Coverage Report

Coverage Report - org.apache.turbine.util.SecurityCheck

Classes in this File

0/63

0/22

 package org.apache.turbine.util;
 
 
 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 
 
 import org.apache.fulcrum.security.SecurityService;
 import org.apache.fulcrum.security.entity.Permission;
 import org.apache.fulcrum.security.entity.Role;
 import org.apache.fulcrum.security.model.turbine.TurbineAccessControlList;
 import org.apache.fulcrum.security.model.turbine.TurbineModelManager;
 import org.apache.fulcrum.security.util.RoleSet;
 import org.apache.fulcrum.security.util.UnknownEntityException;
 import org.apache.turbine.services.TurbineServices;
 
 /**
  * Utility for doing security checks in Screens and Actions.
  *
  * Sample usage:<br>
  *
  * <pre>
  * SecurityCheck mycheck =
  *   new SecurityCheck(data, "Unauthorized to do this!", "WrongPermission");
  * if (!mycheck.hasPermission("add_user");
  *   return;
  *</pre>
  *
  * @author <a href="mailto:mbryson@mindspring.com">Dave Bryson</a>
  * @author <a href="jh@byteaction.de">J&#252;rgen Hoffmann</a>
  * @version $Id: SecurityCheck.java 1819127 2017-12-23 09:32:08Z gk $
  */
 public class SecurityCheck
 {
     private String message;
 
     private String failScreen;
 
     private RunData data = null;
 
     private SecurityService securityService = null;
 
     /**
      * Holds information if a missing Permission or Role should be created and granted on-the-fly.
      * This is good behavior, if these change a lot.
      */
     private boolean initialize;
 
     /**
      * Constructor.
      *
      * @param data A Turbine RunData object.
      * @param message The message to display upon failure.
      * @param failedScreen The screen to redirect to upon failure.
      */
     public SecurityCheck(RunData data,
                          String message,
                          String failedScreen)
     {
         this(data, message, failedScreen, false);
     }
 
     /**
      * Constructor.
      *
      * @param data
      *            A Turbine RunData object.
      * @param message
      *            The message to display upon failure.
      * @param failedScreen
      *            The screen to redirect to upon failure.
      * @param initialize
      *            if a non-existing Permission or Role should be created.
      */
     public SecurityCheck(RunData data, String message, String failedScreen, boolean initialize)
     {
         this.data = data;
         this.message = message;
         this.failScreen = failedScreen;
         this.initialize = initialize;
         this.securityService = (SecurityService)TurbineServices
                     .getInstance()
                     .getService(SecurityService.ROLE);
     }
 
     /**
      * Does the user have this role?
      *
      * @param role A Role.
      * @return True if the user has this role.
      * @throws Exception a generic exception.
      */
     public boolean hasRole(Role role)
             throws Exception
     {
         boolean value = false;
         TurbineAccessControlList acl = data.getACL();
         if (acl == null ||
             !acl.hasRole(role))
         {
             data.setScreen(failScreen);
             data.setMessage(message);
         }
         else
         {
             value = true;
         }
         return value;
     }
 
     /**
      * Does the user have this role?
      *
      * @param role
      *            A String.
      * @return True if the user has this role.
      * @throws Exception
      *                a generic exception.
      */
     public boolean hasRole(String role) throws Exception
     {
         Role roleObject = null;
 
         try
         {
             roleObject = securityService.getRoleManager().getRoleByName(role);
         }
         catch (UnknownEntityException e)
         {
             if(initialize)
             {
                 roleObject = securityService.getRoleManager().getRoleInstance(role);
                 securityService.getRoleManager().addRole(roleObject);
                 TurbineModelManager modelManager = (TurbineModelManager)securityService.getModelManager();
                 if (data.getUser() == null) {
                   throw new UnknownEntityException("user is null");
                 }
                 modelManager.grant(data.getUser().getUserDelegate(), modelManager.getGlobalGroup(), roleObject);
             }
             else
             {
                 throw(e);
             }
         }
 
         return hasRole(roleObject);
     }
 
     /**
      * Does the user have this permission?
      *
      * @param permission A Permission.
      * @return True if the user has this permission.
      * @throws Exception a generic exception.
      */
     public boolean hasPermission(Permission permission)
             throws Exception
     {
         boolean value = false;
         TurbineAccessControlList acl = data.getACL();
         if (acl == null ||
             !acl.hasPermission(permission))
         {
             data.setScreen(failScreen);
             data.setMessage(message);
         }
         else
         {
             value = true;
         }
         return value;
     }
 
     /**
      * Does the user have this permission? If initialize is set to <code>true</code>
      * The permission will be created and granted to the first available Role of
      * the user, that the SecurityCheck is running against.
      *
      * If the User has no Roles, the first Role via SecurityService is granted the
      * permission.
      *
      * @param permission
      *            A String.
      * @return True if the user has this permission.
      * @throws Exception
      *                a generic exception.
      */
     public boolean hasPermission(String permission)
             throws Exception
     {
         Permission permissionObject = null;
         try
         {
             permissionObject = securityService.getPermissionManager().getPermissionByName(permission);
         }
         catch (UnknownEntityException e)
         {
             if(initialize)
             {
                 permissionObject = securityService.getPermissionManager().getPermissionInstance(permission);
                 securityService.getPermissionManager().addPermission(permissionObject);
 
                 Role role = null;
                 TurbineAccessControlList acl = data.getACL();
                 RoleSet roles = acl.getRoles();
                 if(roles.size() > 0)
                 {
                                         role = roles.toArray(new Role[0])[0];
                                 }
 
                 if(role == null)
                 {
                     /*
                      * The User within data has no roles yet, let us grant the permission
                      * to the first role available through SecurityService.
                      */
                     roles = securityService.getRoleManager().getAllRoles();
                     if(roles.size() > 0)
                     {
                                                 role = roles.toArray(new Role[0])[0];
                                         }
                 }
 
                 if(role != null)
                 {
                     /*
                      * If we have no role, there is nothing we can do about it. So only grant it,
                      * if we have a role to grant it to.
                      */
                     TurbineModelManager modelManager = (TurbineModelManager)securityService.getModelManager();
                     modelManager.grant(role, permissionObject);
                 }
             }
             else
             {
                 throw(e);
             }
         }
 
         return hasPermission(permissionObject);
     }
 
     /**
      * Get the message that should be displayed.  This is initialized
      * in the constructor.
      *
      * @return A String.
      */
     public String getMessage()
     {
         return message;
     }
 
     /**
      * Get the screen that should be displayed.  This is initialized
      * in the constructor.
      *
      * @return A String.
      */
     public String getFailScreen()
     {
         return failScreen;
     }
 }

1		package org.apache.turbine.util;
2
3
4		/*
5		* Licensed to the Apache Software Foundation (ASF) under one
6		* or more contributor license agreements. See the NOTICE file
7		* distributed with this work for additional information
8		* regarding copyright ownership. The ASF licenses this file
9		* to you under the Apache License, Version 2.0 (the
10		* "License"); you may not use this file except in compliance
11		* with the License. You may obtain a copy of the License at
12		*
13		* http://www.apache.org/licenses/LICENSE-2.0
14		*
15		* Unless required by applicable law or agreed to in writing,
16		* software distributed under the License is distributed on an
17		* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18		* KIND, either express or implied. See the License for the
19		* specific language governing permissions and limitations
20		* under the License.
21		*/
22
23
24		import org.apache.fulcrum.security.SecurityService;
25		import org.apache.fulcrum.security.entity.Permission;
26		import org.apache.fulcrum.security.entity.Role;
27		import org.apache.fulcrum.security.model.turbine.TurbineAccessControlList;
28		import org.apache.fulcrum.security.model.turbine.TurbineModelManager;
29		import org.apache.fulcrum.security.util.RoleSet;
30		import org.apache.fulcrum.security.util.UnknownEntityException;
31		import org.apache.turbine.services.TurbineServices;
32
33		/**
34		* Utility for doing security checks in Screens and Actions.
35		*
36		* Sample usage:<br>
37		*
38		* <pre>
39		* SecurityCheck mycheck =
40		* new SecurityCheck(data, "Unauthorized to do this!", "WrongPermission");
41		* if (!mycheck.hasPermission("add_user");
42		* return;
43		*</pre>
44		*
45		* @author <a href="mailto:mbryson@mindspring.com">Dave Bryson</a>
46		* @author <a href="jh@byteaction.de">Jürgen Hoffmann</a>
47		* @version $Id: SecurityCheck.java 1819127 2017-12-23 09:32:08Z gk $
48		*/
49		public class SecurityCheck
50		{
51		private String message;
52
53		private String failScreen;
54
55	0	private RunData data = null;
56
57	0	private SecurityService securityService = null;
58
59		/**
60		* Holds information if a missing Permission or Role should be created and granted on-the-fly.
61		* This is good behavior, if these change a lot.
62		*/
63		private boolean initialize;
64
65		/**
66		* Constructor.
67		*
68		* @param data A Turbine RunData object.
69		* @param message The message to display upon failure.
70		* @param failedScreen The screen to redirect to upon failure.
71		*/
72		public SecurityCheck(RunData data,
73		String message,
74		String failedScreen)
75		{
76	0	this(data, message, failedScreen, false);
77	0	}
78
79		/**
80		* Constructor.
81		*
82		* @param data
83		* A Turbine RunData object.
84		* @param message
85		* The message to display upon failure.
86		* @param failedScreen
87		* The screen to redirect to upon failure.
88		* @param initialize
89		* if a non-existing Permission or Role should be created.
90		*/
91		public SecurityCheck(RunData data, String message, String failedScreen, boolean initialize)
92	0	{
93	0	this.data = data;
94	0	this.message = message;
95	0	this.failScreen = failedScreen;
96	0	this.initialize = initialize;
97	0	this.securityService = (SecurityService)TurbineServices
98		.getInstance()
99		.getService(SecurityService.ROLE);
100	0	}
101
102		/**
103		* Does the user have this role?
104		*
105		* @param role A Role.
106		* @return True if the user has this role.
107		* @throws Exception a generic exception.
108		*/
109		public boolean hasRole(Role role)
110		throws Exception
111		{
112	0	boolean value = false;
113	0	TurbineAccessControlList acl = data.getACL();
114	0	if (acl == null \|\|
115		!acl.hasRole(role))
116		{
117	0	data.setScreen(failScreen);
118	0	data.setMessage(message);
119		}
120		else
121		{
122	0	value = true;
123		}
124	0	return value;
125		}
126
127		/**
128		* Does the user have this role?
129		*
130		* @param role
131		* A String.
132		* @return True if the user has this role.
133		* @throws Exception
134		* a generic exception.
135		*/
136		public boolean hasRole(String role) throws Exception
137		{
138	0	Role roleObject = null;
139
140		try
141		{
142	0	roleObject = securityService.getRoleManager().getRoleByName(role);
143		}
144	0	catch (UnknownEntityException e)
145		{
146	0	if(initialize)
147		{
148	0	roleObject = securityService.getRoleManager().getRoleInstance(role);
149	0	securityService.getRoleManager().addRole(roleObject);
150	0	TurbineModelManager modelManager = (TurbineModelManager)securityService.getModelManager();
151	0	if (data.getUser() == null) {
152	0	throw new UnknownEntityException("user is null");
153		}
154	0	modelManager.grant(data.getUser().getUserDelegate(), modelManager.getGlobalGroup(), roleObject);
155	0	}
156		else
157		{
158	0	throw(e);
159		}
160	0	}
161
162	0	return hasRole(roleObject);
163		}
164
165		/**
166		* Does the user have this permission?
167		*
168		* @param permission A Permission.
169		* @return True if the user has this permission.
170		* @throws Exception a generic exception.
171		*/
172		public boolean hasPermission(Permission permission)
173		throws Exception
174		{
175	0	boolean value = false;
176	0	TurbineAccessControlList acl = data.getACL();
177	0	if (acl == null \|\|
178		!acl.hasPermission(permission))
179		{
180	0	data.setScreen(failScreen);
181	0	data.setMessage(message);
182		}
183		else
184		{
185	0	value = true;
186		}
187	0	return value;
188		}
189
190		/**
191		* Does the user have this permission? If initialize is set to <code>true</code>
192		* The permission will be created and granted to the first available Role of
193		* the user, that the SecurityCheck is running against.
194		*
195		* If the User has no Roles, the first Role via SecurityService is granted the
196		* permission.
197		*
198		* @param permission
199		* A String.
200		* @return True if the user has this permission.
201		* @throws Exception
202		* a generic exception.
203		*/
204		public boolean hasPermission(String permission)
205		throws Exception
206		{
207	0	Permission permissionObject = null;
208		try
209		{
210	0	permissionObject = securityService.getPermissionManager().getPermissionByName(permission);
211		}
212	0	catch (UnknownEntityException e)
213		{
214	0	if(initialize)
215		{
216	0	permissionObject = securityService.getPermissionManager().getPermissionInstance(permission);
217	0	securityService.getPermissionManager().addPermission(permissionObject);
218
219	0	Role role = null;
220	0	TurbineAccessControlList acl = data.getACL();
221	0	RoleSet roles = acl.getRoles();
222	0	if(roles.size() > 0)
223		{
224	0	role = roles.toArray(new Role[0])[0];
225		}
226
227	0	if(role == null)
228		{
229		/*
230		* The User within data has no roles yet, let us grant the permission
231		* to the first role available through SecurityService.
232		*/
233	0	roles = securityService.getRoleManager().getAllRoles();
234	0	if(roles.size() > 0)
235		{
236	0	role = roles.toArray(new Role[0])[0];
237		}
238		}
239
240	0	if(role != null)
241		{
242		/*
243		* If we have no role, there is nothing we can do about it. So only grant it,
244		* if we have a role to grant it to.
245		*/
246	0	TurbineModelManager modelManager = (TurbineModelManager)securityService.getModelManager();
247	0	modelManager.grant(role, permissionObject);
248		}
249	0	}
250		else
251		{
252	0	throw(e);
253		}
254	0	}
255
256	0	return hasPermission(permissionObject);
257		}
258
259		/**
260		* Get the message that should be displayed. This is initialized
261		* in the constructor.
262		*
263		* @return A String.
264		*/
265		public String getMessage()
266		{
267	0	return message;
268		}
269
270		/**
271		* Get the screen that should be displayed. This is initialized
272		* in the constructor.
273		*
274		* @return A String.
275		*/
276		public String getFailScreen()
277		{
278	0	return failScreen;
279		}
280		}