001package org.apache.fulcrum.security.model.basic; 002 003/* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021import org.apache.fulcrum.security.entity.Group; 022import org.apache.fulcrum.security.util.GroupSet; 023 024/** 025 * This is a control class that makes it easy to find out if a particular User 026 * has a given Permission. It also determines if a User has a a particular Role. 027 * 028 * @author <a href="mailto:epugh@upstate.com">Eric Pugh</a> 029 * @version $Id: BasicAccessControlListImpl.java 535465 2007-05-05 06:58:06Z tv 030 */ 031public class BasicAccessControlListImpl implements BasicAccessControlList 032{ 033 // TODO Need to rethink the two maps.. Why not just a single list of groups? 034 // That would then cascade down to all the other roles and so on.. 035 036 /** 037 * Serial number 038 */ 039 private static final long serialVersionUID = 2911747448261740381L; 040 041 /** The distinct list of groups that this user is part of */ 042 private GroupSet groupSet = new GroupSet(); 043 044 /** 045 * Constructs a new AccessControlList. 046 * 047 * This class follows 'immutable' pattern - it's objects can't be modified 048 * once they are created. This means that the permissions the users have are 049 * in effect form the moment they log in to the moment they log out, and 050 * changes made to the security settings in that time are not reflected in 051 * the state of this object. If you need to reset an user's permissions you 052 * need to invalidate his session. <br> 053 * The objects that constructs an AccessControlList must supply hashtables 054 * of role/permission sets keyed with group objects. <br> 055 * 056 * @param groupSet 057 * a hashtable containing GroupSet objects 058 */ 059 public BasicAccessControlListImpl(GroupSet groupSet) 060 { 061 this.groupSet = groupSet; 062 } 063 064 /** 065 * Retrieves a set of Groups an user is assigned 066 * 067 * @return the set of Groups 068 */ 069 public GroupSet getGroups() 070 { 071 return groupSet; 072 } 073 074 /** 075 * Checks if the user is assigned a specific Group 076 * 077 * @param group 078 * the Group 079 * @return <code>true</code> if the user is assigned the Group 080 */ 081 public boolean hasGroup(Group group) 082 { 083 return groupSet.contains(group); 084 } 085 086 /** 087 * Checks if the user is assigned a specific Group 088 * 089 * @param group 090 * the Group name 091 * @return <code>true</code> if the user is assigned the Group 092 */ 093 public boolean hasGroup(String group) 094 { 095 try 096 { 097 return groupSet.containsName(group); 098 } 099 catch (Exception e) 100 { 101 return false; 102 } 103 } 104}