aclsservice.java

OPIAM stands for Open Identity and Access Management. This Suite will provide modules for user & rig

/*
 * OPIAM Suite
 *
 * Distributable under LGPL license.
 * See terms of license at gnu.org.
 */

package opiam.admin.faare.service.services.acl;

import opiam.admin.faare.MessageUtil;
import opiam.admin.faare.config.AclsConfig;
import opiam.admin.faare.config.javabeans.JBAcls;
import opiam.admin.faare.exception.ServiceException;
import opiam.admin.faare.persistence.javabeans.JBTop;
import opiam.admin.faare.service.UserContext;
import opiam.admin.faare.service.services.Service;
import opiam.admin.faare.service.services.StandardService;

import org.apache.log4j.Logger;

import java.io.File;
import java.io.FileInputStream;


/**
 * This service allows to define permissions to check before the realization of
 * the following operations of the basic services :<br>
 *  <li>object creation</li>
 *  <li>object modification,</li>
 *  <li>object deletion</li>
 *  <li>object visualisation</li>
 * <br>
 * The configuration of this service is defined in the acl_conf.xml file.<br>
 * This service is a service of low level, it not needs to be called directly
 * by the OPIAM-Admin application.<br>
 * It is used automatically by the standard service and the views service,
 * if it is defined in the service.properties file.<br>
 * The permissions to check are given by the Java class that implement the
 * AclPluginInterface interface.
 *
 */
public final class AclsService extends Service
{
    /** Utility class. */
    private AclsService()
    {
    }

    /** ACLs service configuration. */
    public static final String ACLS_XML_FILE = "/config/service/acl/acl_conf.xml";

    /** Instance of logger. */
    private static Logger _logger = Logger.getLogger(AclsService.class);

    /** Configured ACLs. */
    private static JBAcls _jbAcls = null;

    /** Instance of this service. */
    private static AclsService _instance = new AclsService();

    /**
     * Initialization method of the service called by the PropertiesManager.
     * The Acls object matches the ACLs defined in the acl_conf.xml file.
     * @param directory configuration directory or null if it is in the
     * CLASSPATH
     *
     * @throws ServiceException  if an error occurs.
     */
    public static void initialize(String directory) throws ServiceException
    {
        //DW/2655/BeginPatch
        //AclsService.setServiceEnabled(true);
        _instance.setServiceEnabled(true);
        //DW/2655/EndPatch

        try
        {
            if (directory == null)
            {
                _jbAcls = AclsConfig.getInstance().readConfig(AclsService.class.getResourceAsStream(
                            ACLS_XML_FILE));
            }
            else
            {
                File f = new File(directory + ACLS_XML_FILE);
                _jbAcls = AclsConfig.getInstance().readConfig(new FileInputStream(
                            f));
            }
        }
        catch (Exception e)
        {
            throw new ServiceException("PROBLEM");
        }

        _logger.info(ACLS_XML_FILE + " succesfully loaded");

        // initialize the plugin
        _jbAcls.getPlugin().initialize(_jbAcls);
        _logger.info(AclsService.class + " initialized");
    }

    //DW/2655/BeginPatch
    /**
     * This method indicates if the service is active or not.
     *
     * @return True if it is active, false otherwise.
     */
    public static boolean isServiceEnabled()
    {
        return _instance.serviceEnabled;
    }
    //DW/2655/EndPatch

     /**
     * This method is called to verify if the given object in argument can be
     * viewed by the user which the context is given in argument.
     * The given object is an LDAP Directory entry.
     *
     * @param entry  The object to view.
     * @param userContext Context of the user.
     *
     * @return True if the visualisation is allowed, false otherwise.
     *
     * @throws ServiceException  if an error occurs.
     */
    public static boolean isVisualisationEnabled(JBTop entry,
        UserContext userContext) throws ServiceException
    {
        if (!AclsService.isServiceEnabled())
        {
            _logger.debug(MessageUtil.formatMessage("MSG_SERVICE_NOT_ENABLED",
                    "AclsService"));

            return true;
        }

        return _jbAcls.getPlugin().isVisualisationEnabled(entry, userContext);
    }

    /**
     * This method is called to verify if the given object in argument can be
     * created by the user which the context is given in argument.
     * The given object is an LDAP Directory entry.
     *
     * @param entry  The object to create.
     * @param userContext  Context of the user.
     *
     * @return True if the creation is allowed, false otherwise.
     *
     * @throws ServiceException  if an error occurs.
     */
    public static boolean isCreationEnabled(JBTop entry, UserContext userContext)
        throws ServiceException
    {
        if (!AclsService.isServiceEnabled())
        {
            _logger.debug(MessageUtil.formatMessage("MSG_SERVICE_NOT_ENABLED",
                    "AclsService"));

            return true;
        }

        return _jbAcls.getPlugin().isCreationEnabled(entry, userContext);
    }

    /**
     * This method is called to verify if the given object in argument can be
     * deleted by the user which the context is given in argument.
     * The given object is an LDAP Directory entry.
     *
     * @param entry  The object to delete.
     * @param userContext  Context of the user.
     *
     * @return true if the deletion is allowed, false otherwise.
     *
     * @throws ServiceException  if an error occurs.
     */
    public static boolean isDeletionEnabled(JBTop entry, UserContext userContext)
        throws ServiceException
    {
        if (!AclsService.isServiceEnabled())
        {
            _logger.debug(MessageUtil.formatMessage("MSG_SERVICE_NOT_ENABLED",
                    "AclsService"));

            return true;
        }

        return _jbAcls.getPlugin().isDeletionEnabled(entry, userContext);
    }

    /**
     * This method is called to verify if the given object in argument can be
     * modified by the user which the context is given in argument.
     * The given object is an LDAP Directory entry.
     *
     * @param entry  The object to modify.
     * @param userContext  Context of the user.
     *
     * @return True if the modification is allowed, false otherwise.
     *
     * @throws ServiceException  if an error occurs.
     */
    public static boolean isModificationEnabled(JBTop entry,
        UserContext userContext) throws ServiceException
    {
        if (!AclsService.isServiceEnabled())
        {
            _logger.debug(MessageUtil.formatMessage("MSG_SERVICE_NOT_ENABLED",
                    "AclsService"));

            return true;
        }

        //DW/2652/BeginPatch/
        //JBTop oldEntry = StandardService.load(entry.getDn(), userContext);
        JBTop oldEntry;
        JBTop cacheEntry = (JBTop) userContext.getCache().get(entry.getDn());
        if (cacheEntry == entry)
        { // entr閑 non clon閑
            oldEntry = StandardService.load(entry.getDn(), userContext);
        }
        else
        { // entr閑 clon閑
            oldEntry = cacheEntry;
        }
        //DW/2652/EndPatch/

        return _jbAcls.getPlugin().isModificationEnabled(oldEntry, entry,
            userContext);
    }
}