RestrictionServiceImpl.java

//$Id: RetrictionServiceImpl.java,v 1.1 2007-10-14 下午04:41:35 chaostone Exp $
/*
 *
 * Copyright c 2005-2009
 * Licensed under the Apache License, Version 2.0 (the "License")
 * http://www.apache.org/licenses/LICENSE-2.0
 * 
 * 
 */
/********************************************************************************
 * @author chaostone
 * 
 * MODIFICATION DESCRIPTION
 * 
 * Name                 Date                Description 
 * ============         ============        ============
 * chaostone              2007-10-14         Created
 *  
 ********************************************************************************/

package org.beanfuse.security.restriction.service;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;

import org.apache.commons.beanutils.PropertyUtils;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.Predicate;
import org.apache.commons.lang.StringUtils;
import org.beanfuse.persist.impl.BaseServiceImpl;
import org.beanfuse.query.EntityQuery;
import org.beanfuse.security.Resource;
import org.beanfuse.security.User;
import org.beanfuse.security.dao.AuthorityDao;
import org.beanfuse.security.restriction.Param;
import org.beanfuse.security.restriction.Pattern;
import org.beanfuse.security.restriction.Restriction;
import org.beanfuse.security.restriction.RestrictionHolder;

public class RestrictionServiceImpl extends BaseServiceImpl implements RestrictionService {
	
	private AuthorityDao authorityDao;

	private RestrictionApply restrictionApply;

	/**
	 * 查询用户在指定模块的数据权限
	 */
	public List getRestrictions(final User user, final Resource resource) {
		List restrictions = new ArrayList();
		final Set paramGroups = new HashSet();
		for (Iterator iterator = resource.getPatterns().iterator(); iterator.hasNext();) {
			Pattern pattern = (Pattern) iterator.next();
			paramGroups.add(pattern.getParamGroup());
		}
		// 权限上的限制
		restrictions.addAll(getAuthorityRestrictions(user, resource));
		// 用户组自身限制
		for (Iterator iterator = user.getGroups().iterator(); iterator.hasNext();) {
			RestrictionHolder group = (RestrictionHolder) iterator.next();
			restrictions.addAll(group.getRestrictions());
		}
		// 用户自身限制
		RestrictionHolder userHolder = (RestrictionHolder) user;
		restrictions.addAll(userHolder.getRestrictions());
		// 模式过滤
		return (List) CollectionUtils.select(restrictions, new Predicate() {
			public boolean evaluate(Object obj) {
				Restriction restriciton = (Restriction) obj;
				if (restriciton.isEnabled() && paramGroups.contains(restriciton.getParamGroup()))
					return true;
				else
					return false;
			}
		});
	}

	private List getAuthorityRestrictions(User user, Resource resource) {
		EntityQuery query = new EntityQuery("select restriction from Authority r "
				+ "join r.group.users as user join r.restrictions as restriction"
				+ " where user=:user and r.resource=:resource" + " and restriction.enabled=true");
		Map params = new HashMap();
		params.put("user", user);
		params.put("resource", resource);
		query.setParams(params);
		return (List) entityService.search(query);
	}

	public List getValues(Param param) {
		if (null == param.getEditor())
			return Collections.EMPTY_LIST;
		EntityQuery query = new EntityQuery(param.getEditor().getSource());
		List rs = (List) entityService.search(query);
		logger.debug("param size {},source:{} ", new Integer(rs.size()), param.getEditor()
				.getSource());
		return rs;
	}

	public Set select(Collection values, List restrictions, Param param) {
		Set selected = new HashSet();
		for (Iterator iterator = restrictions.iterator(); iterator.hasNext();) {
			final Restriction restriction = (Restriction) iterator.next();
			selected.addAll(select(values, restriction, param));
		}
		return selected;
	}

	public Set select(Collection values, final Restriction restriction, Param param) {
		Set selected = new HashSet();
		String value = restriction.getItem(param);
		if (StringUtils.isNotEmpty(value)) {
			if (value.equals(Restriction.ALL)) {
				selected.addAll(values);
				return selected;
			}
			final Set paramValue = (Set) restriction.getValue(param);
			for (Iterator iterator = values.iterator(); iterator.hasNext();) {
				Object obj = (Object) iterator.next();
				try {
					if (paramValue.contains(PropertyUtils.getProperty(obj, param.getEditor()
							.getIdProperty()))) {
						selected.add(obj);
					}
				} catch (Exception e) {
					throw new RuntimeException(e.getMessage());
				}
			}
		}
		return selected;
	}

	public void setAuthorityDao(AuthorityDao authorityDao) {
		this.authorityDao = authorityDao;
	}

	public void setRestrictionApply(RestrictionApply restrictionApply) {
		this.restrictionApply = restrictionApply;
	}

	public void apply(EntityQuery query, Collection patterns, Collection restrictions) {
		restrictionApply.apply(query, patterns, restrictions);
	}

	public void apply(EntityQuery query, Pattern pattern, Restriction restriction) {
		restrictionApply.apply(query, pattern, restriction);
	}

}