AbstractSecurityFilter.java example

Explorer
openmicroscopy-master
/*
 *   $Id$
 *
 *   Copyright 2012 Glencoe Software, Inc. All rights reserved.
 *   Use is subject to license terms supplied in LICENSE.txt
 */

package ome.security.basic;

import java.util.Collection;
import java.util.Properties;

import ome.model.internal.Details;
import ome.model.internal.Permissions;
import ome.model.internal.Permissions.Right;
import ome.model.internal.Permissions.Role;
import ome.security.SecurityFilter;
import ome.system.EventContext;
import ome.system.Roles;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.hibernate.Filter;
import org.hibernate.Session;
import org.springframework.beans.factory.FactoryBean;
import org.springframework.orm.hibernate3.FilterDefinitionFactoryBean;

/**
 * overrides {@link FilterDefinitionFactoryBean} in order to construct our
 * security filter in code and not in XML. This allows us to make use of the
 * knowledge within {@link Permissions}
 *
 * With the addition of shares in 4.0, it is necessary to remove the security
 * filter if a share is active and allow loading to throw the necessary
 * exceptions.
 *
 * @author Josh Moore, josh at glencoesoftware.com
 */
public abstract class AbstractSecurityFilter extends FilterDefinitionFactoryBean
    implements SecurityFilter {

    protected final Logger log = LoggerFactory.getLogger(getClass());

    protected final Roles roles;

    /**
     * Default constructor which calls all the necessary setters for this
     * {@link FactoryBean}. Also calls {@link #setDefaultFilterCondition(String)}.
     * This query clause must be kept in sync with
     * {@link #passesFilter(Session, Details, EventContext)}.
     *
     * @see #passesFilter(Session, Details, EventContext)
     * @see FilterDefinitionFactoryBean#setFilterName(String)
     * @see FilterDefinitionFactoryBean#setParameterTypes(java.util.Map)
     * @see FilterDefinitionFactoryBean#setDefaultFilterCondition(String)
     */
    public AbstractSecurityFilter() {
        this(new Roles());
    }

    public AbstractSecurityFilter(Roles roles) {
        this.roles = roles;
        this.setFilterName(getName());
        this.setParameterTypes(getParameterTypes());
        this.setDefaultFilterCondition(getDefaultCondition());
    }

    public String getName() {
        return this.getClass().getSimpleName();
    }

    public void disable(Session sess) {
	    sess.disableFilter(getName());
	    disableBaseFilters(sess);
    }

    public boolean isNonPrivate(EventContext c) {
        return c.getCurrentGroupPermissions().isGranted(Role.GROUP, Right.READ)
            || c.getCurrentGroupPermissions().isGranted(Role.WORLD, Right.READ);
    }

    public boolean isAdminOrPi(EventContext c) {
        return c.isCurrentUserAdmin() ||
            c.getLeaderOfGroupsList().contains(c.getCurrentGroupId());

    }

    public boolean isShare(EventContext c) {
        return c.getCurrentShareId() != null;
    }

    protected void enableBaseFilters(Session sess, int admin01, Long currentUserId) {
        final Filter sessionFilter = sess.enableFilter("owner_or_admin");
        sessionFilter.setParameter("is_admin", admin01);
        sessionFilter.setParameter("current_user", currentUserId);
	}

    protected void disableBaseFilters(Session sess) {
        sess.disableFilter("owner_or_admin");
    }
}