TokenHolder.java

/*
 *   $Id$
 *
 *   Copyright 2008 Glencoe Software, Inc. All rights reserved.
 *   Use is subject to license terms supplied in LICENSE.txt
 */

package ome.security.basic;

import ome.model.IObject;
import ome.model.internal.GraphHolder;
import ome.model.internal.Token;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * Manages a special token (a unique object) which can be inserted into
 * {@link IObject} instances for special almost-administrative handling.
 * 
 * Identifies loose "ownership" of certain objects.
 * 
 * @see IObject#getGraphHolder()
 * @see GraphHolder#hasToken()
 */
public class TokenHolder {

    private static Logger log = LoggerFactory.getLogger(TokenHolder.class);

    private final Token token = new Token();

    public void setToken(GraphHolder gh) {
        gh.setToken(token, token);
    }

    public void clearToken(GraphHolder gh) {
        gh.setToken(token, null);
    }

    public boolean hasPrivilegedToken(IObject obj) {

        if (obj == null) {
            return false;
        }

        GraphHolder gh = obj.getGraphHolder();

        // most objects will not have a token
        if (gh.hasToken()) {
            // check if truly secure.
            if (gh.tokenMatches(token)) {
                return true;
            }
        }
        return false;
    }

    /**
     * copy a token from one {@link IObject} to another. This is currently
     * insecure and should take a third token implying the rights to copy.
     * Should only be called by {@link MergeEventListener}
     */
    public void copyToken(IObject source, IObject copy) {
        if (source == null || copy == null || source == copy) {
            return;
        }

        GraphHolder gh1 = source.getGraphHolder();
        GraphHolder gh2 = copy.getGraphHolder();

        // try our token first
        if (gh1.tokenMatches(token)) {
            gh2.setToken(token, token);
        }

    }
}