KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > opencms > security > CmsRole


1 /*
2  * File : $Source: /usr/local/cvs/opencms/src/org/opencms/security/CmsRole.java,v $
3  * Date : $Date: 2006/03/27 14:52:48 $
4  * Version: $Revision: 1.11 $
5  *
6  * This library is part of OpenCms -
7  * the Open Source Content Mananagement System
8  *
9  * Copyright (c) 2005 Alkacon Software GmbH (http://www.alkacon.com)
10  *
11  * This library is free software; you can redistribute it and/or
12  * modify it under the terms of the GNU Lesser General Public
13  * License as published by the Free Software Foundation; either
14  * version 2.1 of the License, or (at your option) any later version.
15  *
16  * This library is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19  * Lesser General Public License for more details.
20  *
21  * For further information about Alkacon Software GmbH, please see the
22  * company website: http://www.alkacon.com
23  *
24  * For further information about OpenCms, please see the
25  * project website: http://www.opencms.org
26  *
27  * You should have received a copy of the GNU Lesser General Public
28  * License along with this library; if not, write to the Free Software
29  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
30  */
31
32 package org.opencms.security;
33
34 import org.opencms.db.CmsDefaultUsers;
35 import org.opencms.file.CmsGroup;
36 import org.opencms.file.CmsRequestContext;
37 import org.opencms.main.OpenCms;
38
39 import java.util.ArrayList JavaDoc;
40 import java.util.Arrays JavaDoc;
41 import java.util.Collections JavaDoc;
42 import java.util.List JavaDoc;
43
44 /**
45  * A role is used in the OpenCms security system to check if a user has access to a certain system function.<p>
46  *
47  * Roles are used to ensure access permissions to system function that are not file based.
48  * For example, roles are used to check permissions to functions like "the user can schedule a
49  * job in the <code>{@link org.opencms.scheduler.CmsScheduleManager}</code>" or "the user can export (or import)
50  * the OpenCms database".<p>
51  *
52  * All roles are based on <code>{@link org.opencms.file.CmsGroup}</code>. This means to have access to a role,
53  * the user has to be a member in a certain predefined system group. Each role has exactly one group that
54  * contains all "direct" members of this role.<p>
55  *
56  * All roles have (optional) parent roles. If a user not a member of the role group of a role, but he is
57  * a member of at last one of the parent role groups, he/she also has full access to this role. This is called
58  * "indirect" membership to the role.<p>
59  *
60  * Please note that "indirect" membership does grant the user the same full access to a role that "direct"
61  * membership does. For example, the <code>{@link #ADMINISTRATOR}</code> role is a parent group of all other roles.
62  * So all users that are members of <code>{@link #ADMINISTRATOR}</code> have access to the functions of all other roles.<p>
63  *
64  * Please do not perform automated sorting of members on this compilation unit. That leads
65  * to NPE's<p>
66  *
67  * @author Alexander Kandzior
68  *
69  * @version $Revision: 1.11 $
70  *
71  * @since 6.0.0
72  */
73 public final class CmsRole {
74
75     /** The "ADMINISTRATOR" role, which is a parent to all other roles.<p> */
76     public static final CmsRole ADMINISTRATOR = new CmsRole("ADMINISTRATOR", new CmsRole[0]);
77
78     /** The "DEVELOPER" role. */
79     public static final CmsRole DEVELOPER = new CmsRole("DEVELOPER", new CmsRole[] {CmsRole.ADMINISTRATOR});
80
81     /** The "EXPORT_DATABASE" role. */
82     public static final CmsRole EXPORT_DATABASE = new CmsRole("EXPORT_DATABASE", new CmsRole[] {CmsRole.ADMINISTRATOR});
83
84     /** The "HISTORY_MANAGER" role. */
85     public static final CmsRole HISTORY_MANAGER = new CmsRole("HISTORY_MANAGER", new CmsRole[] {CmsRole.ADMINISTRATOR});
86
87     /** The "IMPORT_DATABASE" role. */
88     public static final CmsRole IMPORT_DATABASE = new CmsRole("IMPORT_DATABASE", new CmsRole[] {CmsRole.ADMINISTRATOR});
89
90     /** The "MODULE_MANAGER" role. */
91     public static final CmsRole MODULE_MANAGER = new CmsRole("MODULE_MANAGER", new CmsRole[] {CmsRole.ADMINISTRATOR});
92
93     /** The "PROJECT_MANAGER" role. */
94     public static final CmsRole PROJECT_MANAGER = new CmsRole("PROJECT_MANAGER", new CmsRole[] {CmsRole.ADMINISTRATOR});
95
96     /** The "PROPERTY_MANAGER" role. */
97     public static final CmsRole PROPERTY_MANAGER = new CmsRole(
98         "PROPERTY_MANAGER",
99         new CmsRole[] {CmsRole.ADMINISTRATOR});
100
101     /**
102      * The "RESOURCE_TYPE_MANAGER" role.<p>
103      *
104      * Additional parent: <code>{@link CmsRole#MODULE_MANAGER}</code>.<p>
105      */
106     public static final CmsRole RESOURCE_TYPE_MANAGER = new CmsRole("RESOURCE_TYPE_MANAGER", new CmsRole[] {
107         CmsRole.ADMINISTRATOR,
108         CmsRole.MODULE_MANAGER});
109
110     /** The "ROOT_FOLDER_ACCESS" role. */
111     public static final CmsRole ROOT_FOLDER_ACCESS = new CmsRole(
112         "ROOT_FOLDER_ACCESS",
113         new CmsRole[] {CmsRole.ADMINISTRATOR});
114
115     /** The "SCHEDULER_MANAGER" role. */
116     public static final CmsRole SCHEDULER_MANAGER = new CmsRole(
117         "SCHEDULER_MANAGER",
118         new CmsRole[] {CmsRole.ADMINISTRATOR});
119
120     /** The "SEARCH_MANAGER" role. */
121     public static final CmsRole SEARCH_MANAGER = new CmsRole("SEARCH_MANAGER", new CmsRole[] {CmsRole.ADMINISTRATOR});
122
123     /** The "ACCOUNT_MANAGER" role. */
124     public static final CmsRole ACCOUNT_MANAGER = new CmsRole("ACCOUNT_MANAGER", new CmsRole[] {CmsRole.ADMINISTRATOR});
125
126     /** The "VFS_MANAGER" role. */
127     public static final CmsRole VFS_MANAGER = new CmsRole("VFS_MANAGER", new CmsRole[] {CmsRole.ADMINISTRATOR});
128
129     /**
130      * The "WORKPLACE_MANAGER" role.<p>
131      *
132      * Additional parents: <code>{@link CmsRole#MODULE_MANAGER}</code>, <code>{@link CmsRole#DEVELOPER}</code>.<p>
133      */
134     public static final CmsRole WORKPLACE_MANAGER = new CmsRole("WORKPLACE_MANAGER", new CmsRole[] {
135         CmsRole.ADMINISTRATOR,
136         CmsRole.MODULE_MANAGER,
137         CmsRole.DEVELOPER});
138
139     /** The "WORKPLACE_USER" role. */
140     public static final CmsRole WORKPLACE_USER = new CmsRole("WORKPLACE_USER", new CmsRole[] {CmsRole.ADMINISTRATOR});
141
142     /**
143      * The "SYSTEM_USER" role.<p>
144      *
145      * Additional parents: <code>{@link CmsRole#WORKPLACE_USER}</code>, <code>{@link CmsRole#PROJECT_MANAGER},</code>
146      * <code>{@link CmsRole#DEVELOPER}</code>.<p>
147      */
148     public static final CmsRole SYSTEM_USER = new CmsRole("SYSTEM_USER", new CmsRole[] {
149     // important: this role must be defined _after_ all other roles it refers to
150 CmsRole.ADMINISTRATOR, CmsRole.WORKPLACE_USER, CmsRole.PROJECT_MANAGER, CmsRole.DEVELOPER});
151
152     /** The list of system roles. */
153     private static List JavaDoc m_systemRoles;
154
155     /** The distinct group names of this role. */
156     private Object JavaDoc[] m_distictGroupNames;
157
158     /** The name of the group this role is mapped to in the OpenCms database.*/
159     private String JavaDoc m_groupName;
160
161     /** The parent roles of this role. */
162     private List JavaDoc m_parentRoles;
163
164     /** The name of this role. */
165     private String JavaDoc m_roleName;
166
167     /** Indicates if this role is a system role or a user defined role. */
168     private boolean m_systemRole;
169
170     /**
171      * Creates a user defined role.<p>
172      *
173      * @param roleName the name of this role
174      * @param groupName the name of the group the members of this role are stored in
175      * @param parentRoles the parent roles of this role
176      */
177     public CmsRole(String JavaDoc roleName, String JavaDoc groupName, CmsRole[] parentRoles) {
178
179         m_roleName = roleName;
180         m_groupName = groupName;
181         m_parentRoles = Collections.unmodifiableList(Arrays.asList(parentRoles));
182         m_systemRole = false;
183         initialize();
184     }
185
186     /**
187      * Creates a system role.<p>
188      *
189      * @param roleName the name of this role
190      * @param parentRoles the parent roles of this role
191      */
192     private CmsRole(String JavaDoc roleName, CmsRole[] parentRoles) {
193
194         m_roleName = roleName;
195         m_parentRoles = Collections.unmodifiableList(Arrays.asList(parentRoles));
196         m_systemRole = true;
197     }
198
199     /**
200      * Returns the list of system defined roles (instances of <code>{@link CmsRole}</code>).<p>
201      *
202      * @return the list of system defined roles
203      */
204     public static List JavaDoc getSystemRoles() {
205
206         return m_systemRoles;
207     }
208
209     /**
210      * Initializes the system roles with the configured OpenCms system group names.<p>
211      *
212      * This is done automatically during the system startup phase, any manual calls
213      * later will result in an Exception.<p>
214      *
215      * @param defaultUsers the OpenCms default users
216      *
217      * @throws CmsSecurityException if called outside the system startup phase
218      */
219     public static void initialize(CmsDefaultUsers defaultUsers) throws CmsSecurityException {
220
221         if (OpenCms.getRunLevel() > OpenCms.RUNLEVEL_2_INITIALIZING) {
222             // this method can be called only during the system startup phase
223 throw new CmsSecurityException(Messages.get().container(Messages.ERR_STARTUP_FINISHED_0));
224         }
225
226         // set the configured group names for the system roles
227 ADMINISTRATOR.m_groupName = defaultUsers.getGroupAdministrators();
228         PROJECT_MANAGER.m_groupName = defaultUsers.getGroupProjectmanagers();
229         WORKPLACE_USER.m_groupName = defaultUsers.getGroupUsers();
230
231         // TODO: Don't base all roles only on the "Administrator" group
232 MODULE_MANAGER.m_groupName = defaultUsers.getGroupAdministrators();
233         ACCOUNT_MANAGER.m_groupName = defaultUsers.getGroupAdministrators();
234         EXPORT_DATABASE.m_groupName = defaultUsers.getGroupAdministrators();
235         IMPORT_DATABASE.m_groupName = defaultUsers.getGroupAdministrators();
236         DEVELOPER.m_groupName = defaultUsers.getGroupAdministrators();
237         SCHEDULER_MANAGER.m_groupName = defaultUsers.getGroupAdministrators();
238         SEARCH_MANAGER.m_groupName = defaultUsers.getGroupAdministrators();
239         VFS_MANAGER.m_groupName = defaultUsers.getGroupAdministrators();
240         RESOURCE_TYPE_MANAGER.m_groupName = defaultUsers.getGroupAdministrators();
241         HISTORY_MANAGER.m_groupName = defaultUsers.getGroupAdministrators();
242         PROPERTY_MANAGER.m_groupName = defaultUsers.getGroupAdministrators();
243         ROOT_FOLDER_ACCESS.m_groupName = defaultUsers.getGroupAdministrators();
244         WORKPLACE_MANAGER.m_groupName = defaultUsers.getGroupAdministrators();
245         SYSTEM_USER.m_groupName = defaultUsers.getGroupUsers();
246
247         // create a lookup list for the system roles
248 m_systemRoles = Collections.unmodifiableList(Arrays.asList(new CmsRole[] {
249             ADMINISTRATOR,
250             PROJECT_MANAGER,
251             WORKPLACE_USER,
252             MODULE_MANAGER,
253             ACCOUNT_MANAGER,
254             EXPORT_DATABASE,
255             IMPORT_DATABASE,
256             DEVELOPER,
257             SCHEDULER_MANAGER,
258             SEARCH_MANAGER,
259             VFS_MANAGER,
260             RESOURCE_TYPE_MANAGER,
261             HISTORY_MANAGER,
262             PROPERTY_MANAGER,
263             ROOT_FOLDER_ACCESS,
264             WORKPLACE_MANAGER,
265             SYSTEM_USER}));
266
267         // now initilaize all system roles
268 for (int i = 0; i < m_systemRoles.size(); i++) {
269             ((CmsRole)m_systemRoles.get(i)).initialize();
270         }
271     }
272
273     /**
274      * Returns <code>true</code> if the role group of this role (not the groups from the parent roles)
275      * matches a name of one of the given groups.<p>
276      *
277      * This check is required only to find out if a user is a direct member of the role group of
278      * this role. It should never be used for permission checks. For all permission checks, use
279      * <code>{@link #hasRole(List)}</code>.<p>
280      *
281      * @param groups a List of <code>{@link CmsGroup}</code> instances to match this role group against
282      * @return <code>true</code> if the role group of this role (not the groups from the parent roles)
283      * matches a name of one of the given groups
284      */
285     public boolean checkDirectAccess(List JavaDoc groups) {
286
287         for (int i = 0; i < groups.size(); i++) {
288             if (m_groupName.equals(((CmsGroup)groups.get(i)).getName())) {
289                 return true;
290             }
291         }
292         return false;
293     }
294
295     /**
296      * Returns a role violation exception configured with a localized, role specific message
297      * for this role.<p>
298      *
299      * @param context the current users OpenCms request context
300      *
301      * @return a role violation exception configured with a localized, role specific message
302      * for this role
303      */
304     public CmsRoleViolationException createRoleViolationException(CmsRequestContext context) {
305
306         String JavaDoc roleName;
307         if (m_systemRole) {
308             // localize role names for system roles
309 roleName = Messages.get().getBundle(context.getLocale()).key("GUI_ROLENAME_" + m_roleName + "_0");
310         } else {
311             roleName = getRoleName();
312         }
313         return new CmsRoleViolationException(Messages.get().container(
314             Messages.ERR_NOT_IN_ROLE_2,
315             context.currentUser().getName(),
316             roleName));
317     }
318
319     /**
320      * @see java.lang.Object#equals(java.lang.Object)
321      */
322     public boolean equals(Object JavaDoc obj) {
323
324         if (obj == this) {
325             return true;
326         }
327         if (obj instanceof CmsRole) {
328             return m_roleName.equals(((CmsRole)obj).m_roleName);
329         }
330         return false;
331     }
332
333     /**
334      * Returns the name of the group this role is mapped to in the OpenCms database.<p>
335      *
336      * @return the name of the group this role is mapped to in the OpenCms database
337      */
338     public String JavaDoc getGroupName() {
339
340         return m_groupName;
341     }
342
343     /**
344      * Returns the (unmodifialble) List of parent roles of this role (instances of <code>{@link CmsRole}</code>.<p>
345      *
346      * @return the (unmodifialble) List of parent roles of this role
347      */
348     public List JavaDoc getParentRoles() {
349
350         return m_parentRoles;
351     }
352
353     /**
354      * Returns the name of the role.<p>
355      *
356      * @return the name of the role
357      */
358     public String JavaDoc getRoleName() {
359
360         return m_roleName;
361     }
362
363     /**
364      * @see java.lang.Object#hashCode()
365      */
366     public int hashCode() {
367
368         return m_roleName.hashCode();
369     }
370
371     /**
372      * Returns <code>true</code> if at last one of the given <code>{@link CmsGroup}</code> instances is
373      * equal to a group of this role.<p>
374      *
375      * This checks the given list against the role group of this role as well as against the role group
376      * of all parent roles.<p>
377      *
378      * @param groups a List of <code>{@link CmsGroup}</code> instances to match the role groups against
379      * @return <code>true</code> if at last one of the given group names is equal to a group name
380      * of this role
381      */
382     public boolean hasRole(List JavaDoc groups) {
383
384         String JavaDoc[] groupNames = new String JavaDoc[groups.size()];
385         for (int i = 0; i < groups.size(); i++) {
386             groupNames[i] = ((CmsGroup)groups.get(i)).getName();
387         }
388         return hasRole(groupNames);
389     }
390
391     /**
392      * Returns <code>true</code> if at last one of the given group names is equal to a group name
393      * of this role.<p>
394      *
395      * This checks the given list against the role group of this role as well as against the role group
396      * of all parent roles.<p>
397      *
398      * @param groupNames the group names to match the role groups against
399      * @return <code>true</code> if at last one of the given group names is equal to a group name
400      * of this role
401      */
402     public boolean hasRole(String JavaDoc[] groupNames) {
403
404         for (int i = 0; i < m_distictGroupNames.length; i++) {
405             for (int j = 0; j < groupNames.length; j++) {
406                 if (m_distictGroupNames[i].equals(groupNames[j])) {
407                     return true;
408                 }
409             }
410         }
411         return false;
412     }
413
414     /**
415      * @see java.lang.Object#toString()
416      */
417     public String JavaDoc toString() {
418
419         StringBuffer JavaDoc result = new StringBuffer JavaDoc();
420
421         result.append("[");
422         result.append(this.getClass().getName());
423         result.append(", role: ");
424         result.append(getRoleName());
425         result.append(", group: ");
426         result.append(getGroupName());
427         result.append("]");
428
429         return result.toString();
430     }
431
432     /**
433      * Initializes this role, creating an optimized data structure for
434      * the lookup of the role group names.<p>
435      */
436     private void initialize() {
437
438         // calculate the distinct groups of this role
439 ArrayList JavaDoc distinctGroups = new ArrayList JavaDoc();
440         distinctGroups.add(getGroupName());
441         for (int i = 0; i < m_parentRoles.size(); i++) {
442             String JavaDoc name = ((CmsRole)m_parentRoles.get(i)).getGroupName();
443             if (!distinctGroups.contains(name)) {
444                 distinctGroups.add(name);
445             }
446         }
447         m_distictGroupNames = distinctGroups.toArray();
448     }
449 }
Popular Tags