KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jahia > services > acl > JahiaAbstractACL


1 /*
2  * ____.
3  * __/\ ______| |__/\. _______
4  * __ .____| | \ | +----+ \
5  * _______| /--| | | - \ _ | : - \_________
6  * \\______: :---| : : | : | \________>
7  * |__\---\_____________:______: :____|____:_____\
8  * /_____|
9  *
10  * . . . i n j a h i a w e t r u s t . . .
11  *
12  *
13  *
14  * ----- BEGIN LICENSE BLOCK -----
15  * Version: JCSL 1.0
16  *
17  * The contents of this file are subject to the Jahia Community Source License
18  * 1.0 or later (the "License"); you may not use this file except in
19  * compliance with the License. You may obtain a copy of the License at
20  * http://www.jahia.org/license
21  *
22  * Software distributed under the License is distributed on an "AS IS" basis,
23  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
24  * for the rights, obligations and limitations governing use of the contents
25  * of the file. The Original and Upgraded Code is the Jahia CMS and Portal
26  * Server. The developer of the Original and Upgraded Code is JAHIA Ltd. JAHIA
27  * Ltd. owns the copyrights in the portions it created. All Rights Reserved.
28  *
29  * The Shared Modifications are Jahia View Helper.
30  *
31  * The Developer of the Shared Modifications is Jahia Solution Sarl.
32  * Portions created by the Initial Developer are Copyright (C) 2002 by the
33  * Initial Developer. All Rights Reserved.
34  *
35  * Contributor(s):
36  * 13-AUG-2003, Jahia Solutions Sarl: Fulco Houkes
37  *
38  * ----- END LICENSE BLOCK -----
39  */
40
41 package org.jahia.services.acl;
42
43 import java.io.IOException JavaDoc;
44 import java.io.Serializable JavaDoc;
45 import java.util.Arrays JavaDoc;
46 import java.util.Collections JavaDoc;
47 import java.util.List JavaDoc;
48 import java.util.Vector JavaDoc;
49
50 import org.jahia.exceptions.JahiaException;
51 import org.jahia.exceptions.database.JahiaDatabaseException;
52 import org.jahia.registries.ServicesRegistry;
53 import org.jahia.services.usermanager.JahiaGroup;
54 import org.jahia.services.usermanager.JahiaUser;
55
56 /**
57  * Abstract implementation of ACL functionality for public API use. Most of the
58  * implementation of this class delegates to the private JahiaACL class for the
59  * real functionality.
60  *
61  * This class acts as a proxy to the real implementation, so that we can create
62  * instances of this class even if a real ACL doesn't exist yet (for example by
63  * using the create(parentID) method).
64  *
65  * @author Fulco Houkes
66  * @author MAP
67  * @version 1.2
68  */
69 public abstract class JahiaAbstractACL implements Cloneable JavaDoc, Serializable JavaDoc {
70
71     /**
72      * A pseudo-symbol, which indicates that this action is
73      * not assigned in action list.
74      */
75     public static char SYMBOL_EMPTY = '-';
76     
77     /** Reference to the ACL object */
78     protected JahiaACL mACL;
79
80     /** Reference on the ACL Manager Service */
81     private JahiaACLManagerService mACLService;
82
83     protected static volatile char[] sharedActions = null;
84
85     protected static volatile List JavaDoc sharedActionsNames = null;
86     
87     protected Boolean JavaDoc inheritance = null;
88
89     /** Error message constant */
90     private final String JavaDoc INIT_ERROR_MSG = "ACL Object not initialized";
91
92     public static List JavaDoc getActionNames() {
93         if (sharedActionsNames == null)
94             getSharedActions(); // init list
95 return sharedActionsNames;
96     }
97
98     // -------------------------------------------------------------------------
99 // Each of the derived classes should have thier own bit signification,
100 // therefore each derived classe has to define the meaning of each bit.
101 //
102 /**
103      * Return a human understandable desc of the bits.
104      *
105      * @return Return a Vector containing the desc of each bit of the ACL.
106      */
107     public abstract Vector JavaDoc getBitdesc();
108
109     // -------------------------------------------------------------------------
110 /**
111      * Instanciate a new ACL proxy and try to load the specified ACL.
112      *
113      * @param aclID
114      * Identification number of the ACL to be loaded.
115      *
116      * @throws ACLNotFoundException
117      * Throws an exception if the current ACL object was not
118      * initialized correctly.
119      * @throws JahiaException
120      * Throws a JahiaException if the ACL Proxy could not be
121      * initialized properly.
122      */
123     public JahiaAbstractACL(int aclID) throws ACLNotFoundException,
124             JahiaException {
125         init();
126         load(aclID);
127     }
128
129     protected static final char[] getSharedActions() {
130         if (sharedActions == null) {
131             sharedActionsNames = Collections.unmodifiableList(Arrays.asList(new String JavaDoc[]{"Read", "Write", "Admin"}));
132             sharedActions = new char[]{'r', 'w', 'A'};
133         }
134
135         return sharedActions;
136     }
137
138     /**
139      * Instanciates a new empty ACL proxy.
140      *
141      * @throws JahiaException
142      * Throws a JahiaException if the ACL Proxy could not be
143      * initialized properly.
144      */
145     protected JahiaAbstractACL() throws JahiaException {
146         init();
147     }
148
149     /**
150      * Accessor to mACL
151      *
152      * @return the current ACL
153      */
154     protected JahiaACL getACL() {
155         return mACL;
156     }
157
158     // -------------------------------------------------------------------------
159 /**
160      * Create a new ACL object. If the specified parent can not be found, then a
161      * null parent is transmitted to the ACL Manager's creation method.
162      *
163      * @param parentID
164      * Unique identification number of the parent ACL object. Set
165      * this parameter to -1 if there is not parameter.
166      *
167      * @return Return true if the ACL object could be created successfully, or
168      * return false on any failure.
169      *
170      * @throws ACLNotFoundException
171      * @throws JahiaDatabaseException
172      */
173     public synchronized boolean create(int parentID)
174             throws ACLNotFoundException, JahiaDatabaseException {
175         // get the parent ACL reference if found
176 JahiaACL parent = null;
177         if (parentID > 0) {
178             parent = getService().lookupACL(parentID);
179         }
180
181         // Create the new ACL object.
182 mACL = getService().createACL(parent);
183
184         return (mACL != null);
185     }
186
187     // -------------------------------------------------------------------------
188 /**
189      * Destroy the current ACL referenced inside of the ACL proxy. The proxy
190      * itself will be empty, and any further ACL operation on the proxy will
191      * raise a JahiaACLException.
192      *
193      * @return Return true on success or false on any failure.
194      *
195      * @throws JahiaACLException
196      * Throws a JahiaACLException if the current ACL object was not
197      * initialized correctly.
198      */
199     public synchronized boolean delete() throws JahiaACLException {
200         testProxy();
201
202         boolean result = false;
203         synchronized (mACL) {
204             if (getService().deleteACL(mACL)) {
205                 mACL = null;
206                 result = true;
207             }
208         }
209         return result;
210     }
211
212     // -------------------------------------------------------------------------
213 /**
214      * Load the specified ACL into the proxy.
215      *
216      * @param aclID
217      * ACL's unique identification number.
218      *
219      * @throws ACLNotFoundException
220      * Raise this exception when the specified acl could not be
221      * found.
222      * @throws JahiaDatabaseException
223      */
224     public synchronized void load(int aclID) throws ACLNotFoundException,
225             JahiaDatabaseException {
226         mACL = getService().lookupACL(aclID);
227     }
228
229     // -------------------------------------------------------------------------
230 // this function try to get a valid reference on the ACL Manager, needed
231 // for future operations.
232 private void init() throws JahiaException {
233         mACLService = JahiaACLManagerService.getInstance();
234         if (mACLService == null) {
235             throw new JahiaException("JahiaAbstractACL",
236                 "Abstract ACL could not get the ACL Manager Instance.",
237                 JahiaException.SERVICE_ERROR, JahiaException.CRITICAL_SEVERITY);
238         }
239     }
240
241     // -------------------------------------------------------------------------
242 /**
243      * Return the unique identification number of the current ACL object.
244      *
245      * @return Return the unique identification number of the current ACL.
246      *
247      * @throws JahiaACLException
248      * Throws an exception if the current ACL object was not
249      * initialized correctly.
250      */
251     public int getID() throws JahiaACLException {
252         testProxy();
253         return mACL.getID();
254     }
255
256     // -------------------------------------------------------------------------
257 /**
258      * Get the parent ID from the current ACL.
259      *
260      * @return the parent ID from the current ACL.
261      *
262      * @throws JahiaACLException
263      */
264     public int getParentID() throws JahiaACLException {
265         testProxy();
266         return mACL.getParentID();
267     }
268
269     /**
270      * Get the inheritance flag from the current ACL
271      *
272      * @return the ACL inheritance status.
273      *
274      * @throws JahiaACLException
275      */
276     public final int getInheritance() throws JahiaACLException {
277         testProxy();
278         return mACL.getInheritance();
279     }
280
281     /**
282      * Set the inheritance flag to the current ACL and update cache.
283      *
284      * @param inheritance
285      * The inheritance flag (INHERITANCE, NO_INHERITANCE).
286      *
287      * @return true if flag set whithout problem.
288      *
289      * @throws JahiaACLException
290      */
291     public final boolean setInheritance(int inheritance)
292             throws JahiaACLException {
293         testProxy();
294         synchronized (mACL) {
295             JahiaACL newACL = (JahiaACL) mACL.clone();
296             boolean result = newACL.setInheritance(inheritance);
297             getService().updateCache(newACL);
298             mACL = newACL;
299             return result;
300         }
301     }
302
303     // -------------------------------------------------------------------------
304 /**
305      * Return a clone of the user entry in the ACL.
306      *
307      * @param user
308      * The user reference
309      *
310      * @return The user entry clone, or null if the user has no entry in the
311      * ACL.
312      *
313      * @throws JahiaACLException
314      */
315     public JahiaACLEntry getUserEntry(JahiaUser user) throws JahiaACLException {
316         testProxy();
317         return mACL.getUserEntry(user);
318     }
319
320     // -------------------------------------------------------------------------
321 /**
322      * Add a new access for the specified user. If the user is already present
323      * in the ACL object, the access is replaced by the new one.
324      *
325      * @param user
326      * Reference to a non-null user object.
327      * @param entry
328      * Reference to a valid non-null ACL entry.
329      *
330      * @return Return true on success or false on any failure.
331      *
332      * @throws JahiaACLException
333      * Throws an exception if the current ACL object was not
334      * initialized correctly.
335      */
336     public boolean setUserEntry(JahiaUser user, JahiaACLEntry entry)
337             throws JahiaACLException {
338         testProxy();
339         synchronized (mACL) {
340             JahiaACL newACL = (JahiaACL) mACL.clone();
341             boolean result = newACL.setUserEntry(user, entry);
342             getService().updateCache(newACL);
343             mACL = newACL;
344             return result;
345         }
346     }
347
348     // -------------------------------------------------------------------------
349 /**
350      * Remove the user access in the current ACL object.
351      *
352      * @param user
353      * Reference to a non-null user object.
354      *
355      * @return Return true on success or false on any failure.
356      *
357      * @throws JahiaACLException
358      * Throws an exception if the current ACL object was not
359      * initialized correctly.
360      */
361     public boolean removeUserEntry(JahiaUser user) throws JahiaACLException {
362         testProxy();
363         synchronized (mACL) {
364             JahiaACL newACL = (JahiaACL) mACL.clone();
365             boolean result = newACL.removeUserEntry(user);
366             getService().updateCache(newACL);
367             mACL = newACL;
368             return result;
369         }
370     }
371
372     // -------------------------------------------------------------------------
373 /**
374      * Remove all the entries related to users in the current ACL object.
375      *
376      * @return Return true on success or false on any failure.
377      *
378      * @throws JahiaACLException
379      * Throws an exception if the current ACL object was not
380      * initialized correctly.
381      */
382     public boolean removeAllUserEntries() throws JahiaACLException {
383         testProxy();
384         synchronized (mACL) {
385             JahiaACL newACL = (JahiaACL) mACL.clone();
386             boolean result = newACL.clearEntries(JahiaACL.USER_TYPE_ENTRY);
387             getService().updateCache(newACL);
388             mACL = newACL;
389             return result;
390         }
391     }
392
393     // -------------------------------------------------------------------------
394 /**
395      * Same as the other getUsernameList method except that it uses the current
396      * ACL as ParentACLFinder implementation and as the ACLResource
397      *
398      * @see #getUsernameList(ParentACLFinder, ACLResourceInterface,
399      * JahiaACLEntry)
400      *
401      * @param entry
402      * Access rights bits map. Set this parameter to null to get all
403      * the user names regarding their access rights.
404      *
405      * @return Return a Vector holding all the String representation of the
406      * users' usernames. The returned Vector is never null, but if no
407      * user is present in the ACL, it will be empty.
408      *
409      * @throws JahiaACLException
410      * Throws an exception if the current ACL object was not
411      * initialized correctly.
412      */
413
414     public Vector JavaDoc getUsernameList(JahiaACLEntry entry) throws JahiaACLException {
415         testProxy();
416         return mACL.getUsernameList(entry);
417     }
418
419     /**
420      * Return all the user names present in the ACL object having the same
421      * rights as specified.
422      *
423      * @param parentACLFinder
424      * an implementation of the parent ACL finder interface that
425      * allows finding of the parent object for the object passed as
426      * the aclResource parameter.
427      * @param aclResource
428      * the object on which we are working on, to be passed to the
429      * parent ACL finder implementation when looking for it's parent.
430      * @param entry
431      * Access rights bits map. Set this parameter to null to get all
432      * the user names regarding their access rights.
433      *
434      * @return Return a Vector holding all the String representation of the
435      * users' usernames. The returned Vector is never null, but if no
436      * user is present in the ACL, it will be empty.
437      *
438      * @throws JahiaACLException
439      * Throws an exception if the current ACL object was not
440      * initialized correctly.
441      */
442     public Vector JavaDoc getUsernameList(ParentACLFinder parentACLFinder,
443             ACLResourceInterface aclResource, JahiaACLEntry entry)
444             throws JahiaACLException {
445         testProxy();
446         return mACL.getUsernameList(parentACLFinder, aclResource, entry);
447     }
448
449     // -------------------------------------------------------------------------
450 /**
451      * Return a clone of the user entry in the ACL.
452      *
453      * @param group
454      * The group reference
455      *
456      * @return The user entry clone, or null if the user has no entry in the
457      * ACL.
458      *
459      * @throws JahiaACLException
460      */
461     public JahiaACLEntry getGroupEntry(JahiaGroup group)
462             throws JahiaACLException {
463         testProxy();
464         return mACL.getGroupEntry(group);
465     }
466
467     // -------------------------------------------------------------------------
468 /**
469      * Add a new access for the specified group. If the group is already present
470      * in the ACL object, the access is replaced by the new one.
471      *
472      * @param group
473      * Reference to a non-null group object.
474      * @param entry
475      * Reference to a valid non-null ACL entry.
476      *
477      * @return Return true on success or false on any failure.
478      *
479      * @throws JahiaACLException
480      * Throws an exception if the current ACL object was not
481      * initialized correctly.
482      */
483     public boolean setGroupEntry(JahiaGroup group, JahiaACLEntry entry)
484             throws JahiaACLException {
485         testProxy();
486         synchronized (mACL) {
487             JahiaACL newACL = (JahiaACL) mACL.clone();
488             boolean result = newACL.setGroupEntry(group, entry);
489             getService().updateCache(newACL);
490             mACL = newACL;
491             return result;
492         }
493     }
494
495     // -------------------------------------------------------------------------
496 /**
497      * Remove the group access in the current ACL object.
498      *
499      * @param group
500      * Reference to a non-null group object.
501      *
502      * @return Return true on success or false on any failure.
503      *
504      * @throws JahiaACLException
505      * Throws an exception if the current ACL object was not
506      * initialized correctly.
507      */
508     public boolean removeGroupEntry(JahiaGroup group) throws JahiaACLException {
509         testProxy();
510         synchronized (mACL) {
511             JahiaACL newACL = (JahiaACL) mACL.clone();
512             boolean result = newACL.removeGroupEntry(group);
513             getService().updateCache(newACL);
514             mACL = newACL;
515             return result;
516         }
517     }
518
519     // -------------------------------------------------------------------------
520 /**
521      * Remove all the entries related to groups in the current ACL object.
522      *
523      * @return Return true on success or false on any failure.
524      *
525      * @throws JahiaACLException
526      * Throws an exception if the current ACL object was not
527      * initialized correctly.
528      */
529     public boolean removeAllGroupEntries() throws JahiaACLException {
530         testProxy();
531         synchronized (mACL) {
532             JahiaACL newACL = (JahiaACL) mACL.clone();
533             boolean result = newACL.clearEntries(JahiaACL.GROUP_TYPE_ENTRY);
534             getService().updateCache(newACL);
535             mACL = newACL;
536             return result;
537         }
538     }
539
540     // -------------------------------------------------------------------------
541 /**
542      * Same as the other getGroupNameList method except that it uses the current
543      * ACL as ParentACLFinder implementation and as the ACLResource
544      *
545      * @see #getGroupnameList(ParentACLFinder, ACLResourceInterface,
546      * JahiaACLEntry)
547      * @param entry
548      * Access rights bits map. Set this parameter to null to get all
549      * the group names regarding their access rights.
550      * @return Return a Vector holding all the String representation of the
551      * groups' usernames. The returned Vector is never null, but if no
552      * group is present in the ACL, it will be empty.
553      * @throws JahiaACLException
554      * Throws an exception if the current ACL object was not
555      * initialized correctly.
556      */
557     public Vector JavaDoc getGroupnameList(JahiaACLEntry entry)
558             throws JahiaACLException {
559         testProxy();
560         return mACL.getGroupnameList(entry);
561     }
562
563     /**
564      * Return all the group names present in the ACL object having the same
565      * rights as specified.
566      *
567      * @param parentACLFinder
568      * an implementation of the parent ACL finder interface that
569      * allows finding of the parent object for the object passed as
570      * the aclResource parameter.
571      * @param aclResource
572      * the object on which we are working on, to be passed to the
573      * parent ACL finder implementation when looking for it's parent.
574      * @param entry
575      * Access rights bits map. Set this parameter to null to get all
576      * the group names regarding their access rights.
577      *
578      * @return Return a Vector holding all the String representation of the
579      * groups' usernames. The returned Vector is never null, but if no
580      * group is present in the ACL, it will be empty.
581      * @throws JahiaACLException
582      * Throws an exception if the current ACL object was not
583      * initialized correctly.
584      */
585     public Vector JavaDoc getGroupnameList(ParentACLFinder parentACLFinder,
586             ACLResourceInterface aclResource, JahiaACLEntry entry)
587             throws JahiaACLException {
588         testProxy();
589         return mACL.getGroupnameList(parentACLFinder, aclResource, entry);
590     }
591
592     // -------------------------------------------------------------------------
593 /**
594      * Same as the other getGroupnameListNoAdmin method except that it uses the
595      * current ACL as ParentACLFinder implementation and as the ACLResource
596      *
597      * @see #getGroupnameListNoAdmin(ParentACLFinder, ACLResourceInterface,
598      * JahiaACLEntry)
599      *
600      * @param entry
601      * Access rights bits map. Set this parameter to null to get all
602      * the group names regarding their access rights.
603      *
604      * @return Return a Vector holding all the String representation of the
605      * groupnames. The returned Vector is never null, but if no group is
606      * present in the ACL, it will be empty.
607      * @throws JahiaACLException
608      */
609     public Vector JavaDoc getGroupnameListNoAdmin(JahiaACLEntry entry)
610             throws JahiaACLException {
611         testProxy();
612         return mACL.getGroupnameListNoAdmin(entry);
613     }
614
615     /**
616      * Return all the group names present in the ACL object having the same
617      * rights as specified.
618      *
619      * @param parentACLFinder
620      * an implementation of the parent ACL finder interface that
621      * allows finding of the parent object for the object passed as
622      * the aclResource parameter.
623      * @param aclResource
624      * the object on which we are working on, to be passed to the
625      * parent ACL finder implementation when looking for it's parent.
626      * @param entry
627      * Access rights bits map. Set this parameter to null to get all
628      * the group names regarding their access rights.
629      *
630      * @return Return a Vector holding all the String representation of the
631      * groups' usernames. The returned Vector is never null, but if no
632      * group is present in the ACL, it will be empty.
633      * @throws JahiaACLException
634      */
635     public Vector JavaDoc getGroupnameListNoAdmin(ParentACLFinder parentACLFinder,
636             ACLResourceInterface aclResource, JahiaACLEntry entry)
637             throws JahiaACLException {
638         testProxy();
639         return mACL
640             .getGroupnameListNoAdmin(parentACLFinder, aclResource, entry);
641     }
642
643     // -------------------------------------------------------------------------
644 /**
645      * Same as the other getPermission method except that it uses the current
646      * ACL as ParentACLFinder implementation and as the ACLResource
647      *
648      * @see #getPermission(ParentACLFinder, ACLResourceInterface, JahiaACLEntry,
649      * JahiaUser, int)
650      *
651      * @param user
652      * Reference to a non-null user object.
653      * @param permission
654      * Bit index of the requested access, this index should be
655      * defined as a constant in the derived classes.
656      *
657      * @return True if the specified user has the requested rights in the ACL,
658      * or in one of the parent's ACLs.
659      *
660      * @throws JahiaACLException
661      * Throws an exception if the current ACL object was not
662      * initialized correctly.
663      */
664     public boolean getPermission(JahiaUser user, int permission)
665             throws JahiaACLException {
666         testProxy();
667         return mACL.getPermission(user, permission);
668     }
669
670     /**
671      * Check the permission of a given user recursively from the acl tree.
672      *
673      * @param parentACLFinder
674      * an implementation of the parent ACL finder interface that
675      * allows finding of the parent object for the object passed as
676      * the aclResource parameter.
677      * @param aclResource
678      * the object on which we are working on, to be passed to the
679      * parent ACL finder implementation when looking for it's parent.
680      * @param user
681      * Reference to a non-null user object.
682      * @param permission
683      * Bit index of the requested access, this index should be
684      * defined as a constant in the derived classes.
685      *
686      * @return True if the specified user has the requested rights in the ACL,
687      * or in one of the parent's ACLs.
688      * @throws JahiaACLException
689      * Throws an exception if the current ACL object was not
690      * initialized correctly.
691      */
692     public boolean getPermission(ParentACLFinder parentACLFinder,
693             ACLResourceInterface aclResource, JahiaUser user, int permission)
694             throws JahiaACLException {
695         testProxy();
696         return mACL.getPermission(parentACLFinder, aclResource, user,
697             permission);
698     }
699
700     /**
701      * Same as the other getPermission method except that it uses the current
702      * ACL as ParentACLFinder implementation and as the ACLResource
703      *
704      * @see #getPermission(ParentACLFinder, ACLResourceInterface, JahiaACLEntry,
705      * JahiaUser, int, boolean)
706      *
707      * @param user
708      * Reference to a non-null user object.
709      * @param permission
710      * Bit index of the requested access, this index should be
711      * defined as a constant in the derived classes.
712      * @param checkLocaleEntry
713      * if true, check on locale ACL entry.
714      *
715      * @return Return true on success or false on any failure.
716      *
717      * @throws JahiaACLException
718      * Throws an exception if the current ACL object was not
719      * initialized correctly.
720      */
721     public boolean getPermission(JahiaUser user, int permission,
722             boolean checkLocaleEntry) throws JahiaACLException {
723         testProxy();
724         boolean hasPermission = mACL.getPermission(user, permission);
725         if (!hasPermission) {
726             boolean foundAclEntry = false;
727             JahiaACLEntry aclEntry = getUserEntry(user);
728             if (aclEntry == null) {
729                 // we need to investiguate further in group
730
731                 // first we reduce the permission from admin to write, or
732 // from write to read
733 /**
734                  * @todo this is very hardcoded to the existing permissiong and
735                  * might not work with extended permissions
736                  */
737                 aclEntry = new JahiaACLEntry(permission - 1, 0);
738                 Vector JavaDoc v = getGroupnameList(aclEntry);
739                 if (v.size() == 0) {
740                     // if no group permission has been set we assume that
741 // no permission is denied, and therefore return true.
742 // (note:this is the opposite from the default ACL resolution
743 // behavior,where we usually assume that if no permission
744 // exists then it is denied.)
745 hasPermission = true;
746                 } else {
747                     int size = v.size();
748                     String JavaDoc grpName = null;
749                     JahiaGroup grp = null;
750                     for (int i = 0; i < size; i++) {
751                         grpName = (String JavaDoc) v.get(i);
752                         grp = ServicesRegistry.getInstance()
753                             .getJahiaGroupManagerService().lookupGroup(grpName);
754                         if (grp != null) {
755                             if (grp.isMember(user)) {
756                                 JahiaACLEntry grpACLEntry = getGroupEntry(grp);
757                                 if (grpACLEntry != null) {
758                                     foundAclEntry = true;
759                                     break;
760                                 }
761                             }
762                         }
763                     }
764                 }
765             } else {
766                 foundAclEntry = true;
767             }
768             if (!foundAclEntry) {
769                 hasPermission = true;
770             }
771         }
772         return hasPermission;
773     }
774
775     /**
776      * Return true if the specified user has the requested rights in the ACL, or
777      * in one of the parent's ACLs, if not, return true if there is a local ACL
778      * entry with lesser permission.
779      *
780      * This method is used notably in the ContainerListFieldACLs, and is
781      * different from the default getPermission behavior. Basically it will
782      * default to true if NO permission has been set for a user. So for example
783      * if we test if the user has write permission on an object, and that in all
784      * the ACLs (including the parents), no entry exists, then this method will
785      * return true.
786      *
787      * @param parentACLFinder
788      * an implementation of the parent ACL finder interface that
789      * allows finding of the parent object for the object passed as
790      * the aclResource parameter.
791      * @param aclResource
792      * the object on which we are working on, to be passed
793      * @param user
794      * Reference to a non-null user object.
795      * @param permission
796      * Bit index of the requested access, this index should be
797      * defined as a constant in the derived classes.
798      * @param checkLocaleEntry
799      * if true, check on locale ACL entry.
800      *
801      * @return Return true on success or false on any failure.
802      * @throws JahiaACLException
803      * Throws an exception if the current ACL object was not
804      * initialized correctly.
805      */
806     public boolean getPermission(ParentACLFinder parentACLFinder,
807             ACLResourceInterface aclResource, JahiaUser user, int permission,
808             boolean checkLocaleEntry) throws JahiaACLException {
809         testProxy();
810         boolean hasPermission = mACL.getPermission(parentACLFinder,
811             aclResource, user, permission);
812         if (!hasPermission) {
813             boolean foundAclEntry = false;
814             JahiaACLEntry aclEntry = getUserEntry(user);
815             if (aclEntry == null) {
816                 // we need to investiguate further in group
817
818                 // first we reduce the permission from admin to write, or
819 // from write to read
820 /**
821                  * @todo this is very hardcoded to the existing permissiong and
822                  * might not work with extended permissions
823                  */
824                 aclEntry = new JahiaACLEntry(permission - 1, 0);
825                 Vector JavaDoc v = getGroupnameList(aclEntry);
826                 if (v.size() == 0) {
827                     // if no group permission has been set we assume that
828 // no permission is denied, and therefore return true.
829 // (note:this is the opposite from the default ACL resolution
830 // behavior,where we usually assume that if no permission
831 // exists then it is denied.)
832 hasPermission = true;
833                 } else {
834                     int size = v.size();
835                     String JavaDoc grpName = null;
836                     JahiaGroup grp = null;
837                     for (int i = 0; i < size; i++) {
838                         grpName = (String JavaDoc) v.get(i);
839                         grp = ServicesRegistry.getInstance()
840                             .getJahiaGroupManagerService().lookupGroup(grpName);
841                         if (grp != null) {
842                             if (grp.isMember(user)) {
843                                 JahiaACLEntry grpACLEntry = getGroupEntry(grp);
844                                 if (grpACLEntry != null) {
845                                     foundAclEntry = true;
846                                     break;
847                                 }
848                             }
849                         }
850                     }
851                 }
852             } else {
853                 foundAclEntry = true;
854             }
855             if (!foundAclEntry) {
856                 hasPermission = true;
857             }
858         }
859         return hasPermission;
860     }
861
862     // -------------------------------------------------------------------------
863 /**
864      * Same as the other getPermission method except that it uses the current
865      * ACL as ParentACLFinder implementation and as the ACLResource
866      *
867      * @see #getPermission(ParentACLFinder, ACLResourceInterface, JahiaACLEntry,
868      * JahiaGroup, int, boolean)
869      *
870      * @param group
871      * Reference to a non-null group object.
872      * @param permission
873      * Bit index of the requested access, this index should be
874      * defined as a constant in the derived classes.
875      *
876      * @return Return true on success or false on any failure.
877      *
878      * @throws JahiaACLException
879      * Throws an exception if the current ACL object was not
880      * initialized correctly.
881      */
882     public boolean getPermission(JahiaGroup group, int permission)
883             throws JahiaACLException {
884         testProxy();
885         return mACL.getPermission(group, permission);
886     }
887
888     /**
889      * Return true if the specified group has the requested rights in the ACL,
890      * or in one of the parent's ACLs.
891      *
892      * @param parentACLFinder
893      * an implementation of the parent ACL finder interface that
894      * allows finding of the parent object for the object passed as
895      * the aclResource parameter.
896      * @param aclResource
897      * the object on which we are working on, to be passed
898      * @param group
899      * Reference to a non-null group object.
900      * @param permission
901      * Bit index of the requested access, this index should be
902      * defined as a constant in the derived classes.
903      *
904      * @return Return true on success or false on any failure.
905      *
906      * @throws JahiaACLException
907      * Throws an exception if the current ACL object was not
908      * initialized correctly.
909      */
910     public boolean getPermission(ParentACLFinder parentACLFinder,
911             ACLResourceInterface aclResource, JahiaGroup group, int permission)
912             throws JahiaACLException {
913         testProxy();
914         return mACL.getPermission(parentACLFinder, aclResource, group,
915             permission);
916     }
917
918     // -------------------------------------------------------------------------
919 public String JavaDoc toString() {
920         if (mACL == null) {
921             return "-ACL proxy not initialized-";
922         }
923         return mACL.toString();
924     }
925
926     // -------------------------------------------------------------------------
927 /**
928      * Same as the other getUsernameListAlsoGroupUsers method except that it
929      * uses the current ACL as ParentACLFinder implementation and as the
930      * ACLResource
931      *
932      * @see #getUsernameListAlsoGroupUsers(ParentACLFinder,
933      * ACLResourceInterface, JahiaACLEntry)
934      *
935      * @param entry
936      * Access rights bits map. Set this parameter to null to get all
937      * the user names regarding their access rights. Only one bit of
938      * the entry should be set to ACL_YES!
939      *
940      * @return Return a Vector holding all the String representation of the
941      * users' usernames. The returned Vector is never null, but if no
942      * user is present in the ACL, it will be empty.
943      * @throws JahiaACLException
944      * Throws an exception if the current ACL object was not
945      * initialized correctly.
946      */
947     public Vector JavaDoc getUsernameListAlsoGroupUsers(JahiaACLEntry entry)
948             throws JahiaACLException {
949         testProxy();
950         return mACL.getUsernameListAlsoGroupUsers(entry);
951     }
952
953     /**
954      * Return all the user names present in the ACL object having the same
955      * rights as specified, including users members of groups having the same
956      * rights as specified.
957      *
958      * @param parentACLFinder
959      * an implementation of the parent ACL finder interface that
960      * allows finding of the parent object for the object passed as
961      * the aclResource parameter.
962      * @param aclResource
963      * the object on which we are working on, to be passed to the
964      * parent ACL finder implementation when looking for it's parent.
965      * @param entry
966      * Access rights bits map. Set this parameter to null to get all
967      * the user names regarding their access rights. Only one bit of
968      * the entry should be set to ACL_YES!
969      *
970      * @return Return a Vector holding all the String representation of the
971      * users' usernames. The returned Vector is never null, but if no
972      * user is present in the ACL, it will be empty.
973      * @throws JahiaACLException
974      * Throws an exception if the current ACL object was not
975      * initialized correctly.
976      */
977     public Vector JavaDoc getUsernameListAlsoGroupUsers(
978             ParentACLFinder parentACLFinder, ACLResourceInterface aclResource,
979             JahiaACLEntry entry) throws JahiaACLException {
980         testProxy();
981         return mACL.getUsernameListAlsoGroupUsers(parentACLFinder, aclResource,
982             entry);
983     }
984
985     // -------------------------------------------------------------------------
986 private void testProxy() throws JahiaACLException {
987         if (mACL == null) {
988             throw new JahiaACLException(INIT_ERROR_MSG,
989                 JahiaACLException.ACL_NOT_INITIALIZED);
990         }
991     }
992
993     // -------------------------------------------------------------------------
994 /**
995      * Sets the ACL identifier for the parent of the current ACL. This is used
996      * to reparent ACLs and has an immediate effect (ie changes are persisted
997      * immediately), provided the parent does exist.
998      *
999      * @param parentID
1000     * the identifier of the parent ACL
1001     * @throws ACLNotFoundException
1002     * raised in case the parent ACL does not exist. In this case no
1003     * change is persisted.
1004     * @throws JahiaDatabaseException
1005     * in case there was a problem while persisting changes to the
1006     * database.
1007     */
1008    public void setParentID(int parentID) throws ACLNotFoundException,
1009            JahiaDatabaseException {
1010        JahiaACL parentACL = getService().lookupACL(parentID);
1011        synchronized (mACL) {
1012            JahiaACL newACL = (JahiaACL) mACL.clone();
1013            newACL.setParentACL(parentACL);
1014            getService().updateCache(newACL);
1015            mACL = newACL;
1016        }
1017    }
1018
1019    // -------------------------------------------------------------------------
1020 /**
1021     * Make an exact copy of the ACL except the ACL ID.
1022     *
1023     * @return the clone Object
1024     */
1025    public Object JavaDoc clone() {
1026        return mACL.clone();
1027    }
1028
1029    // --------------------------------------------------------------------------
1030 /**
1031     * Return true if the given aclId is in this acl parents path
1032     *
1033     * @param aclId
1034     * the ACL identifier to test for presence in the parents of this
1035     * ACL
1036     *
1037     * @return true if the ACL identifier is present in the parents, false
1038     * otherwise.
1039     */
1040    public boolean isAclInParents(int aclId) {
1041        return this.getACL().isAclInParents(aclId);
1042    }
1043
1044    private void writeObject(java.io.ObjectOutputStream JavaDoc out) throws IOException JavaDoc {
1045        out.writeObject(mACL);
1046    }
1047
1048    private void readObject(java.io.ObjectInputStream JavaDoc in) throws IOException JavaDoc,
1049            ClassNotFoundException JavaDoc {
1050        mACL = (JahiaACL) in.readObject();
1051        mACLService = null;
1052    }
1053
1054    /**
1055     * Used to reconnect to ACL service, notably after an object is
1056     * unserialized. We can't reconnect while unserializing because the services
1057     * might not yet have been initialized yet (as in the case when restoring
1058     * objects from serialized session).
1059     *
1060     * @return JahiaACLManagerService
1061     */
1062    private JahiaACLManagerService getService() {
1063        if (mACLService == null) {
1064            mACLService = ServicesRegistry.getInstance()
1065                .getJahiaACLManagerService();
1066        }
1067        return mACLService;
1068    }
1069}
1070
Popular Tags