001: /*******************************************************************************
002: * Licensed to the Apache Software Foundation (ASF) under one
003: * or more contributor license agreements. See the NOTICE file
004: * distributed with this work for additional information
005: * regarding copyright ownership. The ASF licenses this file
006: * to you under the Apache License, Version 2.0 (the
007: * "License"); you may not use this file except in compliance
008: * with the License. You may obtain a copy of the License at
009: *
010: * http://www.apache.org/licenses/LICENSE-2.0
011: *
012: * Unless required by applicable law or agreed to in writing,
013: * software distributed under the License is distributed on an
014: * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015: * KIND, either express or implied. See the License for the
016: * specific language governing permissions and limitations
017: * under the License.
018: *******************************************************************************/package org.ofbiz.service;
019:
020: import org.ofbiz.base.util.Debug;
021: import org.ofbiz.base.util.UtilMisc;
022: import org.ofbiz.entity.GenericDelegator;
023: import org.ofbiz.entity.GenericEntityException;
024: import org.ofbiz.entity.GenericValue;
025: import org.ofbiz.entity.util.EntityUtil;
026: import org.ofbiz.security.Security;
027:
028: import java.io.Serializable;
029: import java.util.List;
030: import java.util.Map;
031:
032: /**
033: * Service Permission Model Class
034: */
035: public class ModelPermission implements Serializable {
036:
037: public static final String module = ModelPermission.class.getName();
038:
039: public static final int PERMISSION = 1;
040: public static final int ENTITY_PERMISSION = 2;
041: public static final int ROLE_MEMBER = 3;
042:
043: public ModelService serviceModel = null;
044: public int permissionType = 0;
045: public String nameOrRole = null;
046: public String action = null;
047: public String clazz = null;
048:
049: public boolean evalPermission(DispatchContext dctx, Map context) {
050: GenericValue userLogin = (GenericValue) context
051: .get("userLogin");
052: Security security = dctx.getSecurity();
053: if (userLogin == null) {
054: Debug
055: .logInfo(
056: "Secure service requested with no userLogin object",
057: module);
058: return false;
059: }
060: switch (permissionType) {
061: case PERMISSION:
062: return evalSimplePermission(security, userLogin);
063: case ENTITY_PERMISSION:
064: return evalEntityPermission(security, userLogin);
065: case ROLE_MEMBER:
066: return evalRoleMember(userLogin);
067: default:
068: Debug.logWarning(
069: "Invalid permission type [" + permissionType
070: + "] for permission named : " + nameOrRole
071: + " on service : " + serviceModel.name,
072: module);
073: return false;
074: }
075: }
076:
077: private boolean evalSimplePermission(Security security,
078: GenericValue userLogin) {
079: if (nameOrRole == null) {
080: Debug.logWarning(
081: "Null permission name passed for evaluation",
082: module);
083: return false;
084: }
085: return security.hasPermission(nameOrRole, userLogin);
086: }
087:
088: private boolean evalEntityPermission(Security security,
089: GenericValue userLogin) {
090: if (nameOrRole == null) {
091: Debug.logWarning(
092: "Null permission name passed for evaluation",
093: module);
094: return false;
095: }
096: if (action == null) {
097: Debug.logWarning("Null action passed for evaluation",
098: module);
099: }
100: return security.hasEntityPermission(nameOrRole, action,
101: userLogin);
102: }
103:
104: private boolean evalRoleMember(GenericValue userLogin) {
105: if (nameOrRole == null) {
106: Debug
107: .logWarning(
108: "Null role type name passed for evaluation",
109: module);
110: return false;
111: }
112: GenericDelegator delegator = userLogin.getDelegator();
113: List partyRoles = null;
114: try {
115: partyRoles = delegator.findByAnd("PartyRole", UtilMisc
116: .toMap("roleTypeId", nameOrRole, "partyId",
117: userLogin.get("partyId")));
118: } catch (GenericEntityException e) {
119: Debug.logError(e, "Unable to lookup PartyRole records",
120: module);
121: }
122:
123: if (partyRoles != null && partyRoles.size() > 0) {
124: partyRoles = EntityUtil.filterByDate(partyRoles);
125: if (partyRoles != null && partyRoles.size() > 0) {
126: return true;
127: }
128: }
129: return false;
130: }
131: }
|