001: /**
002: * Copyright (C) 2001 Yasna.com. All rights reserved.
003: *
004: * ===================================================================
005: * The Apache Software License, Version 1.1
006: *
007: * Redistribution and use in source and binary forms, with or without
008: * modification, are permitted provided that the following conditions
009: * are met:
010: *
011: * 1. Redistributions of source code must retain the above copyright
012: * notice, this list of conditions and the following disclaimer.
013: *
014: * 2. Redistributions in binary form must reproduce the above copyright
015: * notice, this list of conditions and the following disclaimer in
016: * the documentation and/or other materials provided with the
017: * distribution.
018: *
019: * 3. The end-user documentation included with the redistribution,
020: * if any, must include the following acknowledgment:
021: * "This product includes software developed by
022: * Yasna.com (http://www.yasna.com)."
023: * Alternately, this acknowledgment may appear in the software itself,
024: * if and wherever such third-party acknowledgments normally appear.
025: *
026: * 4. The names "Yazd" and "Yasna.com" must not be used to
027: * endorse or promote products derived from this software without
028: * prior written permission. For written permission, please
029: * contact yazd@yasna.com.
030: *
031: * 5. Products derived from this software may not be called "Yazd",
032: * nor may "Yazd" appear in their name, without prior written
033: * permission of Yasna.com.
034: *
035: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
036: * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
037: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
038: * DISCLAIMED. IN NO EVENT SHALL YASNA.COM OR
039: * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
040: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
041: * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
042: * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
043: * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
044: * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
045: * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
046: * SUCH DAMAGE.
047: * ====================================================================
048: *
049: * This software consists of voluntary contributions made by many
050: * individuals on behalf of Yasna.com. For more information
051: * on Yasna.com, please see <http://www.yasna.com>.
052: */
053:
054: /**
055: * Copyright (C) 2000 CoolServlets.com. All rights reserved.
056: *
057: * ===================================================================
058: * The Apache Software License, Version 1.1
059: *
060: * Redistribution and use in source and binary forms, with or without
061: * modification, are permitted provided that the following conditions
062: * are met:
063: *
064: * 1. Redistributions of source code must retain the above copyright
065: * notice, this list of conditions and the following disclaimer.
066: *
067: * 2. Redistributions in binary form must reproduce the above copyright
068: * notice, this list of conditions and the following disclaimer in
069: * the documentation and/or other materials provided with the
070: * distribution.
071: *
072: * 3. The end-user documentation included with the redistribution,
073: * if any, must include the following acknowledgment:
074: * "This product includes software developed by
075: * CoolServlets.com (http://www.coolservlets.com)."
076: * Alternately, this acknowledgment may appear in the software itself,
077: * if and wherever such third-party acknowledgments normally appear.
078: *
079: * 4. The names "Jive" and "CoolServlets.com" must not be used to
080: * endorse or promote products derived from this software without
081: * prior written permission. For written permission, please
082: * contact webmaster@coolservlets.com.
083: *
084: * 5. Products derived from this software may not be called "Jive",
085: * nor may "Jive" appear in their name, without prior written
086: * permission of CoolServlets.com.
087: *
088: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
089: * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
090: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
091: * DISCLAIMED. IN NO EVENT SHALL COOLSERVLETS.COM OR
092: * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
093: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
094: * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
095: * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
096: * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
097: * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
098: * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
099: * SUCH DAMAGE.
100: * ====================================================================
101: *
102: * This software consists of voluntary contributions made by many
103: * individuals on behalf of CoolServlets.com. For more information
104: * on CoolServlets.com, please see <http://www.coolservlets.com>.
105: */package com.Yasna.forum;
106:
107: import com.Yasna.forum.util.ClientIP;
108:
109: import java.util.*;
110:
111: //JDK1.1// import com.sun.java.util.collections.*;
112:
113: /**
114: * A protection proxy for ForumFactory. It ensures that only authorized users
115: * are allowed to access restricted methods.
116: */
117: public class ForumFactoryProxy extends ForumFactory {
118:
119: private ForumFactory factory;
120: private Authorization authorization;
121: private ForumPermissions permissions;
122:
123: public ForumFactoryProxy(ForumFactory factory,
124: Authorization authorization, ForumPermissions permissions) {
125: this .factory = factory;
126: this .authorization = authorization;
127: this .permissions = permissions;
128: }
129:
130: public Forum createForum(String name, String description,
131: boolean moderated, int forumGroupID, boolean article)
132: throws UnauthorizedException, ForumAlreadyExistsException {
133: if (permissions.get(ForumPermissions.SYSTEM_ADMIN)) {
134: Forum newForum = factory.createForum(name, description,
135: moderated, forumGroupID, article);
136: return new ForumProxy(newForum, authorization, permissions);
137: } else {
138: throw new UnauthorizedException();
139: }
140: }
141:
142: public void deleteForum(Forum forum) throws UnauthorizedException {
143: if (permissions.get(ForumPermissions.SYSTEM_ADMIN)) {
144: factory.deleteForum(forum);
145: } else {
146: throw new UnauthorizedException();
147: }
148: }
149:
150: public void deleteCategory(Category category)
151: throws UnauthorizedException {
152: if (permissions.get(ForumPermissions.SYSTEM_ADMIN)) {
153: factory.deleteCategory(category);
154: } else {
155: throw new UnauthorizedException();
156: }
157: }
158:
159: public Forum getForum(int forumID) throws ForumNotFoundException,
160: UnauthorizedException {
161: Forum forum = factory.getForum(forumID);
162: ForumPermissions forumPermissions = forum
163: .getPermissions(authorization);
164: //Create a new permissions object with the combination of the
165: //permissions of this object and tempPermissions.
166: ForumPermissions newPermissions = new ForumPermissions(
167: permissions, forumPermissions);
168: //Check and see if the user has READ permissions. If not, throw an
169: //an UnauthorizedException.
170: if (!(newPermissions.get(ForumPermissions.READ)
171: || newPermissions.get(ForumPermissions.FORUM_ADMIN) || newPermissions
172: .get(ForumPermissions.SYSTEM_ADMIN))) {
173: throw new UnauthorizedException();
174: }
175: return new ForumProxy(forum, authorization, newPermissions);
176: }
177:
178: public Forum getForum(String name) throws ForumNotFoundException,
179: UnauthorizedException {
180: Forum forum = factory.getForum(name);
181: ForumPermissions forumPermissions = forum
182: .getPermissions(authorization);
183: //Create a new permissions object with the combination of the
184: //permissions of this object and tempPermissions.
185: ForumPermissions newPermissions = new ForumPermissions(
186: permissions, forumPermissions);
187: //Check and see if the user has READ permissions. If not, throw an
188: //an UnauthorizedException.
189: if (!(newPermissions.get(ForumPermissions.READ)
190: || newPermissions.get(ForumPermissions.FORUM_ADMIN) || newPermissions
191: .get(ForumPermissions.SYSTEM_ADMIN))) {
192: throw new UnauthorizedException();
193: }
194: return new ForumProxy(forum, authorization, newPermissions);
195: }
196:
197: public int getForumCount() {
198: return factory.getForumCount();
199: }
200:
201: public Iterator categories() {
202: return new CategoryIteratorProxy(factory.categories(),
203: authorization, permissions);
204: }
205:
206: public Category getCategory(int categoryID)
207: throws CategoryNotFoundException, UnauthorizedException {
208: Category category = factory.getCategory(categoryID);
209: //category permissions can be implemented here
210: return new CategoryProxy(category, authorization, permissions);
211: }
212:
213: public Category getCategory(String name)
214: throws CategoryNotFoundException, UnauthorizedException {
215: Category category = factory.getCategory(name);
216: //category permissions can be implemented here
217: return new CategoryProxy(category, authorization, permissions);
218: }
219:
220: public Category createCategory(String name, String description)
221: throws UnauthorizedException,
222: CategoryAlreadyExistsException {
223: if (permissions.get(ForumPermissions.SYSTEM_ADMIN)) {
224: Category newCategory = factory.createCategory(name,
225: description);
226: return new CategoryProxy(newCategory, authorization,
227: permissions);
228: } else {
229: throw new UnauthorizedException();
230: }
231: }
232:
233: public Iterator forums() {
234: return new ForumIteratorProxy(factory.forums(), authorization,
235: permissions, false);
236: }
237:
238: public Iterator forumsWithArticlesForums() {
239: return new ForumIteratorProxy(factory.forums(), authorization,
240: permissions, true);
241: }
242:
243: public Iterator forumsModeration() {
244: return new ForumModeratorIteratorProxy(factory.forums(),
245: authorization, permissions);
246: }
247:
248: public ProfileManager getProfileManager() {
249: ProfileManager profileManager = factory.getProfileManager();
250: return new ProfileManagerProxy(profileManager, authorization,
251: permissions);
252: }
253:
254: public SearchIndexer getSearchIndexer()
255: throws UnauthorizedException {
256: if (permissions.get(ForumPermissions.SYSTEM_ADMIN)) {
257: return factory.getSearchIndexer();
258: } else {
259: throw new UnauthorizedException();
260: }
261: }
262:
263: public int[] usersWithPermission(int permissionType)
264: throws UnauthorizedException {
265: if (permissions.get(ForumPermissions.SYSTEM_ADMIN)) {
266: return factory.usersWithPermission(permissionType);
267: } else {
268: throw new UnauthorizedException();
269: }
270: }
271:
272: public int[] groupsWithPermission(int permissionType)
273: throws UnauthorizedException {
274: if (permissions.get(ForumPermissions.SYSTEM_ADMIN)) {
275: return factory.groupsWithPermission(permissionType);
276: } else {
277: throw new UnauthorizedException();
278: }
279: }
280:
281: public ForumPermissions getPermissions(Authorization authorization) {
282: return factory.getPermissions(authorization);
283: }
284:
285: public boolean hasPermission(int type) {
286: return permissions.get(type);
287: }
288:
289: /**
290: * Returns the forum factory class that the proxy wraps. In some cases,
291: * this is necessary so that an outside class can get at methods that only
292: * a particular forum factory sublclass contains. Because this is
293: * potentially a dangerours operation, access to the underlying class is
294: * restricted to those with SYSTEM_ADMIN permissions.
295: *
296: * @throws UnauthorizedException if does not have ADMIN permissions.
297: */
298: public ForumFactory getUnderlyingForumFactory()
299: throws UnauthorizedException {
300: if (permissions.get(ForumPermissions.SYSTEM_ADMIN)) {
301: return factory;
302: } else {
303: throw new UnauthorizedException();
304: }
305: }
306:
307: public Query createQuery() {
308: return factory.createQuery();
309: }
310:
311: public void BlackListIP(ClientIP cip, boolean add)
312: throws UnauthorizedException {
313: if (permissions.get(ForumPermissions.SYSTEM_ADMIN)
314: || permissions.get(ForumPermissions.FORUM_ADMIN)
315: || permissions.get(ForumPermissions.MODERATOR)) {
316: factory.BlackListIP(cip, add);
317: } else {
318: throw new UnauthorizedException();
319: }
320: }
321:
322: public boolean isBlackListed(ClientIP cip) {
323: return factory.isBlackListed(cip);
324: }
325:
326: public ForumThread getArticleThread(String pageKey, Forum forumID)
327: throws ForumThreadNotFoundException, UnauthorizedException {
328: return new ForumThreadProxy(factory.getArticleThread(pageKey,
329: forumID), authorization, permissions);
330: }
331:
332: public Iterator getThreadTypeIterator() {
333: return factory.getThreadTypeIterator();
334: }
335:
336: public ThreadType getThreadType(int typeid) {
337: return factory.getThreadType(typeid);
338: }
339:
340: public Iterator getSessionList() {
341: return factory.getSessionList();
342: }
343:
344: public int getYesterdayUserCount() {
345: return factory.getYesterdayUserCount();
346: }
347:
348: }
|