View Javadoc
1   package com.randomnoun.common.security;
2   
3   /* (c) 2013 randomnoun. All Rights Reserved. This work is licensed under a
4    * BSD Simplified License. (http://www.randomnoun.com/bsd-simplified.html)
5    */
6   
7   import java.io.*;
8   
9   import com.randomnoun.common.security.ResourceCriteria;
10  import com.randomnoun.common.security.User;
11  
12  /**
13   * A class encapsulating permission information. A 'permission' allows a user (or role)
14   * to perform an 'activity' on a 'resource'. Roles, activities and resources are
15   * all specified as Strings, a user is specified by a User object (identified by
16   * username and customerId).
17   * 
18   * <p>A resource may also have a criteria supplied; e.g. a user may have a view/account
19   * permission, but only accounts with a certain monetary value.
20   *
21   * <p>Two constructors are provided, one for users and one for roles. Note that there
22   * are no 'setter' methods in this class; permissions may only be altered through
23   * creating new ones.
24   * 
25   * @author knoxg
26   */
27  public class Permission implements Serializable
28  {
29       
30      /** generated serialVersionUID */
31  	private static final long serialVersionUID = -3718647050573844606L;
32  
33  	/** The role for this permission. A permission may apply to a role or a user but not both. */
34      private String role;
35  
36      /** The user for this permission. A permission may apply to a role or a user but not both. */
37      private User user;
38  
39      /** The activity for this permission. */
40      private String activity;
41  
42      /** The resource for this permission. */
43      private String resource;
44  
45      /** The resourceCriteria for this permission. */
46      private ResourceCriteria resourceCriteria;
47  
48      /** Create a new role-based permission.
49       *
50       * @param role  the name of this role this permission applies to
51       * @param activity  the name of the activity we are permitting
52       * @param resource  the resource we are permitting access to
53       * @param resourceCriteria   a criteria which limits the types of resources that this
54       *   permission applies to
55       */
56      public Permission(String role, String activity, String resource,
57          ResourceCriteria resourceCriteria)
58      {
59          if (role==null) { throw new NullPointerException("null role"); }
60          if (activity==null) { throw new NullPointerException("null activity"); }
61          if (resource==null) { throw new NullPointerException("null resource"); }
62  
63          this.role = role;
64          this.user = null;
65          this.activity = activity;
66          this.resource = resource;
67          this.resourceCriteria = resourceCriteria;
68      }
69  
70      /** Create a new role-based permission.
71       *
72       * @param user  the user this permission applies to
73       * @param activity  the name of the activity we are permitting
74       * @param resource  the resource we are permitting access to
75       * @param resourceCriteria   a criteria which limits the types of resources that this
76       *   permission applies to
77       */
78      public Permission(User user, String activity, String resource,
79          ResourceCriteria resourceCriteria)
80      {
81          if (user==null) { throw new NullPointerException("null user"); }
82          if (activity==null) { throw new NullPointerException("null activity"); }
83          if (resource==null) { throw new NullPointerException("null resource"); }
84          
85          this.user = user;
86          this.role = null;
87          this.activity = activity;
88          this.resource = resource;
89          this.resourceCriteria = resourceCriteria;
90      }
91      
92  	/** Create a permission that is not assigned to either a user or role
93  	 * 
94  	 * @param activity the name of the activity we are permitting
95  	 * @param resource the resource we are permitting acess to
96  	 */
97      public Permission(String activity, String resource) {
98  		if (activity==null) { throw new NullPointerException("null activity"); }
99  		if (resource==null) { throw new NullPointerException("null resource"); }
100 		this.activity = activity;
101 		this.resource = resource;
102     }
103     
104     /** Create a permission that is not assigned to either a user or role
105 	 * 
106 	 * @param permission a permission in 'activity.resource' format
107 	 */
108     public Permission(String permission) {
109 		if (permission==null) { throw new NullPointerException("null permission"); }
110 		int pos = permission.indexOf('.');
111 		if (pos==-1) { throw new IllegalArgumentException("permission must be in 'activity.resource' format"); }
112 		this.activity = permission.substring(0,pos);
113 		this.resource = permission.substring(pos+1);
114     }
115     
116     /** Create a permission that is not assigned to either a user or role, with a resource criteria
117 	 * 
118 	 * @param permission a permission in 'activity.resource' format
119 	 */
120     public Permission(String permission, ResourceCriteria resourceCriteria) {
121 		if (permission==null) { throw new NullPointerException("null permission"); }
122 		int pos = permission.indexOf('.');
123 		if (pos==-1) { throw new IllegalArgumentException("permission must be in 'activity.resource' format"); }
124 		this.activity = permission.substring(0,pos);
125 		this.resource = permission.substring(pos+1);
126 		this.resourceCriteria = resourceCriteria;
127     }
128     
129 
130     /** Returns true if this permission is user-based (as opposed to role-based).
131      *
132      * @return true if this permission is user-based (as opposed to role-based)
133      * 
134      * @throws IllegalStateException if this permission is not assigned to a user or role
135      */
136     boolean isUserPermission()
137     {
138     	if (user!=null) { 
139     		return true;
140     	} else if (role!=null) {
141     		return false;
142     	} else {
143     		throw new IllegalStateException("Permission is not assigned to user or role");
144     	}
145     }
146 
147     /** Returns true if this permission is role-based (as opposed to user-based).
148      *
149      * @return true if this permission is role-based (as opposed to user-based)
150      * 
151      * @throws IllegalStateException if this permission is not assigned to a user or role
152      */
153     boolean isRolePermission()
154     {
155 		if (role!=null) { 
156 			return true;
157 		} else if (user!=null) {
158 			return false;
159 		} else {
160 			throw new IllegalStateException("Permission is not assigned to user or role");
161 		}
162     }
163 
164     /** Returns the role this permission applies to, or null if it is a user-based role.
165      *
166      * @return the role this permission applies to, or null if it is a user-based role
167      */
168     public String getRole()
169     {
170         return role;
171     }
172 
173     /** Returns the user this permission applies to, or null if it is a user-based role.
174      *
175      * @return the user this permission applies to, or null if it is a user-based role
176      */
177     public User getUser()
178     {
179         return user;
180     }
181 
182     /** Returns the activity this permission applies to.
183      *
184      * @return the activity this permission applies to
185      */
186     public String getActivity()
187     {
188         return activity;
189     }
190 
191     /** Returns the resource this permission applies to.
192      *
193      * @return the resource this permission applies to
194      */
195     public String getResource()
196     {
197         return resource;
198     }
199 
200     /** Returns the resourceCriteria that applies to this permission.
201      *
202      * @return the resourceCriteria that applies to this permission
203      */
204     public ResourceCriteria getResourceCriteria()
205     {
206         return resourceCriteria;
207     }
208 }