001/* 002 * (C) Copyright 2006-2008 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * bstefanescu 018 * 019 * $Id$ 020 */ 021 022package org.nuxeo.ecm.webengine.security; 023 024import java.text.ParseException; 025import java.util.Map; 026import java.util.concurrent.ConcurrentHashMap; 027import java.util.concurrent.ConcurrentMap; 028 029import org.nuxeo.ecm.webengine.security.PostfixExpression.Token; 030import org.nuxeo.ecm.webengine.security.guards.And; 031import org.nuxeo.ecm.webengine.security.guards.FacetGuard; 032import org.nuxeo.ecm.webengine.security.guards.GroupGuard; 033import org.nuxeo.ecm.webengine.security.guards.IsAdministratorGuard; 034import org.nuxeo.ecm.webengine.security.guards.Not; 035import org.nuxeo.ecm.webengine.security.guards.Or; 036import org.nuxeo.ecm.webengine.security.guards.PermissionGuard; 037import org.nuxeo.ecm.webengine.security.guards.SchemaGuard; 038import org.nuxeo.ecm.webengine.security.guards.TypeGuard; 039import org.nuxeo.ecm.webengine.security.guards.UserGuard; 040 041/** 042 * @author <a href="mailto:bs@nuxeo.com">Bogdan Stefanescu</a> 043 */ 044public class PermissionService implements PostfixExpression.Visitor { 045 046 private static final PermissionService instance = new PermissionService(); 047 048 protected final ConcurrentMap<String, Guard> guards; // global guards 049 050 public static PermissionService getInstance() { 051 return instance; 052 } 053 054 protected PermissionService() { 055 guards = new ConcurrentHashMap<>(); 056 } 057 058 public void registerGuard(String name, Guard guard) { 059 guards.put(name, guard); 060 } 061 062 public Guard unregisterGuard(String name) { 063 return guards.remove(name); 064 } 065 066 public Guard getGuard(String name) { 067 return guards.get(name); 068 } 069 070 public static Guard parse(String expr) throws ParseException { 071 return (Guard) new PostfixExpression(expr).visit(instance); 072 } 073 074 public Guard parse(String expr, final Map<String, Guard> localGuards) throws ParseException { 075 PostfixExpression.Visitor visitor = new PostfixExpression.Visitor() { 076 @Override 077 public Object createOperation(Token token, Object lparam, Object rparam) { 078 return PermissionService.this.createOperation(token, lparam, rparam); 079 } 080 081 @Override 082 public Object createParameter(Token token) { 083 Guard guard = localGuards.get(token.name); 084 if (guard == null) { // assume a built-in permission name 085 return PermissionService.this.createParameter(token); 086 } 087 return guard; 088 } 089 }; 090 return (Guard) new PostfixExpression(expr).visit(visitor); 091 } 092 093 @Override 094 public Object createOperation(Token token, Object lparam, Object rparam) { 095 switch (token.type) { 096 case PostfixExpression.AND: 097 return new And((Guard) lparam, (Guard) rparam); 098 case PostfixExpression.OR: 099 return new Or((Guard) lparam, (Guard) rparam); 100 case PostfixExpression.NOT: 101 return new Not((Guard) lparam); 102 } 103 throw new IllegalStateException("Supported ops are: AND, OR and NOT"); 104 } 105 106 @Override 107 public Object createParameter(Token token) { 108 String name = token.name; 109 int p = name.indexOf('='); 110 if (p > -1) { 111 String key = name.substring(0, p).trim(); 112 String value = name.substring(p + 1).trim(); 113 if ("user".equals(key)) { 114 return new UserGuard(value); 115 } else if ("group".equals(key)) { 116 return new GroupGuard(value); 117 } else if ("isAdministrator".equals(key)) { 118 return new IsAdministratorGuard(value); 119 } else if ("type".equals(key)) { 120 return new TypeGuard(value); 121 } else if ("facet".equals(key)) { 122 return new FacetGuard(value); 123 } else if ("schema".equals(key)) { 124 return new SchemaGuard(value); 125 } else if ("permission".equals(key)) { 126 return new PermissionGuard(value); 127 } 128 throw new IllegalArgumentException("Invalid argument: " + name); 129 } else { 130 Guard guard = guards.get(token.name); 131 if (guard == null) { // assume a built-in permission name 132 guard = new PermissionGuard(token.name); 133 } 134 return guard; 135 } 136 } 137 138}