2011-01-23 20:34:05 -03:00
|
|
|
/*
|
|
|
|
|
* Copyright [2011] [wisemapping]
|
|
|
|
|
*
|
2011-01-23 21:03:12 -03:00
|
|
|
* Licensed under WiseMapping Public License, Version 1.0 (the "License").
|
|
|
|
|
* It is basically the Apache License, Version 2.0 (the "License") plus the
|
2011-01-23 20:34:05 -03:00
|
|
|
* "powered by wisemapping" text requirement on every single page;
|
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
|
* You may obtain a copy of the license at
|
|
|
|
|
*
|
|
|
|
|
* http://www.wisemapping.org/license
|
|
|
|
|
*
|
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
|
* limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
2009-06-07 18:59:43 +00:00
|
|
|
package com.wisemapping.security.aop;
|
|
|
|
|
|
2012-06-17 19:16:39 -03:00
|
|
|
import com.wisemapping.model.Collaborator;
|
2009-06-07 18:59:43 +00:00
|
|
|
import com.wisemapping.model.MindMap;
|
|
|
|
|
import com.wisemapping.model.User;
|
|
|
|
|
import com.wisemapping.exceptions.AccessDeniedSecurityException;
|
|
|
|
|
import com.wisemapping.exceptions.UnexpectedArgumentException;
|
|
|
|
|
import com.wisemapping.security.Utils;
|
|
|
|
|
import com.wisemapping.service.MindmapService;
|
|
|
|
|
import org.aopalliance.intercept.MethodInvocation;
|
2012-06-13 23:04:29 -03:00
|
|
|
import org.jetbrains.annotations.NotNull;
|
|
|
|
|
import org.jetbrains.annotations.Nullable;
|
2009-06-07 18:59:43 +00:00
|
|
|
|
|
|
|
|
public abstract class BaseSecurityAdvice {
|
|
|
|
|
private MindmapService mindmapService = null;
|
|
|
|
|
|
2012-04-02 14:11:28 -03:00
|
|
|
public void checkRole(MethodInvocation methodInvocation) throws UnexpectedArgumentException, AccessDeniedSecurityException {
|
2009-06-07 18:59:43 +00:00
|
|
|
final User user = Utils.getUser();
|
|
|
|
|
final Object argument = methodInvocation.getArguments()[0];
|
|
|
|
|
boolean isAllowed;
|
|
|
|
|
|
2012-04-02 14:11:28 -03:00
|
|
|
if (argument instanceof MindMap) {
|
|
|
|
|
isAllowed = isAllowed(user, (MindMap) argument);
|
|
|
|
|
} else if (argument instanceof Integer) {
|
|
|
|
|
isAllowed = isAllowed(user, ((Integer) argument));
|
2012-06-17 19:16:39 -03:00
|
|
|
} else if (argument instanceof Collaborator) {
|
|
|
|
|
// Read operation find on the user are allowed ...
|
|
|
|
|
isAllowed = user.equals(argument);
|
2012-04-02 14:11:28 -03:00
|
|
|
} else {
|
|
|
|
|
throw new UnexpectedArgumentException("Argument " + argument);
|
2009-06-07 18:59:43 +00:00
|
|
|
}
|
|
|
|
|
|
2012-04-02 14:11:28 -03:00
|
|
|
if (!isAllowed) {
|
2012-04-05 00:01:51 -03:00
|
|
|
throw new AccessDeniedSecurityException("User '" + (user != null ? user.getEmail() : "none") + "' not allowed to invoke:" + methodInvocation);
|
2009-06-07 18:59:43 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-06-13 23:04:29 -03:00
|
|
|
protected abstract boolean isAllowed(@Nullable User user, MindMap map);
|
2012-04-02 14:11:28 -03:00
|
|
|
|
2012-06-13 23:04:29 -03:00
|
|
|
protected abstract boolean isAllowed(@Nullable User user, int mapId);
|
2009-06-07 18:59:43 +00:00
|
|
|
|
2012-04-02 14:11:28 -03:00
|
|
|
protected MindmapService getMindmapService() {
|
2009-06-07 18:59:43 +00:00
|
|
|
return mindmapService;
|
|
|
|
|
}
|
|
|
|
|
|
2012-04-02 14:11:28 -03:00
|
|
|
public void setMindmapService(MindmapService service) {
|
2009-06-07 18:59:43 +00:00
|
|
|
this.mindmapService = service;
|
|
|
|
|
}
|
|
|
|
|
}
|
