001: /**********************************************************************************
002: * $URL:https://source.sakaiproject.org/svn/osp/trunk/presentation/api-impl/src/java/org/theospi/portfolio/presentation/PresentationAuthorizerImpl.java $
003: * $Id:PresentationAuthorizerImpl.java 9134 2006-05-08 20:28:42Z chmaurer@iupui.edu $
004: ***********************************************************************************
005: *
006: * Copyright (c) 2005, 2006 The Sakai Foundation.
007: *
008: * Licensed under the Educational Community License, Version 1.0 (the "License");
009: * you may not use this file except in compliance with the License.
010: * You may obtain a copy of the License at
011: *
012: * http://www.opensource.org/licenses/ecl1.php
013: *
014: * Unless required by applicable law or agreed to in writing, software
015: * distributed under the License is distributed on an "AS IS" BASIS,
016: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017: * See the License for the specific language governing permissions and
018: * limitations under the License.
019: *
020: **********************************************************************************/package org.theospi.portfolio.presentation;
021:
022: import java.util.Collection;
023: import java.util.Iterator;
024: import java.util.List;
025:
026: import org.sakaiproject.content.api.ContentHostingService;
027: import org.sakaiproject.metaobj.shared.mgt.IdManager;
028: import org.sakaiproject.metaobj.shared.model.Agent;
029: import org.sakaiproject.metaobj.shared.model.Id;
030: import org.theospi.portfolio.presentation.model.Presentation;
031: import org.theospi.portfolio.presentation.model.PresentationLayout;
032: import org.theospi.portfolio.presentation.model.PresentationTemplate;
033: import org.theospi.portfolio.security.AuthorizationFacade;
034: import org.theospi.portfolio.security.app.ApplicationAuthorizer;
035:
036: public class PresentationAuthorizerImpl implements
037: ApplicationAuthorizer {
038: private PresentationManager presentationManager;
039: private IdManager idManager;
040: private List functions;
041:
042: /**
043: * This method will ask the application specific functional authorizer to determine authorization.
044: *
045: * @param facade this can be used to do explicit auths if necessary
046: * @param agent
047: * @param function
048: * @param id
049: * @return null if the authorizer has no opinion, true if authorized, false if explicitly not authorized.
050: */
051: public Boolean isAuthorized(AuthorizationFacade facade,
052: Agent agent, String function, Id id) {
053:
054: // return null if we don't know what is up...
055: if (function
056: .equals(PresentationFunctionConstants.VIEW_PRESENTATION)) {
057: return isPresentationViewAuth(facade, agent, id, true);
058: } else if (function
059: .equals(PresentationFunctionConstants.COMMENT_PRESENTATION)) {
060: return isPresentationCommentAuth(facade, agent, id);
061: } else if (function
062: .equals(PresentationFunctionConstants.CREATE_TEMPLATE)) {
063: return new Boolean(facade.isAuthorized(agent, function, id));
064: } else if (function
065: .equals(PresentationFunctionConstants.EDIT_TEMPLATE)) {
066: return isTemplateAuth(facade, id, agent,
067: PresentationFunctionConstants.EDIT_TEMPLATE);
068: } else if (function
069: .equals(PresentationFunctionConstants.PUBLISH_TEMPLATE)) {
070: PresentationTemplate template = getPresentationManager()
071: .getPresentationTemplate(id);
072: Id siteId = getIdManager().getId(template.getSiteId());
073: return new Boolean(facade.isAuthorized(agent, function,
074: siteId));
075: } else if (function
076: .equals(PresentationFunctionConstants.DELETE_TEMPLATE)) {
077: return isTemplateAuth(facade, id, agent,
078: PresentationFunctionConstants.DELETE_TEMPLATE);
079: } else if (function
080: .equals(PresentationFunctionConstants.COPY_TEMPLATE)) {
081: return isTemplateAuth(facade, id, agent,
082: PresentationFunctionConstants.COPY_TEMPLATE);
083: } else if (function
084: .equals(PresentationFunctionConstants.EXPORT_TEMPLATE)) {
085: return isTemplateAuth(facade, id, agent,
086: PresentationFunctionConstants.EXPORT_TEMPLATE);
087: } else if (function
088: .equals(PresentationFunctionConstants.CREATE_PRESENTATION)) {
089: return new Boolean(facade.isAuthorized(agent, function, id));
090: } else if (function
091: .equals(PresentationFunctionConstants.EDIT_PRESENTATION)) {
092: return isPresentationAuth(facade, id, agent,
093: PresentationFunctionConstants.EDIT_PRESENTATION);
094: } else if (function
095: .equals(PresentationFunctionConstants.DELETE_PRESENTATION)) {
096: return isPresentationAuth(facade, id, agent,
097: PresentationFunctionConstants.DELETE_PRESENTATION);
098: } else if (function
099: .equals(ContentHostingService.EVENT_RESOURCE_READ)) {
100: return isFileAuth(facade, agent, id);
101: } else if (function
102: .equals(PresentationFunctionConstants.CREATE_LAYOUT)) {
103: return new Boolean(facade.isAuthorized(agent, function, id));
104: } else if (function
105: .equals(PresentationFunctionConstants.EDIT_LAYOUT)) {
106: return isLayoutAuth(facade, id, agent, function);
107: } else if (function
108: .equals(PresentationFunctionConstants.PUBLISH_LAYOUT)) {
109: return this .canPublishLayout(facade, id, agent, function);
110: } else if (function
111: .equals(PresentationFunctionConstants.SUGGEST_PUBLISH_LAYOUT)) {
112: PresentationLayout layout = getPresentationManager()
113: .getPresentationLayout(id);
114: Id siteId = getIdManager().getId(layout.getSiteId());
115: return new Boolean(facade.isAuthorized(agent, function,
116: siteId));
117: } else if (function
118: .equals(PresentationFunctionConstants.DELETE_LAYOUT)) {
119: return isLayoutAuth(facade, id, agent, function);
120: } else {
121: return null;
122: }
123: }
124:
125: protected Boolean isPresentationAuth(AuthorizationFacade facade,
126: Id qualifier, Agent agent, String function) {
127: Presentation presentation = getPresentationManager()
128: .getLightweightPresentation(qualifier);
129:
130: if (presentation == null) {
131: // must be tool id
132: return new Boolean(facade.isAuthorized(function, qualifier));
133: }
134:
135: //owner can do anything
136: if (presentation.getOwner().equals(agent)) {
137: return new Boolean(true);
138: }
139: Id toolId = getIdManager().getId(presentation.getToolId());
140: return new Boolean(facade.isAuthorized(function, toolId));
141: }
142:
143: protected Boolean isTemplateAuth(AuthorizationFacade facade,
144: Id qualifier, Agent agent, String function) {
145: PresentationTemplate template = getPresentationManager()
146: .getPresentationTemplate(qualifier);
147: //owner can do anything
148: if (template.getOwner().equals(agent)) {
149: return new Boolean(true);
150: }
151: Id siteId = getIdManager().getId(template.getSiteId());
152: return new Boolean(facade.isAuthorized(function, siteId));
153: }
154:
155: protected Boolean isLayoutAuth(AuthorizationFacade facade,
156: Id qualifier, Agent agent, String function) {
157: PresentationLayout layout = getPresentationManager()
158: .getPresentationLayout(qualifier);
159: //owner can do anything
160: if (agent.equals(layout.getOwner())) {
161: return new Boolean(true);
162: }
163: Id toolId = getIdManager().getId(layout.getToolId());
164: return new Boolean(facade.isAuthorized(function, toolId));
165: }
166:
167: protected Boolean canPublishLayout(AuthorizationFacade facade,
168: Id qualifier, Agent agent, String function) {
169: PresentationLayout layout = getPresentationManager()
170: .getPresentationLayout(qualifier);
171: if (layout == null) {
172: return new Boolean(facade.isAuthorized(function, qualifier));
173: }
174:
175: Id siteId = getIdManager().getId(layout.getSiteId());
176: return new Boolean(facade.isAuthorized(function, siteId));
177: }
178:
179: protected Boolean isPresentationCommentAuth(
180: AuthorizationFacade facade, Agent agent, Id id) {
181: Presentation pres = getPresentationManager()
182: .getLightweightPresentation(id);
183:
184: if (!pres.isAllowComments()) {
185: return new Boolean(false);
186: }
187:
188: if (pres.getIsPublic()) {
189: return new Boolean(true);
190: } else if (pres.getOwner().equals(agent)) {
191: return new Boolean(true);
192: } else {
193: Id toolId = getIdManager().getId(pres.getToolId());
194: return new Boolean(facade.isAuthorized(agent,
195: PresentationFunctionConstants.COMMENT_PRESENTATION,
196: toolId));
197: }
198: }
199:
200: protected Boolean isPresentationViewAuth(
201: AuthorizationFacade facade, Agent agent, Id id,
202: boolean allowAnonymous) {
203: Presentation pres = getPresentationManager()
204: .getLightweightPresentation(id);
205:
206: return isPresentationViewAuth(pres, facade, agent, id,
207: allowAnonymous);
208: }
209:
210: protected Boolean isPresentationViewAuth(Presentation pres,
211: AuthorizationFacade facade, Agent agent, Id id,
212: boolean allowAnonymous) {
213: if (pres.getIsPublic()
214: && (allowAnonymous || !agent
215: .isInRole(Agent.ROLE_ANONYMOUS))) {
216: return new Boolean(true);
217: } else if (pres.getOwner().equals(agent)) {
218: return new Boolean(true);
219: } else {
220: return new Boolean(
221: facade
222: .isAuthorized(
223: agent,
224: PresentationFunctionConstants.VIEW_PRESENTATION,
225: id));
226: }
227: }
228:
229: protected Boolean isFileAuth(AuthorizationFacade facade,
230: Agent agent, Id id) {
231: // check if this id is attached to any pres
232:
233: if (id == null)
234: return null;
235:
236: Collection presItems = getPresentationManager()
237: .getPresentationItems(id);
238: presItems.addAll(getPresentationManager()
239: .getPresentationsBasedOnTemplateFileRef(id));
240:
241: if (presItems.size() == 0) {
242: return null;
243: }
244:
245: // does this user have access to any of the above pres
246: for (Iterator i = presItems.iterator(); i.hasNext();) {
247: Presentation pres = (Presentation) i.next();
248:
249: Boolean returned = isPresentationViewAuth(pres, facade,
250: agent, pres.getId(), true);
251: if (returned != null && returned.booleanValue()) {
252: return returned;
253: }
254: }
255:
256: return null;
257: }
258:
259: public PresentationManager getPresentationManager() {
260: return presentationManager;
261: }
262:
263: public void setPresentationManager(
264: PresentationManager presentationManager) {
265: this .presentationManager = presentationManager;
266: }
267:
268: public IdManager getIdManager() {
269: return idManager;
270: }
271:
272: public void setIdManager(IdManager idManager) {
273: this .idManager = idManager;
274: }
275:
276: public List getFunctions() {
277: return functions;
278: }
279:
280: public void setFunctions(List functions) {
281: this.functions = functions;
282: }
283: }
|