Coverage Report - org.apache.turbine.util.template.TemplateSecurityCheck
 
Classes in this File Line Coverage Branch Coverage Complexity
TemplateSecurityCheck
0%
0/43
0%
0/14
1,818
 
 1  
 package org.apache.turbine.util.template;
 2  
 
 3  
 
 4  
 /*
 5  
  * Licensed to the Apache Software Foundation (ASF) under one
 6  
  * or more contributor license agreements.  See the NOTICE file
 7  
  * distributed with this work for additional information
 8  
  * regarding copyright ownership.  The ASF licenses this file
 9  
  * to you under the Apache License, Version 2.0 (the
 10  
  * "License"); you may not use this file except in compliance
 11  
  * with the License.  You may obtain a copy of the License at
 12  
  *
 13  
  *   http://www.apache.org/licenses/LICENSE-2.0
 14  
  *
 15  
  * Unless required by applicable law or agreed to in writing,
 16  
  * software distributed under the License is distributed on an
 17  
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 18  
  * KIND, either express or implied.  See the License for the
 19  
  * specific language governing permissions and limitations
 20  
  * under the License.
 21  
  */
 22  
 
 23  
 
 24  
 import org.apache.fulcrum.security.entity.Permission;
 25  
 import org.apache.fulcrum.security.entity.Role;
 26  
 import org.apache.fulcrum.security.model.turbine.TurbineAccessControlList;
 27  
 import org.apache.fulcrum.security.model.turbine.TurbineUserManager;
 28  
 import org.apache.turbine.Turbine;
 29  
 import org.apache.turbine.TurbineConstants;
 30  
 import org.apache.turbine.services.TurbineServices;
 31  
 import org.apache.turbine.services.template.TemplateService;
 32  
 import org.apache.turbine.util.RunData;
 33  
 
 34  
 /**
 35  
  * Utility class to help check for proper authorization when using
 36  
  * template screens.  Sample usages:
 37  
  *
 38  
  * <p><pre>
 39  
  * TemplateSecurityCheck secCheck = new TemplateSecurityCheck( data );
 40  
  * secCheck.setMessage( "Sorry, you do not have permission to " +
 41  
  *                      "access this area." );
 42  
  * secCheck.setFailTemplate("login.wm");
 43  
  * if ( !secCheck.hasRole("ADMIN") )
 44  
  *     return;
 45  
  * </pre>
 46  
  *
 47  
  * @author <a href="mbryson@mont.mindspring.com">Dave Bryson</a>
 48  
  * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
 49  
  * @version $Id: TemplateSecurityCheck.java 1773378 2016-12-09 13:19:59Z tv $
 50  
  */
 51  
 public class TemplateSecurityCheck
 52  
 {
 53  0
     private String message = "Sorry, you do not have permission to access this area.";
 54  
     private String failScreen;
 55  
     private String failTemplate;
 56  0
     private RunData data = null;
 57  
 
 58  
     /**
 59  
      * Constructor.
 60  
      *
 61  
      * @param data A Turbine RunData object.
 62  
      * @param message A String with the message to display upon
 63  
      * failure.
 64  
      */
 65  
     public TemplateSecurityCheck(RunData data, String message)
 66  
     {
 67  0
         this(data);
 68  0
         this.message = message;
 69  0
     }
 70  
 
 71  
     /**
 72  
      * Generic Constructor.
 73  
      *
 74  
      * @param data A Turbine RunData object.
 75  
      */
 76  
     public TemplateSecurityCheck(RunData data)
 77  0
     {
 78  0
         this.data = data;
 79  0
         TemplateService templateService = (TemplateService)TurbineServices.getInstance().getService(TemplateService.SERVICE_NAME);
 80  0
         this.failScreen = templateService.getDefaultScreen();
 81  0
     }
 82  
 
 83  
     /**
 84  
      * Does the User have this role?
 85  
      *
 86  
      * @param role The role to be checked.
 87  
      * @return Whether the user has the role.
 88  
      * @throws Exception Trouble validating.
 89  
      */
 90  
     public boolean hasRole(Role role)
 91  
         throws Exception
 92  
     {
 93  0
         if (!checkLogin())
 94  
         {
 95  0
             return false;
 96  
         }
 97  
 
 98  0
         TurbineAccessControlList acl = data.getACL();
 99  0
         if (acl == null || !acl.hasRole(role))
 100  
         {
 101  0
             data.setScreen(getFailScreen());
 102  0
             data.getTemplateInfo().setScreenTemplate(getFailTemplate());
 103  0
             data.setMessage(getMessage());
 104  0
             return false;
 105  
         }
 106  
 
 107  0
         return true;
 108  
     }
 109  
 
 110  
     /**
 111  
      * Does the User have this permission?
 112  
      *
 113  
      * @param permission The permission to be checked.
 114  
      * @return Whether the user has the permission.
 115  
      * @throws Exception Trouble validating.
 116  
      */
 117  
     public boolean hasPermission(Permission permission)
 118  
         throws Exception
 119  
     {
 120  0
         boolean value = true;
 121  0
         TurbineAccessControlList acl = data.getACL();
 122  0
         if (acl == null || !acl.hasPermission(permission))
 123  
         {
 124  0
             data.setScreen(getFailScreen());
 125  0
             data.getTemplateInfo().setScreenTemplate(getFailTemplate());
 126  0
             data.setMessage(getMessage());
 127  0
             value = false;
 128  
         }
 129  
 
 130  0
         return value;
 131  
     }
 132  
 
 133  
     /**
 134  
      * Check that the user has logged in.
 135  
      *
 136  
      * @return True if user has logged in.
 137  
      * @throws Exception a generic exception.
 138  
      */
 139  
     public boolean checkLogin()
 140  
         throws Exception
 141  
     {
 142  0
         boolean value = true;
 143  
 
 144  
         // Do it like the AccessController
 145  0
         TurbineUserManager userManager =
 146  
                 (TurbineUserManager)TurbineServices
 147  
                         .getInstance()
 148  
                         .getService(TurbineUserManager.ROLE);
 149  
 
 150  0
         if (!userManager.isAnonymousUser(data.getUser())
 151  
             && !data.getUser().hasLoggedIn())
 152  
         {
 153  0
             data.setMessage(Turbine.getConfiguration()
 154  
                 .getString(TurbineConstants.LOGIN_MESSAGE));
 155  
 
 156  0
             data.getTemplateInfo().setScreenTemplate(getFailTemplate());
 157  0
             value = false;
 158  
         }
 159  
 
 160  0
         return value;
 161  
     }
 162  
 
 163  
     /**
 164  
      * Set the message that should be displayed.  This is initialized
 165  
      * in the constructor.
 166  
      *
 167  
      * @param v A String with the message that should be displayed.
 168  
      */
 169  
     public void setMessage(String v)
 170  
     {
 171  0
         this.message = v;
 172  0
     }
 173  
 
 174  
     /**
 175  
      * Get the message that should be displayed.  This is initialized
 176  
      * in the constructor.
 177  
      *
 178  
      * @return A String with the message that should be displayed.
 179  
      */
 180  
     public String getMessage()
 181  
     {
 182  0
         return message;
 183  
     }
 184  
 
 185  
     /**
 186  
      * Get the value of failScreen.
 187  
      *
 188  
      * @return A String with the value of failScreen.
 189  
      */
 190  
     public String getFailScreen()
 191  
     {
 192  0
         return failScreen;
 193  
     }
 194  
 
 195  
     /**
 196  
      * Set the value of failScreen.
 197  
      *
 198  
      * @param v A String with the value of failScreen.
 199  
      */
 200  
     public void setFailScreen(String v)
 201  
     {
 202  0
         this.failScreen = v;
 203  0
     }
 204  
 
 205  
     /**
 206  
      * Get the value of failTemplate.
 207  
      *
 208  
      * @return A String with the value of failTemplate.
 209  
      */
 210  
     public String getFailTemplate()
 211  
     {
 212  0
         return failTemplate;
 213  
     }
 214  
 
 215  
     /**
 216  
      * Set the value of failTemplate.
 217  
      *
 218  
      * @param v A String with the value of failTemplate.
 219  
      */
 220  
     public void setFailTemplate(String v)
 221  
     {
 222  0
         this.failTemplate = v;
 223  0
     }
 224  
 }