Source code

001/*
002 * (C) Copyright 2006-2008 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     bstefanescu
018 *
019 * $Id$
020 */
021
022package org.nuxeo.ecm.webengine.security;
023
024import java.text.ParseException;
025import java.util.Map;
026import java.util.concurrent.ConcurrentHashMap;
027import java.util.concurrent.ConcurrentMap;
028
029import org.nuxeo.ecm.webengine.security.PostfixExpression.Token;
030import org.nuxeo.ecm.webengine.security.guards.And;
031import org.nuxeo.ecm.webengine.security.guards.FacetGuard;
032import org.nuxeo.ecm.webengine.security.guards.GroupGuard;
033import org.nuxeo.ecm.webengine.security.guards.IsAdministratorGuard;
034import org.nuxeo.ecm.webengine.security.guards.Not;
035import org.nuxeo.ecm.webengine.security.guards.Or;
036import org.nuxeo.ecm.webengine.security.guards.PermissionGuard;
037import org.nuxeo.ecm.webengine.security.guards.SchemaGuard;
038import org.nuxeo.ecm.webengine.security.guards.TypeGuard;
039import org.nuxeo.ecm.webengine.security.guards.UserGuard;
040
041/**
042 * @author <a href="mailto:bs@nuxeo.com">Bogdan Stefanescu</a>
043 */
044public class PermissionService implements PostfixExpression.Visitor {
045
046    private static final PermissionService instance = new PermissionService();
047
048    protected final ConcurrentMap<String, Guard> guards; // global guards
049
050    public static PermissionService getInstance() {
051        return instance;
052    }
053
054    protected PermissionService() {
055        guards = new ConcurrentHashMap<>();
056    }
057
058    public void registerGuard(String name, Guard guard) {
059        guards.put(name, guard);
060    }
061
062    public Guard unregisterGuard(String name) {
063        return guards.remove(name);
064    }
065
066    public Guard getGuard(String name) {
067        return guards.get(name);
068    }
069
070    public static Guard parse(String expr) throws ParseException {
071        return (Guard) new PostfixExpression(expr).visit(instance);
072    }
073
074    public Guard parse(String expr, final Map<String, Guard> localGuards) throws ParseException {
075        PostfixExpression.Visitor visitor = new PostfixExpression.Visitor() {
076            @Override
077            public Object createOperation(Token token, Object lparam, Object rparam) {
078                return PermissionService.this.createOperation(token, lparam, rparam);
079            }
080
081            @Override
082            public Object createParameter(Token token) {
083                Guard guard = localGuards.get(token.name);
084                if (guard == null) { // assume a built-in permission name
085                    return PermissionService.this.createParameter(token);
086                }
087                return guard;
088            }
089        };
090        return (Guard) new PostfixExpression(expr).visit(visitor);
091    }
092
093    @Override
094    public Object createOperation(Token token, Object lparam, Object rparam) {
095        switch (token.type) {
096        case PostfixExpression.AND:
097            return new And((Guard) lparam, (Guard) rparam);
098        case PostfixExpression.OR:
099            return new Or((Guard) lparam, (Guard) rparam);
100        case PostfixExpression.NOT:
101            return new Not((Guard) lparam);
102        }
103        throw new IllegalStateException("Supported ops are: AND, OR and NOT");
104    }
105
106    @Override
107    public Object createParameter(Token token) {
108        String name = token.name;
109        int p = name.indexOf('=');
110        if (p > -1) {
111            String key = name.substring(0, p).trim();
112            String value = name.substring(p + 1).trim();
113            if ("user".equals(key)) {
114                return new UserGuard(value);
115            } else if ("group".equals(key)) {
116                return new GroupGuard(value);
117            } else if ("isAdministrator".equals(key)) {
118                return new IsAdministratorGuard(value);
119            } else if ("type".equals(key)) {
120                return new TypeGuard(value);
121            } else if ("facet".equals(key)) {
122                return new FacetGuard(value);
123            } else if ("schema".equals(key)) {
124                return new SchemaGuard(value);
125            } else if ("permission".equals(key)) {
126                return new PermissionGuard(value);
127            }
128            throw new IllegalArgumentException("Invalid argument: " + name);
129        } else {
130            Guard guard = guards.get(token.name);
131            if (guard == null) { // assume a built-in permission name
132                guard = new PermissionGuard(token.name);
133            }
134            return guard;
135        }
136    }
137
138}