KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > opencms > security > CmsAccessControlEntry


1 /*
2  * File : $Source: /usr/local/cvs/opencms/src/org/opencms/security/CmsAccessControlEntry.java,v $
3  * Date : $Date: 2006/03/27 14:52:48 $
4  * Version: $Revision: 1.21 $
5  *
6  * This library is part of OpenCms -
7  * the Open Source Content Mananagement System
8  *
9  * Copyright (c) 2005 Alkacon Software GmbH (http://www.alkacon.com)
10  *
11  * This library is free software; you can redistribute it and/or
12  * modify it under the terms of the GNU Lesser General Public
13  * License as published by the Free Software Foundation; either
14  * version 2.1 of the License, or (at your option) any later version.
15  *
16  * This library is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19  * Lesser General Public License for more details.
20  *
21  * For further information about Alkacon Software GmbH, please see the
22  * company website: http://www.alkacon.com
23  *
24  * For further information about OpenCms, please see the
25  * project website: http://www.opencms.org
26  *
27  * You should have received a copy of the GNU Lesser General Public
28  * License along with this library; if not, write to the Free Software
29  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
30  */
31
32 package org.opencms.security;
33
34 import org.opencms.util.CmsUUID;
35
36 import java.util.StringTokenizer JavaDoc;
37
38 /**
39  * An access control entry defines the permissions of a user or group for a distinct resource.<p>
40  *
41  * Besides the <code>CmsPermissionSet</code> to define the permissions, the access control entry
42  * contains the UUID of the resource and of the principal (user or group) who has the defined permissions.
43  * Since the principal is identified by its UUID, any other entity may act as principal also.
44  *
45  * <p>Additionally, the entry stores various flags:<br>
46  * <code>ACCESS_FLAGS_DELETED</code> indicates that this entry is deleted<br>
47  * <code>ACCESS_FLAGS_INHERIT</code> indicates that this entry should be inherited<br>
48  * <code>ACCESS_FLAGS_OVERWRITE</code> indicates that this entry overwrites inherited settings<br>
49  * <code>ACCESS_FLAGS_INHERITED</code> indicates that this entry is inherited<br>
50  * <code>ACCESS_FLAGS_USER</code> indicates that the principal is a single user<br>
51  * <code>ACCESS_FLAGS_GROUP</code> indicates that the principal is a group
52  * </p>
53  *
54  * @author Carsten Weinholz
55  *
56  * @version $Revision: 1.21 $
57  *
58  * @since 6.0.0
59  */
60 public class CmsAccessControlEntry {
61
62     /** Flag to indicate that an access control entry is currently deleted. */
63     public static final int ACCESS_FLAGS_DELETED = 1;
64
65     /** Flag to indicate the pricipal type group. */
66     public static final int ACCESS_FLAGS_GROUP = 32;
67
68     /** Flag to indicate that an access control entry should be inherited. */
69     public static final int ACCESS_FLAGS_INHERIT = 2;
70
71     /** Flag to indicate that an access control entry was inherited (read only). */
72     public static final int ACCESS_FLAGS_INHERITED = 8;
73
74     /** Flag to indicate that an access control entry overwrites inherited entries. */
75     public static final int ACCESS_FLAGS_OVERWRITE = 4;
76
77     /** Flag to indicate that the principal is responsible for the resource. */
78     public static final int ACCESS_FLAGS_RESPONSIBLE = 64;
79
80     /** Flag to indicate the principal type user. */
81     public static final int ACCESS_FLAGS_USER = 16;
82
83     /**
84      * Flags of this access control entry.
85      */
86     private int m_flags;
87
88     /**
89      * The permission set.
90      */
91     private CmsPermissionSetCustom m_permissions;
92
93     /**
94      * Id of the principal.
95      */
96     private CmsUUID m_principal;
97
98     /**
99      * Id of the resource.
100      */
101     private CmsUUID m_resource;
102
103     /**
104      * Constructor to create a new access control entry for a given resource
105      * based on an existing access control entry.<p>
106      *
107      * @param resource the resource
108      * @param base the base for the created access control entry
109      */
110     public CmsAccessControlEntry(CmsUUID resource, CmsAccessControlEntry base) {
111
112         m_resource = resource;
113         m_principal = base.m_principal;
114         m_permissions = base.m_permissions;
115         m_flags = base.m_flags;
116     }
117
118     /**
119      * Constructor to create a new access control entry on a given resource and a given principal.<p>
120      * Permissions are specified as permission set, flags as bitset.
121      *
122      * @param resource the resource
123      * @param principal the id of a principal (user or group)
124      * @param permissions the set of allowed and denied permissions as permission set
125      * @param flags additional flags of the access control entry
126      */
127     public CmsAccessControlEntry(CmsUUID resource, CmsUUID principal, CmsPermissionSet permissions, int flags) {
128
129         m_resource = resource;
130         m_principal = principal;
131         m_permissions = new CmsPermissionSetCustom(permissions);
132         m_flags = flags;
133     }
134
135     /**
136      * Constructor to create a new access control entry on a given resource and a given principal.<p>
137      * Permissions and flags are specified as bitsets.
138      *
139      * @see CmsPermissionSet
140      *
141      * @param resource the resource
142      * @param principal the id of a principal (user or group)
143      * @param allowed the set of allowed permissions
144      * @param denied set set of explicitly denied permissions
145      * @param flags additional flags of the access control entry
146      */
147     public CmsAccessControlEntry(CmsUUID resource, CmsUUID principal, int allowed, int denied, int flags) {
148
149         m_resource = resource;
150         m_principal = principal;
151         m_permissions = new CmsPermissionSetCustom(allowed, denied);
152         m_flags = flags;
153     }
154
155     /**
156      * Constructor to create a new access control entry on a given resource and a given principal.<p>
157      * Permission and flags are specified as string of the format {{+|-}{r|w|v|c|i}}*
158      *
159      * @param resource the resource
160      * @param principal the id of a principal (user or group)
161      * @param acPermissionString allowed and denied permissions and also flags
162      */
163     public CmsAccessControlEntry(CmsUUID resource, CmsUUID principal, String JavaDoc acPermissionString) {
164
165         m_resource = resource;
166         m_principal = principal;
167         m_flags = 0;
168
169         StringTokenizer JavaDoc tok = new StringTokenizer JavaDoc(acPermissionString, "+-", true);
170         StringBuffer JavaDoc permissionString = new StringBuffer JavaDoc();
171
172         while (tok.hasMoreElements()) {
173             String JavaDoc prefix = tok.nextToken();
174             String JavaDoc suffix = tok.nextToken();
175             switch (suffix.charAt(0)) {
176                 case 'I':
177                 case 'i':
178                     if (prefix.charAt(0) == '+') {
179                         m_flags |= CmsAccessControlEntry.ACCESS_FLAGS_INHERIT;
180                     }
181                     if (prefix.charAt(0) == '-') {
182                         m_flags &= ~CmsAccessControlEntry.ACCESS_FLAGS_INHERIT;
183                     }
184                     break;
185                 case 'O':
186                 case 'o':
187                     if (prefix.charAt(0) == '+') {
188                         m_flags |= CmsAccessControlEntry.ACCESS_FLAGS_OVERWRITE;
189                     }
190                     if (prefix.charAt(0) == '-') {
191                         m_flags &= ~CmsAccessControlEntry.ACCESS_FLAGS_OVERWRITE;
192                     }
193                     break;
194                 case 'L':
195                 case 'l':
196                     if (prefix.charAt(0) == '+') {
197                         m_flags |= CmsAccessControlEntry.ACCESS_FLAGS_RESPONSIBLE;
198                     }
199                     if (prefix.charAt(0) == '-') {
200                         m_flags &= ~CmsAccessControlEntry.ACCESS_FLAGS_RESPONSIBLE;
201                     }
202                     break;
203                 default:
204                     permissionString.append(prefix);
205                     permissionString.append(suffix);
206                     break;
207             }
208         }
209
210         m_permissions = new CmsPermissionSetCustom(permissionString.toString());
211     }
212
213     /**
214      * Sets the explicitly denied permissions in the access control entry.<p>
215      *
216      * @param denied the denied permissions as bitset
217      */
218     public void denyPermissions(int denied) {
219
220         m_permissions.denyPermissions(denied);
221     }
222
223     /**
224      * @see java.lang.Object#equals(java.lang.Object)
225      */
226     public boolean equals(Object JavaDoc obj) {
227
228         if (obj == this) {
229             return true;
230         }
231         if (obj instanceof CmsAccessControlEntry) {
232             CmsAccessControlEntry other = (CmsAccessControlEntry)obj;
233             if (other.m_flags != m_flags) {
234                 return false;
235             }
236             if (other.getPermissions().getAllowedPermissions() != getPermissions().getAllowedPermissions()) {
237                 return false;
238             }
239             if (other.getPermissions().getDeniedPermissions() != getPermissions().getDeniedPermissions()) {
240                 return false;
241             }
242             if (!other.m_resource.equals(m_resource)) {
243                 return false;
244             }
245             if (!other.m_principal.equals(m_principal)) {
246                 return false;
247             }
248             return true;
249         }
250         return false;
251     }
252
253     /**
254      * Returns the currently allowed permissions as bitset.<p>
255      *
256      * @return the allowed permissions
257      */
258     public int getAllowedPermissions() {
259
260         return m_permissions.getAllowedPermissions();
261     }
262
263     /**
264      * Returns the currently denied permissions as bitset.<p>
265      *
266      * @return the denied permissions
267      */
268     public int getDeniedPermissions() {
269
270         return m_permissions.getDeniedPermissions();
271     }
272
273     /**
274      * Returns the current flags of the access control entry.<p>
275      *
276      * @return bitset with flag values
277      */
278     public int getFlags() {
279
280         return m_flags;
281     }
282
283     /**
284      * Returns the current permission set (both allowed and denied permissions).<p>
285      *
286      * @return the set of permissions
287      */
288     public CmsPermissionSet getPermissions() {
289
290         return m_permissions;
291     }
292
293     /**
294      * Returns the principal assigned with this access control entry.<p>
295      *
296      * @return the principal
297      */
298     public CmsUUID getPrincipal() {
299
300         return m_principal;
301     }
302
303     /**
304      * Returns the resource assigned with this access control entry.<p>
305      *
306      * @return the resource
307      */
308     public CmsUUID getResource() {
309
310         return m_resource;
311     }
312
313     /**
314      * Returns the string representation of the "responsible" flag.<p>
315      *
316      * @return string of the format {{+|-}l}*
317      */
318     public String JavaDoc getResponsibleString() {
319
320         if (isResponsible()) {
321             return "+l";
322         } else {
323             return "-l";
324         }
325     }
326
327     /**
328      * Sets the allowed permissions in the access control entry.<p>
329      *
330      * @param allowed the allowed permissions as bitset
331      */
332     public void grantPermissions(int allowed) {
333
334         m_permissions.grantPermissions(allowed);
335     }
336
337     /**
338      * @see java.lang.Object#hashCode()
339      */
340     public int hashCode() {
341
342         if (m_permissions != null) {
343             return m_permissions.hashCode() * m_flags;
344         }
345         return CmsUUID.getNullUUID().hashCode();
346     }
347
348     /**
349      * Returns if this access control entry has the inherited flag set.<p>
350      * Note: to check if an access control entry is inherited, also the
351      * resource id and the id of the current resource must be different.
352      *
353      * @return true, if the inherited flag is set
354      */
355     public boolean isInherited() {
356
357         return ((m_flags & CmsAccessControlEntry.ACCESS_FLAGS_INHERITED) > 0);
358     }
359
360     /**
361      * Returns if the principal is responsible for the current resource.<p>
362      *
363      * @return true ,if the principal is responsible for the current resource
364      */
365     public boolean isResponsible() {
366
367         return ((m_flags & CmsAccessControlEntry.ACCESS_FLAGS_RESPONSIBLE) > 0);
368     }
369
370     /**
371      * Resets the given flags in the access control entry.<p>
372      *
373      * @param flags bitset with flag values to reset
374      */
375     public void resetFlags(int flags) {
376
377         m_flags &= ~flags;
378     }
379
380     /**
381      * Sets the given flags in the access control entry.<p>
382      *
383      * @param flags bitset with flag values to set
384      */
385     public void setFlags(int flags) {
386
387         m_flags |= flags;
388     }
389
390     /**
391      * Sets the access flags to identify the given principal type.<p>
392      *
393      * @param principal the principal to set the flags for
394      */
395     public void setFlagsForPrincipal(I_CmsPrincipal principal) {
396
397         setFlags(principal.isGroup() ? CmsAccessControlEntry.ACCESS_FLAGS_GROUP
398         : CmsAccessControlEntry.ACCESS_FLAGS_USER);
399     }
400
401     /**
402      * Sets the allowed and denied permissions of the access control entry.<p>
403      *
404      * @param permissions the set of permissions
405      */
406     public void setPermissions(CmsPermissionSet permissions) {
407
408         m_permissions.setPermissions(permissions);
409     }
410
411     /**
412      * Returns the String representation of this access control entry object.<p>
413      * @see java.lang.Object#toString()
414      */
415     public String JavaDoc toString() {
416
417         return "[Ace:] "
418             + "ResourceId="
419             + m_resource
420             + ", PrincipalId="
421             + m_principal
422             + ", Permissions="
423             + m_permissions.toString()
424             + ", Flags="
425             + m_flags;
426     }
427 }
Popular Tags