001: /*
002: * Copyright 2005 Pentaho Corporation. All rights reserved.
003: * This software was developed by Pentaho Corporation and is provided under the terms
004: * of the Mozilla Public License, Version 1.1, or any later version. You may not use
005: * this file except in compliance with the license. If you need a copy of the license,
006: * please go to http://www.mozilla.org/MPL/MPL-1.1.txt. The Original Code is the Pentaho
007: * BI Platform. The Initial Developer is Pentaho Corporation.
008: *
009: * Software distributed under the Mozilla Public License is distributed on an "AS IS"
010: * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. Please refer to
011: * the license for the specific language governing your rights and limitations.
012: *
013: * Created Jan 19, 2006
014: * @author mbatchel
015: */
016: package com.pentaho.security.acls;
017:
018: import java.util.HashMap;
019: import java.util.Map;
020:
021: import org.acegisecurity.GrantedAuthority;
022: import org.acegisecurity.GrantedAuthorityImpl;
023: import org.acegisecurity.acl.basic.AbstractBasicAclEntry;
024: import org.dom4j.Element;
025: import org.pentaho.messages.Messages;
026:
027: /**
028: * Base Pentaho Access Control entry. Subclassed <tt>AbstractBasicAclEntry</tt> from
029: * the ACEGI project. Provides known access controls.
030: *
031: * @author mbatchel
032: *
033: */
034:
035: public class PentahoAclEntry extends AbstractBasicAclEntry {
036:
037: private static final long serialVersionUID = -1123574274303339402L;
038:
039: // private static final Log logger = LogFactory.getLog(PentahoAclEntry.class);
040:
041: /**
042: * No access (0)
043: */
044: public static final int NOTHING = 0;
045:
046: /**
047: * Execute access (1)
048: */
049: public static final int EXECUTE = (int) Math.pow(2, 0); // 1
050:
051: /**
052: * Subscribe access (2)
053: */
054: public static final int SUBSCRIBE = (int) Math.pow(2, 1); // 2
055:
056: /**
057: * Create access (4)
058: */
059: public static final int CREATE = (int) Math.pow(2, 2); // 4
060:
061: /**
062: * Update access (8)
063: */
064: public static final int UPDATE = (int) Math.pow(2, 3); // 8
065:
066: /**
067: * Delete (16)
068: */
069: public static final int DELETE = (int) Math.pow(2, 4); // 16
070:
071: /**
072: * Administration access (28)
073: */
074: public static final int ADMINISTRATION = CREATE | UPDATE | DELETE;
075:
076: /**
077: * Execute and subscribe (3)
078: */
079: public static final int EXECUTE_SUBSCRIBE = EXECUTE | SUBSCRIBE;
080:
081: /**
082: * All possible permissions (31)
083: */
084: public static final int ADMIN_ALL = EXECUTE_SUBSCRIBE
085: | ADMINISTRATION;
086:
087: /**
088: * Subscribe and administration (30)
089: */
090: public static final int SUBSCRIBE_ADMINISTRATION = SUBSCRIBE
091: | ADMINISTRATION;
092:
093: /**
094: * Execute and administration (29)
095: */
096: public static final int EXECUTE_ADMINISTRATION = EXECUTE
097: | ADMINISTRATION;
098:
099: public static final String PERMISSIONS_LIST_SOLUTIONS = "solutions"; //$NON-NLS-1$
100:
101: public static final String PERMISSIONS_LIST_ALL = "all"; //$NON-NLS-1$
102:
103: // Array required by the abstract superclass via getValidPermissions()
104: private static final int[] validPermissions = { NOTHING, /* 0 */
105: EXECUTE, /* 1 */
106: SUBSCRIBE, /* 2 */
107: EXECUTE_SUBSCRIBE, /* 3 */
108: CREATE, /* 4 */
109: 7, UPDATE, /* 8 */
110: 9, 10, 11, 12, 13, 14, 15, DELETE, /* 16 */
111: ADMINISTRATION, /* 29 */
112: EXECUTE_ADMINISTRATION, /* 30 */
113: SUBSCRIBE_ADMINISTRATION, /* 31 */
114: ADMIN_ALL, /* 32 */
115: };
116:
117: //private static final int EXECUTE_IDX = 1;
118: //private static final int SUBSCRIBE_IDX = 2;
119: //private static final int ADMINISTRATION_IDX = 10;
120:
121: private static final int RECIPIENT_STRING = 0;
122:
123: private static final int RECIPIENT_GRANTEDAUTHORITY = 1;
124:
125: private static final Map validPermissionsNameMap = new HashMap();
126:
127: public int recipientType = RECIPIENT_STRING;
128:
129: static {
130: Map solutionPermissionsMap = new HashMap();
131: Map allPermissionsMap = new HashMap();
132:
133: validPermissionsNameMap.put(PERMISSIONS_LIST_SOLUTIONS,
134: solutionPermissionsMap);
135: validPermissionsNameMap.put(PERMISSIONS_LIST_ALL,
136: allPermissionsMap);
137:
138: solutionPermissionsMap
139: .put(
140: Messages
141: .getString("PentahoAclEntry.USER_ADMINISTER"), new Integer(ADMIN_ALL)); //$NON-NLS-1$
142: solutionPermissionsMap
143: .put(
144: Messages
145: .getString("PentahoAclEntry.USER_EXECUTE"), new Integer(EXECUTE));//$NON-NLS-1$
146: solutionPermissionsMap
147: .put(
148: Messages
149: .getString("PentahoAclEntry.USER_SUBSCRIBE"), new Integer(SUBSCRIBE));//$NON-NLS-1$
150:
151: allPermissionsMap
152: .put(
153: Messages.getString("PentahoAclEntry.USER_NONE"), new Integer(0)); //$NON-NLS-1$
154: allPermissionsMap
155: .put(
156: Messages
157: .getString("PentahoAclEntry.USER_EXECUTE"), new Integer(EXECUTE)); //$NON-NLS-1$
158: allPermissionsMap
159: .put(
160: Messages
161: .getString("PentahoAclEntry.USER_SUBSCRIBE"), new Integer(SUBSCRIBE)); //$NON-NLS-1$
162: allPermissionsMap
163: .put(
164: Messages
165: .getString("PentahoAclEntry.USER_CREATE"), new Integer(CREATE)); //$NON-NLS-1$
166: allPermissionsMap
167: .put(
168: Messages
169: .getString("PentahoAclEntry.USER_UPDATE"), new Integer(UPDATE)); //$NON-NLS-1$
170: allPermissionsMap
171: .put(
172: Messages
173: .getString("PentahoAclEntry.USER_DELETE"), new Integer(DELETE)); //$NON-NLS-1$
174: allPermissionsMap
175: .put(
176: Messages.getString("PentahoAclEntry.USER_ALL"), new Integer(ADMIN_ALL)); //$NON-NLS-1$
177:
178: }
179:
180: public PentahoAclEntry() {
181: super ();
182: }
183:
184: public PentahoAclEntry(Object recipient, int mask) {
185: this ();
186: setRecipient(recipient);
187: setMask(mask);
188: }
189:
190: protected void setRecipientType(int value) {
191: this .recipientType = value;
192: }
193:
194: protected int getRecipientType() {
195: return this .recipientType;
196: }
197:
198: protected void setRecipientString(String value) {
199: if (this .recipientType == RECIPIENT_GRANTEDAUTHORITY) {
200: this .setRecipient(new GrantedAuthorityImpl(value));
201: } else {
202: this .setRecipient(value);
203: }
204:
205: }
206:
207: protected String getRecipientString() {
208: return this .getRecipient().toString();
209: }
210:
211: public void setRecipient(Object value) {
212: super .setRecipient(value);
213: if (value instanceof GrantedAuthority) {
214: this .setRecipientType(RECIPIENT_GRANTEDAUTHORITY);
215: } else {
216: this .setRecipientType(RECIPIENT_STRING);
217: }
218: }
219:
220: public int[] getValidPermissions() {
221: return validPermissions;
222: }
223:
224: public String printPermissionsBlock(int i) {
225: StringBuffer sb = new StringBuffer();
226:
227: if (isPermitted(i, ADMINISTRATION)) {
228: sb.append('A');
229: } else {
230: sb.append('-');
231: }
232:
233: if (isPermitted(i, EXECUTE)) {
234: sb.append('X');
235: } else {
236: sb.append('-');
237: }
238:
239: if (isPermitted(i, SUBSCRIBE)) {
240: sb.append('S');
241: } else {
242: sb.append('-');
243: }
244: return sb.toString();
245: }
246:
247: public void setXMLPermissionAttributes(Element node) {
248: node
249: .addAttribute(
250: "aclAdministration", //$NON-NLS-1$
251: isPermitted(PentahoAclEntry.ADMINISTRATION) ? "true" : "false"); //$NON-NLS-1$ //$NON-NLS-2$
252:
253: node
254: .addAttribute(
255: "aclExecute", //$NON-NLS-1$
256: isPermitted(PentahoAclEntry.EXECUTE) ? "true" : "false"); //$NON-NLS-1$ //$NON-NLS-2$
257:
258: node
259: .addAttribute(
260: "aclSubscribe", //$NON-NLS-1$
261: isPermitted(PentahoAclEntry.SUBSCRIBE) ? "true" : "false"); //$NON-NLS-1$ //$NON-NLS-2$
262:
263: }
264:
265: /**
266: * @return Returns the validPermissionsNameMap.
267: * This method is generally useful for UI work as it returns a Map
268: * of Permission atomic values (as Integer objects) keyed by a human
269: * readable permission name.
270: */
271: public static Map getValidPermissionsNameMap() {
272: return getValidPermissionsNameMap(PERMISSIONS_LIST_SOLUTIONS);
273: }
274:
275: /**
276: * @return Returns the validPermissionsNameMap.
277: * This method is generally useful for UI work as it returns a Map
278: * of Permission atomic values (as Integer objects) keyed by a human
279: * readable permission name.
280: * @param permissionsListType - The permissions list for solutions is different than that for other UIs
281: */
282: public static Map getValidPermissionsNameMap(
283: String permissionsListType) {
284: return (Map) validPermissionsNameMap.get(permissionsListType);
285: }
286:
287: }
|