View Javadoc
1   /*
2    * Copyright (c) 2002-2014, Mairie de Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.portal.service.rbac;
35  
36  import fr.paris.lutece.portal.business.rbac.AdminRole;
37  import fr.paris.lutece.portal.business.rbac.RBACHome;
38  import fr.paris.lutece.portal.business.user.AdminUser;
39  import fr.paris.lutece.util.ReferenceItem;
40  import fr.paris.lutece.util.ReferenceList;
41  
42  import java.util.ArrayList;
43  import java.util.Collection;
44  import java.util.Map;
45  
46  
47  /**
48   * This class provides the main methods to control the access to a resource depending on the user's roles
49   */
50  public final class RBACService
51  {
52      /**
53       * Constructor
54       */
55      private RBACService(  )
56      {
57      }
58  
59      /**
60       * Check that a given user is allowed to access a resource for a given permission
61       * @param strResourceTypeCode the key of the resource type being considered
62       * @param strResourceId the id of the resource being considered
63       * @param strPermission the permission needed
64       * @param user the user trying to access the ressource
65       * @return true if the user can access the given resource with the given permission, false otherwise
66       */
67      public static boolean isAuthorized( String strResourceTypeCode, String strResourceId, String strPermission,
68          AdminUser user )
69      {
70          // Check user roles
71          Collection<String> colRoles = RBACHome.findRoleKeys( strResourceTypeCode, strResourceId, strPermission );
72  
73          for ( String strRole : colRoles )
74          {
75              if ( isUserInRole( user, strRole ) )
76              {
77                  return true;
78              }
79          }
80  
81          return false;
82      }
83  
84      /**
85       * Check that a given user is allowed to access a resource for a given permission
86       * @param resource the resource object being considered
87       * @param strPermission the permission needed
88       * @param user the user trying to access the ressource
89       * @return true if the user can access the given resource with the given permission, false otherwise
90       */
91      public static boolean isAuthorized( RBACResource resource, String strPermission, AdminUser user )
92      {
93          boolean bAuthorized = false;
94  
95          if ( resource != null )
96          {
97              bAuthorized = isAuthorized( resource.getResourceTypeCode(  ), resource.getResourceId(  ), strPermission,
98                      user );
99          }
100 
101         return bAuthorized;
102     }
103 
104     /**
105      * Check that a given user is in the given role
106      * @param user The user
107      * @param strRole The role
108      * @return true if the user has the given role, false otherwise
109      */
110     public static boolean isUserInRole( AdminUser user, String strRole )
111     {
112         Map<String, AdminRole> userRoles = user.getRoles(  );
113 
114         if ( userRoles.containsKey( strRole ) )
115         {
116             return true;
117         }
118 
119         return false;
120     }
121 
122     /**
123      * Filter a collection of resources for a given user
124      * @param <E> The RBAC resource
125      * @param collection The collection to filter
126      * @param strPermission Permission to check
127      * @param user The user
128      * @return A filtered collection of resources
129      */
130     public static <E extends RBACResource> Collection<E> getAuthorizedCollection( Collection<E> collection,
131         String strPermission, AdminUser user )
132     {
133         Collection<E> list = new ArrayList<E>(  );
134 
135         for ( E resource : collection )
136         {
137             if ( isAuthorized( resource, strPermission, user ) )
138             {
139                 list.add( resource );
140             }
141         }
142 
143         return list;
144     }
145 
146     /**
147      * Filter a Reference List for a given user
148      * @param listResources The list to filter
149      * @param strResourceType The resource type
150      * @param strPermission  The permission to check
151      * @param user The user
152      * @return The filtered collection
153      */
154     public static ReferenceList getAuthorizedReferenceList( ReferenceList listResources, String strResourceType,
155         String strPermission, AdminUser user )
156     {
157         ReferenceList list = new ReferenceList(  );
158 
159         for ( ReferenceItem item : listResources )
160         {
161             if ( isAuthorized( strResourceType, item.getCode(  ), strPermission, user ) )
162             {
163                 list.addItem( item.getCode(  ), item.getName(  ) );
164             }
165         }
166 
167         return list;
168     }
169 
170     /**
171      * Filter a collection of RBACAction for a given user
172      * @param <E> The RBAC resource
173      * @param collection The collection to filter
174      * @param resource The resource
175      * @param user The user
176      * @return The filtered collection
177      */
178     public static <E extends RBACAction> Collection<E> getAuthorizedActionsCollection( Collection<E> collection,
179         RBACResource resource, AdminUser user )
180     {
181         Collection<E> list = new ArrayList<E>(  );
182 
183         for ( E action : collection )
184         {
185             if ( isAuthorized( resource, action.getPermission(  ), user ) )
186             {
187                 list.add( action );
188             }
189         }
190 
191         return list;
192     }
193 }