• Home
• org.beangle.ems
• beangle-ems-web
• 3.5.3
• source code
• SecurityHelper.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.beangle.ems.web.helper.SecurityHelper Maven / Gradle / Ivy

/*
 * Beangle, Agile Development Scaffold and Toolkit
 *
 * Copyright (c) 2005-2016, Beangle Software.
 *
 * Beangle is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * Beangle is distributed in the hope that it will be useful.
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with Beangle.  If not, see .
 */
package org.beangle.ems.web.helper;

import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Set;

import org.apache.struts2.ServletActionContext;
import org.beangle.commons.bean.PropertyUtils;
import org.beangle.commons.collection.CollectUtils;
import org.beangle.commons.dao.query.builder.OqlBuilder;
import org.beangle.commons.web.util.RequestUtils;
import org.beangle.security.access.AccessDeniedException;
import org.beangle.security.blueprint.Dimension;
import org.beangle.security.blueprint.Profile;
import org.beangle.security.blueprint.SecurityUtils;
import org.beangle.security.blueprint.User;
import org.beangle.security.blueprint.data.DataPermission;
import org.beangle.security.blueprint.data.service.DataPermissionService;
import org.beangle.security.blueprint.function.FuncResource;
import org.beangle.security.blueprint.function.service.FuncPermissionService;
import org.beangle.security.blueprint.nav.service.MenuService;
import org.beangle.security.blueprint.service.ProfileService;
import org.beangle.security.blueprint.service.UserService;
import org.beangle.security.web.auth.AuthenticationService;

import com.opensymphony.xwork2.ActionContext;

public class SecurityHelper {

  private static final String ProfileIdSessionAttributeName = "security.profileId";

  private FuncPermissionService funcPermissionService;

  private DataPermissionService dataPermissionService;

  private ProfileService profileService;

  private UserService userService;

  private MenuService menuService;

  private AuthenticationService authenticationService;

  public List getProfiles() {
    return getProfiles(userService.get(SecurityUtils.getUsername()), getResource());
  }

  public Profile getSessionProfile() {
    Object profileId = ActionContext.getContext().getSession().get(ProfileIdSessionAttributeName);
    if (null == profileId) return null;
    else return profileService.get((Long) profileId);
  }

  public void setSessionProfile(Profile profile) {
    if (null == profile) {
      ActionContext.getContext().getSession().remove(ProfileIdSessionAttributeName);
    } else {
      ActionContext.getContext().getSession().put(ProfileIdSessionAttributeName,
          PropertyUtils.getProperty(profile, "id"));
    }
  }

  private List getProfiles(User user, FuncResource resource) {
    List profiles = profileService.getProfiles(user, resource);
    Object profileId = ActionContext.getContext().getSession().get(ProfileIdSessionAttributeName);
    if (null == profileId) return profiles;
    else {
      Profile sessionProfile = null;
      for (Profile p : profiles) {
        if (PropertyUtils.getProperty(p, "id").equals(profileId)) {
          sessionProfile = p;
          break;
        }
      }
      if (null == sessionProfile) {
        throw new AccessDeniedException(resource.getName(), "error.security.errorprofile");
      } else return Collections.singletonList(sessionProfile);
    }
  }

  public FuncResource getResource() {
    String resourceName = SecurityUtils.getResource();
    if (null == resourceName) {
      resourceName = funcPermissionService
          .extractResource(RequestUtils.getServletPath(ServletActionContext.getRequest()));
    }
    return funcPermissionService.getResource(resourceName);
  }

  protected boolean isAdmin() {
    return funcPermissionService.getUserService().isRoot(SecurityUtils.getUsername());
  }

  @SuppressWarnings({ "unchecked" })
  public  List getProperties(String name) {
    List profiles = getProfiles(userService.get(SecurityUtils.getUsername()), getResource());
    Dimension field = profileService.getDimension(name);
    Set results = CollectUtils.newHashSet();
    for (Profile profile : profiles) {
      Object prop = profileService.getProperty(profile, field);
      if (prop instanceof Collection) results.addAll((Collection) prop);
      else results.add((T) prop);
    }
    return CollectUtils.newArrayList(results);
  }

  public void applyPermission(OqlBuilder query) {
    User user = userService.get(SecurityUtils.getUsername());

    if (userService.isRoot(user)) return;

    DataPermission dp = dataPermissionService.getPermission(user, query.getEntityClass().getName(),
        SecurityUtils.getResource());
    if (null == dp) return;
    List profiles = getProfiles(user, getResource());

    if (profiles.isEmpty())
      throw new AccessDeniedException(SecurityUtils.getResource(), "error.security.errorprofile");

    dataPermissionService.apply(query, dp, profiles);
  }

  public void setFuncPermissionService(FuncPermissionService funcPermissionService) {
    this.funcPermissionService = funcPermissionService;
  }

  public void setDataPermissionService(DataPermissionService dataPermissionService) {
    this.dataPermissionService = dataPermissionService;
  }

  public void setProfileService(ProfileService profileService) {
    this.profileService = profileService;
  }

  public FuncPermissionService getFuncPermissionService() {
    return funcPermissionService;
  }

  public DataPermissionService getDataPermissionService() {
    return dataPermissionService;
  }

  public ProfileService getProfileService() {
    return profileService;
  }

  public UserService getUserService() {
    return userService;
  }

  public void setUserService(UserService userService) {
    this.userService = userService;
  }

  public MenuService getMenuService() {
    return menuService;
  }

  public void setMenuService(MenuService menuService) {
    this.menuService = menuService;
  }

  public AuthenticationService getAuthenticationService() {
    return authenticationService;
  }

  public void setAuthenticationService(AuthenticationService authenticationService) {
    this.authenticationService = authenticationService;
  }

}