/**
* Licensed to The Apereo Foundation under one or more contributor license
* agreements. See the NOTICE file distributed with this work for additional
* information regarding copyright ownership.
*
*
* The Apereo Foundation licenses this file to you under the Educational
* Community License, Version 2.0 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of the License
* at:
*
* http://opensource.org/licenses/ecl2.txt
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*
*/
package org.opencastproject.assetmanager.impl;
import static com.entwinemedia.fn.Stream.$;
import org.opencastproject.security.api.AccessControlList;
import org.opencastproject.security.api.AccessControlUtil;
import org.opencastproject.security.api.Organization;
import org.opencastproject.security.api.SecurityService;
import org.opencastproject.security.api.UnauthorizedException;
import org.opencastproject.security.api.User;
import com.entwinemedia.fn.Fn2;
import com.entwinemedia.fn.P1;
import com.entwinemedia.fn.Pred;
import java.util.List;
import javax.annotation.ParametersAreNonnullByDefault;
@ParametersAreNonnullByDefault
public class Protector {
private final SecurityService secSvc;
public Protector(SecurityService secSvc) {
this.secSvc = secSvc;
}
/**
* Evaluate a product if the current user is authorized to perform the given actions.
*/
public <A> Protected<A> protect(final AccessControlList acl, List<String> actions, P1<A> p) {
final User user = secSvc.getUser();
final Organization org = secSvc.getOrganization();
final Pred<String> isAuthorizedToDo = new Pred<String>() {
@Override public Boolean apply(String action) {
return AccessControlUtil.isAuthorized(acl, user, org, action);
}
};
final boolean isAuthorized = $(actions).map(isAuthorizedToDo).foldl(false, or);
return isAuthorized
? Protected.granted(p.get1())
: Protected.<A>rejected(new UnauthorizedException(user, $(actions).mkString(",")));
}
public static final Fn2<Boolean, Boolean, Boolean> or = new Fn2<Boolean, Boolean, Boolean>() {
@Override public Boolean apply(Boolean a, Boolean b) {
return a || b;
}
};
}