PermissionManager.java

package org.jboss.seam.security.permission;

import java.io.Serializable;
import java.util.List;

import javax.inject.Inject;
import javax.inject.Named;

import org.jboss.solder.logging.Logger;
import org.jboss.seam.security.Identity;

/**
 * Permission management component, used to grant or revoke permissions on specific objects or of
 * specific permission types to particular users or roles.
 *
 * @author Shane Bryzak
 */
@Named
public class PermissionManager implements Serializable {
    private static final long serialVersionUID = -2694925751585231813L;

    public static final String PERMISSION_READ = "seam.read-permissions";
    public static final String PERMISSION_GRANT = "seam.grant-permission";
    public static final String PERMISSION_REVOKE = "seam.revoke-permission";

    private static final Logger log = Logger.getLogger(PermissionManager.class);

    @Inject
    PermissionStore permissionStore;
    @Inject
    Identity identity;

    public PermissionStore getPermissionStore() {
        return permissionStore;
    }

    public void setPermissionStore(PermissionStore permissionStore) {
        this.permissionStore = permissionStore;
    }

    public List<Permission> listPermissions(Object target, String action) {
        if (target == null) return null;
        identity.checkPermission(target, PERMISSION_READ);
        return permissionStore.listPermissions(target, action);
    }

    public List<Permission> listPermissions(Object target) {
        if (target == null) return null;
        identity.checkPermission(target, PERMISSION_READ);
        return permissionStore.listPermissions(target);
    }

    public boolean grantPermission(Permission permission) {
        identity.checkPermission(permission.getResource(), PERMISSION_GRANT);
        return permissionStore.grantPermission(permission);
    }

    public boolean grantPermissions(List<Permission> permissions) {
        for (Permission permission : permissions) {
            identity.checkPermission(permission.getResource(), PERMISSION_GRANT);
        }
        return permissionStore.grantPermissions(permissions);
    }

    public boolean revokePermission(Permission permission) {
        identity.checkPermission(permission.getResource(), PERMISSION_REVOKE);
        return permissionStore.revokePermission(permission);
    }

    public boolean revokePermissions(List<Permission> permissions) {
        for (Permission permission : permissions) {
            identity.checkPermission(permission.getResource(), PERMISSION_REVOKE);
        }
        return permissionStore.revokePermissions(permissions);
    }

    public List<String> listAvailableActions(Object target) {
        return permissionStore.listAvailableActions(target);
    }

    public void clearPermissions(Object target) {
        if (permissionStore != null) {
            permissionStore.clearPermissions(target);
        }
    }
}