001: /**********************************************************************************
002: * $URL: https://source.sakaiproject.org/svn/osp/tags/sakai_2-4-1/wizard/api-impl/src/java/org/theospi/portfolio/wizard/WizardAuthorizerImpl.java $
003: * $Id: WizardAuthorizerImpl.java 18546 2006-11-29 21:21:19Z andersjb@iupui.edu $
004: ***********************************************************************************
005: *
006: * Copyright (c) 2005, 2006 The Sakai Foundation.
007: *
008: * Licensed under the Educational Community License, Version 1.0 (the "License");
009: * you may not use this file except in compliance with the License.
010: * You may obtain a copy of the License at
011: *
012: * http://www.opensource.org/licenses/ecl1.php
013: *
014: * Unless required by applicable law or agreed to in writing, software
015: * distributed under the License is distributed on an "AS IS" BASIS,
016: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017: * See the License for the specific language governing permissions and
018: * limitations under the License.
019: *
020: **********************************************************************************/package org.theospi.portfolio.wizard;
021:
022: import java.util.Iterator;
023: import java.util.List;
024:
025: import org.sakaiproject.metaobj.shared.mgt.IdManager;
026: import org.sakaiproject.metaobj.shared.model.Agent;
027: import org.sakaiproject.metaobj.shared.model.Id;
028: import org.theospi.portfolio.security.AuthorizationFacade;
029: import org.theospi.portfolio.security.app.ApplicationAuthorizer;
030: import org.theospi.portfolio.wizard.mgt.WizardManager;
031: import org.theospi.portfolio.wizard.model.CompletedWizardPage;
032: import org.theospi.portfolio.wizard.model.Wizard;
033: import org.theospi.portfolio.wizard.model.WizardPageSequence;
034:
035: /**
036: * These are the permissions and their definitions:
037: *
038: * View: Can a user complete a wizard (is the wizard owner or
039: * can complete the wizard or the tool permits the user to complete)
040: * Review: can the user review the wizard definition (check the tool for review)
041: * Evaluate: can the user exaluate the wizard definition (check the tool for evaluate)
042: * Operate: does the user have view or review or evaluate
043: * Create: Can a user create a wizard (permitted by the tool)
044: * Edit: can the user change the wizard definition (check the tool for edit)
045: * Publish: can the user publish the wizard definition (check the tool for publish)
046: * Delete: can the user delete the wizard definition (check the tool for delete)
047: * The delete only works on unpublished wizards
048: * Copy: can the user copy the wizard definition (check the tool for copy)
049: * Delete: can the user delete the wizard definition (check the tool for delete)
050: * Edit Wizard Page Guidance: the owner of the wizard can edit guidance of a wizard page
051: * View Wizard Page Guidance: loop through each completed wizard page and:
052: * does the completed page have evaluate or review or is the owner
053: * or the page def has view permission
054: * or is the page sequence owned by the current user
055: */
056: public class WizardAuthorizerImpl implements ApplicationAuthorizer {
057: private WizardManager wizardManager;
058: private IdManager idManager;
059: private List functions;
060:
061: /**
062: * This method will ask the application specific functional authorizer to determine authorization.
063: *
064: * @param facade this can be used to do explicit auths if necessary
065: * @param agent
066: * @param function
067: * @param id
068: * @return null if the authorizer has no opinion, true if authorized, false if explicitly not authorized.
069: */
070: public Boolean isAuthorized(AuthorizationFacade facade,
071: Agent agent, String function, Id id) {
072:
073: // return null if we don't know what is up...
074: if (function.equals(WizardFunctionConstants.OPERATE_WIZARD)) {
075: Boolean access = isWizardViewAuth(facade, agent, id, true);
076: if (access == null || access.booleanValue() == false) {
077: access = isWizardAuthForReview(facade, agent, id);
078: if (access == null || access.booleanValue() == false) {
079: access = isWizardAuthForEval(facade, agent, id);
080: }
081: }
082: return access;
083: } else if (function.equals(WizardFunctionConstants.VIEW_WIZARD)) {
084: return isWizardViewAuth(facade, agent, id, true);
085:
086: } else if (function
087: .equals(WizardFunctionConstants.CREATE_WIZARD)) {
088: return new Boolean(facade.isAuthorized(agent, function, id));
089:
090: } else if (function.equals(WizardFunctionConstants.EDIT_WIZARD)) {
091: return isWizardAuth(facade, id, agent,
092: WizardFunctionConstants.EDIT_WIZARD);
093:
094: } else if (function
095: .equals(WizardFunctionConstants.PUBLISH_WIZARD)) {
096: String siteStr = getWizardManager().getWizardIdSiteId(id);
097: Id siteId = getIdManager().getId(siteStr);
098: return new Boolean(facade.isAuthorized(agent, function,
099: siteId));
100:
101: } else if (function
102: .equals(WizardFunctionConstants.DELETE_WIZARD)) {
103: return isWizardAuth(facade, id, agent,
104: WizardFunctionConstants.DELETE_WIZARD);
105:
106: } else if (function.equals(WizardFunctionConstants.COPY_WIZARD)) {
107: return isWizardAuth(facade, id, agent,
108: WizardFunctionConstants.COPY_WIZARD);
109:
110: } else if (function
111: .equals(WizardFunctionConstants.EXPORT_WIZARD)) {
112: return isWizardAuth(facade, id, agent,
113: WizardFunctionConstants.EXPORT_WIZARD);
114:
115: } else if (WizardFunctionConstants.REVIEW_WIZARD
116: .equals(function)) {
117: return isWizardAuthForReview(facade, agent, id);
118:
119: } else if (WizardFunctionConstants.EVALUATE_WIZARD
120: .equals(function)) {
121: return isWizardAuthForEval(facade, agent, id);
122: } else if (function
123: .equals(WizardFunctionConstants.EDIT_WIZARDPAGE_GUIDANCE)) {
124: //ScaffoldingCell sCell = getMatrixManager().getScaffoldingCellByWizardPageDef(id);
125: WizardPageSequence wps = wizardManager
126: .getWizardPageSeqByDef(id);
127: Wizard wizard = wps.getCategory().getWizard();
128: Agent owner = wizard.getOwner();
129:
130: Boolean returned = new Boolean(agent.equals(owner));
131:
132: if (returned == null || !returned.booleanValue()) {
133: returned = Boolean.valueOf(facade.isAuthorized(agent,
134: WizardFunctionConstants.EDIT_WIZARD,
135: getIdManager().getId(wizard.getSiteId())));
136: }
137:
138: return returned;
139:
140: } else if (function
141: .equals(WizardFunctionConstants.VIEW_WIZARDPAGE_GUIDANCE)) {
142: //If I can eval, review, or own it
143: List pages = wizardManager
144: .getCompletedWizardPagesByPageDef(id);
145: Boolean returned = null;
146:
147: for (Iterator iter = pages.iterator(); iter.hasNext();) {
148: CompletedWizardPage cwp = (CompletedWizardPage) iter
149: .next();
150: // why are we trying to get a wizard permission on a completed wizard page id?
151: // returned = Boolean.valueOf(facade.isAuthorized(agent, WizardFunctionConstants.EVALUATE_WIZARD, cwp.getId()));
152: returned = isWizardAuthForEval(facade, agent, cwp
153: .getCategory().getWizard().getWizard().getId());
154:
155: if (returned == null || !returned.booleanValue()) {
156: // again, why review wizard permission on the completed wizard page id
157: //returned = Boolean.valueOf(facade.isAuthorized(agent, WizardFunctionConstants.REVIEW_WIZARD, cwp.getId()));
158: returned = isWizardAuthForReview(facade, agent, cwp
159: .getCategory().getWizard().getWizard()
160: .getId());
161: }
162: if (returned == null || !returned.booleanValue()) {
163: // if the user is the owner of the completed wizard
164: returned = Boolean.valueOf(cwp.getCategory()
165: .getWizard().getOwner().equals(agent));
166: }
167: if (returned == null || !returned.booleanValue()) {
168: // Again, with the cwp instead of the wizard
169: //returned = Boolean.valueOf(facade.isAuthorized(agent, WizardFunctionConstants.VIEW_WIZARD,id));
170: returned = isWizardViewAuth(facade, agent, cwp
171: .getCategory().getWizard().getWizard()
172: .getId(), true);
173: }
174: if (returned == null || !returned.booleanValue()) {
175: // if the user is the owner of the actual wizard
176: returned = Boolean.valueOf(cwp.getCategory()
177: .getWizard().getWizard().getOwner().equals(
178: agent));
179: }
180: if (returned.booleanValue())
181: return returned;
182: }
183:
184: WizardPageSequence wps = getWizardManager()
185: .getWizardPageSeqByDef(id);
186:
187: returned = Boolean.valueOf(wps.getCategory().getWizard()
188: .getOwner().equals(agent));
189: if (returned.booleanValue())
190: return returned;
191:
192: return null;
193: } else if (function
194: .equals(WizardFunctionConstants.EVALUATE_SPECIFIC_WIZARD)) {
195: Wizard wizard = wizardManager.getWizard(id);
196: Id siteId = idManager.getId(wizard.getSiteId());
197: facade.pushAuthzGroups(siteId.getValue());
198: return isWizardAuthForEval(facade, agent, siteId);
199: } else if (function
200: .equals(WizardFunctionConstants.EVALUATE_SPECIFIC_WIZARDPAGE)) {
201: Wizard wizard = wizardManager.getCompletedWizardByPage(id)
202: .getWizard();
203: Id siteId = idManager.getId(wizard.getSiteId());
204: facade.pushAuthzGroups(siteId.getValue());
205: return isWizardAuthForEval(facade, agent, siteId);
206: }
207:
208: else {
209: return null;
210: }
211: }
212:
213: /**
214: * This method checks for permission "function" of wizard "qualifier" with the given Agent.
215: * @param facade AuthorizationFacade
216: * @param qualifier Id -- for this function it's the wizard id
217: * @param agent Agent
218: * @param function String
219: * @return Boolean
220: */
221: protected Boolean isWizardAuth(AuthorizationFacade facade,
222: Id qualifier, Agent agent, String function) {
223:
224: String siteStr = getWizardManager()
225: .getWizardIdSiteId(qualifier);
226:
227: if (siteStr == null) {
228: // must be tool id
229: return new Boolean(facade.isAuthorized(function, qualifier));
230: }
231:
232: //owner can do anything
233: /*
234: if (wizard.getOwner().equals(agent)){
235: return new Boolean(true);
236: }
237: */
238: Id siteId = getIdManager().getId(siteStr);
239: return new Boolean(facade.isAuthorized(function, siteId));
240: }
241:
242: /**
243: * THis handles the authority for the view permission on a wizard
244: * @param facade
245: * @param agent
246: * @param id -- for this function it's the wizard id
247: * @param allowAnonymous
248: * @return
249: */
250: protected Boolean isWizardViewAuth(AuthorizationFacade facade,
251: Agent agent, Id id, boolean allowAnonymous) {
252:
253: String siteStr = getWizardManager().getWizardIdSiteId(id);
254:
255: if (siteStr == null) {
256: return new Boolean(facade.isAuthorized(agent,
257: WizardFunctionConstants.VIEW_WIZARD, id));
258: }
259:
260: return isWizardViewAuth(id, facade, agent, id, allowAnonymous);
261: }
262:
263: /**
264: * Checks an agents ability to view the given wizard. It also check the wizard's
265: * tool for permission to access the wizard as view is a tool wide permission.
266: * Anonymous is not recognized in this function yet
267: * @param wizardId Id of the wizard we are checkingWizard
268: * @param facade AuthorizationFacade
269: * @param agent Agent
270: * @param id Id
271: * @param allowAnonymous boolean
272: * @return Boolean
273: */
274: protected Boolean isWizardViewAuth(Id wizardId,
275: AuthorizationFacade facade, Agent agent, Id id,
276: boolean allowAnonymous) {
277: boolean isAuthorized = false;
278: Agent owner = getWizardManager().getWizardIdOwner(wizardId);
279:
280: if (owner != null && owner.equals(agent)) {
281: isAuthorized = true;
282: } else {
283: isAuthorized = facade.isAuthorized(agent,
284: WizardFunctionConstants.VIEW_WIZARD, id);
285:
286: if (!isAuthorized) {
287: String siteStr = getWizardManager().getWizardIdSiteId(
288: id);
289: Id siteId = getIdManager().getId(siteStr);
290: isAuthorized = facade.isAuthorized(
291: WizardFunctionConstants.VIEW_WIZARD, siteId);
292:
293: }
294: }
295: return new Boolean(isAuthorized);
296: }
297:
298: protected Boolean isWizardAuthForReview(AuthorizationFacade facade,
299: Agent agent, Id id) {
300: String siteStr = getWizardManager().getWizardIdSiteId(id);
301: Id tmpId = id;
302: if (siteStr != null) {
303: tmpId = getIdManager().getId(siteStr);
304: }
305:
306: return new Boolean(facade.isAuthorized(agent,
307: WizardFunctionConstants.REVIEW_WIZARD, tmpId));
308: }
309:
310: protected Boolean isWizardAuthForEval(AuthorizationFacade facade,
311: Agent agent, Id id) {
312: return new Boolean(facade.isAuthorized(agent,
313: WizardFunctionConstants.EVALUATE_WIZARD, id));
314: }
315:
316: public WizardManager getWizardManager() {
317: return wizardManager;
318: }
319:
320: public void setWizardManager(WizardManager wizardManager) {
321: this .wizardManager = wizardManager;
322: }
323:
324: public IdManager getIdManager() {
325: return idManager;
326: }
327:
328: public void setIdManager(IdManager idManager) {
329: this .idManager = idManager;
330: }
331:
332: public List getFunctions() {
333: return functions;
334: }
335:
336: public void setFunctions(List functions) {
337: this.functions = functions;
338: }
339: }
|