All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.appng.api.support.DefaultPermissionProcessor Maven / Gradle / Ivy

/*
 * Copyright 2011-2019 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.appng.api.support;

import java.util.Collection;
import java.util.List;
import java.util.Set;

import org.appng.api.PermissionOwner;
import org.appng.api.PermissionProcessor;
import org.appng.api.model.Application;
import org.appng.api.model.Group;
import org.appng.api.model.Role;
import org.appng.api.model.Site;
import org.appng.api.model.Subject;
import org.appng.xml.platform.FieldDef;
import org.appng.xml.platform.FieldPermissionType;
import org.appng.xml.platform.FieldPermissions;
import org.appng.xml.platform.Permission;
import org.appng.xml.platform.PermissionMode;

import lombok.extern.slf4j.Slf4j;

/**
 * Default {@link PermissionProcessor} implementation.
 * 
 * @author Matthias Müller
 * 
 */
@Slf4j
public class DefaultPermissionProcessor implements PermissionProcessor {

	static final String PREFIX_ANONYMOUS = "anonymous";

	private Site site;
	private Application application;

	private Subject subject;

	/**
	 * Creates a new DefaultPermissionProcessor for the given {@link Subject}. The current {@link Subject} uses the
	 * given {@link Application} on the given {@link Site}.
	 * 
	 * @param subject
	 *            the current {@link Subject} (if any)
	 * @param site
	 *            the {@link Site} currently used by the {@link Subject}
	 * @param application
	 *            the {@link Application} currently used by the {@link Subject}
	 */
	public DefaultPermissionProcessor(Subject subject, Site site, Application application) {
		this.site = site;
		this.application = application;
		this.subject = subject;
		LOGGER.debug("created PermissionProcessor for {}", getPrefix());
	}

	private String getPrefix() {
		return (null == subject ? "{[no user]" : ("user '" + subject.getName() + "'")) + " in application '"
				+ application.getName() + "' of site '" + site.getName() + "'";
	}

	/*
	 * (non-Javadoc)
	 * 
	 * @see org.appng.api.PermissionProcessor#hasPermissions(org.appng.api. PermissionOwner)
	 */
	public boolean hasPermissions(PermissionOwner permissionOwner) {
		boolean hasAccess = true;
		Collection permissionList = permissionOwner.getPermissions();
		if (permissionList != null) {
			LOGGER.trace("checking permissions for {}", permissionOwner.getName());
			hasAccess = hasPermissions(permissionList);
		} else {
			LOGGER.trace("no permissions given for {}", permissionOwner.getName());
		}
		if (hasAccess) {
			LOGGER.debug("permission granted for {}", permissionOwner.getName());
		} else {
			LOGGER.debug("permission denied for {}", permissionOwner.getName());
		}
		return hasAccess;
	}

	private boolean hasPermissions(Collection permissionList) {
		boolean hasAccess = true;
		for (Permission permission : permissionList) {
			if (!permission.getRef().startsWith(PREFIX_ANONYMOUS)) {
				PermissionMode mode = permission.getMode();
				boolean hasPermission = hasPermission(permission);
				permission.setValue(Boolean.toString(hasPermission));
				if (PermissionMode.SET.equals(mode)) {
					hasAccess &= hasPermission;
				} else if (mode == null) {
					permission.setMode(PermissionMode.READ);
				}
			}
		}
		return hasAccess;
	}

	/*
	 * (non-Javadoc)
	 * 
	 * @see org.appng.api.PermissionProcessor#hasPermission(java.lang.String)
	 */
	public boolean hasPermission(String permissionRef) {
		Permission permission = new Permission();
		permission.setRef(permissionRef);
		return hasPermission(permission);
	}

	private boolean hasPermission(Permission permission) {
		if (null == subject) {
			LOGGER.debug("no subject given, so permission '{}' is not present", permission.getRef());
			return false;
		}
		List groups = subject.getGroups();
		LOGGER.debug("checking permission '{}' for subject '{}'", permission.getRef(), subject.getName());
		if (groups == null || groups.size() == 0) {
			LOGGER.info("subject '{}' does not belong to any group, thus has no permissions", subject.getName());
		}
		for (Group group : groups) {
			LOGGER.debug("{} belongs to group {}", subject.getName(), group.getName());
			if (0 == group.getRoles().size()) {
				LOGGER.debug("group '{}' does not contain any applicationroles!", group.getName());
			}
			for (Role role : group.getRoles()) {
				Application applicationFromRole = role.getApplication();
				if (null == applicationFromRole) {
					LOGGER.warn("invalid Role#{}, no Application set for role!", role.getId());
					continue;
				}
				LOGGER.debug("'{}' contains role '{}' from application '{}'", group.getName(), role.getName(),
						applicationFromRole.getName());
				if (null != application && application.equals(applicationFromRole)) {
					Set permissionsFromRole = role.getPermissions();
					if (0 == permissionsFromRole.size()) {
						LOGGER.debug("role '{}' does not contain any permissions!", role.getName());
					}
					for (org.appng.api.model.Permission p : permissionsFromRole) {
						if (p.getName().equals(permission.getRef())) {
							LOGGER.debug("found required permission '{}'", p.getName());
							return true;
						} else {
							LOGGER.trace("skipping permission '{}', (required '{}')", p.getName(), permission.getRef());
						}
					}
				}
			}
		}
		return false;
	}

	/*
	 * (non-Javadoc)
	 * 
	 * @see org.appng.api.PermissionProcessor#hasWritePermission(org.appng.xml.api .FieldDef)
	 */
	public boolean hasWritePermission(FieldDef fieldDefinition) {
		boolean isWriteable = !Boolean.TRUE.toString().equalsIgnoreCase(fieldDefinition.getReadonly());
		return hasPermission(fieldDefinition, FieldPermissionType.WRITE, isWriteable);
	}

	/*
	 * (non-Javadoc)
	 * 
	 * @see org.appng.api.PermissionProcessor#hasReadPermission(org.appng.xml.api .FieldDef)
	 */
	public boolean hasReadPermission(FieldDef fieldDefinition) {
		return hasPermission(fieldDefinition, FieldPermissionType.READ, true);
	}

	private boolean hasPermission(FieldDef fieldDefinition, FieldPermissionType type, boolean precondition) {
		List permissions = fieldDefinition.getPermissions();
		if (null != permissions) {
			for (FieldPermissions fieldPermissions : permissions) {
				FieldPermissionType mode = fieldPermissions.getMode();
				if (mode == null || type.equals(mode)) {
					return precondition && hasPermissions(fieldPermissions.getPermission());
				}
			}
		}
		return precondition;
	}

}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy