SecurityRightsImpl


1   /*
2    * Copyright (c) 2001 - 2005 ivata limited.
3    * All rights reserved.
4    * -----------------------------------------------------------------------------
5    * ivata groupware may be redistributed under the GNU General Public
6    * License as published by the Free Software Foundation;
7    * version 2 of the License.
8    *
9    * These programs are free software; you can redistribute them and/or
10   * modify them under the terms of the GNU General Public License
11   * as published by the Free Software Foundation; version 2 of the License.
12   *
13   * These programs are distributed in the hope that they will be useful,
14   * but WITHOUT ANY WARRANTY; without even the implied warranty of
15   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
16   *
17   * See the GNU General Public License in the file LICENSE.txt for more
18   * details.
19   *
20   * If you would like a copy of the GNU General Public License write to
21   *
22   * Free Software Foundation, Inc.
23   * 59 Temple Place - Suite 330
24   * Boston, MA 02111-1307, USA.
25   *
26   *
27   * To arrange commercial support and licensing, contact ivata at
28   *                  http://www.ivata.com/contact.jsp
29   * -----------------------------------------------------------------------------
30   * $Log: SecurityRightsImpl.java,v $
31   * Revision 1.2  2005/04/09 17:19:04  colinmacleod
32   * Changed copyright text to GPL v2 explicitly.
33   *
34   * Revision 1.1.1.1  2005/03/10 17:50:44  colinmacleod
35   * Restructured ivata op around Hibernate/PicoContainer.
36   * Renamed ivata groupware.
37   *
38   * Revision 1.3  2004/11/12 18:17:09  colinmacleod
39   * Ordered imports.
40   *
41   * Revision 1.2  2004/11/12 15:56:45  colinmacleod
42   * Removed dependencies on SSLEXT.
43   * Moved Persistence classes to ivata masks.
44   *
45   * Revision 1.1  2004/07/13 19:41:11  colinmacleod
46   * Moved project to POJOs from EJBs.
47   * Applied PicoContainer to services layer (replacing session EJBs).
48   * Applied Hibernate to persistence layer (replacing entity EJBs).
49   * -----------------------------------------------------------------------------
50   */
51  package com.ivata.groupware.admin.security.right;
52  
53  import com.ivata.groupware.admin.security.server.SecuritySession;
54  import com.ivata.groupware.business.BusinessLogic;
55  import com.ivata.groupware.business.addressbook.person.group.right.RightConstants;
56  import com.ivata.groupware.container.persistence.QueryPersistenceManager;
57  import com.ivata.mask.util.SystemException;
58  
59  
60  /**
61   * <p>Security rights determine what each user can and cannot do within the
62   * security subsystem. If you need to know where a user has sufficient rights
63   * to add, change or remove another user, then  this is the class to tell you.</p>
64   *
65   *
66   * @since 2002-09-08
67   * @author Colin MacLeod
68   * <a HREF='mailto:colin.macleod@ivata.com'>colin.macleod@ivata.com</a>
69   * @version $Revision: 1.2 $
70   */
71  public class SecurityRightsImpl extends BusinessLogic implements SecurityRights {
72      /**
73       * Persistence manger used to store/retrieve data objects.
74       */
75      private QueryPersistenceManager persistenceManager;
76  
77      /**
78       * Construct a new address book rights instance.
79       *
80       * @param persistenceManager used to store objects in db.
81       */
82      public SecurityRightsImpl(QueryPersistenceManager persistenceManager) {
83          this.persistenceManager = persistenceManager;
84      }
85  
86      /**
87       * <p>See if a user has sufficient rights to add user to the system - it's meen to everyOne group.</p>
88       *
89       * @param userName the user who wants to add another user.
90       * @param personId the unique identifier of the person who will be added.
91       * @return <code>true</code> if this action is authorized by the system,
92       * otherwise <code>false</code>.
93       *
94       * @ejb.interface-method
95       *      view-type = "both"
96       */
97      public boolean canAddUser(final SecuritySession securitySession)
98              throws SystemException {
99          return canUser(securitySession, RightConstants.ACCESS_ADD);
100     }
101 
102     /**
103      * <p>See if a user has sufficient rights to amend user in the
104      * system - it's meen in everyone group.</p>
105      *
106      * @param userName the user who wants to add another user.
107      * @param userNameAmend the user who should be amended.
108      * @return <code>true</code> if this action is authorized by the system,
109      * otherwise <code>false</code>.
110      *
111      * @ejb.interface-method
112      *      view-type = "both"
113      */
114     public boolean canAmendUser(final SecuritySession securitySession)
115             throws SystemException {
116         return canUser(securitySession, RightConstants.ACCESS_AMEND);
117     }
118 
119     /**
120      * <p>See if a user has sufficient rights to remove user from the
121      * system - it's meen from everone group.</p>
122      *
123      * @param userName the user who wants to add another user.
124      * @param userNameRemove the user who should be removed.
125      * @return <code>true</code> if this action is authorized by the system,
126      * otherwise <code>false</code>.
127      *
128      * @ejb.interface-method
129      *      view-type = "both"
130      */
131     public boolean canRemoveUser(final SecuritySession securitySession)
132             throws SystemException {
133         return canUser(securitySession, RightConstants.ACCESS_REMOVE);
134     }
135     /**
136      * <p>Internal helper method. Find out if a user is allowed to access
137      * entries in a given group.</p>
138      *
139      * @param userName the name of the user to check the user rights for.
140      * @param groupId the unique identifier of the group to check.
141      * @param access the access level as defined in {@link
142      *      com.ivata.groupware.security.person.group.right.RightConstants
143      *      RightConstants}.
144      * @return <code>true</code> if the user is entitled to access entries in the
145      *      group, otherwise <code>false</code>.
146      */
147     public boolean canUser(final SecuritySession securitySession,
148             final Integer   access)
149             throws SystemException {
150         // for now, everyone can do everything!
151         return true;
152         /* TODO:
153         PersistenceSession persistenceSession =
154             persistenceManager.openSession(securitySession);
155         // see if we're allowed to insert this group into the parent
156         try {
157             Collection tmp = persistenceManager.find(persistenceSession,
158                 "rightByUserNameAccessDetailTargetId",
159                 new Object [] {
160                     securitySession.getUser().getName(),
161                     access,
162                     RightConstants.DETAIL_PERSON_GROUP_MEMBER,
163                     GroupConstants.USER_GROUP
164                 });
165             if (tmp.size() == 0) {
166                 return false;
167             }
168         } catch (FinderException e) {
169             // oops
170             return false;
171         } catch (Exception e) {
172             persistenceSession.cancel();
173             throw new SystemException(e);
174         } finally {
175             persistenceSession.close();
176         }
177         // only return true if we get this far :- )
178         return true;
179         */
180     }
181 }
182
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags