1 16 package org.outerj.daisy.books.store.impl; 17 18 import org.outerj.daisy.books.store.BookAcl; 19 import org.outerj.daisy.books.store.BookAclEntry; 20 import org.outerj.daisy.books.store.BookAclSubjectType; 21 import org.outerj.daisy.books.store.BookAclActionType; 22 import org.outerj.daisy.repository.user.Role; 23 24 public class BookAclEvaluator { 25 public static AclResult evaluate(BookAcl acl, long userId, long[] activeRoleIds) { 26 if (hasRole(activeRoleIds, Role.ADMINISTRATOR)) { 27 return new AclResult(true, true); 28 } 29 30 boolean canRead = false; 31 boolean canManage = false; 32 33 BookAclEntry[] entries = acl.getEntries(); 34 for (int i = 0; i < entries.length; i++) { 35 BookAclSubjectType subjectType = entries[i].getSubjectType(); 36 long subjectValue = entries[i].getSubjectValue(); 37 boolean subjectMatch = (subjectType == BookAclSubjectType.EVERYONE) 38 || (subjectType == BookAclSubjectType.USER && subjectValue == userId) 39 || (subjectType == BookAclSubjectType.ROLE && hasRole(activeRoleIds, subjectValue)); 40 if (subjectMatch) { 41 if (entries[i].getReadPermission() != BookAclActionType.NOTHING) 42 canRead = entries[i].getReadPermission() == BookAclActionType.GRANT; 43 if (entries[i].getManagePermission() != BookAclActionType.NOTHING) 44 canManage = entries[i].getManagePermission() == BookAclActionType.GRANT; 45 } 46 } 47 48 if (!canRead) 49 canManage = false; 50 51 return new AclResult(canRead, canManage); 52 } 53 54 private static boolean hasRole(long[] roles, long role) { 55 for (int i = 0; i < roles.length; i++) { 56 if (roles[i] == role) 57 return true; 58 } 59 return false; 60 } 61 } 62 | Popular Tags |