Coverage Report - org.apache.turbine.util.SecurityCheck
 
Classes in this File Line Coverage Branch Coverage Complexity
SecurityCheck
0%
0/61
0%
0/20
2,75
 
 1  
 package org.apache.turbine.util;
 2  
 
 3  
 
 4  
 /*
 5  
  * Licensed to the Apache Software Foundation (ASF) under one
 6  
  * or more contributor license agreements.  See the NOTICE file
 7  
  * distributed with this work for additional information
 8  
  * regarding copyright ownership.  The ASF licenses this file
 9  
  * to you under the Apache License, Version 2.0 (the
 10  
  * "License"); you may not use this file except in compliance
 11  
  * with the License.  You may obtain a copy of the License at
 12  
  *
 13  
  *   http://www.apache.org/licenses/LICENSE-2.0
 14  
  *
 15  
  * Unless required by applicable law or agreed to in writing,
 16  
  * software distributed under the License is distributed on an
 17  
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 18  
  * KIND, either express or implied.  See the License for the
 19  
  * specific language governing permissions and limitations
 20  
  * under the License.
 21  
  */
 22  
 
 23  
 
 24  
 import org.apache.fulcrum.security.SecurityService;
 25  
 import org.apache.fulcrum.security.entity.Permission;
 26  
 import org.apache.fulcrum.security.entity.Role;
 27  
 import org.apache.fulcrum.security.model.turbine.TurbineAccessControlList;
 28  
 import org.apache.fulcrum.security.model.turbine.TurbineModelManager;
 29  
 import org.apache.fulcrum.security.util.RoleSet;
 30  
 import org.apache.fulcrum.security.util.UnknownEntityException;
 31  
 import org.apache.turbine.services.TurbineServices;
 32  
 
 33  
 /**
 34  
  * Utility for doing security checks in Screens and Actions.
 35  
  *
 36  
  * Sample usage:<br>
 37  
  *
 38  
  * <pre><code>
 39  
  * SecurityCheck mycheck =
 40  
  *   new SecurityCheck(data, "Unauthorized to do this!", "WrongPermission");
 41  
  * if (!mycheck.hasPermission("add_user");
 42  
  *   return;
 43  
  *</code></pre>
 44  
  *
 45  
  * @author <a href="mailto:mbryson@mindspring.com">Dave Bryson</a>
 46  
  * @author <a href="jh@byteaction.de">J&#252;rgen Hoffmann</a>
 47  
  * @version $Id: SecurityCheck.java 1706239 2015-10-01 13:18:35Z tv $
 48  
  */
 49  
 public class SecurityCheck
 50  
 {
 51  
     private String message;
 52  
 
 53  
     private String failScreen;
 54  
 
 55  0
     private RunData data = null;
 56  
 
 57  0
     private SecurityService securityService = null;
 58  
 
 59  
     /**
 60  
      * Holds information if a missing Permission or Role should be created and granted on-the-fly.
 61  
      * This is good behavior, if these change a lot.
 62  
      */
 63  
     private boolean initialize;
 64  
 
 65  
     /**
 66  
      * Constructor.
 67  
      *
 68  
      * @param data A Turbine RunData object.
 69  
      * @param message The message to display upon failure.
 70  
      * @param failedScreen The screen to redirect to upon failure.
 71  
      */
 72  
     public SecurityCheck(RunData data,
 73  
                          String message,
 74  
                          String failedScreen)
 75  
     {
 76  0
         this(data, message, failedScreen, false);
 77  0
     }
 78  
 
 79  
     /**
 80  
      * Constructor.
 81  
      *
 82  
      * @param data
 83  
      *            A Turbine RunData object.
 84  
      * @param message
 85  
      *            The message to display upon failure.
 86  
      * @param failedScreen
 87  
      *            The screen to redirect to upon failure.
 88  
      * @param initialize
 89  
      *            if a non-existing Permission or Role should be created.
 90  
      */
 91  
     public SecurityCheck(RunData data, String message, String failedScreen, boolean initialize)
 92  0
     {
 93  0
         this.data = data;
 94  0
         this.message = message;
 95  0
         this.failScreen = failedScreen;
 96  0
         this.initialize = initialize;
 97  0
         this.securityService = (SecurityService)TurbineServices
 98  
                     .getInstance()
 99  
                     .getService(SecurityService.ROLE);
 100  0
     }
 101  
 
 102  
     /**
 103  
      * Does the user have this role?
 104  
      *
 105  
      * @param role A Role.
 106  
      * @return True if the user has this role.
 107  
      * @exception Exception, a generic exception.
 108  
      */
 109  
     public boolean hasRole(Role role)
 110  
             throws Exception
 111  
     {
 112  0
         boolean value = false;
 113  0
         TurbineAccessControlList acl = data.getACL();
 114  0
         if (acl == null ||
 115  
             !acl.hasRole(role))
 116  
         {
 117  0
             data.setScreen(failScreen);
 118  0
             data.setMessage(message);
 119  
         }
 120  
         else
 121  
         {
 122  0
             value = true;
 123  
         }
 124  0
         return value;
 125  
     }
 126  
 
 127  
     /**
 128  
      * Does the user have this role?
 129  
      *
 130  
      * @param role
 131  
      *            A String.
 132  
      * @return True if the user has this role.
 133  
      * @exception Exception,
 134  
      *                a generic exception.
 135  
      */
 136  
     public boolean hasRole(String role) throws Exception
 137  
     {
 138  0
         Role roleObject = null;
 139  
 
 140  
         try
 141  
         {
 142  0
             roleObject = securityService.getRoleManager().getRoleByName(role);
 143  
         }
 144  0
         catch (UnknownEntityException e)
 145  
         {
 146  0
             if(initialize)
 147  
             {
 148  0
                 roleObject = securityService.getRoleManager().getRoleInstance(role);
 149  0
                 securityService.getRoleManager().addRole(roleObject);
 150  0
                 TurbineModelManager modelManager = (TurbineModelManager)securityService.getModelManager();
 151  0
                 modelManager.grant(data.getUser(), modelManager.getGlobalGroup(), roleObject);
 152  0
             }
 153  
             else
 154  
             {
 155  0
                 throw(e);
 156  
             }
 157  0
         }
 158  
 
 159  0
         return hasRole(roleObject);
 160  
     }
 161  
 
 162  
     /**
 163  
      * Does the user have this permission?
 164  
      *
 165  
      * @param permission A Permission.
 166  
      * @return True if the user has this permission.
 167  
      * @exception Exception, a generic exception.
 168  
      */
 169  
     public boolean hasPermission(Permission permission)
 170  
             throws Exception
 171  
     {
 172  0
         boolean value = false;
 173  0
         TurbineAccessControlList acl = data.getACL();
 174  0
         if (acl == null ||
 175  
             !acl.hasPermission(permission))
 176  
         {
 177  0
             data.setScreen(failScreen);
 178  0
             data.setMessage(message);
 179  
         }
 180  
         else
 181  
         {
 182  0
             value = true;
 183  
         }
 184  0
         return value;
 185  
     }
 186  
 
 187  
     /**
 188  
      * Does the user have this permission? If initialize is set to <code>true</code>
 189  
      * The permission will be created and granted to the first available Role of
 190  
      * the user, that the SecurityCheck is running against.
 191  
      *
 192  
      * If the User has no Roles, the first Role via TurbineSecurity is granted the
 193  
      * permission.
 194  
      *
 195  
      * @param permission
 196  
      *            A String.
 197  
      * @return True if the user has this permission.
 198  
      * @exception Exception,
 199  
      *                a generic exception.
 200  
      */
 201  
     public boolean hasPermission(String permission)
 202  
             throws Exception
 203  
     {
 204  0
         Permission permissionObject = null;
 205  
         try
 206  
         {
 207  0
             permissionObject = securityService.getPermissionManager().getPermissionByName(permission);
 208  
         }
 209  0
         catch (UnknownEntityException e)
 210  
         {
 211  0
             if(initialize)
 212  
             {
 213  0
                 permissionObject = securityService.getPermissionManager().getPermissionInstance(permission);
 214  0
                 securityService.getPermissionManager().addPermission(permissionObject);
 215  
 
 216  0
                 Role role = null;
 217  0
                 TurbineAccessControlList acl = data.getACL();
 218  0
                 RoleSet roles = acl.getRoles();
 219  0
                 if(roles.size() > 0)
 220  
                 {
 221  0
                                         role = roles.toArray(new Role[0])[0];
 222  
                                 }
 223  
 
 224  0
                 if(role == null)
 225  
                 {
 226  
                     /*
 227  
                      * The User within data has no roles yet, let us grant the permission
 228  
                      * to the first role available through TurbineSecurity.
 229  
                      */
 230  0
                     roles = securityService.getRoleManager().getAllRoles();
 231  0
                     if(roles.size() > 0)
 232  
                     {
 233  0
                                                 role = roles.toArray(new Role[0])[0];
 234  
                                         }
 235  
                 }
 236  
 
 237  0
                 if(role != null)
 238  
                 {
 239  
                     /*
 240  
                      * If we have no role, there is nothing we can do about it. So only grant it,
 241  
                      * if we have a role to grant it to.
 242  
                      */
 243  0
                     TurbineModelManager modelManager = (TurbineModelManager)securityService.getModelManager();
 244  0
                     modelManager.grant(role, permissionObject);
 245  
                 }
 246  0
             }
 247  
             else
 248  
             {
 249  0
                 throw(e);
 250  
             }
 251  0
         }
 252  
 
 253  0
         return hasPermission(permissionObject);
 254  
     }
 255  
 
 256  
     /**
 257  
      * Get the message that should be displayed.  This is initialized
 258  
      * in the constructor.
 259  
      *
 260  
      * @return A String.
 261  
      */
 262  
     public String getMessage()
 263  
     {
 264  0
         return message;
 265  
     }
 266  
 
 267  
     /**
 268  
      * Get the screen that should be displayed.  This is initialized
 269  
      * in the constructor.
 270  
      *
 271  
      * @return A String.
 272  
      */
 273  
     public String getFailScreen()
 274  
     {
 275  0
         return failScreen;
 276  
     }
 277  
 }