SparseACL.java example

Explorer
hudson.core-master
/*******************************************************************************
 *
 * Copyright (c) 2004-2009 Oracle Corporation.
 *
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 *
 * Contributors:
 * 
 *    Kohsuke Kawaguchi
 *
 *
 *******************************************************************************/ 

package hudson.security;

import java.util.ArrayList;
import java.util.List;
import java.util.logging.Logger;
import static java.util.logging.Level.FINE;
import org.springframework.security.acls.model.Sid;
import org.springframework.security.core.Authentication;

/**
 * Accses control list.
 *
 * @author Kohsuke Kawaguchi
 */
public class SparseACL extends SidACL {

    public static final class Entry {
        // Sid has value-equality semantics
        //TODO: review and check whether we can do it private

        public final Sid sid;
        public final Permission permission;
        public final boolean allowed;

        public Entry(Sid sid, Permission permission, boolean allowed) {
            this.sid = sid;
            this.permission = permission;
            this.allowed = allowed;
        }

        public Sid getSid() {
            return sid;
        }

        public Permission getPermission() {
            return permission;
        }

        public boolean isAllowed() {
            return allowed;
        }
    }
    private final List<Entry> entries = new ArrayList<Entry>();
    private ACL parent;

    public SparseACL(ACL parent) {
        this.parent = parent;
    }

    public void add(Entry e) {
        entries.add(e);
    }

    public void add(Sid sid, Permission permission, boolean allowed) {
        add(new Entry(sid, permission, allowed));
    }

    @Override
    public boolean hasPermission(Authentication a, Permission permission) {
        if (a == SYSTEM) {
            return true;
        }
        Boolean b = _hasPermission(a, permission);
        if (b != null) {
            return b;
        }

        if (parent != null) {
            if (LOGGER.isLoggable(FINE)) {
                LOGGER.fine("hasPermission(" + a + "," + permission + ") is delegating to parent ACL: " + parent);
            }
            return parent.hasPermission(a, permission);
        }

        // the ultimate default is to reject everything
        return false;
    }

    @Override
    protected Boolean hasPermission(Sid p, Permission permission) {
        for (; permission != null; permission = permission.impliedBy) {
            for (Entry e : entries) {
                if (e.permission == permission && e.sid.equals(p)) {
                    return e.allowed;
                }
            }
        }
        return null;
    }
    private static final Logger LOGGER = Logger.getLogger(SparseACL.class.getName());
}