/* license-start
*
* Copyright (C) 2008 - 2013 Crispico, <http://www.crispico.com/>.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation version 3.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details, at <http://www.gnu.org/licenses/>.
*
* Contributors:
* Crispico - Initial API and implementation
*
* license-end
*/
package org.flowerplatform.web.security.permission;
import java.io.File;
import java.security.AccessController;
import java.security.Permission;
import java.security.Policy;
import java.security.PrivilegedAction;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.flowerplatform.web.security.sandbox.FlowerWebPolicy;
import org.flowerplatform.web.WebPlugin;
import org.flowerplatform.web.entity.PermissionEntity;
/**
* It keeps metadata for a permission type.
*
* <p>
* An important responsibility of this class is to do a mapping between
* permission representations saved in database {@link org.flowerplatform.web.entity.PermissionEntity}
* (i.e. {@link #getImplementedPermissionType()}) and <code>java.security.Permission</code>
* (i.e. {@link #getHandledPermissionType()}). The 2 of them are usually identical.
*
* @author Cristi
* @author Florin
* @author Mariana
*
*
*/
public abstract class PermissionDescriptor {
/**
* {@link Permission#getName()} is equivalent of {@link PermissionEntity#getResource()}.
*/
static final String NAME_FIELD = "name";
/**
* {@link Permission#getActions()} is equivalent of {@link PermissionEntity#getActions()}.
*/
static final String ACTIONS_FIELD = "actions";
static public final String ASSIGNED_TO_FIELD = "assignedTo";
static final String TYPE_FIELD = "type";
/**
* This usually returns the same value as {@link #getImplementedPermissionType()}.
* However, there are cases when the actual "implies" logic expects another
* type of permission, different from its actual type. E.g. {@link FlowerWebFilePermission}
* which expects a "parameter" of type {@link java.io.FilePermission}.
*
* <p>
* {@link FlowerWebPolicy} organizes the cache based on the result of this method.
*
*
*/
public abstract Class<? extends Permission> getHandledPermissionType();
/**
* This class is the one that comes with the <strong>implementation</strong>
* of the "implements" logic. The fully qualified of this type is saved
* in the database {@link PermissionEntity#getType()}.
*
*
*/
public abstract Class<? extends Permission> getImplementedPermissionType();
/**
* Should return <code>true</code> for tree permissions.
*
*
*/
public abstract boolean isTreePermission();
/**
* Validates the name and action fields of a permission.
*
*/
public abstract Map<String, String> validate(Permission permission);
/**
* Return the possible values for actions, in case these values form a finit set.
*
*/
public List<String> getActions() {
return Collections.emptyList();
}
/**
*
*/
public String getName() {
return getImplementedPermissionType().getName();
}
public void setName(String s) {}
/**
*
*/
public String getSimpleName() {
return getImplementedPermissionType().getSimpleName();
}
public void setSimpleName(String s) {}
public void setOrder(int i) {}
/**
* Used to order the permissions on client side.
*
* @author Mariana
*/
public int getOrder() {
return 0;
}
public void setHints(Map<String, String> map) {}
/**
* A map with hints that will be displayed in the permission form, depending on the type of
* permission selected. The <code>ASSIGNED_TO</code> hint is the same for all the permissions.
*
* @author Mariana
*/
public Map<String, String> getHints() {
Map<String, String> map = new HashMap<String, String>();
map.put(ASSIGNED_TO_FIELD, WebPlugin.getInstance().getMessage("entity.permission.assignedTo.hint"));
return map;
}
/**
* Returns true if the path exists and it is relative to workspace.
*/
protected boolean pathIsRelativeToWorkspace(String path) {
String runtimeWorkspace = ((FlowerWebPolicy)Policy.getPolicy()).getRuntimeWorkspace().getAbsolutePath();
String name = runtimeWorkspace+ "/" + path;
if (name.endsWith("*")) {
name = name.substring(0, name.length() - 2);
}
final String name2 = name;
// File.exists will determine a security check
return AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
@Override
public Boolean run() {
File file = new File(name2);
return file.exists();
}
});
}
}