/*
* Copyright 2004-2005 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springmodules.validation.valang.functions;
import java.util.Collection;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
/**
* A function that accepts a one string argument that indicates a security role.
* This function returns a <code>true</code> if the current user is in the
* passed in role, and <code>false</code> otherwise. <br/>
* <br/>
* This method uses Acegi's
* <code>SecurityContextHolder.getContext().getAuthentication()</code> to get
* the current user. <br/>
* <br/>
* This function may be used to apply different validation rules based on the
* logged in user roles.
*
* @author Uri Boness
* @since May 25, 2006
*/
public class InRoleFunction extends AbstractFunction
{
public InRoleFunction(Function[] arguments, int line, int column)
{
super(arguments, line, column);
definedExactNumberOfArguments(1);
}
protected Object doGetResult(Object target)
{
Object role = getArguments()[0].getResult(target);
Authentication authentication = SecurityContextHolder.getContext()
.getAuthentication();
if (authentication == null)
{
return Boolean.FALSE;
}
Collection<GrantedAuthority> authorities = authentication
.getAuthorities();
for (GrantedAuthority grantedAuthority : authorities)
{
if (grantedAuthority.equals(role))
{
return Boolean.TRUE;
}
}
return Boolean.FALSE;
}
}