001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017: package org.apache.wicket.authorization.strategies.role.metadata;
018:
019: import java.util.HashMap;
020: import java.util.Map;
021:
022: import org.apache.wicket.IClusterable;
023: import org.apache.wicket.authorization.Action;
024: import org.apache.wicket.authorization.strategies.role.Roles;
025:
026: /**
027: * For each Action, holds a set of roles that can perform that action. Roles can
028: * be granted access to a given action via authorize(Action, String role) and
029: * denied access via unauthorize(Action, String role). All permissions can be
030: * removed for a given action via authorizeAll(Action).
031: *
032: * @author Eelco Hillenius
033: * @author Jonathan Locke
034: */
035: final class ActionPermissions implements IClusterable {
036: private static final long serialVersionUID = 1L;
037:
038: /** Map from an action to a set of role strings */
039: private final Map<Action, Roles> rolesForAction = new HashMap<Action, Roles>();
040:
041: /**
042: * Gives permission for the given roles to perform the given action
043: *
044: * @param action
045: * The action
046: * @param rolesToAdd
047: * The roles
048: */
049: public final void authorize(final Action action,
050: final Roles rolesToAdd) {
051: if (action == null) {
052: throw new IllegalArgumentException(
053: "Argument action cannot be null");
054: }
055:
056: if (rolesToAdd == null) {
057: throw new IllegalArgumentException(
058: "Argument rolesToAdd cannot be null");
059: }
060:
061: Roles roles = rolesForAction.get(action);
062: if (roles == null) {
063: roles = new Roles();
064: rolesForAction.put(action, roles);
065: }
066: roles.addAll(rolesToAdd);
067: }
068:
069: /**
070: * Remove all authorization for the given action.
071: *
072: * @param action
073: * The action to clear
074: */
075: public final void authorizeAll(final Action action) {
076: if (action == null) {
077: throw new IllegalArgumentException(
078: "Argument action cannot be null");
079: }
080:
081: rolesForAction.remove(action);
082: }
083:
084: /**
085: * Gets the roles that have a binding for the given action.
086: *
087: * @param action
088: * The action
089: * @return The roles authorized for the given action
090: */
091: public final Roles rolesFor(final Action action) {
092: if (action == null) {
093: throw new IllegalArgumentException(
094: "Argument action cannot be null");
095: }
096:
097: return rolesForAction.get(action);
098: }
099:
100: /**
101: * Remove the given authorized role from an action.
102: *
103: * @param action
104: * The action
105: * @param rolesToRemove
106: * The comma separated list of roles to remove
107: */
108: public final void unauthorize(final Action action,
109: final Roles rolesToRemove) {
110: if (action == null) {
111: throw new IllegalArgumentException(
112: "Argument action cannot be null");
113: }
114:
115: if (rolesToRemove == null) {
116: throw new IllegalArgumentException(
117: "Argument rolesToRemove cannot be null");
118: }
119:
120: Roles roles = rolesForAction.get(action);
121: if (roles != null) {
122: roles.removeAll(rolesToRemove);
123: }
124:
125: // If we removed the last authorized role, we authorize the empty role
126: // so that removing authorization can't suddenly open something up to
127: // everyone.
128: if (roles.size() == 0) {
129: roles.add(MetaDataRoleAuthorizationStrategy.NO_ROLE);
130: }
131: }
132: }
|