GroupAdminRoleService.java example

Explorer

geoserver-master
- doc
  - en
    - developer
      - source
        programming-guide
        ows-services
        hello
        src
        main
        java
        HelloWorld.java
        web-ui
        ComponentInfo.java
    - user
      - source
        security
        tutorials
        ldap
        acme-ldap
        src
        main
        java
        org
        acme
        Ldap.java
- src

/* (c) 2014 Open Source Geospatial Foundation - all rights reserved
 * (c) 2001 - 2013 OpenPlans
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 */
package org.geoserver.security;

import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.SortedSet;

import org.geoserver.security.impl.GeoServerRole;

/**
 * Role service wrapper that filters contents based on an authenticated group administrator.
 * <p>
 * Given a group administrator this wrapper will filter out those groups which the administrator 
 * does not have administrative access to.
 * </p>
 * @author Justin Deoliveira, OpenGeo
 *
 */
public class GroupAdminRoleService extends AuthorizingRoleService {

    /** groups the user admins, lazily calculated */
    List<String> groups;

    public GroupAdminRoleService(GeoServerRoleService delegate, List<String> groups) {
        super(delegate);
        this.groups = groups;
    }

    public boolean canCreateStore() {
        return false;
    }

    public GeoServerRoleStore createStore() throws IOException {
        return null;
    }

    @Override
    protected SortedSet<String> filterGroups(GeoServerRole role,
            SortedSet<String> groupNamesForRole) {
        //include only those groups which the user is admin for
        for (Iterator<String> it = groupNamesForRole.iterator(); it.hasNext();) {
            if (filterGroup(it.next())) {
                it.remove();
            }
        }
        return groupNamesForRole;
    }

    @Override
    protected boolean filterGroup(String groupname) {
        return !groups.contains(groupname);
    }

    @Override
    protected SortedSet<String> filterUsers(GeoServerRole role,
            SortedSet<String> userNamesForRole) {
        return userNamesForRole;
    }

    @Override
    protected boolean filterUser(String username) {
        return false;
    }

    @Override
    protected SortedSet<GeoServerRole> filterUserRoles(String username,
            SortedSet<GeoServerRole> rolesForUser) {
        return rolesForUser;
    }

    @Override
    protected SortedSet<GeoServerRole> filterGroupRoles(String groupname,
            SortedSet<GeoServerRole> rolesForGroup) {
        return rolesForGroup;
    }

    @Override
    protected SortedSet<GeoServerRole> filterRoles(SortedSet<GeoServerRole> roles) {
        roles.remove(delegate.getAdminRole());
        return roles;
    }

    @Override
    protected Map<String, String> filterParentMappings(
            Map<String, String> parentMappings) {
        return parentMappings;
    }

    @Override
    protected GeoServerRole filterRole(GeoServerRole role) {
        if (role == delegate.getAdminRole()) {
            return null;
        }
        return null;
    }

}