1
|
/**
|
2
|
* Copyright (C) 2009 EDIT
|
3
|
* European Distributed Institute of Taxonomy
|
4
|
* http://www.e-taxonomy.eu
|
5
|
*
|
6
|
* The contents of this file are subject to the Mozilla Public License Version 1.1
|
7
|
* See LICENSE.TXT at the top of this package for the full license terms.
|
8
|
*/
|
9
|
package eu.etaxonomy.cdm.permission;
|
10
|
|
11
|
import java.io.Serializable;
|
12
|
import java.util.Collection;
|
13
|
import java.util.UUID;
|
14
|
|
15
|
import org.apache.log4j.Logger;
|
16
|
import org.springframework.security.access.PermissionEvaluator;
|
17
|
import org.springframework.security.core.Authentication;
|
18
|
import org.springframework.security.core.GrantedAuthority;
|
19
|
|
20
|
import eu.etaxonomy.cdm.model.common.CdmBase;
|
21
|
import eu.etaxonomy.cdm.model.common.User;
|
22
|
import eu.etaxonomy.cdm.model.description.DescriptionBase;
|
23
|
import eu.etaxonomy.cdm.model.description.DescriptionElementBase;
|
24
|
import eu.etaxonomy.cdm.model.taxon.TaxonNode;
|
25
|
|
26
|
/**
|
27
|
* @author k.luther
|
28
|
* @date 06.07.2011
|
29
|
*/
|
30
|
public class CdmPermissionEvaluator implements PermissionEvaluator {
|
31
|
protected static final Logger logger = Logger.getLogger(CdmPermissionEvaluator.class);
|
32
|
|
33
|
|
34
|
|
35
|
|
36
|
public boolean hasPermission(Authentication authentication,
|
37
|
Serializable targetId, String targetType, Object permission) {
|
38
|
logger.info("hasPermission returns false");
|
39
|
// TODO Auto-generated method stub
|
40
|
return false;
|
41
|
}
|
42
|
|
43
|
|
44
|
public boolean hasPermission(Authentication authentication,
|
45
|
Object targetDomainObject, Object permission) {
|
46
|
|
47
|
CdmPermission cdmPermission;
|
48
|
if (!(permission instanceof CdmPermission)){
|
49
|
String permissionString = (String)permission;
|
50
|
if (permissionString.equals("changePassword")){
|
51
|
return (targetDomainObject.equals(((User)authentication.getPrincipal()).getUsername()));
|
52
|
}
|
53
|
cdmPermission = CdmPermission.valueOf(permissionString);
|
54
|
}else {
|
55
|
cdmPermission = (CdmPermission)permission;
|
56
|
}
|
57
|
|
58
|
Collection<GrantedAuthority> authorities = ((User)authentication.getPrincipal()).getAuthorities();
|
59
|
AuthorityPermission evalPermission;
|
60
|
try{
|
61
|
//evalPermission = new AuthorityPermission(targetDomainObject.getClass().getSimpleName().toUpperCase(), cdmPermission, ((CdmBase)targetDomainObject).getUuid());
|
62
|
evalPermission = new AuthorityPermission(targetDomainObject, cdmPermission, ((CdmBase)targetDomainObject).getUuid());
|
63
|
}catch(NullPointerException e){
|
64
|
//evalPermission = new AuthorityPermission(targetDomainObject.getClass().getSimpleName().toUpperCase(), cdmPermission, null);
|
65
|
evalPermission = new AuthorityPermission(targetDomainObject, cdmPermission, null);
|
66
|
}
|
67
|
|
68
|
//FIXME this is a workaround until the concept of CdmPermissionClass is finally discussed
|
69
|
if (evalPermission.className != null) {
|
70
|
return evalPermission(authorities, evalPermission,
|
71
|
(CdmBase) targetDomainObject);
|
72
|
/*if (evalPermission.className.equals(CdmPermissionClass.USER)) {
|
73
|
return evalPermission(authorities, evalPermission,
|
74
|
(CdmBase) targetDomainObject);
|
75
|
} else {
|
76
|
return true;
|
77
|
}*/
|
78
|
}else{
|
79
|
//FIXME this is a workaround until the concept of CdmPermissionClass is finally discussed
|
80
|
//see also AuthorityPermission constructor
|
81
|
return true;
|
82
|
}
|
83
|
|
84
|
}
|
85
|
|
86
|
private TaxonNode findTargetUuidInTree(UUID targetUuid, TaxonNode node){
|
87
|
if (targetUuid.equals(node.getUuid()))
|
88
|
return node;
|
89
|
else if (node.getParent()!= null){
|
90
|
return findTargetUuidInTree(targetUuid, node.getParent());
|
91
|
}
|
92
|
return null;
|
93
|
}
|
94
|
|
95
|
|
96
|
public boolean evalPermission(Collection<GrantedAuthority> authorities, AuthorityPermission evalPermission, CdmBase targetDomainObject){
|
97
|
|
98
|
if (targetDomainObject instanceof DescriptionElementBase){
|
99
|
return DescriptionPermissionEvaluator.hasPermission(authorities, (DescriptionElementBase)targetDomainObject, evalPermission);
|
100
|
}
|
101
|
if (targetDomainObject instanceof DescriptionBase){
|
102
|
return DescriptionPermissionEvaluator.hasPermission(authorities, (DescriptionBase)targetDomainObject, evalPermission);
|
103
|
}
|
104
|
for (GrantedAuthority authority: authorities){
|
105
|
AuthorityPermission authorityPermission= new AuthorityPermission(authority.getAuthority());
|
106
|
//evaluate authorities
|
107
|
if ((authorityPermission.className.equals(evalPermission.className) || authorityPermission.className.equals(CdmPermissionClass.ALL))&& (authorityPermission.permission.equals(evalPermission.permission)|| authorityPermission.permission.equals(CdmPermission.ADMIN))){
|
108
|
if (authorityPermission.targetUuid != null){
|
109
|
//TODO
|
110
|
|
111
|
}else{
|
112
|
return true;
|
113
|
}
|
114
|
|
115
|
}
|
116
|
|
117
|
if (authorityPermission.targetUuid != null){
|
118
|
if (authorityPermission.targetUuid.equals(((CdmBase)targetDomainObject).getUuid())){
|
119
|
if (authorityPermission.permission.equals(evalPermission.permission)){
|
120
|
return true;
|
121
|
}
|
122
|
}
|
123
|
}
|
124
|
if (authorityPermission.className.equals(CdmPermissionClass.TAXONNODE) && targetDomainObject.getClass().getSimpleName().toUpperCase().equals(CdmPermissionClass.TAXONNODE.toString())){
|
125
|
|
126
|
TaxonNode node = (TaxonNode)targetDomainObject;
|
127
|
TaxonNode targetNode = findTargetUuidInTree(authorityPermission.targetUuid, node);
|
128
|
if (targetNode != null){
|
129
|
if (evalPermission.permission.equals(authorityPermission.permission) ){
|
130
|
return true;
|
131
|
}
|
132
|
}
|
133
|
}
|
134
|
|
135
|
|
136
|
}
|
137
|
return false;
|
138
|
}
|
139
|
|
140
|
}
|