001: /**********************************************************************************
002: * $URL: https://source.sakaiproject.org/svn/metaobj/tags/sakai_2-4-1/metaobj-util/tool-lib/src/java/org/sakaiproject/metaobj/security/mgt/impl/PermissionManagerImpl.java $
003: * $Id: PermissionManagerImpl.java 14230 2006-09-05 18:02:51Z chmaurer@iupui.edu $
004: ***********************************************************************************
005: *
006: * Copyright (c) 2004, 2005, 2006 The Sakai Foundation.
007: *
008: * Licensed under the Educational Community License, Version 1.0 (the "License");
009: * you may not use this file except in compliance with the License.
010: * You may obtain a copy of the License at
011: *
012: * http://www.opensource.org/licenses/ecl1.php
013: *
014: * Unless required by applicable law or agreed to in writing, software
015: * distributed under the License is distributed on an "AS IS" BASIS,
016: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017: * See the License for the specific language governing permissions and
018: * limitations under the License.
019: *
020: **********************************************************************************/package org.sakaiproject.metaobj.security.mgt.impl;
021:
022: import java.util.ArrayList;
023: import java.util.Iterator;
024: import java.util.List;
025: import java.util.Map;
026: import java.util.Set;
027:
028: import org.apache.commons.logging.Log;
029: import org.apache.commons.logging.LogFactory;
030: import org.sakaiproject.authz.api.AuthzGroup;
031: import org.sakaiproject.authz.api.GroupNotDefinedException;
032: import org.sakaiproject.authz.api.Role;
033: import org.sakaiproject.authz.cover.AuthzGroupService;
034: import org.sakaiproject.metaobj.security.Authorization;
035: import org.sakaiproject.metaobj.security.AuthorizationFacade;
036: import org.sakaiproject.metaobj.security.mgt.PermissionManager;
037: import org.sakaiproject.metaobj.security.mgt.ToolPermissionManager;
038: import org.sakaiproject.metaobj.security.model.Permission;
039: import org.sakaiproject.metaobj.security.model.PermissionsEdit;
040: import org.sakaiproject.metaobj.shared.mgt.AgentManager;
041: import org.sakaiproject.metaobj.shared.model.Agent;
042: import org.sakaiproject.metaobj.shared.model.Id;
043: import org.sakaiproject.metaobj.shared.model.OspException;
044: import org.sakaiproject.metaobj.shared.model.OspRole;
045: import org.sakaiproject.site.api.Site;
046:
047: public class PermissionManagerImpl implements PermissionManager {
048: protected final transient Log logger = LogFactory
049: .getLog(getClass());
050:
051: private AgentManager agentManager;
052: private AuthorizationFacade authzManager;
053:
054: private Map tools;
055:
056: public List getWorksiteRoles(PermissionsEdit edit) {
057: try {
058: AuthzGroup siteRealm = AuthzGroupService
059: .getAuthzGroup("/site/" + edit.getSiteId());
060:
061: Set roles = siteRealm.getRoles();
062: List returned = new ArrayList();
063: returned.addAll(siteRealm.getRoles());
064: return returned;
065: } catch (GroupNotDefinedException e) {
066: logger.error("", e);
067: throw new OspException(e);
068: }
069: }
070:
071: public PermissionsEdit fillPermissions(PermissionsEdit edit) {
072: edit.setPermissions(new ArrayList());
073:
074: edit = fillPermissionsInternal(edit, edit.getQualifier(), false);
075:
076: ToolPermissionManager mgr = getToolManager(edit);
077: List quals = mgr.getReadOnlyQualifiers(edit);
078:
079: for (Iterator i = quals.iterator(); i.hasNext();) {
080: Id qualifier = (Id) i.next();
081: fillPermissionsInternal(edit, qualifier, true);
082: }
083:
084: return edit;
085: }
086:
087: protected PermissionsEdit fillPermissionsInternal(
088: PermissionsEdit edit, Id qualifier, boolean readOnly) {
089:
090: try {
091: AuthzGroup siteRealm = AuthzGroupService
092: .getAuthzGroup("/site/" + edit.getSiteId());
093:
094: Set roles = siteRealm.getRoles();
095:
096: for (Iterator i = roles.iterator(); i.hasNext();) {
097: Role role = (Role) i.next();
098: Agent currentRole = getAgentManager().getWorksiteRole(
099: role.getId(), edit.getSiteId());
100: List authzs = getAuthzManager().getAuthorizations(
101: currentRole, null, qualifier);
102:
103: for (Iterator j = authzs.iterator(); j.hasNext();) {
104: Authorization authz = (Authorization) j.next();
105: edit.getPermissions().add(
106: new Permission(currentRole, authz
107: .getFunction(), readOnly));
108: }
109: }
110: } catch (GroupNotDefinedException e) {
111: logger.error("", e);
112: throw new OspException(e);
113: }
114:
115: return edit;
116: }
117:
118: public void updatePermissions(PermissionsEdit edit) {
119: AuthorizationFacade manager = getAuthzManager();
120: List origPermissions = null;
121:
122: PermissionsEdit orig = (PermissionsEdit) edit.clone();
123: orig = fillPermissions(orig);
124: origPermissions = orig.getPermissions();
125:
126: for (Iterator i = edit.getPermissions().iterator(); i.hasNext();) {
127: Permission perm = (Permission) i.next();
128:
129: if (origPermissions.contains(perm)) {
130: origPermissions.remove(perm);
131: } else if (!perm.isReadOnly()) {
132: manager.createAuthorization(perm.getAgent(), perm
133: .getFunction(), edit.getQualifier());
134: }
135: }
136:
137: for (Iterator i = origPermissions.iterator(); i.hasNext();) {
138: Permission perm = (Permission) i.next();
139:
140: manager.deleteAuthorization(perm.getAgent(), perm
141: .getFunction(), edit.getQualifier());
142: }
143:
144: }
145:
146: public void duplicatePermissions(Id srcQualifier,
147: Id targetQualifier, Site newSite) {
148: AuthorizationFacade manager = getAuthzManager();
149: List origPermissions = manager.getAuthorizations(null, null,
150: srcQualifier);
151:
152: for (Iterator i = origPermissions.iterator(); i.hasNext();) {
153: Authorization authz = (Authorization) i.next();
154: Agent agent = authz.getAgent();
155: if (newSite != null && agent instanceof OspRole) {
156: agent = getAgentManager().getTempWorksiteRole(
157: ((OspRole) agent).getRoleName(),
158: newSite.getId());
159: }
160:
161: if (agent != null) {
162: manager.createAuthorization(agent, authz.getFunction(),
163: targetQualifier);
164: }
165: }
166: }
167:
168: public List getAppFunctions(PermissionsEdit edit) {
169: ToolPermissionManager mgr = getToolManager(edit);
170:
171: return mgr.getFunctions(edit);
172: }
173:
174: protected ToolPermissionManager getToolManager(PermissionsEdit edit) {
175: return (ToolPermissionManager) getTools().get(edit.getName());
176: }
177:
178: public AgentManager getAgentManager() {
179: return agentManager;
180: }
181:
182: public void setAgentManager(AgentManager agentManager) {
183: this .agentManager = agentManager;
184: }
185:
186: public AuthorizationFacade getAuthzManager() {
187: return authzManager;
188: }
189:
190: public void setAuthzManager(AuthorizationFacade authzManager) {
191: this .authzManager = authzManager;
192: }
193:
194: public Map getTools() {
195: return tools;
196: }
197:
198: public void setTools(Map tools) {
199: this.tools = tools;
200: }
201: }
|