wamblee.org Git - photos/blob - src/main/java/org/wamblee/photos/security/PhotoAuthorizationRule.java

   1 /*
   2  * Copyright 2005 the original author or authors.
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 package org.wamblee.photos.security;
  18
  19 import java.util.List;
  20
  21 import javax.inject.Inject;
  22 import javax.persistence.DiscriminatorValue;
  23 import javax.persistence.Entity;
  24 import javax.persistence.PostLoad;
  25 import javax.persistence.Transient;
  26
  27 import org.wamblee.inject.InjectorBuilder;
  28 import org.wamblee.photos.model.PhotoEntry;
  29 import org.wamblee.security.authentication.UserAdministration;
  30 import org.wamblee.security.authorization.AuthorizationResult;
  31 import org.wamblee.security.authorization.Operation;
  32 import org.wamblee.security.authorization.ReadOperation;
  33 import org.wamblee.security.authorization.UrlAuthorizationRule;
  34
  35 /**
  36  * Authorization rule for photos. A user has access to all albums owned by his
  37  * own group.
  38  */
  39 @Entity
  40 @DiscriminatorValue("PHOTOS")
  41 public class PhotoAuthorizationRule extends UrlAuthorizationRule {
  42
  43     @Inject
  44     @Transient
  45     private UserAdministration userAdmin;
  46
  47     /**
  48      * Constructs the authorization rule.
  49      *
  50      */
  51     public PhotoAuthorizationRule() {
  52         // Empty.
  53     }
  54
  55     @PostLoad
  56     public void init() {
  57         InjectorBuilder.getInjector().inject(this);
  58     }
  59
  60     /* (non-Javadoc)
  61      * @see org.wamblee.security.authorization.AuthorizationRule#getSupportedTypes()
  62      */
  63     public Class[] getSupportedTypes() {
  64         return new Class[] { PhotoEntry.class };
  65     }
  66
  67     /* (non-Javadoc)
  68      * @see org.wamblee.security.authorization.AuthorizationRule#isAllowed(java.lang.Object, org.wamblee.security.authorization.Operation, org.wamblee.usermgt.User)
  69      */
  70     public AuthorizationResult isAllowed(Object aResource,
  71         Operation anOperation, String aUser) {
  72         if (!(aResource instanceof PhotoEntry)) {
  73             return AuthorizationResult.UNSUPPORTED_RESOURCE;
  74         }
  75         String path = getResourcePath(aResource);
  76         if (path.equals("/") && anOperation instanceof ReadOperation) {
  77             return AuthorizationResult.GRANTED;
  78         }
  79         List<String> groups = userAdmin.getGroups(aUser);
  80         for (String group : groups) {
  81             String allowedPath = "/" + group;
  82             if (path.startsWith(allowedPath)) {
  83                 return AuthorizationResult.GRANTED;
  84             }
  85         }
  86         return AuthorizationResult.DENIED;
  87     }
  88
  89     /**
  90      * Gets the resource path for a photo entry.
  91      */
  92     protected String getResourcePath(Object aResource) {
  93         return ((PhotoEntry) aResource).getPath();
  94     }
  95
  96     /* (non-Javadoc)
  97      * @see java.lang.Object#toString()
  98      */
  99     @Override
 100     public String toString() {
 101         return "PhotoAuthorizationRule()";
 102     }
 103 }