001: package org.tigris.scarab.tools;
002:
003: /* ================================================================
004: * Copyright (c) 2000-2002 CollabNet. All rights reserved.
005: *
006: * Redistribution and use in source and binary forms, with or without
007: * modification, are permitted provided that the following conditions are
008: * met:
009: *
010: * 1. Redistributions of source code must retain the above copyright
011: * notice, this list of conditions and the following disclaimer.
012: *
013: * 2. Redistributions in binary form must reproduce the above copyright
014: * notice, this list of conditions and the following disclaimer in the
015: * documentation and/or other materials provided with the distribution.
016: *
017: * 3. The end-user documentation included with the redistribution, if
018: * any, must include the following acknowlegement: "This product includes
019: * software developed by Collab.Net <http://www.Collab.Net/>."
020: * Alternately, this acknowlegement may appear in the software itself, if
021: * and wherever such third-party acknowlegements normally appear.
022: *
023: * 4. The hosted project names must not be used to endorse or promote
024: * products derived from this software without prior written
025: * permission. For written permission, please contact info@collab.net.
026: *
027: * 5. Products derived from this software may not use the "Tigris" or
028: * "Scarab" names nor may "Tigris" or "Scarab" appear in their names without
029: * prior written permission of Collab.Net.
030: *
031: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
032: * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
033: * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
034: * IN NO EVENT SHALL COLLAB.NET OR ITS CONTRIBUTORS BE LIABLE FOR ANY
035: * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
036: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
037: * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
038: * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
039: * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
040: * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
041: * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
042: *
043: * ====================================================================
044: *
045: * This software consists of voluntary contributions made by many
046: * individuals on behalf of Collab.Net.
047: */
048:
049: import java.util.ArrayList;
050: import java.util.List;
051: import java.util.LinkedList;
052: import java.util.Iterator;
053: import java.io.Serializable;
054:
055: import org.apache.fulcrum.security.TurbineSecurity;
056: import org.apache.fulcrum.security.entity.Group;
057: import org.apache.fulcrum.security.entity.Permission;
058: import org.apache.fulcrum.security.util.RoleSet;
059: import org.apache.fulcrum.security.entity.Role;
060: import org.apache.fulcrum.security.util.AccessControlList;
061: import org.apache.fulcrum.security.util.DataBackendException;
062: import org.apache.fulcrum.security.util.UnknownEntityException;
063:
064: import org.apache.torque.util.Criteria;
065: import org.apache.torque.TorqueException;
066:
067: import org.apache.turbine.services.pull.ApplicationTool;
068:
069: import org.tigris.scarab.om.ScarabModule;
070: import org.tigris.scarab.om.ScarabUser;
071: import org.tigris.scarab.om.PendingGroupUserRolePeer;
072: import org.tigris.scarab.om.PendingGroupUserRole;
073: import org.tigris.scarab.om.Module;
074: import org.tigris.scarab.services.cache.ScarabCache;
075:
076: /**
077: * This scope is an object that is made available as a global
078: * object within the system to allow access to methods dealing
079: * with security (users, roles, permissions, etc).
080: * This object must be thread safe as multiple
081: * requests may access it at the same time. The object is made
082: * available in the context as: $securityAdmin
083: * <p>
084: * The design goals of the Scarab*API is to enable a <a
085: * href="http://jakarta.apache.org/turbine/pullmodel.html">pull based
086: * methodology</a> to be implemented.
087: *
088: * @author <a href="mailto:dr@bitonic.com">Douglas B. Robertson</a>
089: * @version $Id: SecurityAdminTool.java 10042 2006-04-11 11:28:39Z jorgeuriarte $
090: */
091: public class SecurityAdminTool implements ApplicationTool, Serializable {
092: private static final String HAS_REQUESTED_ROLE = "hasRequestedRole";
093:
094: private static final String GET_PENDING = "getPendingGroupUserRoles";
095:
096: public void init(Object data) {
097: }
098:
099: public void refresh() {
100: }
101:
102: /** Returns a User object retrieved by specifying the username.
103: *
104: * @param username the username of the user to retrieve
105: * @return the specified user, if found, or null otherwise
106: */
107: public ScarabUser getUserByUsername(String username)
108: throws Exception {
109: ScarabUser user = null;
110:
111: try {
112: user = (ScarabUser) TurbineSecurity.getUser(username);
113: } catch (UnknownEntityException uee) {
114: // FIXME are we sure we want to do nothing with these excetpions?
115: //if so, state it explicitly
116: } catch (DataBackendException dbe) {
117: }
118:
119: return user;
120: }
121:
122: /** Returns a Permission object retrieved by specifying the name of the permission.
123: *
124: * @param name the name of the permission to retrieve
125: * @return the specified Permission, if found, or null otherwise
126: */
127: public Permission getPermissionByName(String name) throws Exception {
128: Permission permission = null;
129: permission = TurbineSecurity.getPermission(name);
130:
131: return permission;
132: }
133:
134: /** Returns a Role object retrieved by specifying the name of the role.
135: *
136: * @param name the name of the role to retrieve
137: * @return the specified Role, if found, or null otherwise
138: */
139: public Role getRoleByName(String name) throws Exception {
140: Role role = null;
141: role = TurbineSecurity.getRole(name);
142:
143: return role;
144: }
145:
146: /**
147: * Gets a list of all Groups
148: */
149: public Group[] getGroups() throws Exception {
150: Group[] allModules = TurbineSecurity.getAllGroups()
151: .getGroupsArray();
152: return allModules;
153: }
154:
155: /**
156: * Gets a list of all Groups
157: */
158: public List getActiveScarabModules() throws Exception {
159: Group[] allModules = TurbineSecurity.getAllGroups()
160: .getGroupsArray();
161: List result = new LinkedList();
162: for (int index = 0; index < allModules.length; index++) {
163: if (allModules[index] instanceof ScarabModule) {
164: ScarabModule module = (ScarabModule) allModules[index];
165: if (!module.getDeleted()) {
166: result.add(module);
167: }
168: }
169: }
170: return result;
171: }
172:
173: /**
174: * Gets a list of active Groups in which the user does not have a current
175: * role and has not already requested a role.
176: */
177: public List getNonMemberGroups(ScarabUser user) throws Exception {
178: AccessControlList acl = user.getACL();
179: Group[] groups = TurbineSecurity.getAllGroups()
180: .getGroupsArray();
181: List nonmemberGroups = new LinkedList();
182: for (int i = 0; i < groups.length; i++) {
183: Module module = (Module) groups[i];
184: if (!module.isGlobalModule() && !module.getDeleted()) {
185: RoleSet roleSet = acl.getRoles(groups[i]);
186: if (roleSet == null || roleSet.size() == 0) {
187: boolean hasRole = false;
188: // need to check for already requested roles
189: Role[] roles = TurbineSecurity.getAllRoles()
190: .getRolesArray();
191: for (int j = 0; j < roles.length; j++) {
192: if (hasRequestedRole(user, roles[j], groups[i])) {
193: hasRole = true;
194: break;
195: }
196: }
197: if (!hasRole) {
198: nonmemberGroups.add(groups[i]);
199: }
200: }
201: }
202: }
203: return nonmemberGroups;
204: }
205:
206: public boolean hasRequestedRole(ScarabUser user, Role role,
207: Group group) throws TorqueException {
208: List result = null;
209: Object obj = ScarabCache.get(this , HAS_REQUESTED_ROLE, user);
210: if (obj == null) {
211: Criteria crit = new Criteria();
212: crit
213: .add(PendingGroupUserRolePeer.USER_ID, user
214: .getUserId());
215: result = PendingGroupUserRolePeer.doSelect(crit);
216: ScarabCache.put(result, this , HAS_REQUESTED_ROLE);
217: } else {
218: result = (List) obj;
219: }
220: boolean b = false;
221: Iterator iter = result.iterator();
222: while (iter.hasNext()) {
223: PendingGroupUserRole pmur = (PendingGroupUserRole) iter
224: .next();
225: if (pmur.getRoleName().equals(role.getName())
226: && ((Module) group).getModuleId().equals(
227: pmur.getGroupId())) {
228: b = true;
229: break;
230: }
231: }
232: return b;
233: }
234:
235: /**
236: * Gets a list of all Permissions
237: */
238: public Permission[] getPermissions() throws Exception {
239: return (TurbineSecurity.getAllPermissions()
240: .getPermissionsArray());
241: }
242:
243: /**
244: * Gets a list of all Permissions
245: */
246: public List getPermissionsAsStrings() throws Exception {
247: Permission[] allPerms = this .getPermissions();
248: List list = new ArrayList(allPerms.length);
249: for (int i = 0; i < allPerms.length; i++) {
250: list.add(allPerms[i].getName());
251: }
252: return list;
253: }
254:
255: /**
256: * Gets a list of all Roles.
257: */
258: public Role[] getRoles() throws Exception {
259: return TurbineSecurity.getAllRoles().getRolesArray();
260: }
261:
262: /**
263: * Gets a list of all Roles.
264: */
265: public List getNonRootRoles() throws Exception {
266: List nonRootRoles = new LinkedList();
267: Role[] roles = TurbineSecurity.getAllRoles().getRolesArray();
268: for (int i = 0; i < roles.length; i++) {
269: Role role = roles[i];
270: if (!role.getName().equals("Root")) {
271: nonRootRoles.add(role);
272: }
273: }
274: return nonRootRoles;
275: }
276:
277: public List getPendingGroupUserRoles(Module module)
278: throws TorqueException {
279: List result = null;
280: Object obj = ScarabCache.get(this , GET_PENDING, module);
281: if (obj == null) {
282: Criteria crit = new Criteria();
283: crit.add(PendingGroupUserRolePeer.GROUP_ID, module
284: .getModuleId());
285: result = PendingGroupUserRolePeer.doSelect(crit);
286: ScarabCache.put(result, this , GET_PENDING);
287: } else {
288: result = (List) obj;
289: }
290: return result;
291: }
292:
293: }
|