001 package org.apache.turbine.util.security; 002 003 004 /* 005 * Licensed to the Apache Software Foundation (ASF) under one 006 * or more contributor license agreements. See the NOTICE file 007 * distributed with this work for additional information 008 * regarding copyright ownership. The ASF licenses this file 009 * to you under the Apache License, Version 2.0 (the 010 * "License"); you may not use this file except in compliance 011 * with the License. You may obtain a copy of the License at 012 * 013 * http://www.apache.org/licenses/LICENSE-2.0 014 * 015 * Unless required by applicable law or agreed to in writing, 016 * software distributed under the License is distributed on an 017 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 018 * KIND, either express or implied. See the License for the 019 * specific language governing permissions and limitations 020 * under the License. 021 */ 022 023 024 import java.util.Iterator; 025 import java.util.Map; 026 027 import org.apache.turbine.om.security.Group; 028 import org.apache.turbine.om.security.Permission; 029 import org.apache.turbine.om.security.Role; 030 import org.apache.turbine.services.security.TurbineSecurity; 031 032 /** 033 * This is a control class that makes it easy to find out if a 034 * particular User has a given Permission. It also determines if a 035 * User has a a particular Role. 036 * 037 * @author <a href="mailto:jmcnally@collab.net">John D. McNally</a> 038 * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a> 039 * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a> 040 * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a> 041 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> 042 * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a> 043 * @version $Id: TurbineAccessControlList.java 1096130 2011-04-23 10:37:19Z ludwig $ 044 */ 045 public class TurbineAccessControlList 046 implements AccessControlList 047 { 048 /** The sets of roles that the user has in different groups */ 049 private Map roleSets; 050 051 /** The sets of permissions that the user has in different groups */ 052 private Map permissionSets; 053 054 /** The name of this ACL. Needed for the SecurityEntity Interface */ 055 private String name; 056 057 /** 058 * Constructs a new AccessControlList. 059 * 060 * This class follows 'immutable' pattern - it's objects can't be modified 061 * once they are created. This means that the permissions the users have are 062 * in effect form the moment they log in to the moment they log out, and 063 * changes made to the security settings in that time are not reflected 064 * in the state of this object. If you need to reset an user's permissions 065 * you need to invalidate his session. <br> 066 * The objects that constructs an AccessControlList must supply hashtables 067 * of role/permission sets keyed with group objects. <br> 068 * 069 * @param roleSets a hashtable containing RoleSet objects keyed with Group objects 070 * @param permissionSets a hashtable containing PermissionSet objects keyed with Group objects 071 */ 072 public TurbineAccessControlList(Map roleSets, Map permissionSets) 073 { 074 this.roleSets = roleSets; 075 this.permissionSets = permissionSets; 076 } 077 078 /** 079 * Returns the name of this ACL. 080 * 081 * @return The ACL Name 082 * 083 */ 084 public String getName() 085 { 086 return this.name; 087 } 088 089 /** 090 * Sets the name of this ACL. 091 * 092 * @param name The new ACL name. 093 * 094 */ 095 public void setName(String name) 096 { 097 this.name = name; 098 } 099 100 /** 101 * Retrieves a set of Roles an user is assigned in a Group. 102 * 103 * @param group the Group 104 * @return the set of Roles this user has within the Group. 105 */ 106 public RoleSet getRoles(Group group) 107 { 108 if (group == null) 109 { 110 return null; 111 } 112 return (RoleSet) roleSets.get(group); 113 } 114 115 /** 116 * Retrieves a set of Roles an user is assigned in the global Group. 117 * 118 * @return the set of Roles this user has within the global Group. 119 */ 120 public RoleSet getRoles() 121 { 122 return getRoles(TurbineSecurity.getGlobalGroup()); 123 } 124 125 /** 126 * Retrieves a set of Permissions an user is assigned in a Group. 127 * 128 * @param group the Group 129 * @return the set of Permissions this user has within the Group. 130 */ 131 public PermissionSet getPermissions(Group group) 132 { 133 if (group == null) 134 { 135 return null; 136 } 137 return (PermissionSet) permissionSets.get(group); 138 } 139 140 /** 141 * Retrieves a set of Permissions an user is assigned in the global Group. 142 * 143 * @return the set of Permissions this user has within the global Group. 144 */ 145 public PermissionSet getPermissions() 146 { 147 return getPermissions(TurbineSecurity.getGlobalGroup()); 148 } 149 150 /** 151 * Checks if the user is assigned a specific Role in the Group. 152 * 153 * @param role the Role 154 * @param group the Group 155 * @return <code>true</code> if the user is assigned the Role in the Group. 156 */ 157 public boolean hasRole(Role role, Group group) 158 { 159 RoleSet set = getRoles(group); 160 if (set == null || role == null) 161 { 162 return false; 163 } 164 return set.contains(role); 165 } 166 167 /** 168 * Checks if the user is assigned a specific Role in any of the given 169 * Groups 170 * 171 * @param role the Role 172 * @param groupset a Groupset 173 * @return <code>true</code> if the user is assigned the Role in any of 174 * the given Groups. 175 */ 176 public boolean hasRole(Role role, GroupSet groupset) 177 { 178 if (role == null) 179 { 180 return false; 181 } 182 for (Iterator groups = groupset.iterator(); groups.hasNext();) 183 { 184 Group group = (Group) groups.next(); 185 RoleSet roles = getRoles(group); 186 if (roles != null) 187 { 188 if (roles.contains(role)) 189 { 190 return true; 191 } 192 } 193 } 194 return false; 195 } 196 197 /** 198 * Checks if the user is assigned a specific Role in the Group. 199 * 200 * @param role the Role 201 * @param group the Group 202 * @return <code>true</code> if the user is assigned the Role in the Group. 203 */ 204 public boolean hasRole(String role, String group) 205 { 206 try 207 { 208 return hasRole(TurbineSecurity.getRoleByName(role), 209 TurbineSecurity.getGroupByName(group)); 210 } 211 catch (Exception e) 212 { 213 return false; 214 } 215 } 216 217 /** 218 * Checks if the user is assigned a specifie Role in any of the given 219 * Groups 220 * 221 * @param rolename the name of the Role 222 * @param groupset a Groupset 223 * @return <code>true</code> if the user is assigned the Role in any of 224 * the given Groups. 225 */ 226 public boolean hasRole(String rolename, GroupSet groupset) 227 { 228 Role role; 229 try 230 { 231 role = TurbineSecurity.getRoleByName(rolename); 232 } 233 catch (TurbineSecurityException e) 234 { 235 return false; 236 } 237 if (role == null) 238 { 239 return false; 240 } 241 for (Iterator groups = groupset.iterator(); groups.hasNext();) 242 { 243 Group group = (Group) groups.next(); 244 RoleSet roles = getRoles(group); 245 if (roles != null) 246 { 247 if (roles.contains(role)) 248 { 249 return true; 250 } 251 } 252 } 253 return false; 254 } 255 256 /** 257 * Checks if the user is assigned a specific Role in the global Group. 258 * 259 * @param role the Role 260 * @return <code>true</code> if the user is assigned the Role in the global Group. 261 */ 262 public boolean hasRole(Role role) 263 { 264 return hasRole(role, TurbineSecurity.getGlobalGroup()); 265 } 266 267 /** 268 * Checks if the user is assigned a specific Role in the global Group. 269 * 270 * @param role the Role 271 * @return <code>true</code> if the user is assigned the Role in the global Group. 272 */ 273 public boolean hasRole(String role) 274 { 275 try 276 { 277 return hasRole(TurbineSecurity.getRoleByName(role)); 278 } 279 catch (Exception e) 280 { 281 return false; 282 } 283 } 284 285 /** 286 * Checks if the user is assigned a specific Permission in the Group. 287 * 288 * @param permission the Permission 289 * @param group the Group 290 * @return <code>true</code> if the user is assigned the Permission in the Group. 291 */ 292 public boolean hasPermission(Permission permission, Group group) 293 { 294 PermissionSet set = getPermissions(group); 295 if (set == null || permission == null) 296 { 297 return false; 298 } 299 return set.contains(permission); 300 } 301 302 /** 303 * Checks if the user is assigned a specific Permission in any of the given 304 * Groups 305 * 306 * @param permission the Permission 307 * @param groupset a Groupset 308 * @return <code>true</code> if the user is assigned the Permission in any 309 * of the given Groups. 310 */ 311 public boolean hasPermission(Permission permission, GroupSet groupset) 312 { 313 if (permission == null) 314 { 315 return false; 316 } 317 for (Iterator groups = groupset.iterator(); groups.hasNext();) 318 { 319 Group group = (Group) groups.next(); 320 PermissionSet permissions = getPermissions(group); 321 if (permissions != null) 322 { 323 if (permissions.contains(permission)) 324 { 325 return true; 326 } 327 } 328 } 329 return false; 330 } 331 332 /** 333 * Checks if the user is assigned a specific Permission in the Group. 334 * 335 * @param permission the Permission 336 * @param group the Group 337 * @return <code>true</code> if the user is assigned the Permission in the Group. 338 */ 339 public boolean hasPermission(String permission, String group) 340 { 341 try 342 { 343 return hasPermission(TurbineSecurity.getPermissionByName(permission), 344 TurbineSecurity.getGroupByName(group)); 345 } 346 catch (Exception e) 347 { 348 return false; 349 } 350 } 351 352 /** 353 * Checks if the user is assigned a specific Permission in the Group. 354 * 355 * @param permission the Permission 356 * @param group the Group 357 * @return <code>true</code> if the user is assigned the Permission in the Group. 358 */ 359 public boolean hasPermission(String permission, Group group) 360 { 361 try 362 { 363 return hasPermission( 364 TurbineSecurity.getPermissionByName(permission), group); 365 } 366 catch (Exception e) 367 { 368 return false; 369 } 370 } 371 372 /** 373 * Checks if the user is assigned a specifie Permission in any of the given 374 * Groups 375 * 376 * @param permissionName the name of the Permission 377 * @param groupset a Groupset 378 * @return <code>true</code> if the user is assigned the Permission in any 379 * of the given Groups. 380 */ 381 public boolean hasPermission(String permissionName, GroupSet groupset) 382 { 383 Permission permission; 384 try 385 { 386 permission = TurbineSecurity.getPermissionByName(permissionName); 387 } 388 catch (TurbineSecurityException e) 389 { 390 return false; 391 } 392 if (permission == null) 393 { 394 return false; 395 } 396 for (Iterator groups = groupset.iterator(); groups.hasNext();) 397 { 398 Group group = (Group) groups.next(); 399 PermissionSet permissions = getPermissions(group); 400 if (permissions != null) 401 { 402 if (permissions.contains(permission)) 403 { 404 return true; 405 } 406 } 407 } 408 return false; 409 } 410 411 /** 412 * Checks if the user is assigned a specific Permission in the global Group. 413 * 414 * @param permission the Permission 415 * @return <code>true</code> if the user is assigned the Permission in the global Group. 416 */ 417 public boolean hasPermission(Permission permission) 418 { 419 return hasPermission(permission, TurbineSecurity.getGlobalGroup()); 420 } 421 422 /** 423 * Checks if the user is assigned a specific Permission in the global Group. 424 * 425 * @param permission the Permission 426 * @return <code>true</code> if the user is assigned the Permission in the global Group. 427 */ 428 public boolean hasPermission(String permission) 429 { 430 try 431 { 432 return hasPermission(TurbineSecurity.getPermissionByName(permission)); 433 } 434 catch (Exception e) 435 { 436 return false; 437 } 438 } 439 440 /** 441 * Returns all groups definded in the system. 442 * 443 * This is useful for debugging, when you want to display all roles 444 * and permissions an user is assingned. This method is needed 445 * because you can't call static methods of TurbineSecurity class 446 * from within WebMacro/Velocity template 447 * 448 * @return A Group [] of all groups in the system. 449 */ 450 public Group[] getAllGroups() 451 { 452 try 453 { 454 return TurbineSecurity.getAllGroups().getGroupsArray(); 455 } 456 catch (TurbineSecurityException e) 457 { 458 return new Group[0]; 459 } 460 } 461 }