ModifyTreePermissionsPermission.java

/* license-start
 * 
 * Copyright (C) 2008 - 2013 Crispico, <http://www.crispico.com/>.
 * 
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation version 3.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details, at <http://www.gnu.org/licenses/>.
 * 
 * Contributors:
 *   Crispico - Initial API and implementation
 *
 * license-end
 */
package org.flowerplatform.web.security.permission;

import java.security.Permission;
import java.util.List;

import org.flowerplatform.web.security.sandbox.SecurityEntityAdaptor;
import org.flowerplatform.web.security.sandbox.SecurityUtils;

import org.flowerplatform.web.entity.ISecurityEntity;
import org.flowerplatform.web.entity.PermissionEntity;

/**
 * The owner of this permission can create/update/delete any link {@link PermissionEntity} 
 * with type {@link AbstractTreePermission}  that meets the following conditions:
 * <ul>
 * <li>the modified permission matches with the path of this permission</li>
 * <li>the security entities of the modified permission are included by the actions of this permission</li>
 * </ul>
 * 
 * <p>
 * In case of a permission update, both the old values and the new values of the 
 * updated permission must be allowed by this.
 * 
 * <p>
 * E.g.:
 * name = org1/*, actions = #org1,$user1
 * The owner can create:
 * 1) a PermisisonEntity of type FlowerWebFilePermission with a name(/resource/target/path) that matches org1/* and assigned to security entity contained in #org1,$user1
 * 2) a PermissionEntity of type ModifyTreePermissionsPermission with a name(/resource/target/path) that matches org1/* and assigned to security entity contained in #org1,$user1. 
 * Also, this is a special case: the parameters of the PermissionEntity will be the actions of a ModifyTreePermissionsPermission. So when checking if a PermissionEntity of type ModifyTreePermissionsPermission
 * is permitted, the call will be SecurityManager.checkPermission(ModifyTreePermissionsPermission(PermissionEntity.resource, PermissionEntity.assignedTo + PermissionEntity.actions))
 * 
 * <p>
 * Clarification:
 * PermissionEntity.resource is the name for a permission (AbstractTreePermission).
 * PermissionEntity.actions is actions for a permission.
 * 
 * @author Florin
 * 
 * 
 */
public class ModifyTreePermissionsPermission extends AbstractTreePermission {

	/**
	 * 
	 */
	private static final long serialVersionUID = 1L;

	/**
	 * PermissionEntities can use SecurityEntities from this list.
	 * Usage means:
	 * <ul>
	 * <li> to appear in PermissionEntities.assignedTo or PermissionEntities.actions when checking for ModifyTreePermissionsPermission </li>
	 * <li> to appear in PermissionEntities.assignedTo in case for a FlowerWebFilePermission (or others) </li>
	 * </ul>
	 * 
	 */
	private List<ISecurityEntity> assignableSecurityEntities;

	/**
	 * @param name
	 *            the path on the file system. Attention: if it is a relative
	 *            path, it will be considered relative to user directory, not to
	 *            runtime workspace of running eclipse.
	 * @param actions
	 * 
	 */
	public ModifyTreePermissionsPermission(String name, String actions) {
		super(name, actions);		
	}
	
	/**
	 * 
	 */
	@Override
	public boolean impliesWithoutTreePathCheck(Permission permission) {
		if (!(permission instanceof ModifyTreePermissionsPermission)) {
			return false;
		}
		if (actions.equals(PermissionEntity.ANY_ENTITY)) {
			// permission to create any SecurityEntity that is assigned to any security entity 
			return true;
		}
		if (assignableSecurityEntities == null) {			
			assignableSecurityEntities = SecurityEntityAdaptor.csvStringToSecurityEntityList(actions, true);
		}
				
		ModifyTreePermissionsPermission modifyPermission = (ModifyTreePermissionsPermission) permission;
		// security entities that we must check if they are allowed to be used by a PermissionEntity
		List<ISecurityEntity> securityEntitiesToBeChecked = SecurityEntityAdaptor.csvStringToSecurityEntityList(modifyPermission.actions, false);
		boolean implies = true; 
		for (ISecurityEntity securityEntity: securityEntitiesToBeChecked) {
			implies &= SecurityUtils.securityEntityIsAssignable(assignableSecurityEntities, securityEntity);
		}
		
		return implies;
	}
	
	/**
	 * 
	 */
	@Override
	public boolean equals(Object obj) {
		if (!(obj instanceof ModifyTreePermissionsPermission)) {
			return false;
		}
		
		ModifyTreePermissionsPermission other = (ModifyTreePermissionsPermission) obj;
		return getName().equals(other.getName()) && getActions().equals(other.getActions());
	}

	/**
	 * 
	 */
	@Override
	public int hashCode() {
		return getName().hashCode() + 31 * getActions().hashCode();
	}
}