001: /***************************************************************
002: * This file is part of the [fleXive](R) project.
003: *
004: * Copyright (c) 1999-2008
005: * UCS - unique computing solutions gmbh (http://www.ucs.at)
006: * All rights reserved
007: *
008: * The [fleXive](R) project is free software; you can redistribute
009: * it and/or modify it under the terms of the GNU General Public
010: * License as published by the Free Software Foundation;
011: * either version 2 of the License, or (at your option) any
012: * later version.
013: *
014: * The GNU General Public License can be found at
015: * http://www.gnu.org/copyleft/gpl.html.
016: * A copy is found in the textfile GPL.txt and important notices to the
017: * license from the author are found in LICENSE.txt distributed with
018: * these libraries.
019: *
020: * This library is distributed in the hope that it will be useful,
021: * but WITHOUT ANY WARRANTY; without even the implied warranty of
022: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
023: * GNU General Public License for more details.
024: *
025: * For further information about UCS - unique computing solutions gmbh,
026: * please see the company website: http://www.ucs.at
027: *
028: * For further information about [fleXive](R), please see the
029: * project website: http://www.flexive.org
030: *
031: *
032: * This copyright notice MUST APPEAR in all copies of the file!
033: ***************************************************************/package com.flexive.shared.security;
034:
035: import org.apache.commons.logging.Log;
036: import org.apache.commons.logging.LogFactory;
037:
038: import java.io.Serializable;
039:
040: /**
041: * A concrete assignment of an ACL to a user group
042: *
043: * @author Gregor Schober (gregor.schober@flexive.com), UCS - unique computing solutions gmbh (http://www.ucs.at)
044: */
045: public class ACLAssignment implements Serializable, Cloneable {
046: private static final long serialVersionUID = -8040584065610850035L;
047:
048: private long aclId;
049: private long groupId;
050: private ACL.Category category;
051: private boolean mayRead;
052: private boolean mayEdit;
053: private boolean mayRelate;
054: private boolean mayDelete;
055: private boolean mayExport;
056: private boolean mayCreate;
057: private LifeCycleInfo lifeCycleInfo = null;
058: private static transient Log LOG = LogFactory
059: .getLog(ACLAssignment.class);
060:
061: /**
062: * Creates a clone.
063: *
064: * @return the clone
065: * @throws CloneNotSupportedException
066: */
067: @Override
068: public ACLAssignment clone() throws CloneNotSupportedException {
069: ACLAssignment clone = (ACLAssignment) super .clone();
070: clone.aclId = this .aclId;
071: clone.groupId = this .groupId;
072: clone.category = this .category;
073: clone.mayRead = this .mayRead;
074: clone.mayEdit = this .mayEdit;
075: clone.mayRelate = this .mayRelate;
076: clone.mayDelete = this .mayDelete;
077: clone.mayExport = this .mayExport;
078: clone.mayCreate = this .mayCreate;
079: clone.lifeCycleInfo = this .lifeCycleInfo;
080: return clone;
081: }
082:
083: /**
084: * Clones the ACLAssignmentData array.
085: *
086: * @param data the array to clone
087: * @return the clone
088: */
089: public static ACLAssignment[] clone(ACLAssignment data[]) {
090: try {
091: ACLAssignment aadClone[] = new ACLAssignment[data.length];
092: int pos = 0;
093: for (ACLAssignment item : data) {
094: aadClone[pos++] = item.clone();
095: }
096: return aadClone;
097: } catch (CloneNotSupportedException exc) {
098: LOG.fatal("Unable to clone ACLAssignmentData[]: "
099: + exc.getMessage(), exc);
100: return null;
101: }
102: }
103:
104: /**
105: * Constructor.
106: *
107: * @param aclId the id
108: * @param groupId the assigned grou
109: * @param read the read permission
110: * @param edit the edit permission
111: * @param relate the relate permission
112: * @param delete the delete permission
113: * @param export the export permission
114: * @param create the create permission
115: * @param category the assignment category
116: * @param lifeCycleInfo the lifecycle information
117: */
118: public ACLAssignment(long aclId, long groupId, boolean read,
119: boolean edit, boolean relate, boolean delete,
120: boolean export, boolean create, ACL.Category category,
121: LifeCycleInfo lifeCycleInfo) {
122: this .aclId = aclId;
123: this .groupId = groupId;
124: this .mayRead = read;
125: this .mayEdit = edit;
126: this .mayRelate = relate;
127: this .mayDelete = delete;
128: this .mayExport = export;
129: this .category = category;
130: this .mayCreate = create;
131: this .lifeCycleInfo = lifeCycleInfo;
132: }
133:
134: /**
135: * Constructor, all permissions flags are set to false
136: *
137: * @param aclId the id
138: * @param groupId the assigned grou
139: * @param category the assignment category
140: * @param lifeCycleInfo the lifecycle information
141: */
142: protected ACLAssignment(long aclId, long groupId,
143: ACL.Category category, LifeCycleInfo lifeCycleInfo) {
144: this .aclId = aclId;
145: this .groupId = groupId;
146: this .mayRead = false;
147: this .mayEdit = false;
148: this .mayRelate = false;
149: this .mayDelete = false;
150: this .mayExport = false;
151: this .category = category;
152: this .mayCreate = false;
153: this .lifeCycleInfo = lifeCycleInfo;
154: }
155:
156: /**
157: * Returns the unqiue ACL id this assignment belongs to.
158: *
159: * @return the unqiue ACL id this assignment belongs to.
160: */
161: public long getAclId() {
162: return this .aclId;
163: }
164:
165: /**
166: * Return true if the ACLAssignmentImpl grants read permission.
167: *
168: * @return true if the ACLAssignmentImpl grants read permission.
169: */
170: public boolean getMayRead() {
171: return this .mayRead;
172: }
173:
174: /**
175: * Return true if the ACLAssignmentImpl grants edit permission.
176: *
177: * @return true if the ACLAssignmentImpl grants edit permission.
178: */
179: public boolean getMayEdit() {
180: return this .mayEdit;
181: }
182:
183: /**
184: * Return true if the ACLAssignmentImpl grants relate permission.
185: *
186: * @return true if the ACLAssignmentImpl grants relate permission.
187: */
188: public boolean getMayRelate() {
189: return this .mayRelate;
190: }
191:
192: /**
193: * Return true if the ACLAssignmentImpl grants unassign permission.
194: *
195: * @return true if the ACLAssignmentImpl grants unassign permission.
196: */
197: public boolean getMayDelete() {
198: return this .mayDelete;
199: }
200:
201: /**
202: * Return true if the ACLAssignmentImpl grants export permission.
203: *
204: * @return true if the ACLAssignmentImpl grants export permission.
205: */
206: public boolean getMayExport() {
207: return this .mayExport;
208: }
209:
210: /**
211: * Return true if the ACLAssignment grants create permission.
212: *
213: * @return true if the ACLAssignment grants create permission.
214: */
215: public boolean getMayCreate() {
216: return !isOwnerGroupAssignment() && this .mayCreate;
217: }
218:
219: /**
220: * Returns the id of the group the acl is assigned to.
221: *
222: * @return the id of the group the acl is assigned to
223: */
224: public long getGroupId() {
225: return this .groupId;
226: }
227:
228: /**
229: * Setter for the group id
230: *
231: * @param groupId group id
232: */
233: public void setGroupId(long groupId) {
234: this .groupId = groupId;
235: }
236:
237: /**
238: * Returns the type of the ACL.
239: *
240: * @return the type of the ACL
241: */
242: public ACL.Category getACLCategory() {
243: return this .category;
244: }
245:
246: /**
247: * Get lifecycle information
248: *
249: * @return lifecycle information
250: */
251: public LifeCycleInfo getLifeCycleInfo() {
252: return lifeCycleInfo;
253: }
254:
255: /**
256: * Is this an assignment for the owner group?
257: *
258: * @return if this an assignment for the owner group?
259: */
260: public boolean isOwnerGroupAssignment() {
261: return groupId == UserGroup.GROUP_OWNER;
262: }
263:
264: /**
265: * Returns a string representation.
266: *
267: * @return a string representation
268: */
269: @Override
270: public String toString() {
271: return this .getClass() + "@[acl=" + aclId + ",group=" + groupId
272: + ",create=" + mayCreate + ",read=" + mayRead
273: + ",edit=" + mayEdit + ",delete=" + mayDelete
274: + ",relate=" + mayRelate + ",export=" + mayExport + "]";
275: }
276:
277: public void setMayRead(boolean bMayRead) {
278: this .mayRead = bMayRead;
279: }
280:
281: public void setMayEdit(boolean bMayEdit) {
282: this .mayEdit = bMayEdit;
283: }
284:
285: public void setMayRelate(boolean bMayRelate) {
286: this .mayRelate = bMayRelate;
287: }
288:
289: public void setMayDelete(boolean bMayDelete) {
290: this .mayDelete = bMayDelete;
291: }
292:
293: public void setMayExport(boolean bMayExport) {
294: this .mayExport = bMayExport;
295: }
296:
297: public void setMayCreate(boolean bMayCreate) {
298: this .mayCreate = bMayCreate;
299: }
300:
301: /**
302: * Check if the requested permission is granted
303: *
304: * @param permission the permission to check
305: * @param ownerId id of the owner
306: * @param userId id of the calling user
307: * @return granted
308: */
309: public boolean getPermission(ACL.Permission permission,
310: long ownerId, long userId) {
311: if (isOwnerGroupAssignment()
312: && (ownerId != userId || permission == ACL.Permission.CREATE))
313: return false;
314: switch (permission) {
315: case CREATE:
316: return mayCreate;
317: case DELETE:
318: return mayDelete;
319: case EDIT:
320: return mayEdit;
321: case EXPORT:
322: return mayExport;
323: case RELATE:
324: return mayRelate;
325: case READ:
326: return mayRead;
327: default:
328: return false;
329:
330: }
331: }
332:
333: }
|