/*
*
* * Copyright (c) 2016. David Sowerby
* *
* * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* * the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
* *
* * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* * specific language governing permissions and limitations under the License.
*
*/
package uk.q3c.krail.core.shiro;
import com.google.inject.Inject;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import uk.q3c.krail.core.navigate.sitemap.MasterSitemap;
import uk.q3c.krail.core.navigate.sitemap.MasterSitemapNode;
import uk.q3c.krail.core.navigate.sitemap.UserSitemapNode;
import javax.annotation.Nonnull;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
import static com.google.common.base.Preconditions.checkNotNull;
/**
* Delegate for user access control when relating specifically to pages.
*
* @author David Sowerby
*/
public class PageAccessController implements Serializable {
private static Logger log = LoggerFactory.getLogger(PageAccessController.class);
@Inject
protected PageAccessController() {
super();
}
public boolean isAuthorised(Subject subject, MasterSitemap sitemap, UserSitemapNode userNode) {
return isAuthorised(subject, sitemap, userNode.getMasterNode());
}
public boolean isAuthorised(Subject subject, MasterSitemap sitemap, MasterSitemapNode masterNode) {
checkNotNull(masterNode, "node");
checkNotNull(subject, "subject");
//get reference early and keep it use provider directly - the sitemap instance could change
String virtualPage = sitemap.navigationState(masterNode)
.getVirtualPage();
checkNotNull(virtualPage, "virtualPage");
checkNotNull(masterNode.getPageAccessControl(), "node.getPageAccessControl(), " + masterNode.getUriSegment());
log.debug("checking page access rights for {}", virtualPage);
switch (masterNode.getPageAccessControl()) {
case AUTHENTICATION:
return subject.isAuthenticated();
case GUEST:
return (!subject.isAuthenticated()) && (!subject.isRemembered());
case PERMISSION:
return subject.isPermitted(new PagePermission(virtualPage));
case PUBLIC:
return true;
case ROLES:
return subject.hasAllRoles(masterNode.getRoles());
case USER:
return (subject.isAuthenticated()) || (subject.isRemembered());
}
return false;
}
public List<MasterSitemapNode> authorisedChildNodes(@Nonnull Subject subject, @Nonnull MasterSitemap sitemap,
@Nonnull MasterSitemapNode parentNode) {
checkNotNull(subject);
checkNotNull(sitemap);
checkNotNull(parentNode);
List<MasterSitemapNode> subnodes = sitemap.getChildren(parentNode);
ArrayList<MasterSitemapNode> authorisedSubNodes = new ArrayList<MasterSitemapNode>();
for (MasterSitemapNode node : subnodes) {
if (isAuthorised(subject, sitemap, node)) {
authorisedSubNodes.add(node);
}
}
return authorisedSubNodes;
}
}