source: /usr/local/cvs/opencms/src/org/opencms/security/CmsAccessControlList.java,v $
003: * Date : $Date: 2008-02-27 12:05:29 $
004: * Version: $Revision: 1.24 $
005: *
006: * This library is part of OpenCms -
007: * the Open Source Content Management System
008: *
009: * Copyright (c) 2002 - 2008 Alkacon Software GmbH (http://www.alkacon.com)
010: *
011: * This library is free software; you can redistribute it and/or
012: * modify it under the terms of the GNU Lesser General Public
013: * License as published by the Free Software Foundation; either
014: * version 2.1 of the License, or (at your option) any later version.
015: *
016: * This library is distributed in the hope that it will be useful,
017: * but WITHOUT ANY WARRANTY; without even the implied warranty of
018: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
019: * Lesser General Public License for more details.
020: *
021: * For further information about Alkacon Software GmbH, please see the
022: * company website: http://www.alkacon.com
023: *
024: * For further information about OpenCms, please see the
025: * project website: http://www.opencms.org
026: *
027: * You should have received a copy of the GNU Lesser General Public
028: * License along with this library; if not, write to the Free Software
029: * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
030: */
031:
032: package org.opencms.security;
033:
034: import org.opencms.file.CmsUser;
035: import org.opencms.util.CmsUUID;
036:
037: import java.util.ArrayList;
038: import java.util.Collections;
039: import java.util.HashMap;
040: import java.util.Iterator;
041: import java.util.List;
042:
043: /**
044: * An access control list contains the permission sets of all principals for a distinct resource
045: * that are calculated on the permissions defined by various access control entries.<p>
046: *
047: * <p>To each single resource, access control entries of type <code>CmsAccessControlEntry</code> can be assigned.
048: * An access control entry defines the permissions (both allowed and explicitly denied) of a user or group for this resource.</p>
049: *
050: * <p>By calling the method <code>getAccessControlList</code> the list is generated on the resource. It contains the result of
051: * merging both access control entries defined immediately on the resource and inherited along the folder hierarchie in the
052: * OpenCms virtual file system (controlled by flags in the entry).</p>
053: *
054: * <p>To check the permissions of a user on a distinct resource, the method <code>hasPermissions</code> in the driver manager
055: * is called in each operation. This method acts as access guard and matches the required permissions for the operation
056: * against the allowed and denied permissions defined for the user or groups of this user.</p>
057: *
058: * @author Carsten Weinholz
059: *
060: * @version $Revision: 1.24 $
061: *
062: * @since 6.0.0
063: */
064: public class CmsAccessControlList {
065:
066: /**
067: * Collected permissions of a principal on this resource .
068: */
069: private HashMap m_permissions;
070:
071: /**
072: * Constructor to create an empty access control list for a given resource.<p>
073: *
074: */
075: public CmsAccessControlList() {
076:
077: m_permissions = new HashMap();
078: }
079:
080: /**
081: * Adds an access control entry to the access control list.<p>
082: *
083: * @param entry the access control entry to add
084: */
085: public void add(CmsAccessControlEntry entry) {
086:
087: CmsPermissionSetCustom p = (CmsPermissionSetCustom) m_permissions
088: .get(entry.getPrincipal());
089: if (p == null) {
090: p = new CmsPermissionSetCustom();
091: m_permissions.put(entry.getPrincipal(), p);
092: }
093: p.addPermissions(entry.getPermissions());
094: }
095:
096: /**
097: * Returns a clone of this Objects instance.<p>
098: *
099: * @return a clone of this instance
100: */
101: public Object clone() {
102:
103: CmsAccessControlList acl = new CmsAccessControlList();
104: Iterator i = m_permissions.keySet().iterator();
105: while (i.hasNext()) {
106: Object key = i.next();
107: acl.m_permissions.put(key,
108: ((CmsPermissionSetCustom) m_permissions.get(key))
109: .clone());
110: }
111: return acl;
112: }
113:
114: /**
115: * Returns the permission map of this access control list.<p>
116: *
117: * @return permission map
118: */
119: public HashMap getPermissionMap() {
120:
121: return m_permissions;
122: }
123:
124: /**
125: * Calculates the permissions of the given user and his groups from the access control list.<p>
126: *
127: * @param user the user
128: * @param groups the groups of this user
129: * @param roles the roles of this user
130: *
131: * @return the summarized permission set of the user
132: */
133: public CmsPermissionSetCustom getPermissions(CmsUser user,
134: List groups, List roles) {
135:
136: CmsPermissionSetCustom sum = new CmsPermissionSetCustom();
137: boolean hasPermissions = false;
138: CmsPermissionSet p = (CmsPermissionSet) m_permissions.get(user
139: .getId());
140: if (p != null) {
141: sum.addPermissions(p);
142: hasPermissions = true;
143: }
144: if (groups != null) {
145: int size = groups.size();
146: for (int i = 0; i < size; i++) {
147: I_CmsPrincipal principal = (I_CmsPrincipal) groups
148: .get(i);
149: p = (CmsPermissionSet) m_permissions.get(principal
150: .getId());
151: if (p != null) {
152: sum.addPermissions(p);
153: hasPermissions = true;
154: }
155: }
156: }
157: if (roles != null) {
158: int size = roles.size();
159: for (int i = 0; i < size; i++) {
160: CmsRole role = (CmsRole) roles.get(i);
161: p = (CmsPermissionSet) m_permissions.get(role.getId());
162: if (p != null) {
163: sum.addPermissions(p);
164: hasPermissions = true;
165: }
166: }
167: }
168: if (!hasPermissions) {
169: // if no applicable entry is found check the 'all others' entry
170: p = (CmsPermissionSet) m_permissions
171: .get(CmsAccessControlEntry.PRINCIPAL_ALL_OTHERS_ID);
172: if (p != null) {
173: sum.addPermissions(p);
174: }
175: }
176: return sum;
177: }
178:
179: /**
180: * Returns the permission set of a principal as stored in the access control list.<p>
181: *
182: * @param principalId the id of the principal (group or user)
183: *
184: * @return the current permissions of this single principal
185: */
186: public CmsPermissionSetCustom getPermissions(CmsUUID principalId) {
187:
188: return (CmsPermissionSetCustom) m_permissions.get(principalId);
189: }
190:
191: /**
192: * Calculates the permissions of the given user and his groups from the access control list.<p>
193: * The permissions are returned as permission string in the format {{+|-}{r|w|v|c|i}}*.
194: *
195: * @param user the user
196: * @param groups the groups of this user
197: * @param roles the roles of this user
198: *
199: * @return a string that displays the permissions
200: */
201: public String getPermissionString(CmsUser user, List groups,
202: List roles) {
203:
204: return getPermissions(user, groups, roles)
205: .getPermissionString();
206: }
207:
208: /**
209: * Returns the principals with specific permissions stored in this access control list.<p>
210: *
211: * @return enumeration of principals (each group or user)
212: */
213: public List getPrincipals() {
214:
215: List principals = new ArrayList(m_permissions.keySet());
216: Collections.sort(principals,
217: CmsAccessControlEntry.COMPARATOR_PRINCIPALS);
218: return principals;
219: }
220:
221: /**
222: * Sets the allowed permissions of a given access control entry as allowed permissions in the access control list.<p>
223: * The denied permissions are left unchanged.
224: *
225: * @param entry the access control entry
226: */
227: public void setAllowedPermissions(CmsAccessControlEntry entry) {
228:
229: CmsPermissionSetCustom p = (CmsPermissionSetCustom) m_permissions
230: .get(entry.getPrincipal());
231: if (p == null) {
232: p = new CmsPermissionSetCustom();
233: m_permissions.put(entry.getPrincipal(), p);
234: }
235: p.setPermissions(entry.getAllowedPermissions(), p
236: .getDeniedPermissions());
237: }
238:
239: /**
240: * Sets the denied permissions of a given access control entry as denied permissions in the access control list.<p>
241: * The allowed permissions are left unchanged.
242: *
243: * @param entry the access control entry
244: */
245: public void setDeniedPermissions(CmsAccessControlEntry entry) {
246:
247: CmsPermissionSetCustom p = (CmsPermissionSetCustom) m_permissions
248: .get(entry.getPrincipal());
249: if (p == null) {
250: p = new CmsPermissionSetCustom();
251: m_permissions.put(entry.getPrincipal(), p);
252: }
253: p.setPermissions(p.getAllowedPermissions(), entry
254: .getDeniedPermissions());
255: }
256: }
|