role.java

来自「数据仓库展示程序」· Java 代码 · 共 474 行 · 第 1/2 页

/*
// $Id: //open/mondrian/src/main/mondrian/olap/Role.java#10 $
// This software is subject to the terms of the Common Public License
// Agreement, available at the following URL:
// http://www.opensource.org/licenses/cpl.html.
// Copyright 2002-2005 (C) Kana Software, Inc. and others.
// All Rights Reserved.
// You must accept the terms of that agreement to use this software.
//
// jhyde, Oct 5, 2002
*/

package mondrian.olap;

import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;

/**
 * A <code>Role</code> is a collection of access rights to cubes, permissions,
 * and so forth.
 *
 * <p>At present, the only way to create a role is programmatically. You then
 * add appropriate permissions, and associate the role with a connection.
 * Queries executed for the duration of the connection will b.
 *
 * <p>Mondrian does not have any notion of a 'user'. It is the client
 * application's responsibility to create a role appropriate for the user who
 * is establishing the connection.
 *
 * @testcase {@link mondrian.test.AccessControlTest}
 *
 * @author jhyde
 * @since Oct 5, 2002
 * @version $Id: //open/mondrian/src/main/mondrian/olap/Role.java#10 $
 **/
public class Role {
    private boolean mutable = true;
    /** Maps {@link Schema} to {@link Integer},
     * {@link Cube} to {@link Integer},
     * {@link Dimension} to {@link Integer},
     * {@link Hierarchy} to {@link HierarchyAccess}. */
    private Map grants = new HashMap();
    private static Integer integers[] = {
        new Integer(0),
        new Integer(1),
        new Integer(2),
        new Integer(3),
        new Integer(4),
    };

    /**
     * Creates a role with no permissions.
     */
    public Role() {}

    protected Object clone() {
        Role role = new Role();
        role.mutable = mutable;
        role.grants.putAll(grants);
        for (Iterator iter = grants.values().iterator(); iter.hasNext();) {
            Object value = iter.next();
            if (value instanceof HierarchyAccess) {
                final HierarchyAccess hierarchyAccess = (HierarchyAccess) value;
                role.grants.put(hierarchyAccess.hierarchy, hierarchyAccess.clone());
            }
        }
        return role;
    }

    /**
     * Returns a copy of this <code>Role</code> which can be modified.
     */
    public Role makeMutableClone() {
        Role role = (Role) clone();
        role.mutable = true;
        return role;
    }

    /**
     * Prevents any further modifications.
     * @post !isMutable()
     */
    public void makeImmutable() {
        mutable = false;
    }
    /**
     * Returns whether modifications are possible.
     */
    public boolean isMutable() {
        return mutable;
    }
    /**
     * Defines access to all cubes and dimensions in a schema.
     *
     * @param schema Schema whose access to grant/deny.
     * @param access An {@link Access access code}
     *
     * @pre schema != null
     * @pre access == Access.ALL || access == Access.NONE || access == Access.ALL_DIMENSIONS
     * @pre isMutable()
     */
    public void grant(Schema schema, int access) {
        Util.assertPrecondition(schema != null, "schema != null");
        Util.assertPrecondition(access == Access.ALL || access == Access.NONE || access == Access.ALL_DIMENSIONS, "access == Access.ALL || access == Access.NONE");
        Util.assertPrecondition(isMutable(), "isMutable()");
        grants.put(schema, toInteger(access));
    }

    private static Integer toInteger(int access) {
        return integers[access];
    }

    /**
     * Returns the access this role has to a given schema.
     *
     * @pre schema != null
     * @post return == Access.ALL || return == Access.NONE || return == Access.ALL_DIMENSIONS
     */
    public int getAccess(Schema schema) {
        Util.assertPrecondition(schema != null, "schema != null");
        return toAccess((Integer) grants.get(schema));
    }

    private static int toAccess(Integer i) {
        return i == null ? Access.NONE : i.intValue();
    }

    /**
     * Defines access to a cube.
     *
     * @param cube Cube whose access to grant/deny.
     * @param access An {@link Access access code}
     *
     * @pre cube != null
     * @pre access == Access.ALL || access == Access.NONE
     * @pre isMutable()
     */
    public void grant(Cube cube, int access) {
        Util.assertPrecondition(cube != null, "cube != null");
        Util.assertPrecondition(access == Access.ALL || access == Access.NONE, "access == Access.ALL || access == Access.NONE");
        Util.assertPrecondition(isMutable(), "isMutable()");
        grants.put(cube, toInteger(access));
    }

    /**
     * Returns the access this role has to a given cube.
     *
     * @pre cube != null
     * @post return == Access.ALL || return == Access.NONE
     */
    public int getAccess(Cube cube) {
        Util.assertPrecondition(cube != null, "cube != null");
        Integer access = (Integer) grants.get(cube);
        if (access == null) {
            access = (Integer) grants.get(cube.getSchema());
        }
        return toAccess(access);
    }

    /**
     * Represents the access that a role has to a particular hierarchy.
     */
    public static class HierarchyAccess {
        private final Hierarchy hierarchy;
        private final Level topLevel;
        private final int access;
        private final Level bottomLevel;
        private final Map memberGrants = new HashMap();

        /**
         * Creates a <code>HierarchyAccess</code>
         *
         * @pre Access.instance().isValid(access)
         */
        HierarchyAccess(Hierarchy hierarchy,
                        int access,
                        Level topLevel,
                        Level bottomLevel) {
            this.hierarchy = hierarchy;
            this.access = access;
            this.topLevel = topLevel;
            this.bottomLevel = bottomLevel;
            Util.assertPrecondition(Access.instance().isValid(access));
        }

        public Object clone() {
            HierarchyAccess hierarchyAccess = new HierarchyAccess(
                    hierarchy, access, topLevel, bottomLevel);
            hierarchyAccess.memberGrants.putAll(memberGrants);
            return hierarchyAccess;
        }

        void grant(Member member, int access) {
            Util.assertTrue(member.getHierarchy() == hierarchy);
            // Remove any existing grants to descendants of "member"
            for (Iterator membersIter = memberGrants.keySet().iterator();
                 membersIter.hasNext();) {
                Member m = (Member) membersIter.next();
                if (m.isChildOrEqualTo(member)) {
                    membersIter.remove();
                }
            }
            memberGrants.put(member, toInteger(access));
        }

        public int getAccess(Member member) {
            int access = this.access;
            if (access == Access.CUSTOM) {
                access = Access.NONE;
                if (topLevel != null &&
                        member.getLevel().getDepth() < topLevel.getDepth()) {
                    // no access
                } else if (bottomLevel != null &&
                        member.getLevel().getDepth() > bottomLevel.getDepth()) {
                    // no access
                } else {
                    for (Iterator membersIter = memberGrants.keySet().iterator(); membersIter.hasNext();) {
                        Member m = (Member) membersIter.next();
                        final int memberAccess = toAccess((Integer) memberGrants.get(m));
                        if (member.isChildOrEqualTo(m)) {
                            // A member has access if it has been granted access,
                            // or if any of its ancestors have.
                            access = Math.max(access, memberAccess);
                        } else if (m.isChildOrEqualTo(member) &&
                                memberAccess != Access.NONE) {
                            // A member has CUSTOM access if any of its descendants
                            // has access.
                            access = Math.max(access, Access.CUSTOM);
                        }
                    }
                }
            }
            return access;
        }