/**
* Copyright 2011 Intuit Inc. All Rights Reserved
*/
package com.intuit.tank.auth;
/*
* #%L
* JSF Support Beans
* %%
* Copyright (C) 2011 - 2015 Intuit Inc.
* %%
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
* #L%
*/
import java.io.Serializable;
import java.util.List;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.commons.lang3.StringUtils;
import org.picketlink.Identity;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.RelationshipManager;
import org.picketlink.idm.model.basic.Role;
import com.intuit.tank.project.OwnableEntity;
import com.intuit.tank.vm.common.TankConstants;
import com.intuit.tank.vm.settings.AccessRight;
import com.intuit.tank.vm.settings.SecurityConfig;
import com.intuit.tank.vm.settings.TankConfig;
import static org.picketlink.idm.model.basic.BasicModel.*;
/**
* Security
*
* @author dangleton
*
*/
@Named
public class Security implements Serializable {
private static final long serialVersionUID = 1L;
@Inject
private Identity identity;
@Inject
private IdentityManager identityManager;
@Inject
private RelationshipManager relationshipManager;
/**
*
* @param entity
* @return
*/
public boolean isOwner(OwnableEntity entity) {
if ( StringUtils.isNotEmpty(entity.getCreator()) && getUser(identityManager,entity.getCreator()) != null && identity.getAccount() != null ) {
return getUser(identityManager,entity.getCreator()).getId().equals(identity.getAccount().getId());
}
return false;
}
/**
*
* @param entity
* @return
*/
public boolean isAdmin() {
Role adminRole;
if ( identity.isLoggedIn() &&
identity.getAccount() != null &&
(adminRole = getRole(identityManager, TankConstants.TANK_GROUP_ADMIN)) != null ) {
return org.picketlink.idm.model.basic.BasicModel.hasRole(relationshipManager, identity.getAccount(), adminRole );
}
return false;
}
/**
*
* @param entity
* @return
*/
public boolean hasRole(String roleString) {
Role role;
if (StringUtils.isNotEmpty(roleString)) {
if ( identity.isLoggedIn() &&
identity.getAccount() != null &&
(role = getRole(identityManager, roleString)) != null ) {
return org.picketlink.idm.model.basic.BasicModel.hasRole(relationshipManager, identity.getAccount(), role);
}
}
return false;
}
public boolean hasRight(AccessRight right) {
if (isAdmin()) {
return true;
}
SecurityConfig config = new TankConfig().getSecurityConfig();
List<String> associatedGroups = config.getRestrictionMap().get(right.name());
if (associatedGroups != null) {
for (String role : associatedGroups) {
if ( hasRole(role) ) {
return true;
}
}
}
return false;
}
}