001    //$HeadURL: svn+ssh://jwilden@svn.wald.intevation.org/deegree/base/branches/2.5_testing/src/org/deegree/security/drm/model/Role.java $
002    /*----------------------------------------------------------------------------
003     This file is part of deegree, http://deegree.org/
004     Copyright (C) 2001-2009 by:
005       Department of Geography, University of Bonn
006     and
007       lat/lon GmbH
008    
009     This library is free software; you can redistribute it and/or modify it under
010     the terms of the GNU Lesser General Public License as published by the Free
011     Software Foundation; either version 2.1 of the License, or (at your option)
012     any later version.
013     This library is distributed in the hope that it will be useful, but WITHOUT
014     ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
015     FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
016     details.
017     You should have received a copy of the GNU Lesser General Public License
018     along with this library; if not, write to the Free Software Foundation, Inc.,
019     59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020    
021     Contact information:
022    
023     lat/lon GmbH
024     Aennchenstr. 19, 53177 Bonn
025     Germany
026     http://lat-lon.de/
027    
028     Department of Geography, University of Bonn
029     Prof. Dr. Klaus Greve
030     Postfach 1147, 53001 Bonn
031     Germany
032     http://www.geographie.uni-bonn.de/deegree/
033    
034     e-mail: info@deegree.org
035    ----------------------------------------------------------------------------*/
036    package org.deegree.security.drm.model;
037    
038    import java.util.HashSet;
039    import java.util.Set;
040    import java.util.Stack;
041    
042    import org.deegree.model.feature.Feature;
043    import org.deegree.security.GeneralSecurityException;
044    import org.deegree.security.drm.SecurityAccess;
045    import org.deegree.security.drm.SecurityRegistry;
046    
047    
048    /**
049     * Implementation of role-objects. <code>Role</code> s define the
050     * <code>Privilege</code> of <code>User</code> s and <code>Groups</code>
051     * and their <code>Rights</code> on <code>SecurableObjects</code>.
052     *
053     * @author <a href="mailto:mschneider@lat-lon.de">Markus Schneider </a>
054     * @version $Revision: 18195 $
055     */
056    public class Role extends SecurableObject {
057    
058        public final static int ID_SEC_ADMIN = 3;
059    
060        /**
061         * Creates a new <code>Role</code> -instance.
062         *
063         * @param id
064         * @param name
065         * @param registry
066         */
067        public Role(int id, String name, SecurityRegistry registry) {
068            this.id = id;
069            this.name = name;
070            this.title = name;
071            this.registry = registry;
072        }
073    
074        /**
075         * Returns the <code>Group</code> s that are associated with this role
076         * DIRECTLY, i.e. not via membership in other roles.
077         *
078         * @param securityAccess
079         * @throws GeneralSecurityException
080         */
081        public Group[] getGroups(SecurityAccess securityAccess)
082                throws GeneralSecurityException {
083            return registry.getGroupsWithRole(securityAccess, this);
084        }
085    
086        /**
087         * Returns the <code>User</code> s that are associated with this role
088         * DIRECTLY, i.e. not via group membership.
089         *
090         * @param securityAccess
091         * @throws GeneralSecurityException
092         */
093        public User[] getUsers(SecurityAccess securityAccess)
094                throws GeneralSecurityException {
095            return registry.getUsersWithRole(securityAccess, this);
096        }
097    
098        /**
099         * Returns the <code>User</code> s that are associated with this role
100         * either directly or via group membership.
101         *
102         * @param securityAccess
103         * @throws GeneralSecurityException
104         */
105        public User[] getAllUsers(SecurityAccess securityAccess)
106                throws GeneralSecurityException {
107            Set<User> allUsers = new HashSet<User>();
108    
109            // directly associated users
110            User[] directUsers = registry.getUsersWithRole(securityAccess, this);
111            for (int i = 0; i < directUsers.length; i++) {
112                allUsers.add(directUsers[i]);
113            }
114    
115            // traverse group hierarchy and add users
116            Group[] groups = registry.getGroupsWithRole(securityAccess, this);
117            Stack<Group> groupsStack = new Stack<Group>();
118            for (int i = 0; i < groups.length; i++) {
119                groupsStack.push(groups[i]);
120            }
121            while (!groupsStack.isEmpty()) {
122                Group group = groupsStack.pop();
123                Group[] children = group.getGroups(securityAccess);
124                for (int i = 0; i < children.length; i++) {
125                    groupsStack.push(children[i]);
126                }
127                User[] users = group.getUsers(securityAccess);
128                for (int i = 0; i < users.length; i++) {
129                    allUsers.add(users[i]);
130                }
131            }
132    
133            return allUsers.toArray(new User[allUsers.size()]);
134        }
135    
136        /**
137         * Returns the <code>Privilege</code> s that this role has.
138         *
139         * @param securityAccess
140         */
141        public Privilege[] getPrivileges(SecurityAccess securityAccess)
142                throws GeneralSecurityException {
143            return registry.getPrivilegesForRole(securityAccess, this);
144        }
145    
146        /**
147         * Returns the rights that this role defines concerning the given
148         * <code>SecurableObject</code>.
149         *
150         * @param securityAccess
151         */
152        public RightSet getRights(SecurityAccess securityAccess,
153                SecurableObject object) throws GeneralSecurityException {
154            return new RightSet(registry.getRights(securityAccess, object, this));
155        }
156    
157        /**
158         * Returns whether the <code>Role</code> has a certain <code>Right</code>
159         * on a <code>SecurableObject</code> (directly or via group
160         * memberships).
161         */
162        public boolean hasRight(SecurityAccess securityAccess, RightType type,
163                Feature accessParams, SecurableObject object)
164                throws GeneralSecurityException {
165            return getRights(securityAccess, object).applies(object, type,
166                    accessParams);
167        }
168    
169        /**
170         * Returns whether the <code>Role</code> has a certain <code>Right</code>
171         * on a <code>SecurableObject</code>.
172         */
173        public boolean hasRight(SecurityAccess securityAccess, RightType type,
174                SecurableObject object) throws GeneralSecurityException {
175            return getRights(securityAccess, object).applies(object, type);
176        }
177    
178        /**
179         * Returns whether the <code>Role</code> has a certain right on a
180         * <code>SecurableObject</code>.
181         */
182        public boolean hasRight(SecurityAccess securityAccess, String s,
183                SecurableObject object) throws GeneralSecurityException {
184            RightType right = registry.getRightTypeByName(securityAccess, s);
185            return hasRight(securityAccess, right, object);
186        }
187    
188        /**
189         * Returns whether the <code>Role</code> has a certain
190         * <code>Privilege</code>.
191         *
192         * @param privilege
193         */
194        public boolean hasPrivilege(SecurityAccess securityAccess,
195                Privilege privilege) throws GeneralSecurityException {
196            Privilege[] privileges = getPrivileges(securityAccess);
197            for (int i = 0; i < privileges.length; i++) {
198                if (privileges[i].equals(privilege)) {
199                    return true;
200                }
201            }
202            return false;
203        }
204    
205        /**
206         * Returns whether the <code>Role</code> has a certain privilege.
207         *
208         * @param s
209         */
210        public boolean hasPrivilege(SecurityAccess securityAccess, String s)
211                throws GeneralSecurityException {
212            Privilege privilege = registry.getPrivilegeByName(securityAccess, s);
213            return hasPrivilege(securityAccess, privilege);
214        }
215    
216        /**
217         * Returns a <code>String</code> representation of this object.
218         *
219         * @param securityAccess
220         */
221        public String toString(SecurityAccess securityAccess) {
222            StringBuffer sb = new StringBuffer("Name: ").append(name);
223    
224            try {
225                sb.append(", Users: [");
226                User[] users = getUsers(securityAccess);
227                for (int i = 0; i < users.length; i++) {
228                    sb.append(users[i].getName());
229                    if (i != users.length - 1) {
230                        sb.append(", ");
231                    }
232                }
233                sb.append("]");
234    
235                sb.append(", Groups: [");
236                Group[] groups = getGroups(securityAccess);
237                for (int i = 0; i < groups.length; i++) {
238                    sb.append(groups[i].getName());
239                    if (i != groups.length - 1) {
240                        sb.append(", ");
241                    }
242                }
243                sb.append("]");
244            } catch (GeneralSecurityException e) {
245                e.printStackTrace();
246            }
247            return sb.toString();
248        }
249    }