001 //$HeadURL: svn+ssh://rbezema@svn.wald.intevation.org/deegree/base/branches/2.2_testing/src/org/deegree/security/drm/model/Role.java $
002 /*---------------- FILE HEADER ------------------------------------------
003
004 This file is part of deegree.
005 Copyright (C) 2001-2008 by:
006 EXSE, Department of Geography, University of Bonn
007 http://www.giub.uni-bonn.de/deegree/
008 lat/lon GmbH
009 http://www.lat-lon.de
010
011 This library is free software; you can redistribute it and/or
012 modify it under the terms of the GNU Lesser General Public
013 License as published by the Free Software Foundation; either
014 version 2.1 of the License, or (at your option) any later version.
015
016 This library is distributed in the hope that it will be useful,
017 but WITHOUT ANY WARRANTY; without even the implied warranty of
018 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
019 Lesser General Public License for more details.
020
021 You should have received a copy of the GNU Lesser General Public
022 License along with this library; if not, write to the Free Software
023 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
024
025 Contact:
026
027 Andreas Poth
028 lat/lon GmbH
029 Aennchenstr. 19
030 53115 Bonn
031 Germany
032 E-Mail: poth@lat-lon.de
033
034 Prof. Dr. Klaus Greve
035 Department of Geography
036 University of Bonn
037 Meckenheimer Allee 166
038 53115 Bonn
039 Germany
040 E-Mail: greve@giub.uni-bonn.de
041
042 ---------------------------------------------------------------------------*/
043 package org.deegree.security.drm.model;
044
045 import java.util.HashSet;
046 import java.util.Set;
047 import java.util.Stack;
048
049 import org.deegree.model.feature.Feature;
050 import org.deegree.security.GeneralSecurityException;
051 import org.deegree.security.drm.SecurityAccess;
052 import org.deegree.security.drm.SecurityRegistry;
053
054
055 /**
056 * Implementation of role-objects. <code>Role</code> s define the
057 * <code>Privilege</code> of <code>User</code> s and <code>Groups</code>
058 * and their <code>Rights</code> on <code>SecurableObjects</code>.
059 *
060 * @author <a href="mailto:mschneider@lat-lon.de">Markus Schneider </a>
061 * @version $Revision: 9346 $
062 */
063 public class Role extends SecurableObject {
064
065 public final static int ID_SEC_ADMIN = 3;
066
067 /**
068 * Creates a new <code>Role</code> -instance.
069 *
070 * @param id
071 * @param name
072 * @param registry
073 */
074 public Role(int id, String name, SecurityRegistry registry) {
075 this.id = id;
076 this.name = name;
077 this.title = name;
078 this.registry = registry;
079 }
080
081 /**
082 * Returns the <code>Group</code> s that are associated with this role
083 * DIRECTLY, i.e. not via membership in other roles.
084 *
085 * @param securityAccess
086 * @throws GeneralSecurityException
087 */
088 public Group[] getGroups(SecurityAccess securityAccess)
089 throws GeneralSecurityException {
090 return registry.getGroupsWithRole(securityAccess, this);
091 }
092
093 /**
094 * Returns the <code>User</code> s that are associated with this role
095 * DIRECTLY, i.e. not via group membership.
096 *
097 * @param securityAccess
098 * @throws GeneralSecurityException
099 */
100 public User[] getUsers(SecurityAccess securityAccess)
101 throws GeneralSecurityException {
102 return registry.getUsersWithRole(securityAccess, this);
103 }
104
105 /**
106 * Returns the <code>User</code> s that are associated with this role
107 * either directly or via group membership.
108 *
109 * @param securityAccess
110 * @throws GeneralSecurityException
111 */
112 public User[] getAllUsers(SecurityAccess securityAccess)
113 throws GeneralSecurityException {
114 Set<User> allUsers = new HashSet<User>();
115
116 // directly associated users
117 User[] directUsers = registry.getUsersWithRole(securityAccess, this);
118 for (int i = 0; i < directUsers.length; i++) {
119 allUsers.add(directUsers[i]);
120 }
121
122 // traverse group hierarchy and add users
123 Group[] groups = registry.getGroupsWithRole(securityAccess, this);
124 Stack<Group> groupsStack = new Stack<Group>();
125 for (int i = 0; i < groups.length; i++) {
126 groupsStack.push(groups[i]);
127 }
128 while (!groupsStack.isEmpty()) {
129 Group group = groupsStack.pop();
130 Group[] children = group.getGroups(securityAccess);
131 for (int i = 0; i < children.length; i++) {
132 groupsStack.push(children[i]);
133 }
134 User[] users = group.getUsers(securityAccess);
135 for (int i = 0; i < users.length; i++) {
136 allUsers.add(users[i]);
137 }
138 }
139
140 return allUsers.toArray(new User[allUsers.size()]);
141 }
142
143 /**
144 * Returns the <code>Privilege</code> s that this role has.
145 *
146 * @param securityAccess
147 */
148 public Privilege[] getPrivileges(SecurityAccess securityAccess)
149 throws GeneralSecurityException {
150 return registry.getPrivilegesForRole(securityAccess, this);
151 }
152
153 /**
154 * Returns the rights that this role defines concerning the given
155 * <code>SecurableObject</code>.
156 *
157 * @param securityAccess
158 */
159 public RightSet getRights(SecurityAccess securityAccess,
160 SecurableObject object) throws GeneralSecurityException {
161 return new RightSet(registry.getRights(securityAccess, object, this));
162 }
163
164 /**
165 * Returns whether the <code>Role</code> has a certain <code>Right</code>
166 * on a <code>SecurableObject</code> (directly or via group
167 * memberships).
168 */
169 public boolean hasRight(SecurityAccess securityAccess, RightType type,
170 Feature accessParams, SecurableObject object)
171 throws GeneralSecurityException {
172 return getRights(securityAccess, object).applies(object, type,
173 accessParams);
174 }
175
176 /**
177 * Returns whether the <code>Role</code> has a certain <code>Right</code>
178 * on a <code>SecurableObject</code>.
179 */
180 public boolean hasRight(SecurityAccess securityAccess, RightType type,
181 SecurableObject object) throws GeneralSecurityException {
182 return getRights(securityAccess, object).applies(object, type);
183 }
184
185 /**
186 * Returns whether the <code>Role</code> has a certain right on a
187 * <code>SecurableObject</code>.
188 */
189 public boolean hasRight(SecurityAccess securityAccess, String s,
190 SecurableObject object) throws GeneralSecurityException {
191 RightType right = registry.getRightTypeByName(securityAccess, s);
192 return hasRight(securityAccess, right, object);
193 }
194
195 /**
196 * Returns whether the <code>Role</code> has a certain
197 * <code>Privilege</code>.
198 *
199 * @param privilege
200 */
201 public boolean hasPrivilege(SecurityAccess securityAccess,
202 Privilege privilege) throws GeneralSecurityException {
203 Privilege[] privileges = getPrivileges(securityAccess);
204 for (int i = 0; i < privileges.length; i++) {
205 if (privileges[i].equals(privilege)) {
206 return true;
207 }
208 }
209 return false;
210 }
211
212 /**
213 * Returns whether the <code>Role</code> has a certain privilege.
214 *
215 * @param s
216 */
217 public boolean hasPrivilege(SecurityAccess securityAccess, String s)
218 throws GeneralSecurityException {
219 Privilege privilege = registry.getPrivilegeByName(securityAccess, s);
220 return hasPrivilege(securityAccess, privilege);
221 }
222
223 /**
224 * Returns a <code>String</code> representation of this object.
225 *
226 * @param securityAccess
227 */
228 public String toString(SecurityAccess securityAccess) {
229 StringBuffer sb = new StringBuffer("Name: ").append(name);
230
231 try {
232 sb.append(", Users: [");
233 User[] users = getUsers(securityAccess);
234 for (int i = 0; i < users.length; i++) {
235 sb.append(users[i].getName());
236 if (i != users.length - 1) {
237 sb.append(", ");
238 }
239 }
240 sb.append("]");
241
242 sb.append(", Groups: [");
243 Group[] groups = getGroups(securityAccess);
244 for (int i = 0; i < groups.length; i++) {
245 sb.append(groups[i].getName());
246 if (i != groups.length - 1) {
247 sb.append(", ");
248 }
249 }
250 sb.append("]");
251 } catch (GeneralSecurityException e) {
252 e.printStackTrace();
253 }
254 return sb.toString();
255 }
256 }