001    package org.apache.turbine.util.security;
002    
003    
004    /*
005     * Licensed to the Apache Software Foundation (ASF) under one
006     * or more contributor license agreements.  See the NOTICE file
007     * distributed with this work for additional information
008     * regarding copyright ownership.  The ASF licenses this file
009     * to you under the Apache License, Version 2.0 (the
010     * "License"); you may not use this file except in compliance
011     * with the License.  You may obtain a copy of the License at
012     *
013     *   http://www.apache.org/licenses/LICENSE-2.0
014     *
015     * Unless required by applicable law or agreed to in writing,
016     * software distributed under the License is distributed on an
017     * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
018     * KIND, either express or implied.  See the License for the
019     * specific language governing permissions and limitations
020     * under the License.
021     */
022    
023    
024    import java.util.Iterator;
025    import java.util.Map;
026    
027    import org.apache.turbine.om.security.Group;
028    import org.apache.turbine.om.security.Permission;
029    import org.apache.turbine.om.security.Role;
030    import org.apache.turbine.services.security.TurbineSecurity;
031    
032    /**
033     * This is a control class that makes it easy to find out if a
034     * particular User has a given Permission.  It also determines if a
035     * User has a a particular Role.
036     *
037     * @author <a href="mailto:jmcnally@collab.net">John D. McNally</a>
038     * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
039     * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a>
040     * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
041     * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
042     * @author <a href="mailto:marco@intermeta.de">Marco Kn&uuml;ttel</a>
043     * @version $Id: TurbineAccessControlList.java 1096130 2011-04-23 10:37:19Z ludwig $
044     */
045    public class TurbineAccessControlList
046            implements AccessControlList
047    {
048        /** The sets of roles that the user has in different groups */
049        private Map roleSets;
050    
051        /** The sets of permissions that the user has in different groups */
052        private Map permissionSets;
053    
054        /** The name of this ACL. Needed for the SecurityEntity Interface */
055        private String name;
056    
057        /**
058         * Constructs a new AccessControlList.
059         *
060         * This class follows 'immutable' pattern - it's objects can't be modified
061         * once they are created. This means that the permissions the users have are
062         * in effect form the moment they log in to the moment they log out, and
063         * changes made to the security settings in that time are not reflected
064         * in the state of this object. If you need to reset an user's permissions
065         * you need to invalidate his session. <br>
066         * The objects that constructs an AccessControlList must supply hashtables
067         * of role/permission sets keyed with group objects. <br>
068         *
069         * @param roleSets a hashtable containing RoleSet objects keyed with Group objects
070         * @param permissionSets a hashtable containing PermissionSet objects keyed with Group objects
071         */
072        public TurbineAccessControlList(Map roleSets, Map permissionSets)
073        {
074            this.roleSets = roleSets;
075            this.permissionSets = permissionSets;
076        }
077    
078        /**
079         * Returns the name of this ACL.
080         *
081         * @return The ACL Name
082         *
083         */
084        public String getName()
085        {
086            return this.name;
087        }
088    
089        /**
090         * Sets the name of this ACL.
091         *
092         * @param name The new ACL name.
093         *
094         */
095        public void setName(String name)
096        {
097            this.name = name;
098        }
099    
100        /**
101         * Retrieves a set of Roles an user is assigned in a Group.
102         *
103         * @param group the Group
104         * @return the set of Roles this user has within the Group.
105         */
106        public RoleSet getRoles(Group group)
107        {
108            if (group == null)
109            {
110                return null;
111            }
112            return (RoleSet) roleSets.get(group);
113        }
114    
115        /**
116         * Retrieves a set of Roles an user is assigned in the global Group.
117         *
118         * @return the set of Roles this user has within the global Group.
119         */
120        public RoleSet getRoles()
121        {
122            return getRoles(TurbineSecurity.getGlobalGroup());
123        }
124    
125        /**
126         * Retrieves a set of Permissions an user is assigned in a Group.
127         *
128         * @param group the Group
129         * @return the set of Permissions this user has within the Group.
130         */
131        public PermissionSet getPermissions(Group group)
132        {
133            if (group == null)
134            {
135                return null;
136            }
137            return (PermissionSet) permissionSets.get(group);
138        }
139    
140        /**
141         * Retrieves a set of Permissions an user is assigned in the global Group.
142         *
143         * @return the set of Permissions this user has within the global Group.
144         */
145        public PermissionSet getPermissions()
146        {
147            return getPermissions(TurbineSecurity.getGlobalGroup());
148        }
149    
150        /**
151         * Checks if the user is assigned a specific Role in the Group.
152         *
153         * @param role the Role
154         * @param group the Group
155         * @return <code>true</code> if the user is assigned the Role in the Group.
156         */
157        public boolean hasRole(Role role, Group group)
158        {
159            RoleSet set = getRoles(group);
160            if (set == null || role == null)
161            {
162                return false;
163            }
164            return set.contains(role);
165        }
166    
167        /**
168         * Checks if the user is assigned a specific Role in any of the given
169         * Groups
170         *
171         * @param role the Role
172         * @param groupset a Groupset
173         * @return <code>true</code> if the user is assigned the Role in any of
174         *         the given Groups.
175         */
176        public boolean hasRole(Role role, GroupSet groupset)
177        {
178            if (role == null)
179            {
180                return false;
181            }
182            for (Iterator groups = groupset.iterator(); groups.hasNext();)
183            {
184                Group group = (Group) groups.next();
185                RoleSet roles = getRoles(group);
186                if (roles != null)
187                {
188                    if (roles.contains(role))
189                    {
190                        return true;
191                    }
192                }
193            }
194            return false;
195        }
196    
197        /**
198         * Checks if the user is assigned a specific Role in the Group.
199         *
200         * @param role the Role
201         * @param group the Group
202         * @return <code>true</code> if the user is assigned the Role in the Group.
203         */
204        public boolean hasRole(String role, String group)
205        {
206            try
207            {
208                return hasRole(TurbineSecurity.getRoleByName(role),
209                        TurbineSecurity.getGroupByName(group));
210            }
211            catch (Exception e)
212            {
213                return false;
214            }
215        }
216    
217        /**
218         * Checks if the user is assigned a specifie Role in any of the given
219         * Groups
220         *
221         * @param rolename the name of the Role
222         * @param groupset a Groupset
223         * @return <code>true</code> if the user is assigned the Role in any of
224         *         the given Groups.
225         */
226        public boolean hasRole(String rolename, GroupSet groupset)
227        {
228            Role role;
229            try
230            {
231                role = TurbineSecurity.getRoleByName(rolename);
232            }
233            catch (TurbineSecurityException e)
234            {
235                return false;
236            }
237            if (role == null)
238            {
239                return false;
240            }
241            for (Iterator groups = groupset.iterator(); groups.hasNext();)
242            {
243                Group group = (Group) groups.next();
244                RoleSet roles = getRoles(group);
245                if (roles != null)
246                {
247                    if (roles.contains(role))
248                    {
249                        return true;
250                    }
251                }
252            }
253            return false;
254        }
255    
256        /**
257         * Checks if the user is assigned a specific Role in the global Group.
258         *
259         * @param role the Role
260         * @return <code>true</code> if the user is assigned the Role in the global Group.
261         */
262        public boolean hasRole(Role role)
263        {
264            return hasRole(role, TurbineSecurity.getGlobalGroup());
265        }
266    
267        /**
268         * Checks if the user is assigned a specific Role in the global Group.
269         *
270         * @param role the Role
271         * @return <code>true</code> if the user is assigned the Role in the global Group.
272         */
273        public boolean hasRole(String role)
274        {
275            try
276            {
277                return hasRole(TurbineSecurity.getRoleByName(role));
278            }
279            catch (Exception e)
280            {
281                return false;
282            }
283        }
284    
285        /**
286         * Checks if the user is assigned a specific Permission in the Group.
287         *
288         * @param permission the Permission
289         * @param group the Group
290         * @return <code>true</code> if the user is assigned the Permission in the Group.
291         */
292        public boolean hasPermission(Permission permission, Group group)
293        {
294            PermissionSet set = getPermissions(group);
295            if (set == null || permission == null)
296            {
297                return false;
298            }
299            return set.contains(permission);
300        }
301    
302        /**
303         * Checks if the user is assigned a specific Permission in any of the given
304         * Groups
305         *
306         * @param permission the Permission
307         * @param groupset a Groupset
308         * @return <code>true</code> if the user is assigned the Permission in any
309         *         of the given Groups.
310         */
311        public boolean hasPermission(Permission permission, GroupSet groupset)
312        {
313            if (permission == null)
314            {
315                return false;
316            }
317            for (Iterator groups = groupset.iterator(); groups.hasNext();)
318            {
319                Group group = (Group) groups.next();
320                PermissionSet permissions = getPermissions(group);
321                if (permissions != null)
322                {
323                    if (permissions.contains(permission))
324                    {
325                        return true;
326                    }
327                }
328            }
329            return false;
330        }
331    
332        /**
333         * Checks if the user is assigned a specific Permission in the Group.
334         *
335         * @param permission the Permission
336         * @param group the Group
337         * @return <code>true</code> if the user is assigned the Permission in the Group.
338         */
339        public boolean hasPermission(String permission, String group)
340        {
341            try
342            {
343                return hasPermission(TurbineSecurity.getPermissionByName(permission),
344                        TurbineSecurity.getGroupByName(group));
345            }
346            catch (Exception e)
347            {
348                return false;
349            }
350        }
351    
352        /**
353         * Checks if the user is assigned a specific Permission in the Group.
354         *
355         * @param permission the Permission
356         * @param group the Group
357         * @return <code>true</code> if the user is assigned the Permission in the Group.
358         */
359        public boolean hasPermission(String permission, Group group)
360        {
361            try
362            {
363                return hasPermission(
364                        TurbineSecurity.getPermissionByName(permission), group);
365            }
366            catch (Exception e)
367            {
368                return false;
369            }
370        }
371    
372        /**
373         * Checks if the user is assigned a specifie Permission in any of the given
374         * Groups
375         *
376         * @param permissionName the name of the Permission
377         * @param groupset a Groupset
378         * @return <code>true</code> if the user is assigned the Permission in any
379         *         of the given Groups.
380         */
381        public boolean hasPermission(String permissionName, GroupSet groupset)
382        {
383            Permission permission;
384            try
385            {
386                permission = TurbineSecurity.getPermissionByName(permissionName);
387            }
388            catch (TurbineSecurityException e)
389            {
390                return false;
391            }
392            if (permission == null)
393            {
394                return false;
395            }
396            for (Iterator groups = groupset.iterator(); groups.hasNext();)
397            {
398                Group group = (Group) groups.next();
399                PermissionSet permissions = getPermissions(group);
400                if (permissions != null)
401                {
402                    if (permissions.contains(permission))
403                    {
404                        return true;
405                    }
406                }
407            }
408            return false;
409        }
410    
411        /**
412         * Checks if the user is assigned a specific Permission in the global Group.
413         *
414         * @param permission the Permission
415         * @return <code>true</code> if the user is assigned the Permission in the global Group.
416         */
417        public boolean hasPermission(Permission permission)
418        {
419            return hasPermission(permission, TurbineSecurity.getGlobalGroup());
420        }
421    
422        /**
423         * Checks if the user is assigned a specific Permission in the global Group.
424         *
425         * @param permission the Permission
426         * @return <code>true</code> if the user is assigned the Permission in the global Group.
427         */
428        public boolean hasPermission(String permission)
429        {
430            try
431            {
432                return hasPermission(TurbineSecurity.getPermissionByName(permission));
433            }
434            catch (Exception e)
435            {
436                return false;
437            }
438        }
439    
440        /**
441         * Returns all groups definded in the system.
442         *
443         * This is useful for debugging, when you want to display all roles
444         * and permissions an user is assingned. This method is needed
445         * because you can't call static methods of TurbineSecurity class
446         * from within WebMacro/Velocity template
447         *
448         * @return A Group [] of all groups in the system.
449         */
450        public Group[] getAllGroups()
451        {
452            try
453            {
454                return TurbineSecurity.getAllGroups().getGroupsArray();
455            }
456            catch (TurbineSecurityException e)
457            {
458                return new Group[0];
459            }
460        }
461    }