001: /*
002: * $Id: OFBizSecurity.java,v 1.5 2004/01/15 09:12:32 jonesde Exp $
003: *
004: * Copyright (c) 2001, 2002 The Open For Business Project - www.ofbiz.org
005: *
006: * Permission is hereby granted, free of charge, to any person obtaining a
007: * copy of this software and associated documentation files (the "Software"),
008: * to deal in the Software without restriction, including without limitation
009: * the rights to use, copy, modify, merge, publish, distribute, sublicense,
010: * and/or sell copies of the Software, and to permit persons to whom the
011: * Software is furnished to do so, subject to the following conditions:
012: *
013: * The above copyright notice and this permission notice shall be included
014: * in all copies or substantial portions of the Software.
015: *
016: * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
017: * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
018: * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
019: * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
020: * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
021: * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
022: * THE USE OR OTHER DEALINGS IN THE SOFTWARE.
023: *
024: */
025: package org.ofbiz.security;
026:
027: import java.util.ArrayList;
028: import java.util.Iterator;
029: import java.util.LinkedList;
030: import java.util.List;
031: import java.util.Map;
032:
033: import javax.servlet.http.HttpSession;
034:
035: import org.ofbiz.base.util.Debug;
036: import org.ofbiz.base.util.UtilMisc;
037: import org.ofbiz.entity.GenericDelegator;
038: import org.ofbiz.entity.GenericEntityException;
039: import org.ofbiz.entity.GenericValue;
040: import org.ofbiz.entity.condition.EntityCondition;
041: import org.ofbiz.entity.condition.EntityConditionList;
042: import org.ofbiz.entity.condition.EntityExpr;
043: import org.ofbiz.entity.condition.EntityOperator;
044: import org.ofbiz.entity.util.EntityUtil;
045:
046: /**
047: * <code>OFBizSecurity</code>
048: * This class has not been altered from the original source. It now just extends Security and was therefore renamed to
049: * OFBizSecurity.
050: *
051: * @author <a href="mailto:jonesde@ofbiz.org">David E. Jones</a>
052: * @author <a href="mailto:hermanns@aixcept.de">Rainer Hermanns</a>
053: * @author <a href="mailto:jaz@ofbiz.org">Andy Zeneski</a>
054: * @version $Revision: 1.5 $
055: * @since 2.0
056: */
057: public class OFBizSecurity extends org.ofbiz.security.Security {
058:
059: public static final String module = OFBizSecurity.class.getName();
060:
061: public static final Map simpleRoleEntity = UtilMisc.toMap(
062: "ORDERMGR", UtilMisc.toMap("name", "OrderRole", "pkey",
063: "orderId"), "FACILITY", UtilMisc.toMap("name",
064: "FacilityRole", "pkey", "facilityId"), "MARKETING",
065: UtilMisc.toMap("name", "MarketingCampaignRole", "pkey",
066: "marketingCampaignId"));
067:
068: GenericDelegator delegator = null;
069:
070: protected OFBizSecurity() {
071: }
072:
073: protected OFBizSecurity(GenericDelegator delegator) {
074: this .delegator = delegator;
075: }
076:
077: public GenericDelegator getDelegator() {
078: return delegator;
079: }
080:
081: public void setDelegator(GenericDelegator delegator) {
082: this .delegator = delegator;
083: }
084:
085: /**
086: * @see org.ofbiz.security.Security#findUserLoginSecurityGroupByUserLoginId(java.lang.String)
087: */
088: public Iterator findUserLoginSecurityGroupByUserLoginId(
089: String userLoginId) {
090: List collection = (List) userLoginSecurityGroupByUserLoginId
091: .get(userLoginId);
092:
093: if (collection == null) {
094: try {
095: collection = delegator.findByAnd(
096: "UserLoginSecurityGroup", UtilMisc.toMap(
097: "userLoginId", userLoginId), null);
098: } catch (GenericEntityException e) {
099: Debug.logWarning(e, module);
100: }
101: // make an empty collection to speed up the case where a userLogin belongs to no security groups
102: if (collection == null)
103: collection = new LinkedList();
104: userLoginSecurityGroupByUserLoginId.put(userLoginId,
105: collection);
106: }
107: // filter each time after cache retreival, ie cache will contain entire list
108: collection = EntityUtil.filterByDate(collection, true);
109: return collection.iterator();
110: }
111:
112: /**
113: * @see org.ofbiz.security.Security#securityGroupPermissionExists(java.lang.String, java.lang.String)
114: */
115: public boolean securityGroupPermissionExists(String groupId,
116: String permission) {
117: GenericValue securityGroupPermissionValue = delegator
118: .makeValue("SecurityGroupPermission", UtilMisc.toMap(
119: "groupId", groupId, "permissionId", permission));
120: Boolean exists = (Boolean) securityGroupPermissionCache
121: .get(securityGroupPermissionValue);
122:
123: if (exists == null) {
124: try {
125: if (delegator
126: .findByPrimaryKey(securityGroupPermissionValue
127: .getPrimaryKey()) != null)
128: exists = Boolean.TRUE;
129: else
130: exists = Boolean.FALSE;
131: } catch (GenericEntityException e) {
132: exists = Boolean.FALSE;
133: Debug.logWarning(e, module);
134: }
135: securityGroupPermissionCache.put(
136: securityGroupPermissionValue, exists);
137: }
138: return exists.booleanValue();
139: }
140:
141: /**
142: * @see org.ofbiz.security.Security#hasPermission(java.lang.String, javax.servlet.http.HttpSession)
143: */
144: public boolean hasPermission(String permission, HttpSession session) {
145: GenericValue userLogin = (GenericValue) session
146: .getAttribute("userLogin");
147:
148: if (userLogin == null)
149: return false;
150:
151: return hasPermission(permission, userLogin);
152: }
153:
154: /**
155: * @see org.ofbiz.security.Security#hasPermission(java.lang.String, org.ofbiz.entity.GenericValue)
156: */
157: public boolean hasPermission(String permission,
158: GenericValue userLogin) {
159: if (userLogin == null)
160: return false;
161:
162: Iterator iterator = findUserLoginSecurityGroupByUserLoginId(userLogin
163: .getString("userLoginId"));
164: GenericValue userLoginSecurityGroup = null;
165:
166: while (iterator.hasNext()) {
167: userLoginSecurityGroup = (GenericValue) iterator.next();
168: if (securityGroupPermissionExists(userLoginSecurityGroup
169: .getString("groupId"), permission))
170: return true;
171: }
172:
173: return false;
174: }
175:
176: /**
177: * @see org.ofbiz.security.Security#hasEntityPermission(java.lang.String, java.lang.String, javax.servlet.http.HttpSession)
178: */
179: public boolean hasEntityPermission(String entity, String action,
180: HttpSession session) {
181: GenericValue userLogin = (GenericValue) session
182: .getAttribute("userLogin");
183:
184: if (userLogin == null)
185: return false;
186: return hasEntityPermission(entity, action, userLogin);
187: }
188:
189: /**
190: * @see org.ofbiz.security.Security#hasEntityPermission(java.lang.String, java.lang.String, org.ofbiz.entity.GenericValue)
191: */
192: public boolean hasEntityPermission(String entity, String action,
193: GenericValue userLogin) {
194: if (userLogin == null)
195: return false;
196:
197: // if (Debug.infoOn()) Debug.logInfo("hasEntityPermission: entity=" + entity + ", action=" + action, module);
198: Iterator iterator = findUserLoginSecurityGroupByUserLoginId(userLogin
199: .getString("userLoginId"));
200: GenericValue userLoginSecurityGroup = null;
201:
202: while (iterator.hasNext()) {
203: userLoginSecurityGroup = (GenericValue) iterator.next();
204:
205: // if (Debug.infoOn()) Debug.logInfo("hasEntityPermission: userLoginSecurityGroup=" + userLoginSecurityGroup.toString(), module);
206:
207: // always try _ADMIN first so that it will cache first, keeping the cache smaller
208: if (securityGroupPermissionExists(userLoginSecurityGroup
209: .getString("groupId"), entity + "_ADMIN"))
210: return true;
211: if (securityGroupPermissionExists(userLoginSecurityGroup
212: .getString("groupId"), entity + action))
213: return true;
214: }
215:
216: return false;
217: }
218:
219: /**
220: * @see org.ofbiz.security.Security#hasRolePermission(java.lang.String, java.lang.String, java.lang.String, java.lang.String, javax.servlet.http.HttpSession)
221: */
222: public boolean hasRolePermission(String application, String action,
223: String primaryKey, String role, HttpSession session) {
224: GenericValue userLogin = (GenericValue) session
225: .getAttribute("userLogin");
226: return hasRolePermission(application, action, primaryKey, role,
227: userLogin);
228: }
229:
230: /**
231: * @see org.ofbiz.security.Security#hasRolePermission(java.lang.String, java.lang.String, java.lang.String, java.lang.String, org.ofbiz.entity.GenericValue)
232: */
233: public boolean hasRolePermission(String application, String action,
234: String primaryKey, String role, GenericValue userLogin) {
235: List roles = null;
236: if (role != null && !role.equals(""))
237: roles = UtilMisc.toList(role);
238: return hasRolePermission(application, action, primaryKey,
239: roles, userLogin);
240: }
241:
242: /**
243: * @see org.ofbiz.security.Security#hasRolePermission(java.lang.String, java.lang.String, java.lang.String, java.util.List, javax.servlet.http.HttpSession)
244: */
245: public boolean hasRolePermission(String application, String action,
246: String primaryKey, List roles, HttpSession session) {
247: GenericValue userLogin = (GenericValue) session
248: .getAttribute("userLogin");
249: return hasRolePermission(application, action, primaryKey,
250: roles, userLogin);
251: }
252:
253: /**
254: * @see org.ofbiz.security.Security#hasRolePermission(java.lang.String, java.lang.String, java.lang.String, java.util.List, org.ofbiz.entity.GenericValue)
255: */
256: public boolean hasRolePermission(String application, String action,
257: String primaryKey, List roles, GenericValue userLogin) {
258: String entityName = null;
259: EntityCondition condition = null;
260:
261: if (userLogin == null)
262: return false;
263:
264: // quick test for special cases where were just want to check the permission (find screens)
265: if (primaryKey.equals("") && roles == null) {
266: if (hasEntityPermission(application, action, userLogin))
267: return true;
268: if (hasEntityPermission(application + "_ROLE", action,
269: userLogin))
270: return true;
271: }
272:
273: Map simpleRoleMap = (Map) OFBizSecurity.simpleRoleEntity
274: .get(application);
275: if (simpleRoleMap != null && roles != null) {
276: entityName = (String) simpleRoleMap.get("name");
277: String pkey = (String) simpleRoleMap.get("pkey");
278: if (pkey != null) {
279: List expressions = new ArrayList();
280: Iterator i = roles.iterator();
281: while (i.hasNext()) {
282: String role = (String) i.next();
283: expressions.add(new EntityExpr("roleTypeId",
284: EntityOperator.EQUALS, role));
285: }
286: EntityConditionList exprList = new EntityConditionList(
287: expressions, EntityOperator.OR);
288: EntityExpr keyExpr = new EntityExpr(pkey,
289: EntityOperator.EQUALS, primaryKey);
290: EntityExpr partyExpr = new EntityExpr("partyId",
291: EntityOperator.EQUALS, userLogin
292: .getString("partyId"));
293: List joinList = UtilMisc.toList(exprList, keyExpr,
294: partyExpr);
295: condition = new EntityConditionList(joinList,
296: EntityOperator.AND);
297: }
298:
299: }
300:
301: return hasRolePermission(application, action, entityName,
302: condition, userLogin);
303: }
304:
305: /**
306: * Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified
307: * general administration permission, but also checks action_ROLE and validates the user is a member for the
308: * application.
309: *
310: * @param application The name of the application corresponding to the desired permission.
311: * @param action The action on the application corresponding to the desired permission.
312: * @param entityName The name of the role entity to use for validation.
313: * @param fields Map of primary key fields to lookup in entityName.
314: * @param userLogin The userLogin object for user to check against.
315: * @return Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
316: */
317: public boolean hasRolePermission(String application, String action,
318: String entityName, EntityCondition condition,
319: GenericValue userLogin) {
320: if (userLogin == null)
321: return false;
322:
323: // first check the standard permission
324: if (hasEntityPermission(application, action, userLogin))
325: return true;
326:
327: // make sure we have what's needed for role security
328: if (entityName == null || condition == null)
329: return false;
330:
331: // now check the user for the role permission
332: if (hasEntityPermission(application + "_ROLE", action,
333: userLogin)) {
334: // we have the permission now, we check to make sure we are allowed access
335: List roleTest = null;
336: try {
337: //Debug.logInfo("Doing Role Security Check on [" + entityName + "]" + "using [" + condition + "]", module);
338: roleTest = delegator.findByCondition(entityName,
339: condition, null, null);
340: } catch (GenericEntityException e) {
341: Debug.logError(e,
342: "Problems doing role security lookup on entity ["
343: + entityName + "] using [" + condition
344: + "]", module);
345: return false;
346: }
347:
348: // if we pass all tests
349: //Debug.logInfo("Found (" + (roleTest == null ? 0 : roleTest.size()) + ") matches :: " + roleTest, module);
350: if (roleTest != null && roleTest.size() > 0)
351: return true;
352: }
353:
354: return false;
355: }
356:
357: }
|