/*
* (C) Copyright 2006-2008 Nuxeo SA (http://nuxeo.com/) and others.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Contributors:
* bstefanescu
*
* $Id$
*/
package org.nuxeo.ecm.webengine.security;
import java.text.ParseException;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import org.nuxeo.ecm.webengine.security.PostfixExpression.Token;
import org.nuxeo.ecm.webengine.security.guards.And;
import org.nuxeo.ecm.webengine.security.guards.FacetGuard;
import org.nuxeo.ecm.webengine.security.guards.GroupGuard;
import org.nuxeo.ecm.webengine.security.guards.IsAdministratorGuard;
import org.nuxeo.ecm.webengine.security.guards.Not;
import org.nuxeo.ecm.webengine.security.guards.Or;
import org.nuxeo.ecm.webengine.security.guards.PermissionGuard;
import org.nuxeo.ecm.webengine.security.guards.SchemaGuard;
import org.nuxeo.ecm.webengine.security.guards.TypeGuard;
import org.nuxeo.ecm.webengine.security.guards.UserGuard;
/**
* @author <a href="mailto:bs@nuxeo.com">Bogdan Stefanescu</a>
*/
public class PermissionService implements PostfixExpression.Visitor {
private static final PermissionService instance = new PermissionService();
protected final ConcurrentMap<String, Guard> guards; // global guards
public static PermissionService getInstance() {
return instance;
}
protected PermissionService() {
guards = new ConcurrentHashMap<String, Guard>();
}
public void registerGuard(String name, Guard guard) {
guards.put(name, guard);
}
public Guard unregisterGuard(String name) {
return guards.remove(name);
}
public Guard getGuard(String name) {
return guards.get(name);
}
public static Guard parse(String expr) throws ParseException {
return (Guard) new PostfixExpression(expr).visit(instance);
}
public Guard parse(String expr, final Map<String, Guard> localGuards) throws ParseException {
PostfixExpression.Visitor visitor = new PostfixExpression.Visitor() {
public Object createOperation(Token token, Object lparam, Object rparam) {
return PermissionService.this.createOperation(token, lparam, rparam);
}
public Object createParameter(Token token) {
Guard guard = localGuards.get(token.name);
if (guard == null) { // assume a built-in permission name
return PermissionService.this.createParameter(token);
}
return guard;
}
};
return (Guard) new PostfixExpression(expr).visit(visitor);
}
public Object createOperation(Token token, Object lparam, Object rparam) {
switch (token.type) {
case PostfixExpression.AND:
return new And((Guard) lparam, (Guard) rparam);
case PostfixExpression.OR:
return new Or((Guard) lparam, (Guard) rparam);
case PostfixExpression.NOT:
return new Not((Guard) lparam);
}
throw new IllegalStateException("Supported ops are: AND, OR and NOT");
}
public Object createParameter(Token token) {
String name = token.name;
int p = name.indexOf('=');
if (p > -1) {
String key = name.substring(0, p).trim();
String value = name.substring(p + 1).trim();
if ("user".equals(key)) {
return new UserGuard(value);
} else if ("group".equals(key)) {
return new GroupGuard(value);
} else if ("isAdministrator".equals(key)) {
return new IsAdministratorGuard(value);
} else if ("type".equals(key)) {
return new TypeGuard(value);
} else if ("facet".equals(key)) {
return new FacetGuard(value);
} else if ("schema".equals(key)) {
return new SchemaGuard(value);
} else if ("permission".equals(key)) {
return new PermissionGuard(value);
}
throw new IllegalArgumentException("Invalid argument: " + name);
} else {
Guard guard = guards.get(token.name);
if (guard == null) { // assume a built-in permission name
guard = new PermissionGuard(token.name);
}
return guard;
}
}
}