AccessControl.java example

Explorer
hsearch-obsolete-master
- src
/*
* Copyright 2010 Bizosys Technologies Limited
*
* Licensed to the Bizosys Technologies Limited (Bizosys) under one
* or more contributor license agreements.  See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership.  The Bizosys licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License.  You may obtain a copy of the License at
*
*     http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.bizosys.hsearch.common;

import com.bizosys.oneline.SystemFault;
import com.bizosys.oneline.util.StringUtils;

import com.bizosys.hsearch.filter.Access;
import com.bizosys.hsearch.filter.AccessStorable;
import com.bizosys.hsearch.filter.Storable;

public class AccessControl {
	
	/**
	 * Form an access object out of a WhoAmI string
	 * @param whoami	The User identity
	 * @return	Access object
	 */
	public static final Access getAccessControl(WhoAmI whoami) {
		
		if ( null == whoami) return null;
		Access acl = new Access();
				
		boolean hasRoles = (null != whoami.roles);
		if ( hasRoles ) {
			for (String role : whoami.roles) {
				if ( ! StringUtils.isEmpty(role) ) acl.addRole(role);
			}
		}

		if ( null != whoami.teams ) {
			for (String team : whoami.teams) {
				if ( ! StringUtils.isEmpty(team) ) acl.addTeam(team); 
			}
		}
		
		boolean hasUid = ! StringUtils.isEmpty( whoami.uid);
		if ( hasUid ) acl.addUid(whoami.uid); 
		boolean hasOu = ! StringUtils.isEmpty( whoami.ou);
		if ( hasOu ) acl.addOrgUnit(whoami.ou); 
		if ( hasUid && hasOu ) acl.addOrgUnitAndUid(whoami.ou, whoami.uid);
		if ( hasOu && hasRoles ) {
			for (String role : whoami.roles) {
				if ( ! StringUtils.isEmpty(role) ) acl.addOrgUnitAndRole(whoami.ou, role);
			}
		}
		
		return acl;
	}
	
	/**
	 * Check for the available access for a user against the given access
	 * @param whoami	The user identity
	 * @param access	Access details
	 * @return	True if allowed
	 * @throws SystemFault
	 */
	public static boolean hasAccess (WhoAmI whoami, AccessStorable access) 
		throws SystemFault {

		Access acl = AccessControl.getAccessControl(whoami);
		AccessStorable userAcls = acl.toStorable();

		boolean allow = false;
		
		for (Object objFoundAcl : access) {
			byte[] foundAcl =  ((byte[]) objFoundAcl);
			
			if (Storable.compareBytes(foundAcl, Access.ANY_BYTES)) {
				allow = true; break;
			}
			
			for (Object userAcl : userAcls) {
				allow = Storable.compareBytes(foundAcl, (byte[]) userAcl);
				if ( allow ) break;
			}
			if ( allow ) break;
		}
		return allow;
	}
}