/**********************************************************************************
* $URL: https://source.sakaiproject.org/svn/rwiki/trunk/rwiki-impl/impl/src/java/uk/ac/cam/caret/sakai/rwiki/component/service/impl/RWikiSecurityServiceImpl.java $
* $Id: RWikiSecurityServiceImpl.java 20447 2007-01-18 23:06:20Z ian@caret.cam.ac.uk $
***********************************************************************************
*
* Copyright (c) 2003, 2004, 2005, 2006 The Sakai Foundation.
*
* Licensed under the Educational Community License, Version 1.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.opensource.org/licenses/ecl1.php
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
**********************************************************************************/
package uk.ac.cam.caret.sakai.rwiki.component.service.impl;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.sakaiproject.authz.api.FunctionManager;
import org.sakaiproject.authz.api.SecurityService;
import org.sakaiproject.component.api.ComponentManager;
import org.sakaiproject.entity.api.EntityManager;
import org.sakaiproject.entity.api.Reference;
import org.sakaiproject.exception.IdUnusedException;
import org.sakaiproject.site.api.Site;
import org.sakaiproject.site.api.SiteService;
import org.sakaiproject.tool.api.SessionManager;
import org.sakaiproject.tool.api.ToolManager;
import uk.ac.cam.caret.sakai.rwiki.component.Messages;
import uk.ac.cam.caret.sakai.rwiki.service.api.RWikiObjectService;
import uk.ac.cam.caret.sakai.rwiki.service.api.RWikiSecurityService;
import uk.ac.cam.caret.sakai.rwiki.service.api.model.RWikiEntity;
import uk.ac.cam.caret.sakai.rwiki.service.api.model.RWikiObject;
import uk.ac.cam.caret.sakai.rwiki.service.exception.PermissionException;
import uk.ac.cam.caret.sakai.rwiki.utils.TimeLogger;
/**
* @author andrew
*/
// FIXME: Component
public class RWikiSecurityServiceImpl implements RWikiSecurityService
{
private static Log log = LogFactory.getLog(RWikiSecurityServiceImpl.class);
private FunctionManager functionManager;
public void init()
{
ComponentManager cm = org.sakaiproject.component.cover.ComponentManager
.getInstance();
functionManager = (FunctionManager) load(cm, FunctionManager.class
.getName());
entityManager = (EntityManager) load(cm, EntityManager.class.getName());
securityService = (SecurityService) load(cm, SecurityService.class
.getName());
sessionManager = (SessionManager) load(cm, SessionManager.class
.getName());
siteService = (SiteService) load(cm, SiteService.class.getName());
toolManager = (ToolManager) load(cm, ToolManager.class.getName());
List l = functionManager.getRegisteredFunctions("rwiki."); //$NON-NLS-1$
if (!l.contains(SECURE_READ))
functionManager.registerFunction(SECURE_READ);
if (!l.contains(SECURE_UPDATE))
functionManager.registerFunction(SECURE_UPDATE);
if (!l.contains(SECURE_CREATE))
functionManager.registerFunction(SECURE_CREATE);
if (!l.contains(SECURE_SUPER_ADMIN))
functionManager.registerFunction(SECURE_SUPER_ADMIN);
if (!l.contains(SECURE_ADMIN))
functionManager.registerFunction(SECURE_ADMIN);
}
private Object load(ComponentManager cm, String name)
{
Object o = cm.get(name);
if (o == null)
{
log.error("Cant find Spring component named " + name); //$NON-NLS-1$
}
return o;
}
private SecurityService securityService;
private SiteService siteService;
private ToolManager toolManager;
private EntityManager entityManager;
private SessionManager sessionManager;
/**
* {@inheritDoc}
*
* @return
*/
public String getSiteReference()
{
try
{
Site currentSite = siteService.getSite(toolManager
.getCurrentPlacement().getContext());
return currentSite.getReference();
}
catch (IdUnusedException e)
{
throw new PermissionException(
Messages.getString("RWikiSecurityServiceImpl.2")); //$NON-NLS-1$
}
}
public String getSiteId()
{
return toolManager.getCurrentPlacement().getContext();
}
public boolean checkGetPermission(String reference)
{
return (securityService.unlock(SECURE_READ, reference));
}
public boolean checkUpdatePermission(String reference)
{
return (securityService.unlock(SECURE_UPDATE, reference));
}
public boolean checkAdminPermission(String reference)
{
return securityService.unlock(SECURE_ADMIN, reference);
}
public boolean checkSuperAdminPermission(String reference)
{
return securityService.unlock(SECURE_SUPER_ADMIN, reference);
}
public boolean checkCreatePermission(String reference)
{
return securityService.unlock(SECURE_CREATE, reference);
}
public boolean checkSearchPermission(String reference)
{
return securityService.unlock(SECURE_READ, reference);
}
public String createPermissionsReference(String pageSpace)
{
// Page space is assumed to be a ppage space reference
// Turn into an entity and then get a reference
Reference ref = entityManager
.newReference(RWikiObjectService.REFERENCE_ROOT + pageSpace
+ "."); //$NON-NLS-1$
return ref.getReference();
}
public boolean checkRead(RWikiEntity rwe)
{
RWikiObject rwo = rwe.getRWikiObject();
String progress = ""; //$NON-NLS-1$
long start = System.currentTimeMillis();
try
{
String user = sessionManager.getCurrentSessionUserId();
if (log.isDebugEnabled())
{
log.debug("checkRead for " + rwo.getName() + " by user: " //$NON-NLS-1$ //$NON-NLS-2$
+ user);
}
if (user != null && user.equals(rwo.getOwner())
&& (rwo.getOwnerRead() || rwo.getOwnerAdmin()))
{
if (log.isDebugEnabled())
{
log.debug("User is owner and allowed to read"); //$NON-NLS-1$
}
progress = progress + "1"; //$NON-NLS-1$
return true;
}
String permissionsReference = rwe.getReference();
if ((rwo.getGroupRead() && checkGetPermission(permissionsReference))
|| (rwo.getGroupWrite() && checkUpdatePermission(permissionsReference))
|| (rwo.getGroupAdmin())
&& checkAdminPermission(permissionsReference))
{
if (log.isDebugEnabled())
{
log.debug("User is in group and allowed to read"); //$NON-NLS-1$
}
progress = progress + "2"; //$NON-NLS-1$
return true;
}
if (rwo.getPublicRead())
{
if (log.isDebugEnabled())
{
log.debug("Object is public read"); //$NON-NLS-1$
}
progress = progress + "3"; //$NON-NLS-1$
return true;
}
if (checkSuperAdminPermission(permissionsReference))
{
if (log.isDebugEnabled())
{
log
.debug("User is SuperAdmin for Realm thus default allowed to update"); //$NON-NLS-1$
}
progress = progress + "4"; //$NON-NLS-1$
return true;
}
if (log.isDebugEnabled())
{
log.debug("Permission denied to read " + rwo.getName() //$NON-NLS-1$
+ " by user: " + user); //$NON-NLS-1$
}
progress = progress + "5"; //$NON-NLS-1$
return false;
}
finally
{
long finish = System.currentTimeMillis();
TimeLogger.printTimer("canRead: " + progress, start, finish); //$NON-NLS-1$
}
}
public boolean checkUpdate(RWikiEntity rwe)
{
String user = sessionManager.getCurrentSessionUserId();
RWikiObject rwo = rwe.getRWikiObject();
if (log.isDebugEnabled())
{
log.debug("checkUpdate for " + rwo.getName() + " by user: " + user); //$NON-NLS-1$ //$NON-NLS-2$
}
if (user != null && user.equals(rwo.getOwner())
&& (rwo.getOwnerWrite() || rwo.getOwnerAdmin()))
{
if (log.isDebugEnabled())
{
log.debug("User is owner and allowed to update"); //$NON-NLS-1$
}
return true;
}
String permissionsReference = rwe.getReference();
if ((rwo.getGroupWrite() && checkUpdatePermission(permissionsReference))
|| (rwo.getGroupAdmin())
&& checkAdminPermission(permissionsReference))
{
if (log.isDebugEnabled())
{
log.debug("User is in group and allowed to update"); //$NON-NLS-1$
}
return true;
}
if (rwo.getPublicWrite())
{
if (log.isDebugEnabled())
{
log.debug("Object is public write"); //$NON-NLS-1$
}
return true;
}
if (checkSuperAdminPermission(permissionsReference))
{
if (log.isDebugEnabled())
{
log
.debug("User is SuperAdmin for Realm thus default allowed to update"); //$NON-NLS-1$
}
return true;
}
if (log.isDebugEnabled())
{
log.debug("Permission denied to update " + rwo.getName() //$NON-NLS-1$
+ " by user: " + user); //$NON-NLS-1$
}
return false;
}
public boolean checkAdmin(RWikiEntity rwe)
{
String user = sessionManager.getCurrentSessionUserId();
RWikiObject rwo = rwe.getRWikiObject();
if (log.isDebugEnabled())
{
log.debug("checkAdmin for " + rwo.getName() + " by user: " + user); //$NON-NLS-1$ //$NON-NLS-2$
}
if (user != null && user.equals(rwo.getOwner()) && rwo.getOwnerAdmin())
{
if (log.isDebugEnabled())
{
log.debug("User is owner and allowed to admin"); //$NON-NLS-1$
}
return true;
}
String permissionsReference = rwe.getReference();
if (rwo.getGroupAdmin() && checkAdminPermission(permissionsReference))
{
if (log.isDebugEnabled())
{
log.debug("User is in group and allowed to admin"); //$NON-NLS-1$
}
return true;
}
if (checkSuperAdminPermission(permissionsReference))
{
if (log.isDebugEnabled())
{
log
.debug("User is Super Admin for Realm thus default allowed to admin"); //$NON-NLS-1$
}
return true;
}
if (log.isDebugEnabled())
{
log.debug("Permission denied to admin " + rwo.getName() //$NON-NLS-1$
+ " by user: " + user); //$NON-NLS-1$
}
return false;
}
}