%line | %branch | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
org.apache.turbine.util.security.TurbineAccessControlList |
|
|
1 | package org.apache.turbine.util.security; |
|
2 | ||
3 | /* |
|
4 | * Copyright 2001-2005 The Apache Software Foundation. |
|
5 | * |
|
6 | * Licensed under the Apache License, Version 2.0 (the "License") |
|
7 | * you may not use this file except in compliance with the License. |
|
8 | * You may obtain a copy of the License at |
|
9 | * |
|
10 | * http://www.apache.org/licenses/LICENSE-2.0 |
|
11 | * |
|
12 | * Unless required by applicable law or agreed to in writing, software |
|
13 | * distributed under the License is distributed on an "AS IS" BASIS, |
|
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
15 | * See the License for the specific language governing permissions and |
|
16 | * limitations under the License. |
|
17 | */ |
|
18 | ||
19 | import java.util.Iterator; |
|
20 | import java.util.Map; |
|
21 | ||
22 | import org.apache.turbine.om.security.Group; |
|
23 | import org.apache.turbine.om.security.Permission; |
|
24 | import org.apache.turbine.om.security.Role; |
|
25 | import org.apache.turbine.services.security.TurbineSecurity; |
|
26 | ||
27 | /** |
|
28 | * This is a control class that makes it easy to find out if a |
|
29 | * particular User has a given Permission. It also determines if a |
|
30 | * User has a a particular Role. |
|
31 | * |
|
32 | * @author <a href="mailto:jmcnally@collab.net">John D. McNally</a> |
|
33 | * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a> |
|
34 | * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a> |
|
35 | * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a> |
|
36 | * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> |
|
37 | * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a> |
|
38 | * @version $Id: TurbineAccessControlList.java 278822 2005-09-05 19:53:05Z henning $ |
|
39 | */ |
|
40 | public class TurbineAccessControlList |
|
41 | implements AccessControlList |
|
42 | { |
|
43 | /** Serial Version UID */ |
|
44 | private static final long serialVersionUID = 2678947159949477950L; |
|
45 | ||
46 | /** The sets of roles that the user has in different groups */ |
|
47 | private Map roleSets; |
|
48 | ||
49 | /** The sets of permissions that the user has in different groups */ |
|
50 | private Map permissionSets; |
|
51 | ||
52 | /** The name of this ACL. Needed for the SecurityEntity Interface */ |
|
53 | private String name; |
|
54 | ||
55 | /** |
|
56 | * Constructs a new AccessControlList. |
|
57 | * |
|
58 | * This class follows 'immutable' pattern - it's objects can't be modified |
|
59 | * once they are created. This means that the permissions the users have are |
|
60 | * in effect form the moment they log in to the moment they log out, and |
|
61 | * changes made to the security settings in that time are not reflected |
|
62 | * in the state of this object. If you need to reset an user's permissions |
|
63 | * you need to invalidate his session. <br> |
|
64 | * The objects that constructs an AccessControlList must supply hashtables |
|
65 | * of role/permission sets keyed with group objects. <br> |
|
66 | * |
|
67 | * @param roleSets a hashtable containing RoleSet objects keyed with Group objects |
|
68 | * @param permissionSets a hashtable containing PermissionSet objects keyed with Group objects |
|
69 | */ |
|
70 | public TurbineAccessControlList(Map roleSets, Map permissionSets) |
|
71 | 20 | { |
72 | 20 | this.roleSets = roleSets; |
73 | 20 | this.permissionSets = permissionSets; |
74 | 20 | } |
75 | ||
76 | /** |
|
77 | * Returns the name of this ACL. |
|
78 | * |
|
79 | * @return The ACL Name |
|
80 | * |
|
81 | */ |
|
82 | public String getName() |
|
83 | { |
|
84 | 0 | return this.name; |
85 | } |
|
86 | ||
87 | /** |
|
88 | * Sets the name of this ACL. |
|
89 | * |
|
90 | * @param name The new ACL name. |
|
91 | * |
|
92 | */ |
|
93 | public void setName(String name) |
|
94 | { |
|
95 | 0 | this.name = name; |
96 | 0 | } |
97 | ||
98 | /** |
|
99 | * Retrieves a set of Roles an user is assigned in a Group. |
|
100 | * |
|
101 | * @param group the Group |
|
102 | * @return the set of Roles this user has within the Group. |
|
103 | */ |
|
104 | public RoleSet getRoles(Group group) |
|
105 | { |
|
106 | 36 | if (group == null) |
107 | { |
|
108 | 0 | return null; |
109 | } |
|
110 | 36 | return (RoleSet) roleSets.get(group); |
111 | } |
|
112 | ||
113 | /** |
|
114 | * Retrieves a set of Roles an user is assigned in the global Group. |
|
115 | * |
|
116 | * @return the set of Roles this user has within the global Group. |
|
117 | */ |
|
118 | public RoleSet getRoles() |
|
119 | { |
|
120 | 2 | return getRoles(TurbineSecurity.getGlobalGroup()); |
121 | } |
|
122 | ||
123 | /** |
|
124 | * Retrieves a set of Permissions an user is assigned in a Group. |
|
125 | * |
|
126 | * @param group the Group |
|
127 | * @return the set of Permissions this user has within the Group. |
|
128 | */ |
|
129 | public PermissionSet getPermissions(Group group) |
|
130 | { |
|
131 | 28 | if (group == null) |
132 | { |
|
133 | 0 | return null; |
134 | } |
|
135 | 28 | return (PermissionSet) permissionSets.get(group); |
136 | } |
|
137 | ||
138 | /** |
|
139 | * Retrieves a set of Permissions an user is assigned in the global Group. |
|
140 | * |
|
141 | * @return the set of Permissions this user has within the global Group. |
|
142 | */ |
|
143 | public PermissionSet getPermissions() |
|
144 | { |
|
145 | 2 | return getPermissions(TurbineSecurity.getGlobalGroup()); |
146 | } |
|
147 | ||
148 | /** |
|
149 | * Checks if the user is assigned a specific Role in the Group. |
|
150 | * |
|
151 | * @param role the Role |
|
152 | * @param group the Group |
|
153 | * @return <code>true</code> if the user is assigned the Role in the Group. |
|
154 | */ |
|
155 | public boolean hasRole(Role role, Group group) |
|
156 | { |
|
157 | 28 | RoleSet set = getRoles(group); |
158 | 28 | if (set == null || role == class="keyword">null) |
159 | { |
|
160 | 0 | return false; |
161 | } |
|
162 | 28 | return set.contains(role); |
163 | } |
|
164 | ||
165 | /** |
|
166 | * Checks if the user is assigned a specific Role in any of the given |
|
167 | * Groups |
|
168 | * |
|
169 | * @param role the Role |
|
170 | * @param groupset a Groupset |
|
171 | * @return <code>true</code> if the user is assigned the Role in any of |
|
172 | * the given Groups. |
|
173 | */ |
|
174 | public boolean hasRole(Role role, GroupSet groupset) |
|
175 | { |
|
176 | 0 | if (role == null) |
177 | { |
|
178 | 0 | return false; |
179 | } |
|
180 | 0 | for (Iterator groups = groupset.iterator(); groups.hasNext();) |
181 | { |
|
182 | 0 | Group group = (Group) groups.next(); |
183 | 0 | RoleSet roles = getRoles(group); |
184 | 0 | if (roles != null) |
185 | { |
|
186 | 0 | if (roles.contains(role)) |
187 | { |
|
188 | 0 | return true; |
189 | } |
|
190 | } |
|
191 | } |
|
192 | 0 | return false; |
193 | } |
|
194 | ||
195 | /** |
|
196 | * Checks if the user is assigned a specific Role in the Group. |
|
197 | * |
|
198 | * @param role the Role |
|
199 | * @param group the Group |
|
200 | * @return <code>true</code> if the user is assigned the Role in the Group. |
|
201 | */ |
|
202 | public boolean hasRole(String role, String group) |
|
203 | { |
|
204 | try |
|
205 | { |
|
206 | 16 | return hasRole(TurbineSecurity.getRoleByName(role), |
207 | TurbineSecurity.getGroupByName(group)); |
|
208 | } |
|
209 | 0 | catch (Exception e) |
210 | { |
|
211 | 0 | return false; |
212 | } |
|
213 | } |
|
214 | ||
215 | /** |
|
216 | * Checks if the user is assigned a specifie Role in any of the given |
|
217 | * Groups |
|
218 | * |
|
219 | * @param rolename the name of the Role |
|
220 | * @param groupset a Groupset |
|
221 | * @return <code>true</code> if the user is assigned the Role in any of |
|
222 | * the given Groups. |
|
223 | */ |
|
224 | public boolean hasRole(String rolename, GroupSet groupset) |
|
225 | { |
|
226 | Role role; |
|
227 | try |
|
228 | { |
|
229 | 0 | role = TurbineSecurity.getRoleByName(rolename); |
230 | } |
|
231 | 0 | catch (TurbineSecurityException e) |
232 | { |
|
233 | 0 | return false; |
234 | 0 | } |
235 | 0 | if (role == null) |
236 | { |
|
237 | 0 | return false; |
238 | } |
|
239 | 0 | for (Iterator groups = groupset.iterator(); groups.hasNext();) |
240 | { |
|
241 | 0 | Group group = (Group) groups.next(); |
242 | 0 | RoleSet roles = getRoles(group); |
243 | 0 | if (roles != null) |
244 | { |
|
245 | 0 | if (roles.contains(role)) |
246 | { |
|
247 | 0 | return true; |
248 | } |
|
249 | } |
|
250 | } |
|
251 | 0 | return false; |
252 | } |
|
253 | ||
254 | /** |
|
255 | * Checks if the user is assigned a specific Role in the global Group. |
|
256 | * |
|
257 | * @param role the Role |
|
258 | * @return <code>true</code> if the user is assigned the Role in the global Group. |
|
259 | */ |
|
260 | public boolean hasRole(Role role) |
|
261 | { |
|
262 | 0 | return hasRole(role, TurbineSecurity.getGlobalGroup()); |
263 | } |
|
264 | ||
265 | /** |
|
266 | * Checks if the user is assigned a specific Role in the global Group. |
|
267 | * |
|
268 | * @param role the Role |
|
269 | * @return <code>true</code> if the user is assigned the Role in the global Group. |
|
270 | */ |
|
271 | public boolean hasRole(String role) |
|
272 | { |
|
273 | try |
|
274 | { |
|
275 | 0 | return hasRole(TurbineSecurity.getRoleByName(role)); |
276 | } |
|
277 | 0 | catch (Exception e) |
278 | { |
|
279 | 0 | return false; |
280 | } |
|
281 | } |
|
282 | ||
283 | /** |
|
284 | * Checks if the user is assigned a specific Permission in the Group. |
|
285 | * |
|
286 | * @param permission the Permission |
|
287 | * @param group the Group |
|
288 | * @return <code>true</code> if the user is assigned the Permission in the Group. |
|
289 | */ |
|
290 | public boolean hasPermission(Permission permission, Group group) |
|
291 | { |
|
292 | 24 | PermissionSet set = getPermissions(group); |
293 | 24 | if (set == null || permission == class="keyword">null) |
294 | { |
|
295 | 0 | return false; |
296 | } |
|
297 | 24 | return set.contains(permission); |
298 | } |
|
299 | ||
300 | /** |
|
301 | * Checks if the user is assigned a specific Permission in any of the given |
|
302 | * Groups |
|
303 | * |
|
304 | * @param permission the Permission |
|
305 | * @param groupset a Groupset |
|
306 | * @return <code>true</code> if the user is assigned the Permission in any |
|
307 | * of the given Groups. |
|
308 | */ |
|
309 | public boolean hasPermission(Permission permission, GroupSet groupset) |
|
310 | { |
|
311 | 0 | if (permission == null) |
312 | { |
|
313 | 0 | return false; |
314 | } |
|
315 | 0 | for (Iterator groups = groupset.iterator(); groups.hasNext();) |
316 | { |
|
317 | 0 | Group group = (Group) groups.next(); |
318 | 0 | PermissionSet permissions = getPermissions(group); |
319 | 0 | if (permissions != null) |
320 | { |
|
321 | 0 | if (permissions.contains(permission)) |
322 | { |
|
323 | 0 | return true; |
324 | } |
|
325 | } |
|
326 | } |
|
327 | 0 | return false; |
328 | } |
|
329 | ||
330 | /** |
|
331 | * Checks if the user is assigned a specific Permission in the Group. |
|
332 | * |
|
333 | * @param permission the Permission |
|
334 | * @param group the Group |
|
335 | * @return <code>true</code> if the user is assigned the Permission in the Group. |
|
336 | */ |
|
337 | public boolean hasPermission(String permission, String group) |
|
338 | { |
|
339 | try |
|
340 | { |
|
341 | 24 | return hasPermission(TurbineSecurity.getPermissionByName(permission), |
342 | TurbineSecurity.getGroupByName(group)); |
|
343 | } |
|
344 | 0 | catch (Exception e) |
345 | { |
|
346 | 0 | return false; |
347 | } |
|
348 | } |
|
349 | ||
350 | /** |
|
351 | * Checks if the user is assigned a specific Permission in the Group. |
|
352 | * |
|
353 | * @param permission the Permission |
|
354 | * @param group the Group |
|
355 | * @return <code>true</code> if the user is assigned the Permission in the Group. |
|
356 | */ |
|
357 | public boolean hasPermission(String permission, Group group) |
|
358 | { |
|
359 | try |
|
360 | { |
|
361 | 0 | return hasPermission( |
362 | TurbineSecurity.getPermissionByName(permission), group); |
|
363 | } |
|
364 | 0 | catch (Exception e) |
365 | { |
|
366 | 0 | return false; |
367 | } |
|
368 | } |
|
369 | ||
370 | /** |
|
371 | * Checks if the user is assigned a specifie Permission in any of the given |
|
372 | * Groups |
|
373 | * |
|
374 | * @param permissionName the name of the Permission |
|
375 | * @param groupset a Groupset |
|
376 | * @return <code>true</code> if the user is assigned the Permission in any |
|
377 | * of the given Groups. |
|
378 | */ |
|
379 | public boolean hasPermission(String permissionName, GroupSet groupset) |
|
380 | { |
|
381 | Permission permission; |
|
382 | try |
|
383 | { |
|
384 | 0 | permission = TurbineSecurity.getPermissionByName(permissionName); |
385 | } |
|
386 | 0 | catch (TurbineSecurityException e) |
387 | { |
|
388 | 0 | return false; |
389 | 0 | } |
390 | 0 | if (permission == null) |
391 | { |
|
392 | 0 | return false; |
393 | } |
|
394 | 0 | for (Iterator groups = groupset.iterator(); groups.hasNext();) |
395 | { |
|
396 | 0 | Group group = (Group) groups.next(); |
397 | 0 | PermissionSet permissions = getPermissions(group); |
398 | 0 | if (permissions != null) |
399 | { |
|
400 | 0 | if (permissions.contains(permission)) |
401 | { |
|
402 | 0 | return true; |
403 | } |
|
404 | } |
|
405 | } |
|
406 | 0 | return false; |
407 | } |
|
408 | ||
409 | /** |
|
410 | * Checks if the user is assigned a specific Permission in the global Group. |
|
411 | * |
|
412 | * @param permission the Permission |
|
413 | * @return <code>true</code> if the user is assigned the Permission in the global Group. |
|
414 | */ |
|
415 | public boolean hasPermission(Permission permission) |
|
416 | { |
|
417 | 0 | return hasPermission(permission, TurbineSecurity.getGlobalGroup()); |
418 | } |
|
419 | ||
420 | /** |
|
421 | * Checks if the user is assigned a specific Permission in the global Group. |
|
422 | * |
|
423 | * @param permission the Permission |
|
424 | * @return <code>true</code> if the user is assigned the Permission in the global Group. |
|
425 | */ |
|
426 | public boolean hasPermission(String permission) |
|
427 | { |
|
428 | try |
|
429 | { |
|
430 | 0 | return hasPermission(TurbineSecurity.getPermissionByName(permission)); |
431 | } |
|
432 | 0 | catch (Exception e) |
433 | { |
|
434 | 0 | return false; |
435 | } |
|
436 | } |
|
437 | ||
438 | /** |
|
439 | * Returns all groups definded in the system. |
|
440 | * |
|
441 | * This is useful for debugging, when you want to display all roles |
|
442 | * and permissions an user is assingned. This method is needed |
|
443 | * because you can't call static methods of TurbineSecurity class |
|
444 | * from within WebMacro/Velocity template |
|
445 | * |
|
446 | * @return A Group [] of all groups in the system. |
|
447 | */ |
|
448 | public Group[] getAllGroups() |
|
449 | { |
|
450 | try |
|
451 | { |
|
452 | 0 | return TurbineSecurity.getAllGroups().getGroupsArray(); |
453 | } |
|
454 | 0 | catch (TurbineSecurityException e) |
455 | { |
|
456 | 0 | return new Group[0]; |
457 | } |
|
458 | } |
|
459 | } |
This report is generated by jcoverage, Maven and Maven JCoverage Plugin. |