Coverage Report - org.apache.turbine.util.template.TemplateSecurityCheck
 
Classes in this File Line Coverage Branch Coverage Complexity
TemplateSecurityCheck
0%
0/46
0%
0/14
1,818
 
 1  
 package org.apache.turbine.util.template;
 2  
 
 3  
 
 4  
 /*
 5  
  * Licensed to the Apache Software Foundation (ASF) under one
 6  
  * or more contributor license agreements.  See the NOTICE file
 7  
  * distributed with this work for additional information
 8  
  * regarding copyright ownership.  The ASF licenses this file
 9  
  * to you under the Apache License, Version 2.0 (the
 10  
  * "License"); you may not use this file except in compliance
 11  
  * with the License.  You may obtain a copy of the License at
 12  
  *
 13  
  *   http://www.apache.org/licenses/LICENSE-2.0
 14  
  *
 15  
  * Unless required by applicable law or agreed to in writing,
 16  
  * software distributed under the License is distributed on an
 17  
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 18  
  * KIND, either express or implied.  See the License for the
 19  
  * specific language governing permissions and limitations
 20  
  * under the License.
 21  
  */
 22  
 
 23  
 
 24  
 import org.apache.fulcrum.security.entity.Permission;
 25  
 import org.apache.fulcrum.security.entity.Role;
 26  
 import org.apache.fulcrum.security.model.turbine.TurbineAccessControlList;
 27  
 import org.apache.fulcrum.security.model.turbine.TurbineUserManager;
 28  
 import org.apache.turbine.Turbine;
 29  
 import org.apache.turbine.TurbineConstants;
 30  
 import org.apache.turbine.pipeline.PipelineData;
 31  
 import org.apache.turbine.services.TurbineServices;
 32  
 import org.apache.turbine.services.template.TemplateService;
 33  
 import org.apache.turbine.util.RunData;
 34  
 
 35  
 /**
 36  
  * Utility class to help check for proper authorization when using
 37  
  * template screens.  Sample usages:
 38  
  *
 39  
  * <pre>
 40  
  * TemplateSecurityCheck secCheck = new TemplateSecurityCheck( data );
 41  
  * secCheck.setMessage( "Sorry, you do not have permission to " +
 42  
  *                      "access this area." );
 43  
  * secCheck.setFailTemplate("login.wm");
 44  
  * if ( !secCheck.hasRole("ADMIN") )
 45  
  *     return;
 46  
  * </pre>
 47  
  *
 48  
  * @author <a href="mbryson@mont.mindspring.com">Dave Bryson</a>
 49  
  * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
 50  
  * @version $Id: TemplateSecurityCheck.java 1854797 2019-03-04 20:41:39Z tv $
 51  
  */
 52  
 public class TemplateSecurityCheck
 53  
 {
 54  0
     private String message = "Sorry, you do not have permission to access this area.";
 55  
     private String failScreen;
 56  
     private String failTemplate;
 57  
 
 58  
     /* The RunData object. */
 59  
     private final RunData data;
 60  
 
 61  
     /**
 62  
      * Constructor.
 63  
      *
 64  
      * @param pipelineData A Turbine PipelineData object.
 65  
      * @param message A String with the message to display upon
 66  
      * failure.
 67  
      */
 68  
     public TemplateSecurityCheck(PipelineData pipelineData, String message)
 69  
     {
 70  0
         this(pipelineData);
 71  0
         setMessage(message);
 72  0
     }
 73  
 
 74  
     /**
 75  
      * Generic Constructor.
 76  
      *
 77  
      * @param pipelineData A Turbine PipelineData object.
 78  
      */
 79  
     public TemplateSecurityCheck(PipelineData pipelineData)
 80  0
     {
 81  0
         this.data = pipelineData.getRunData();
 82  0
         TemplateService templateService = (TemplateService)TurbineServices.getInstance()
 83  0
                 .getService(TemplateService.SERVICE_NAME);
 84  0
         this.failScreen = templateService.getDefaultScreen();
 85  0
     }
 86  
 
 87  
     /**
 88  
      * Does the User have this role?
 89  
      *
 90  
      * @param role The role to be checked.
 91  
      * @return Whether the user has the role.
 92  
      * @throws Exception Trouble validating.
 93  
      */
 94  
     public boolean hasRole(Role role)
 95  
         throws Exception
 96  
     {
 97  0
         if (!checkLogin())
 98  
         {
 99  0
             return false;
 100  
         }
 101  
 
 102  0
         TurbineAccessControlList acl = data.getACL();
 103  0
         if (acl == null || !acl.hasRole(role))
 104  
         {
 105  0
             data.setScreen(getFailScreen());
 106  0
             data.getTemplateInfo().setScreenTemplate(getFailTemplate());
 107  0
             data.setMessage(getMessage());
 108  0
             return false;
 109  
         }
 110  
 
 111  0
         return true;
 112  
     }
 113  
 
 114  
     /**
 115  
      * Does the User have this permission?
 116  
      *
 117  
      * @param permission The permission to be checked.
 118  
      * @return Whether the user has the permission.
 119  
      * @throws Exception Trouble validating.
 120  
      */
 121  
     public boolean hasPermission(Permission permission)
 122  
         throws Exception
 123  
     {
 124  0
         boolean value = true;
 125  0
         TurbineAccessControlList acl = data.getACL();
 126  0
         if (acl == null || !acl.hasPermission(permission))
 127  
         {
 128  0
             data.setScreen(getFailScreen());
 129  0
             data.getTemplateInfo().setScreenTemplate(getFailTemplate());
 130  0
             data.setMessage(getMessage());
 131  0
             value = false;
 132  
         }
 133  
 
 134  0
         return value;
 135  
     }
 136  
 
 137  
     /**
 138  
      * Check that the user has logged in.
 139  
      *
 140  
      * @return True if user has logged in.
 141  
      * @throws Exception a generic exception.
 142  
      */
 143  
     public boolean checkLogin()
 144  
         throws Exception
 145  
     {
 146  0
         boolean value = true;
 147  
 
 148  
         // Do it like the AccessController
 149  
         TurbineUserManager userManager =
 150  
                 (TurbineUserManager)TurbineServices
 151  0
                         .getInstance()
 152  0
                         .getService(TurbineUserManager.ROLE);
 153  
 
 154  0
         if (!userManager.isAnonymousUser(data.getUser())
 155  0
             && !data.getUser().hasLoggedIn())
 156  
         {
 157  0
             data.setMessage(Turbine.getConfiguration()
 158  0
                 .getString(TurbineConstants.LOGIN_MESSAGE));
 159  
 
 160  0
             data.getTemplateInfo().setScreenTemplate(getFailTemplate());
 161  0
             value = false;
 162  
         }
 163  
 
 164  0
         return value;
 165  
     }
 166  
 
 167  
     /**
 168  
      * Set the message that should be displayed.  This is initialized
 169  
      * in the constructor.
 170  
      *
 171  
      * @param v A String with the message that should be displayed.
 172  
      */
 173  
     public void setMessage(String v)
 174  
     {
 175  0
         this.message = v;
 176  0
     }
 177  
 
 178  
     /**
 179  
      * Get the message that should be displayed.  This is initialized
 180  
      * in the constructor.
 181  
      *
 182  
      * @return A String with the message that should be displayed.
 183  
      */
 184  
     public String getMessage()
 185  
     {
 186  0
         return message;
 187  
     }
 188  
 
 189  
     /**
 190  
      * Get the value of failScreen.
 191  
      *
 192  
      * @return A String with the value of failScreen.
 193  
      */
 194  
     public String getFailScreen()
 195  
     {
 196  0
         return failScreen;
 197  
     }
 198  
 
 199  
     /**
 200  
      * Set the value of failScreen.
 201  
      *
 202  
      * @param v A String with the value of failScreen.
 203  
      */
 204  
     public void setFailScreen(String v)
 205  
     {
 206  0
         this.failScreen = v;
 207  0
     }
 208  
 
 209  
     /**
 210  
      * Get the value of failTemplate.
 211  
      *
 212  
      * @return A String with the value of failTemplate.
 213  
      */
 214  
     public String getFailTemplate()
 215  
     {
 216  0
         return failTemplate;
 217  
     }
 218  
 
 219  
     /**
 220  
      * Set the value of failTemplate.
 221  
      *
 222  
      * @param v A String with the value of failTemplate.
 223  
      */
 224  
     public void setFailTemplate(String v)
 225  
     {
 226  0
         this.failTemplate = v;
 227  0
     }
 228  
 }