1 package org.apache.turbine.util.security;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 import java.util.Iterator;
20 import java.util.Map;
21
22 import org.apache.turbine.om.security.Group;
23 import org.apache.turbine.om.security.Permission;
24 import org.apache.turbine.om.security.Role;
25 import org.apache.turbine.services.security.TurbineSecurity;
26
27 /***
28 * This is a control class that makes it easy to find out if a
29 * particular User has a given Permission. It also determines if a
30 * User has a a particular Role.
31 *
32 * @author <a href="mailto:jmcnally@collab.net">John D. McNally</a>
33 * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
34 * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a>
35 * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
36 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
37 * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a>
38 * @version $Id: TurbineAccessControlList.java,v 1.8.2.2 2004/05/20 03:27:24 seade Exp $
39 */
40 public class TurbineAccessControlList
41 implements AccessControlList
42 {
43 /*** The sets of roles that the user has in different groups */
44 private Map roleSets;
45
46 /*** The sets of permissions that the user has in different groups */
47 private Map permissionSets;
48
49 /*** The name of this ACL. Needed for the SecurityEntity Interface */
50 private String name;
51
52 /***
53 * Constructs a new AccessControlList.
54 *
55 * This class follows 'immutable' pattern - it's objects can't be modified
56 * once they are created. This means that the permissions the users have are
57 * in effect form the moment they log in to the moment they log out, and
58 * changes made to the security settings in that time are not reflected
59 * in the state of this object. If you need to reset an user's permissions
60 * you need to invalidate his session. <br>
61 * The objects that constructs an AccessControlList must supply hashtables
62 * of role/permission sets keyed with group objects. <br>
63 *
64 * @param roleSets a hashtable containing RoleSet objects keyed with Group objects
65 * @param permissionSets a hashtable containing PermissionSet objects keyed with Group objects
66 */
67 public TurbineAccessControlList(Map roleSets, Map permissionSets)
68 {
69 this.roleSets = roleSets;
70 this.permissionSets = permissionSets;
71 }
72
73 /***
74 * Returns the name of this ACL.
75 *
76 * @return The ACL Name
77 *
78 */
79 public String getName()
80 {
81 return this.name;
82 }
83
84 /***
85 * Sets the name of this ACL.
86 *
87 * @param name The new ACL name.
88 *
89 */
90 public void setName(String name)
91 {
92 this.name = name;
93 }
94
95 /***
96 * Retrieves a set of Roles an user is assigned in a Group.
97 *
98 * @param group the Group
99 * @return the set of Roles this user has within the Group.
100 */
101 public RoleSet getRoles(Group group)
102 {
103 if (group == null)
104 {
105 return null;
106 }
107 return (RoleSet) roleSets.get(group);
108 }
109
110 /***
111 * Retrieves a set of Roles an user is assigned in the global Group.
112 *
113 * @return the set of Roles this user has within the global Group.
114 */
115 public RoleSet getRoles()
116 {
117 return getRoles(TurbineSecurity.getGlobalGroup());
118 }
119
120 /***
121 * Retrieves a set of Permissions an user is assigned in a Group.
122 *
123 * @param group the Group
124 * @return the set of Permissions this user has within the Group.
125 */
126 public PermissionSet getPermissions(Group group)
127 {
128 if (group == null)
129 {
130 return null;
131 }
132 return (PermissionSet) permissionSets.get(group);
133 }
134
135 /***
136 * Retrieves a set of Permissions an user is assigned in the global Group.
137 *
138 * @return the set of Permissions this user has within the global Group.
139 */
140 public PermissionSet getPermissions()
141 {
142 return getPermissions(TurbineSecurity.getGlobalGroup());
143 }
144
145 /***
146 * Checks if the user is assigned a specific Role in the Group.
147 *
148 * @param role the Role
149 * @param group the Group
150 * @return <code>true</code> if the user is assigned the Role in the Group.
151 */
152 public boolean hasRole(Role role, Group group)
153 {
154 RoleSet set = getRoles(group);
155 if (set == null || role == null)
156 {
157 return false;
158 }
159 return set.contains(role);
160 }
161
162 /***
163 * Checks if the user is assigned a specific Role in any of the given
164 * Groups
165 *
166 * @param role the Role
167 * @param groupset a Groupset
168 * @return <code>true</code> if the user is assigned the Role in any of
169 * the given Groups.
170 */
171 public boolean hasRole(Role role, GroupSet groupset)
172 {
173 if (role == null)
174 {
175 return false;
176 }
177 for (Iterator groups = groupset.iterator(); groups.hasNext();)
178 {
179 Group group = (Group) groups.next();
180 RoleSet roles = getRoles(group);
181 if (roles != null)
182 {
183 if (roles.contains(role))
184 {
185 return true;
186 }
187 }
188 }
189 return false;
190 }
191
192 /***
193 * Checks if the user is assigned a specific Role in the Group.
194 *
195 * @param role the Role
196 * @param group the Group
197 * @return <code>true</code> if the user is assigned the Role in the Group.
198 */
199 public boolean hasRole(String role, String group)
200 {
201 try
202 {
203 return hasRole(TurbineSecurity.getRoleByName(role),
204 TurbineSecurity.getGroupByName(group));
205 }
206 catch (Exception e)
207 {
208 return false;
209 }
210 }
211
212 /***
213 * Checks if the user is assigned a specifie Role in any of the given
214 * Groups
215 *
216 * @param rolename the name of the Role
217 * @param groupset a Groupset
218 * @return <code>true</code> if the user is assigned the Role in any of
219 * the given Groups.
220 */
221 public boolean hasRole(String rolename, GroupSet groupset)
222 {
223 Role role;
224 try
225 {
226 role = TurbineSecurity.getRoleByName(rolename);
227 }
228 catch (TurbineSecurityException e)
229 {
230 return false;
231 }
232 if (role == null)
233 {
234 return false;
235 }
236 for (Iterator groups = groupset.iterator(); groups.hasNext();)
237 {
238 Group group = (Group) groups.next();
239 RoleSet roles = getRoles(group);
240 if (roles != null)
241 {
242 if (roles.contains(role))
243 {
244 return true;
245 }
246 }
247 }
248 return false;
249 }
250
251 /***
252 * Checks if the user is assigned a specific Role in the global Group.
253 *
254 * @param role the Role
255 * @return <code>true</code> if the user is assigned the Role in the global Group.
256 */
257 public boolean hasRole(Role role)
258 {
259 return hasRole(role, TurbineSecurity.getGlobalGroup());
260 }
261
262 /***
263 * Checks if the user is assigned a specific Role in the global Group.
264 *
265 * @param role the Role
266 * @return <code>true</code> if the user is assigned the Role in the global Group.
267 */
268 public boolean hasRole(String role)
269 {
270 try
271 {
272 return hasRole(TurbineSecurity.getRoleByName(role));
273 }
274 catch (Exception e)
275 {
276 return false;
277 }
278 }
279
280 /***
281 * Checks if the user is assigned a specific Permission in the Group.
282 *
283 * @param permission the Permission
284 * @param group the Group
285 * @return <code>true</code> if the user is assigned the Permission in the Group.
286 */
287 public boolean hasPermission(Permission permission, Group group)
288 {
289 PermissionSet set = getPermissions(group);
290 if (set == null || permission == null)
291 {
292 return false;
293 }
294 return set.contains(permission);
295 }
296
297 /***
298 * Checks if the user is assigned a specific Permission in any of the given
299 * Groups
300 *
301 * @param permission the Permission
302 * @param groupset a Groupset
303 * @return <code>true</code> if the user is assigned the Permission in any
304 * of the given Groups.
305 */
306 public boolean hasPermission(Permission permission, GroupSet groupset)
307 {
308 if (permission == null)
309 {
310 return false;
311 }
312 for (Iterator groups = groupset.iterator(); groups.hasNext();)
313 {
314 Group group = (Group) groups.next();
315 PermissionSet permissions = getPermissions(group);
316 if (permissions != null)
317 {
318 if (permissions.contains(permission))
319 {
320 return true;
321 }
322 }
323 }
324 return false;
325 }
326
327 /***
328 * Checks if the user is assigned a specific Permission in the Group.
329 *
330 * @param permission the Permission
331 * @param group the Group
332 * @return <code>true</code> if the user is assigned the Permission in the Group.
333 */
334 public boolean hasPermission(String permission, String group)
335 {
336 try
337 {
338 return hasPermission(TurbineSecurity.getPermissionByName(permission),
339 TurbineSecurity.getGroupByName(group));
340 }
341 catch (Exception e)
342 {
343 return false;
344 }
345 }
346
347 /***
348 * Checks if the user is assigned a specific Permission in the Group.
349 *
350 * @param permission the Permission
351 * @param group the Group
352 * @return <code>true</code> if the user is assigned the Permission in the Group.
353 */
354 public boolean hasPermission(String permission, Group group)
355 {
356 try
357 {
358 return hasPermission(
359 TurbineSecurity.getPermissionByName(permission), group);
360 }
361 catch (Exception e)
362 {
363 return false;
364 }
365 }
366
367 /***
368 * Checks if the user is assigned a specifie Permission in any of the given
369 * Groups
370 *
371 * @param permissionName the name of the Permission
372 * @param groupset a Groupset
373 * @return <code>true</code> if the user is assigned the Permission in any
374 * of the given Groups.
375 */
376 public boolean hasPermission(String permissionName, GroupSet groupset)
377 {
378 Permission permission;
379 try
380 {
381 permission = TurbineSecurity.getPermissionByName(permissionName);
382 }
383 catch (TurbineSecurityException e)
384 {
385 return false;
386 }
387 if (permission == null)
388 {
389 return false;
390 }
391 for (Iterator groups = groupset.iterator(); groups.hasNext();)
392 {
393 Group group = (Group) groups.next();
394 PermissionSet permissions = getPermissions(group);
395 if (permissions != null)
396 {
397 if (permissions.contains(permission))
398 {
399 return true;
400 }
401 }
402 }
403 return false;
404 }
405
406 /***
407 * Checks if the user is assigned a specific Permission in the global Group.
408 *
409 * @param permission the Permission
410 * @return <code>true</code> if the user is assigned the Permission in the global Group.
411 */
412 public boolean hasPermission(Permission permission)
413 {
414 return hasPermission(permission, TurbineSecurity.getGlobalGroup());
415 }
416
417 /***
418 * Checks if the user is assigned a specific Permission in the global Group.
419 *
420 * @param permission the Permission
421 * @return <code>true</code> if the user is assigned the Permission in the global Group.
422 */
423 public boolean hasPermission(String permission)
424 {
425 try
426 {
427 return hasPermission(TurbineSecurity.getPermissionByName(permission));
428 }
429 catch (Exception e)
430 {
431 return false;
432 }
433 }
434
435 /***
436 * Returns all groups definded in the system.
437 *
438 * This is useful for debugging, when you want to display all roles
439 * and permissions an user is assingned. This method is needed
440 * because you can't call static methods of TurbineSecurity class
441 * from within WebMacro/Velocity template
442 *
443 * @return A Group [] of all groups in the system.
444 */
445 public Group[] getAllGroups()
446 {
447 try
448 {
449 return TurbineSecurity.getAllGroups().getGroupsArray();
450 }
451 catch (TurbineSecurityException e)
452 {
453 return new Group[0];
454 }
455 }
456 }