001: package org.apache.turbine.util.security;
002:
003: /*
004: * Copyright 2001-2005 The Apache Software Foundation.
005: *
006: * Licensed under the Apache License, Version 2.0 (the "License")
007: * you may not use this file except in compliance with the License.
008: * You may obtain a copy of the License at
009: *
010: * http://www.apache.org/licenses/LICENSE-2.0
011: *
012: * Unless required by applicable law or agreed to in writing, software
013: * distributed under the License is distributed on an "AS IS" BASIS,
014: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015: * See the License for the specific language governing permissions and
016: * limitations under the License.
017: */
018:
019: import java.util.Iterator;
020: import java.util.Map;
021:
022: import org.apache.turbine.om.security.Group;
023: import org.apache.turbine.om.security.Permission;
024: import org.apache.turbine.om.security.Role;
025: import org.apache.turbine.services.security.TurbineSecurity;
026:
027: /**
028: * This is a control class that makes it easy to find out if a
029: * particular User has a given Permission. It also determines if a
030: * User has a a particular Role.
031: *
032: * @author <a href="mailto:jmcnally@collab.net">John D. McNally</a>
033: * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
034: * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a>
035: * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
036: * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
037: * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a>
038: * @version $Id: TurbineAccessControlList.java 278822 2005-09-05 19:53:05Z henning $
039: */
040: public class TurbineAccessControlList implements AccessControlList {
041: /** Serial Version UID */
042: private static final long serialVersionUID = 2678947159949477950L;
043:
044: /** The sets of roles that the user has in different groups */
045: private Map roleSets;
046:
047: /** The sets of permissions that the user has in different groups */
048: private Map permissionSets;
049:
050: /** The name of this ACL. Needed for the SecurityEntity Interface */
051: private String name;
052:
053: /**
054: * Constructs a new AccessControlList.
055: *
056: * This class follows 'immutable' pattern - it's objects can't be modified
057: * once they are created. This means that the permissions the users have are
058: * in effect form the moment they log in to the moment they log out, and
059: * changes made to the security settings in that time are not reflected
060: * in the state of this object. If you need to reset an user's permissions
061: * you need to invalidate his session. <br>
062: * The objects that constructs an AccessControlList must supply hashtables
063: * of role/permission sets keyed with group objects. <br>
064: *
065: * @param roleSets a hashtable containing RoleSet objects keyed with Group objects
066: * @param permissionSets a hashtable containing PermissionSet objects keyed with Group objects
067: */
068: public TurbineAccessControlList(Map roleSets, Map permissionSets) {
069: this .roleSets = roleSets;
070: this .permissionSets = permissionSets;
071: }
072:
073: /**
074: * Returns the name of this ACL.
075: *
076: * @return The ACL Name
077: *
078: */
079: public String getName() {
080: return this .name;
081: }
082:
083: /**
084: * Sets the name of this ACL.
085: *
086: * @param name The new ACL name.
087: *
088: */
089: public void setName(String name) {
090: this .name = name;
091: }
092:
093: /**
094: * Retrieves a set of Roles an user is assigned in a Group.
095: *
096: * @param group the Group
097: * @return the set of Roles this user has within the Group.
098: */
099: public RoleSet getRoles(Group group) {
100: if (group == null) {
101: return null;
102: }
103: return (RoleSet) roleSets.get(group);
104: }
105:
106: /**
107: * Retrieves a set of Roles an user is assigned in the global Group.
108: *
109: * @return the set of Roles this user has within the global Group.
110: */
111: public RoleSet getRoles() {
112: return getRoles(TurbineSecurity.getGlobalGroup());
113: }
114:
115: /**
116: * Retrieves a set of Permissions an user is assigned in a Group.
117: *
118: * @param group the Group
119: * @return the set of Permissions this user has within the Group.
120: */
121: public PermissionSet getPermissions(Group group) {
122: if (group == null) {
123: return null;
124: }
125: return (PermissionSet) permissionSets.get(group);
126: }
127:
128: /**
129: * Retrieves a set of Permissions an user is assigned in the global Group.
130: *
131: * @return the set of Permissions this user has within the global Group.
132: */
133: public PermissionSet getPermissions() {
134: return getPermissions(TurbineSecurity.getGlobalGroup());
135: }
136:
137: /**
138: * Checks if the user is assigned a specific Role in the Group.
139: *
140: * @param role the Role
141: * @param group the Group
142: * @return <code>true</code> if the user is assigned the Role in the Group.
143: */
144: public boolean hasRole(Role role, Group group) {
145: RoleSet set = getRoles(group);
146: if (set == null || role == null) {
147: return false;
148: }
149: return set.contains(role);
150: }
151:
152: /**
153: * Checks if the user is assigned a specific Role in any of the given
154: * Groups
155: *
156: * @param role the Role
157: * @param groupset a Groupset
158: * @return <code>true</code> if the user is assigned the Role in any of
159: * the given Groups.
160: */
161: public boolean hasRole(Role role, GroupSet groupset) {
162: if (role == null) {
163: return false;
164: }
165: for (Iterator groups = groupset.iterator(); groups.hasNext();) {
166: Group group = (Group) groups.next();
167: RoleSet roles = getRoles(group);
168: if (roles != null) {
169: if (roles.contains(role)) {
170: return true;
171: }
172: }
173: }
174: return false;
175: }
176:
177: /**
178: * Checks if the user is assigned a specific Role in the Group.
179: *
180: * @param role the Role
181: * @param group the Group
182: * @return <code>true</code> if the user is assigned the Role in the Group.
183: */
184: public boolean hasRole(String role, String group) {
185: try {
186: return hasRole(TurbineSecurity.getRoleByName(role),
187: TurbineSecurity.getGroupByName(group));
188: } catch (Exception e) {
189: return false;
190: }
191: }
192:
193: /**
194: * Checks if the user is assigned a specifie Role in any of the given
195: * Groups
196: *
197: * @param rolename the name of the Role
198: * @param groupset a Groupset
199: * @return <code>true</code> if the user is assigned the Role in any of
200: * the given Groups.
201: */
202: public boolean hasRole(String rolename, GroupSet groupset) {
203: Role role;
204: try {
205: role = TurbineSecurity.getRoleByName(rolename);
206: } catch (TurbineSecurityException e) {
207: return false;
208: }
209: if (role == null) {
210: return false;
211: }
212: for (Iterator groups = groupset.iterator(); groups.hasNext();) {
213: Group group = (Group) groups.next();
214: RoleSet roles = getRoles(group);
215: if (roles != null) {
216: if (roles.contains(role)) {
217: return true;
218: }
219: }
220: }
221: return false;
222: }
223:
224: /**
225: * Checks if the user is assigned a specific Role in the global Group.
226: *
227: * @param role the Role
228: * @return <code>true</code> if the user is assigned the Role in the global Group.
229: */
230: public boolean hasRole(Role role) {
231: return hasRole(role, TurbineSecurity.getGlobalGroup());
232: }
233:
234: /**
235: * Checks if the user is assigned a specific Role in the global Group.
236: *
237: * @param role the Role
238: * @return <code>true</code> if the user is assigned the Role in the global Group.
239: */
240: public boolean hasRole(String role) {
241: try {
242: return hasRole(TurbineSecurity.getRoleByName(role));
243: } catch (Exception e) {
244: return false;
245: }
246: }
247:
248: /**
249: * Checks if the user is assigned a specific Permission in the Group.
250: *
251: * @param permission the Permission
252: * @param group the Group
253: * @return <code>true</code> if the user is assigned the Permission in the Group.
254: */
255: public boolean hasPermission(Permission permission, Group group) {
256: PermissionSet set = getPermissions(group);
257: if (set == null || permission == null) {
258: return false;
259: }
260: return set.contains(permission);
261: }
262:
263: /**
264: * Checks if the user is assigned a specific Permission in any of the given
265: * Groups
266: *
267: * @param permission the Permission
268: * @param groupset a Groupset
269: * @return <code>true</code> if the user is assigned the Permission in any
270: * of the given Groups.
271: */
272: public boolean hasPermission(Permission permission,
273: GroupSet groupset) {
274: if (permission == null) {
275: return false;
276: }
277: for (Iterator groups = groupset.iterator(); groups.hasNext();) {
278: Group group = (Group) groups.next();
279: PermissionSet permissions = getPermissions(group);
280: if (permissions != null) {
281: if (permissions.contains(permission)) {
282: return true;
283: }
284: }
285: }
286: return false;
287: }
288:
289: /**
290: * Checks if the user is assigned a specific Permission in the Group.
291: *
292: * @param permission the Permission
293: * @param group the Group
294: * @return <code>true</code> if the user is assigned the Permission in the Group.
295: */
296: public boolean hasPermission(String permission, String group) {
297: try {
298: return hasPermission(TurbineSecurity
299: .getPermissionByName(permission), TurbineSecurity
300: .getGroupByName(group));
301: } catch (Exception e) {
302: return false;
303: }
304: }
305:
306: /**
307: * Checks if the user is assigned a specific Permission in the Group.
308: *
309: * @param permission the Permission
310: * @param group the Group
311: * @return <code>true</code> if the user is assigned the Permission in the Group.
312: */
313: public boolean hasPermission(String permission, Group group) {
314: try {
315: return hasPermission(TurbineSecurity
316: .getPermissionByName(permission), group);
317: } catch (Exception e) {
318: return false;
319: }
320: }
321:
322: /**
323: * Checks if the user is assigned a specifie Permission in any of the given
324: * Groups
325: *
326: * @param permissionName the name of the Permission
327: * @param groupset a Groupset
328: * @return <code>true</code> if the user is assigned the Permission in any
329: * of the given Groups.
330: */
331: public boolean hasPermission(String permissionName,
332: GroupSet groupset) {
333: Permission permission;
334: try {
335: permission = TurbineSecurity
336: .getPermissionByName(permissionName);
337: } catch (TurbineSecurityException e) {
338: return false;
339: }
340: if (permission == null) {
341: return false;
342: }
343: for (Iterator groups = groupset.iterator(); groups.hasNext();) {
344: Group group = (Group) groups.next();
345: PermissionSet permissions = getPermissions(group);
346: if (permissions != null) {
347: if (permissions.contains(permission)) {
348: return true;
349: }
350: }
351: }
352: return false;
353: }
354:
355: /**
356: * Checks if the user is assigned a specific Permission in the global Group.
357: *
358: * @param permission the Permission
359: * @return <code>true</code> if the user is assigned the Permission in the global Group.
360: */
361: public boolean hasPermission(Permission permission) {
362: return hasPermission(permission, TurbineSecurity
363: .getGlobalGroup());
364: }
365:
366: /**
367: * Checks if the user is assigned a specific Permission in the global Group.
368: *
369: * @param permission the Permission
370: * @return <code>true</code> if the user is assigned the Permission in the global Group.
371: */
372: public boolean hasPermission(String permission) {
373: try {
374: return hasPermission(TurbineSecurity
375: .getPermissionByName(permission));
376: } catch (Exception e) {
377: return false;
378: }
379: }
380:
381: /**
382: * Returns all groups definded in the system.
383: *
384: * This is useful for debugging, when you want to display all roles
385: * and permissions an user is assingned. This method is needed
386: * because you can't call static methods of TurbineSecurity class
387: * from within WebMacro/Velocity template
388: *
389: * @return A Group [] of all groups in the system.
390: */
391: public Group[] getAllGroups() {
392: try {
393: return TurbineSecurity.getAllGroups().getGroupsArray();
394: } catch (TurbineSecurityException e) {
395: return new Group[0];
396: }
397: }
398: }
|