/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* or http://forgerock.org/license/CDDLv1.0.html.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2008 Sun Microsystems, Inc.
* Portions Copyright 2013-2015 ForgeRock AS
*/
package org.opends.server.authorization.dseecompat;
import static org.opends.messages.AccessControlMessages.*;
import static org.opends.server.authorization.dseecompat.Aci.*;
import java.util.Iterator;
import java.util.Set;
import java.util.regex.Pattern;
import org.forgerock.i18n.LocalizableMessage;
/**
* A class representing the permissions of an bind rule. The permissions
* of an ACI look like deny(search, write).
*/
public class Permission {
/**
* The access type (allow,deny) corresponding to the ACI permission value.
*/
private EnumAccessType accessType;
/**
* The rights (search, add, delete, ...) corresponding to the ACI rights
* value.
*/
private int rights;
/**
* Regular expression token representing the separator.
*/
private static final String separatorToken = ",";
/**
* Regular expression used to match the ACI rights string.
*/
private static final String rightsRegex = ZERO_OR_MORE_WHITESPACE +
WORD_GROUP + ZERO_OR_MORE_WHITESPACE +
"(," + ZERO_OR_MORE_WHITESPACE + WORD_GROUP +
ZERO_OR_MORE_WHITESPACE + ")*";
/**
* Constructor creating a class representing a permission part of an bind
* rule.
* @param accessType A string representing access type.
* @param rights A string representing the rights.
* @throws AciException If the access type string or rights string
* is invalid.
*/
private Permission(String accessType, String rights)
throws AciException {
this.accessType = EnumAccessType.decode(accessType);
if (this.accessType == null){
LocalizableMessage message =
WARN_ACI_SYNTAX_INVALID_ACCESS_TYPE_VERSION.get(accessType);
throw new AciException(message);
}
if (!Pattern.matches(rightsRegex, rights)){
LocalizableMessage message = WARN_ACI_SYNTAX_INVALID_RIGHTS_SYNTAX.get(rights);
throw new AciException(message);
}
else {
Pattern separatorPattern = Pattern.compile(separatorToken);
String[] rightsStr =
separatorPattern.split(rights.replaceAll("\\s", ""));
for (String r : rightsStr) {
EnumRight right = EnumRight.decode(r);
if (right != null) {
this.rights|= EnumRight.getMask(right);
} else {
LocalizableMessage message =
WARN_ACI_SYNTAX_INVALID_RIGHTS_KEYWORD.get(rights);
throw new AciException(message);
}
}
}
}
/**
* Decode an string representation of bind rule permission into a Permission
* class.
* @param accessType A string representing the access type.
* @param rights A string representing the rights.
* @return A Permission class representing the permissions of the bind
* rule.
* @throws AciException If the accesstype or rights strings are invalid.
*/
public static Permission decode (String accessType, String rights)
throws AciException {
return new Permission(accessType, rights);
}
/**
* Checks if a given access type enumeration is equal to this classes
* access type.
* @param accessType An enumeration representing an access type.
* @return True if the access types are equal.
*/
public boolean hasAccessType(EnumAccessType accessType) {
return this.accessType == accessType;
}
/**
* Checks if the permission's rights has the specified rights.
* @param rights The rights to check for.
* @return True if the permission's rights has the specified rights.
*/
public boolean hasRights(int rights) {
return (this.rights & rights) != 0;
}
/** {@inheritDoc} */
@Override
public String toString() {
final StringBuilder sb = new StringBuilder();
toString(sb);
return sb.toString();
}
/**
* Appends a string representation of this object to the provided buffer.
*
* @param buffer
* The buffer into which a string representation of this object
* should be appended.
*/
public final void toString(StringBuilder buffer) {
if (this.accessType != null) {
buffer.append(accessType.toString().toLowerCase());
Set<EnumRight> enumRights = EnumRight.getEnumRight(rights);
if (enumRights != null) {
buffer.append("(");
for (Iterator<EnumRight> iter = enumRights.iterator(); iter
.hasNext();) {
buffer.append(iter.next().getRight());
if (iter.hasNext()) {
buffer.append(",");
}
}
buffer.append(")");
} else {
buffer.append("(all)");
}
}
}
}