Coverage Report - org.apache.turbine.util.template.TemplateSecurityCheck
 
Classes in this File Line Coverage Branch Coverage Complexity
TemplateSecurityCheck
0%
0/43
0%
0/14
1,818
 
 1  
 package org.apache.turbine.util.template;
 2  
 
 3  
 
 4  
 /*
 5  
  * Licensed to the Apache Software Foundation (ASF) under one
 6  
  * or more contributor license agreements.  See the NOTICE file
 7  
  * distributed with this work for additional information
 8  
  * regarding copyright ownership.  The ASF licenses this file
 9  
  * to you under the Apache License, Version 2.0 (the
 10  
  * "License"); you may not use this file except in compliance
 11  
  * with the License.  You may obtain a copy of the License at
 12  
  *
 13  
  *   http://www.apache.org/licenses/LICENSE-2.0
 14  
  *
 15  
  * Unless required by applicable law or agreed to in writing,
 16  
  * software distributed under the License is distributed on an
 17  
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 18  
  * KIND, either express or implied.  See the License for the
 19  
  * specific language governing permissions and limitations
 20  
  * under the License.
 21  
  */
 22  
 
 23  
 
 24  
 import org.apache.fulcrum.security.entity.Permission;
 25  
 import org.apache.fulcrum.security.entity.Role;
 26  
 import org.apache.fulcrum.security.model.turbine.TurbineAccessControlList;
 27  
 import org.apache.fulcrum.security.model.turbine.TurbineUserManager;
 28  
 import org.apache.turbine.Turbine;
 29  
 import org.apache.turbine.TurbineConstants;
 30  
 import org.apache.turbine.services.TurbineServices;
 31  
 import org.apache.turbine.services.template.TurbineTemplate;
 32  
 import org.apache.turbine.util.RunData;
 33  
 
 34  
 /**
 35  
  * Utility class to help check for proper authorization when using
 36  
  * template screens.  Sample usages:
 37  
  *
 38  
  * <p><pre><code>
 39  
  * TemplateSecurityCheck secCheck = new TemplateSecurityCheck( data );
 40  
  * secCheck.setMessage( "Sorry, you do not have permission to " +
 41  
  *                      "access this area." );
 42  
  * secCheck.setFailTemplate("login.wm");
 43  
  * if ( !secCheck.hasRole("ADMIN") )
 44  
  *     return;
 45  
  * </pre></code>
 46  
  *
 47  
  * @author <a href="mbryson@mont.mindspring.com">Dave Bryson</a>
 48  
  * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
 49  
  * @version $Id: TemplateSecurityCheck.java 1524160 2013-09-17 18:37:14Z tv $
 50  
  */
 51  
 public class TemplateSecurityCheck
 52  
 {
 53  0
     private String message =
 54  
             "Sorry, you do not have permission to access this area.";
 55  0
     private String failScreen = TurbineTemplate.getDefaultScreen();
 56  
     private String failTemplate;
 57  0
     private RunData data = null;
 58  
 
 59  
     /**
 60  
      * Constructor.
 61  
      *
 62  
      * @param data A Turbine RunData object.
 63  
      * @param message A String with the message to display upon
 64  
      * failure.
 65  
      */
 66  
     public TemplateSecurityCheck(RunData data, String message)
 67  0
     {
 68  0
         this.data = data;
 69  0
         this.message = message;
 70  0
     }
 71  
 
 72  
     /**
 73  
      * Generic Constructor.
 74  
      *
 75  
      * @param data A Turbine RunData object.
 76  
      */
 77  
     public TemplateSecurityCheck(RunData data)
 78  0
     {
 79  0
         this.data = data;
 80  0
     }
 81  
 
 82  
     /**
 83  
      * Does the User have this role?
 84  
      *
 85  
      * @param role The role to be checked.
 86  
      * @return Whether the user has the role.
 87  
      * @exception Exception Trouble validating.
 88  
      */
 89  
     public boolean hasRole(Role role)
 90  
         throws Exception
 91  
     {
 92  0
         if (!checkLogin())
 93  
         {
 94  0
             return false;
 95  
         }
 96  
 
 97  0
         TurbineAccessControlList acl = data.getACL();
 98  0
         if (acl == null || !acl.hasRole(role))
 99  
         {
 100  0
             data.setScreen(getFailScreen());
 101  0
             data.getTemplateInfo().setScreenTemplate(getFailTemplate());
 102  0
             data.setMessage(getMessage());
 103  0
             return false;
 104  
         }
 105  
 
 106  0
         return true;
 107  
     }
 108  
 
 109  
     /**
 110  
      * Does the User have this permission?
 111  
      *
 112  
      * @param permission The permission to be checked.
 113  
      * @return Whether the user has the permission.
 114  
      * @exception Exception Trouble validating.
 115  
      */
 116  
     public boolean hasPermission(Permission permission)
 117  
         throws Exception
 118  
     {
 119  0
         boolean value = true;
 120  0
         TurbineAccessControlList acl = data.getACL();
 121  0
         if (acl == null || !acl.hasPermission(permission))
 122  
         {
 123  0
             data.setScreen(getFailScreen());
 124  0
             data.getTemplateInfo().setScreenTemplate(getFailTemplate());
 125  0
             data.setMessage(getMessage());
 126  0
             value = false;
 127  
         }
 128  
 
 129  0
         return value;
 130  
     }
 131  
 
 132  
     /**
 133  
      * Check that the user has logged in.
 134  
      *
 135  
      * @return True if user has logged in.
 136  
      * @exception Exception, a generic exception.
 137  
      */
 138  
     public boolean checkLogin()
 139  
         throws Exception
 140  
     {
 141  0
         boolean value = true;
 142  
 
 143  
         // Do it like the AccessController
 144  0
         TurbineUserManager userManager =
 145  
                 (TurbineUserManager)TurbineServices
 146  
                         .getInstance()
 147  
                         .getService(TurbineUserManager.ROLE);
 148  
 
 149  0
         if (!userManager.isAnonymousUser(data.getUser())
 150  
             && !data.getUser().hasLoggedIn())
 151  
         {
 152  0
             data.setMessage(Turbine.getConfiguration()
 153  
                 .getString(TurbineConstants.LOGIN_MESSAGE));
 154  
 
 155  0
             data.getTemplateInfo().setScreenTemplate(getFailTemplate());
 156  0
             value = false;
 157  
         }
 158  
 
 159  0
         return value;
 160  
     }
 161  
 
 162  
     /**
 163  
      * Set the message that should be displayed.  This is initialized
 164  
      * in the constructor.
 165  
      *
 166  
      * @param v A String with the message that should be displayed.
 167  
      */
 168  
     public void setMessage(String v)
 169  
     {
 170  0
         this.message = v;
 171  0
     }
 172  
 
 173  
     /**
 174  
      * Get the message that should be displayed.  This is initialized
 175  
      * in the constructor.
 176  
      *
 177  
      * @return A String with the message that should be displayed.
 178  
      */
 179  
     public String getMessage()
 180  
     {
 181  0
         return message;
 182  
     }
 183  
 
 184  
     /**
 185  
      * Get the value of failScreen.
 186  
      *
 187  
      * @return A String with the value of failScreen.
 188  
      */
 189  
     public String getFailScreen()
 190  
     {
 191  0
         return failScreen;
 192  
     }
 193  
 
 194  
     /**
 195  
      * Set the value of failScreen.
 196  
      *
 197  
      * @param v A String with the value of failScreen.
 198  
      */
 199  
     public void setFailScreen(String v)
 200  
     {
 201  0
         this.failScreen = v;
 202  0
     }
 203  
 
 204  
     /**
 205  
      * Get the value of failTemplate.
 206  
      *
 207  
      * @return A String with the value of failTemplate.
 208  
      */
 209  
     public String getFailTemplate()
 210  
     {
 211  0
         return failTemplate;
 212  
     }
 213  
 
 214  
     /**
 215  
      * Set the value of failTemplate.
 216  
      *
 217  
      * @param v A String with the value of failTemplate.
 218  
      */
 219  
     public void setFailTemplate(String v)
 220  
     {
 221  0
         this.failTemplate = v;
 222  0
     }
 223  
 }