2 * Copyright (C) 2009 EDIT
3 * European Distributed Institute of Taxonomy
4 * http://www.e-taxonomy.eu
6 * The contents of this file are subject to the Mozilla Public License Version 1.1
7 * See LICENSE.TXT at the top of this package for the full license terms.
9 package eu
.etaxonomy
.cdm
.persistence
.hibernate
.permission
;
11 import java
.io
.Serializable
;
12 import java
.util
.Collection
;
13 import java
.util
.UUID
;
15 import org
.apache
.log4j
.Logger
;
16 import org
.springframework
.security
.access
.PermissionEvaluator
;
17 import org
.springframework
.security
.core
.Authentication
;
18 import org
.springframework
.security
.core
.GrantedAuthority
;
20 import eu
.etaxonomy
.cdm
.model
.common
.CdmBase
;
21 import eu
.etaxonomy
.cdm
.model
.common
.User
;
22 import eu
.etaxonomy
.cdm
.model
.description
.DescriptionBase
;
23 import eu
.etaxonomy
.cdm
.model
.description
.DescriptionElementBase
;
24 import eu
.etaxonomy
.cdm
.model
.taxon
.TaxonNode
;
30 public class CdmPermissionEvaluator
implements PermissionEvaluator
{
31 protected static final Logger logger
= Logger
.getLogger(CdmPermissionEvaluator
.class);
36 public boolean hasPermission(Authentication authentication
,
37 Serializable targetId
, String targetType
, Object permission
) {
38 logger
.info("hasPermission returns false");
39 // TODO Auto-generated method stub
44 public boolean hasPermission(Authentication authentication
,
45 Object targetDomainObject
, Object permission
) {
48 AuthorityPermission evalPermission
;
49 CdmPermission cdmPermission
;
50 if (!(permission
instanceof CdmPermission
)){
51 String permissionString
= (String
)permission
;
52 if (permissionString
.equals("changePassword")){
53 if (targetDomainObject
.equals(((User
)authentication
.getPrincipal())))return true;
55 cdmPermission
= CdmPermission
.ADMIN
;
58 cdmPermission
= CdmPermission
.valueOf(permissionString
);
61 cdmPermission
= (CdmPermission
)permission
;
64 Collection
<GrantedAuthority
> authorities
= ((User
)authentication
.getPrincipal()).getAuthorities();
67 //evalPermission = new AuthorityPermission(targetDomainObject.getClass().getSimpleName().toUpperCase(), cdmPermission, ((CdmBase)targetDomainObject).getUuid());
68 evalPermission
= new AuthorityPermission(targetDomainObject
, cdmPermission
, ((CdmBase
)targetDomainObject
).getUuid());
69 }catch(NullPointerException e
){
70 //evalPermission = new AuthorityPermission(targetDomainObject.getClass().getSimpleName().toUpperCase(), cdmPermission, null);
71 evalPermission
= new AuthorityPermission(targetDomainObject
, cdmPermission
, null);
75 if (evalPermission
.className
!= null) {
76 return evalPermission(authorities
, evalPermission
,
77 (CdmBase
) targetDomainObject
);
85 private TaxonNode
findTargetUuidInTree(UUID targetUuid
, TaxonNode node
){
86 if (targetUuid
.equals(node
.getUuid()))
88 else if (node
.getParent()!= null){
89 return findTargetUuidInTree(targetUuid
, node
.getParent());
95 public boolean evalPermission(Collection
<GrantedAuthority
> authorities
, AuthorityPermission evalPermission
, CdmBase targetDomainObject
){
97 //if user has administrator rights return true;
98 for (GrantedAuthority authority
: authorities
){
99 if (authority
.getAuthority().equals("ALL.ADMIN"))return true;
102 //if targetDomainObject is instance of DescriptionBase or DescriptionElementBase use the DescriptionPermissionEvaluator
103 if (targetDomainObject
instanceof DescriptionElementBase
|| targetDomainObject
instanceof DescriptionBase
){
104 return DescriptionPermissionEvaluator
.hasPermission(authorities
, targetDomainObject
, evalPermission
);
112 for (GrantedAuthority authority
: authorities
){
113 AuthorityPermission authorityPermission
= new AuthorityPermission(authority
.getAuthority());
114 //evaluate authorities
115 //if classnames match or the authorityClassName is ALL, AND the permission matches or is ADMIN the evaluation is successful
116 if ((authorityPermission
.className
.equals(evalPermission
.className
) || authorityPermission
.className
.equals(CdmPermissionClass
.ALL
))
117 && (authorityPermission
.permission
.equals(evalPermission
.permission
)|| authorityPermission
.permission
.equals(CdmPermission
.ADMIN
))){
118 /* if (authorityPermission.targetUuid != null){
126 //if authority is restricted to only one object (and the cascaded objects???)
127 if (authorityPermission
.targetUuid
!= null){
128 if (authorityPermission
.targetUuid
.equals(((CdmBase
)targetDomainObject
).getUuid())){
129 if (authorityPermission
.permission
.equals(evalPermission
.permission
)){
134 //if the user has the rights for a subtree
135 if (authorityPermission
.className
.equals(CdmPermissionClass
.TAXONBASE
) && targetDomainObject
.getClass().getSimpleName().toUpperCase().equals("TaxonNode")){
137 TaxonNode node
= (TaxonNode
)targetDomainObject
;
138 TaxonNode targetNode
= findTargetUuidInTree(authorityPermission
.targetUuid
, node
);
139 if (targetNode
!= null){
140 if (evalPermission
.permission
.equals(authorityPermission
.permission
) ){