RBACSession.java

/*
 * Lokomo OneCMDB - An Open Source Software for Configuration
 * Management of Datacenter Resources
 *
 * Copyright (C) 2006 Lokomo Systems AB
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or (at
 * your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301 USA.
 * 
 * Lokomo Systems AB can be contacted via e-mail: info@lokomo.com or via
 * paper mail: Lokomo Systems AB, Sv�rdv�gen 27, SE-182 33
 * Danderyd, Sweden.
 *
 */
package org.onecmdb.core.internal.authorization;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Set;

public class RBACSession {
	List<Role> roles = new ArrayList<Role>();
	HashMap<String, GroupPermission> groupMap = new HashMap<String, GroupPermission>();
	private boolean readonly = true;
	
	public RBACSession() {
	}
	
	
	public List<Role> getRoles() {
		return roles;
	}


	public void setRoles(List<Role> roles) {
		this.roles = roles;
		buildMap();
	}
	
	public Set<String> groupNames() {
		return(groupMap.keySet());
	}
	
	/**
	 * Create map for group --> permission for fast lookup
	 */
	private void buildMap() {
		groupMap.clear();
		for (Role r : roles) {
			for (GroupPermission p : r.getPermission()) {
				for (SecurityGroup g : p.getGroup()) {
					updateGroup(g, p);
				}
			}
		}
	}


	private void updateGroup(SecurityGroup g, GroupPermission p) {
		GroupPermission permission = groupMap.get(g.getName());
		if (permission == null) {
			permission = new GroupPermission();
			groupMap.put(g.getName(), permission);
		}
		permission.setRead(p.isRead());
		permission.setWrite(p.isWrite());
		permission.setCreate(p.isCreate());
		permission.setDelete(p.isDelete());
		if (p.isWrite()) {
			readonly  = false;
		}
		for (SecurityGroup child : g.getChildren()) {
			updateGroup(child, p);
		}
	}


	/**
	 * Check for readonly user.
	 * @return
	 */
	public boolean canWrite() {
		return(!readonly);
	}
	
	public boolean canWrite(String group) {
		GroupPermission p = groupMap.get(group);
		if (p == null) {
			return(false);
		}
		return(p.isRead());
	}	
	public boolean canRead(String group) {
		GroupPermission p = groupMap.get(group);
		if (p == null) {
			return(false);
		}
		return(p.isWrite());
	}
	public boolean canCreate(String group) {
		GroupPermission p = groupMap.get(group);
		if (p == null) {
			return(false);
		}
		return(p.isCreate());
	}
	public boolean canDelete(String group) {
		GroupPermission p = groupMap.get(group);
		if (p == null) {
			return(false);
		}
		return(p.isDelete());
	}
	
	public String toString() {
		StringBuffer b = new StringBuffer();
		for (Role role : roles) {
			b.append("\tRole:" + role.getName());
			b.append("\n");
		}
		for (String group : groupMap.keySet()) {
			b.append("\tGroup<" + group + "> - " + groupMap.get(group).toString());
			b.append("\n");
		}
		b.append("\tReadonly=" + !canWrite());
		return(b.toString());
	}
	
}