/*
* LinShare is an open source filesharing software, part of the LinPKI software
* suite, developed by Linagora.
*
* Copyright (C) 2015 LINAGORA
*
* This program is free software: you can redistribute it and/or modify it under
* the terms of the GNU Affero General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version, provided you comply with the Additional Terms applicable for
* LinShare software by Linagora pursuant to Section 7 of the GNU Affero General
* Public License, subsections (b), (c), and (e), pursuant to which you must
* notably (i) retain the display of the “LinShare™” trademark/logo at the top
* of the interface window, the display of the “You are using the Open Source
* and free version of LinShare™, powered by Linagora © 2009–2015. Contribute to
* Linshare R&D by subscribing to an Enterprise offer!” infobox and in the
* e-mails sent with the Program, (ii) retain all hypertext links between
* LinShare and linshare.org, between linagora.com and Linagora, and (iii)
* refrain from infringing Linagora intellectual property rights over its
* trademarks and commercial brands. Other Additional Terms apply, see
* <http://www.linagora.com/licenses/> for more details.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
* details.
*
* You should have received a copy of the GNU Affero General Public License and
* its applicable Additional Terms for LinShare along with this program. If not,
* see <http://www.gnu.org/licenses/> for the GNU Affero General Public License
* version 3 and <http://www.linagora.com/licenses/> for the Additional Terms
* applicable to LinShare software.
*/
package org.linagora.linshare.core.rac.impl;
import org.apache.commons.lang.Validate;
import org.linagora.linshare.core.domain.constants.PermissionType;
import org.linagora.linshare.core.domain.entities.Account;
import org.linagora.linshare.core.domain.entities.Entry;
import org.linagora.linshare.core.exception.BusinessErrorCode;
import org.linagora.linshare.core.exception.BusinessException;
import org.linagora.linshare.core.rac.EntryResourceAccessControl;
import org.linagora.linshare.core.service.FunctionalityReadOnlyService;
public abstract class EntryResourceAccessControlImpl<R, E extends Entry>
extends AbstractResourceAccessControlImpl<Account, R, E> implements
EntryResourceAccessControl<R, E> {
public EntryResourceAccessControlImpl(
FunctionalityReadOnlyService functionalityService) {
super(functionalityService);
}
protected abstract boolean hasDownloadPermission(Account actor,
Account account, E entry, Object... opt);
protected abstract boolean hasDownloadTumbnailPermission(Account actor,
Account account, E entry, Object... opt);
@Override
protected String getEntryRepresentation(E entry) {
StringBuilder sb = new StringBuilder(entry.getEntryType().toString());
sb.append(" (");
sb.append(entry.getUuid());
sb.append(") ");
return sb.toString();
}
@Override
protected Account getOwner(Entry entry, Object... opt) {
Account owner = entry.getEntryOwner();
return owner;
}
@Override
protected String getOwnerRepresentation(Account owner) {
return owner.getAccountRepresentation();
}
@Override
protected String getTargetedAccountRepresentation(Account targetedAccount) {
return targetedAccount.getAccountRepresentation();
}
@Override
protected boolean isAuthorized(Account actor, Account targetedAccount,
PermissionType permission, E entry, Class<?> clazz, Object... opt) {
Validate.notNull(permission);
if (actor.hasAllRights())
return true;
if (permission.equals(PermissionType.GET)) {
if (hasReadPermission(actor, targetedAccount, entry, opt))
return true;
} else if (permission.equals(PermissionType.LIST)) {
if (hasListPermission(actor, targetedAccount, entry, opt))
return true;
} else if (permission.equals(PermissionType.CREATE)) {
if (hasCreatePermission(actor, targetedAccount, entry, opt))
return true;
} else if (permission.equals(PermissionType.UPDATE)) {
if (hasUpdatePermission(actor, targetedAccount, entry, opt))
return true;
} else if (permission.equals(PermissionType.DELETE)) {
if (hasDeletePermission(actor, targetedAccount, entry, opt))
return true;
} else if (permission.equals(PermissionType.DOWNLOAD)) {
if (hasDownloadPermission(actor, targetedAccount, entry, opt))
return true;
} else if (permission.equals(PermissionType.DOWNLOAD_THUMBNAIL)) {
if (hasDownloadTumbnailPermission(actor, targetedAccount, entry,
opt))
return true;
}
if (clazz != null) {
StringBuilder sb = getActorStringBuilder(actor);
sb.append(" is trying to access to unauthorized resource named ");
sb.append(clazz.toString());
if (entry != null) {
appendOwner(sb, entry, opt);
}
logger.error(sb.toString());
}
return false;
}
@Override
public void checkDownloadPermission(Account actor, Account targetedAccount,
Class<?> clazz, BusinessErrorCode errCode, E entry, Object... opt)
throws BusinessException {
String logMessage = " is not authorized to download the entry ";
String exceptionMessage = "You are not authorized to download this entry.";
checkPermission(actor, targetedAccount, clazz, errCode, entry,
PermissionType.DOWNLOAD, logMessage, exceptionMessage, opt);
}
@Override
public void checkThumbNailDownloadPermission(Account actor,
Account targetedAccount, Class<?> clazz, BusinessErrorCode errCode,
E entry, Object... opt) throws BusinessException {
String logMessage = " is not authorized to get the thumbnail of the entry ";
String exceptionMessage = "You are not authorized to get the thumbnail of this entry.";
checkPermission(actor, targetedAccount, clazz, errCode, entry,
PermissionType.DOWNLOAD_THUMBNAIL, logMessage,
exceptionMessage, opt);
}
}