%line | %branch | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
org.apache.turbine.util.security.TurbineAccessControlList |
|
|
1 | package org.apache.turbine.util.security; |
|
2 | ||
3 | /* |
|
4 | * Copyright 2001-2004 The Apache Software Foundation. |
|
5 | * |
|
6 | * Licensed under the Apache License, Version 2.0 (the "License") |
|
7 | * you may not use this file except in compliance with the License. |
|
8 | * You may obtain a copy of the License at |
|
9 | * |
|
10 | * http://www.apache.org/licenses/LICENSE-2.0 |
|
11 | * |
|
12 | * Unless required by applicable law or agreed to in writing, software |
|
13 | * distributed under the License is distributed on an "AS IS" BASIS, |
|
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
15 | * See the License for the specific language governing permissions and |
|
16 | * limitations under the License. |
|
17 | */ |
|
18 | ||
19 | import java.util.Iterator; |
|
20 | import java.util.Map; |
|
21 | ||
22 | import org.apache.turbine.om.security.Group; |
|
23 | import org.apache.turbine.om.security.Permission; |
|
24 | import org.apache.turbine.om.security.Role; |
|
25 | import org.apache.turbine.services.security.TurbineSecurity; |
|
26 | ||
27 | /** |
|
28 | * This is a control class that makes it easy to find out if a |
|
29 | * particular User has a given Permission. It also determines if a |
|
30 | * User has a a particular Role. |
|
31 | * |
|
32 | * @author <a href="mailto:jmcnally@collab.net">John D. McNally</a> |
|
33 | * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a> |
|
34 | * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a> |
|
35 | * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a> |
|
36 | * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> |
|
37 | * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a> |
|
38 | * @version $Id: TurbineAccessControlList.java,v 1.8.2.2 2004/05/20 03:27:24 seade Exp $ |
|
39 | */ |
|
40 | public class TurbineAccessControlList |
|
41 | implements AccessControlList |
|
42 | { |
|
43 | /** The sets of roles that the user has in different groups */ |
|
44 | private Map roleSets; |
|
45 | ||
46 | /** The sets of permissions that the user has in different groups */ |
|
47 | private Map permissionSets; |
|
48 | ||
49 | /** The name of this ACL. Needed for the SecurityEntity Interface */ |
|
50 | private String name; |
|
51 | ||
52 | /** |
|
53 | * Constructs a new AccessControlList. |
|
54 | * |
|
55 | * This class follows 'immutable' pattern - it's objects can't be modified |
|
56 | * once they are created. This means that the permissions the users have are |
|
57 | * in effect form the moment they log in to the moment they log out, and |
|
58 | * changes made to the security settings in that time are not reflected |
|
59 | * in the state of this object. If you need to reset an user's permissions |
|
60 | * you need to invalidate his session. <br> |
|
61 | * The objects that constructs an AccessControlList must supply hashtables |
|
62 | * of role/permission sets keyed with group objects. <br> |
|
63 | * |
|
64 | * @param roleSets a hashtable containing RoleSet objects keyed with Group objects |
|
65 | * @param permissionSets a hashtable containing PermissionSet objects keyed with Group objects |
|
66 | */ |
|
67 | public TurbineAccessControlList(Map roleSets, Map permissionSets) |
|
68 | 10 | { |
69 | 10 | this.roleSets = roleSets; |
70 | 10 | this.permissionSets = permissionSets; |
71 | 10 | } |
72 | ||
73 | /** |
|
74 | * Returns the name of this ACL. |
|
75 | * |
|
76 | * @return The ACL Name |
|
77 | * |
|
78 | */ |
|
79 | public String getName() |
|
80 | { |
|
81 | 0 | return this.name; |
82 | } |
|
83 | ||
84 | /** |
|
85 | * Sets the name of this ACL. |
|
86 | * |
|
87 | * @param name The new ACL name. |
|
88 | * |
|
89 | */ |
|
90 | public void setName(String name) |
|
91 | { |
|
92 | 0 | this.name = name; |
93 | 0 | } |
94 | ||
95 | /** |
|
96 | * Retrieves a set of Roles an user is assigned in a Group. |
|
97 | * |
|
98 | * @param group the Group |
|
99 | * @return the set of Roles this user has within the Group. |
|
100 | */ |
|
101 | public RoleSet getRoles(Group group) |
|
102 | { |
|
103 | 18 | if (group == null) |
104 | { |
|
105 | 0 | return null; |
106 | } |
|
107 | 18 | return (RoleSet) roleSets.get(group); |
108 | } |
|
109 | ||
110 | /** |
|
111 | * Retrieves a set of Roles an user is assigned in the global Group. |
|
112 | * |
|
113 | * @return the set of Roles this user has within the global Group. |
|
114 | */ |
|
115 | public RoleSet getRoles() |
|
116 | { |
|
117 | 1 | return getRoles(TurbineSecurity.getGlobalGroup()); |
118 | } |
|
119 | ||
120 | /** |
|
121 | * Retrieves a set of Permissions an user is assigned in a Group. |
|
122 | * |
|
123 | * @param group the Group |
|
124 | * @return the set of Permissions this user has within the Group. |
|
125 | */ |
|
126 | public PermissionSet getPermissions(Group group) |
|
127 | { |
|
128 | 14 | if (group == null) |
129 | { |
|
130 | 0 | return null; |
131 | } |
|
132 | 14 | return (PermissionSet) permissionSets.get(group); |
133 | } |
|
134 | ||
135 | /** |
|
136 | * Retrieves a set of Permissions an user is assigned in the global Group. |
|
137 | * |
|
138 | * @return the set of Permissions this user has within the global Group. |
|
139 | */ |
|
140 | public PermissionSet getPermissions() |
|
141 | { |
|
142 | 1 | return getPermissions(TurbineSecurity.getGlobalGroup()); |
143 | } |
|
144 | ||
145 | /** |
|
146 | * Checks if the user is assigned a specific Role in the Group. |
|
147 | * |
|
148 | * @param role the Role |
|
149 | * @param group the Group |
|
150 | * @return <code>true</code> if the user is assigned the Role in the Group. |
|
151 | */ |
|
152 | public boolean hasRole(Role role, Group group) |
|
153 | { |
|
154 | 14 | RoleSet set = getRoles(group); |
155 | 14 | if (set == null || role == class="keyword">null) |
156 | { |
|
157 | 0 | return false; |
158 | } |
|
159 | 14 | return set.contains(role); |
160 | } |
|
161 | ||
162 | /** |
|
163 | * Checks if the user is assigned a specific Role in any of the given |
|
164 | * Groups |
|
165 | * |
|
166 | * @param role the Role |
|
167 | * @param groupset a Groupset |
|
168 | * @return <code>true</code> if the user is assigned the Role in any of |
|
169 | * the given Groups. |
|
170 | */ |
|
171 | public boolean hasRole(Role role, GroupSet groupset) |
|
172 | { |
|
173 | 0 | if (role == null) |
174 | { |
|
175 | 0 | return false; |
176 | } |
|
177 | 0 | for (Iterator groups = groupset.iterator(); groups.hasNext();) |
178 | { |
|
179 | 0 | Group group = (Group) groups.next(); |
180 | 0 | RoleSet roles = getRoles(group); |
181 | 0 | if (roles != null) |
182 | { |
|
183 | 0 | if (roles.contains(role)) |
184 | { |
|
185 | 0 | return true; |
186 | } |
|
187 | } |
|
188 | } |
|
189 | 0 | return false; |
190 | } |
|
191 | ||
192 | /** |
|
193 | * Checks if the user is assigned a specific Role in the Group. |
|
194 | * |
|
195 | * @param role the Role |
|
196 | * @param group the Group |
|
197 | * @return <code>true</code> if the user is assigned the Role in the Group. |
|
198 | */ |
|
199 | public boolean hasRole(String role, String group) |
|
200 | { |
|
201 | try |
|
202 | { |
|
203 | 8 | return hasRole(TurbineSecurity.getRoleByName(role), |
204 | TurbineSecurity.getGroupByName(group)); |
|
205 | } |
|
206 | 0 | catch (Exception e) |
207 | { |
|
208 | 0 | return false; |
209 | } |
|
210 | } |
|
211 | ||
212 | /** |
|
213 | * Checks if the user is assigned a specifie Role in any of the given |
|
214 | * Groups |
|
215 | * |
|
216 | * @param rolename the name of the Role |
|
217 | * @param groupset a Groupset |
|
218 | * @return <code>true</code> if the user is assigned the Role in any of |
|
219 | * the given Groups. |
|
220 | */ |
|
221 | public boolean hasRole(String rolename, GroupSet groupset) |
|
222 | { |
|
223 | Role role; |
|
224 | try |
|
225 | { |
|
226 | 0 | role = TurbineSecurity.getRoleByName(rolename); |
227 | } |
|
228 | 0 | catch (TurbineSecurityException e) |
229 | { |
|
230 | 0 | return false; |
231 | 0 | } |
232 | 0 | if (role == null) |
233 | { |
|
234 | 0 | return false; |
235 | } |
|
236 | 0 | for (Iterator groups = groupset.iterator(); groups.hasNext();) |
237 | { |
|
238 | 0 | Group group = (Group) groups.next(); |
239 | 0 | RoleSet roles = getRoles(group); |
240 | 0 | if (roles != null) |
241 | { |
|
242 | 0 | if (roles.contains(role)) |
243 | { |
|
244 | 0 | return true; |
245 | } |
|
246 | } |
|
247 | } |
|
248 | 0 | return false; |
249 | } |
|
250 | ||
251 | /** |
|
252 | * Checks if the user is assigned a specific Role in the global Group. |
|
253 | * |
|
254 | * @param role the Role |
|
255 | * @return <code>true</code> if the user is assigned the Role in the global Group. |
|
256 | */ |
|
257 | public boolean hasRole(Role role) |
|
258 | { |
|
259 | 0 | return hasRole(role, TurbineSecurity.getGlobalGroup()); |
260 | } |
|
261 | ||
262 | /** |
|
263 | * Checks if the user is assigned a specific Role in the global Group. |
|
264 | * |
|
265 | * @param role the Role |
|
266 | * @return <code>true</code> if the user is assigned the Role in the global Group. |
|
267 | */ |
|
268 | public boolean hasRole(String role) |
|
269 | { |
|
270 | try |
|
271 | { |
|
272 | 0 | return hasRole(TurbineSecurity.getRoleByName(role)); |
273 | } |
|
274 | 0 | catch (Exception e) |
275 | { |
|
276 | 0 | return false; |
277 | } |
|
278 | } |
|
279 | ||
280 | /** |
|
281 | * Checks if the user is assigned a specific Permission in the Group. |
|
282 | * |
|
283 | * @param permission the Permission |
|
284 | * @param group the Group |
|
285 | * @return <code>true</code> if the user is assigned the Permission in the Group. |
|
286 | */ |
|
287 | public boolean hasPermission(Permission permission, Group group) |
|
288 | { |
|
289 | 12 | PermissionSet set = getPermissions(group); |
290 | 12 | if (set == null || permission == class="keyword">null) |
291 | { |
|
292 | 0 | return false; |
293 | } |
|
294 | 12 | return set.contains(permission); |
295 | } |
|
296 | ||
297 | /** |
|
298 | * Checks if the user is assigned a specific Permission in any of the given |
|
299 | * Groups |
|
300 | * |
|
301 | * @param permission the Permission |
|
302 | * @param groupset a Groupset |
|
303 | * @return <code>true</code> if the user is assigned the Permission in any |
|
304 | * of the given Groups. |
|
305 | */ |
|
306 | public boolean hasPermission(Permission permission, GroupSet groupset) |
|
307 | { |
|
308 | 0 | if (permission == null) |
309 | { |
|
310 | 0 | return false; |
311 | } |
|
312 | 0 | for (Iterator groups = groupset.iterator(); groups.hasNext();) |
313 | { |
|
314 | 0 | Group group = (Group) groups.next(); |
315 | 0 | PermissionSet permissions = getPermissions(group); |
316 | 0 | if (permissions != null) |
317 | { |
|
318 | 0 | if (permissions.contains(permission)) |
319 | { |
|
320 | 0 | return true; |
321 | } |
|
322 | } |
|
323 | } |
|
324 | 0 | return false; |
325 | } |
|
326 | ||
327 | /** |
|
328 | * Checks if the user is assigned a specific Permission in the Group. |
|
329 | * |
|
330 | * @param permission the Permission |
|
331 | * @param group the Group |
|
332 | * @return <code>true</code> if the user is assigned the Permission in the Group. |
|
333 | */ |
|
334 | public boolean hasPermission(String permission, String group) |
|
335 | { |
|
336 | try |
|
337 | { |
|
338 | 12 | return hasPermission(TurbineSecurity.getPermissionByName(permission), |
339 | TurbineSecurity.getGroupByName(group)); |
|
340 | } |
|
341 | 0 | catch (Exception e) |
342 | { |
|
343 | 0 | return false; |
344 | } |
|
345 | } |
|
346 | ||
347 | /** |
|
348 | * Checks if the user is assigned a specific Permission in the Group. |
|
349 | * |
|
350 | * @param permission the Permission |
|
351 | * @param group the Group |
|
352 | * @return <code>true</code> if the user is assigned the Permission in the Group. |
|
353 | */ |
|
354 | public boolean hasPermission(String permission, Group group) |
|
355 | { |
|
356 | try |
|
357 | { |
|
358 | 0 | return hasPermission( |
359 | TurbineSecurity.getPermissionByName(permission), group); |
|
360 | } |
|
361 | 0 | catch (Exception e) |
362 | { |
|
363 | 0 | return false; |
364 | } |
|
365 | } |
|
366 | ||
367 | /** |
|
368 | * Checks if the user is assigned a specifie Permission in any of the given |
|
369 | * Groups |
|
370 | * |
|
371 | * @param permissionName the name of the Permission |
|
372 | * @param groupset a Groupset |
|
373 | * @return <code>true</code> if the user is assigned the Permission in any |
|
374 | * of the given Groups. |
|
375 | */ |
|
376 | public boolean hasPermission(String permissionName, GroupSet groupset) |
|
377 | { |
|
378 | Permission permission; |
|
379 | try |
|
380 | { |
|
381 | 0 | permission = TurbineSecurity.getPermissionByName(permissionName); |
382 | } |
|
383 | 0 | catch (TurbineSecurityException e) |
384 | { |
|
385 | 0 | return false; |
386 | 0 | } |
387 | 0 | if (permission == null) |
388 | { |
|
389 | 0 | return false; |
390 | } |
|
391 | 0 | for (Iterator groups = groupset.iterator(); groups.hasNext();) |
392 | { |
|
393 | 0 | Group group = (Group) groups.next(); |
394 | 0 | PermissionSet permissions = getPermissions(group); |
395 | 0 | if (permissions != null) |
396 | { |
|
397 | 0 | if (permissions.contains(permission)) |
398 | { |
|
399 | 0 | return true; |
400 | } |
|
401 | } |
|
402 | } |
|
403 | 0 | return false; |
404 | } |
|
405 | ||
406 | /** |
|
407 | * Checks if the user is assigned a specific Permission in the global Group. |
|
408 | * |
|
409 | * @param permission the Permission |
|
410 | * @return <code>true</code> if the user is assigned the Permission in the global Group. |
|
411 | */ |
|
412 | public boolean hasPermission(Permission permission) |
|
413 | { |
|
414 | 0 | return hasPermission(permission, TurbineSecurity.getGlobalGroup()); |
415 | } |
|
416 | ||
417 | /** |
|
418 | * Checks if the user is assigned a specific Permission in the global Group. |
|
419 | * |
|
420 | * @param permission the Permission |
|
421 | * @return <code>true</code> if the user is assigned the Permission in the global Group. |
|
422 | */ |
|
423 | public boolean hasPermission(String permission) |
|
424 | { |
|
425 | try |
|
426 | { |
|
427 | 0 | return hasPermission(TurbineSecurity.getPermissionByName(permission)); |
428 | } |
|
429 | 0 | catch (Exception e) |
430 | { |
|
431 | 0 | return false; |
432 | } |
|
433 | } |
|
434 | ||
435 | /** |
|
436 | * Returns all groups definded in the system. |
|
437 | * |
|
438 | * This is useful for debugging, when you want to display all roles |
|
439 | * and permissions an user is assingned. This method is needed |
|
440 | * because you can't call static methods of TurbineSecurity class |
|
441 | * from within WebMacro/Velocity template |
|
442 | * |
|
443 | * @return A Group [] of all groups in the system. |
|
444 | */ |
|
445 | public Group[] getAllGroups() |
|
446 | { |
|
447 | try |
|
448 | { |
|
449 | 0 | return TurbineSecurity.getAllGroups().getGroupsArray(); |
450 | } |
|
451 | 0 | catch (TurbineSecurityException e) |
452 | { |
|
453 | 0 | return new Group[0]; |
454 | } |
|
455 | } |
|
456 | } |
This report is generated by jcoverage, Maven and Maven JCoverage Plugin. |