1
|
/**
|
2
|
* Copyright (C) 2009 EDIT
|
3
|
* European Distributed Institute of Taxonomy
|
4
|
* http://www.e-taxonomy.eu
|
5
|
*
|
6
|
* The contents of this file are subject to the Mozilla Public License Version 1.1
|
7
|
* See LICENSE.TXT at the top of this package for the full license terms.
|
8
|
*/
|
9
|
package eu.etaxonomy.cdm.permission;
|
10
|
|
11
|
import java.io.Serializable;
|
12
|
import java.util.Collection;
|
13
|
import java.util.UUID;
|
14
|
|
15
|
import org.apache.log4j.Logger;
|
16
|
import org.springframework.security.access.PermissionEvaluator;
|
17
|
import org.springframework.security.core.Authentication;
|
18
|
import org.springframework.security.core.GrantedAuthority;
|
19
|
|
20
|
import eu.etaxonomy.cdm.model.common.CdmBase;
|
21
|
import eu.etaxonomy.cdm.model.common.User;
|
22
|
import eu.etaxonomy.cdm.model.taxon.TaxonNode;
|
23
|
|
24
|
/**
|
25
|
* @author k.luther
|
26
|
* @date 06.07.2011
|
27
|
*/
|
28
|
public class CdmPermissionEvaluator implements PermissionEvaluator {
|
29
|
protected static final Logger logger = Logger.getLogger(CdmPermissionEvaluator.class);
|
30
|
|
31
|
private class AuthorityPermission{
|
32
|
CdmPermissionClass className;
|
33
|
CdmPermission permission;
|
34
|
UUID targetUuid;
|
35
|
|
36
|
public AuthorityPermission(String className, CdmPermission permission, UUID uuid){
|
37
|
this.className = CdmPermissionClass.getValueOf(className);
|
38
|
this.permission = permission;
|
39
|
targetUuid = uuid;
|
40
|
}
|
41
|
|
42
|
public AuthorityPermission (String authority){
|
43
|
String permissionString;
|
44
|
int firstPoint = authority.indexOf(".");
|
45
|
if (firstPoint == -1){
|
46
|
className = CdmPermissionClass.valueOf(authority);
|
47
|
}else{
|
48
|
className = CdmPermissionClass.valueOf((authority.substring(0, firstPoint)));
|
49
|
int bracket = authority.indexOf("{");
|
50
|
if (bracket == -1){
|
51
|
permissionString = authority.substring(firstPoint+1);
|
52
|
}else{
|
53
|
permissionString = authority.substring(firstPoint+1, bracket);
|
54
|
int secondBracket = authority.indexOf("}");
|
55
|
String uuid = authority.substring(bracket+1, secondBracket);
|
56
|
targetUuid = UUID.fromString(uuid);
|
57
|
}
|
58
|
permission = CdmPermission.valueOf(permissionString.toUpperCase());
|
59
|
}
|
60
|
}
|
61
|
}
|
62
|
|
63
|
|
64
|
public boolean hasPermission(Authentication authentication,
|
65
|
Serializable targetId, String targetType, Object permission) {
|
66
|
logger.info("hasPermission returns false");
|
67
|
// TODO Auto-generated method stub
|
68
|
return false;
|
69
|
}
|
70
|
|
71
|
|
72
|
public boolean hasPermission(Authentication authentication,
|
73
|
Object targetDomainObject, Object permission) {
|
74
|
|
75
|
CdmPermission cdmPermission;
|
76
|
if (!(permission instanceof CdmPermission)){
|
77
|
String permissionString = (String)permission;
|
78
|
if (permissionString.equals("changePassword")){
|
79
|
return (targetDomainObject.equals(((User)authentication.getPrincipal()).getUsername()));
|
80
|
}
|
81
|
cdmPermission = CdmPermission.valueOf(permissionString);
|
82
|
}else {
|
83
|
cdmPermission = (CdmPermission)permission;
|
84
|
}
|
85
|
Collection<GrantedAuthority> authorities = ((User)authentication.getPrincipal()).getAuthorities();
|
86
|
AuthorityPermission evalPermission;
|
87
|
try{
|
88
|
evalPermission = new AuthorityPermission(targetDomainObject.getClass().getSimpleName().toUpperCase(), cdmPermission, ((CdmBase)targetDomainObject).getUuid());
|
89
|
}catch(NullPointerException e){
|
90
|
evalPermission = new AuthorityPermission(targetDomainObject.getClass().getSimpleName().toUpperCase(), cdmPermission, null);
|
91
|
}
|
92
|
//FIXME this is a workaround until the concept of CdmPermissionClass is finally discussed
|
93
|
if (evalPermission.className != null) {
|
94
|
return evalPermission(authorities, evalPermission,
|
95
|
(CdmBase) targetDomainObject);
|
96
|
/*if (evalPermission.className.equals(CdmPermissionClass.USER)) {
|
97
|
return evalPermission(authorities, evalPermission,
|
98
|
(CdmBase) targetDomainObject);
|
99
|
} else {
|
100
|
return true;
|
101
|
}*/
|
102
|
}else{
|
103
|
//FIXME this is a workaround until the concept of CdmPermissionClass is finally discussed
|
104
|
//see also AuthorityPermission constructor
|
105
|
return true;
|
106
|
}
|
107
|
|
108
|
}
|
109
|
|
110
|
private TaxonNode findTargetUuidInTree(UUID targetUuid, TaxonNode node){
|
111
|
if (targetUuid.equals(node.getUuid()))
|
112
|
return node;
|
113
|
else if (node.getParent()!= null){
|
114
|
findTargetUuidInTree(targetUuid, node.getParent());
|
115
|
}
|
116
|
return null;
|
117
|
}
|
118
|
|
119
|
|
120
|
public boolean evalPermission(Collection<GrantedAuthority> authorities, AuthorityPermission evalPermission, CdmBase targetDomainObject){
|
121
|
|
122
|
for (GrantedAuthority authority: authorities){
|
123
|
AuthorityPermission authorityPermission= new AuthorityPermission(authority.getAuthority());
|
124
|
//evaluate authorities
|
125
|
if (authorityPermission.className.equals(evalPermission.className) && authorityPermission.permission.equals(evalPermission.permission)){
|
126
|
if (authorityPermission.targetUuid != null){
|
127
|
//TODO
|
128
|
|
129
|
}else{
|
130
|
return true;
|
131
|
}
|
132
|
|
133
|
}
|
134
|
|
135
|
if (authorityPermission.targetUuid != null){
|
136
|
if (authorityPermission.targetUuid.equals(((CdmBase)targetDomainObject).getUuid())){
|
137
|
if (authorityPermission.permission.equals(evalPermission.permission)){
|
138
|
return true;
|
139
|
}
|
140
|
}
|
141
|
}
|
142
|
|
143
|
if (authorityPermission.className.equals(CdmPermissionClass.TAXONNODE) && targetDomainObject.getClass().getSimpleName().equals(CdmPermissionClass.TAXONNODE)){
|
144
|
//TODO: walk through the tree and look for the uuid
|
145
|
TaxonNode node = (TaxonNode)targetDomainObject;
|
146
|
TaxonNode targetNode = findTargetUuidInTree(authorityPermission.targetUuid, node);
|
147
|
if (targetNode != null){
|
148
|
if (evalPermission.permission.equals(authorityPermission.permission)){
|
149
|
return true;
|
150
|
}
|
151
|
}
|
152
|
}
|
153
|
|
154
|
}
|
155
|
return false;
|
156
|
}
|
157
|
|
158
|
}
|