1 package org.apache.turbine.util;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24 import org.apache.turbine.om.security.Permission;
25 import org.apache.turbine.om.security.Role;
26 import org.apache.turbine.services.security.TurbineSecurity;
27 import org.apache.turbine.util.security.RoleSet;
28 import org.apache.turbine.util.security.UnknownEntityException;
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46 public class SecurityCheck
47 {
48 private String message;
49
50 private String failScreen;
51
52 private RunData data = null;
53
54
55
56
57
58 private boolean initialize;
59
60
61
62
63
64
65
66
67 public SecurityCheck(RunData data,
68 String message,
69 String failedScreen)
70 {
71 this(data, message, failedScreen, false);
72 }
73
74
75
76
77
78
79
80
81
82
83
84
85
86 public SecurityCheck(RunData data, String message, String failedScreen, boolean initialize)
87 {
88 this.data = data;
89 this.message = message;
90 this.failScreen = failedScreen;
91 this.initialize = initialize;
92 }
93
94
95
96
97
98
99
100
101 public boolean hasRole(Role role)
102 throws Exception
103 {
104 boolean value = false;
105 if (data.getACL() == null ||
106 !data.getACL().hasRole(role))
107 {
108 data.setScreen(failScreen);
109 data.setMessage(message);
110 }
111 else
112 {
113 value = true;
114 }
115 return value;
116 }
117
118
119
120
121
122
123
124
125
126
127 public boolean hasRole(String role) throws Exception
128 {
129 Role roleObject = null;
130 try
131 {
132 roleObject = TurbineSecurity.getRoleByName(role);
133 }
134 catch (UnknownEntityException e)
135 {
136 if(initialize)
137 {
138 roleObject = TurbineSecurity.createRole(role);
139 TurbineSecurity.grant(data.getUser(), TurbineSecurity.getGlobalGroup(), roleObject);
140 }
141 else
142 {
143 throw(e);
144 }
145 }
146 return hasRole(TurbineSecurity.getRoleByName(role));
147 }
148
149
150
151
152
153
154
155
156 public boolean hasPermission(Permission permission)
157 throws Exception
158 {
159 boolean value = false;
160 if (data.getACL() == null ||
161 !data.getACL().hasPermission(permission))
162 {
163 data.setScreen(failScreen);
164 data.setMessage(message);
165 }
166 else
167 {
168 value = true;
169 }
170 return value;
171 }
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187 public boolean hasPermission(String permission)
188 throws Exception
189 {
190 Permission permissionObject = null;
191 try
192 {
193 permissionObject = TurbineSecurity.getPermissionByName(permission);
194 }
195 catch (UnknownEntityException e)
196 {
197 if(initialize)
198 {
199 permissionObject = TurbineSecurity.createPermission(permission);
200
201 Role role = null;
202 RoleSet roles = data.getACL().getRoles();
203 if(roles.size() > 0) role = roles.getRolesArray()[0];
204
205 if(role == null)
206 {
207
208
209
210
211 roles = TurbineSecurity.getAllRoles();
212 if(roles.size() > 0) role = roles.getRolesArray()[0];
213 }
214
215 if(role != null)
216 {
217
218
219
220
221 TurbineSecurity.grant(data.getACL().getRoles().getRolesArray()[0], permissionObject);
222 }
223 }
224 else
225 {
226 throw(e);
227 }
228 }
229 return hasPermission(permissionObject);
230 }
231
232
233
234
235
236
237
238 public String getMessage()
239 {
240 return message;
241 }
242
243
244
245
246
247
248
249 public String getFailScreen()
250 {
251 return failScreen;
252 }
253 }