01: /*******************************************************************************
02: * Licensed to the Apache Software Foundation (ASF) under one
03: * or more contributor license agreements. See the NOTICE file
04: * distributed with this work for additional information
05: * regarding copyright ownership. The ASF licenses this file
06: * to you under the Apache License, Version 2.0 (the
07: * "License"); you may not use this file except in compliance
08: * with the License. You may obtain a copy of the License at
09: *
10: * http://www.apache.org/licenses/LICENSE-2.0
11: *
12: * Unless required by applicable law or agreed to in writing,
13: * software distributed under the License is distributed on an
14: * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15: * KIND, either express or implied. See the License for the
16: * specific language governing permissions and limitations
17: * under the License.
18: *******************************************************************************/package org.ofbiz.minilang.method.conditional;
19:
20: import org.ofbiz.base.util.UtilValidate;
21: import org.ofbiz.entity.GenericValue;
22: import org.ofbiz.minilang.SimpleMethod;
23: import org.ofbiz.minilang.method.MethodContext;
24: import org.ofbiz.security.Security;
25: import org.w3c.dom.Element;
26:
27: /**
28: * Implements compare to a constant condition.
29: */
30: public class HasPermissionCondition implements Conditional {
31:
32: SimpleMethod simpleMethod;
33:
34: String permission;
35: String action;
36:
37: public HasPermissionCondition(Element element,
38: SimpleMethod simpleMethod) {
39: this .simpleMethod = simpleMethod;
40:
41: this .permission = element.getAttribute("permission");
42: this .action = element.getAttribute("action");
43: }
44:
45: public boolean checkCondition(MethodContext methodContext) {
46: // only run subOps if element is empty/null
47: boolean runSubOps = false;
48:
49: // if no user is logged in, treat as if the user does not have permission: do not run subops
50: GenericValue userLogin = methodContext.getUserLogin();
51: if (userLogin != null) {
52: String permission = methodContext
53: .expandString(this .permission);
54: String action = methodContext.expandString(this .action);
55:
56: Security security = methodContext.getSecurity();
57: if (action != null && action.length() > 0) {
58: // run hasEntityPermission
59: if (security.hasEntityPermission(permission, action,
60: userLogin)) {
61: runSubOps = true;
62: }
63: } else {
64: // run hasPermission
65: if (security.hasPermission(permission, userLogin)) {
66: runSubOps = true;
67: }
68: }
69: }
70:
71: return runSubOps;
72: }
73:
74: public void prettyPrint(StringBuffer messageBuffer,
75: MethodContext methodContext) {
76: messageBuffer.append("has-permission[");
77: messageBuffer.append(this .permission);
78: if (UtilValidate.isNotEmpty(this .action)) {
79: messageBuffer.append(":");
80: messageBuffer.append(this .action);
81: }
82: messageBuffer.append("]");
83: }
84: }
|