package org.jboss.seam.security.permission;
import java.io.Serializable;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.enterprise.context.SessionScoped;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import org.jboss.seam.security.Identity;
/**
* Resolves dynamically-assigned permissions, mapped to a user or a role, and kept in persistent
* storage, such as a relational database.
*
* @author Shane Bryzak
*/
public
@SessionScoped
class PersistentPermissionResolver implements PermissionResolver, Serializable {
private static final long serialVersionUID = -603389172032219059L;
@Inject
Identity identity;
@Inject
PermissionStore permissionStore;
@Inject
Instance<RuleBasedPermissionResolver> ruleBasedPermissionResolver;
public PermissionStore getPermissionStore() {
return permissionStore;
}
public void setPermissionStore(PermissionStore permissionStore) {
this.permissionStore = permissionStore;
}
public boolean hasPermission(Object target, String action) {
if (permissionStore == null) return false;
if (!identity.isLoggedIn()) return false;
if (!permissionStore.isEnabled()) return false;
List<Permission> permissions = permissionStore.listPermissions(target, action);
String username = identity.getUser().getId();
if (permissions != null) {
for (Permission permission : permissions) {
if (//permission.getIdentity() instanceof SimplePrincipal &&
username.equals(permission.getIdentity().getName())) {
return true;
}
//if (permission.getRecipient() instanceof RoleImpl)
//{
// RoleImpl role = (RoleImpl) permission.getRecipient();
// TODO fix this
/*if (role.isConditional())
{
if (ruleBasedPermissionResolver.checkConditionalRole(role.getRoleType(), target, action)) return true;
}
else if (identity.hasRole(role.getRoleType()))
{
return true;
}*/
//}
}
}
return false;
}
public void filterSetByAction(Set<Object> targets, String action) {
if (permissionStore == null) return;
if (!identity.isLoggedIn()) return;
List<Permission> permissions = permissionStore.listPermissions(targets, action);
String username = identity.getUser().getId();
Iterator<?> iter = targets.iterator();
while (iter.hasNext()) {
Object target = iter.next();
for (Permission permission : permissions) {
if (permission.getResource().equals(target)) {
if (//permission.getIdentity() instanceof SimplePrincipal &&
username.equals(permission.getIdentity().getName())) {
iter.remove();
break;
}
//if (permission.getRecipient() instanceof RoleImpl)
//{
// RoleImpl role = (RoleImpl) permission.getRecipient();
// TODO fix this
/*
if (role.isConditional())
{
if (ruleBasedPermissionResolver.checkConditionalRole(role.getName(), target, action))
{
iter.remove();
break;
}
}
else if (identity.hasRole(role.getRoleType()))
{
iter.remove();
break;
}*/
//}
}
}
}
}
}