Coverage Report

Coverage Report - org.chenillekit.access.services.impl.AccessValidatorImpl

Classes in this File

Line Coverage

Branch Coverage

Complexity

AccessValidatorImpl

71%

49/69

39%

17/44

 /*
  * Apache License
  * Version 2.0, January 2004
  * http://www.apache.org/licenses/
  *
  * Copyright 2008 by chenillekit.org
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  */
 package org.chenillekit.access.services.impl;
 
 import org.apache.tapestry5.runtime.Component;
 import org.apache.tapestry5.services.ApplicationStateManager;
 import org.apache.tapestry5.services.ComponentSource;
 import org.apache.tapestry5.services.MetaDataLocator;
 import org.chenillekit.access.ChenilleKitAccessConstants;
 import org.chenillekit.access.WebSessionUser;
 import org.chenillekit.access.internal.ChenillekitAccessInternalUtils;
 import org.chenillekit.access.services.AccessValidator;
 import org.slf4j.Logger;
 
 /**
  *
  * @version $Id: AccessValidatorImpl.java 380 2008-12-30 10:21:52Z mlusetti $
  */
 public class AccessValidatorImpl implements AccessValidator
 {
         private final ComponentSource componentSource;
         private final MetaDataLocator locator;
         private final Logger logger;
         private final ApplicationStateManager manager;
         private final Class<? extends WebSessionUser> sessionUser;
 
 
         public AccessValidatorImpl(ComponentSource componentSource, MetaDataLocator locator,
                                                         Logger logger, ApplicationStateManager manager, Class<? extends WebSessionUser> sessionUser)
         {
                 this.componentSource = componentSource;
                 this.locator = locator;
                 this.logger = logger;
                 this.manager = manager;
                 this.sessionUser = sessionUser;
         }
 
 
         /**
          * We check for page/component and event type access rights.
          * <p/>
          * first we check the access rights for the requested page,
          * if access granted, we step down to the next level, the components.
          *
          * @see org.chenillekit.access.services.AccessValidator#hasAccess(java.lang.String, java.lang.String, java.lang.String)
          */
         public boolean hasAccess(String pageName, String componentId, String eventType)
         {
                 boolean hasAccess = true;
 
                 if (logger.isDebugEnabled())
                         logger.debug(ChenilleKitAccessConstants.CHENILLEKIT_ACCESS, "check access for pageName/componentId/eventType: {}/{}/{}",
                                                 new Object[]{pageName, componentId, eventType});
 
                 Component page = getPage(pageName);
 
                 if (page != null)
                 {
                         hasAccess = checkForPageAccess(page);
                         if (hasAccess)
                         {
                                 hasAccess = checkForComponentEventHandlerAccess(page, componentId, eventType);
 
 //                                if (hasAccess)
 //                                {
 //                                        Field[] fields = page.getClass().getDeclaredFields();
 //                                        for (Field field : fields)
 //                                        {
 //                                                if (field.isAnnotationPresent(Restricted.class) &&
 //                                                                field.isAnnotationPresent(org.apache.tapestry5.annotations.Component.class))
 //                                                {
 //                                                        if (logger.isDebugEnabled())
 //                                                                logger.debug("found restricted component '{}' in page '{}'", field.getName(), pageName);
 //
 //                                                        Component pageComponent = page.getComponentResources().getEmbeddedComponent(field.getName());
 //                                                }
 //                                        }
 //                                }
                         }
                 }
 
                 return hasAccess;
         }
 
         private boolean checkForComponentEventHandlerAccess(Component page,
                                                         String componentId,String eventType)
         {
                 boolean hasAccess = true;
                 if (componentId != null && eventType != null)
                 {
                         try {
                                 String groupMeta = ChenillekitAccessInternalUtils.buildMetaForHandlerMethod(componentId,
                                                 eventType,
                                                 ChenilleKitAccessConstants.RESTRICTED_EVENT_HANDLER_GROUPS_SUFFIX);
 
                                 String roleMeta = ChenillekitAccessInternalUtils.buildMetaForHandlerMethod(componentId,
                                                 eventType,
                                                 ChenilleKitAccessConstants.RESTRICTED_EVENT_HANDLER_ROLE_SUFFIX);
 
                                 String groups = locator.findMeta(groupMeta, page.getComponentResources(), String.class);
                                 Integer role = locator.findMeta(roleMeta, page.getComponentResources(), Integer.class);
 
                                 hasAccess = hasAccess(groups, role, page);
 
                         } catch (RuntimeException re)
                         {
                                 // FIXME Swallow?
                         }
                 }
 
                 return hasAccess;
 
         }
 
         /**
          * check for page restriction, and if page restricted we check for users access rights.
          *
          * @param page the page(component) object
          *
          * @return true if user has access or the page is not restricted
          */
         private boolean checkForPageAccess(Component page)
         {
                 String groups = locator.findMeta(ChenilleKitAccessConstants.RESTRICTED_PAGE_GROUP, page.getComponentResources(), String.class);
                 Integer role = locator.findMeta(ChenilleKitAccessConstants.RESTRICTED_PAGE_ROLE, page.getComponentResources(), Integer.class);
 
                 if (logger.isDebugEnabled())
                 {
                         logger.debug("Page  : " + page.getComponentResources().getPageName());
                         logger.debug("Groups: " + groups);
                         logger.debug("Role  : " + role);
                 }
 
                 return hasAccess(groups, role, page);
         }
 
         private boolean hasAccess(String groups, Integer role, Component page)
         {
                 if (groups.equals(ChenilleKitAccessConstants.NO_RESTRICTION) && role.equals(Integer.valueOf(0)))
                 {
                         return true;
                 }
 
                 boolean hasAccess = true;
 
                 if (groups != null || role != null)
                 {
                         WebSessionUser webSessionUser = manager.getIfExists(sessionUser);
 
                         if (webSessionUser == null)
                         {
                                 if (logger.isDebugEnabled())
                                         logger.debug( "No user defined just yet" );
                                 return false;
                         }
 
                         boolean hasGroup = true;
                         if (groups != null)
                         {
                                 if (logger.isDebugEnabled())
                                         logger.debug("groups "+webSessionUser.getGroups()+" section "+groups);
                                 hasGroup = ChenillekitAccessInternalUtils.hasUserRequiredGroup(webSessionUser.getGroups(),
                                                                 ChenillekitAccessInternalUtils.getStringAsStringArray(groups));
                         }
 
                         boolean hasRole = true;
                         if (role != null)
                         {
                                 if (logger.isDebugEnabled())
                                         logger.debug("role "+webSessionUser.getRoleWeight()+">="+role);
                                 hasRole = ChenillekitAccessInternalUtils.hasUserRequiredRole(webSessionUser.getRoleWeight(),
                                                                 role);
                         }
 
                         hasAccess = hasGroup && hasRole;
 
                         if (logger.isDebugEnabled())
                         {
                                 logger.debug("Page '{}' - hasRole = {} / hasGroup = {}",
                                                 new Object[]{page.getComponentResources().getPageName(), hasRole, hasGroup});
                         }
                 }
                 else
                 {
                         // XXX Notify?
                 }
 
                 return hasAccess;
 
         }
 
         /**
          * get the page component.
          *
          * @param pageName the name of page
          *
          * @return may be null if not found
          */
         private Component getPage(String pageName)
         {
                 Component component = null;
 
                 // This should be unnecessary...
                 boolean found = false;
                 while (!found)
                 {
                         try
                         {
                                 component = componentSource.getPage(pageName);
                                 found = true;
                         }
                         catch (IllegalArgumentException iae)
                         {
                                 if (pageName.lastIndexOf('/') != -1)
                                 {
                                         pageName = pageName.substring(0, pageName.lastIndexOf('/'));
                                         if (logger.isTraceEnabled())
                                                 logger.trace(ChenilleKitAccessConstants.CHENILLEKIT_ACCESS, "New pagename: {}", pageName);
                                 }
                                 else
                                 {
                                         throw iae;
                                 }
                         }
                 }
 
                 return component;
         }
 
 }

1		/*
2		* Apache License
3		* Version 2.0, January 2004
4		* http://www.apache.org/licenses/
5		*
6		* Copyright 2008 by chenillekit.org
7		*
8		* Licensed under the Apache License, Version 2.0 (the "License");
9		* you may not use this file except in compliance with the License.
10		* You may obtain a copy of the License at
11		*
12		* http://www.apache.org/licenses/LICENSE-2.0
13		*/
14		package org.chenillekit.access.services.impl;
15
16		import org.apache.tapestry5.runtime.Component;
17		import org.apache.tapestry5.services.ApplicationStateManager;
18		import org.apache.tapestry5.services.ComponentSource;
19		import org.apache.tapestry5.services.MetaDataLocator;
20		import org.chenillekit.access.ChenilleKitAccessConstants;
21		import org.chenillekit.access.WebSessionUser;
22		import org.chenillekit.access.internal.ChenillekitAccessInternalUtils;
23		import org.chenillekit.access.services.AccessValidator;
24		import org.slf4j.Logger;
25
26		/**
27		*
28		* @version $Id: AccessValidatorImpl.java 380 2008-12-30 10:21:52Z mlusetti $
29		*/
30		public class AccessValidatorImpl implements AccessValidator
31		{
32		private final ComponentSource componentSource;
33		private final MetaDataLocator locator;
34		private final Logger logger;
35		private final ApplicationStateManager manager;
36		private final Class<? extends WebSessionUser> sessionUser;
37
38
39		public AccessValidatorImpl(ComponentSource componentSource, MetaDataLocator locator,
40		Logger logger, ApplicationStateManager manager, Class<? extends WebSessionUser> sessionUser)
41	1	{
42	1	this.componentSource = componentSource;
43	1	this.locator = locator;
44	1	this.logger = logger;
45	1	this.manager = manager;
46	1	this.sessionUser = sessionUser;
47	1	}
48
49
50		/**
51		* We check for page/component and event type access rights.
52		* <p/>
53		* first we check the access rights for the requested page,
54		* if access granted, we step down to the next level, the components.
55		*
56		* @see org.chenillekit.access.services.AccessValidator#hasAccess(java.lang.String, java.lang.String, java.lang.String)
57		*/
58		public boolean hasAccess(String pageName, String componentId, String eventType)
59		{
60	16	boolean hasAccess = true;
61
62	16	if (logger.isDebugEnabled())
63	16	logger.debug(ChenilleKitAccessConstants.CHENILLEKIT_ACCESS, "check access for pageName/componentId/eventType: {}/{}/{}",
64		new Object[]{pageName, componentId, eventType});
65
66	16	Component page = getPage(pageName);
67
68	16	if (page != null)
69		{
70	16	hasAccess = checkForPageAccess(page);
71	16	if (hasAccess)
72		{
73	13	hasAccess = checkForComponentEventHandlerAccess(page, componentId, eventType);
74
75		// if (hasAccess)
76		// {
77		// Field[] fields = page.getClass().getDeclaredFields();
78		// for (Field field : fields)
79		// {
80		// if (field.isAnnotationPresent(Restricted.class) &&
81		// field.isAnnotationPresent(org.apache.tapestry5.annotations.Component.class))
82		// {
83		// if (logger.isDebugEnabled())
84		// logger.debug("found restricted component '{}' in page '{}'", field.getName(), pageName);
85		//
86		// Component pageComponent = page.getComponentResources().getEmbeddedComponent(field.getName());
87		// }
88		// }
89		// }
90		}
91		}
92
93	16	return hasAccess;
94		}
95
96		private boolean checkForComponentEventHandlerAccess(Component page,
97		String componentId,String eventType)
98		{
99	13	boolean hasAccess = true;
100	13	if (componentId != null && eventType != null)
101		{
102		try {
103	3	String groupMeta = ChenillekitAccessInternalUtils.buildMetaForHandlerMethod(componentId,
104		eventType,
105		ChenilleKitAccessConstants.RESTRICTED_EVENT_HANDLER_GROUPS_SUFFIX);
106
107	3	String roleMeta = ChenillekitAccessInternalUtils.buildMetaForHandlerMethod(componentId,
108		eventType,
109		ChenilleKitAccessConstants.RESTRICTED_EVENT_HANDLER_ROLE_SUFFIX);
110
111	3	String groups = locator.findMeta(groupMeta, page.getComponentResources(), String.class);
112	2	Integer role = locator.findMeta(roleMeta, page.getComponentResources(), Integer.class);
113
114	2	hasAccess = hasAccess(groups, role, page);
115
116	1	} catch (RuntimeException re)
117		{
118		// FIXME Swallow?
119	2	}
120		}
121
122	13	return hasAccess;
123
124		}
125
126		/**
127		* check for page restriction, and if page restricted we check for users access rights.
128		*
129		* @param page the page(component) object
130		*
131		* @return true if user has access or the page is not restricted
132		*/
133		private boolean checkForPageAccess(Component page)
134		{
135	16	String groups = locator.findMeta(ChenilleKitAccessConstants.RESTRICTED_PAGE_GROUP, page.getComponentResources(), String.class);
136	16	Integer role = locator.findMeta(ChenilleKitAccessConstants.RESTRICTED_PAGE_ROLE, page.getComponentResources(), Integer.class);
137
138	16	if (logger.isDebugEnabled())
139		{
140	16	logger.debug("Page : " + page.getComponentResources().getPageName());
141	16	logger.debug("Groups: " + groups);
142	16	logger.debug("Role : " + role);
143		}
144
145	16	return hasAccess(groups, role, page);
146		}
147
148		private boolean hasAccess(String groups, Integer role, Component page)
149		{
150	18	if (groups.equals(ChenilleKitAccessConstants.NO_RESTRICTION) && role.equals(Integer.valueOf(0)))
151		{
152	13	return true;
153		}
154
155	5	boolean hasAccess = true;
156
157	5	if (groups != null \|\| role != null)
158		{
159	5	WebSessionUser webSessionUser = manager.getIfExists(sessionUser);
160
161	5	if (webSessionUser == null)
162		{
163	5	if (logger.isDebugEnabled())
164	5	logger.debug( "No user defined just yet" );
165	5	return false;
166		}
167
168	0	boolean hasGroup = true;
169	0	if (groups != null)
170		{
171	0	if (logger.isDebugEnabled())
172	0	logger.debug("groups "+webSessionUser.getGroups()+" section "+groups);
173	0	hasGroup = ChenillekitAccessInternalUtils.hasUserRequiredGroup(webSessionUser.getGroups(),
174		ChenillekitAccessInternalUtils.getStringAsStringArray(groups));
175		}
176
177	0	boolean hasRole = true;
178	0	if (role != null)
179		{
180	0	if (logger.isDebugEnabled())
181	0	logger.debug("role "+webSessionUser.getRoleWeight()+">="+role);
182	0	hasRole = ChenillekitAccessInternalUtils.hasUserRequiredRole(webSessionUser.getRoleWeight(),
183		role);
184		}
185
186	0	hasAccess = hasGroup && hasRole;
187
188	0	if (logger.isDebugEnabled())
189		{
190	0	logger.debug("Page '{}' - hasRole = {} / hasGroup = {}",
191		new Object[]{page.getComponentResources().getPageName(), hasRole, hasGroup});
192		}
193		}
194		else
195		{
196		// XXX Notify?
197		}
198
199	0	return hasAccess;
200
201		}
202
203		/**
204		* get the page component.
205		*
206		* @param pageName the name of page
207		*
208		* @return may be null if not found
209		*/
210		private Component getPage(String pageName)
211		{
212	16	Component component = null;
213
214		// This should be unnecessary...
215	16	boolean found = false;
216	32	while (!found)
217		{
218		try
219		{
220	16	component = componentSource.getPage(pageName);
221	16	found = true;
222		}
223	0	catch (IllegalArgumentException iae)
224		{
225	0	if (pageName.lastIndexOf('/') != -1)
226		{
227	0	pageName = pageName.substring(0, pageName.lastIndexOf('/'));
228	0	if (logger.isTraceEnabled())
229	0	logger.trace(ChenilleKitAccessConstants.CHENILLEKIT_ACCESS, "New pagename: {}", pageName);
230		}
231		else
232		{
233	0	throw iae;
234		}
235	16	}
236		}
237
238	16	return component;
239		}
240
241		}