001: /**********************************************************************************
002: * $URL:https://source.sakaiproject.org/svn/osp/trunk/matrix/api-impl/src/java/org/theospi/portfolio/matrix/MatrixAuthorizer.java $
003: * $Id:MatrixAuthorizer.java 9134 2006-05-08 20:28:42Z chmaurer@iupui.edu $
004: ***********************************************************************************
005: *
006: * Copyright (c) 2005, 2006 The Sakai Foundation.
007: *
008: * Licensed under the Educational Community License, Version 1.0 (the "License");
009: * you may not use this file except in compliance with the License.
010: * You may obtain a copy of the License at
011: *
012: * http://www.opensource.org/licenses/ecl1.php
013: *
014: * Unless required by applicable law or agreed to in writing, software
015: * distributed under the License is distributed on an "AS IS" BASIS,
016: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017: * See the License for the specific language governing permissions and
018: * limitations under the License.
019: *
020: **********************************************************************************/package org.theospi.portfolio.matrix;
021:
022: import org.sakaiproject.content.api.ContentHostingService;
023: import org.sakaiproject.metaobj.shared.mgt.IdManager;
024: import org.sakaiproject.metaobj.shared.model.Agent;
025: import org.sakaiproject.metaobj.shared.model.Id;
026: import org.theospi.portfolio.matrix.model.Cell;
027: import org.theospi.portfolio.matrix.model.Scaffolding;
028: import org.theospi.portfolio.matrix.model.ScaffoldingCell;
029: import org.theospi.portfolio.matrix.model.WizardPage;
030: import org.theospi.portfolio.security.AuthorizationFacade;
031: import org.theospi.portfolio.security.app.ApplicationAuthorizer;
032:
033: import java.util.Iterator;
034: import java.util.List;
035:
036: /**
037: * @author rpembry
038: * <p/>
039: * <p/>
040: * createAuth(reviewer, "review", cellId) when a cell is submitted for review
041: * call listAuth(reviewer, "review", null) to find all the cells to review
042: * isAuth(review, "review", cellId) when a reviewer attempts to review a cell
043: * Node/Repository impl will callback here to see if there is locked content that prohibits edits or deletes.
044: * @author rpembry
045: */
046: public class MatrixAuthorizer implements ApplicationAuthorizer {
047:
048: private MatrixManager matrixManager;
049: private AuthorizationFacade explicitAuthz;
050: private IdManager idManager;
051:
052: protected final org.apache.commons.logging.Log logger = org.apache.commons.logging.LogFactory
053: .getLog(getClass());
054: protected List functions;
055:
056: /* (non-Javadoc)
057: * @see org.theospi.portfolio.security.app.ApplicationAuthorizer#isAuthorized(org.theospi.portfolio.security.AuthorizationFacade, org.theospi.portfolio.shared.model.Agent, java.lang.String, org.theospi.portfolio.shared.model.Id)
058: */
059: public Boolean isAuthorized(AuthorizationFacade facade,
060: Agent agent, String function, Id id) {
061: logger.debug("isAuthorized?(...) invoked in MatrixAuthorizer");
062:
063: if (MatrixFunctionConstants.EVALUATE_MATRIX.equals(function)
064: || MatrixFunctionConstants.REVIEW_MATRIX
065: .equals(function)
066: || MatrixFunctionConstants.USE_SCAFFOLDING
067: .equals(function)) {
068: return new Boolean(facade.isAuthorized(function, id));
069: } else if (MatrixFunctionConstants.DELETE_SCAFFOLDING
070: .equals(function)) {
071: Scaffolding scaffolding = getMatrixManager()
072: .getScaffolding(id);
073: if (scaffolding == null)
074: return new Boolean(facade.isAuthorized(agent, function,
075: id));
076:
077: if (!scaffolding.isPublished()
078: && (scaffolding.getOwner().equals(agent))
079: || facade.isAuthorized(agent, function, scaffolding
080: .getWorksiteId()))
081: return new Boolean(true);
082: } else if (ContentHostingService.EVENT_RESOURCE_READ
083: .equals(function)) {
084: return isFileAuth(facade, agent, id);
085: } else if (function
086: .equals(MatrixFunctionConstants.CREATE_SCAFFOLDING)) {
087: return new Boolean(facade.isAuthorized(agent, function, id));
088: } else if (function
089: .equals(MatrixFunctionConstants.EDIT_SCAFFOLDING)) {
090: return new Boolean(facade.isAuthorized(agent, function, id));
091: } else if (function
092: .equals(MatrixFunctionConstants.EXPORT_SCAFFOLDING)) {
093: return new Boolean(facade.isAuthorized(agent, function, id));
094: } else if (function
095: .equals(MatrixFunctionConstants.VIEW_SCAFFOLDING_GUIDANCE)) {
096: //If I can eval, review, or own it
097: ScaffoldingCell sCell = getMatrixManager()
098: .getScaffoldingCellByWizardPageDef(id);
099: //sCell.getWizardPageDefinition().get
100:
101: if (sCell == null)
102: throw new NullPointerException(
103: "The cell was not found. Wizard Page Def for cell: "
104: + id.getValue());
105:
106: Boolean returned = null;
107:
108: Id worksiteId = sCell.getScaffolding().getWorksiteId();
109:
110: // first check global perms for the site
111: if (checkPerms(facade, new String[] {
112: MatrixFunctionConstants.USE_SCAFFOLDING,
113: MatrixFunctionConstants.EVALUATE_MATRIX,
114: MatrixFunctionConstants.REVIEW_MATRIX }, worksiteId)) {
115: return Boolean.valueOf(true);
116: }
117:
118: for (Iterator iter = sCell.getCells().iterator(); iter
119: .hasNext();) {
120: Cell cell = (Cell) iter.next();
121: if (checkPerms(facade, new String[] {
122: MatrixFunctionConstants.EVALUATE_MATRIX,
123: MatrixFunctionConstants.REVIEW_MATRIX }, cell
124: .getId())) {
125: return Boolean.valueOf(true);
126: }
127: }
128: returned = Boolean.valueOf(sCell.getScaffolding()
129: .getOwner().equals(agent));
130: if (returned.booleanValue())
131: return returned;
132: } else if (function
133: .equals(MatrixFunctionConstants.EDIT_SCAFFOLDING_GUIDANCE)) {
134: ScaffoldingCell sCell = getMatrixManager()
135: .getScaffoldingCellByWizardPageDef(id);
136: Agent owner = null;
137: if (sCell != null) {
138: owner = sCell.getScaffolding().getOwner();
139: }
140: return new Boolean(agent.equals(owner));
141: } else if (function
142: .equals(MatrixFunctionConstants.EVALUATE_SPECIFIC_MATRIXCELL)) {
143: WizardPage page = getMatrixManager().getWizardPage(id);
144: Id siteId = idManager.getId(page.getPageDefinition()
145: .getSiteId());
146: // make sure that the target site gets tested
147:
148: facade.pushAuthzGroups(siteId.getValue());
149: return new Boolean(facade.isAuthorized(agent,
150: MatrixFunctionConstants.EVALUATE_MATRIX, siteId));
151: }
152:
153: return null; //don't care
154: }
155:
156: protected boolean checkPerms(AuthorizationFacade facade,
157: String[] functions, Id qualifier) {
158: for (int i = 0; i < functions.length; i++) {
159: if (facade.isAuthorized(functions[i], qualifier)) {
160: return true;
161: }
162: }
163: return false;
164: }
165:
166: protected Boolean isCellAuthForEval(AuthorizationFacade facade,
167: Agent agent, Id cellId) {
168: return new Boolean(facade.isAuthorized(agent,
169: MatrixFunctionConstants.EVALUATE_MATRIX, cellId));
170: }
171:
172: public Boolean isFileAuth(AuthorizationFacade facade, Agent agent,
173: Id artifactId) {
174: // check if this id is attached to any cell
175: if (artifactId == null)
176: return new Boolean(true);
177:
178: List cells = getMatrixManager().getCellsByArtifact(artifactId);
179:
180: if (cells.size() == 0) {
181: return null;
182: }
183:
184: // does this user have access to any of the above cells
185: for (Iterator i = cells.iterator(); i.hasNext();) {
186: Cell cell = (Cell) i.next();
187: Id siteId = cell.getMatrix().getScaffolding()
188: .getWorksiteId();
189: if (getExplicitAuthz().isAuthorized(agent,
190: MatrixFunctionConstants.REVIEW_MATRIX, siteId)
191: || getExplicitAuthz().isAuthorized(agent,
192: MatrixFunctionConstants.EVALUATE_MATRIX,
193: siteId)) {
194: return new Boolean(true);
195: }
196:
197: Boolean returned = isCellAuthForEval(facade, agent, cell
198: .getId());
199: if (returned != null && returned.booleanValue()) {
200: return returned;
201: }
202: }
203:
204: return null;
205: }
206:
207: /**
208: * @return Returns the matrixManager.
209: */
210: public MatrixManager getMatrixManager() {
211: return matrixManager;
212: }
213:
214: /**
215: * @param matrixManager The matrixManager to set.
216: */
217: public void setMatrixManager(MatrixManager matrixManager) {
218: this .matrixManager = matrixManager;
219: }
220:
221: public List getFunctions() {
222: return functions;
223: }
224:
225: public void setFunctions(List functions) {
226: this .functions = functions;
227: }
228:
229: public AuthorizationFacade getExplicitAuthz() {
230: return explicitAuthz;
231: }
232:
233: public void setExplicitAuthz(AuthorizationFacade explicitAuthz) {
234: this .explicitAuthz = explicitAuthz;
235: }
236:
237: /**
238: * @return the idManager
239: */
240: public IdManager getIdManager() {
241: return idManager;
242: }
243:
244: /**
245: * @param idManager the idManager to set
246: */
247: public void setIdManager(IdManager idManager) {
248: this.idManager = idManager;
249: }
250: }
|