XalanAuthorizationHelperBean.java

/**
 * Licensed to Apereo under one or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information regarding copyright ownership. Apereo
 * licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use
 * this file except in compliance with the License. You may obtain a copy of the License at the
 * following location:
 *
 * <p>http://www.apache.org/licenses/LICENSE-2.0
 *
 * <p>Unless required by applicable law or agreed to in writing, software distributed under the
 * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
 * express or implied. See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apereo.portal.security.xslt;

import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apereo.portal.groups.IEntity;
import org.apereo.portal.portlet.om.IPortletDefinition;
import org.apereo.portal.portlet.registry.IPortletDefinitionRegistry;
import org.apereo.portal.security.IAuthorizationPrincipal;
import org.apereo.portal.security.IPerson;
import org.apereo.portal.security.IPersonManager;
import org.apereo.portal.services.AuthorizationService;
import org.apereo.portal.services.GroupService;
import org.apereo.portal.url.IPortalRequestUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

/**
 * Spring managed version of the Xalan Elements helper class used during portal XSL transformations.
 *
 */
@Service
public class XalanAuthorizationHelperBean implements IXalanAuthorizationHelper {
    protected final Log logger = LogFactory.getLog(this.getClass());

    private IPortletDefinitionRegistry portletDefinitionRegistry;
    private IPortalRequestUtils portalRequestUtils;
    private IPersonManager personManager;

    /** @param portletDefinitionRegistry the portletDefinitionRegistry to set */
    @Autowired
    public void setPortletDefinitionRegistry(IPortletDefinitionRegistry portletDefinitionRegistry) {
        this.portletDefinitionRegistry = portletDefinitionRegistry;
    }

    @Autowired
    public void setPortalRequestUtils(IPortalRequestUtils portalRequestUtils) {
        this.portalRequestUtils = portalRequestUtils;
    }

    @Autowired(required = true)
    public void setPersonManager(IPersonManager personManager) {
        this.personManager = personManager;
    }

    /* (non-Javadoc)
     * @see org.apereo.portal.security.xslt.IAuthorizationHelper#canRender(java.lang.String, java.lang.String)
     */
    @Override
    public boolean canRender(final String userName, final String fname) {
        if (userName == null || fname == null) {
            return false;
        }

        final IAuthorizationPrincipal userPrincipal = this.getUserPrincipal(userName);
        if (userPrincipal == null) {
            return false;
        }

        final String portletId;
        try {
            final IPortletDefinition portletDefinition =
                    this.portletDefinitionRegistry.getPortletDefinitionByFname(fname);
            if (portletDefinition == null) {
                if (this.logger.isInfoEnabled()) {
                    this.logger.info(
                            "No PortletDefinition for fname='" + fname + "', returning false.");
                }

                return false;
            }

            portletId = portletDefinition.getPortletDefinitionId().getStringId();
        } catch (Exception e) {
            this.logger.warn(
                    "Could not find PortletDefinition for fname='"
                            + fname
                            + "' while checking if user '"
                            + userName
                            + "' can render it. Returning FALSE.",
                    e);
            return false;
        }

        return userPrincipal.canRender(portletId);
    }

    @Override
    public boolean hasPermission(final String owner, final String activity, final String target) {

        // owner & activity are required (but not target)
        if (owner == null || activity == null) {
            return false;
        }

        final HttpServletRequest currentRequest = portalRequestUtils.getCurrentPortalRequest();
        final IPerson currentUser = personManager.getPerson((HttpServletRequest) currentRequest);
        final IAuthorizationPrincipal authPrincipal =
                this.getUserPrincipal(currentUser.getUserName());

        final boolean rslt =
                authPrincipal != null
                        ? authPrincipal.hasPermission(owner, activity, target)
                        : false;
        return rslt;
    }

    protected IAuthorizationPrincipal getUserPrincipal(final String userName) {
        final IEntity user = GroupService.getEntity(userName, IPerson.class);
        if (user == null) {
            return null;
        }

        final AuthorizationService authService = AuthorizationService.instance();
        return authService.newPrincipal(user);
    }
}