View Javadoc
1   /*
2    * Copyright 2009 The Kuali Foundation.
3    * 
4    * Licensed under the Educational Community License, Version 1.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    * http://www.opensource.org/licenses/ecl1.php
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.ole.sec.service.impl;
17  
18  import java.util.Map;
19  
20  import org.apache.commons.lang.StringUtils;
21  import org.kuali.ole.sec.SecConstants;
22  import org.kuali.ole.sec.service.AccessPermissionEvaluator;
23  import org.kuali.rice.kim.api.identity.Person;
24  
25  
26  /**
27   * @see org.kuali.ole.sec.service.AccessPermissionEvaluator
28   */
29  public class AccessPermissionEvaluatorImpl implements AccessPermissionEvaluator {
30      private static final org.apache.log4j.Logger LOG = org.apache.log4j.Logger.getLogger(AccessPermissionEvaluatorImpl.class);
31  
32      protected String constraintCode;
33      protected String operatorCode;
34      protected String propertyValue;
35      protected Map<String, Object> otherKeyFieldValues;
36      protected Person person;
37      protected String[] matchValues;
38      protected boolean performEqualMatch;
39      protected boolean performLessThanMatch;
40      protected boolean performGreaterThanMatch;
41      protected boolean allowConstraint;
42      protected boolean notOperator;
43  
44      public AccessPermissionEvaluatorImpl() {
45          super();
46  
47          performEqualMatch = false;
48          performLessThanMatch = false;
49          performGreaterThanMatch = false;
50          allowConstraint = false;
51          notOperator = false;
52      }
53  
54      /**
55       * @see org.kuali.ole.sec.service.AccessPermissionEvaluator#valueIsAllowed(java.lang.String)
56       */
57      public boolean valueIsAllowed(String value) {
58          boolean allowed = false;
59  
60          initializeAfterPropsSet();
61  
62          boolean match = false;
63          for (int i = 0; i < matchValues.length; i++) {
64              String matchValue = matchValues[i];
65  
66              if (isMatch(matchValue, value)) {
67                  match = true;
68                  break;
69              }
70          }
71  
72          if ((allowConstraint && notOperator) || (!allowConstraint && !notOperator)) {
73              allowed = !match;
74          }
75          else {
76              allowed = match;
77          }
78  
79          return allowed;
80      }
81  
82      /**
83       * Determines whether two values match performing an equal, greater than, or less than check and also considering wildcards
84       * 
85       * @param matchValue String value to match, can contain the * wildcard
86       * @param value String value to compare
87       * @return boolean true if values match, false otherwise
88       */
89      protected boolean isMatch(String matchValue, String value) {
90          boolean match = false;
91  
92          boolean performWildcardMatch = false;
93          if (StringUtils.contains(matchValue, SecConstants.SecurityValueSpecialCharacters.WILDCARD_CHARACTER)) {
94              matchValue = StringUtils.remove(matchValue, SecConstants.SecurityValueSpecialCharacters.WILDCARD_CHARACTER);
95              performWildcardMatch = true;
96          }
97  
98          if (performEqualMatch) {
99              if (performWildcardMatch) {
100                 match = value.startsWith(matchValue);
101             }
102             else {
103                 match = value.equals(matchValue);
104             }
105         }
106 
107         if (!match && performLessThanMatch) {
108             match = value.compareTo(matchValue) < 0;
109         }
110 
111         if (!match && performGreaterThanMatch) {
112             match = value.compareTo(matchValue) > 0;
113         }
114 
115         return match;
116     }
117 
118     /**
119      * Hooks for permission evaluators to do additional setup after properties have been set
120      */
121     protected void initializeAfterPropsSet() {
122         if (StringUtils.contains(constraintCode, SecConstants.SecurityConstraintCodes.ALLOWED)) {
123             allowConstraint = true;
124         }
125 
126         if (SecConstants.SecurityDefinitionOperatorCodes.EQUAL.equals(operatorCode) || SecConstants.SecurityDefinitionOperatorCodes.NOT_EQUAL.equals(operatorCode) || SecConstants.SecurityDefinitionOperatorCodes.LESS_THAN_EQUAL.equals(operatorCode)
127                 || SecConstants.SecurityDefinitionOperatorCodes.GREATER_THAN_EQUAL.equals(operatorCode)) {
128             performEqualMatch = true;
129         }
130 
131         if (SecConstants.SecurityDefinitionOperatorCodes.LESS_THAN.equals(operatorCode) || SecConstants.SecurityDefinitionOperatorCodes.LESS_THAN_EQUAL.equals(operatorCode)) {
132             performLessThanMatch = true;
133         }
134 
135         if (SecConstants.SecurityDefinitionOperatorCodes.GREATER_THAN.equals(operatorCode) || SecConstants.SecurityDefinitionOperatorCodes.GREATER_THAN_EQUAL.equals(operatorCode)) {
136             performGreaterThanMatch = true;
137         }
138         
139         if (SecConstants.SecurityDefinitionOperatorCodes.NOT_EQUAL.equals(operatorCode)) {
140             notOperator = true;
141         }
142 
143         setMatchValues();
144     }
145 
146     /**
147      * Sets the values to match on based on given value and other properties
148      */
149     protected void setMatchValues() {
150         if (StringUtils.contains(propertyValue, SecConstants.SecurityValueSpecialCharacters.MULTI_VALUE_SEPERATION_CHARACTER)) {
151             matchValues = StringUtils.split(propertyValue, SecConstants.SecurityValueSpecialCharacters.MULTI_VALUE_SEPERATION_CHARACTER);
152         }
153         else {
154             matchValues = new String[1];
155             matchValues[0] = propertyValue;
156         }
157     }
158 
159     /**
160      * @see org.kuali.ole.sec.service.AccessPermissionEvaluator#setConstraintCode(java.lang.String)
161      */
162     public void setConstraintCode(String constraintCode) {
163         this.constraintCode = constraintCode;
164     }
165 
166     /**
167      * @see org.kuali.ole.sec.service.AccessPermissionEvaluator#setOperatorCode(java.lang.String)
168      */
169     public void setOperatorCode(String operatorCode) {
170         this.operatorCode = operatorCode;
171     }
172 
173     /**
174      * @see org.kuali.ole.sec.service.AccessPermissionEvaluator#setPropertyValue(java.lang.String)
175      */
176     public void setPropertyValue(String propertyValue) {
177         this.propertyValue = propertyValue;
178     }
179 
180     /**
181      * @see org.kuali.ole.sec.service.AccessPermissionEvaluator#setOtherKeyFieldValueMap(java.util.Map)
182      */
183     public void setOtherKeyFieldValueMap(Map<String, Object> otherKeyFieldValues) {
184         this.otherKeyFieldValues = otherKeyFieldValues;
185     }
186 
187     /**
188      * @see org.kuali.ole.sec.service.AccessPermissionEvaluator#setPerson(org.kuali.rice.kim.api.identity.Person)
189      */
190     public void setPerson(Person person) {
191         this.person = person;
192     }
193 
194 }