Source code

001/*
002 *  Licensed to the Apache Software Foundation (ASF) under one
003 *  or more contributor license agreements.  See the NOTICE file
004 *  distributed with this work for additional information
005 *  regarding copyright ownership.  The ASF licenses this file
006 *  to you under the Apache License, Version 2.0 (the
007 *  "License"); you may not use this file except in compliance
008 *  with the License.  You may obtain a copy of the License at
009 *
010 *        http://www.apache.org/licenses/LICENSE-2.0
011 *
012 *  Unless required by applicable law or agreed to in writing,
013 *  software distributed under the License is distributed on an
014 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *  KIND, either express or implied.  See the License for the
016 *  specific language governing permissions and limitations
017 *  under the License.
018 */
019
020package org.apache.isis.core.runtime.authorization.standard;
021
022import org.apache.isis.applib.Identifier;
023import org.apache.isis.core.commons.authentication.AuthenticationSession;
024import org.apache.isis.core.commons.config.IsisConfiguration;
025import org.apache.isis.core.commons.debug.DebugBuilder;
026import org.apache.isis.core.commons.debug.DebuggableWithTitle;
027import org.apache.isis.core.metamodel.adapter.ObjectAdapter;
028import org.apache.isis.core.metamodel.progmodel.ProgrammingModel;
029import org.apache.isis.core.metamodel.specloader.validator.MetaModelValidatorComposite;
030import org.apache.isis.core.runtime.authorization.AuthorizationManagerAbstract;
031
032public class AuthorizationManagerStandard extends AuthorizationManagerAbstract implements DebuggableWithTitle {
033
034    private Authorizor authorizor;
035
036    // /////////////////////////////////////////////////////////
037    // Constructor
038    // /////////////////////////////////////////////////////////
039
040    public AuthorizationManagerStandard(final IsisConfiguration configuration) {
041        super(configuration);
042        // avoid null pointers
043        authorizor = new Authorizor() {
044
045            @Override
046            public void init() {
047            }
048
049            @Override
050            public void shutdown() {
051            }
052
053            @Override
054            public boolean isVisibleInRole(final String user, final Identifier identifier) {
055                return true;
056            }
057
058            @Override
059            public boolean isUsableInRole(final String role, final Identifier identifier) {
060                return true;
061            }
062
063            @Override
064            public boolean isVisibleInAnyRole(Identifier identifier) {
065                return true;
066            }
067
068            @Override
069            public boolean isUsableInAnyRole(Identifier identifier) {
070                return true;
071            }
072        };
073    }
074
075    // /////////////////////////////////////////////////////////
076    // init, shutddown
077    // /////////////////////////////////////////////////////////
078
079    @Override
080    public void init() {
081        authorizor.init();
082    }
083
084    @Override
085    public void shutdown() {
086        authorizor.shutdown();
087    }
088
089    // /////////////////////////////////////////////////////////
090    // API
091    // /////////////////////////////////////////////////////////
092
093    @Override
094    public boolean isUsable(final AuthenticationSession session, final ObjectAdapter target, final Identifier identifier) {
095        if (isPerspectiveMember(identifier)) {
096            return true;
097        }
098        if (authorizor.isUsableInAnyRole(identifier)) {
099            return true;
100        }
101        for (final String roleName : session.getRoles()) {
102            if (authorizor.isUsableInRole(roleName, identifier)) {
103                return true;
104            }
105        }
106        return false;
107    }
108
109    @Override
110    public boolean isVisible(final AuthenticationSession session, final ObjectAdapter target, final Identifier identifier) {
111        if (isPerspectiveMember(identifier)) {
112            return true;
113        }
114        if (authorizor.isVisibleInAnyRole(identifier)) {
115            return true;
116        }
117        for (final String roleName : session.getRoles()) {
118            if (authorizor.isVisibleInRole(roleName, identifier)) {
119                return true;
120            }
121        }
122        return false;
123    }
124
125    private boolean isPerspectiveMember(final Identifier identifier) {
126        return (identifier.getClassName().equals(""));
127    }
128
129
130    // //////////////////////////////////////////////////
131    // MetaModelRefiner impl
132    // //////////////////////////////////////////////////
133
134    @Override
135    public void refineMetaModelValidator(MetaModelValidatorComposite baseMetaModelValidator, IsisConfiguration configuration) {
136        // no-op
137    }
138
139    @Override
140    public void refineProgrammingModel(ProgrammingModel baseProgrammingModel, IsisConfiguration configuration) {
141        final AuthorizationFacetFactory facetFactory = new AuthorizationFacetFactory(this);
142        baseProgrammingModel.addFactory(facetFactory);
143    }
144
145    // //////////////////////////////////////////////////////////
146    // Debugging
147    // //////////////////////////////////////////////////////////
148
149    @Override
150    public String debugTitle() {
151        return "Authorization Manager";
152    }
153
154    @Override
155    public void debugData(final DebugBuilder debug) {
156        debug.appendTitle("Authorizor Manager");
157        debug.appendln("Authorizer", authorizor);
158    }
159
160    // //////////////////////////////////////////////////
161    // Dependencies (injected)
162    // //////////////////////////////////////////////////
163
164    protected void setAuthorizor(final Authorizor authorisor) {
165        this.authorizor = authorisor;
166    }
167
168}