Coverage Report - org.apache.turbine.util.security.TurbineAccessControlList
 
Classes in this File Line Coverage Branch Coverage Complexity
TurbineAccessControlList
4%
4/91
0%
0/44
3,381
 
 1  
 package org.apache.turbine.util.security;
 2  
 
 3  
 
 4  
 /*
 5  
  * Licensed to the Apache Software Foundation (ASF) under one
 6  
  * or more contributor license agreements.  See the NOTICE file
 7  
  * distributed with this work for additional information
 8  
  * regarding copyright ownership.  The ASF licenses this file
 9  
  * to you under the Apache License, Version 2.0 (the
 10  
  * "License"); you may not use this file except in compliance
 11  
  * with the License.  You may obtain a copy of the License at
 12  
  *
 13  
  *   http://www.apache.org/licenses/LICENSE-2.0
 14  
  *
 15  
  * Unless required by applicable law or agreed to in writing,
 16  
  * software distributed under the License is distributed on an
 17  
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 18  
  * KIND, either express or implied.  See the License for the
 19  
  * specific language governing permissions and limitations
 20  
  * under the License.
 21  
  */
 22  
 
 23  
 
 24  
 import java.util.Iterator;
 25  
 import java.util.Map;
 26  
 
 27  
 import org.apache.turbine.om.security.Group;
 28  
 import org.apache.turbine.om.security.Permission;
 29  
 import org.apache.turbine.om.security.Role;
 30  
 import org.apache.turbine.services.security.TurbineSecurity;
 31  
 
 32  
 /**
 33  
  * This is a control class that makes it easy to find out if a
 34  
  * particular User has a given Permission.  It also determines if a
 35  
  * User has a a particular Role.
 36  
  *
 37  
  * @author <a href="mailto:jmcnally@collab.net">John D. McNally</a>
 38  
  * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
 39  
  * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a>
 40  
  * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
 41  
  * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
 42  
  * @author <a href="mailto:marco@intermeta.de">Marco Kn&uuml;ttel</a>
 43  
  * @version $Id: TurbineAccessControlList.java 1096130 2011-04-23 10:37:19Z ludwig $
 44  
  */
 45  
 public class TurbineAccessControlList
 46  
         implements AccessControlList
 47  
 {
 48  
     /** The sets of roles that the user has in different groups */
 49  
     private Map roleSets;
 50  
 
 51  
     /** The sets of permissions that the user has in different groups */
 52  
     private Map permissionSets;
 53  
 
 54  
     /** The name of this ACL. Needed for the SecurityEntity Interface */
 55  
     private String name;
 56  
 
 57  
     /**
 58  
      * Constructs a new AccessControlList.
 59  
      *
 60  
      * This class follows 'immutable' pattern - it's objects can't be modified
 61  
      * once they are created. This means that the permissions the users have are
 62  
      * in effect form the moment they log in to the moment they log out, and
 63  
      * changes made to the security settings in that time are not reflected
 64  
      * in the state of this object. If you need to reset an user's permissions
 65  
      * you need to invalidate his session. <br>
 66  
      * The objects that constructs an AccessControlList must supply hashtables
 67  
      * of role/permission sets keyed with group objects. <br>
 68  
      *
 69  
      * @param roleSets a hashtable containing RoleSet objects keyed with Group objects
 70  
      * @param permissionSets a hashtable containing PermissionSet objects keyed with Group objects
 71  
      */
 72  
     public TurbineAccessControlList(Map roleSets, Map permissionSets)
 73  4
     {
 74  4
         this.roleSets = roleSets;
 75  4
         this.permissionSets = permissionSets;
 76  4
     }
 77  
 
 78  
     /**
 79  
      * Returns the name of this ACL.
 80  
      *
 81  
      * @return The ACL Name
 82  
      *
 83  
      */
 84  
     public String getName()
 85  
     {
 86  0
         return this.name;
 87  
     }
 88  
 
 89  
     /**
 90  
      * Sets the name of this ACL.
 91  
      *
 92  
      * @param name The new ACL name.
 93  
      *
 94  
      */
 95  
     public void setName(String name)
 96  
     {
 97  0
         this.name = name;
 98  0
     }
 99  
 
 100  
     /**
 101  
      * Retrieves a set of Roles an user is assigned in a Group.
 102  
      *
 103  
      * @param group the Group
 104  
      * @return the set of Roles this user has within the Group.
 105  
      */
 106  
     public RoleSet getRoles(Group group)
 107  
     {
 108  0
         if (group == null)
 109  
         {
 110  0
             return null;
 111  
         }
 112  0
         return (RoleSet) roleSets.get(group);
 113  
     }
 114  
 
 115  
     /**
 116  
      * Retrieves a set of Roles an user is assigned in the global Group.
 117  
      *
 118  
      * @return the set of Roles this user has within the global Group.
 119  
      */
 120  
     public RoleSet getRoles()
 121  
     {
 122  0
         return getRoles(TurbineSecurity.getGlobalGroup());
 123  
     }
 124  
 
 125  
     /**
 126  
      * Retrieves a set of Permissions an user is assigned in a Group.
 127  
      *
 128  
      * @param group the Group
 129  
      * @return the set of Permissions this user has within the Group.
 130  
      */
 131  
     public PermissionSet getPermissions(Group group)
 132  
     {
 133  0
         if (group == null)
 134  
         {
 135  0
             return null;
 136  
         }
 137  0
         return (PermissionSet) permissionSets.get(group);
 138  
     }
 139  
 
 140  
     /**
 141  
      * Retrieves a set of Permissions an user is assigned in the global Group.
 142  
      *
 143  
      * @return the set of Permissions this user has within the global Group.
 144  
      */
 145  
     public PermissionSet getPermissions()
 146  
     {
 147  0
         return getPermissions(TurbineSecurity.getGlobalGroup());
 148  
     }
 149  
 
 150  
     /**
 151  
      * Checks if the user is assigned a specific Role in the Group.
 152  
      *
 153  
      * @param role the Role
 154  
      * @param group the Group
 155  
      * @return <code>true</code> if the user is assigned the Role in the Group.
 156  
      */
 157  
     public boolean hasRole(Role role, Group group)
 158  
     {
 159  0
         RoleSet set = getRoles(group);
 160  0
         if (set == null || role == null)
 161  
         {
 162  0
             return false;
 163  
         }
 164  0
         return set.contains(role);
 165  
     }
 166  
 
 167  
     /**
 168  
      * Checks if the user is assigned a specific Role in any of the given
 169  
      * Groups
 170  
      *
 171  
      * @param role the Role
 172  
      * @param groupset a Groupset
 173  
      * @return <code>true</code> if the user is assigned the Role in any of
 174  
      *         the given Groups.
 175  
      */
 176  
     public boolean hasRole(Role role, GroupSet groupset)
 177  
     {
 178  0
         if (role == null)
 179  
         {
 180  0
             return false;
 181  
         }
 182  0
         for (Iterator groups = groupset.iterator(); groups.hasNext();)
 183  
         {
 184  0
             Group group = (Group) groups.next();
 185  0
             RoleSet roles = getRoles(group);
 186  0
             if (roles != null)
 187  
             {
 188  0
                 if (roles.contains(role))
 189  
                 {
 190  0
                     return true;
 191  
                 }
 192  
             }
 193  0
         }
 194  0
         return false;
 195  
     }
 196  
 
 197  
     /**
 198  
      * Checks if the user is assigned a specific Role in the Group.
 199  
      *
 200  
      * @param role the Role
 201  
      * @param group the Group
 202  
      * @return <code>true</code> if the user is assigned the Role in the Group.
 203  
      */
 204  
     public boolean hasRole(String role, String group)
 205  
     {
 206  
         try
 207  
         {
 208  0
             return hasRole(TurbineSecurity.getRoleByName(role),
 209  
                     TurbineSecurity.getGroupByName(group));
 210  
         }
 211  0
         catch (Exception e)
 212  
         {
 213  0
             return false;
 214  
         }
 215  
     }
 216  
 
 217  
     /**
 218  
      * Checks if the user is assigned a specifie Role in any of the given
 219  
      * Groups
 220  
      *
 221  
      * @param rolename the name of the Role
 222  
      * @param groupset a Groupset
 223  
      * @return <code>true</code> if the user is assigned the Role in any of
 224  
      *         the given Groups.
 225  
      */
 226  
     public boolean hasRole(String rolename, GroupSet groupset)
 227  
     {
 228  
         Role role;
 229  
         try
 230  
         {
 231  0
             role = TurbineSecurity.getRoleByName(rolename);
 232  
         }
 233  0
         catch (TurbineSecurityException e)
 234  
         {
 235  0
             return false;
 236  0
         }
 237  0
         if (role == null)
 238  
         {
 239  0
             return false;
 240  
         }
 241  0
         for (Iterator groups = groupset.iterator(); groups.hasNext();)
 242  
         {
 243  0
             Group group = (Group) groups.next();
 244  0
             RoleSet roles = getRoles(group);
 245  0
             if (roles != null)
 246  
             {
 247  0
                 if (roles.contains(role))
 248  
                 {
 249  0
                     return true;
 250  
                 }
 251  
             }
 252  0
         }
 253  0
         return false;
 254  
     }
 255  
 
 256  
     /**
 257  
      * Checks if the user is assigned a specific Role in the global Group.
 258  
      *
 259  
      * @param role the Role
 260  
      * @return <code>true</code> if the user is assigned the Role in the global Group.
 261  
      */
 262  
     public boolean hasRole(Role role)
 263  
     {
 264  0
         return hasRole(role, TurbineSecurity.getGlobalGroup());
 265  
     }
 266  
 
 267  
     /**
 268  
      * Checks if the user is assigned a specific Role in the global Group.
 269  
      *
 270  
      * @param role the Role
 271  
      * @return <code>true</code> if the user is assigned the Role in the global Group.
 272  
      */
 273  
     public boolean hasRole(String role)
 274  
     {
 275  
         try
 276  
         {
 277  0
             return hasRole(TurbineSecurity.getRoleByName(role));
 278  
         }
 279  0
         catch (Exception e)
 280  
         {
 281  0
             return false;
 282  
         }
 283  
     }
 284  
 
 285  
     /**
 286  
      * Checks if the user is assigned a specific Permission in the Group.
 287  
      *
 288  
      * @param permission the Permission
 289  
      * @param group the Group
 290  
      * @return <code>true</code> if the user is assigned the Permission in the Group.
 291  
      */
 292  
     public boolean hasPermission(Permission permission, Group group)
 293  
     {
 294  0
         PermissionSet set = getPermissions(group);
 295  0
         if (set == null || permission == null)
 296  
         {
 297  0
             return false;
 298  
         }
 299  0
         return set.contains(permission);
 300  
     }
 301  
 
 302  
     /**
 303  
      * Checks if the user is assigned a specific Permission in any of the given
 304  
      * Groups
 305  
      *
 306  
      * @param permission the Permission
 307  
      * @param groupset a Groupset
 308  
      * @return <code>true</code> if the user is assigned the Permission in any
 309  
      *         of the given Groups.
 310  
      */
 311  
     public boolean hasPermission(Permission permission, GroupSet groupset)
 312  
     {
 313  0
         if (permission == null)
 314  
         {
 315  0
             return false;
 316  
         }
 317  0
         for (Iterator groups = groupset.iterator(); groups.hasNext();)
 318  
         {
 319  0
             Group group = (Group) groups.next();
 320  0
             PermissionSet permissions = getPermissions(group);
 321  0
             if (permissions != null)
 322  
             {
 323  0
                 if (permissions.contains(permission))
 324  
                 {
 325  0
                     return true;
 326  
                 }
 327  
             }
 328  0
         }
 329  0
         return false;
 330  
     }
 331  
 
 332  
     /**
 333  
      * Checks if the user is assigned a specific Permission in the Group.
 334  
      *
 335  
      * @param permission the Permission
 336  
      * @param group the Group
 337  
      * @return <code>true</code> if the user is assigned the Permission in the Group.
 338  
      */
 339  
     public boolean hasPermission(String permission, String group)
 340  
     {
 341  
         try
 342  
         {
 343  0
             return hasPermission(TurbineSecurity.getPermissionByName(permission),
 344  
                     TurbineSecurity.getGroupByName(group));
 345  
         }
 346  0
         catch (Exception e)
 347  
         {
 348  0
             return false;
 349  
         }
 350  
     }
 351  
 
 352  
     /**
 353  
      * Checks if the user is assigned a specific Permission in the Group.
 354  
      *
 355  
      * @param permission the Permission
 356  
      * @param group the Group
 357  
      * @return <code>true</code> if the user is assigned the Permission in the Group.
 358  
      */
 359  
     public boolean hasPermission(String permission, Group group)
 360  
     {
 361  
         try
 362  
         {
 363  0
             return hasPermission(
 364  
                     TurbineSecurity.getPermissionByName(permission), group);
 365  
         }
 366  0
         catch (Exception e)
 367  
         {
 368  0
             return false;
 369  
         }
 370  
     }
 371  
 
 372  
     /**
 373  
      * Checks if the user is assigned a specifie Permission in any of the given
 374  
      * Groups
 375  
      *
 376  
      * @param permissionName the name of the Permission
 377  
      * @param groupset a Groupset
 378  
      * @return <code>true</code> if the user is assigned the Permission in any
 379  
      *         of the given Groups.
 380  
      */
 381  
     public boolean hasPermission(String permissionName, GroupSet groupset)
 382  
     {
 383  
         Permission permission;
 384  
         try
 385  
         {
 386  0
             permission = TurbineSecurity.getPermissionByName(permissionName);
 387  
         }
 388  0
         catch (TurbineSecurityException e)
 389  
         {
 390  0
             return false;
 391  0
         }
 392  0
         if (permission == null)
 393  
         {
 394  0
             return false;
 395  
         }
 396  0
         for (Iterator groups = groupset.iterator(); groups.hasNext();)
 397  
         {
 398  0
             Group group = (Group) groups.next();
 399  0
             PermissionSet permissions = getPermissions(group);
 400  0
             if (permissions != null)
 401  
             {
 402  0
                 if (permissions.contains(permission))
 403  
                 {
 404  0
                     return true;
 405  
                 }
 406  
             }
 407  0
         }
 408  0
         return false;
 409  
     }
 410  
 
 411  
     /**
 412  
      * Checks if the user is assigned a specific Permission in the global Group.
 413  
      *
 414  
      * @param permission the Permission
 415  
      * @return <code>true</code> if the user is assigned the Permission in the global Group.
 416  
      */
 417  
     public boolean hasPermission(Permission permission)
 418  
     {
 419  0
         return hasPermission(permission, TurbineSecurity.getGlobalGroup());
 420  
     }
 421  
 
 422  
     /**
 423  
      * Checks if the user is assigned a specific Permission in the global Group.
 424  
      *
 425  
      * @param permission the Permission
 426  
      * @return <code>true</code> if the user is assigned the Permission in the global Group.
 427  
      */
 428  
     public boolean hasPermission(String permission)
 429  
     {
 430  
         try
 431  
         {
 432  0
             return hasPermission(TurbineSecurity.getPermissionByName(permission));
 433  
         }
 434  0
         catch (Exception e)
 435  
         {
 436  0
             return false;
 437  
         }
 438  
     }
 439  
 
 440  
     /**
 441  
      * Returns all groups definded in the system.
 442  
      *
 443  
      * This is useful for debugging, when you want to display all roles
 444  
      * and permissions an user is assingned. This method is needed
 445  
      * because you can't call static methods of TurbineSecurity class
 446  
      * from within WebMacro/Velocity template
 447  
      *
 448  
      * @return A Group [] of all groups in the system.
 449  
      */
 450  
     public Group[] getAllGroups()
 451  
     {
 452  
         try
 453  
         {
 454  0
             return TurbineSecurity.getAllGroups().getGroupsArray();
 455  
         }
 456  0
         catch (TurbineSecurityException e)
 457  
         {
 458  0
             return new Group[0];
 459  
         }
 460  
     }
 461  
 }