1 package org.apache.turbine.util.template;
2
3
4 /*
5 * Licensed to the Apache Software Foundation (ASF) under one
6 * or more contributor license agreements. See the NOTICE file
7 * distributed with this work for additional information
8 * regarding copyright ownership. The ASF licenses this file
9 * to you under the Apache License, Version 2.0 (the
10 * "License"); you may not use this file except in compliance
11 * with the License. You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing,
16 * software distributed under the License is distributed on an
17 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18 * KIND, either express or implied. See the License for the
19 * specific language governing permissions and limitations
20 * under the License.
21 */
22
23
24 import org.apache.fulcrum.security.entity.Permission;
25 import org.apache.fulcrum.security.entity.Role;
26 import org.apache.fulcrum.security.model.turbine.TurbineAccessControlList;
27 import org.apache.fulcrum.security.model.turbine.TurbineUserManager;
28 import org.apache.turbine.Turbine;
29 import org.apache.turbine.TurbineConstants;
30 import org.apache.turbine.services.TurbineServices;
31 import org.apache.turbine.services.template.TemplateService;
32 import org.apache.turbine.util.RunData;
33
34 /**
35 * Utility class to help check for proper authorization when using
36 * template screens. Sample usages:
37 *
38 * <p><pre>
39 * TemplateSecurityCheck secCheck = new TemplateSecurityCheck( data );
40 * secCheck.setMessage( "Sorry, you do not have permission to " +
41 * "access this area." );
42 * secCheck.setFailTemplate("login.wm");
43 * if ( !secCheck.hasRole("ADMIN") )
44 * return;
45 * </pre>
46 *
47 * @author <a href="mbryson@mont.mindspring.com">Dave Bryson</a>
48 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
49 * @version $Id: TemplateSecurityCheck.java 1773378 2016-12-09 13:19:59Z tv $
50 */
51 public class TemplateSecurityCheck
52 {
53 private String message = "Sorry, you do not have permission to access this area.";
54 private String failScreen;
55 private String failTemplate;
56 private RunData data = null;
57
58 /**
59 * Constructor.
60 *
61 * @param data A Turbine RunData object.
62 * @param message A String with the message to display upon
63 * failure.
64 */
65 public TemplateSecurityCheck(RunData data, String message)
66 {
67 this(data);
68 this.message = message;
69 }
70
71 /**
72 * Generic Constructor.
73 *
74 * @param data A Turbine RunData object.
75 */
76 public TemplateSecurityCheck(RunData data)
77 {
78 this.data = data;
79 TemplateService templateService = (TemplateService)TurbineServices.getInstance().getService(TemplateService.SERVICE_NAME);
80 this.failScreen = templateService.getDefaultScreen();
81 }
82
83 /**
84 * Does the User have this role?
85 *
86 * @param role The role to be checked.
87 * @return Whether the user has the role.
88 * @throws Exception Trouble validating.
89 */
90 public boolean hasRole(Role role)
91 throws Exception
92 {
93 if (!checkLogin())
94 {
95 return false;
96 }
97
98 TurbineAccessControlList acl = data.getACL();
99 if (acl == null || !acl.hasRole(role))
100 {
101 data.setScreen(getFailScreen());
102 data.getTemplateInfo().setScreenTemplate(getFailTemplate());
103 data.setMessage(getMessage());
104 return false;
105 }
106
107 return true;
108 }
109
110 /**
111 * Does the User have this permission?
112 *
113 * @param permission The permission to be checked.
114 * @return Whether the user has the permission.
115 * @throws Exception Trouble validating.
116 */
117 public boolean hasPermission(Permission permission)
118 throws Exception
119 {
120 boolean value = true;
121 TurbineAccessControlList acl = data.getACL();
122 if (acl == null || !acl.hasPermission(permission))
123 {
124 data.setScreen(getFailScreen());
125 data.getTemplateInfo().setScreenTemplate(getFailTemplate());
126 data.setMessage(getMessage());
127 value = false;
128 }
129
130 return value;
131 }
132
133 /**
134 * Check that the user has logged in.
135 *
136 * @return True if user has logged in.
137 * @throws Exception a generic exception.
138 */
139 public boolean checkLogin()
140 throws Exception
141 {
142 boolean value = true;
143
144 // Do it like the AccessController
145 TurbineUserManager userManager =
146 (TurbineUserManager)TurbineServices
147 .getInstance()
148 .getService(TurbineUserManager.ROLE);
149
150 if (!userManager.isAnonymousUser(data.getUser())
151 && !data.getUser().hasLoggedIn())
152 {
153 data.setMessage(Turbine.getConfiguration()
154 .getString(TurbineConstants.LOGIN_MESSAGE));
155
156 data.getTemplateInfo().setScreenTemplate(getFailTemplate());
157 value = false;
158 }
159
160 return value;
161 }
162
163 /**
164 * Set the message that should be displayed. This is initialized
165 * in the constructor.
166 *
167 * @param v A String with the message that should be displayed.
168 */
169 public void setMessage(String v)
170 {
171 this.message = v;
172 }
173
174 /**
175 * Get the message that should be displayed. This is initialized
176 * in the constructor.
177 *
178 * @return A String with the message that should be displayed.
179 */
180 public String getMessage()
181 {
182 return message;
183 }
184
185 /**
186 * Get the value of failScreen.
187 *
188 * @return A String with the value of failScreen.
189 */
190 public String getFailScreen()
191 {
192 return failScreen;
193 }
194
195 /**
196 * Set the value of failScreen.
197 *
198 * @param v A String with the value of failScreen.
199 */
200 public void setFailScreen(String v)
201 {
202 this.failScreen = v;
203 }
204
205 /**
206 * Get the value of failTemplate.
207 *
208 * @return A String with the value of failTemplate.
209 */
210 public String getFailTemplate()
211 {
212 return failTemplate;
213 }
214
215 /**
216 * Set the value of failTemplate.
217 *
218 * @param v A String with the value of failTemplate.
219 */
220 public void setFailTemplate(String v)
221 {
222 this.failTemplate = v;
223 }
224 }