001 /*
002 *
003 * $Revision: 15371 $ $Date: 2009-06-15 16:50:47 +0200 (Mon, 15 Jun 2009) $
004 *
005 * This file is part of *** M y C o R e ***
006 * See http://www.mycore.de/ for details.
007 *
008 * This program is free software; you can use it, redistribute it
009 * and / or modify it under the terms of the GNU General Public License
010 * (GPL) as published by the Free Software Foundation; either version 2
011 * of the License or (at your option) any later version.
012 *
013 * This program is distributed in the hope that it will be useful, but
014 * WITHOUT ANY WARRANTY; without even the implied warranty of
015 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
016 * GNU General Public License for more details.
017 *
018 * You should have received a copy of the GNU General Public License
019 * along with this program, in a file called gpl.txt or license.txt.
020 * If not, write to the Free Software Foundation Inc.,
021 * 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA
022 */
023 package org.mycore.access;
024
025 import java.util.Collection;
026
027 import org.apache.log4j.Logger;
028 import org.jdom.Element;
029 import org.mycore.access.strategies.MCRAccessCheckStrategy;
030 import org.mycore.access.strategies.MCRObjectIDStrategy;
031 import org.mycore.common.MCRConfiguration;
032 import org.mycore.common.MCRException;
033 import org.mycore.datamodel.common.MCRLinkTableManager;
034 import org.mycore.datamodel.metadata.MCRObjectID;
035
036 /**
037 *
038 * @author Thomas Scheffler
039 *
040 * @version $Revision: 15371 $ $Date: 2009-06-15 16:50:47 +0200 (Mon, 15 Jun 2009) $
041 */
042 public class MCRAccessManager {
043
044 private static final MCRAccessInterface ACCESS_IMPL = (MCRAccessInterface) MCRConfiguration.instance().getSingleInstanceOf("MCR.Access.Class",
045 MCRAccessBaseImpl.class.getName());
046
047 private static final MCRAccessCheckStrategy ACCESS_STRATEGY = (MCRAccessCheckStrategy) MCRConfiguration.instance().getInstanceOf(
048 "MCR.Access.Strategy.Class", MCRObjectIDStrategy.class.getName());
049
050 public static final Logger LOGGER = Logger.getLogger(MCRAccessManager.class);
051
052 public static MCRAccessInterface getAccessImpl() {
053 return ACCESS_IMPL;
054 }
055
056 /**
057 * adds an access rule for an MCRObjectID to an access system.
058 *
059 * @param id
060 * the MCRObjectID of the object
061 * @param permission
062 * the access permission for the rule
063 * @param rule
064 * the access rule
065 * @param description
066 * description for the given access rule, e.g. "allows public access"
067 * @throws MCRException
068 * if an errow was occured
069 * @see MCRAccessInterface#addRule(String, String, org.jdom.Element, String)
070 */
071 public static void addRule(MCRObjectID id, String permission, org.jdom.Element rule, String description) throws MCRException {
072 getAccessImpl().addRule(id.getId(), permission, rule, description);
073 }
074
075 /**
076 * adds an access rule for an ID to an access system.
077 *
078 * @param id
079 * the ID of the object as String
080 * @param permission
081 * the access permission for the rule
082 * @param rule
083 * the access rule
084 * @param description
085 * description for the given access rule, e.g. "allows public access"
086 * @throws MCRException
087 * if an errow was occured
088 * @see MCRAccessInterface#addRule(String, String, org.jdom.Element, String)
089 */
090 public static void addRule(String id, String permission, org.jdom.Element rule, String description) throws MCRException {
091 getAccessImpl().addRule(id, permission, rule, description);
092 }
093
094 /**
095 * removes the <code>permission</code> rule for the MCRObjectID.
096 *
097 * @param id
098 * the MCRObjectID of an object
099 * @param permission
100 * the access permission for the rule
101 * @throws MCRException
102 * if an errow was occured
103 * @see MCRAccessInterface#removeRule(String, String)
104 */
105 public static void removeRule(MCRObjectID id, String permission) throws MCRException {
106 getAccessImpl().removeRule(id.getId(), permission);
107 }
108
109 /**
110 * removes the <code>permission</code> rule for the ID.
111 *
112 * @param id
113 * the ID of an object as String
114 * @param permission
115 * the access permission for the rule
116 * @throws MCRException
117 * if an errow was occured
118 * @see MCRAccessInterface#removeRule(String, String)
119 */
120 public static void removeRule(String id, String permission) throws MCRException {
121 getAccessImpl().removeRule(id, permission);
122 }
123
124 /**
125 * removes all rules for the MCRObjectID.
126 *
127 * @param id
128 * the MCRObjectID of an object
129 * @throws MCRException
130 * if an errow was occured
131 * @see MCRAccessInterface#removeRule(String)
132 */
133 public static void removeAllRules(MCRObjectID id) throws MCRException {
134 getAccessImpl().removeAllRules(id.getId());
135 }
136
137 /**
138 * updates an access rule for an MCRObjectID.
139 *
140 * @param id
141 * the MCRObjectID of the object
142 * @param permission
143 * the access permission for the rule
144 * @param rule
145 * the access rule
146 * @param description
147 * description for the given access rule, e.g. "allows public access"
148 * @throws MCRException
149 * if an errow was occured
150 * @see MCRAccessInterface#updateRule(String, String, Element, String)
151 */
152 public static void updateRule(MCRObjectID id, String permission, org.jdom.Element rule, String description) throws MCRException {
153 getAccessImpl().updateRule(id.getId(), permission, rule, description);
154 }
155
156 /**
157 * updates an access rule for an ID.
158 *
159 * @param id
160 * the ID of the object
161 * @param permission
162 * the access permission for the rule
163 * @param rule
164 * the access rule
165 * @param description
166 * description for the given access rule, e.g. "allows public access"
167 * @throws MCRException
168 * if an errow was occured
169 * @see MCRAccessInterface#updateRule(String, String, Element, String)
170 */
171 public static void updateRule(String id, String permission, org.jdom.Element rule, String description) throws MCRException {
172 getAccessImpl().updateRule(id, permission, rule, description);
173 }
174
175 /**
176 * determines whether the current user has the permission to perform a
177 * certain action.
178 *
179 * @param id
180 * the MCRObjectID of the object
181 * @param permission
182 * the access permission for the rule
183 * @return true if the access is allowed otherwise it return
184 * @see MCRAccessInterface#checkPermission(String, String)
185 */
186 public static boolean checkPermission(MCRObjectID id, String permission) {
187 return checkPermission(id.getId(), permission);
188 }
189
190 /**
191 * determines whether the current user has the permission to perform a
192 * certain action.
193 *
194 * @param id
195 * the MCRObjectID of the object
196 * @param permission
197 * the access permission for the rule
198 * @return true if the permission for the id is given
199 */
200 public static boolean checkPermission(String id, String permission) {
201 return ACCESS_STRATEGY.checkPermission(id, permission);
202 }
203
204 /**
205 * determines whether the current user has the permission to perform a
206 * certain action.
207 *
208 * @param permission
209 * the access permission for the rule
210 * @return true if the permission exist
211 */
212 public static boolean checkPermission(String permission) {
213 return getAccessImpl().checkPermission(permission);
214 }
215
216 /**
217 * checks whether the current user has the permission to read/see a derivate
218 * check is also against the mcrobject, the derivate belongs to
219 * both checks must return true <br />
220 * it is needed in MCRFileNodeServlet and MCRZipServlet
221 * @param derID
222 * String ID of a MyCoRe-Derivate
223 * @return true if the access is allowed otherwise it return false
224 */
225 public static boolean checkPermissionForReadingDerivate(String derID) {
226 // derID must be a derivate ID
227 boolean accessAllowed = false;
228 Collection<String> l = MCRLinkTableManager.instance().getSourceOf(derID, "derivate");
229 if (l != null && !l.isEmpty()) {
230 accessAllowed = checkPermission(l.iterator().next(), "read") && checkPermission(derID, "read");
231 } else {
232 accessAllowed = checkPermission(derID, "read");
233 Logger.getLogger("MCRAccessManager.class").warn("no mcrobject could be found for derivate: " + derID);
234 }
235 return accessAllowed;
236 }
237
238 /**
239 * lists all permissions defined for the <code>id</code>.
240 *
241 * @param id
242 * the ID of the object as String
243 * @return a <code>List</code> of all for <code>id</code> defined
244 * permissions
245 */
246 public static Collection<String> getPermissionsForID(String id) {
247 return getAccessImpl().getPermissionsForID(id);
248 }
249
250 /**
251 * lists all permissions defined for the <code>id</code>.
252 *
253 * @param id
254 * the MCRObjectID of the object
255 * @return a <code>List</code> of all for <code>id</code> defined
256 * permissions
257 */
258 public static Collection<String> getPermissionsForID(MCRObjectID id) {
259 return getAccessImpl().getPermissionsForID(id.getId());
260 }
261
262 /**
263 * return a rule, that allows something for everybody
264 *
265 * @return a rule, that allows something for everybody
266 */
267 public static Element getTrueRule() {
268 Element condition = new Element("condition");
269 condition.setAttribute("format", "xml");
270 Element booleanOp = new Element("boolean");
271 booleanOp.setAttribute("operator", "true");
272 condition.addContent(booleanOp);
273 return condition;
274 }
275
276 /**
277 * return a rule, that forbids something for all, but superuser
278 *
279 * @return a rule, that forbids something for all, but superuser
280 */
281 public static Element getFalseRule() {
282 Element condition = new Element("condition");
283 condition.setAttribute("format", "xml");
284 Element booleanOp = new Element("boolean");
285 booleanOp.setAttribute("operator", "false");
286 condition.addContent(booleanOp);
287 return condition;
288 }
289
290 /**
291 * return true if a rule for the id exist
292 *
293 * @param id
294 * the MCRObjectID of the object
295 * @param permission
296 * the access permission for the rule
297 */
298 public static boolean hasRule(String id, String permission) {
299 return ACCESS_IMPL.hasRule(id, permission);
300 }
301
302 }