package org.jboss.seam.security.permission;
import java.io.Serializable;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Instance;
import javax.enterprise.inject.spi.BeanManager;
import javax.inject.Inject;
/**
* Maps permission checks to resolver chains
*
* @author Shane Bryzak
*/
@ApplicationScoped
public class PermissionMapper implements Serializable {
private static final long serialVersionUID = 7692687882996064772L;
@Inject
Instance<PermissionResolver> resolvers;
@Inject
BeanManager manager;
public boolean resolvePermission(Object resource, String permission) {
for (PermissionResolver resolver : resolvers) {
if (resolver.hasPermission(resource, permission)) return true;
}
return false;
}
public void filterByPermission(Collection<?> collection, String action) {
boolean homogenous = true;
Class<?> targetClass = null;
for (Object target : collection) {
if (targetClass == null) targetClass = target.getClass();
if (!targetClass.equals(target.getClass())) {
homogenous = false;
break;
}
}
if (homogenous) {
Set<Object> denied = new HashSet<Object>(collection);
for (PermissionResolver resolver : resolvers) {
resolver.filterSetByAction(denied, action);
}
for (Object target : denied) {
collection.remove(target);
}
} else {
Map<Class<?>, Set<Object>> deniedByClass = new HashMap<Class<?>, Set<Object>>();
for (Object obj : collection) {
if (!deniedByClass.containsKey(obj.getClass())) {
Set<Object> denied = new HashSet<Object>();
denied.add(obj);
deniedByClass.put(obj.getClass(), denied);
} else {
deniedByClass.get(obj.getClass()).add(obj);
}
}
for (Class<?> cls : deniedByClass.keySet()) {
Set<Object> denied = deniedByClass.get(cls);
for (PermissionResolver resolver : resolvers) {
resolver.filterSetByAction(denied, action);
}
for (Object target : denied) {
collection.remove(target);
}
}
}
}
}