/* license-start
*
* Copyright (C) 2008 - 2013 Crispico, <http://www.crispico.com/>.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation version 3.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details, at <http://www.gnu.org/licenses/>.
*
* Contributors:
* Crispico - Initial API and implementation
*
* license-end
*/
package org.flowerplatform.web.security.permission;
import java.security.Permission;
import java.util.List;
import org.flowerplatform.web.security.sandbox.SecurityEntityAdaptor;
import org.flowerplatform.web.security.sandbox.SecurityUtils;
import org.flowerplatform.web.entity.Group;
import org.flowerplatform.web.entity.ISecurityEntity;
import org.flowerplatform.web.entity.Organization;
import org.flowerplatform.web.entity.PermissionEntity;
import org.flowerplatform.web.entity.User;
/**
* The owner of this permission can create/update/delete ISecurityEntities:
* {@link Organization}, {@link Group}, {@link User}).
* The {@link #actions} can have the value * meaning that the modified security entity can be assigned to anyone.
* Actions can be a csv list of organizations and/or groups to which the modified security entity can belong.
*
* <p>
* E.g. if actions = #org1, @group, the owner can create user or groups that belong to #org1, or users that belong to @group.
*
* @author Florin
*
*
*/
public class AdminSecurityEntitiesPermission extends Permission {
/**
*
*/
private static final long serialVersionUID = 1L;
/**
*
*/
private String actions;
/**
*
*/
private List<ISecurityEntity> assignableSecurityEntities;
/**
* @param name - not used
* @param actions
*
*/
public AdminSecurityEntitiesPermission(String name, String actions) {
super(name);
this.actions = actions;
}
/**
*
*/
@Override
public String getActions() {
return actions;
}
/**
*
*/
@Override
public boolean implies(Permission permission) {
if (!(permission instanceof AdminSecurityEntitiesPermission)) {
return false;
}
if (actions.equals(PermissionEntity.ANY_ENTITY)) {
// permission to create any SecurityEntity that is assigned to any security entity
return true;
}
if (assignableSecurityEntities == null) {
assignableSecurityEntities = SecurityEntityAdaptor.csvStringToSecurityEntityList(actions, true);
}
AdminSecurityEntitiesPermission other = (AdminSecurityEntitiesPermission) permission;
if (other.actions.equals(PermissionEntity.ANY_ENTITY)) {
return false;
}
List<ISecurityEntity> securityEntitiesToBeChecked = SecurityEntityAdaptor.csvStringToSecurityEntityList(other.actions, false);
boolean implies = false;
for (ISecurityEntity securityEntity: securityEntitiesToBeChecked) {
implies |= SecurityUtils.securityEntityIsAssignable(assignableSecurityEntities, securityEntity);
}
return implies;
}
/**
*
*/
@Override
public boolean equals(Object obj) {
if (!(obj instanceof AdminSecurityEntitiesPermission)) {
return false;
}
AdminSecurityEntitiesPermission other = (AdminSecurityEntitiesPermission) obj;
return getName().equals(other.getName()) && getActions().equals(other.getActions());
}
/**
*
*/
@Override
public int hashCode() {
return getName().hashCode() + 31 * getActions().hashCode();
}
}