KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > cofax > cms > CofaxToolsSecurity


1 /*
2  * CofaxToolsSecurity is part of the Cofax content management system library.
3  *
4  * This library is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU Lesser General Public
6  * License as published by the Free Software Foundation; either
7  * version 2.1 of the License, or (at your option) any later version.
8  *
9  * This library is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * Lesser General Public License for more details.
13  *
14  * You should have received a copy of the GNU Lesser General Public
15  * License along with this library; if not, write to the Free Software
16  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17  *
18  * Please see http://www.cofax.org for contact information and other related informaion.
19  *
20  * $Header: /cvsroot/cofax/cofax/src/org/cofax/cms/CofaxToolsSecurity.java,v 1.8.2.1 2006/12/11 16:28:22 fxrobin Exp $
21  */
22
23 package org.cofax.cms;
24
25 import org.cofax.*;
26 import javax.servlet.http.*;
27 import java.util.*;
28
29 /**
30  * CofaxToolsSecurity: CofaxToolsSecurity handles Security for CofaxTools.
31  * Checks are run against the modes table in the database according to the
32  * user's groups and current publication. Returns true if user has permissions,
33  * false if they don't.
34  *
35  * @author Charles Harvey
36  */
37
38 public class CofaxToolsSecurity {
39
40     /**
41      * Runs current mode request against user permissions and determines if they
42      * are allowed to complete action.
43      *
44      */
45     public static boolean checkPermissions(DataStore db, HttpSession session, String JavaDoc mode) {
46         CofaxToolsUser user = (CofaxToolsUser) session.getAttribute("user");
47         String JavaDoc currentPub = user.workingPub;
48         Vector groups = new Vector();
49
50         HashMap fillReq = new HashMap();
51         fillReq.put("MODES", mode);
52         String JavaDoc tag = CofaxToolsDbUtils.fillTag(db, "getTypeFromModes");
53         Vector modePermissions = CofaxToolsDbUtils.getPackageVector(db, fillReq, tag);
54
55         Iterator it = modePermissions.iterator();
56
57         // get user hash of pubID, groupType
58 Vector pubPermissions = user.userPubsVectorOHash;
59
60         Iterator pubI = pubPermissions.iterator();
61
62         while (pubI.hasNext()) {
63             Object JavaDoc o = pubI.next();
64             HashMap ht = (HashMap) o;
65             Iterator en = ht.keySet().iterator();
66             while (en.hasNext()) {
67                 String JavaDoc name = (String JavaDoc) en.next();
68                 String JavaDoc value = (String JavaDoc) ht.get(name);
69                 // If workingPub == current pub then get the group value and
70 // toss it into a vector
71 if (name.equals(currentPub)) {
72                     groups.add(value);
73                 }
74             }
75
76         }
77
78         boolean hasPermission = false;
79
80         Iterator modePermI = modePermissions.iterator();
81         // take Vector of groupTypes from both locations and iterate through
82 // them to look for a match
83
84         while (modePermI.hasNext()) {
85             String JavaDoc one = modePermI.next().toString();
86             Iterator groupPermI = groups.iterator();
87             while (groupPermI.hasNext()) {
88                 String JavaDoc two = groupPermI.next().toString();
89                 if (one.equals(two)) {
90                     hasPermission = true;
91                 }
92             }
93         }
94         return hasPermission;
95     }
96
97     /**
98      * determines if the user can edit a section
99      *
100      */
101     public static boolean checkSectionEdition(DataStore db, HttpSession session, String JavaDoc mappingCode) {
102         CofaxToolsUser user = (CofaxToolsUser) session.getAttribute("user");
103         String JavaDoc userID = (String JavaDoc) user.userInfoHash.get("USERID");
104         boolean hasPermission = false;
105
106         HashMap ht = new HashMap();
107         StringBuffer JavaDoc v_s = new StringBuffer JavaDoc();
108         v_s.append("select manager from tblpermusersection where userID='" + userID + "' and mappingCode='" + mappingCode + "' and manager=1");
109         List isManager = CofaxToolsDbUtils.getPackageData(db, ht, v_s.toString());
110         Iterator it = isManager.iterator();
111         if (it.hasNext()) {
112             hasPermission = true;
113         }
114
115         return hasPermission;
116     }
117
118     /**
119      * determines if the user can edit an article
120      *
121      */
122     public static boolean checkArticleEdition(DataStore db, HttpSession session, String JavaDoc itemID) {
123         CofaxToolsUser user = (CofaxToolsUser) session.getAttribute("user");
124         String JavaDoc userID = (String JavaDoc) user.userInfoHash.get("USERID");
125         boolean hasPermission = false;
126
127         HashMap ht = new HashMap();
128         StringBuffer JavaDoc v_s = new StringBuffer JavaDoc();
129         v_s.append("select manager from tblpermusersection AS PUS, tblarticles AS A, tblsections AS S ").append(
130                 "where PUS.userID='" + userID + "' and PUS.mappingCode=S.mappingCode ").append(
131                 "AND A.itemID=" + itemID + " AND A.section=S.section AND A.pubName=S.pubName ");
132         List isManager = CofaxToolsDbUtils.getPackageData(db, ht, v_s.toString());
133         Iterator it = isManager.iterator();
134         if (it.hasNext()) {
135             hasPermission = true;
136         }
137
138         return hasPermission;
139     }
140
141     /**
142      * determines if the user can write articles in the section
143      *
144      */
145     public static boolean checkSectionWriteIn(DataStore db, HttpSession session, String JavaDoc mappingCode) {
146         CofaxToolsUser user = (CofaxToolsUser) session.getAttribute("user");
147         String JavaDoc userID = (String JavaDoc) user.userInfoHash.get("USERID");
148         boolean hasPermission = false;
149
150         HashMap ht = new HashMap();
151         StringBuffer JavaDoc v_s = new StringBuffer JavaDoc();
152         v_s.append("select manager from tblpermusersection where userID='" + userID + "' and mappingCode='" + mappingCode + "'");
153         List isManager = CofaxToolsDbUtils.getPackageData(db, ht, v_s.toString());
154         Iterator it = isManager.iterator();
155         if (it.hasNext()) {
156             hasPermission = true;
157         }
158
159         return hasPermission;
160     }
161 }
162
Popular Tags