ViewActivityAuthorizationStrategy.java example

Explorer
cmestemp22-master
/*
 * Copyright (c) 2010 Lockheed Martin Corporation
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.eurekastreams.server.action.authorization.stream;

import java.util.Arrays;

import org.eurekastreams.commons.actions.AuthorizationStrategy;
import org.eurekastreams.commons.actions.context.service.ServiceActionContext;
import org.eurekastreams.commons.exceptions.AuthorizationException;
import org.eurekastreams.server.action.execution.stream.ActivitySecurityTrimmer;

/**
 * Authorize if current user has permissions to view given activity id. This ONLY restricts viewing activities posted to
 * private groups, activities posted to public group or any personal stream are visible to anyone.
 * 
 */
public class ViewActivityAuthorizationStrategy implements AuthorizationStrategy<ServiceActionContext>
{
    /**
     * Trims out unauthorized activity.
     */
    private ActivitySecurityTrimmer securityTrimmer;

    /**
     * Constructor.
     * 
     * @param inSecurityTrimmer
     *            Trims unauthorized activity..
     */
    public ViewActivityAuthorizationStrategy(final ActivitySecurityTrimmer inSecurityTrimmer)
    {
        securityTrimmer = inSecurityTrimmer;
    }

    /**
     * Authorize if current user has permissions to view given activity id. Currently only restriction on viewing
     * activities is on activities posted to private groups, activities post to public group or any personal stream are
     * visible to anyone.
     * 
     * @param inActionContext
     *            ActionContext for request.
     */
    public void authorize(final ServiceActionContext inActionContext)
    {
        // Unauthorized if all results are trimed away.
        if (securityTrimmer.trim(Arrays.asList((Long) inActionContext.getParams()),
                inActionContext.getPrincipal().getId()).size() == 0)
        {
            throw new AuthorizationException("Current user does not have access right to view activity.");
        }
    }

}