Coverage Report

Coverage Report - org.apache.turbine.util.template.TemplateSecurityCheck

Classes in this File

Line Coverage

Branch Coverage

Complexity

TemplateSecurityCheck

0/46

0/14

1,818

 package org.apache.turbine.util.template;
 
 
 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 
 
 import org.apache.fulcrum.security.entity.Permission;
 import org.apache.fulcrum.security.entity.Role;
 import org.apache.fulcrum.security.model.turbine.TurbineAccessControlList;
 import org.apache.fulcrum.security.model.turbine.TurbineUserManager;
 import org.apache.turbine.Turbine;
 import org.apache.turbine.TurbineConstants;
 import org.apache.turbine.pipeline.PipelineData;
 import org.apache.turbine.services.TurbineServices;
 import org.apache.turbine.services.template.TemplateService;
 import org.apache.turbine.util.RunData;
 
 /**
  * Utility class to help check for proper authorization when using
  * template screens.  Sample usages:
  *
  * <pre>
  * TemplateSecurityCheck secCheck = new TemplateSecurityCheck( data );
  * secCheck.setMessage( "Sorry, you do not have permission to " +
  *                      "access this area." );
  * secCheck.setFailTemplate("login.wm");
  * if ( !secCheck.hasRole("ADMIN") )
  *     return;
  * </pre>
  *
  * @author <a href="mbryson@mont.mindspring.com">Dave Bryson</a>
  * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
  * @version $Id: TemplateSecurityCheck.java 1854797 2019-03-04 20:41:39Z tv $
  */
 public class TemplateSecurityCheck
 {
     private String message = "Sorry, you do not have permission to access this area.";
     private String failScreen;
     private String failTemplate;
 
     /* The RunData object. */
     private final RunData data;
 
     /**
      * Constructor.
      *
      * @param pipelineData A Turbine PipelineData object.
      * @param message A String with the message to display upon
      * failure.
      */
     public TemplateSecurityCheck(PipelineData pipelineData, String message)
     {
         this(pipelineData);
         setMessage(message);
     }
 
     /**
      * Generic Constructor.
      *
      * @param pipelineData A Turbine PipelineData object.
      */
     public TemplateSecurityCheck(PipelineData pipelineData)
     {
         this.data = pipelineData.getRunData();
         TemplateService templateService = (TemplateService)TurbineServices.getInstance()
                 .getService(TemplateService.SERVICE_NAME);
         this.failScreen = templateService.getDefaultScreen();
     }
 
     /**
      * Does the User have this role?
      *
      * @param role The role to be checked.
      * @return Whether the user has the role.
      * @throws Exception Trouble validating.
      */
     public boolean hasRole(Role role)
         throws Exception
     {
         if (!checkLogin())
         {
             return false;
         }
 
         TurbineAccessControlList acl = data.getACL();
         if (acl == null || !acl.hasRole(role))
         {
             data.setScreen(getFailScreen());
             data.getTemplateInfo().setScreenTemplate(getFailTemplate());
             data.setMessage(getMessage());
             return false;
         }
 
         return true;
     }
 
     /**
      * Does the User have this permission?
      *
      * @param permission The permission to be checked.
      * @return Whether the user has the permission.
      * @throws Exception Trouble validating.
      */
     public boolean hasPermission(Permission permission)
         throws Exception
     {
         boolean value = true;
         TurbineAccessControlList acl = data.getACL();
         if (acl == null || !acl.hasPermission(permission))
         {
             data.setScreen(getFailScreen());
             data.getTemplateInfo().setScreenTemplate(getFailTemplate());
             data.setMessage(getMessage());
             value = false;
         }
 
         return value;
     }
 
     /**
      * Check that the user has logged in.
      *
      * @return True if user has logged in.
      * @throws Exception a generic exception.
      */
     public boolean checkLogin()
         throws Exception
     {
         boolean value = true;
 
         // Do it like the AccessController
         TurbineUserManager userManager =
                 (TurbineUserManager)TurbineServices
                         .getInstance()
                         .getService(TurbineUserManager.ROLE);
 
         if (!userManager.isAnonymousUser(data.getUser())
             && !data.getUser().hasLoggedIn())
         {
             data.setMessage(Turbine.getConfiguration()
                 .getString(TurbineConstants.LOGIN_MESSAGE));
 
             data.getTemplateInfo().setScreenTemplate(getFailTemplate());
             value = false;
         }
 
         return value;
     }
 
     /**
      * Set the message that should be displayed.  This is initialized
      * in the constructor.
      *
      * @param v A String with the message that should be displayed.
      */
     public void setMessage(String v)
     {
         this.message = v;
     }
 
     /**
      * Get the message that should be displayed.  This is initialized
      * in the constructor.
      *
      * @return A String with the message that should be displayed.
      */
     public String getMessage()
     {
         return message;
     }
 
     /**
      * Get the value of failScreen.
      *
      * @return A String with the value of failScreen.
      */
     public String getFailScreen()
     {
         return failScreen;
     }
 
     /**
      * Set the value of failScreen.
      *
      * @param v A String with the value of failScreen.
      */
     public void setFailScreen(String v)
     {
         this.failScreen = v;
     }
 
     /**
      * Get the value of failTemplate.
      *
      * @return A String with the value of failTemplate.
      */
     public String getFailTemplate()
     {
         return failTemplate;
     }
 
     /**
      * Set the value of failTemplate.
      *
      * @param v A String with the value of failTemplate.
      */
     public void setFailTemplate(String v)
     {
         this.failTemplate = v;
     }
 }

1		package org.apache.turbine.util.template;
2
3
4		/*
5		* Licensed to the Apache Software Foundation (ASF) under one
6		* or more contributor license agreements. See the NOTICE file
7		* distributed with this work for additional information
8		* regarding copyright ownership. The ASF licenses this file
9		* to you under the Apache License, Version 2.0 (the
10		* "License"); you may not use this file except in compliance
11		* with the License. You may obtain a copy of the License at
12		*
13		* http://www.apache.org/licenses/LICENSE-2.0
14		*
15		* Unless required by applicable law or agreed to in writing,
16		* software distributed under the License is distributed on an
17		* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18		* KIND, either express or implied. See the License for the
19		* specific language governing permissions and limitations
20		* under the License.
21		*/
22
23
24		import org.apache.fulcrum.security.entity.Permission;
25		import org.apache.fulcrum.security.entity.Role;
26		import org.apache.fulcrum.security.model.turbine.TurbineAccessControlList;
27		import org.apache.fulcrum.security.model.turbine.TurbineUserManager;
28		import org.apache.turbine.Turbine;
29		import org.apache.turbine.TurbineConstants;
30		import org.apache.turbine.pipeline.PipelineData;
31		import org.apache.turbine.services.TurbineServices;
32		import org.apache.turbine.services.template.TemplateService;
33		import org.apache.turbine.util.RunData;
34
35		/**
36		* Utility class to help check for proper authorization when using
37		* template screens. Sample usages:
38		*
39		* <pre>
40		* TemplateSecurityCheck secCheck = new TemplateSecurityCheck( data );
41		* secCheck.setMessage( "Sorry, you do not have permission to " +
42		* "access this area." );
43		* secCheck.setFailTemplate("login.wm");
44		* if ( !secCheck.hasRole("ADMIN") )
45		* return;
46		* </pre>
47		*
48		* @author <a href="mbryson@mont.mindspring.com">Dave Bryson</a>
49		* @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
50		* @version $Id: TemplateSecurityCheck.java 1854797 2019-03-04 20:41:39Z tv $
51		*/
52		public class TemplateSecurityCheck
53		{
54	0	private String message = "Sorry, you do not have permission to access this area.";
55		private String failScreen;
56		private String failTemplate;
57
58		/* The RunData object. */
59		private final RunData data;
60
61		/**
62		* Constructor.
63		*
64		* @param pipelineData A Turbine PipelineData object.
65		* @param message A String with the message to display upon
66		* failure.
67		*/
68		public TemplateSecurityCheck(PipelineData pipelineData, String message)
69		{
70	0	this(pipelineData);
71	0	setMessage(message);
72	0	}
73
74		/**
75		* Generic Constructor.
76		*
77		* @param pipelineData A Turbine PipelineData object.
78		*/
79		public TemplateSecurityCheck(PipelineData pipelineData)
80	0	{
81	0	this.data = pipelineData.getRunData();
82	0	TemplateService templateService = (TemplateService)TurbineServices.getInstance()
83	0	.getService(TemplateService.SERVICE_NAME);
84	0	this.failScreen = templateService.getDefaultScreen();
85	0	}
86
87		/**
88		* Does the User have this role?
89		*
90		* @param role The role to be checked.
91		* @return Whether the user has the role.
92		* @throws Exception Trouble validating.
93		*/
94		public boolean hasRole(Role role)
95		throws Exception
96		{
97	0	if (!checkLogin())
98		{
99	0	return false;
100		}
101
102	0	TurbineAccessControlList acl = data.getACL();
103	0	if (acl == null \|\| !acl.hasRole(role))
104		{
105	0	data.setScreen(getFailScreen());
106	0	data.getTemplateInfo().setScreenTemplate(getFailTemplate());
107	0	data.setMessage(getMessage());
108	0	return false;
109		}
110
111	0	return true;
112		}
113
114		/**
115		* Does the User have this permission?
116		*
117		* @param permission The permission to be checked.
118		* @return Whether the user has the permission.
119		* @throws Exception Trouble validating.
120		*/
121		public boolean hasPermission(Permission permission)
122		throws Exception
123		{
124	0	boolean value = true;
125	0	TurbineAccessControlList acl = data.getACL();
126	0	if (acl == null \|\| !acl.hasPermission(permission))
127		{
128	0	data.setScreen(getFailScreen());
129	0	data.getTemplateInfo().setScreenTemplate(getFailTemplate());
130	0	data.setMessage(getMessage());
131	0	value = false;
132		}
133
134	0	return value;
135		}
136
137		/**
138		* Check that the user has logged in.
139		*
140		* @return True if user has logged in.
141		* @throws Exception a generic exception.
142		*/
143		public boolean checkLogin()
144		throws Exception
145		{
146	0	boolean value = true;
147
148		// Do it like the AccessController
149		TurbineUserManager userManager =
150		(TurbineUserManager)TurbineServices
151	0	.getInstance()
152	0	.getService(TurbineUserManager.ROLE);
153
154	0	if (!userManager.isAnonymousUser(data.getUser())
155	0	&& !data.getUser().hasLoggedIn())
156		{
157	0	data.setMessage(Turbine.getConfiguration()
158	0	.getString(TurbineConstants.LOGIN_MESSAGE));
159
160	0	data.getTemplateInfo().setScreenTemplate(getFailTemplate());
161	0	value = false;
162		}
163
164	0	return value;
165		}
166
167		/**
168		* Set the message that should be displayed. This is initialized
169		* in the constructor.
170		*
171		* @param v A String with the message that should be displayed.
172		*/
173		public void setMessage(String v)
174		{
175	0	this.message = v;
176	0	}
177
178		/**
179		* Get the message that should be displayed. This is initialized
180		* in the constructor.
181		*
182		* @return A String with the message that should be displayed.
183		*/
184		public String getMessage()
185		{
186	0	return message;
187		}
188
189		/**
190		* Get the value of failScreen.
191		*
192		* @return A String with the value of failScreen.
193		*/
194		public String getFailScreen()
195		{
196	0	return failScreen;
197		}
198
199		/**
200		* Set the value of failScreen.
201		*
202		* @param v A String with the value of failScreen.
203		*/
204		public void setFailScreen(String v)
205		{
206	0	this.failScreen = v;
207	0	}
208
209		/**
210		* Get the value of failTemplate.
211		*
212		* @return A String with the value of failTemplate.
213		*/
214		public String getFailTemplate()
215		{
216	0	return failTemplate;
217		}
218
219		/**
220		* Set the value of failTemplate.
221		*
222		* @param v A String with the value of failTemplate.
223		*/
224		public void setFailTemplate(String v)
225		{
226	0	this.failTemplate = v;
227	0	}
228		}