2 * Copyright 2005 the original author or authors.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 package org.wamblee.photos.security;
19 import java.util.List;
20 import javax.inject.Inject;
21 import javax.persistence.DiscriminatorValue;
22 import javax.persistence.Entity;
23 import javax.persistence.PostLoad;
24 import javax.persistence.Transient;
26 import org.wamblee.inject.InjectorBuilder;
27 import org.wamblee.photos.model.PhotoEntry;
28 import org.wamblee.security.authentication.UserAdministration;
29 import org.wamblee.security.authorization.AuthorizationResult;
30 import org.wamblee.security.authorization.Operation;
31 import org.wamblee.security.authorization.ReadOperation;
32 import org.wamblee.security.authorization.UrlAuthorizationRule;
33 import org.wamblee.security.authorization.UserCondition;
36 * Authorization rule for photos. A user has access to all albums owned by his
40 @DiscriminatorValue("PHOTOS")
41 public class PhotoAuthorizationRule extends UrlAuthorizationRule {
45 private UserAdministration userAdmin;
48 * Constructs the authorization rule.
50 public PhotoAuthorizationRule() {
54 public PhotoAuthorizationRule(UserCondition aUserCondition) {
55 super(AuthorizationResult.GRANTED, aUserCondition, null, PhotoEntry.class, null);
60 InjectorBuilder.getInjector().inject(this);
67 * org.wamblee.security.authorization.AuthorizationRule#getSupportedTypes()
69 public Class[] getSupportedTypes() {
70 return new Class[]{PhotoEntry.class};
77 * org.wamblee.security.authorization.AuthorizationRule#isAllowed(java.lang
78 * .Object, org.wamblee.security.authorization.Operation,
79 * org.wamblee.usermgt.User)
81 public AuthorizationResult isAllowed(Object aResource, Operation anOperation, String aUser) {
82 if (!(aResource instanceof PhotoEntry)) {
83 return AuthorizationResult.UNSUPPORTED_RESOURCE;
85 String path = getResourcePath(aResource);
86 if (path.equals("/") && anOperation instanceof ReadOperation) {
87 return AuthorizationResult.GRANTED;
89 List<String> groups = userAdmin.getGroups(aUser);
90 for (String group : groups) {
91 String allowedPath = "/" + group;
92 if (path.startsWith(allowedPath)) {
93 return AuthorizationResult.GRANTED;
96 return AuthorizationResult.DENIED;
100 * Gets the resource path for a photo entry.
102 protected String getResourcePath(Object aResource) {
103 return ((PhotoEntry) aResource).getPath();
109 * @see java.lang.Object#toString()
112 public String toString() {
113 return "PhotoAuthorizationRule()";