BGBM BDI Projects / cdmlib.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
remove unnecessary failing import
[cdmlib.git] / cdmlib-persistence / src / main / java / eu / etaxonomy / cdm / persistence / hibernate / permission / CdmPermissionEvaluator.java
1 /**
2 * Copyright (C) 2009 EDIT
3 * European Distributed Institute of Taxonomy
4 * http://www.e-taxonomy.eu
5 *
6 * The contents of this file are subject to the Mozilla Public License Version 1.1
7 * See LICENSE.TXT at the top of this package for the full license terms.
8 */
9 package eu.etaxonomy.cdm.persistence.hibernate.permission;
10
11 import java.io.Serializable;
12 import java.util.Collection;
13 import java.util.UUID;
14
15 import org.apache.log4j.Logger;
16 import org.springframework.security.access.PermissionEvaluator;
17 import org.springframework.security.core.Authentication;
18 import org.springframework.security.core.GrantedAuthority;
19
20 import eu.etaxonomy.cdm.model.common.CdmBase;
21 import eu.etaxonomy.cdm.model.common.User;
22 import eu.etaxonomy.cdm.model.description.DescriptionBase;
23 import eu.etaxonomy.cdm.model.description.DescriptionElementBase;
24 import eu.etaxonomy.cdm.model.taxon.TaxonNode;
25
26 /**
27 * @author k.luther
28 * @date 06.07.2011
29 */
30 public class CdmPermissionEvaluator implements PermissionEvaluator {
31 protected static final Logger logger = Logger.getLogger(CdmPermissionEvaluator.class);
32
33
34
35
36 public boolean hasPermission(Authentication authentication,
37 Serializable targetId, String targetType, Object permission) {
38 logger.info("hasPermission returns false");
39 // TODO Auto-generated method stub
40 return false;
41 }
42
43
44 public boolean hasPermission(Authentication authentication,
45 Object targetDomainObject, Object permission) {
46
47
48 AuthorityPermission evalPermission;
49 CdmPermission cdmPermission;
50 if (!(permission instanceof CdmPermission)){
51 String permissionString = (String)permission;
52 if (permissionString.equals("changePassword")){
53 if (targetDomainObject.equals(((User)authentication.getPrincipal())))return true;
54 else{
55 cdmPermission = CdmPermission.ADMIN;
56 }
57 }else{
58 cdmPermission = CdmPermission.valueOf(permissionString);
59 }
60 }else {
61 cdmPermission = (CdmPermission)permission;
62 }
63
64 Collection<GrantedAuthority> authorities = ((User)authentication.getPrincipal()).getAuthorities();
65
66 try{
67 //evalPermission = new AuthorityPermission(targetDomainObject.getClass().getSimpleName().toUpperCase(), cdmPermission, ((CdmBase)targetDomainObject).getUuid());
68 evalPermission = new AuthorityPermission(targetDomainObject, cdmPermission, ((CdmBase)targetDomainObject).getUuid());
69 }catch(NullPointerException e){
70 //evalPermission = new AuthorityPermission(targetDomainObject.getClass().getSimpleName().toUpperCase(), cdmPermission, null);
71 evalPermission = new AuthorityPermission(targetDomainObject, cdmPermission, null);
72 }
73
74
75 if (evalPermission.className != null) {
76 return evalPermission(authorities, evalPermission,
77 (CdmBase) targetDomainObject);
78
79 }else{
80 return true;
81 }
82
83 }
84
85 private TaxonNode findTargetUuidInTree(UUID targetUuid, TaxonNode node){
86 if (targetUuid.equals(node.getUuid()))
87 return node;
88 else if (node.getParent()!= null){
89 return findTargetUuidInTree(targetUuid, node.getParent());
90 }
91 return null;
92 }
93
94
95 public boolean evalPermission(Collection<GrantedAuthority> authorities, AuthorityPermission evalPermission, CdmBase targetDomainObject){
96
97 //if user has administrator rights return true;
98 for (GrantedAuthority authority: authorities){
99 if (authority.getAuthority().equals("ALL.ADMIN"))return true;
100 }
101
102 //if targetDomainObject is instance of DescriptionBase or DescriptionElementBase use the DescriptionPermissionEvaluator
103 if (targetDomainObject instanceof DescriptionElementBase || targetDomainObject instanceof DescriptionBase){
104 return DescriptionPermissionEvaluator.hasPermission(authorities, targetDomainObject, evalPermission);
105 }
106
107
108
109
110
111
112 for (GrantedAuthority authority: authorities){
113 AuthorityPermission authorityPermission= new AuthorityPermission(authority.getAuthority());
114 //evaluate authorities
115 //if classnames match or the authorityClassName is ALL, AND the permission matches or is ADMIN the evaluation is successful
116 if ((authorityPermission.className.equals(evalPermission.className) || authorityPermission.className.equals(CdmPermissionClass.ALL))
117 && (authorityPermission.permission.equals(evalPermission.permission)|| authorityPermission.permission.equals(CdmPermission.ADMIN))){
118 /* if (authorityPermission.targetUuid != null){
119 //TODO
120
121 }else{*/
122 return true;
123 //}
124
125 }
126 //if authority is restricted to only one object (and the cascaded objects???)
127 if (authorityPermission.targetUuid != null){
128 if (authorityPermission.targetUuid.equals(((CdmBase)targetDomainObject).getUuid())){
129 if (authorityPermission.permission.equals(evalPermission.permission)){
130 return true;
131 }
132 }
133 }
134 //if the user has the rights for a subtree
135 if (authorityPermission.className.equals(CdmPermissionClass.TAXONBASE) && targetDomainObject.getClass().getSimpleName().toUpperCase().equals("TaxonNode")){
136
137 TaxonNode node = (TaxonNode)targetDomainObject;
138 TaxonNode targetNode = findTargetUuidInTree(authorityPermission.targetUuid, node);
139 if (targetNode != null){
140 if (evalPermission.permission.equals(authorityPermission.permission) ){
141 return true;
142 }
143 }
144 }
145
146
147 }
148 return false;
149 }
150
151 }