GroupAce.java example

Explorer
jTalk-master
- jcommune-master
/**
 * Copyright (C) 2011  JTalks.org Team
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */

package org.jtalks.jcommune.service.security.acl;

import org.jtalks.common.model.dao.GroupDao;
import org.jtalks.common.model.entity.Group;
import org.jtalks.common.model.permissions.BranchPermission;
import org.jtalks.common.model.permissions.GeneralPermission;
import org.jtalks.common.model.permissions.JtalksPermission;
import org.jtalks.jcommune.service.security.acl.sids.UserGroupSid;
import org.springframework.security.acls.model.AccessControlEntry;

/**
 * @author stanislav bashkirtsev
 */
public class GroupAce {
    private final AccessControlEntry ace;

    public GroupAce(AccessControlEntry ace) {
        if (!(ace.getSid() instanceof UserGroupSid)) {
            throw new IllegalArgumentException("The specified ACE has sid which is not of type: " + UserGroupSid.class);
        }
        this.ace = ace;
    }

    public Group getGroup(GroupDao groupDao) {
        long groupId = getGroupId();
        Group group = groupDao.get(groupId);
        throwIfNull(groupId, group);
        return group;
    }

    /**
     * @return id of associated {@link UserGroupSid} and its {@link Group}
     */
    public long getGroupId() {
        String groupIdString = ((UserGroupSid) ace.getSid()).getGroupId();
        return Long.parseLong(groupIdString);
    }

    public JtalksPermission getPermission() {
        JtalksPermission permission = BranchPermission.findByMask(getPermissionMask());
        if (permission == null) {
            permission = GeneralPermission.findByMask(getPermissionMask());
        }
        return permission;
    }

    public int getPermissionMask() {
        return ace.getPermission().getMask();
    }

    public boolean isGranting() {
        return ace.isGranting();
    }

    /**
     * Defines whether the ACE is restricting and SID is not allowed to perform action.
     *
     * @return true if the permission is restricted or false if it's granted
     */
    public boolean isRestricting() {
        return !isGranting();
    }

    public AccessControlEntry getOriginalAce() {
        return ace;
    }

    private void throwIfNull(long groupId, Group group) {
        if (group == null) {
            throw new ObsoleteAclException(groupId);
        }
    }

    @SuppressWarnings("serial")
    public static class ObsoleteAclException extends RuntimeException {

        public ObsoleteAclException(long groupId) {
            super(new StringBuilder("A group with ID [").append(groupId).append("] was removed")
                    .append("but this ID is still registered as a Permission owner (SID) in ACL tables. ")
                    .append("To resolve this issue you should manually remove records from ACL tables ")
                    .append("Note, that this is a bug and this issue should be reported to be corrected in ")
                    .append("future versions.").toString());
        }
    }
}