001: package com.technoetic.xplanner.tags;
002:
003: import com.technoetic.xplanner.domain.Project;
004: import com.technoetic.xplanner.security.SecurityHelper;
005: import com.technoetic.xplanner.security.auth.AuthorizationHelper;
006: import com.technoetic.xplanner.tags.db.DatabaseTagSupport;
007: import net.sf.hibernate.Session;
008: import org.apache.commons.lang.StringUtils;
009: import org.apache.struts.util.RequestUtils;
010:
011: import javax.servlet.http.HttpServletRequest;
012: import javax.servlet.jsp.JspException;
013: import java.util.Collection;
014:
015: public class IsUserAuthorizedTag extends DatabaseTagSupport {
016: private int projectId;
017: private int principalId;
018: private Object object;
019: private String name;
020: private String property;
021: private String resourceType;
022: private int resourceId;
023: private String permission;
024: private int allowedUser;
025: private boolean negate;
026:
027: public int doStartTag() throws JspException {
028: boolean skipBody = true;
029: try {
030: if (allowedUser != 0
031: && allowedUser == SecurityHelper
032: .getRemoteUserId((HttpServletRequest) pageContext
033: .getRequest())) {
034: skipBody = false;
035: } else {
036: Session session;
037: int projectId = getProjectId();
038: session = getSession();
039: skipBody = AuthorizationHelper.hasPermission(projectId,
040: principalId, resourceId, resourceType,
041: permission, getResource(), pageContext
042: .getRequest());
043: if (skipBody == true && projectId == 0) {
044: // Has permission for any...
045: Collection projects = session
046: .find("from project in " + Project.class);
047: skipBody = AuthorizationHelper.hasPermissionToAny(
048: new String[] { permission }, projects,
049: pageContext.getRequest());
050: }
051: }
052: } catch (Exception e) {
053: throw new JspException(e);
054: }
055: return (negate ? !skipBody : skipBody) ? SKIP_BODY
056: : EVAL_BODY_INCLUDE;
057: }
058:
059: private Object getResource() throws JspException {
060: Object resource = object;
061: if (object instanceof String) {
062: resource = pageContext.findAttribute((String) object);
063: }
064: if (resource == null && name != null) {
065: resource = RequestUtils.lookup(pageContext, name, property,
066: null);
067: }
068: if (resource == null) {
069: resource = pageContext.findAttribute("project");
070: }
071: if (resource == null && resourceType == null) {
072: throw new JspException(
073: "object or resource type/id must be specified");
074: }
075: return resource;
076: }
077:
078: private int getProjectId() throws JspException {
079: if (projectId != 0) {
080: return projectId;
081: }
082: DomainContext context = DomainContext.get(pageContext
083: .getRequest());
084: if (context != null && context.getProjectId() != 0) {
085: return context.getProjectId();
086: }
087: if (object instanceof Project) {
088: return ((Project) object).getId();
089: }
090: String id = pageContext.getRequest().getParameter("projectId");
091: if (!StringUtils.isEmpty(id)) {
092: return Integer.parseInt(id);
093: }
094: Object resource = getResource();
095: if (resource instanceof Project) {
096: return ((Project) resource).getId();
097: }
098: return 0;
099: }
100:
101: public void release() {
102: projectId = 0;
103: principalId = 0;
104: resourceType = null;
105: resourceId = 0;
106: permission = null;
107: object = null;
108: name = null;
109: property = null;
110: super .release();
111: }
112:
113: public void setNegate(boolean negate) {
114: this .negate = negate;
115: }
116:
117: public boolean isNegate() {
118: return negate;
119: }
120:
121: public void setPrincipalId(int principalId) {
122: this .principalId = principalId;
123: }
124:
125: public void setResourceType(String resourceType) {
126: this .resourceType = resourceType;
127: }
128:
129: public void setResourceId(int resourceId) {
130: this .resourceId = resourceId;
131: }
132:
133: public void setPermission(String permission) {
134: this .permission = permission;
135: }
136:
137: public void setObject(Object object) {
138: this .object = object;
139: }
140:
141: public void setProjectId(int projectId) {
142: this .projectId = projectId;
143: }
144:
145: public void setName(String name) {
146: this .name = name;
147: }
148:
149: public void setProperty(String property) {
150: this .property = property;
151: }
152:
153: public void setAllowedUser(int allowedUser) {
154: this.allowedUser = allowedUser;
155: }
156: }
|