/**
* Removes a group role's access to a specific action.
*
* @param action Action to remove access from.
* @param group The group whose access we are revoking.
* @param role The role whose access we are revoking.
* @return boolean Whether or not the access existed and was removed.
*/
public boolean revokeGroupRoleAccess(String action, String group, String role) {
if (allowsSpecificGroupRole(action, group, role)) {
SecurityAccess access = getAccess(action);
List allows = access.getAllows();
if (allows == null || allows.isEmpty()) {
revokeAccess(action);
return false;
}
for (int i = 0; i < allows.size(); i++) {
BaseSecurityAllow allow = (BaseSecurityAllow) allows.get(i);
if (allow.getGroup() != null
&& allow.getGroup().equals(group)
&& allow.getRole() != null
&& allow.getRole().equals(role)) {
allows.remove(i);
if (allows.isEmpty() && access.getOwnerAllows().isEmpty()) {
revokeAccess(action);
}
return true;
}
}
}
return false;
}
/**
* Checks whether a role is specifically allowed to access the request action This method ignores
* the "*" action and is here to play a maintenance role.
*
* @param String action name of action to check
* @param String role name of role to verify access for
* @return boolean whether or not the <code>role</code> has access to this specific action.
*/
public boolean allowsSpecificUser(String action, String user) {
BaseSecurityAccess access = (BaseSecurityAccess) getAccess(action);
if (access.getAllAllows() != null) {
Iterator allAllows = access.getAllows().iterator();
while (allAllows.hasNext()) {
BaseSecurityAllow allow = (BaseSecurityAllow) allAllows.next();
if (allow.getUser() != null && allow.getUser().equals(user)) {
return true;
}
}
}
return false;
}
/**
* Grants access for a specific action to a specific user for this SecurityEntry. This grants
* specific access ignores "*" action, if it exists.
*
* @param String action The action we are granting access to.
* @param String user The user that will receive access to this action.
* @return boolean Whether or not the access was granted. Basically, a <code>false</code> means
* that this role already has specific access.
*/
public boolean grantUserAccess(String action, String user) {
if (!allowsSpecificUser(action, user)) {
SecurityAccess access = getAccess(action);
List allows = access.getAllows();
if (allows == null) {
allows = new Vector();
}
BaseSecurityAllow allow = new BaseSecurityAllow();
allow.setUser(user);
allows.add(allow);
buildAccessMap();
return true;
}
return false;
}
/**
* Grants access for a specific action to a specific group for this SecurityEntry. This grants
* specific access ignores "*" action, if it exists.
*
* @param String action The action we are granting access to.
* @param String group The group that will receive access to this action.
* @return boolean Whether or not the access was granted. Basically, a <code>false</code> means
* that this group already has specific access.
*/
public boolean grantGroupAccess(String action, String group) {
if (!allowsSpecificGroup(action, role)) {
SecurityAccess access = getAccess(action);
List allows = access.getAllows();
if (allows == null) {
allows = new Vector();
}
BaseSecurityAllow allow = new BaseSecurityAllow();
allow.setGroup(group);
allows.add(allow);
buildAccessMap();
return true;
}
return false;
}
/**
* Removes a user's access to a specific action.
*
* @param action Action to remove access from.
* @param role The role whose access we are revoking.
* @return boolean Whehter or not the access existed and was removed.
*/
public boolean revokeUserAccess(String action, String user) {
if (allowsSpecificUser(action, user)) {
SecurityAccess access = getAccess(action);
List allows = access.getAllows();
if (allows == null || allows.isEmpty()) {
revokeAccess(action);
return false;
}
for (int i = 0; i < allows.size(); i++) {
BaseSecurityAllow allow = (BaseSecurityAllow) allows.get(i);
if (allow.getUser() != null && allow.getUser().equals(user)) {
allows.remove(i);
if (allows.isEmpty() && access.getOwnerAllows().isEmpty()) {
revokeAccess(action);
}
return true;
}
}
}
return false;
}
