001 package org.apache.turbine.util.security;
002
003
004 /*
005 * Licensed to the Apache Software Foundation (ASF) under one
006 * or more contributor license agreements. See the NOTICE file
007 * distributed with this work for additional information
008 * regarding copyright ownership. The ASF licenses this file
009 * to you under the Apache License, Version 2.0 (the
010 * "License"); you may not use this file except in compliance
011 * with the License. You may obtain a copy of the License at
012 *
013 * http://www.apache.org/licenses/LICENSE-2.0
014 *
015 * Unless required by applicable law or agreed to in writing,
016 * software distributed under the License is distributed on an
017 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
018 * KIND, either express or implied. See the License for the
019 * specific language governing permissions and limitations
020 * under the License.
021 */
022
023
024 import java.util.Iterator;
025 import java.util.Map;
026
027 import org.apache.turbine.om.security.Group;
028 import org.apache.turbine.om.security.Permission;
029 import org.apache.turbine.om.security.Role;
030 import org.apache.turbine.services.security.TurbineSecurity;
031
032 /**
033 * This is a control class that makes it easy to find out if a
034 * particular User has a given Permission. It also determines if a
035 * User has a a particular Role.
036 *
037 * @author <a href="mailto:jmcnally@collab.net">John D. McNally</a>
038 * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
039 * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a>
040 * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
041 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
042 * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a>
043 * @version $Id: TurbineAccessControlList.java 1096130 2011-04-23 10:37:19Z ludwig $
044 */
045 public class TurbineAccessControlList
046 implements AccessControlList
047 {
048 /** The sets of roles that the user has in different groups */
049 private Map roleSets;
050
051 /** The sets of permissions that the user has in different groups */
052 private Map permissionSets;
053
054 /** The name of this ACL. Needed for the SecurityEntity Interface */
055 private String name;
056
057 /**
058 * Constructs a new AccessControlList.
059 *
060 * This class follows 'immutable' pattern - it's objects can't be modified
061 * once they are created. This means that the permissions the users have are
062 * in effect form the moment they log in to the moment they log out, and
063 * changes made to the security settings in that time are not reflected
064 * in the state of this object. If you need to reset an user's permissions
065 * you need to invalidate his session. <br>
066 * The objects that constructs an AccessControlList must supply hashtables
067 * of role/permission sets keyed with group objects. <br>
068 *
069 * @param roleSets a hashtable containing RoleSet objects keyed with Group objects
070 * @param permissionSets a hashtable containing PermissionSet objects keyed with Group objects
071 */
072 public TurbineAccessControlList(Map roleSets, Map permissionSets)
073 {
074 this.roleSets = roleSets;
075 this.permissionSets = permissionSets;
076 }
077
078 /**
079 * Returns the name of this ACL.
080 *
081 * @return The ACL Name
082 *
083 */
084 public String getName()
085 {
086 return this.name;
087 }
088
089 /**
090 * Sets the name of this ACL.
091 *
092 * @param name The new ACL name.
093 *
094 */
095 public void setName(String name)
096 {
097 this.name = name;
098 }
099
100 /**
101 * Retrieves a set of Roles an user is assigned in a Group.
102 *
103 * @param group the Group
104 * @return the set of Roles this user has within the Group.
105 */
106 public RoleSet getRoles(Group group)
107 {
108 if (group == null)
109 {
110 return null;
111 }
112 return (RoleSet) roleSets.get(group);
113 }
114
115 /**
116 * Retrieves a set of Roles an user is assigned in the global Group.
117 *
118 * @return the set of Roles this user has within the global Group.
119 */
120 public RoleSet getRoles()
121 {
122 return getRoles(TurbineSecurity.getGlobalGroup());
123 }
124
125 /**
126 * Retrieves a set of Permissions an user is assigned in a Group.
127 *
128 * @param group the Group
129 * @return the set of Permissions this user has within the Group.
130 */
131 public PermissionSet getPermissions(Group group)
132 {
133 if (group == null)
134 {
135 return null;
136 }
137 return (PermissionSet) permissionSets.get(group);
138 }
139
140 /**
141 * Retrieves a set of Permissions an user is assigned in the global Group.
142 *
143 * @return the set of Permissions this user has within the global Group.
144 */
145 public PermissionSet getPermissions()
146 {
147 return getPermissions(TurbineSecurity.getGlobalGroup());
148 }
149
150 /**
151 * Checks if the user is assigned a specific Role in the Group.
152 *
153 * @param role the Role
154 * @param group the Group
155 * @return <code>true</code> if the user is assigned the Role in the Group.
156 */
157 public boolean hasRole(Role role, Group group)
158 {
159 RoleSet set = getRoles(group);
160 if (set == null || role == null)
161 {
162 return false;
163 }
164 return set.contains(role);
165 }
166
167 /**
168 * Checks if the user is assigned a specific Role in any of the given
169 * Groups
170 *
171 * @param role the Role
172 * @param groupset a Groupset
173 * @return <code>true</code> if the user is assigned the Role in any of
174 * the given Groups.
175 */
176 public boolean hasRole(Role role, GroupSet groupset)
177 {
178 if (role == null)
179 {
180 return false;
181 }
182 for (Iterator groups = groupset.iterator(); groups.hasNext();)
183 {
184 Group group = (Group) groups.next();
185 RoleSet roles = getRoles(group);
186 if (roles != null)
187 {
188 if (roles.contains(role))
189 {
190 return true;
191 }
192 }
193 }
194 return false;
195 }
196
197 /**
198 * Checks if the user is assigned a specific Role in the Group.
199 *
200 * @param role the Role
201 * @param group the Group
202 * @return <code>true</code> if the user is assigned the Role in the Group.
203 */
204 public boolean hasRole(String role, String group)
205 {
206 try
207 {
208 return hasRole(TurbineSecurity.getRoleByName(role),
209 TurbineSecurity.getGroupByName(group));
210 }
211 catch (Exception e)
212 {
213 return false;
214 }
215 }
216
217 /**
218 * Checks if the user is assigned a specifie Role in any of the given
219 * Groups
220 *
221 * @param rolename the name of the Role
222 * @param groupset a Groupset
223 * @return <code>true</code> if the user is assigned the Role in any of
224 * the given Groups.
225 */
226 public boolean hasRole(String rolename, GroupSet groupset)
227 {
228 Role role;
229 try
230 {
231 role = TurbineSecurity.getRoleByName(rolename);
232 }
233 catch (TurbineSecurityException e)
234 {
235 return false;
236 }
237 if (role == null)
238 {
239 return false;
240 }
241 for (Iterator groups = groupset.iterator(); groups.hasNext();)
242 {
243 Group group = (Group) groups.next();
244 RoleSet roles = getRoles(group);
245 if (roles != null)
246 {
247 if (roles.contains(role))
248 {
249 return true;
250 }
251 }
252 }
253 return false;
254 }
255
256 /**
257 * Checks if the user is assigned a specific Role in the global Group.
258 *
259 * @param role the Role
260 * @return <code>true</code> if the user is assigned the Role in the global Group.
261 */
262 public boolean hasRole(Role role)
263 {
264 return hasRole(role, TurbineSecurity.getGlobalGroup());
265 }
266
267 /**
268 * Checks if the user is assigned a specific Role in the global Group.
269 *
270 * @param role the Role
271 * @return <code>true</code> if the user is assigned the Role in the global Group.
272 */
273 public boolean hasRole(String role)
274 {
275 try
276 {
277 return hasRole(TurbineSecurity.getRoleByName(role));
278 }
279 catch (Exception e)
280 {
281 return false;
282 }
283 }
284
285 /**
286 * Checks if the user is assigned a specific Permission in the Group.
287 *
288 * @param permission the Permission
289 * @param group the Group
290 * @return <code>true</code> if the user is assigned the Permission in the Group.
291 */
292 public boolean hasPermission(Permission permission, Group group)
293 {
294 PermissionSet set = getPermissions(group);
295 if (set == null || permission == null)
296 {
297 return false;
298 }
299 return set.contains(permission);
300 }
301
302 /**
303 * Checks if the user is assigned a specific Permission in any of the given
304 * Groups
305 *
306 * @param permission the Permission
307 * @param groupset a Groupset
308 * @return <code>true</code> if the user is assigned the Permission in any
309 * of the given Groups.
310 */
311 public boolean hasPermission(Permission permission, GroupSet groupset)
312 {
313 if (permission == null)
314 {
315 return false;
316 }
317 for (Iterator groups = groupset.iterator(); groups.hasNext();)
318 {
319 Group group = (Group) groups.next();
320 PermissionSet permissions = getPermissions(group);
321 if (permissions != null)
322 {
323 if (permissions.contains(permission))
324 {
325 return true;
326 }
327 }
328 }
329 return false;
330 }
331
332 /**
333 * Checks if the user is assigned a specific Permission in the Group.
334 *
335 * @param permission the Permission
336 * @param group the Group
337 * @return <code>true</code> if the user is assigned the Permission in the Group.
338 */
339 public boolean hasPermission(String permission, String group)
340 {
341 try
342 {
343 return hasPermission(TurbineSecurity.getPermissionByName(permission),
344 TurbineSecurity.getGroupByName(group));
345 }
346 catch (Exception e)
347 {
348 return false;
349 }
350 }
351
352 /**
353 * Checks if the user is assigned a specific Permission in the Group.
354 *
355 * @param permission the Permission
356 * @param group the Group
357 * @return <code>true</code> if the user is assigned the Permission in the Group.
358 */
359 public boolean hasPermission(String permission, Group group)
360 {
361 try
362 {
363 return hasPermission(
364 TurbineSecurity.getPermissionByName(permission), group);
365 }
366 catch (Exception e)
367 {
368 return false;
369 }
370 }
371
372 /**
373 * Checks if the user is assigned a specifie Permission in any of the given
374 * Groups
375 *
376 * @param permissionName the name of the Permission
377 * @param groupset a Groupset
378 * @return <code>true</code> if the user is assigned the Permission in any
379 * of the given Groups.
380 */
381 public boolean hasPermission(String permissionName, GroupSet groupset)
382 {
383 Permission permission;
384 try
385 {
386 permission = TurbineSecurity.getPermissionByName(permissionName);
387 }
388 catch (TurbineSecurityException e)
389 {
390 return false;
391 }
392 if (permission == null)
393 {
394 return false;
395 }
396 for (Iterator groups = groupset.iterator(); groups.hasNext();)
397 {
398 Group group = (Group) groups.next();
399 PermissionSet permissions = getPermissions(group);
400 if (permissions != null)
401 {
402 if (permissions.contains(permission))
403 {
404 return true;
405 }
406 }
407 }
408 return false;
409 }
410
411 /**
412 * Checks if the user is assigned a specific Permission in the global Group.
413 *
414 * @param permission the Permission
415 * @return <code>true</code> if the user is assigned the Permission in the global Group.
416 */
417 public boolean hasPermission(Permission permission)
418 {
419 return hasPermission(permission, TurbineSecurity.getGlobalGroup());
420 }
421
422 /**
423 * Checks if the user is assigned a specific Permission in the global Group.
424 *
425 * @param permission the Permission
426 * @return <code>true</code> if the user is assigned the Permission in the global Group.
427 */
428 public boolean hasPermission(String permission)
429 {
430 try
431 {
432 return hasPermission(TurbineSecurity.getPermissionByName(permission));
433 }
434 catch (Exception e)
435 {
436 return false;
437 }
438 }
439
440 /**
441 * Returns all groups definded in the system.
442 *
443 * This is useful for debugging, when you want to display all roles
444 * and permissions an user is assingned. This method is needed
445 * because you can't call static methods of TurbineSecurity class
446 * from within WebMacro/Velocity template
447 *
448 * @return A Group [] of all groups in the system.
449 */
450 public Group[] getAllGroups()
451 {
452 try
453 {
454 return TurbineSecurity.getAllGroups().getGroupsArray();
455 }
456 catch (TurbineSecurityException e)
457 {
458 return new Group[0];
459 }
460 }
461 }