1 package org.apache.turbine.util.security;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 import java.util.Iterator;
20 import java.util.Map;
21
22 import org.apache.turbine.om.security.Group;
23 import org.apache.turbine.om.security.Permission;
24 import org.apache.turbine.om.security.Role;
25 import org.apache.turbine.services.security.TurbineSecurity;
26
27 /***
28 * This is a control class that makes it easy to find out if a
29 * particular User has a given Permission. It also determines if a
30 * User has a a particular Role.
31 *
32 * @author <a href="mailto:jmcnally@collab.net">John D. McNally</a>
33 * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
34 * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a>
35 * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
36 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
37 * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a>
38 * @version $Id: TurbineAccessControlList.java 278822 2005-09-05 19:53:05Z henning $
39 */
40 public class TurbineAccessControlList
41 implements AccessControlList
42 {
43 /*** Serial Version UID */
44 private static final long serialVersionUID = 2678947159949477950L;
45
46 /*** The sets of roles that the user has in different groups */
47 private Map roleSets;
48
49 /*** The sets of permissions that the user has in different groups */
50 private Map permissionSets;
51
52 /*** The name of this ACL. Needed for the SecurityEntity Interface */
53 private String name;
54
55 /***
56 * Constructs a new AccessControlList.
57 *
58 * This class follows 'immutable' pattern - it's objects can't be modified
59 * once they are created. This means that the permissions the users have are
60 * in effect form the moment they log in to the moment they log out, and
61 * changes made to the security settings in that time are not reflected
62 * in the state of this object. If you need to reset an user's permissions
63 * you need to invalidate his session. <br>
64 * The objects that constructs an AccessControlList must supply hashtables
65 * of role/permission sets keyed with group objects. <br>
66 *
67 * @param roleSets a hashtable containing RoleSet objects keyed with Group objects
68 * @param permissionSets a hashtable containing PermissionSet objects keyed with Group objects
69 */
70 public TurbineAccessControlList(Map roleSets, Map permissionSets)
71 {
72 this.roleSets = roleSets;
73 this.permissionSets = permissionSets;
74 }
75
76 /***
77 * Returns the name of this ACL.
78 *
79 * @return The ACL Name
80 *
81 */
82 public String getName()
83 {
84 return this.name;
85 }
86
87 /***
88 * Sets the name of this ACL.
89 *
90 * @param name The new ACL name.
91 *
92 */
93 public void setName(String name)
94 {
95 this.name = name;
96 }
97
98 /***
99 * Retrieves a set of Roles an user is assigned in a Group.
100 *
101 * @param group the Group
102 * @return the set of Roles this user has within the Group.
103 */
104 public RoleSet getRoles(Group group)
105 {
106 if (group == null)
107 {
108 return null;
109 }
110 return (RoleSet) roleSets.get(group);
111 }
112
113 /***
114 * Retrieves a set of Roles an user is assigned in the global Group.
115 *
116 * @return the set of Roles this user has within the global Group.
117 */
118 public RoleSet getRoles()
119 {
120 return getRoles(TurbineSecurity.getGlobalGroup());
121 }
122
123 /***
124 * Retrieves a set of Permissions an user is assigned in a Group.
125 *
126 * @param group the Group
127 * @return the set of Permissions this user has within the Group.
128 */
129 public PermissionSet getPermissions(Group group)
130 {
131 if (group == null)
132 {
133 return null;
134 }
135 return (PermissionSet) permissionSets.get(group);
136 }
137
138 /***
139 * Retrieves a set of Permissions an user is assigned in the global Group.
140 *
141 * @return the set of Permissions this user has within the global Group.
142 */
143 public PermissionSet getPermissions()
144 {
145 return getPermissions(TurbineSecurity.getGlobalGroup());
146 }
147
148 /***
149 * Checks if the user is assigned a specific Role in the Group.
150 *
151 * @param role the Role
152 * @param group the Group
153 * @return <code>true</code> if the user is assigned the Role in the Group.
154 */
155 public boolean hasRole(Role role, Group group)
156 {
157 RoleSet set = getRoles(group);
158 if (set == null || role == null)
159 {
160 return false;
161 }
162 return set.contains(role);
163 }
164
165 /***
166 * Checks if the user is assigned a specific Role in any of the given
167 * Groups
168 *
169 * @param role the Role
170 * @param groupset a Groupset
171 * @return <code>true</code> if the user is assigned the Role in any of
172 * the given Groups.
173 */
174 public boolean hasRole(Role role, GroupSet groupset)
175 {
176 if (role == null)
177 {
178 return false;
179 }
180 for (Iterator groups = groupset.iterator(); groups.hasNext();)
181 {
182 Group group = (Group) groups.next();
183 RoleSet roles = getRoles(group);
184 if (roles != null)
185 {
186 if (roles.contains(role))
187 {
188 return true;
189 }
190 }
191 }
192 return false;
193 }
194
195 /***
196 * Checks if the user is assigned a specific Role in the Group.
197 *
198 * @param role the Role
199 * @param group the Group
200 * @return <code>true</code> if the user is assigned the Role in the Group.
201 */
202 public boolean hasRole(String role, String group)
203 {
204 try
205 {
206 return hasRole(TurbineSecurity.getRoleByName(role),
207 TurbineSecurity.getGroupByName(group));
208 }
209 catch (Exception e)
210 {
211 return false;
212 }
213 }
214
215 /***
216 * Checks if the user is assigned a specifie Role in any of the given
217 * Groups
218 *
219 * @param rolename the name of the Role
220 * @param groupset a Groupset
221 * @return <code>true</code> if the user is assigned the Role in any of
222 * the given Groups.
223 */
224 public boolean hasRole(String rolename, GroupSet groupset)
225 {
226 Role role;
227 try
228 {
229 role = TurbineSecurity.getRoleByName(rolename);
230 }
231 catch (TurbineSecurityException e)
232 {
233 return false;
234 }
235 if (role == null)
236 {
237 return false;
238 }
239 for (Iterator groups = groupset.iterator(); groups.hasNext();)
240 {
241 Group group = (Group) groups.next();
242 RoleSet roles = getRoles(group);
243 if (roles != null)
244 {
245 if (roles.contains(role))
246 {
247 return true;
248 }
249 }
250 }
251 return false;
252 }
253
254 /***
255 * Checks if the user is assigned a specific Role in the global Group.
256 *
257 * @param role the Role
258 * @return <code>true</code> if the user is assigned the Role in the global Group.
259 */
260 public boolean hasRole(Role role)
261 {
262 return hasRole(role, TurbineSecurity.getGlobalGroup());
263 }
264
265 /***
266 * Checks if the user is assigned a specific Role in the global Group.
267 *
268 * @param role the Role
269 * @return <code>true</code> if the user is assigned the Role in the global Group.
270 */
271 public boolean hasRole(String role)
272 {
273 try
274 {
275 return hasRole(TurbineSecurity.getRoleByName(role));
276 }
277 catch (Exception e)
278 {
279 return false;
280 }
281 }
282
283 /***
284 * Checks if the user is assigned a specific Permission in the Group.
285 *
286 * @param permission the Permission
287 * @param group the Group
288 * @return <code>true</code> if the user is assigned the Permission in the Group.
289 */
290 public boolean hasPermission(Permission permission, Group group)
291 {
292 PermissionSet set = getPermissions(group);
293 if (set == null || permission == null)
294 {
295 return false;
296 }
297 return set.contains(permission);
298 }
299
300 /***
301 * Checks if the user is assigned a specific Permission in any of the given
302 * Groups
303 *
304 * @param permission the Permission
305 * @param groupset a Groupset
306 * @return <code>true</code> if the user is assigned the Permission in any
307 * of the given Groups.
308 */
309 public boolean hasPermission(Permission permission, GroupSet groupset)
310 {
311 if (permission == null)
312 {
313 return false;
314 }
315 for (Iterator groups = groupset.iterator(); groups.hasNext();)
316 {
317 Group group = (Group) groups.next();
318 PermissionSet permissions = getPermissions(group);
319 if (permissions != null)
320 {
321 if (permissions.contains(permission))
322 {
323 return true;
324 }
325 }
326 }
327 return false;
328 }
329
330 /***
331 * Checks if the user is assigned a specific Permission in the Group.
332 *
333 * @param permission the Permission
334 * @param group the Group
335 * @return <code>true</code> if the user is assigned the Permission in the Group.
336 */
337 public boolean hasPermission(String permission, String group)
338 {
339 try
340 {
341 return hasPermission(TurbineSecurity.getPermissionByName(permission),
342 TurbineSecurity.getGroupByName(group));
343 }
344 catch (Exception e)
345 {
346 return false;
347 }
348 }
349
350 /***
351 * Checks if the user is assigned a specific Permission in the Group.
352 *
353 * @param permission the Permission
354 * @param group the Group
355 * @return <code>true</code> if the user is assigned the Permission in the Group.
356 */
357 public boolean hasPermission(String permission, Group group)
358 {
359 try
360 {
361 return hasPermission(
362 TurbineSecurity.getPermissionByName(permission), group);
363 }
364 catch (Exception e)
365 {
366 return false;
367 }
368 }
369
370 /***
371 * Checks if the user is assigned a specifie Permission in any of the given
372 * Groups
373 *
374 * @param permissionName the name of the Permission
375 * @param groupset a Groupset
376 * @return <code>true</code> if the user is assigned the Permission in any
377 * of the given Groups.
378 */
379 public boolean hasPermission(String permissionName, GroupSet groupset)
380 {
381 Permission permission;
382 try
383 {
384 permission = TurbineSecurity.getPermissionByName(permissionName);
385 }
386 catch (TurbineSecurityException e)
387 {
388 return false;
389 }
390 if (permission == null)
391 {
392 return false;
393 }
394 for (Iterator groups = groupset.iterator(); groups.hasNext();)
395 {
396 Group group = (Group) groups.next();
397 PermissionSet permissions = getPermissions(group);
398 if (permissions != null)
399 {
400 if (permissions.contains(permission))
401 {
402 return true;
403 }
404 }
405 }
406 return false;
407 }
408
409 /***
410 * Checks if the user is assigned a specific Permission in the global Group.
411 *
412 * @param permission the Permission
413 * @return <code>true</code> if the user is assigned the Permission in the global Group.
414 */
415 public boolean hasPermission(Permission permission)
416 {
417 return hasPermission(permission, TurbineSecurity.getGlobalGroup());
418 }
419
420 /***
421 * Checks if the user is assigned a specific Permission in the global Group.
422 *
423 * @param permission the Permission
424 * @return <code>true</code> if the user is assigned the Permission in the global Group.
425 */
426 public boolean hasPermission(String permission)
427 {
428 try
429 {
430 return hasPermission(TurbineSecurity.getPermissionByName(permission));
431 }
432 catch (Exception e)
433 {
434 return false;
435 }
436 }
437
438 /***
439 * Returns all groups definded in the system.
440 *
441 * This is useful for debugging, when you want to display all roles
442 * and permissions an user is assingned. This method is needed
443 * because you can't call static methods of TurbineSecurity class
444 * from within WebMacro/Velocity template
445 *
446 * @return A Group [] of all groups in the system.
447 */
448 public Group[] getAllGroups()
449 {
450 try
451 {
452 return TurbineSecurity.getAllGroups().getGroupsArray();
453 }
454 catch (TurbineSecurityException e)
455 {
456 return new Group[0];
457 }
458 }
459 }