protected Boolean isStyleAuth(
AuthorizationFacade facade, Id qualifier, Agent agent, String function) {
Style style = getStyleManager().getLightWeightStyle(qualifier);
if (style == null) {
return Boolean.valueOf(facade.isAuthorized(function, qualifier));
}
// owner can do anything
if (agent.equals(style.getOwner())) {
return Boolean.valueOf(true);
}
Id siteId = getIdManager().getId(style.getSiteId());
return Boolean.valueOf(facade.isAuthorized(function, siteId));
}
protected boolean checkPerms(AuthorizationFacade facade, String[] functions, Id qualifier) {
for (int i = 0; i < functions.length; i++) {
if (facade.isAuthorized(functions[i], qualifier)) {
return true;
}
}
return false;
}
private boolean canEvaluate(WizardPage page) {
boolean allowed = false;
CompletedWizard cw = wizardManager.getCompletedWizardByPage(page.getId());
allowed =
authzManager.isAuthorized(
(cw != null)
? WizardFunctionConstants.EVALUATE_SPECIFIC_WIZARDPAGE
: MatrixFunctionConstants.EVALUATE_SPECIFIC_MATRIXCELL,
page.getId());
return allowed;
}
public boolean allowRemoveTags(TaggableActivity activity) {
WizardPageDefinition pageDef = (WizardPageDefinition) activity.getObject();
// Try to get a wizard page sequence
WizardPageSequence ps = wizardManager.getWizardPageSeqByDef(pageDef.getId());
boolean authorized = false;
if (ps != null) {
Wizard wizard = ps.getCategory().getWizard();
/*
* If you own the wizard, or if you can delete wizards, or if you
* can revise wizards, then you are able to delete page definitions
* and can, therefore, remove tags.
*/
authorized =
sessionManager
.getCurrentSessionUserId()
.equalsIgnoreCase(wizard.getOwner().getId().getValue())
|| authzManager.isAuthorized(WizardFunctionConstants.EDIT_WIZARD, wizard.getId())
|| authzManager.isAuthorized(WizardFunctionConstants.DELETE_WIZARD, wizard.getId());
} else {
ScaffoldingCell cell = matrixManager.getScaffoldingCellByWizardPageDef(pageDef.getId());
/*
* If you can create or delete scaffolding, then you are able to
* delete scaffolding cells and can, therefore, remove tags.
*/
authorized =
authzManager.isAuthorized(
MatrixFunctionConstants.CREATE_SCAFFOLDING, cell.getScaffolding().getId())
|| authzManager.isAuthorized(
MatrixFunctionConstants.DELETE_SCAFFOLDING_ANY, cell.getScaffolding().getId())
|| (authzManager.isAuthorized(
MatrixFunctionConstants.DELETE_SCAFFOLDING_OWN, cell.getScaffolding().getId())
&& cell.getScaffolding()
.getOwner()
.getId()
.equals(getAuthnManager().getAgent().getId()));
}
return authorized;
}
public Boolean isAuthorized(AuthorizationFacade facade, Agent agent, String function, Id id) {
if (function.equals(StyleFunctionConstants.CREATE_STYLE)) {
return Boolean.valueOf(facade.isAuthorized(agent, function, id));
} else if (function.equals(StyleFunctionConstants.EDIT_STYLE)) {
return isStyleAuth(facade, id, agent, function);
} else if (function.equals(StyleFunctionConstants.PUBLISH_STYLE)) {
return isStyleAuth(facade, id, agent, function);
} else if (function.equals(StyleFunctionConstants.GLOBAL_PUBLISH_STYLE)) {
return isStyleAuth(facade, id, agent, function);
} else if (function.equals(StyleFunctionConstants.SUGGEST_GLOBAL_PUBLISH_STYLE)) {
return isStyleAuth(facade, id, agent, function);
} else if (function.equals(StyleFunctionConstants.DELETE_STYLE)) {
return isStyleAuth(facade, id, agent, function);
} else {
return null;
}
}
/* (non-Javadoc)
* @see org.theospi.portfolio.security.app.ApplicationAuthorizer#isAuthorized(org.theospi.portfolio.security.AuthorizationFacade, org.theospi.portfolio.shared.model.Agent, java.lang.String, org.theospi.portfolio.shared.model.Id)
*/
public Boolean isAuthorized(AuthorizationFacade facade, Agent agent, String function, Id id) {
logger.debug("isAuthorized?(...) invoked in MatrixAuthorizer");
if (MatrixFunctionConstants.EVALUATE_MATRIX.equals(function)
|| MatrixFunctionConstants.REVIEW_MATRIX.equals(function)
|| MatrixFunctionConstants.USE_SCAFFOLDING.equals(function)) {
return new Boolean(facade.isAuthorized(function, id));
} else if (MatrixFunctionConstants.DELETE_SCAFFOLDING.equals(function)) {
Scaffolding scaffolding = getMatrixManager().getScaffolding(id);
if (scaffolding == null) return new Boolean(facade.isAuthorized(agent, function, id));
if (!scaffolding.isPublished() && (scaffolding.getOwner().equals(agent))
|| facade.isAuthorized(agent, function, scaffolding.getWorksiteId()))
return new Boolean(true);
} else if (ContentHostingService.EVENT_RESOURCE_READ.equals(function)) {
return isFileAuth(facade, agent, id);
} else if (function.equals(MatrixFunctionConstants.CREATE_SCAFFOLDING)) {
return new Boolean(facade.isAuthorized(agent, function, id));
} else if (function.equals(MatrixFunctionConstants.EDIT_SCAFFOLDING)) {
return new Boolean(facade.isAuthorized(agent, function, id));
} else if (function.equals(MatrixFunctionConstants.EXPORT_SCAFFOLDING)) {
return new Boolean(facade.isAuthorized(agent, function, id));
} else if (function.equals(MatrixFunctionConstants.VIEW_SCAFFOLDING_GUIDANCE)) {
// If I can eval, review, or own it
ScaffoldingCell sCell = getMatrixManager().getScaffoldingCellByWizardPageDef(id);
// sCell.getWizardPageDefinition().get
if (sCell == null)
throw new NullPointerException(
"The cell was not found. Wizard Page Def for cell: " + id.getValue());
Boolean returned = null;
Id worksiteId = sCell.getScaffolding().getWorksiteId();
// first check global perms for the site
if (checkPerms(
facade,
new String[] {
MatrixFunctionConstants.USE_SCAFFOLDING,
MatrixFunctionConstants.EVALUATE_MATRIX,
MatrixFunctionConstants.REVIEW_MATRIX
},
worksiteId)) {
return Boolean.valueOf(true);
}
for (Iterator iter = sCell.getCells().iterator(); iter.hasNext(); ) {
Cell cell = (Cell) iter.next();
if (checkPerms(
facade,
new String[] {
MatrixFunctionConstants.EVALUATE_MATRIX, MatrixFunctionConstants.REVIEW_MATRIX
},
cell.getId())) {
return Boolean.valueOf(true);
}
}
returned = Boolean.valueOf(sCell.getScaffolding().getOwner().equals(agent));
if (returned.booleanValue()) return returned;
} else if (function.equals(MatrixFunctionConstants.EDIT_SCAFFOLDING_GUIDANCE)) {
ScaffoldingCell sCell = getMatrixManager().getScaffoldingCellByWizardPageDef(id);
Agent owner = null;
if (sCell != null) {
owner = sCell.getScaffolding().getOwner();
}
return new Boolean(agent.equals(owner));
} else if (function.equals(MatrixFunctionConstants.EVALUATE_SPECIFIC_MATRIXCELL)) {
WizardPage page = getMatrixManager().getWizardPage(id);
Id siteId = idManager.getId(page.getPageDefinition().getSiteId());
// make sure that the target site gets tested
facade.pushAuthzGroups(siteId.getValue());
return new Boolean(
facade.isAuthorized(agent, MatrixFunctionConstants.EVALUATE_MATRIX, siteId));
}
return null; // don't care
}
protected Boolean isCellAuthForEval(AuthorizationFacade facade, Agent agent, Id cellId) {
return new Boolean(facade.isAuthorized(agent, MatrixFunctionConstants.EVALUATE_MATRIX, cellId));
}
public Object get(Object key) {
if (super.get(key) == null) {
super.put(key, new Boolean(authzFacade.isAuthorized(prefix + key.toString(), qualifier)));
}
return super.get(key);
}
