View Javadoc

1   package org.apache.turbine.util.security;
2   
3   
4   /*
5    * Licensed to the Apache Software Foundation (ASF) under one
6    * or more contributor license agreements.  See the NOTICE file
7    * distributed with this work for additional information
8    * regarding copyright ownership.  The ASF licenses this file
9    * to you under the Apache License, Version 2.0 (the
10   * "License"); you may not use this file except in compliance
11   * with the License.  You may obtain a copy of the License at
12   *
13   *   http://www.apache.org/licenses/LICENSE-2.0
14   *
15   * Unless required by applicable law or agreed to in writing,
16   * software distributed under the License is distributed on an
17   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18   * KIND, either express or implied.  See the License for the
19   * specific language governing permissions and limitations
20   * under the License.
21   */
22  
23  
24  import java.util.Iterator;
25  import java.util.Map;
26  
27  import org.apache.turbine.om.security.Group;
28  import org.apache.turbine.om.security.Permission;
29  import org.apache.turbine.om.security.Role;
30  import org.apache.turbine.services.security.TurbineSecurity;
31  
32  /**
33   * This is a control class that makes it easy to find out if a
34   * particular User has a given Permission.  It also determines if a
35   * User has a a particular Role.
36   *
37   * @author <a href="mailto:jmcnally@collab.net">John D. McNally</a>
38   * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
39   * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a>
40   * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
41   * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
42   * @author <a href="mailto:marco@intermeta.de">Marco Kn&uuml;ttel</a>
43   * @version $Id: TurbineAccessControlList.java 1096130 2011-04-23 10:37:19Z ludwig $
44   */
45  public class TurbineAccessControlList
46          implements AccessControlList
47  {
48      /** The sets of roles that the user has in different groups */
49      private Map roleSets;
50  
51      /** The sets of permissions that the user has in different groups */
52      private Map permissionSets;
53  
54      /** The name of this ACL. Needed for the SecurityEntity Interface */
55      private String name;
56  
57      /**
58       * Constructs a new AccessControlList.
59       *
60       * This class follows 'immutable' pattern - it's objects can't be modified
61       * once they are created. This means that the permissions the users have are
62       * in effect form the moment they log in to the moment they log out, and
63       * changes made to the security settings in that time are not reflected
64       * in the state of this object. If you need to reset an user's permissions
65       * you need to invalidate his session. <br>
66       * The objects that constructs an AccessControlList must supply hashtables
67       * of role/permission sets keyed with group objects. <br>
68       *
69       * @param roleSets a hashtable containing RoleSet objects keyed with Group objects
70       * @param permissionSets a hashtable containing PermissionSet objects keyed with Group objects
71       */
72      public TurbineAccessControlList(Map roleSets, Map permissionSets)
73      {
74          this.roleSets = roleSets;
75          this.permissionSets = permissionSets;
76      }
77  
78      /**
79       * Returns the name of this ACL.
80       *
81       * @return The ACL Name
82       *
83       */
84      public String getName()
85      {
86          return this.name;
87      }
88  
89      /**
90       * Sets the name of this ACL.
91       *
92       * @param name The new ACL name.
93       *
94       */
95      public void setName(String name)
96      {
97          this.name = name;
98      }
99  
100     /**
101      * Retrieves a set of Roles an user is assigned in a Group.
102      *
103      * @param group the Group
104      * @return the set of Roles this user has within the Group.
105      */
106     public RoleSet getRoles(Group group)
107     {
108         if (group == null)
109         {
110             return null;
111         }
112         return (RoleSet) roleSets.get(group);
113     }
114 
115     /**
116      * Retrieves a set of Roles an user is assigned in the global Group.
117      *
118      * @return the set of Roles this user has within the global Group.
119      */
120     public RoleSet getRoles()
121     {
122         return getRoles(TurbineSecurity.getGlobalGroup());
123     }
124 
125     /**
126      * Retrieves a set of Permissions an user is assigned in a Group.
127      *
128      * @param group the Group
129      * @return the set of Permissions this user has within the Group.
130      */
131     public PermissionSet getPermissions(Group group)
132     {
133         if (group == null)
134         {
135             return null;
136         }
137         return (PermissionSet) permissionSets.get(group);
138     }
139 
140     /**
141      * Retrieves a set of Permissions an user is assigned in the global Group.
142      *
143      * @return the set of Permissions this user has within the global Group.
144      */
145     public PermissionSet getPermissions()
146     {
147         return getPermissions(TurbineSecurity.getGlobalGroup());
148     }
149 
150     /**
151      * Checks if the user is assigned a specific Role in the Group.
152      *
153      * @param role the Role
154      * @param group the Group
155      * @return <code>true</code> if the user is assigned the Role in the Group.
156      */
157     public boolean hasRole(Role role, Group group)
158     {
159         RoleSet set = getRoles(group);
160         if (set == null || role == null)
161         {
162             return false;
163         }
164         return set.contains(role);
165     }
166 
167     /**
168      * Checks if the user is assigned a specific Role in any of the given
169      * Groups
170      *
171      * @param role the Role
172      * @param groupset a Groupset
173      * @return <code>true</code> if the user is assigned the Role in any of
174      *         the given Groups.
175      */
176     public boolean hasRole(Role role, GroupSet groupset)
177     {
178         if (role == null)
179         {
180             return false;
181         }
182         for (Iterator groups = groupset.iterator(); groups.hasNext();)
183         {
184             Group group = (Group) groups.next();
185             RoleSet roles = getRoles(group);
186             if (roles != null)
187             {
188                 if (roles.contains(role))
189                 {
190                     return true;
191                 }
192             }
193         }
194         return false;
195     }
196 
197     /**
198      * Checks if the user is assigned a specific Role in the Group.
199      *
200      * @param role the Role
201      * @param group the Group
202      * @return <code>true</code> if the user is assigned the Role in the Group.
203      */
204     public boolean hasRole(String role, String group)
205     {
206         try
207         {
208             return hasRole(TurbineSecurity.getRoleByName(role),
209                     TurbineSecurity.getGroupByName(group));
210         }
211         catch (Exception e)
212         {
213             return false;
214         }
215     }
216 
217     /**
218      * Checks if the user is assigned a specifie Role in any of the given
219      * Groups
220      *
221      * @param rolename the name of the Role
222      * @param groupset a Groupset
223      * @return <code>true</code> if the user is assigned the Role in any of
224      *         the given Groups.
225      */
226     public boolean hasRole(String rolename, GroupSet groupset)
227     {
228         Role role;
229         try
230         {
231             role = TurbineSecurity.getRoleByName(rolename);
232         }
233         catch (TurbineSecurityException e)
234         {
235             return false;
236         }
237         if (role == null)
238         {
239             return false;
240         }
241         for (Iterator groups = groupset.iterator(); groups.hasNext();)
242         {
243             Group group = (Group) groups.next();
244             RoleSet roles = getRoles(group);
245             if (roles != null)
246             {
247                 if (roles.contains(role))
248                 {
249                     return true;
250                 }
251             }
252         }
253         return false;
254     }
255 
256     /**
257      * Checks if the user is assigned a specific Role in the global Group.
258      *
259      * @param role the Role
260      * @return <code>true</code> if the user is assigned the Role in the global Group.
261      */
262     public boolean hasRole(Role role)
263     {
264         return hasRole(role, TurbineSecurity.getGlobalGroup());
265     }
266 
267     /**
268      * Checks if the user is assigned a specific Role in the global Group.
269      *
270      * @param role the Role
271      * @return <code>true</code> if the user is assigned the Role in the global Group.
272      */
273     public boolean hasRole(String role)
274     {
275         try
276         {
277             return hasRole(TurbineSecurity.getRoleByName(role));
278         }
279         catch (Exception e)
280         {
281             return false;
282         }
283     }
284 
285     /**
286      * Checks if the user is assigned a specific Permission in the Group.
287      *
288      * @param permission the Permission
289      * @param group the Group
290      * @return <code>true</code> if the user is assigned the Permission in the Group.
291      */
292     public boolean hasPermission(Permission permission, Group group)
293     {
294         PermissionSet set = getPermissions(group);
295         if (set == null || permission == null)
296         {
297             return false;
298         }
299         return set.contains(permission);
300     }
301 
302     /**
303      * Checks if the user is assigned a specific Permission in any of the given
304      * Groups
305      *
306      * @param permission the Permission
307      * @param groupset a Groupset
308      * @return <code>true</code> if the user is assigned the Permission in any
309      *         of the given Groups.
310      */
311     public boolean hasPermission(Permission permission, GroupSet groupset)
312     {
313         if (permission == null)
314         {
315             return false;
316         }
317         for (Iterator groups = groupset.iterator(); groups.hasNext();)
318         {
319             Group group = (Group) groups.next();
320             PermissionSet permissions = getPermissions(group);
321             if (permissions != null)
322             {
323                 if (permissions.contains(permission))
324                 {
325                     return true;
326                 }
327             }
328         }
329         return false;
330     }
331 
332     /**
333      * Checks if the user is assigned a specific Permission in the Group.
334      *
335      * @param permission the Permission
336      * @param group the Group
337      * @return <code>true</code> if the user is assigned the Permission in the Group.
338      */
339     public boolean hasPermission(String permission, String group)
340     {
341         try
342         {
343             return hasPermission(TurbineSecurity.getPermissionByName(permission),
344                     TurbineSecurity.getGroupByName(group));
345         }
346         catch (Exception e)
347         {
348             return false;
349         }
350     }
351 
352     /**
353      * Checks if the user is assigned a specific Permission in the Group.
354      *
355      * @param permission the Permission
356      * @param group the Group
357      * @return <code>true</code> if the user is assigned the Permission in the Group.
358      */
359     public boolean hasPermission(String permission, Group group)
360     {
361         try
362         {
363             return hasPermission(
364                     TurbineSecurity.getPermissionByName(permission), group);
365         }
366         catch (Exception e)
367         {
368             return false;
369         }
370     }
371 
372     /**
373      * Checks if the user is assigned a specifie Permission in any of the given
374      * Groups
375      *
376      * @param permissionName the name of the Permission
377      * @param groupset a Groupset
378      * @return <code>true</code> if the user is assigned the Permission in any
379      *         of the given Groups.
380      */
381     public boolean hasPermission(String permissionName, GroupSet groupset)
382     {
383         Permission permission;
384         try
385         {
386             permission = TurbineSecurity.getPermissionByName(permissionName);
387         }
388         catch (TurbineSecurityException e)
389         {
390             return false;
391         }
392         if (permission == null)
393         {
394             return false;
395         }
396         for (Iterator groups = groupset.iterator(); groups.hasNext();)
397         {
398             Group group = (Group) groups.next();
399             PermissionSet permissions = getPermissions(group);
400             if (permissions != null)
401             {
402                 if (permissions.contains(permission))
403                 {
404                     return true;
405                 }
406             }
407         }
408         return false;
409     }
410 
411     /**
412      * Checks if the user is assigned a specific Permission in the global Group.
413      *
414      * @param permission the Permission
415      * @return <code>true</code> if the user is assigned the Permission in the global Group.
416      */
417     public boolean hasPermission(Permission permission)
418     {
419         return hasPermission(permission, TurbineSecurity.getGlobalGroup());
420     }
421 
422     /**
423      * Checks if the user is assigned a specific Permission in the global Group.
424      *
425      * @param permission the Permission
426      * @return <code>true</code> if the user is assigned the Permission in the global Group.
427      */
428     public boolean hasPermission(String permission)
429     {
430         try
431         {
432             return hasPermission(TurbineSecurity.getPermissionByName(permission));
433         }
434         catch (Exception e)
435         {
436             return false;
437         }
438     }
439 
440     /**
441      * Returns all groups definded in the system.
442      *
443      * This is useful for debugging, when you want to display all roles
444      * and permissions an user is assingned. This method is needed
445      * because you can't call static methods of TurbineSecurity class
446      * from within WebMacro/Velocity template
447      *
448      * @return A Group [] of all groups in the system.
449      */
450     public Group[] getAllGroups()
451     {
452         try
453         {
454             return TurbineSecurity.getAllGroups().getGroupsArray();
455         }
456         catch (TurbineSecurityException e)
457         {
458             return new Group[0];
459         }
460     }
461 }