package org.openxdm.xcap.server.slee.appusage.rlsservices;
import org.openxdm.xcap.common.appusage.AuthorizationPolicy;
import org.openxdm.xcap.common.uri.DocumentSelector;
/**
* This XCAP Authorization Policy implements the Default
* Authorization Policy.
*
* By XCAP Specs:
*
* "This application usage does not modify the default XCAP authorization
* policy, which is that only a user can read, write or modify their own
* documents. A server can allow privileged users to modify documents
* that they don't own, but the establishment and indication of such
* policies is outside the scope of this document. It is anticipated
* that a future application usage will define which users are allowed
* to modify an RLS services document.
*
* The index document maintained in the global tree represents sensitive
* information, as it contains the union of all of the information for
* all users on the server. As such, its access MUST be restricted to
* trusted elements within domain of the server. Typically, this would
* be limited to the RLSs that need access to this document."
*
* @author Eduardo Martins
*
*/
public class RLSServicesAuthorizationPolicy extends AuthorizationPolicy {
public boolean isAuthorized(String user, AuthorizationPolicy.Operation operation, DocumentSelector documentSelector) throws NullPointerException {
// check args
if (user == null) {
throw new NullPointerException("user is null");
}
else if (operation == null) {
throw new NullPointerException("operation is null");
}
else if (documentSelector == null) {
throw new NullPointerException("document selector is null");
}
try {
// split document parent, FIXME use getDocumentPArent
String[] documentParentParts = documentSelector.getCompleteDocumentParent().split("/");
// check auid child directory
if (documentParentParts[2].equalsIgnoreCase("global")) {
// /auid/global dir, never authorize operation except pre-authorized users
// which will not need to use the auth policy
return false;
} else if (documentParentParts[2].equalsIgnoreCase("users")) {
// /auid/users directory, get it's child, the user directory
String userDirectory = documentParentParts[3];
// only the user is authorized to operate on it's directory
if (user.equalsIgnoreCase(userDirectory)) {
return true;
} else {
return false;
}
} else {
return false;
}
}
catch (IndexOutOfBoundsException e) {
throw new IllegalArgumentException("invalid document selector");
}
}
}