001: /**********************************************************************************
002: * $URL:https://source.sakaiproject.org/svn/osp/trunk/common/api-impl/src/java/org/theospi/portfolio/security/mgt/impl/PermissionManagerImpl.java $
003: * $Id:PermissionManagerImpl.java 9134 2006-05-08 20:28:42Z chmaurer@iupui.edu $
004: ***********************************************************************************
005: *
006: * Copyright (c) 2005, 2006 The Sakai Foundation.
007: *
008: * Licensed under the Educational Community License, Version 1.0 (the "License");
009: * you may not use this file except in compliance with the License.
010: * You may obtain a copy of the License at
011: *
012: * http://www.opensource.org/licenses/ecl1.php
013: *
014: * Unless required by applicable law or agreed to in writing, software
015: * distributed under the License is distributed on an "AS IS" BASIS,
016: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017: * See the License for the specific language governing permissions and
018: * limitations under the License.
019: *
020: **********************************************************************************/package org.theospi.portfolio.security.mgt.impl;
021:
022: import java.util.ArrayList;
023: import java.util.Iterator;
024: import java.util.List;
025: import java.util.Map;
026: import java.util.Set;
027:
028: import org.apache.commons.logging.Log;
029: import org.apache.commons.logging.LogFactory;
030: import org.sakaiproject.authz.api.GroupNotDefinedException;
031: import org.sakaiproject.authz.api.Role;
032: import org.sakaiproject.authz.cover.AuthzGroupService;
033: import org.sakaiproject.metaobj.shared.mgt.AgentManager;
034: import org.sakaiproject.metaobj.shared.model.Agent;
035: import org.sakaiproject.metaobj.shared.model.Id;
036: import org.sakaiproject.metaobj.shared.model.OspRole;
037: import org.sakaiproject.site.api.Site;
038: import org.theospi.portfolio.security.Authorization;
039: import org.theospi.portfolio.security.AuthorizationFacade;
040: import org.theospi.portfolio.security.mgt.PermissionManager;
041: import org.theospi.portfolio.security.mgt.ToolPermissionManager;
042: import org.theospi.portfolio.security.model.Permission;
043: import org.theospi.portfolio.security.model.PermissionsEdit;
044: import org.theospi.portfolio.shared.model.OspException;
045:
046: public class PermissionManagerImpl implements PermissionManager {
047: protected final transient Log logger = LogFactory
048: .getLog(getClass());
049:
050: private AgentManager agentManager;
051: private AuthorizationFacade authzManager;
052:
053: private Map tools;
054:
055: public List getWorksiteRoles(PermissionsEdit edit) {
056: try {
057:
058: Set roles = AuthzGroupService.getInstance().getAuthzGroup(
059: "/site/" + edit.getSiteId()).getRoles();
060: List returned = new ArrayList();
061: returned.addAll(roles);
062: return returned;
063: } catch (GroupNotDefinedException e) {
064: logger.error("", e);
065: throw new OspException(e);
066: }
067: }
068:
069: public PermissionsEdit fillPermissions(PermissionsEdit edit) {
070: edit.setPermissions(new ArrayList());
071:
072: edit = fillPermissionsInternal(edit, edit.getQualifier(), false);
073:
074: ToolPermissionManager mgr = getToolManager(edit);
075: List quals = mgr.getReadOnlyQualifiers(edit);
076:
077: for (Iterator i = quals.iterator(); i.hasNext();) {
078: Id qualifier = (Id) i.next();
079: fillPermissionsInternal(edit, qualifier, true);
080: }
081:
082: return edit;
083: }
084:
085: protected PermissionsEdit fillPermissionsInternal(
086: PermissionsEdit edit, Id qualifier, boolean readOnly) {
087:
088: try {
089: /*Realm siteRealm = RealmService.getRealm("/site/" +
090: edit.getSiteId());
091:
092: Set roles = siteRealm.getRoles();
093: */
094: Set roles = AuthzGroupService.getInstance().getAuthzGroup(
095: "/site/" + edit.getSiteId()).getRoles();
096:
097: List functions = getAppFunctions(edit);
098:
099: for (Iterator i = roles.iterator(); i.hasNext();) {
100: Role role = (Role) i.next();
101: Agent currentRole = getAgentManager().getWorksiteRole(
102: role.getId(), edit.getSiteId());
103: List authzs = getAuthzManager().getAuthorizations(
104: currentRole, null, qualifier);
105:
106: for (Iterator j = authzs.iterator(); j.hasNext();) {
107: Authorization authz = (Authorization) j.next();
108:
109: if (functions.contains(authz.getFunction())) {
110: edit.getPermissions().add(
111: new Permission(currentRole, authz
112: .getFunction(), readOnly));
113: }
114: }
115: }
116: } catch (GroupNotDefinedException e) {
117: //This should be an okay exception to swallow. If we can't find the realm, just skip it.
118: // This came up when using the sites tool to create a site. Since there wasn't
119: // a realm yet, couldn't set permissions
120: logger.warn("Cannot find realm corresponding to site: "
121: + e.getId()
122: + ". Skipping it for setting permissions.", e);
123: //throw new OspException(e);
124: }
125:
126: return edit;
127: }
128:
129: public void updatePermissions(PermissionsEdit edit) {
130: AuthorizationFacade manager = getAuthzManager();
131: List origPermissions = null;
132:
133: PermissionsEdit orig = (PermissionsEdit) edit.clone();
134: orig = fillPermissions(orig);
135: origPermissions = orig.getPermissions();
136:
137: for (Iterator i = edit.getPermissions().iterator(); i.hasNext();) {
138: Permission perm = (Permission) i.next();
139:
140: if (origPermissions.contains(perm)) {
141: origPermissions.remove(perm);
142: } else if (!perm.isReadOnly()) {
143: manager.createAuthorization(perm.getAgent(), perm
144: .getFunction(), edit.getQualifier());
145: }
146: }
147:
148: for (Iterator i = origPermissions.iterator(); i.hasNext();) {
149: Permission perm = (Permission) i.next();
150:
151: manager.deleteAuthorization(perm.getAgent(), perm
152: .getFunction(), edit.getQualifier());
153: }
154:
155: }
156:
157: public void duplicatePermissions(Id srcQualifier,
158: Id targetQualifier, Site newSite) {
159: AuthorizationFacade manager = getAuthzManager();
160: List origPermissions = manager.getAuthorizations(null, null,
161: srcQualifier);
162:
163: for (Iterator i = origPermissions.iterator(); i.hasNext();) {
164: Authorization authz = (Authorization) i.next();
165: Agent agent = authz.getAgent();
166: if (newSite != null && agent instanceof OspRole) {
167: agent = getAgentManager().getTempWorksiteRole(
168: ((OspRole) agent).getRoleName(),
169: newSite.getId());
170: }
171:
172: if (agent != null) {
173: manager.createAuthorization(agent, authz.getFunction(),
174: targetQualifier);
175: }
176: }
177: }
178:
179: public void addTools(Map newTools) {
180: getTools().putAll(newTools);
181: }
182:
183: public List getAppFunctions(PermissionsEdit edit) {
184: ToolPermissionManager mgr = getToolManager(edit);
185:
186: return mgr.getFunctions(edit);
187: }
188:
189: protected ToolPermissionManager getToolManager(PermissionsEdit edit) {
190: return (ToolPermissionManager) getTools().get(edit.getName());
191: }
192:
193: public AgentManager getAgentManager() {
194: return agentManager;
195: }
196:
197: public void setAgentManager(AgentManager agentManager) {
198: this .agentManager = agentManager;
199: }
200:
201: public AuthorizationFacade getAuthzManager() {
202: return authzManager;
203: }
204:
205: public void setAuthzManager(AuthorizationFacade authzManager) {
206: this .authzManager = authzManager;
207: }
208:
209: public Map getTools() {
210: return tools;
211: }
212:
213: public void setTools(Map tools) {
214: this.tools = tools;
215: }
216: }
|