/********************************************************************************** * $URL: https://source.sakaiproject.org/svn/portal/branches/sakai-2.8.1/portal-impl/impl/src/java/org/sakaiproject/portal/charon/ToolHelperImpl.java $ * $Id: ToolHelperImpl.java 73523 2010-02-15 17:34:01Z matthew.buckett@oucs.ox.ac.uk $ *********************************************************************************** * * Copyright (c) 2003, 2004, 2005, 2006, 2007, 2008 The Sakai Foundation * * Licensed under the Educational Community License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.osedu.org/licenses/ECL-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * **********************************************************************************/ package org.sakaiproject.portal.charon; import java.util.Arrays; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.sakaiproject.authz.cover.SecurityService; import org.sakaiproject.site.api.Site; import org.sakaiproject.tool.api.Placement; /** * @author ieb * */ public class ToolHelperImpl { private static final Log log = LogFactory.getLog(ToolHelperImpl.class); public static final String TOOLCONFIG_REQUIRED_PERMISSIONS = "functions.require"; /** * The optional tool configuration tag "functions.require" describes a * set of permission lists which decide the visibility of the tool link * for this site user. Lists are separated by "|" and permissions within a * list are separated by ",". Users must have all the permissions included in * at least one of the permission lists. * * For example, a value like "section.role.student,annc.new|section.role.ta" * would let a user with "section.role.ta" see the tool, and let a user with * both "section.role.student" AND "annc.new" see the tool, but not let a user * who only had "section.role.student" see the tool. * * If the configuration tag is not set or is null, then all users see the tool. */ public boolean allowTool(Site site, Placement placement) { // No way to render an opinion if (placement == null || site == null) return true; String requiredPermissionsString = placement.getConfig().getProperty(TOOLCONFIG_REQUIRED_PERMISSIONS); if (log.isDebugEnabled()) log.debug("requiredPermissionsString=" + requiredPermissionsString + " for " + placement.getToolId()); if (requiredPermissionsString == null) return true; requiredPermissionsString = requiredPermissionsString.trim(); if (requiredPermissionsString.length() == 0) return true; String[] allowedPermissionSets = requiredPermissionsString.split("\\|"); for (int i = 0; i < allowedPermissionSets.length; i++) { String[] requiredPermissions = allowedPermissionSets[i].split(","); if (log.isDebugEnabled()) log.debug("requiredPermissions=" + Arrays.asList(requiredPermissions)); boolean gotAllInList = true; for (int j = 0; j < requiredPermissions.length; j++) { if (!SecurityService.unlock(requiredPermissions[j].trim(), site.getReference())) { gotAllInList = false; break; } } if (gotAllInList) { return true; } } // No permission sets were matched. return false; } /** * Check if the placement is hidden. * @param placement * @return <code>true</code> if the current placement is hidden. */ public boolean isHidden(Placement placement) { if (placement == null) return true; String requiredPermissionsString = StringUtils.trimToNull(placement.getConfig().getProperty(TOOLCONFIG_REQUIRED_PERMISSIONS)); if (requiredPermissionsString == null) return false; return requiredPermissionsString.contains("site.upd"); } }