View Javadoc
1   /**
2    * This file Copyright (c) 2011-2014 Magnolia International
3    * Ltd.  (http://www.magnolia-cms.com). All rights reserved.
4    *
5    *
6    * This file is dual-licensed under both the Magnolia
7    * Network Agreement and the GNU General Public License.
8    * You may elect to use one or the other of these licenses.
9    *
10   * This file is distributed in the hope that it will be
11   * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12   * implied warranty of MERCHANTABILITY or FITNESS FOR A
13   * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14   * Redistribution, except as permitted by whichever of the GPL
15   * or MNA you select, is prohibited.
16   *
17   * 1. For the GPL license (GPL), you can redistribute and/or
18   * modify this file under the terms of the GNU General
19   * Public License, Version 3, as published by the Free Software
20   * Foundation.  You should have received a copy of the GNU
21   * General Public License, Version 3 along with this program;
22   * if not, write to the Free Software Foundation, Inc., 51
23   * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24   *
25   * 2. For the Magnolia Network Agreement (MNA), this file
26   * and the accompanying materials are made available under the
27   * terms of the MNA which accompanies this distribution, and
28   * is available at http://www.magnolia-cms.com/mna.html
29   *
30   * Any modifications to this file must keep this entire header
31   * intact.
32   *
33   */
34  package info.magnolia.module.admininterface.pages;
35  
36  import info.magnolia.cms.i18n.Messages;
37  import info.magnolia.cms.i18n.MessagesManager;
38  import info.magnolia.cms.security.Group;
39  import info.magnolia.cms.security.Permission;
40  import info.magnolia.cms.security.Security;
41  import info.magnolia.cms.security.User;
42  import info.magnolia.cms.security.auth.ACL;
43  import info.magnolia.cms.util.AlertUtil;
44  import info.magnolia.module.admininterface.TemplatedMVCHandler;
45  
46  import java.util.ArrayList;
47  import java.util.Collection;
48  import java.util.Hashtable;
49  import java.util.Iterator;
50  import java.util.Map;
51  
52  import javax.servlet.http.HttpServletRequest;
53  import javax.servlet.http.HttpServletResponse;
54  
55  import org.apache.commons.lang.StringEscapeUtils;
56  import org.slf4j.Logger;
57  import org.slf4j.LoggerFactory;
58  
59  /**
60   * Tools for simple show of all groups, roles or permissions assigned to user.
61   *
62   * @version $Id$
63   */
64  public class PermissionPage extends TemplatedMVCHandler {
65  
66      public static Logger log = LoggerFactory.getLogger(PermissionPage.class);
67  
68      private static final String VIEW_ERROR = "error";
69  
70      private String mgnlUser;
71      private String mgnlGroup;
72      private Boolean mgnlACLs = false;
73      private final Collection<String> permissionList = new ArrayList<String>();
74      private boolean createPermissionList;
75  
76      private static Map<Long, String> mapNamePermissionURL = new Hashtable<Long, String>();
77      private static Map<Long, String> mapNamePermissionForum = new Hashtable<Long, String>();
78      private static Map<Long, String> mapNamePermission = new Hashtable<Long, String>();
79  
80      static {
81          mapNamePermission.put(Long.valueOf(0), "roles.permission.deny");
82          mapNamePermission.put(Long.valueOf(Permission.READ), "roles.permission.readOnly");
83          mapNamePermission.put(Long.valueOf(Permission.ALL), "roles.permission.readWrite");
84          mapNamePermissionURL.put(Long.valueOf(0), "roles.permission.deny");
85          mapNamePermissionURL.put(Long.valueOf(Permission.READ), "roles.permission.get");
86          mapNamePermissionURL.put(Long.valueOf(Permission.ALL), "roles.permission.getAndPost");
87  
88          mapNamePermissionForum.put(Long.valueOf(0), "roles.permission.deny");
89          mapNamePermissionForum.put(Long.valueOf(Permission.READ), "roles.permission.readOnly");
90          mapNamePermissionForum.put(Long.valueOf(Permission.WRITE), "roles.permission.post");
91          mapNamePermissionForum.put(Long.valueOf(75), "roles.permission.moderate");
92          mapNamePermissionForum.put(Long.valueOf(79), "roles.permission.moderateAndDelete");
93          mapNamePermissionForum.put(Long.valueOf(111), "roles.permission.admin");
94      }
95  
96      /**
97       * Getter for <code>mgnlUser</code>.
98       * @return Returns the mgnlUser.
99       */
100     public String getMgnlUser() {
101         return this.mgnlUser;
102     }
103 
104     /**
105      * Setter for <code>mgnlUser</code>.
106      * @param mgnlUser The mgnlUser to set.
107      */
108     public void setMgnlUser(String mgnlUser) {
109         this.mgnlUser = mgnlUser;
110     }
111 
112     /**
113      * Getter for <code>mgnlGroup</code>.
114      * @return Returns the mgnlGroup.
115      */
116     public String getMgnlGroup() {
117         return mgnlGroup;
118     }
119 
120     /**
121      * Setter for <code>mgnlGroup</code>.
122      * @param mgnlGroup The mgnlGroup to set.
123      */
124     public void setMgnlGroup(String mgnlGroup) {
125         this.mgnlGroup = mgnlGroup;
126     }
127 
128     /**
129      * Getter for <code>mgnlACLs</code>.
130      * @return Returns the mgnlACLs.
131      */
132     public Boolean isMgnlACLs() {
133         return mgnlACLs;
134     }
135 
136     /**
137      * Setter for <code>mgnlACLs</code>.
138      * @param mgnlACLs The mgnlACLs to set.
139      */
140     public void setMgnlACLs(Boolean mgnlACLs) {
141         this.mgnlACLs = mgnlACLs;
142     }
143 
144     /**
145      * Getter for <code>permissionList</code>.
146      * @return Returns the permissionList.
147      */
148     public Collection<String> getPermissionList() {
149         return permissionList;
150     }
151 
152     /**
153      * Getter for <code>createPermissionList</code>.
154      * @return Returns the createPermissionList.
155      */
156     public boolean isCreatePermissionList() {
157         return this.createPermissionList;
158     }
159 
160     /**
161      * Setter for <code>createPermissionList</code>.
162      * @param createPermissionList The createPermissionList to set.
163      */
164     public void setCreatePermissionList(boolean createPermissionList) {
165         this.createPermissionList = createPermissionList;
166     }
167 
168     /**
169      * @param name
170      * @param request
171      * @param response
172      */
173     public PermissionPage(String name, HttpServletRequest request, HttpServletResponse response) {
174         super(name, request, response);
175     }
176 
177     /**
178      * Creation of permission list as such.
179      * @throws Exception
180      */
181     public String createpermissionlist() throws Exception {
182         Iterator<String> iterGroups;
183         Iterator<String> iterRoles;
184 
185         if(!mgnlUser.isEmpty()){
186             User user = Security.getUserManager().getUser(mgnlUser);
187             if(user != null){
188                 permissionList.add("<h3> " + getMessages().get("permissionlist.user", new String[]{mgnlUser}) + "</h3>");
189                 iterGroups = user.getGroups().iterator();
190                 iterRoles = user.getRoles().iterator();
191             }else{
192                 log.error("User " + mgnlUser + " doesn't exist");
193                 AlertUtil.setMessage(getMessages().get("permissionlist.user.error", new String[]{StringEscapeUtils.escapeHtml(mgnlUser)}));
194                 return VIEW_ERROR;
195             }
196         }else if(!mgnlGroup.isEmpty()){
197             Group group = Security.getGroupManager().getGroup(mgnlGroup);
198             if(group != null){
199                 permissionList.add("<h3> " + getMessages().get("permissionlist.group", new String[]{mgnlGroup}) + "</h3>");
200                 iterGroups = group.getGroups().iterator();
201                 iterRoles = group.getRoles().iterator();
202             }else{
203                 log.error("Group " + mgnlGroup + " doesn't exist");
204                 AlertUtil.setMessage(getMessages().get("permissionlist.group.error", new String[]{StringEscapeUtils.escapeHtml(mgnlGroup)}));
205                 return VIEW_ERROR;
206             }
207         }else{
208             log.error("Enter the name of the user or group");
209             AlertUtil.setMessage(getMessages().get("permissionlist.notselected"));
210             return VIEW_ERROR;
211         }
212 
213         if(iterGroups.hasNext() || iterRoles.hasNext()){
214             permissionList.add("<ul>");
215             getGroupRole(iterGroups);
216             getRole(iterRoles);
217             permissionList.add("</ul>");
218         }
219 
220         return this.show();
221     }
222 
223     /**
224      * Finding and adding subgroups to permission list.
225      * @throws Exception
226      */
227     private void getGroupRole(Iterator<String> iterGroup) throws Exception {
228         while(iterGroup.hasNext()){
229             Group group = Security.getGroupManager().getGroup(iterGroup.next());
230             permissionList.add("<li> " + getMessages().get("permissionlist.group", new String[]{group.getName()}) + "</li>");
231 
232             Iterator<String> iterSubGroups = group.getGroups().iterator();
233             Iterator<String> iterRoles = group.getRoles().iterator();
234             if(iterSubGroups.hasNext() || iterRoles.hasNext()){
235                 permissionList.add("<ul>");
236                 getGroupRole(iterSubGroups);
237                 getRole(iterRoles);
238                 permissionList.add("</ul>");
239             }
240         }
241     }
242 
243     /**
244      * Finding and adding roles to permission list.
245      * @throws Exception
246      */
247     private void getRole(Iterator<String> iterRoles) {
248         while(iterRoles.hasNext()){
249             String role = Security.getRoleManager().getRole(iterRoles.next()).getName();
250             permissionList.add("<li> " + getMessages().get("permissionlist.role", new String[]{role}) + "</li>");
251             if(mgnlACLs){
252                 getPermission(role);
253             }
254         }
255     }
256 
257     /**
258      * Finding and adding permissions to permission list.
259      * @throws Exception
260      */
261     private void getPermission(String role){
262         Iterator<ACL> iterPermission = Security.getRoleManager().getACLs(role).values().iterator();
263         permissionList.add("<ul>");
264         while(iterPermission.hasNext()){
265             ACL acl = iterPermission.next();
266             if(!acl.getList().isEmpty()){
267                 for (Permission permission : acl.getList()) {
268                     String repoName = acl.getName();
269                     String message = getMessages().get("permissionlist.permission", new String[]{getPermissionAsName(repoName, permission), repoName, permission.getPattern().getPatternString()});
270                     permissionList.add("<li>" + message + "</li>");
271                 }
272             }
273         }
274         permissionList.add("</ul>");
275     }
276 
277     /**
278      * Mapping permission to name.
279      * @throws Exception
280      */
281     public String getPermissionAsName(String repoName, Permission permission) {
282         String msgName;
283         String msgModule = "info.magnolia.module.admininterface.messages";
284         if(repoName.equalsIgnoreCase("uri")){
285             msgName = mapNamePermissionURL.get(Long.valueOf(permission.getPermissions()));
286         }else if(repoName.equalsIgnoreCase("forum")){
287             msgName = mapNamePermissionForum.get(Long.valueOf(permission.getPermissions()));
288             msgModule = "info.magnolia.module.forum.messages";
289         }else{
290             msgName = mapNamePermission.get(Long.valueOf(permission.getPermissions()));
291         }
292         if(msgName == null){
293             return ("(" + permission.getPermissions() + ") unknown ");
294         }
295 
296         return MessagesManager.getMessages(msgModule).get(msgName);
297     }
298 
299     public Messages getMessages() {
300         return MessagesManager.getMessages();
301     }
302 }