01: /*
02: * Copyright 2004 Outerthought bvba and Schaubroeck nv
03: *
04: * Licensed under the Apache License, Version 2.0 (the "License");
05: * you may not use this file except in compliance with the License.
06: * You may obtain a copy of the License at
07: *
08: * http://www.apache.org/licenses/LICENSE-2.0
09: *
10: * Unless required by applicable law or agreed to in writing, software
11: * distributed under the License is distributed on an "AS IS" BASIS,
12: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13: * See the License for the specific language governing permissions and
14: * limitations under the License.
15: */
16: package org.outerj.daisy.books.store.impl;
17:
18: import org.outerj.daisy.books.store.BookAcl;
19: import org.outerj.daisy.books.store.BookAclEntry;
20: import org.outerj.daisy.books.store.BookAclSubjectType;
21: import org.outerj.daisy.books.store.BookAclActionType;
22: import org.outerj.daisy.repository.user.Role;
23:
24: public class BookAclEvaluator {
25: public static AclResult evaluate(BookAcl acl, long userId,
26: long[] activeRoleIds) {
27: if (hasRole(activeRoleIds, Role.ADMINISTRATOR)) {
28: return new AclResult(true, true);
29: }
30:
31: boolean canRead = false;
32: boolean canManage = false;
33:
34: BookAclEntry[] entries = acl.getEntries();
35: for (BookAclEntry entry : entries) {
36: BookAclSubjectType subjectType = entry.getSubjectType();
37: long subjectValue = entry.getSubjectValue();
38: boolean subjectMatch = (subjectType == BookAclSubjectType.EVERYONE)
39: || (subjectType == BookAclSubjectType.USER && subjectValue == userId)
40: || (subjectType == BookAclSubjectType.ROLE && hasRole(
41: activeRoleIds, subjectValue));
42: if (subjectMatch) {
43: if (entry.getReadPermission() != BookAclActionType.NOTHING)
44: canRead = entry.getReadPermission() == BookAclActionType.GRANT;
45: if (entry.getManagePermission() != BookAclActionType.NOTHING)
46: canManage = entry.getManagePermission() == BookAclActionType.GRANT;
47: }
48: }
49:
50: if (!canRead)
51: canManage = false;
52:
53: return new AclResult(canRead, canManage);
54: }
55:
56: private static boolean hasRole(long[] roles, long searchedRole) {
57: for (long role : roles) {
58: if (role == searchedRole)
59: return true;
60: }
61: return false;
62: }
63: }
|