1 package org.apache.turbine.util.security; 2 3 4 /* 5 * Licensed to the Apache Software Foundation (ASF) under one 6 * or more contributor license agreements. See the NOTICE file 7 * distributed with this work for additional information 8 * regarding copyright ownership. The ASF licenses this file 9 * to you under the Apache License, Version 2.0 (the 10 * "License"); you may not use this file except in compliance 11 * with the License. You may obtain a copy of the License at 12 * 13 * http://www.apache.org/licenses/LICENSE-2.0 14 * 15 * Unless required by applicable law or agreed to in writing, 16 * software distributed under the License is distributed on an 17 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 18 * KIND, either express or implied. See the License for the 19 * specific language governing permissions and limitations 20 * under the License. 21 */ 22 23 24 import java.util.Iterator; 25 import java.util.Map; 26 27 import org.apache.turbine.om.security.Group; 28 import org.apache.turbine.om.security.Permission; 29 import org.apache.turbine.om.security.Role; 30 import org.apache.turbine.services.security.TurbineSecurity; 31 32 /** 33 * This is a control class that makes it easy to find out if a 34 * particular User has a given Permission. It also determines if a 35 * User has a a particular Role. 36 * 37 * @author <a href="mailto:jmcnally@collab.net">John D. McNally</a> 38 * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a> 39 * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a> 40 * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a> 41 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> 42 * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a> 43 * @version $Id: TurbineAccessControlList.java 1096130 2011-04-23 10:37:19Z ludwig $ 44 */ 45 public class TurbineAccessControlList 46 implements AccessControlList 47 { 48 /** The sets of roles that the user has in different groups */ 49 private Map roleSets; 50 51 /** The sets of permissions that the user has in different groups */ 52 private Map permissionSets; 53 54 /** The name of this ACL. Needed for the SecurityEntity Interface */ 55 private String name; 56 57 /** 58 * Constructs a new AccessControlList. 59 * 60 * This class follows 'immutable' pattern - it's objects can't be modified 61 * once they are created. This means that the permissions the users have are 62 * in effect form the moment they log in to the moment they log out, and 63 * changes made to the security settings in that time are not reflected 64 * in the state of this object. If you need to reset an user's permissions 65 * you need to invalidate his session. <br> 66 * The objects that constructs an AccessControlList must supply hashtables 67 * of role/permission sets keyed with group objects. <br> 68 * 69 * @param roleSets a hashtable containing RoleSet objects keyed with Group objects 70 * @param permissionSets a hashtable containing PermissionSet objects keyed with Group objects 71 */ 72 public TurbineAccessControlList(Map roleSets, Map permissionSets) 73 { 74 this.roleSets = roleSets; 75 this.permissionSets = permissionSets; 76 } 77 78 /** 79 * Returns the name of this ACL. 80 * 81 * @return The ACL Name 82 * 83 */ 84 public String getName() 85 { 86 return this.name; 87 } 88 89 /** 90 * Sets the name of this ACL. 91 * 92 * @param name The new ACL name. 93 * 94 */ 95 public void setName(String name) 96 { 97 this.name = name; 98 } 99 100 /** 101 * Retrieves a set of Roles an user is assigned in a Group. 102 * 103 * @param group the Group 104 * @return the set of Roles this user has within the Group. 105 */ 106 public RoleSet getRoles(Group group) 107 { 108 if (group == null) 109 { 110 return null; 111 } 112 return (RoleSet) roleSets.get(group); 113 } 114 115 /** 116 * Retrieves a set of Roles an user is assigned in the global Group. 117 * 118 * @return the set of Roles this user has within the global Group. 119 */ 120 public RoleSet getRoles() 121 { 122 return getRoles(TurbineSecurity.getGlobalGroup()); 123 } 124 125 /** 126 * Retrieves a set of Permissions an user is assigned in a Group. 127 * 128 * @param group the Group 129 * @return the set of Permissions this user has within the Group. 130 */ 131 public PermissionSet getPermissions(Group group) 132 { 133 if (group == null) 134 { 135 return null; 136 } 137 return (PermissionSet) permissionSets.get(group); 138 } 139 140 /** 141 * Retrieves a set of Permissions an user is assigned in the global Group. 142 * 143 * @return the set of Permissions this user has within the global Group. 144 */ 145 public PermissionSet getPermissions() 146 { 147 return getPermissions(TurbineSecurity.getGlobalGroup()); 148 } 149 150 /** 151 * Checks if the user is assigned a specific Role in the Group. 152 * 153 * @param role the Role 154 * @param group the Group 155 * @return <code>true</code> if the user is assigned the Role in the Group. 156 */ 157 public boolean hasRole(Role role, Group group) 158 { 159 RoleSet set = getRoles(group); 160 if (set == null || role == null) 161 { 162 return false; 163 } 164 return set.contains(role); 165 } 166 167 /** 168 * Checks if the user is assigned a specific Role in any of the given 169 * Groups 170 * 171 * @param role the Role 172 * @param groupset a Groupset 173 * @return <code>true</code> if the user is assigned the Role in any of 174 * the given Groups. 175 */ 176 public boolean hasRole(Role role, GroupSet groupset) 177 { 178 if (role == null) 179 { 180 return false; 181 } 182 for (Iterator groups = groupset.iterator(); groups.hasNext();) 183 { 184 Group group = (Group) groups.next(); 185 RoleSet roles = getRoles(group); 186 if (roles != null) 187 { 188 if (roles.contains(role)) 189 { 190 return true; 191 } 192 } 193 } 194 return false; 195 } 196 197 /** 198 * Checks if the user is assigned a specific Role in the Group. 199 * 200 * @param role the Role 201 * @param group the Group 202 * @return <code>true</code> if the user is assigned the Role in the Group. 203 */ 204 public boolean hasRole(String role, String group) 205 { 206 try 207 { 208 return hasRole(TurbineSecurity.getRoleByName(role), 209 TurbineSecurity.getGroupByName(group)); 210 } 211 catch (Exception e) 212 { 213 return false; 214 } 215 } 216 217 /** 218 * Checks if the user is assigned a specifie Role in any of the given 219 * Groups 220 * 221 * @param rolename the name of the Role 222 * @param groupset a Groupset 223 * @return <code>true</code> if the user is assigned the Role in any of 224 * the given Groups. 225 */ 226 public boolean hasRole(String rolename, GroupSet groupset) 227 { 228 Role role; 229 try 230 { 231 role = TurbineSecurity.getRoleByName(rolename); 232 } 233 catch (TurbineSecurityException e) 234 { 235 return false; 236 } 237 if (role == null) 238 { 239 return false; 240 } 241 for (Iterator groups = groupset.iterator(); groups.hasNext();) 242 { 243 Group group = (Group) groups.next(); 244 RoleSet roles = getRoles(group); 245 if (roles != null) 246 { 247 if (roles.contains(role)) 248 { 249 return true; 250 } 251 } 252 } 253 return false; 254 } 255 256 /** 257 * Checks if the user is assigned a specific Role in the global Group. 258 * 259 * @param role the Role 260 * @return <code>true</code> if the user is assigned the Role in the global Group. 261 */ 262 public boolean hasRole(Role role) 263 { 264 return hasRole(role, TurbineSecurity.getGlobalGroup()); 265 } 266 267 /** 268 * Checks if the user is assigned a specific Role in the global Group. 269 * 270 * @param role the Role 271 * @return <code>true</code> if the user is assigned the Role in the global Group. 272 */ 273 public boolean hasRole(String role) 274 { 275 try 276 { 277 return hasRole(TurbineSecurity.getRoleByName(role)); 278 } 279 catch (Exception e) 280 { 281 return false; 282 } 283 } 284 285 /** 286 * Checks if the user is assigned a specific Permission in the Group. 287 * 288 * @param permission the Permission 289 * @param group the Group 290 * @return <code>true</code> if the user is assigned the Permission in the Group. 291 */ 292 public boolean hasPermission(Permission permission, Group group) 293 { 294 PermissionSet set = getPermissions(group); 295 if (set == null || permission == null) 296 { 297 return false; 298 } 299 return set.contains(permission); 300 } 301 302 /** 303 * Checks if the user is assigned a specific Permission in any of the given 304 * Groups 305 * 306 * @param permission the Permission 307 * @param groupset a Groupset 308 * @return <code>true</code> if the user is assigned the Permission in any 309 * of the given Groups. 310 */ 311 public boolean hasPermission(Permission permission, GroupSet groupset) 312 { 313 if (permission == null) 314 { 315 return false; 316 } 317 for (Iterator groups = groupset.iterator(); groups.hasNext();) 318 { 319 Group group = (Group) groups.next(); 320 PermissionSet permissions = getPermissions(group); 321 if (permissions != null) 322 { 323 if (permissions.contains(permission)) 324 { 325 return true; 326 } 327 } 328 } 329 return false; 330 } 331 332 /** 333 * Checks if the user is assigned a specific Permission in the Group. 334 * 335 * @param permission the Permission 336 * @param group the Group 337 * @return <code>true</code> if the user is assigned the Permission in the Group. 338 */ 339 public boolean hasPermission(String permission, String group) 340 { 341 try 342 { 343 return hasPermission(TurbineSecurity.getPermissionByName(permission), 344 TurbineSecurity.getGroupByName(group)); 345 } 346 catch (Exception e) 347 { 348 return false; 349 } 350 } 351 352 /** 353 * Checks if the user is assigned a specific Permission in the Group. 354 * 355 * @param permission the Permission 356 * @param group the Group 357 * @return <code>true</code> if the user is assigned the Permission in the Group. 358 */ 359 public boolean hasPermission(String permission, Group group) 360 { 361 try 362 { 363 return hasPermission( 364 TurbineSecurity.getPermissionByName(permission), group); 365 } 366 catch (Exception e) 367 { 368 return false; 369 } 370 } 371 372 /** 373 * Checks if the user is assigned a specifie Permission in any of the given 374 * Groups 375 * 376 * @param permissionName the name of the Permission 377 * @param groupset a Groupset 378 * @return <code>true</code> if the user is assigned the Permission in any 379 * of the given Groups. 380 */ 381 public boolean hasPermission(String permissionName, GroupSet groupset) 382 { 383 Permission permission; 384 try 385 { 386 permission = TurbineSecurity.getPermissionByName(permissionName); 387 } 388 catch (TurbineSecurityException e) 389 { 390 return false; 391 } 392 if (permission == null) 393 { 394 return false; 395 } 396 for (Iterator groups = groupset.iterator(); groups.hasNext();) 397 { 398 Group group = (Group) groups.next(); 399 PermissionSet permissions = getPermissions(group); 400 if (permissions != null) 401 { 402 if (permissions.contains(permission)) 403 { 404 return true; 405 } 406 } 407 } 408 return false; 409 } 410 411 /** 412 * Checks if the user is assigned a specific Permission in the global Group. 413 * 414 * @param permission the Permission 415 * @return <code>true</code> if the user is assigned the Permission in the global Group. 416 */ 417 public boolean hasPermission(Permission permission) 418 { 419 return hasPermission(permission, TurbineSecurity.getGlobalGroup()); 420 } 421 422 /** 423 * Checks if the user is assigned a specific Permission in the global Group. 424 * 425 * @param permission the Permission 426 * @return <code>true</code> if the user is assigned the Permission in the global Group. 427 */ 428 public boolean hasPermission(String permission) 429 { 430 try 431 { 432 return hasPermission(TurbineSecurity.getPermissionByName(permission)); 433 } 434 catch (Exception e) 435 { 436 return false; 437 } 438 } 439 440 /** 441 * Returns all groups definded in the system. 442 * 443 * This is useful for debugging, when you want to display all roles 444 * and permissions an user is assingned. This method is needed 445 * because you can't call static methods of TurbineSecurity class 446 * from within WebMacro/Velocity template 447 * 448 * @return A Group [] of all groups in the system. 449 */ 450 public Group[] getAllGroups() 451 { 452 try 453 { 454 return TurbineSecurity.getAllGroups().getGroupsArray(); 455 } 456 catch (TurbineSecurityException e) 457 { 458 return new Group[0]; 459 } 460 } 461 }