com.manydesigns.portofino.shiro.GroupPermission Maven / Gradle / Ivy

Go to download
/*
 * Copyright (C) 2005-2017 ManyDesigns srl.  All rights reserved.
 * http://www.manydesigns.com/
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 3 of
 * the License, or (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, write to the Free
 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 */

package com.manydesigns.portofino.shiro;

import com.manydesigns.portofino.pages.Permissions;
import com.manydesigns.portofino.security.AccessLevel;
import org.apache.shiro.authz.Permission;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;

/**
 * @author Paolo Predonzani     - [email protected]
 * @author Angelo Lupo          - [email protected]
 * @author Giampiero Granatella - [email protected]
 * @author Alessio Stalla       - [email protected]
 *
 * Permission associated to a Subject which holds the subject's groups.
 */
public class GroupPermission implements Permission {
    public static final String copyright =
            "Copyright (C) 2005-2017 ManyDesigns srl";

    protected final Collection groups;
    public static final Logger logger = LoggerFactory.getLogger(GroupPermission.class);

    public GroupPermission(Collection groups) {
        this.groups = groups;
    }

    public boolean implies(Permission p) {
        if(p instanceof GroupPermission) {
            GroupPermission gp = (GroupPermission) p;
            return gp.groups.containsAll(groups) && groups.containsAll(gp.groups);
        } else if(p instanceof PagePermission) {
            PagePermission pp = (PagePermission) p;
            return hasPermissions
                    (pp.getCalculatedPermissions(), groups, pp.getAccessLevel(), pp.getPermissions());
        }
        return false;
    }

    public static boolean hasPermissions
            (Permissions configuration, Collection groups, AccessLevel level, String... permissions) {
        boolean hasLevel = level == null;
        boolean hasPermissions = true;
        Map permMap = new HashMap(permissions.length);
        for(String groupId : groups) {
            AccessLevel actualLevel = configuration.getActualLevels().get(groupId);
            if(actualLevel == AccessLevel.DENY) {
                return false;
            } else if(!hasLevel &&
                      actualLevel != null &&
                      actualLevel.isGreaterThanOrEqual(level)) {
                hasLevel = true;
            }

            Set perms = configuration.getActualPermissions().get(groupId);
            if(perms != null) {
                for(String permission : permissions) {
                    if(perms.contains(permission)) {
                        permMap.put(permission, true);
                    }
                }
            }
        }

        for(String permission : permissions) {
            hasPermissions &= permMap.containsKey(permission);
        }

        hasPermissions = hasLevel && hasPermissions;
        if(!hasPermissions) {
            logger.debug("User does not have permissions. User's groups: {}", groups);
        }
        return hasPermissions;
    }
}