001package org.apache.turbine.util.template;
002
003
004/*
005 * Licensed to the Apache Software Foundation (ASF) under one
006 * or more contributor license agreements.  See the NOTICE file
007 * distributed with this work for additional information
008 * regarding copyright ownership.  The ASF licenses this file
009 * to you under the Apache License, Version 2.0 (the
010 * "License"); you may not use this file except in compliance
011 * with the License.  You may obtain a copy of the License at
012 *
013 *   http://www.apache.org/licenses/LICENSE-2.0
014 *
015 * Unless required by applicable law or agreed to in writing,
016 * software distributed under the License is distributed on an
017 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
018 * KIND, either express or implied.  See the License for the
019 * specific language governing permissions and limitations
020 * under the License.
021 */
022
023
024import org.apache.fulcrum.security.entity.Permission;
025import org.apache.fulcrum.security.entity.Role;
026import org.apache.fulcrum.security.model.turbine.TurbineAccessControlList;
027import org.apache.fulcrum.security.model.turbine.TurbineUserManager;
028import org.apache.turbine.Turbine;
029import org.apache.turbine.TurbineConstants;
030import org.apache.turbine.services.TurbineServices;
031import org.apache.turbine.services.template.TemplateService;
032import org.apache.turbine.util.RunData;
033
034/**
035 * Utility class to help check for proper authorization when using
036 * template screens.  Sample usages:
037 *
038 * <p><pre>
039 * TemplateSecurityCheck secCheck = new TemplateSecurityCheck( data );
040 * secCheck.setMessage( "Sorry, you do not have permission to " +
041 *                      "access this area." );
042 * secCheck.setFailTemplate("login.wm");
043 * if ( !secCheck.hasRole("ADMIN") )
044 *     return;
045 * </pre>
046 *
047 * @author <a href="mbryson@mont.mindspring.com">Dave Bryson</a>
048 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
049 * @version $Id: TemplateSecurityCheck.java 1773378 2016-12-09 13:19:59Z tv $
050 */
051public class TemplateSecurityCheck
052{
053    private String message = "Sorry, you do not have permission to access this area.";
054    private String failScreen;
055    private String failTemplate;
056    private RunData data = null;
057
058    /**
059     * Constructor.
060     *
061     * @param data A Turbine RunData object.
062     * @param message A String with the message to display upon
063     * failure.
064     */
065    public TemplateSecurityCheck(RunData data, String message)
066    {
067        this(data);
068        this.message = message;
069    }
070
071    /**
072     * Generic Constructor.
073     *
074     * @param data A Turbine RunData object.
075     */
076    public TemplateSecurityCheck(RunData data)
077    {
078        this.data = data;
079        TemplateService templateService = (TemplateService)TurbineServices.getInstance().getService(TemplateService.SERVICE_NAME);
080        this.failScreen = templateService.getDefaultScreen();
081    }
082
083    /**
084     * Does the User have this role?
085     *
086     * @param role The role to be checked.
087     * @return Whether the user has the role.
088     * @throws Exception Trouble validating.
089     */
090    public boolean hasRole(Role role)
091        throws Exception
092    {
093        if (!checkLogin())
094        {
095            return false;
096        }
097
098        TurbineAccessControlList acl = data.getACL();
099        if (acl == null || !acl.hasRole(role))
100        {
101            data.setScreen(getFailScreen());
102            data.getTemplateInfo().setScreenTemplate(getFailTemplate());
103            data.setMessage(getMessage());
104            return false;
105        }
106
107        return true;
108    }
109
110    /**
111     * Does the User have this permission?
112     *
113     * @param permission The permission to be checked.
114     * @return Whether the user has the permission.
115     * @throws Exception Trouble validating.
116     */
117    public boolean hasPermission(Permission permission)
118        throws Exception
119    {
120        boolean value = true;
121        TurbineAccessControlList acl = data.getACL();
122        if (acl == null || !acl.hasPermission(permission))
123        {
124            data.setScreen(getFailScreen());
125            data.getTemplateInfo().setScreenTemplate(getFailTemplate());
126            data.setMessage(getMessage());
127            value = false;
128        }
129
130        return value;
131    }
132
133    /**
134     * Check that the user has logged in.
135     *
136     * @return True if user has logged in.
137     * @throws Exception a generic exception.
138     */
139    public boolean checkLogin()
140        throws Exception
141    {
142        boolean value = true;
143
144        // Do it like the AccessController
145        TurbineUserManager userManager =
146                (TurbineUserManager)TurbineServices
147                        .getInstance()
148                        .getService(TurbineUserManager.ROLE);
149
150        if (!userManager.isAnonymousUser(data.getUser())
151            && !data.getUser().hasLoggedIn())
152        {
153            data.setMessage(Turbine.getConfiguration()
154                .getString(TurbineConstants.LOGIN_MESSAGE));
155
156            data.getTemplateInfo().setScreenTemplate(getFailTemplate());
157            value = false;
158        }
159
160        return value;
161    }
162
163    /**
164     * Set the message that should be displayed.  This is initialized
165     * in the constructor.
166     *
167     * @param v A String with the message that should be displayed.
168     */
169    public void setMessage(String v)
170    {
171        this.message = v;
172    }
173
174    /**
175     * Get the message that should be displayed.  This is initialized
176     * in the constructor.
177     *
178     * @return A String with the message that should be displayed.
179     */
180    public String getMessage()
181    {
182        return message;
183    }
184
185    /**
186     * Get the value of failScreen.
187     *
188     * @return A String with the value of failScreen.
189     */
190    public String getFailScreen()
191    {
192        return failScreen;
193    }
194
195    /**
196     * Set the value of failScreen.
197     *
198     * @param v A String with the value of failScreen.
199     */
200    public void setFailScreen(String v)
201    {
202        this.failScreen = v;
203    }
204
205    /**
206     * Get the value of failTemplate.
207     *
208     * @return A String with the value of failTemplate.
209     */
210    public String getFailTemplate()
211    {
212        return failTemplate;
213    }
214
215    /**
216     * Set the value of failTemplate.
217     *
218     * @param v A String with the value of failTemplate.
219     */
220    public void setFailTemplate(String v)
221    {
222        this.failTemplate = v;
223    }
224}