KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ofbiz > minilang > method > ifops > CheckPermission


1 /*
2  * $Id: CheckPermission.java 6201 2005-11-28 12:24:44Z jonesde $
3  *
4  * Copyright (c) 2001, 2002 The Open For Business Project - www.ofbiz.org
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a
7  * copy of this software and associated documentation files (the "Software"),
8  * to deal in the Software without restriction, including without limitation
9  * the rights to use, copy, modify, merge, publish, distribute, sublicense,
10  * and/or sell copies of the Software, and to permit persons to whom the
11  * Software is furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included
14  * in all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
17  * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
19  * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
20  * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
21  * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
22  * THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23  */

24 package org.ofbiz.minilang.method.ifops;
25
26 import java.util.Iterator JavaDoc;
27 import java.util.LinkedList JavaDoc;
28 import java.util.List JavaDoc;
29 import java.util.Map JavaDoc;
30
31 import org.ofbiz.base.util.UtilProperties;
32 import org.ofbiz.base.util.UtilValidate;
33 import org.ofbiz.base.util.UtilXml;
34 import org.ofbiz.entity.GenericValue;
35 import org.ofbiz.minilang.SimpleMethod;
36 import org.ofbiz.minilang.method.ContextAccessor;
37 import org.ofbiz.minilang.method.MethodContext;
38 import org.ofbiz.minilang.method.MethodOperation;
39 import org.ofbiz.security.Security;
40 import org.w3c.dom.Element JavaDoc;
41
42 /**
43  * Iff the user does not have the specified permission the fail-message
44  * or fail-property sub-elements are used to add a message to the error-list.
45  *
46  * @author <a HREF="mailto:jonesde@ofbiz.org">David E. Jones</a>
47  * @version $Rev: 6201 $
48  * @since 2.0
49  */

50 public class CheckPermission extends MethodOperation {
51     
52     String JavaDoc message = null;
53     String JavaDoc propertyResource = null;
54     boolean isProperty = false;
55     
56     /** If null no partyId env-name will be checked against the userLogin.partyId and accepted as permission */
57     ContextAccessor acceptUlPartyIdEnvNameAcsr = null;
58
59     PermissionInfo permissionInfo;
60     ContextAccessor errorListAcsr;
61     List JavaDoc altPermissions = null;
62
63     public CheckPermission(Element JavaDoc element, SimpleMethod simpleMethod) {
64         super(element, simpleMethod);
65         permissionInfo = new PermissionInfo(element);
66         this.errorListAcsr = new ContextAccessor(element.getAttribute("error-list-name"), "error_list");
67
68         Element JavaDoc acceptUserloginPartyElement = UtilXml.firstChildElement(element, "accept-userlogin-party");
69         if (acceptUserloginPartyElement != null) {
70             acceptUlPartyIdEnvNameAcsr = new ContextAccessor(acceptUserloginPartyElement.getAttribute("party-id-env-name"), "partyId");
71         }
72
73         List JavaDoc altPermElements = UtilXml.childElementList(element, "alt-permission");
74         Iterator JavaDoc apeIter = altPermElements.iterator();
75         if (apeIter.hasNext()) {
76             altPermissions = new LinkedList JavaDoc();
77         }
78         while (apeIter.hasNext()) {
79             Element JavaDoc altPermElement = (Element JavaDoc) apeIter.next();
80             altPermissions.add(new PermissionInfo(altPermElement));
81         }
82
83         Element JavaDoc failMessage = UtilXml.firstChildElement(element, "fail-message");
84         Element JavaDoc failProperty = UtilXml.firstChildElement(element, "fail-property");
85         if (failMessage != null) {
86             this.message = failMessage.getAttribute("message");
87             this.isProperty = false;
88         } else if (failProperty != null) {
89             this.propertyResource = failProperty.getAttribute("resource");
90             this.message = failProperty.getAttribute("property");
91             this.isProperty = true;
92         }
93     }
94
95     public boolean exec(MethodContext methodContext) {
96         boolean hasPermission = false;
97
98         List JavaDoc messages = (List JavaDoc) errorListAcsr.get(methodContext);
99         if (messages == null) {
100             messages = new LinkedList JavaDoc();
101             errorListAcsr.put(methodContext, messages);
102         }
103
104         // if no user is logged in, treat as if the user does not have permission: do not run subops
105
GenericValue userLogin = methodContext.getUserLogin();
106         if (userLogin != null) {
107             Security security = methodContext.getSecurity();
108             if (this.permissionInfo.hasPermission(methodContext, userLogin, security)) {
109                 hasPermission = true;
110             }
111             
112             // if failed, check alternate permissions
113
if (!hasPermission && altPermissions != null) {
114                 Iterator JavaDoc altPermIter = altPermissions.iterator();
115                 while (altPermIter.hasNext()) {
116                     PermissionInfo altPermInfo = (PermissionInfo) altPermIter.next();
117                     if (altPermInfo.hasPermission(methodContext, userLogin, security)) {
118                         hasPermission = true;
119                         break;
120                     }
121                 }
122             }
123         }
124         
125         if (!hasPermission && acceptUlPartyIdEnvNameAcsr != null) {
126             String JavaDoc acceptPartyId = (String JavaDoc) acceptUlPartyIdEnvNameAcsr.get(methodContext);
127             if (UtilValidate.isEmpty(acceptPartyId)) {
128                 // try the parameters Map
129
Map JavaDoc parameters = (Map JavaDoc) methodContext.getEnv("parameters");
130                 if (parameters != null) {
131                     acceptPartyId = (String JavaDoc) acceptUlPartyIdEnvNameAcsr.get(parameters, methodContext);
132                 }
133             }
134             if (UtilValidate.isNotEmpty(acceptPartyId) && UtilValidate.isNotEmpty(userLogin.getString("partyId")) && acceptPartyId.equals(userLogin.getString("partyId"))) {
135                 hasPermission = true;
136             }
137         }
138         
139         if (!hasPermission) {
140             this.addMessage(messages, methodContext);
141         }
142
143         return true;
144     }
145
146     public void addMessage(List JavaDoc messages, MethodContext methodContext) {
147         ClassLoader JavaDoc loader = methodContext.getLoader();
148         
149         String JavaDoc message = methodContext.expandString(this.message);
150         String JavaDoc propertyResource = methodContext.expandString(this.propertyResource);
151         
152         if (!isProperty && message != null) {
153             messages.add(message);
154             // if (Debug.infoOn()) Debug.logInfo("[SimpleMapOperation.addMessage] Adding message: " + message, module);
155
} else if (isProperty && propertyResource != null && message != null) {
156             //String propMsg = UtilProperties.getPropertyValue(UtilURL.fromResource(propertyResource, loader), message);
157
String JavaDoc propMsg = UtilProperties.getMessage(propertyResource, message, methodContext.getEnvMap(), methodContext.getLocale());
158             if (propMsg == null || propMsg.length() == 0) {
159                 messages.add("Simple Method Permission error occurred, but no message was found, sorry.");
160             } else {
161                 messages.add(methodContext.expandString(propMsg));
162             }
163             // if (Debug.infoOn()) Debug.logInfo("[SimpleMapOperation.addMessage] Adding property message: " + propMsg, module);
164
} else {
165             messages.add("Simple Method Permission error occurred, but no message was found, sorry.");
166             // if (Debug.infoOn()) Debug.logInfo("[SimpleMapOperation.addMessage] ERROR: No message found", module);
167
}
168     }
169     
170     public static class PermissionInfo {
171         String JavaDoc permission;
172         String JavaDoc action;
173         
174         public PermissionInfo(Element JavaDoc altPermissionElement) {
175             this.permission = altPermissionElement.getAttribute("permission");
176             this.action = altPermissionElement.getAttribute("action");
177         }
178         
179         public boolean hasPermission(MethodContext methodContext, GenericValue userLogin, Security security) {
180             String JavaDoc permission = methodContext.expandString(this.permission);
181             String JavaDoc action = methodContext.expandString(this.action);
182             
183             if (action != null && action.length() > 0) {
184                 // run hasEntityPermission
185
return security.hasEntityPermission(permission, action, userLogin);
186             } else {
187                 // run hasPermission
188
return security.hasPermission(permission, userLogin);
189             }
190         }
191     }
192
193     public String JavaDoc rawString() {
194         // TODO: add all attributes and other info
195
return "<check-permission/>";
196     }
197     public String JavaDoc expandedString(MethodContext methodContext) {
198         // TODO: something more than a stub/dummy
199
return this.rawString();
200     }
201 }
202
Popular Tags