001package org.apache.turbine.util.template; 002 003 004/* 005 * Licensed to the Apache Software Foundation (ASF) under one 006 * or more contributor license agreements. See the NOTICE file 007 * distributed with this work for additional information 008 * regarding copyright ownership. The ASF licenses this file 009 * to you under the Apache License, Version 2.0 (the 010 * "License"); you may not use this file except in compliance 011 * with the License. You may obtain a copy of the License at 012 * 013 * http://www.apache.org/licenses/LICENSE-2.0 014 * 015 * Unless required by applicable law or agreed to in writing, 016 * software distributed under the License is distributed on an 017 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 018 * KIND, either express or implied. See the License for the 019 * specific language governing permissions and limitations 020 * under the License. 021 */ 022 023 024import org.apache.fulcrum.security.entity.Permission; 025import org.apache.fulcrum.security.entity.Role; 026import org.apache.fulcrum.security.model.turbine.TurbineAccessControlList; 027import org.apache.fulcrum.security.model.turbine.TurbineUserManager; 028import org.apache.turbine.Turbine; 029import org.apache.turbine.TurbineConstants; 030import org.apache.turbine.services.TurbineServices; 031import org.apache.turbine.services.template.TurbineTemplate; 032import org.apache.turbine.util.RunData; 033 034/** 035 * Utility class to help check for proper authorization when using 036 * template screens. Sample usages: 037 * 038 * <p><pre><code> 039 * TemplateSecurityCheck secCheck = new TemplateSecurityCheck( data ); 040 * secCheck.setMessage( "Sorry, you do not have permission to " + 041 * "access this area." ); 042 * secCheck.setFailTemplate("login.wm"); 043 * if ( !secCheck.hasRole("ADMIN") ) 044 * return; 045 * </pre></code> 046 * 047 * @author <a href="mbryson@mont.mindspring.com">Dave Bryson</a> 048 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> 049 * @version $Id: TemplateSecurityCheck.java 1524160 2013-09-17 18:37:14Z tv $ 050 */ 051public class TemplateSecurityCheck 052{ 053 private String message = 054 "Sorry, you do not have permission to access this area."; 055 private String failScreen = TurbineTemplate.getDefaultScreen(); 056 private String failTemplate; 057 private RunData data = null; 058 059 /** 060 * Constructor. 061 * 062 * @param data A Turbine RunData object. 063 * @param message A String with the message to display upon 064 * failure. 065 */ 066 public TemplateSecurityCheck(RunData data, String message) 067 { 068 this.data = data; 069 this.message = message; 070 } 071 072 /** 073 * Generic Constructor. 074 * 075 * @param data A Turbine RunData object. 076 */ 077 public TemplateSecurityCheck(RunData data) 078 { 079 this.data = data; 080 } 081 082 /** 083 * Does the User have this role? 084 * 085 * @param role The role to be checked. 086 * @return Whether the user has the role. 087 * @exception Exception Trouble validating. 088 */ 089 public boolean hasRole(Role role) 090 throws Exception 091 { 092 if (!checkLogin()) 093 { 094 return false; 095 } 096 097 TurbineAccessControlList acl = data.getACL(); 098 if (acl == null || !acl.hasRole(role)) 099 { 100 data.setScreen(getFailScreen()); 101 data.getTemplateInfo().setScreenTemplate(getFailTemplate()); 102 data.setMessage(getMessage()); 103 return false; 104 } 105 106 return true; 107 } 108 109 /** 110 * Does the User have this permission? 111 * 112 * @param permission The permission to be checked. 113 * @return Whether the user has the permission. 114 * @exception Exception Trouble validating. 115 */ 116 public boolean hasPermission(Permission permission) 117 throws Exception 118 { 119 boolean value = true; 120 TurbineAccessControlList acl = data.getACL(); 121 if (acl == null || !acl.hasPermission(permission)) 122 { 123 data.setScreen(getFailScreen()); 124 data.getTemplateInfo().setScreenTemplate(getFailTemplate()); 125 data.setMessage(getMessage()); 126 value = false; 127 } 128 129 return value; 130 } 131 132 /** 133 * Check that the user has logged in. 134 * 135 * @return True if user has logged in. 136 * @exception Exception, a generic exception. 137 */ 138 public boolean checkLogin() 139 throws Exception 140 { 141 boolean value = true; 142 143 // Do it like the AccessController 144 TurbineUserManager userManager = 145 (TurbineUserManager)TurbineServices 146 .getInstance() 147 .getService(TurbineUserManager.ROLE); 148 149 if (!userManager.isAnonymousUser(data.getUser()) 150 && !data.getUser().hasLoggedIn()) 151 { 152 data.setMessage(Turbine.getConfiguration() 153 .getString(TurbineConstants.LOGIN_MESSAGE)); 154 155 data.getTemplateInfo().setScreenTemplate(getFailTemplate()); 156 value = false; 157 } 158 159 return value; 160 } 161 162 /** 163 * Set the message that should be displayed. This is initialized 164 * in the constructor. 165 * 166 * @param v A String with the message that should be displayed. 167 */ 168 public void setMessage(String v) 169 { 170 this.message = v; 171 } 172 173 /** 174 * Get the message that should be displayed. This is initialized 175 * in the constructor. 176 * 177 * @return A String with the message that should be displayed. 178 */ 179 public String getMessage() 180 { 181 return message; 182 } 183 184 /** 185 * Get the value of failScreen. 186 * 187 * @return A String with the value of failScreen. 188 */ 189 public String getFailScreen() 190 { 191 return failScreen; 192 } 193 194 /** 195 * Set the value of failScreen. 196 * 197 * @param v A String with the value of failScreen. 198 */ 199 public void setFailScreen(String v) 200 { 201 this.failScreen = v; 202 } 203 204 /** 205 * Get the value of failTemplate. 206 * 207 * @return A String with the value of failTemplate. 208 */ 209 public String getFailTemplate() 210 { 211 return failTemplate; 212 } 213 214 /** 215 * Set the value of failTemplate. 216 * 217 * @param v A String with the value of failTemplate. 218 */ 219 public void setFailTemplate(String v) 220 { 221 this.failTemplate = v; 222 } 223}