1 package org.apache.turbine.util.security;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 import java.util.Iterator;
23 import java.util.Map;
24
25 import org.apache.turbine.om.security.Group;
26 import org.apache.turbine.om.security.Permission;
27 import org.apache.turbine.om.security.Role;
28 import org.apache.turbine.services.security.TurbineSecurity;
29
30 /***
31 * This is a control class that makes it easy to find out if a
32 * particular User has a given Permission. It also determines if a
33 * User has a a particular Role.
34 *
35 * @author <a href="mailto:jmcnally@collab.net">John D. McNally</a>
36 * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
37 * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a>
38 * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
39 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
40 * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a>
41 * @version $Id: TurbineAccessControlList.java 534527 2007-05-02 16:10:59Z tv $
42 */
43 public class TurbineAccessControlList
44 implements AccessControlList
45 {
46 /*** Serial Version UID */
47 private static final long serialVersionUID = 2678947159949477950L;
48
49 /*** The sets of roles that the user has in different groups */
50 private Map roleSets;
51
52 /*** The sets of permissions that the user has in different groups */
53 private Map permissionSets;
54
55 /*** The name of this ACL. Needed for the SecurityEntity Interface */
56 private String name;
57
58 /***
59 * Constructs a new AccessControlList.
60 *
61 * This class follows 'immutable' pattern - it's objects can't be modified
62 * once they are created. This means that the permissions the users have are
63 * in effect form the moment they log in to the moment they log out, and
64 * changes made to the security settings in that time are not reflected
65 * in the state of this object. If you need to reset an user's permissions
66 * you need to invalidate his session. <br>
67 * The objects that constructs an AccessControlList must supply hashtables
68 * of role/permission sets keyed with group objects. <br>
69 *
70 * @param roleSets a hashtable containing RoleSet objects keyed with Group objects
71 * @param permissionSets a hashtable containing PermissionSet objects keyed with Group objects
72 */
73 public TurbineAccessControlList(Map roleSets, Map permissionSets)
74 {
75 this.roleSets = roleSets;
76 this.permissionSets = permissionSets;
77 }
78
79 /***
80 * Returns the name of this ACL.
81 *
82 * @return The ACL Name
83 *
84 */
85 public String getName()
86 {
87 return this.name;
88 }
89
90 /***
91 * Sets the name of this ACL.
92 *
93 * @param name The new ACL name.
94 *
95 */
96 public void setName(String name)
97 {
98 this.name = name;
99 }
100
101 /***
102 * Retrieves a set of Roles an user is assigned in a Group.
103 *
104 * @param group the Group
105 * @return the set of Roles this user has within the Group.
106 */
107 public RoleSet getRoles(Group group)
108 {
109 if (group == null)
110 {
111 return null;
112 }
113 return (RoleSet) roleSets.get(group);
114 }
115
116 /***
117 * Retrieves a set of Roles an user is assigned in the global Group.
118 *
119 * @return the set of Roles this user has within the global Group.
120 */
121 public RoleSet getRoles()
122 {
123 return getRoles(TurbineSecurity.getGlobalGroup());
124 }
125
126 /***
127 * Retrieves a set of Permissions an user is assigned in a Group.
128 *
129 * @param group the Group
130 * @return the set of Permissions this user has within the Group.
131 */
132 public PermissionSet getPermissions(Group group)
133 {
134 if (group == null)
135 {
136 return null;
137 }
138 return (PermissionSet) permissionSets.get(group);
139 }
140
141 /***
142 * Retrieves a set of Permissions an user is assigned in the global Group.
143 *
144 * @return the set of Permissions this user has within the global Group.
145 */
146 public PermissionSet getPermissions()
147 {
148 return getPermissions(TurbineSecurity.getGlobalGroup());
149 }
150
151 /***
152 * Checks if the user is assigned a specific Role in the Group.
153 *
154 * @param role the Role
155 * @param group the Group
156 * @return <code>true</code> if the user is assigned the Role in the Group.
157 */
158 public boolean hasRole(Role role, Group group)
159 {
160 RoleSet set = getRoles(group);
161 if (set == null || role == null)
162 {
163 return false;
164 }
165 return set.contains(role);
166 }
167
168 /***
169 * Checks if the user is assigned a specific Role in any of the given
170 * Groups
171 *
172 * @param role the Role
173 * @param groupset a Groupset
174 * @return <code>true</code> if the user is assigned the Role in any of
175 * the given Groups.
176 */
177 public boolean hasRole(Role role, GroupSet groupset)
178 {
179 if (role == null)
180 {
181 return false;
182 }
183 for (Iterator groups = groupset.iterator(); groups.hasNext();)
184 {
185 Group group = (Group) groups.next();
186 RoleSet roles = getRoles(group);
187 if (roles != null)
188 {
189 if (roles.contains(role))
190 {
191 return true;
192 }
193 }
194 }
195 return false;
196 }
197
198 /***
199 * Checks if the user is assigned a specific Role in the Group.
200 *
201 * @param role the Role
202 * @param group the Group
203 * @return <code>true</code> if the user is assigned the Role in the Group.
204 */
205 public boolean hasRole(String role, String group)
206 {
207 try
208 {
209 return hasRole(TurbineSecurity.getRoleByName(role),
210 TurbineSecurity.getGroupByName(group));
211 }
212 catch (Exception e)
213 {
214 return false;
215 }
216 }
217
218 /***
219 * Checks if the user is assigned a specifie Role in any of the given
220 * Groups
221 *
222 * @param rolename the name of the Role
223 * @param groupset a Groupset
224 * @return <code>true</code> if the user is assigned the Role in any of
225 * the given Groups.
226 */
227 public boolean hasRole(String rolename, GroupSet groupset)
228 {
229 Role role;
230 try
231 {
232 role = TurbineSecurity.getRoleByName(rolename);
233 }
234 catch (TurbineSecurityException e)
235 {
236 return false;
237 }
238 if (role == null)
239 {
240 return false;
241 }
242 for (Iterator groups = groupset.iterator(); groups.hasNext();)
243 {
244 Group group = (Group) groups.next();
245 RoleSet roles = getRoles(group);
246 if (roles != null)
247 {
248 if (roles.contains(role))
249 {
250 return true;
251 }
252 }
253 }
254 return false;
255 }
256
257 /***
258 * Checks if the user is assigned a specific Role in the global Group.
259 *
260 * @param role the Role
261 * @return <code>true</code> if the user is assigned the Role in the global Group.
262 */
263 public boolean hasRole(Role role)
264 {
265 return hasRole(role, TurbineSecurity.getGlobalGroup());
266 }
267
268 /***
269 * Checks if the user is assigned a specific Role in the global Group.
270 *
271 * @param role the Role
272 * @return <code>true</code> if the user is assigned the Role in the global Group.
273 */
274 public boolean hasRole(String role)
275 {
276 try
277 {
278 return hasRole(TurbineSecurity.getRoleByName(role));
279 }
280 catch (Exception e)
281 {
282 return false;
283 }
284 }
285
286 /***
287 * Checks if the user is assigned a specific Permission in the Group.
288 *
289 * @param permission the Permission
290 * @param group the Group
291 * @return <code>true</code> if the user is assigned the Permission in the Group.
292 */
293 public boolean hasPermission(Permission permission, Group group)
294 {
295 PermissionSet set = getPermissions(group);
296 if (set == null || permission == null)
297 {
298 return false;
299 }
300 return set.contains(permission);
301 }
302
303 /***
304 * Checks if the user is assigned a specific Permission in any of the given
305 * Groups
306 *
307 * @param permission the Permission
308 * @param groupset a Groupset
309 * @return <code>true</code> if the user is assigned the Permission in any
310 * of the given Groups.
311 */
312 public boolean hasPermission(Permission permission, GroupSet groupset)
313 {
314 if (permission == null)
315 {
316 return false;
317 }
318 for (Iterator groups = groupset.iterator(); groups.hasNext();)
319 {
320 Group group = (Group) groups.next();
321 PermissionSet permissions = getPermissions(group);
322 if (permissions != null)
323 {
324 if (permissions.contains(permission))
325 {
326 return true;
327 }
328 }
329 }
330 return false;
331 }
332
333 /***
334 * Checks if the user is assigned a specific Permission in the Group.
335 *
336 * @param permission the Permission
337 * @param group the Group
338 * @return <code>true</code> if the user is assigned the Permission in the Group.
339 */
340 public boolean hasPermission(String permission, String group)
341 {
342 try
343 {
344 return hasPermission(TurbineSecurity.getPermissionByName(permission),
345 TurbineSecurity.getGroupByName(group));
346 }
347 catch (Exception e)
348 {
349 return false;
350 }
351 }
352
353 /***
354 * Checks if the user is assigned a specific Permission in the Group.
355 *
356 * @param permission the Permission
357 * @param group the Group
358 * @return <code>true</code> if the user is assigned the Permission in the Group.
359 */
360 public boolean hasPermission(String permission, Group group)
361 {
362 try
363 {
364 return hasPermission(
365 TurbineSecurity.getPermissionByName(permission), group);
366 }
367 catch (Exception e)
368 {
369 return false;
370 }
371 }
372
373 /***
374 * Checks if the user is assigned a specifie Permission in any of the given
375 * Groups
376 *
377 * @param permissionName the name of the Permission
378 * @param groupset a Groupset
379 * @return <code>true</code> if the user is assigned the Permission in any
380 * of the given Groups.
381 */
382 public boolean hasPermission(String permissionName, GroupSet groupset)
383 {
384 Permission permission;
385 try
386 {
387 permission = TurbineSecurity.getPermissionByName(permissionName);
388 }
389 catch (TurbineSecurityException e)
390 {
391 return false;
392 }
393 if (permission == null)
394 {
395 return false;
396 }
397 for (Iterator groups = groupset.iterator(); groups.hasNext();)
398 {
399 Group group = (Group) groups.next();
400 PermissionSet permissions = getPermissions(group);
401 if (permissions != null)
402 {
403 if (permissions.contains(permission))
404 {
405 return true;
406 }
407 }
408 }
409 return false;
410 }
411
412 /***
413 * Checks if the user is assigned a specific Permission in the global Group.
414 *
415 * @param permission the Permission
416 * @return <code>true</code> if the user is assigned the Permission in the global Group.
417 */
418 public boolean hasPermission(Permission permission)
419 {
420 return hasPermission(permission, TurbineSecurity.getGlobalGroup());
421 }
422
423 /***
424 * Checks if the user is assigned a specific Permission in the global Group.
425 *
426 * @param permission the Permission
427 * @return <code>true</code> if the user is assigned the Permission in the global Group.
428 */
429 public boolean hasPermission(String permission)
430 {
431 try
432 {
433 return hasPermission(TurbineSecurity.getPermissionByName(permission));
434 }
435 catch (Exception e)
436 {
437 return false;
438 }
439 }
440
441 /***
442 * Returns all groups definded in the system.
443 *
444 * This is useful for debugging, when you want to display all roles
445 * and permissions an user is assingned. This method is needed
446 * because you can't call static methods of TurbineSecurity class
447 * from within WebMacro/Velocity template
448 *
449 * @return A Group [] of all groups in the system.
450 */
451 public Group[] getAllGroups()
452 {
453 try
454 {
455 return TurbineSecurity.getAllGroups().getGroupsArray();
456 }
457 catch (TurbineSecurityException e)
458 {
459 return new Group[0];
460 }
461 }
462 }