AclAuthorisationProvider.java example

Explorer

v7files-master
- src
  - main
    - java
      - arlut
        csd
        crypto
        MD5Crypt.java
      - v7db
        auth
        AuthenticationProvider.java
        AuthenticationProviderFactory.java
        AuthenticationToken.java
        DemoAuthenticationProvider.java
        MongoAuthenticationProvider.java
        PasswordUtil.java
        files
        AclAuthorisationProvider.java
        AuthorisationProvider.java
        AuthorisationProviderFactory.java
        CatCommand.java
        Compression.java
        Configuration.java
        ContentStorageFacade.java
        CopyCommand.java
        EndpointProperties.java
        GlobalAuthorisationProvider.java
        LsCommand.java
        Main.java
        MapUtils.java
        MkdirCommand.java
        ServeCommand.java
        TrustedAuthorisationProvider.java
        UploadCommand.java
        ZipFile.java
        buckets
        BucketsServiceConfiguration.java
        BucketsServlet.java
        milton
        FileResource.java
        FolderResource.java
        GetHandler.java
        LockableFileResource.java
        LockableFolderResource.java
        MiltonServlet.java
        PathMultiTenantResourceFactory.java
        ResourceFactory.java
        ResourceFactoryFactory.java
        mongodb
        BSONUtils.java
        MongoContentStorage.java
        MongoReferenceTracking.java
        QueryUtils.java
        Tenants.java
        UpdateConflictException.java
        V7File.java
        V7GridFS.java
        Vermongo.java
        spi
        ChunkedContent.java
        Content.java
        ContentConcatenation.java
        ContentPointer.java
        ContentSHA.java
        ContentStorage.java
        GzippedContent.java
        InlineContent.java
        OffsetAndLength.java
        ReferenceTracking.java
        StorageScheme.java
        StoredContent.java
  - test
    - java
      - v7db
        auth
        PasswordUtilTest.java
        files
        AclAuthorisationProviderTest.java
        CatCommandTest.java
        CompressionTest.java
        ConfigurationTest.java
        CopyCommandTest.java
        GlobalAuthorisationProviderTest.java
        MkdirCommandTest.java
        TrustedAuthorisationProviderTest.java
        UnitTestSupport.java
        V7GridFSTest.java
        ZipFileTest.java
        buckets
        BucketsServletTest.java
        milton
        CopyWebRequest.java
        MiltonServletTest.java
        MkColWebRequest.java
        MoveWebRequest.java
        mongodb
        AuthorisationProviderTest.java
        MongoContentStorageTest.java
        MongoReferenceTrackingTest.java
        SimpleGarbageCollector.java
        V7FileTest.java
        spi
        ChunkedContentTest.java
        ContentConcatenationTest.java
        InlineContentTest.java
        OffsetAndLengthTest.java

/**
 * Copyright (c) 2011, Thilo Planz. All rights reserved.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

package v7db.files;

import java.util.Properties;

import org.apache.commons.lang3.ArrayUtils;

import v7db.auth.AuthenticationToken;
import v7db.files.mongodb.V7File;

class AclAuthorisationProvider implements AuthorisationProvider {

	private final GlobalAuthorisationProvider global;

	public AclAuthorisationProvider(Properties props) {
		global = new GlobalAuthorisationProvider(props);
	}

	private Boolean authorise(V7File resource, AuthenticationToken user,
			String permission) {
		Object[] roles = global.getRoles(user);
		if (roles == null)
			return false;

		Object[] acl = resource.getEffectiveAcl(permission);
		if (acl == null)
			return null;
		for (Object role : roles) {
			if (ArrayUtils.contains(acl, role))
				return true;
		}
		return false;
	}

	public boolean authoriseOpen(V7File resource, AuthenticationToken user) {
		Object[] acl = resource.getAcl("open");
		if (acl == null) {
			// no ACL set at all,
			// inherit from parent
			V7File parent = resource.getParent();
			if (parent != null)
				return authoriseOpen(parent, user);
			return global.authoriseOpen(resource, user);
		}
		if (acl.length == 0) {
			// "open" not set, default to "read" (which must be set)
			return authoriseRead(resource, user);
		}

		Boolean result = authorise(resource, user, "open");
		if (result == null)
			return global.authoriseRead(resource, user);
		return result;
	}

	public boolean authoriseRead(V7File resource, AuthenticationToken user) {
		V7File parent = resource.getParent();
		if (parent != null) {
			if (!authoriseOpen(parent, user))
				return false;
		}
		Boolean result = authorise(resource, user, "read");
		if (result == null)
			return global.authoriseRead(resource, user);
		return result;
	}

	public boolean authoriseWrite(V7File resource, AuthenticationToken user) {
		V7File parent = resource.getParent();
		if (parent != null) {
			if (!authoriseOpen(parent, user))
				return false;
		}
		Boolean result = authorise(resource, user, "write");
		if (result == null)
			return global.authoriseRead(resource, user);
		return result;
	}

}