wisemapping-open-source/wise-webapp/src/main/java/com/wisemapping/security/aop/BaseSecurityAdvice.java

/*
*    Copyright [2011] [wisemapping]
*
*   Licensed under WiseMapping Public License, Version 1.0 (the "License").
*   It is basically the Apache License, Version 2.0 (the "License") plus the
*   "powered by wisemapping" text requirement on every single page;
*   you may not use this file except in compliance with the License.
*   You may obtain a copy of the license at
*
*       http://www.wisemapping.org/license
*
*   Unless required by applicable law or agreed to in writing, software
*   distributed under the License is distributed on an "AS IS" BASIS,
*   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
*   See the License for the specific language governing permissions and
*   limitations under the License.
*/

package com.wisemapping.security.aop;

import com.wisemapping.model.MindMap;
import com.wisemapping.model.User;
import com.wisemapping.exceptions.AccessDeniedSecurityException;
import com.wisemapping.exceptions.UnexpectedArgumentException;
import com.wisemapping.security.Utils;
import com.wisemapping.service.MindmapService;
import org.aopalliance.intercept.MethodInvocation;

public abstract class BaseSecurityAdvice {
    private MindmapService mindmapService = null;

    public void checkRole(MethodInvocation methodInvocation) throws UnexpectedArgumentException,AccessDeniedSecurityException
    {
        final User user = Utils.getUser();

        final Object argument = methodInvocation.getArguments()[0];

        boolean isAllowed;

        if (argument instanceof MindMap)
        {
            isAllowed = isAllowed(user,(MindMap)  argument);
        }
        else if (argument instanceof Integer)
        {
            isAllowed = isAllowed(user, ((Integer)argument));
        }
        else
        {
            throw new UnexpectedArgumentException("Argument " +argument);
        }

        if (!isAllowed)
        {
            throw new AccessDeniedSecurityException("User not allowed to invoke:" + methodInvocation);
        }
    }

    protected abstract boolean isAllowed(User user, MindMap map);
    protected abstract boolean isAllowed(User user, int mapId);

    protected MindmapService getMindmapService()
    {
        return mindmapService;
    }

    public void setMindmapService(MindmapService service)
    {
        this.mindmapService = service;
    }
}
Fixing license text in every file and adding the powered by requirement 2011-01-23 20:34:05 -03:00			`/*`
			`* Copyright [2011] [wisemapping]`
			`*`
Fixing license text in every file 2011-01-23 21:03:12 -03:00			`* Licensed under WiseMapping Public License, Version 1.0 (the "License").`
			`* It is basically the Apache License, Version 2.0 (the "License") plus the`
Fixing license text in every file and adding the powered by requirement 2011-01-23 20:34:05 -03:00			`* "powered by wisemapping" text requirement on every single page;`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the license at`
			`*`
			`* http://www.wisemapping.org/license`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`*/`

WiseMapping 2009-06-07 18:59:43 +00:00			`package com.wisemapping.security.aop;`

			`import com.wisemapping.model.MindMap;`
			`import com.wisemapping.model.User;`
			`import com.wisemapping.exceptions.AccessDeniedSecurityException;`
			`import com.wisemapping.exceptions.UnexpectedArgumentException;`
			`import com.wisemapping.security.Utils;`
			`import com.wisemapping.service.MindmapService;`
			`import org.aopalliance.intercept.MethodInvocation;`

			`public abstract class BaseSecurityAdvice {`
			`private MindmapService mindmapService = null;`

			`public void checkRole(MethodInvocation methodInvocation) throws UnexpectedArgumentException,AccessDeniedSecurityException`
			`{`
			`final User user = Utils.getUser();`

			`final Object argument = methodInvocation.getArguments()[0];`

			`boolean isAllowed;`

			`if (argument instanceof MindMap)`
			`{`
			`isAllowed = isAllowed(user,(MindMap) argument);`
			`}`
			`else if (argument instanceof Integer)`
			`{`
			`isAllowed = isAllowed(user, ((Integer)argument));`
			`}`
			`else`
			`{`
			`throw new UnexpectedArgumentException("Argument " +argument);`
			`}`

			`if (!isAllowed)`
			`{`
			`throw new AccessDeniedSecurityException("User not allowed to invoke:" + methodInvocation);`
			`}`
			`}`

			`protected abstract boolean isAllowed(User user, MindMap map);`
			`protected abstract boolean isAllowed(User user, int mapId);`

			`protected MindmapService getMindmapService()`
			`{`
			`return mindmapService;`
			`}`

			`public void setMindmapService(MindmapService service)`
			`{`
			`this.mindmapService = service;`
			`}`
			`}`