ProfileUtils.java

package org.sigmah.shared.util;

/*
 * #%L
 * Sigmah
 * %%
 * Copyright (C) 2010 - 2016 URD
 * %%
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public
 * License along with this program.  If not, see
 * <http://www.gnu.org/licenses/gpl-3.0.html>.
 * #L%
 */

import java.util.Map;

import org.sigmah.client.util.ClientUtils;
import org.sigmah.shared.command.result.Authentication;
import org.sigmah.shared.dto.profile.PrivacyGroupDTO;
import org.sigmah.shared.dto.profile.ProfileDTO;
import org.sigmah.shared.dto.referential.GlobalPermissionEnum;
import org.sigmah.shared.dto.referential.PrivacyGroupPermissionEnum;

/**
 * Utility class to manipulate profiles.
 * 
 * @author tmi
 * @author Denis Colliot (dcolliot@ideia.fr)
 */
public final class ProfileUtils {

	/**
	 * Provides only static methods.
	 */
	private ProfileUtils() {
		// Provides only static methods.
	}

	/**
	 * Returns if the authentication is granted for all the given permissions.
	 * 
	 * @param authentication
	 *          The authentication.
	 * @param permissions
	 *          The list of permissions.
	 * @return If the authentication is granted for this list of permissions.
	 */
	public static boolean isGranted(final Authentication authentication, final GlobalPermissionEnum... permissions) {

		if (authentication == null) {
			return false;
		}

		Map<Integer, ProfileDTO> aggregatedProfiles = authentication.getAggregatedProfiles();
		if (aggregatedProfiles == null) {
			return false;
		}

		for (ProfileDTO profileDTO : aggregatedProfiles.values()) {
			if (isGranted(profileDTO, permissions)) {
				return true;
			}
		}

		return false;
	}

	/**
	 * Returns if the given profile is granted for all the given permissions.
	 * 
	 * @param profile
	 *          The profile.
	 * @param permissions
	 *          The list of permissions.
	 * @return If the profile is granted for this list of permissions.
	 */
	public static boolean isGranted(final ProfileDTO profile, final GlobalPermissionEnum... permissions) {

		boolean granted = false;

		if (profile == null) {
			// The profile must not be null.
			return granted;
		}

		if (ClientUtils.isEmpty(permissions)) {
			// No permission needed.
			granted = true;

		} else if (profile.getGlobalPermissions() != null) {

			// Checks if the permissions is contained in the profile.
			granted = true;

			for (final GlobalPermissionEnum permission : permissions) {
				if (!profile.getGlobalPermissions().contains(permission)) {
					// Profile is not granted for one permission (at least).
					granted = false;
					break;
				}
			}
		}

		return granted;
	}

	/**
	 * Returns the permission {@link PrivacyGroupPermissionEnum} for the given authentication and the given privacy group.
	 * 
	 * @param authentication
	 *          The authentication.
	 * @param group
	 *          The privacy group.
	 * @return The permission for the authentication and this privacy group.
	 */
	public static PrivacyGroupPermissionEnum getPermissionForOrgUnit(final Authentication authentication,
		final Integer orgUnitId, final PrivacyGroupDTO group) {

		if (authentication == null) {
			return PrivacyGroupPermissionEnum.NONE;
		}
		
		if (orgUnitId == null) {
			// Special case for test projects.
			return PrivacyGroupPermissionEnum.WRITE;
		}
		
		Map<Integer, ProfileDTO> aggregatedProfiles = authentication.getAggregatedProfiles();
		if (aggregatedProfiles == null) {
			return PrivacyGroupPermissionEnum.NONE;
		}
		return getPermission(aggregatedProfiles.get(orgUnitId), group);
	}

	/**
	 * Returns the permission {@link PrivacyGroupPermissionEnum} for the given profile and the given privacy group.
	 * 
	 * @param profile
	 *          The profile.
	 * @param group
	 *          The privacy group.
	 * @return The permission for the profile and this privacy group.
	 */
	public static PrivacyGroupPermissionEnum getPermission(final ProfileDTO profile, final PrivacyGroupDTO group) {

		PrivacyGroupPermissionEnum permission = PrivacyGroupPermissionEnum.NONE;

		if (profile == null) {
			// The profile must not be null.
			return permission;
		}

		if (group == null) {
			// No permission needed.
			permission = PrivacyGroupPermissionEnum.WRITE;

		} else if (profile.getPrivacyGroups() != null) {
			// Checks if the privacy group is contained in the profile.
			final PrivacyGroupPermissionEnum p = profile.getPrivacyGroups().get(group);
			if (p != null) {
				permission = p;
			}
		}

		return permission;
	}

}