Java tutorial
/******************************************************************************* * Copyright (c) 2011 University of Western Australia. All rights reserved. * * This file is part of The Ark. * * The Ark is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 3 * of the License, or (at your option) any later version. * * The Ark is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. ******************************************************************************/ package au.org.theark.core.security; import java.util.Collection; import org.apache.shiro.SecurityUtils; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.subject.Subject; import org.apache.shiro.util.ThreadContext; import org.apache.wicket.spring.injection.annot.SpringBean; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import au.org.theark.core.Constants; import au.org.theark.core.model.study.entity.ArkModule; import au.org.theark.core.model.study.entity.Study; import au.org.theark.core.service.IArkCommonService; /** * Global common class that provide helper methods to determine permissions of particular action/module * * @author cellis * */ public class ArkPermissionHelper { private transient static Logger log = LoggerFactory.getLogger(ArkPermissionHelper.class); @SpringBean(name = au.org.theark.core.Constants.ARK_COMMON_SERVICE) private static IArkCommonService<Void> iArkCommonService; /** * Determines whether a particular module function is accessible/permitted by the user in context * * @param actionType * @return true if user in context has any of the CREATE, UPDATE, or READ permissions */ public static boolean isModuleFunctionAccessPermitted() { boolean modulePermitted = true; SecurityManager securityManager = ThreadContext.getSecurityManager(); Subject currentUser = SecurityUtils.getSubject(); boolean hasSearchPermission = hasSearchPermission(securityManager, currentUser); boolean hasSavePermission = hasSavePermission(securityManager, currentUser); boolean hasEditPermission = hasEditPermission(securityManager, currentUser); boolean hasPermissions = (hasSearchPermission || hasSavePermission || hasEditPermission); if (!(hasPermissions)) { modulePermitted = false; } return modulePermitted; } /** * Determines whether a particular module is accessible by the user, for the study in context * * @param arkModuleName * @return true if module set to be accessed/used within the study in context */ public static boolean isModuleAccessPermitted(String arkModuleName) { boolean modulePermitted = true; Long sessionStudyId = (Long) SecurityUtils.getSubject().getSession() .getAttribute(au.org.theark.core.Constants.STUDY_CONTEXT_ID); if (sessionStudyId != null) { String arkModule = (String) SecurityUtils.getSubject().getSession().getAttribute(arkModuleName); if (arkModule != null) { if (arkModule.equals(arkModuleName)) { modulePermitted = true; } else { modulePermitted = false; } } } else { modulePermitted = false; } return modulePermitted; } /** * Determines whether a particular action is permitted by the user in context (eg Save, Edit, Delete) * * @param actionType * @return true if action is permitted */ public static boolean isActionPermitted(String actionType) { boolean actionPermitted = false; SecurityManager securityManager = ThreadContext.getSecurityManager(); Subject currentUser = SecurityUtils.getSubject(); if (actionType.equalsIgnoreCase(Constants.SEARCH)) { actionPermitted = hasSearchPermission(securityManager, currentUser); } else if (actionType.equalsIgnoreCase(Constants.SAVE)) { actionPermitted = hasSavePermission(securityManager, currentUser); } else if (actionType.equalsIgnoreCase(Constants.EDIT)) { actionPermitted = hasEditPermission(securityManager, currentUser); } else if (actionType.equalsIgnoreCase(Constants.DELETE)) { actionPermitted = hasDeletePermission(securityManager, currentUser); } else if (actionType.equalsIgnoreCase(Constants.NEW)) { actionPermitted = hasNewPermission(securityManager, currentUser); } return actionPermitted; } /** * Determines if current user has Search permissions * * @param securityManager * @param currentUser * @return true if READ permission allowed */ public static boolean hasSearchPermission(SecurityManager securityManager, Subject currentUser) { boolean flag = false; if (securityManager.isPermitted(currentUser.getPrincipals(), PermissionConstants.READ)) { flag = true; } else { flag = false; } return flag; } /** * Determines if current user has Save permissions * * @param securityManager * @param currentUser * @return true if CREATE or UPDATE permission allowed */ public static boolean hasSavePermission(SecurityManager securityManager, Subject currentUser) { boolean flag = false; if (securityManager.isPermitted(currentUser.getPrincipals(), PermissionConstants.CREATE) || securityManager.isPermitted(currentUser.getPrincipals(), PermissionConstants.UPDATE)) { flag = true; } else { flag = false; } return flag; } /** * Determines if current user has Edit permissions * * @param securityManager * @param currentUser * @return true if UPDATE permission allowed */ public static boolean hasEditPermission(SecurityManager securityManager, Subject currentUser) { boolean flag = false; if (securityManager.isPermitted(currentUser.getPrincipals(), PermissionConstants.UPDATE)) { flag = true; } else { flag = false; } return flag; } /** * Determines if current user has Delete permissions * * @param securityManager * @param currentUser * @return true if DELETE permission allowed */ public static boolean hasDeletePermission(SecurityManager securityManager, Subject currentUser) { boolean flag = false; if (securityManager.isPermitted(currentUser.getPrincipals(), PermissionConstants.DELETE)) { flag = true; } else { flag = false; } return flag; } /** * Determines if current user has CREATE permissions * * @param securityManager * @param currentUser * @return true if CREATE permission allowed */ public static boolean hasNewPermission(SecurityManager securityManager, Subject currentUser) { boolean flag = false; if (securityManager.isPermitted(currentUser.getPrincipals(), PermissionConstants.CREATE)) { flag = true; } else { flag = false; } return flag; } /** * @param log * the log to set */ public static void setLog(Logger log) { ArkPermissionHelper.log = log; } /** * @return the log */ public static Logger getLog() { return log; } }