protected Boolean isStyleAuth(
     AuthorizationFacade facade, Id qualifier, Agent agent, String function) {
   Style style = getStyleManager().getLightWeightStyle(qualifier);
   if (style == null) {
     return Boolean.valueOf(facade.isAuthorized(function, qualifier));
   }
   // owner can do anything
   if (agent.equals(style.getOwner())) {
     return Boolean.valueOf(true);
   }
   Id siteId = getIdManager().getId(style.getSiteId());
   return Boolean.valueOf(facade.isAuthorized(function, siteId));
 }
 protected boolean checkPerms(AuthorizationFacade facade, String[] functions, Id qualifier) {
   for (int i = 0; i < functions.length; i++) {
     if (facade.isAuthorized(functions[i], qualifier)) {
       return true;
     }
   }
   return false;
 }
 private boolean canEvaluate(WizardPage page) {
   boolean allowed = false;
   CompletedWizard cw = wizardManager.getCompletedWizardByPage(page.getId());
   allowed =
       authzManager.isAuthorized(
           (cw != null)
               ? WizardFunctionConstants.EVALUATE_SPECIFIC_WIZARDPAGE
               : MatrixFunctionConstants.EVALUATE_SPECIFIC_MATRIXCELL,
           page.getId());
   return allowed;
 }
 public boolean allowRemoveTags(TaggableActivity activity) {
   WizardPageDefinition pageDef = (WizardPageDefinition) activity.getObject();
   // Try to get a wizard page sequence
   WizardPageSequence ps = wizardManager.getWizardPageSeqByDef(pageDef.getId());
   boolean authorized = false;
   if (ps != null) {
     Wizard wizard = ps.getCategory().getWizard();
     /*
      * If you own the wizard, or if you can delete wizards, or if you
      * can revise wizards, then you are able to delete page definitions
      * and can, therefore, remove tags.
      */
     authorized =
         sessionManager
                 .getCurrentSessionUserId()
                 .equalsIgnoreCase(wizard.getOwner().getId().getValue())
             || authzManager.isAuthorized(WizardFunctionConstants.EDIT_WIZARD, wizard.getId())
             || authzManager.isAuthorized(WizardFunctionConstants.DELETE_WIZARD, wizard.getId());
   } else {
     ScaffoldingCell cell = matrixManager.getScaffoldingCellByWizardPageDef(pageDef.getId());
     /*
      * If you can create or delete scaffolding, then you are able to
      * delete scaffolding cells and can, therefore, remove tags.
      */
     authorized =
         authzManager.isAuthorized(
                 MatrixFunctionConstants.CREATE_SCAFFOLDING, cell.getScaffolding().getId())
             || authzManager.isAuthorized(
                 MatrixFunctionConstants.DELETE_SCAFFOLDING_ANY, cell.getScaffolding().getId())
             || (authzManager.isAuthorized(
                     MatrixFunctionConstants.DELETE_SCAFFOLDING_OWN, cell.getScaffolding().getId())
                 && cell.getScaffolding()
                     .getOwner()
                     .getId()
                     .equals(getAuthnManager().getAgent().getId()));
   }
   return authorized;
 }
 public Boolean isAuthorized(AuthorizationFacade facade, Agent agent, String function, Id id) {
   if (function.equals(StyleFunctionConstants.CREATE_STYLE)) {
     return Boolean.valueOf(facade.isAuthorized(agent, function, id));
   } else if (function.equals(StyleFunctionConstants.EDIT_STYLE)) {
     return isStyleAuth(facade, id, agent, function);
   } else if (function.equals(StyleFunctionConstants.PUBLISH_STYLE)) {
     return isStyleAuth(facade, id, agent, function);
   } else if (function.equals(StyleFunctionConstants.GLOBAL_PUBLISH_STYLE)) {
     return isStyleAuth(facade, id, agent, function);
   } else if (function.equals(StyleFunctionConstants.SUGGEST_GLOBAL_PUBLISH_STYLE)) {
     return isStyleAuth(facade, id, agent, function);
   } else if (function.equals(StyleFunctionConstants.DELETE_STYLE)) {
     return isStyleAuth(facade, id, agent, function);
   } else {
     return null;
   }
 }
  /* (non-Javadoc)
   * @see org.theospi.portfolio.security.app.ApplicationAuthorizer#isAuthorized(org.theospi.portfolio.security.AuthorizationFacade, org.theospi.portfolio.shared.model.Agent, java.lang.String, org.theospi.portfolio.shared.model.Id)
   */
  public Boolean isAuthorized(AuthorizationFacade facade, Agent agent, String function, Id id) {
    logger.debug("isAuthorized?(...) invoked in MatrixAuthorizer");

    if (MatrixFunctionConstants.EVALUATE_MATRIX.equals(function)
        || MatrixFunctionConstants.REVIEW_MATRIX.equals(function)
        || MatrixFunctionConstants.USE_SCAFFOLDING.equals(function)) {
      return new Boolean(facade.isAuthorized(function, id));
    } else if (MatrixFunctionConstants.DELETE_SCAFFOLDING.equals(function)) {
      Scaffolding scaffolding = getMatrixManager().getScaffolding(id);
      if (scaffolding == null) return new Boolean(facade.isAuthorized(agent, function, id));

      if (!scaffolding.isPublished() && (scaffolding.getOwner().equals(agent))
          || facade.isAuthorized(agent, function, scaffolding.getWorksiteId()))
        return new Boolean(true);
    } else if (ContentHostingService.EVENT_RESOURCE_READ.equals(function)) {
      return isFileAuth(facade, agent, id);
    } else if (function.equals(MatrixFunctionConstants.CREATE_SCAFFOLDING)) {
      return new Boolean(facade.isAuthorized(agent, function, id));
    } else if (function.equals(MatrixFunctionConstants.EDIT_SCAFFOLDING)) {
      return new Boolean(facade.isAuthorized(agent, function, id));
    } else if (function.equals(MatrixFunctionConstants.EXPORT_SCAFFOLDING)) {
      return new Boolean(facade.isAuthorized(agent, function, id));
    } else if (function.equals(MatrixFunctionConstants.VIEW_SCAFFOLDING_GUIDANCE)) {
      // If I can eval, review, or own it
      ScaffoldingCell sCell = getMatrixManager().getScaffoldingCellByWizardPageDef(id);
      // sCell.getWizardPageDefinition().get

      if (sCell == null)
        throw new NullPointerException(
            "The cell was not found.  Wizard Page Def for cell: " + id.getValue());

      Boolean returned = null;

      Id worksiteId = sCell.getScaffolding().getWorksiteId();

      // first check global perms for the site
      if (checkPerms(
          facade,
          new String[] {
            MatrixFunctionConstants.USE_SCAFFOLDING,
            MatrixFunctionConstants.EVALUATE_MATRIX,
            MatrixFunctionConstants.REVIEW_MATRIX
          },
          worksiteId)) {
        return Boolean.valueOf(true);
      }

      for (Iterator iter = sCell.getCells().iterator(); iter.hasNext(); ) {
        Cell cell = (Cell) iter.next();
        if (checkPerms(
            facade,
            new String[] {
              MatrixFunctionConstants.EVALUATE_MATRIX, MatrixFunctionConstants.REVIEW_MATRIX
            },
            cell.getId())) {
          return Boolean.valueOf(true);
        }
      }
      returned = Boolean.valueOf(sCell.getScaffolding().getOwner().equals(agent));
      if (returned.booleanValue()) return returned;
    } else if (function.equals(MatrixFunctionConstants.EDIT_SCAFFOLDING_GUIDANCE)) {
      ScaffoldingCell sCell = getMatrixManager().getScaffoldingCellByWizardPageDef(id);
      Agent owner = null;
      if (sCell != null) {
        owner = sCell.getScaffolding().getOwner();
      }
      return new Boolean(agent.equals(owner));
    } else if (function.equals(MatrixFunctionConstants.EVALUATE_SPECIFIC_MATRIXCELL)) {
      WizardPage page = getMatrixManager().getWizardPage(id);
      Id siteId = idManager.getId(page.getPageDefinition().getSiteId());
      //       make sure that the target site gets tested

      facade.pushAuthzGroups(siteId.getValue());
      return new Boolean(
          facade.isAuthorized(agent, MatrixFunctionConstants.EVALUATE_MATRIX, siteId));
    }

    return null; // don't care
  }
 protected Boolean isCellAuthForEval(AuthorizationFacade facade, Agent agent, Id cellId) {
   return new Boolean(facade.isAuthorized(agent, MatrixFunctionConstants.EVALUATE_MATRIX, cellId));
 }
Beispiel #8
0
 public Object get(Object key) {
   if (super.get(key) == null) {
     super.put(key, new Boolean(authzFacade.isAuthorized(prefix + key.toString(), qualifier)));
   }
   return super.get(key);
 }