001 //$HeadURL: https://svn.wald.intevation.org/svn/deegree/base/branches/2.3_testing/src/org/deegree/security/drm/model/Role.java $
002 /*----------------------------------------------------------------------------
003 This file is part of deegree, http://deegree.org/
004 Copyright (C) 2001-2009 by:
005 Department of Geography, University of Bonn
006 and
007 lat/lon GmbH
008
009 This library is free software; you can redistribute it and/or modify it under
010 the terms of the GNU Lesser General Public License as published by the Free
011 Software Foundation; either version 2.1 of the License, or (at your option)
012 any later version.
013 This library is distributed in the hope that it will be useful, but WITHOUT
014 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
015 FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
016 details.
017 You should have received a copy of the GNU Lesser General Public License
018 along with this library; if not, write to the Free Software Foundation, Inc.,
019 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020
021 Contact information:
022
023 lat/lon GmbH
024 Aennchenstr. 19, 53177 Bonn
025 Germany
026 http://lat-lon.de/
027
028 Department of Geography, University of Bonn
029 Prof. Dr. Klaus Greve
030 Postfach 1147, 53001 Bonn
031 Germany
032 http://www.geographie.uni-bonn.de/deegree/
033
034 e-mail: info@deegree.org
035 ----------------------------------------------------------------------------*/
036 package org.deegree.security.drm.model;
037
038 import java.util.HashSet;
039 import java.util.Set;
040 import java.util.Stack;
041
042 import org.deegree.model.feature.Feature;
043 import org.deegree.security.GeneralSecurityException;
044 import org.deegree.security.drm.SecurityAccess;
045 import org.deegree.security.drm.SecurityRegistry;
046
047
048 /**
049 * Implementation of role-objects. <code>Role</code> s define the
050 * <code>Privilege</code> of <code>User</code> s and <code>Groups</code>
051 * and their <code>Rights</code> on <code>SecurableObjects</code>.
052 *
053 * @author <a href="mailto:mschneider@lat-lon.de">Markus Schneider </a>
054 * @version $Revision: 18195 $
055 */
056 public class Role extends SecurableObject {
057
058 public final static int ID_SEC_ADMIN = 3;
059
060 /**
061 * Creates a new <code>Role</code> -instance.
062 *
063 * @param id
064 * @param name
065 * @param registry
066 */
067 public Role(int id, String name, SecurityRegistry registry) {
068 this.id = id;
069 this.name = name;
070 this.title = name;
071 this.registry = registry;
072 }
073
074 /**
075 * Returns the <code>Group</code> s that are associated with this role
076 * DIRECTLY, i.e. not via membership in other roles.
077 *
078 * @param securityAccess
079 * @throws GeneralSecurityException
080 */
081 public Group[] getGroups(SecurityAccess securityAccess)
082 throws GeneralSecurityException {
083 return registry.getGroupsWithRole(securityAccess, this);
084 }
085
086 /**
087 * Returns the <code>User</code> s that are associated with this role
088 * DIRECTLY, i.e. not via group membership.
089 *
090 * @param securityAccess
091 * @throws GeneralSecurityException
092 */
093 public User[] getUsers(SecurityAccess securityAccess)
094 throws GeneralSecurityException {
095 return registry.getUsersWithRole(securityAccess, this);
096 }
097
098 /**
099 * Returns the <code>User</code> s that are associated with this role
100 * either directly or via group membership.
101 *
102 * @param securityAccess
103 * @throws GeneralSecurityException
104 */
105 public User[] getAllUsers(SecurityAccess securityAccess)
106 throws GeneralSecurityException {
107 Set<User> allUsers = new HashSet<User>();
108
109 // directly associated users
110 User[] directUsers = registry.getUsersWithRole(securityAccess, this);
111 for (int i = 0; i < directUsers.length; i++) {
112 allUsers.add(directUsers[i]);
113 }
114
115 // traverse group hierarchy and add users
116 Group[] groups = registry.getGroupsWithRole(securityAccess, this);
117 Stack<Group> groupsStack = new Stack<Group>();
118 for (int i = 0; i < groups.length; i++) {
119 groupsStack.push(groups[i]);
120 }
121 while (!groupsStack.isEmpty()) {
122 Group group = groupsStack.pop();
123 Group[] children = group.getGroups(securityAccess);
124 for (int i = 0; i < children.length; i++) {
125 groupsStack.push(children[i]);
126 }
127 User[] users = group.getUsers(securityAccess);
128 for (int i = 0; i < users.length; i++) {
129 allUsers.add(users[i]);
130 }
131 }
132
133 return allUsers.toArray(new User[allUsers.size()]);
134 }
135
136 /**
137 * Returns the <code>Privilege</code> s that this role has.
138 *
139 * @param securityAccess
140 */
141 public Privilege[] getPrivileges(SecurityAccess securityAccess)
142 throws GeneralSecurityException {
143 return registry.getPrivilegesForRole(securityAccess, this);
144 }
145
146 /**
147 * Returns the rights that this role defines concerning the given
148 * <code>SecurableObject</code>.
149 *
150 * @param securityAccess
151 */
152 public RightSet getRights(SecurityAccess securityAccess,
153 SecurableObject object) throws GeneralSecurityException {
154 return new RightSet(registry.getRights(securityAccess, object, this));
155 }
156
157 /**
158 * Returns whether the <code>Role</code> has a certain <code>Right</code>
159 * on a <code>SecurableObject</code> (directly or via group
160 * memberships).
161 */
162 public boolean hasRight(SecurityAccess securityAccess, RightType type,
163 Feature accessParams, SecurableObject object)
164 throws GeneralSecurityException {
165 return getRights(securityAccess, object).applies(object, type,
166 accessParams);
167 }
168
169 /**
170 * Returns whether the <code>Role</code> has a certain <code>Right</code>
171 * on a <code>SecurableObject</code>.
172 */
173 public boolean hasRight(SecurityAccess securityAccess, RightType type,
174 SecurableObject object) throws GeneralSecurityException {
175 return getRights(securityAccess, object).applies(object, type);
176 }
177
178 /**
179 * Returns whether the <code>Role</code> has a certain right on a
180 * <code>SecurableObject</code>.
181 */
182 public boolean hasRight(SecurityAccess securityAccess, String s,
183 SecurableObject object) throws GeneralSecurityException {
184 RightType right = registry.getRightTypeByName(securityAccess, s);
185 return hasRight(securityAccess, right, object);
186 }
187
188 /**
189 * Returns whether the <code>Role</code> has a certain
190 * <code>Privilege</code>.
191 *
192 * @param privilege
193 */
194 public boolean hasPrivilege(SecurityAccess securityAccess,
195 Privilege privilege) throws GeneralSecurityException {
196 Privilege[] privileges = getPrivileges(securityAccess);
197 for (int i = 0; i < privileges.length; i++) {
198 if (privileges[i].equals(privilege)) {
199 return true;
200 }
201 }
202 return false;
203 }
204
205 /**
206 * Returns whether the <code>Role</code> has a certain privilege.
207 *
208 * @param s
209 */
210 public boolean hasPrivilege(SecurityAccess securityAccess, String s)
211 throws GeneralSecurityException {
212 Privilege privilege = registry.getPrivilegeByName(securityAccess, s);
213 return hasPrivilege(securityAccess, privilege);
214 }
215
216 /**
217 * Returns a <code>String</code> representation of this object.
218 *
219 * @param securityAccess
220 */
221 public String toString(SecurityAccess securityAccess) {
222 StringBuffer sb = new StringBuffer("Name: ").append(name);
223
224 try {
225 sb.append(", Users: [");
226 User[] users = getUsers(securityAccess);
227 for (int i = 0; i < users.length; i++) {
228 sb.append(users[i].getName());
229 if (i != users.length - 1) {
230 sb.append(", ");
231 }
232 }
233 sb.append("]");
234
235 sb.append(", Groups: [");
236 Group[] groups = getGroups(securityAccess);
237 for (int i = 0; i < groups.length; i++) {
238 sb.append(groups[i].getName());
239 if (i != groups.length - 1) {
240 sb.append(", ");
241 }
242 }
243 sb.append("]");
244 } catch (GeneralSecurityException e) {
245 e.printStackTrace();
246 }
247 return sb.toString();
248 }
249 }