AuthzShim.java

/**********************************************************************************
 * $URL: https://source.sakaiproject.org/svn/metaobj/trunk/metaobj-impl/api-impl/src/java/org/sakaiproject/metaobj/security/impl/AuthzShim.java $
 * $Id: AuthzShim.java 105079 2012-02-24 23:08:11Z ottenhoff@longsight.com $
 ***********************************************************************************
 *
 * Copyright (c) 2004, 2005, 2006, 2007, 2008 The Sakai Foundation
 *
 * Licensed under the Educational Community License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *       http://www.opensource.org/licenses/ECL-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 **********************************************************************************/

package org.sakaiproject.metaobj.security.impl;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.sakaiproject.authz.api.AuthzGroup;
import org.sakaiproject.authz.api.AuthzGroupService;
import org.sakaiproject.authz.api.GroupNotDefinedException;
import org.sakaiproject.metaobj.security.AuthorizationFacade;
import org.sakaiproject.metaobj.security.AuthorizationFailedException;
import org.sakaiproject.metaobj.shared.model.Agent;
import org.sakaiproject.metaobj.shared.model.Id;
import org.sakaiproject.thread_local.cover.ThreadLocalManager;
import org.sakaiproject.tool.cover.ToolManager;
import org.sakaiproject.user.api.UserDirectoryService;

/**
 * Created by IntelliJ IDEA.
 * User: John Ellis
 * Date: Jun 30, 2005
 * Time: 4:57:18 PM
 * To change this template use File | Settings | File Templates.
 */
public class AuthzShim implements AuthorizationFacade {
   protected final transient Log logger = LogFactory.getLog(getClass());

   private static final String AUTHZ_GROUPS_LIST =
      "org.sakaiproject.metaobj.security.impl.AuthzShim.groups";

   private AuthzGroupService realmService;
   private UserDirectoryService userDirectoryService;

   public void checkPermission(String function, Id id) throws AuthorizationFailedException {
      if (!isAuthorized(function, id)) {
         throw new AuthorizationFailedException(function, id);
      }
   }

   public void checkPermission(Agent agent, String function, Id id) throws AuthorizationFailedException {
      if (!isAuthorized(agent, function, id)) {
         throw new AuthorizationFailedException(agent, function, id);
      }
   }

   public boolean isAuthorized(String function, Id id) {
      return isAuthorized(null, function, id);
   }

   public boolean isAuthorized(Agent agent, String function, Id id) {
      String agentId = null;
      if (agent == null) {
         agentId = getUserDirectoryService().getCurrentUser().getId();
      }
      else {
         agentId = agent.getId().getValue();
      }
      if (function.equals("maintain")) {
         return checkMaintain(agentId);
      }
      return getRealmService().isAllowed(agentId, function, getCurrentRealm());
   }

   protected boolean checkMaintain(String agentId) {
      AuthzGroup siteRealm = null;
      try {
         siteRealm = getRealmService().getAuthzGroup(getCurrentRealm());
      }
      catch (GroupNotDefinedException e) {
         throw new RuntimeException("unkown realm", e);
      }
      String maintain = siteRealm.getMaintainRole();

      return siteRealm.hasRole(agentId, maintain);
   }

   protected String getCurrentRealm() {
      if (getAuthzGroupsList().size() == 0) {
         return "/site/" + ToolManager.getCurrentPlacement().getContext();
      }
      else {
         return "/site/" + getAuthzGroupsList().get(0);
      }
   }

   protected String getReference(Id id) {
      return null;
   }

   public List getAuthorizations(Agent agent, String function, Id id) {
      return new ArrayList();
   }

   public void createAuthorization(Agent agent, String function, Id id) {
   }

   public void deleteAuthorization(Agent agent, String function, Id id) {
   }

   public void deleteAuthorizations(Id qualifier) {
   }

   public void pushAuthzGroups(Collection authzGroups) {
      List authzGroupList = getAuthzGroupsList();
      authzGroupList.addAll(authzGroups);
   }

   public void pushAuthzGroups(String siteId) {
      getAuthzGroupsList().add(siteId);
   }

   public AuthzGroupService getRealmService() {
      return realmService;
   }

   public void setRealmService(AuthzGroupService realmService) {
      this.realmService = realmService;
   }

   public UserDirectoryService getUserDirectoryService() {
      return userDirectoryService;
   }

   public void setUserDirectoryService(UserDirectoryService userDirectoryService) {
      this.userDirectoryService = userDirectoryService;
   }

   protected List getAuthzGroupsList() {
      List returned = (List) ThreadLocalManager.get(AUTHZ_GROUPS_LIST);

      if (returned == null) {
         returned = new ArrayList();
         ThreadLocalManager.set(AUTHZ_GROUPS_LIST, returned);
      }
      return returned;
   }

}