2 * Copyright 2005 the original author or authors.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 package org.wamblee.photos.security;
19 import java.util.List;
21 import javax.inject.Inject;
22 import javax.persistence.DiscriminatorValue;
23 import javax.persistence.Entity;
24 import javax.persistence.PostLoad;
25 import javax.persistence.Transient;
27 import org.wamblee.inject.InjectorBuilder;
28 import org.wamblee.photos.model.PhotoEntry;
29 import org.wamblee.security.authentication.UserAdministration;
30 import org.wamblee.security.authorization.AuthorizationResult;
31 import org.wamblee.security.authorization.Operation;
32 import org.wamblee.security.authorization.ReadOperation;
33 import org.wamblee.security.authorization.UrlAuthorizationRule;
36 * Authorization rule for photos. A user has access to all albums owned by his
40 @DiscriminatorValue("PHOTOS")
41 public class PhotoAuthorizationRule extends UrlAuthorizationRule {
45 private UserAdministration userAdmin;
48 * Constructs the authorization rule.
51 public PhotoAuthorizationRule() {
57 InjectorBuilder.getInjector().inject(this);
61 * @see org.wamblee.security.authorization.AuthorizationRule#getSupportedTypes()
63 public Class[] getSupportedTypes() {
64 return new Class[] { PhotoEntry.class };
68 * @see org.wamblee.security.authorization.AuthorizationRule#isAllowed(java.lang.Object, org.wamblee.security.authorization.Operation, org.wamblee.usermgt.User)
70 public AuthorizationResult isAllowed(Object aResource,
71 Operation anOperation, String aUser) {
72 if (!(aResource instanceof PhotoEntry)) {
73 return AuthorizationResult.UNSUPPORTED_RESOURCE;
75 String path = getResourcePath(aResource);
76 if (path.equals("/") && anOperation instanceof ReadOperation) {
77 return AuthorizationResult.GRANTED;
79 List<String> groups = userAdmin.getGroups(aUser);
80 for (String group : groups) {
81 String allowedPath = "/" + group;
82 if (path.startsWith(allowedPath)) {
83 return AuthorizationResult.GRANTED;
86 return AuthorizationResult.DENIED;
90 * Gets the resource path for a photo entry.
92 protected String getResourcePath(Object aResource) {
93 return ((PhotoEntry) aResource).getPath();
97 * @see java.lang.Object#toString()
100 public String toString() {
101 return "PhotoAuthorizationRule()";