2 * Copyright (C) 2001, 2002 The Mir-coders group
4 * This file is part of Mir.
6 * Mir is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * Mir is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with Mir; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 * In addition, as a special exception, The Mir-coders gives permission to link
21 * the code of this program with any library licensed under the Apache Software License,
22 * The Sun (tm) Java Advanced Imaging library (JAI), The Sun JIMI library
23 * (or with modified versions of the above that use the same license as the above),
24 * and distribute linked combinations including the two. You must obey the
25 * GNU General Public License in all respects for all of the code used other than
26 * the above mentioned libraries. If you modify this file, you may extend this
27 * exception to your version of the file, but you are not obligated to do so.
28 * If you do not wish to do so, delete this exception statement from your version.
31 package mircoders.accesscontrol;
33 import mir.config.MirPropertiesConfiguration;
34 import mir.log.LoggerWrapper;
35 import mircoders.entity.EntityUsers;
36 import mircoders.module.ModuleContent;
38 import java.util.List;
39 import java.util.Vector;
41 public class AccessControl {
42 private UserAccessControl user;
43 private GeneralAccessControl general;
44 private ArticleAccessControl article;
45 protected LoggerWrapper logger = new LoggerWrapper("Global.AccessControl");
46 protected MirPropertiesConfiguration configuration;
48 public AccessControl() {
50 configuration = MirPropertiesConfiguration.instance();
52 user = new UserAccessControl(configuration.getVector("AccessControl.SuperUsers"));
53 general = new GeneralAccessControl();
54 article = new ArticleAccessControl(
55 configuration.getString("AccessControl.LockingEnabled", "0").equals("1"),
56 configuration.getString("AccessControl.LockingOptional", "0").equals("1"));
59 throw new RuntimeException(t.toString());
63 public UserAccessControl user() {
67 public GeneralAccessControl general() {
71 public ArticleAccessControl article() {
75 public class GeneralAccessControl {
76 public boolean mayDeleteArticles(EntityUsers aSubject) {
77 return configuration.getString("Mir.Localizer.Admin.AllowDeleteArticle", "0").equals("1");
80 public void assertMayDeleteArticles(EntityUsers aSubject) throws AuthorizationExc, AuthorizationFailure {
82 if (!mayDeleteArticles(aSubject))
83 throw new AuthorizationExc("not allowed to delete articles");
86 throw new AuthorizationFailure(t);
90 public boolean mayDeleteComments(EntityUsers aSubject) {
91 return configuration.getString("Mir.Localizer.Admin.AllowDeleteComment", "0").equals("1");
94 public void assertMayDeleteComments(EntityUsers aSubject) throws AuthorizationExc, AuthorizationFailure {
96 if (!mayDeleteArticles(aSubject))
97 throw new AuthorizationExc("not allowed to delete comments");
100 throw new AuthorizationFailure(t);
105 public class UserAccessControl {
106 private List superusers;
108 public UserAccessControl(List aSuperUsers) {
109 superusers = new Vector(aSuperUsers);
112 public void assertMayAddUsers(EntityUsers aSubject) throws AuthorizationExc, AuthorizationFailure {
114 if (!mayAddUsers(aSubject))
115 throw new AuthorizationExc("not allowed to add users");
117 catch (Throwable t) {
118 throw new AuthorizationFailure(t);
123 public boolean mayAddUsers(EntityUsers aSubject) {
124 return superusers.contains(aSubject.getFieldValue("login"));
127 protected boolean isSuperUser(EntityUsers aUser) {
128 return superusers.contains(aUser.getFieldValue("login"));
131 public void assertMayEditUser(EntityUsers aSubject, EntityUsers anObject) throws AuthorizationExc, AuthorizationFailure {
133 if (!mayEditUser(aSubject, anObject))
134 throw new AuthorizationExc("not allowed to edit user " + anObject.getId());
136 catch (Throwable t) {
137 throw new AuthorizationFailure(t);
142 public boolean mayEditUser(EntityUsers aSubject, EntityUsers anObject) {
143 return superusers.contains(aSubject.getFieldValue("login"));
146 public boolean mayEditUsers(EntityUsers aSubject) {
147 return superusers.contains(aSubject.getFieldValue("login"));
150 public void assertMayDeleteUser(EntityUsers aSubject, EntityUsers anObject) throws AuthorizationExc, AuthorizationFailure {
152 if (!mayDeleteUser(aSubject, anObject))
153 throw new AuthorizationExc("not allowed to delete user " + anObject.getId());
155 catch (Throwable t) {
156 throw new AuthorizationFailure(t);
160 public boolean mayDeleteUser(EntityUsers aSubject, EntityUsers anObject) {
161 return superusers.contains(aSubject.getFieldValue("login"));
164 public boolean mayDeleteUsers(EntityUsers aSubject) {
165 return superusers.contains(aSubject.getFieldValue("login"));
168 public boolean mayChangeUserPassword(EntityUsers aSubject, EntityUsers anObject) {
169 return aSubject.getId().equals(anObject.getId()) || superusers.contains(aSubject.getFieldValue("login"));
172 public void assertMayChangeUserPassword(EntityUsers aSubject, EntityUsers anObject) throws AuthorizationExc, AuthorizationFailure {
174 if (!mayChangeUserPassword(aSubject, anObject))
175 throw new AuthorizationExc("not allowed to change user " + anObject.getId()+"'s password");
177 catch (Throwable t) {
178 throw new AuthorizationFailure(t);
183 public class ArticleAccessControl {
184 private ModuleContent contentModule;
185 private boolean lockingEnabled;
186 private boolean lockingOptional;
188 public ArticleAccessControl(boolean aLockingEnabled, boolean aLockingOptional) {
189 contentModule = new ModuleContent();
190 lockingEnabled = aLockingEnabled;
191 lockingOptional = aLockingOptional;
194 public boolean mayEditArticle(EntityUsers aSubject, String anArticleId) {
195 String userId = aSubject.getId();
202 String lockingUser = contentModule.queryArticleLock(anArticleId);
204 return userId.equals(lockingUser) || ((lockingUser==null) && lockingOptional);
207 public boolean mayLockArticle(EntityUsers aSubject, String anArticleId) {
208 String userId = aSubject.getId();
215 String lockingUser = contentModule.queryArticleLock(anArticleId);
217 return (lockingUser==null);
220 public boolean mayForceLockArticle(EntityUsers aSubject, String anArticleId) {
221 String userId = aSubject.getId();
228 String lockingUser = contentModule.queryArticleLock(anArticleId);
230 return (lockingUser!=null) && !userId.equals(lockingUser) && user().isSuperUser(aSubject);
233 public boolean mayUnlockArticle(EntityUsers aSubject, String anArticleId) {
234 String userId = aSubject.getId();
241 String lockingUser = contentModule.queryArticleLock(anArticleId);
243 return userId.equals(lockingUser);