SecurityAwareMetadataDomainRepository.java

/*
 * This program is free software; you can redistribute it and/or modify it under the 
 * terms of the GNU General Public License, version 2 as published by the Free Software 
 * Foundation.
 *
 * You should have received a copy of the GNU General Public License along with this 
 * program; if not, you can obtain a copy at http://www.gnu.org/licenses/gpl-2.0.html 
 * or from the Free Software Foundation, Inc., 
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; 
 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 * See the GNU General Public License for more details.
 * 
 * Copyright 2007 - 2008 Pentaho Corporation.  All rights reserved.
 *  
 */
package org.pentaho.platform.plugin.services.metadata;

import java.util.ArrayList;
import java.util.List;

import org.pentaho.metadata.model.LogicalModel;
import org.pentaho.metadata.model.concept.IConcept;
import org.pentaho.metadata.model.concept.security.RowLevelSecurity;
import org.pentaho.metadata.repository.IMetadataDomainRepository;
import org.pentaho.metadata.util.RowLevelSecurityHelper;
import org.pentaho.platform.engine.security.SecurityHelper;
import org.pentaho.platform.engine.services.messages.Messages;
import org.springframework.security.Authentication;
import org.springframework.security.GrantedAuthority;

/**
 * This is the platform implementation which implements security.
 * 
 * @author Will Gorman (wgorman@pentaho.com)
 */
public class SecurityAwareMetadataDomainRepository extends MetadataDomainRepository {
  
  @Override
  public String generateRowLevelSecurityConstraint(LogicalModel model) {
    RowLevelSecurity rls = model.getRowLevelSecurity();
    if (rls == null || rls.getType() == RowLevelSecurity.Type.NONE) {
      return null;
    }
    Authentication auth = SecurityHelper.getAuthentication(getSession(), true);
    if (auth == null) {
      logger.info(Messages.getInstance().getString("SecurityAwareCwmSchemaFactory.INFO_AUTH_NULL_CONTINUE")); //$NON-NLS-1$
      return "FALSE()"; //$NON-NLS-1$
    }
    String username = auth.getName();
    List<String> roles = new ArrayList<String>();
    for (GrantedAuthority role : auth.getAuthorities()) {
      roles.add(role.getAuthority());
    }

    RowLevelSecurityHelper helper = new RowLevelSecurityHelper();
    return helper.getOpenFormulaSecurityConstraint(rls, username, roles);
  }
  
  @Override
  public boolean hasAccess(final int accessType, final IConcept aclHolder) {
    if (aclHolder != null) {
      MetadataAclHolder newHolder = new MetadataAclHolder(aclHolder);
      int mappedActionOperation = ACCESS_TYPE_MAP[accessType];
      return SecurityHelper.hasAccess(newHolder, mappedActionOperation, getSession());
    } else {
      if (accessType == IMetadataDomainRepository.ACCESS_TYPE_SCHEMA_ADMIN) {
        return SecurityHelper.isPentahoAdministrator(getSession());
      }
    }
    return true;
  }
}