001package org.apache.turbine.util.template;
002
003
004/*
005 * Licensed to the Apache Software Foundation (ASF) under one
006 * or more contributor license agreements.  See the NOTICE file
007 * distributed with this work for additional information
008 * regarding copyright ownership.  The ASF licenses this file
009 * to you under the Apache License, Version 2.0 (the
010 * "License"); you may not use this file except in compliance
011 * with the License.  You may obtain a copy of the License at
012 *
013 *   http://www.apache.org/licenses/LICENSE-2.0
014 *
015 * Unless required by applicable law or agreed to in writing,
016 * software distributed under the License is distributed on an
017 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
018 * KIND, either express or implied.  See the License for the
019 * specific language governing permissions and limitations
020 * under the License.
021 */
022
023
024import org.apache.fulcrum.security.entity.Permission;
025import org.apache.fulcrum.security.entity.Role;
026import org.apache.fulcrum.security.model.turbine.TurbineAccessControlList;
027import org.apache.fulcrum.security.model.turbine.TurbineUserManager;
028import org.apache.turbine.Turbine;
029import org.apache.turbine.TurbineConstants;
030import org.apache.turbine.services.TurbineServices;
031import org.apache.turbine.services.template.TurbineTemplate;
032import org.apache.turbine.util.RunData;
033
034/**
035 * Utility class to help check for proper authorization when using
036 * template screens.  Sample usages:
037 *
038 * <p><pre><code>
039 * TemplateSecurityCheck secCheck = new TemplateSecurityCheck( data );
040 * secCheck.setMessage( "Sorry, you do not have permission to " +
041 *                      "access this area." );
042 * secCheck.setFailTemplate("login.wm");
043 * if ( !secCheck.hasRole("ADMIN") )
044 *     return;
045 * </pre></code>
046 *
047 * @author <a href="mbryson@mont.mindspring.com">Dave Bryson</a>
048 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
049 * @version $Id: TemplateSecurityCheck.java 1524160 2013-09-17 18:37:14Z tv $
050 */
051public class TemplateSecurityCheck
052{
053    private String message =
054            "Sorry, you do not have permission to access this area.";
055    private String failScreen = TurbineTemplate.getDefaultScreen();
056    private String failTemplate;
057    private RunData data = null;
058
059    /**
060     * Constructor.
061     *
062     * @param data A Turbine RunData object.
063     * @param message A String with the message to display upon
064     * failure.
065     */
066    public TemplateSecurityCheck(RunData data, String message)
067    {
068        this.data = data;
069        this.message = message;
070    }
071
072    /**
073     * Generic Constructor.
074     *
075     * @param data A Turbine RunData object.
076     */
077    public TemplateSecurityCheck(RunData data)
078    {
079        this.data = data;
080    }
081
082    /**
083     * Does the User have this role?
084     *
085     * @param role The role to be checked.
086     * @return Whether the user has the role.
087     * @exception Exception Trouble validating.
088     */
089    public boolean hasRole(Role role)
090        throws Exception
091    {
092        if (!checkLogin())
093        {
094            return false;
095        }
096
097        TurbineAccessControlList acl = data.getACL();
098        if (acl == null || !acl.hasRole(role))
099        {
100            data.setScreen(getFailScreen());
101            data.getTemplateInfo().setScreenTemplate(getFailTemplate());
102            data.setMessage(getMessage());
103            return false;
104        }
105
106        return true;
107    }
108
109    /**
110     * Does the User have this permission?
111     *
112     * @param permission The permission to be checked.
113     * @return Whether the user has the permission.
114     * @exception Exception Trouble validating.
115     */
116    public boolean hasPermission(Permission permission)
117        throws Exception
118    {
119        boolean value = true;
120        TurbineAccessControlList acl = data.getACL();
121        if (acl == null || !acl.hasPermission(permission))
122        {
123            data.setScreen(getFailScreen());
124            data.getTemplateInfo().setScreenTemplate(getFailTemplate());
125            data.setMessage(getMessage());
126            value = false;
127        }
128
129        return value;
130    }
131
132    /**
133     * Check that the user has logged in.
134     *
135     * @return True if user has logged in.
136     * @exception Exception, a generic exception.
137     */
138    public boolean checkLogin()
139        throws Exception
140    {
141        boolean value = true;
142
143        // Do it like the AccessController
144        TurbineUserManager userManager =
145                (TurbineUserManager)TurbineServices
146                        .getInstance()
147                        .getService(TurbineUserManager.ROLE);
148
149        if (!userManager.isAnonymousUser(data.getUser())
150            && !data.getUser().hasLoggedIn())
151        {
152            data.setMessage(Turbine.getConfiguration()
153                .getString(TurbineConstants.LOGIN_MESSAGE));
154
155            data.getTemplateInfo().setScreenTemplate(getFailTemplate());
156            value = false;
157        }
158
159        return value;
160    }
161
162    /**
163     * Set the message that should be displayed.  This is initialized
164     * in the constructor.
165     *
166     * @param v A String with the message that should be displayed.
167     */
168    public void setMessage(String v)
169    {
170        this.message = v;
171    }
172
173    /**
174     * Get the message that should be displayed.  This is initialized
175     * in the constructor.
176     *
177     * @return A String with the message that should be displayed.
178     */
179    public String getMessage()
180    {
181        return message;
182    }
183
184    /**
185     * Get the value of failScreen.
186     *
187     * @return A String with the value of failScreen.
188     */
189    public String getFailScreen()
190    {
191        return failScreen;
192    }
193
194    /**
195     * Set the value of failScreen.
196     *
197     * @param v A String with the value of failScreen.
198     */
199    public void setFailScreen(String v)
200    {
201        this.failScreen = v;
202    }
203
204    /**
205     * Get the value of failTemplate.
206     *
207     * @return A String with the value of failTemplate.
208     */
209    public String getFailTemplate()
210    {
211        return failTemplate;
212    }
213
214    /**
215     * Set the value of failTemplate.
216     *
217     * @param v A String with the value of failTemplate.
218     */
219    public void setFailTemplate(String v)
220    {
221        this.failTemplate = v;
222    }
223}