/**
* Licensed to the Austrian Association for Software Tool Integration (AASTI)
* under one or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information regarding copyright
* ownership. The AASTI licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.openengsb.core.services.internal.security;
import java.util.Collection;
import org.openengsb.core.api.AliveState;
import org.openengsb.core.api.security.model.Permission;
import org.openengsb.core.api.security.service.UserDataManager;
import org.openengsb.core.api.security.service.UserNotFoundException;
import org.openengsb.core.common.AbstractOpenEngSBService;
import org.openengsb.core.services.internal.security.model.RootPermission;
import org.openengsb.domain.authorization.AuthorizationDomain;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.google.common.base.Predicate;
import com.google.common.collect.Iterators;
/**
* Connector that checks if the user has {@link RootPermission}
*
* If so, it always returns {@link Access#GRANTED}.
*/
public class AdminAccessConnector extends AbstractOpenEngSBService implements AuthorizationDomain {
private static final Logger LOGGER = LoggerFactory.getLogger(AdminAccessConnector.class);
private UserDataManager userManager;
@Override
public Access checkAccess(String username, Object action) {
try {
Collection<Permission> userPermissions = userManager.getAllPermissionsForUser(username);
boolean allowed = Iterators.any(userPermissions.iterator(), new Predicate<Permission>() {
@Override
public boolean apply(Permission input) {
return input.getClass().equals(RootPermission.class);
}
});
if (allowed) {
return Access.GRANTED;
}
} catch (UserNotFoundException e) {
LOGGER.warn("user for access control decision was not found", e);
// just let it abstain
}
return Access.ABSTAINED;
}
public void setUserManager(UserDataManager userManager) {
this.userManager = userManager;
}
@Override
public AliveState getAliveState() {
return AliveState.ONLINE;
}
}