Source code

001/*
002 * Licensed to DuraSpace under one or more contributor license agreements.
003 * See the NOTICE file distributed with this work for additional information
004 * regarding copyright ownership.
005 *
006 * DuraSpace licenses this file to you under the Apache License,
007 * Version 2.0 (the "License"); you may not use this file except in
008 * compliance with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.fcrepo.auth.integration;
019
020import java.security.Principal;
021
022import javax.jcr.Session;
023
024import org.fcrepo.auth.common.FedoraAuthorizationDelegate;
025import org.modeshape.jcr.value.Path;
026import org.slf4j.Logger;
027import org.slf4j.LoggerFactory;
028
029/**
030 * @author Gregory Jansen
031 */
032public class PermitRootAndPathEndsWithPermitSuffixFAD implements
033        FedoraAuthorizationDelegate {
034
035    Logger logger = LoggerFactory
036            .getLogger(PermitRootAndPathEndsWithPermitSuffixFAD.class);
037
038    /**
039     * The security principal for every request.
040     */
041    private static final Principal EVERYONE = new Principal() {
042
043        @Override
044        public String getName() {
045            return "EVERYONE";
046        }
047
048        @Override
049        public String toString() {
050            return getName();
051        }
052
053    };
054
055    /*
056     * (non-Javadoc)
057     * @see
058     * org.fcrepo.auth.FedoraPolicyEnforcementPoint#hasModeShapePermission(org
059     * .modeshape.jcr.value.Path, java.lang.String[], java.util.Set,
060     * java.security.Principal)
061     */
062    @Override
063    public boolean hasPermission(final Session session, final Path absPath, final String[] actions) {
064        // allow operations at the root, for test convenience
065        if (absPath.isRoot()) {
066            return true;
067        }
068
069        // allow anywhere the path ends with "permit"
070        if (absPath.getLastSegment().getName().getLocalName()
071                .toLowerCase().endsWith("permit")) {
072            return true;
073        }
074
075        // allow anywhere the last path segment is "jcr:content"
076        if (absPath.getLastSegment().getName().getLocalName().toLowerCase()
077                .equals("content")) {
078            return true;
079        }
080
081        // allow properties to be set under parent nodes that end with "permit"
082        if (actions.length == 1 && "set_property".equals(actions[0])) {
083            return absPath.getParent().getLastSegment().getName()
084                    .getLocalName().toLowerCase().endsWith("permit");
085        }
086
087        // due to the fact that versioning creates version nodes under the
088        // created node, for the test implementation we should allow actions
089        // on nodes whose parents end with "permit".
090        return (!absPath.getParent().isRoot() && absPath.getParent()
091                .getLastSegment().getName().getLocalName().toLowerCase()
092                .endsWith("permit"));
093
094    }
095
096    @Override
097    public Principal getEveryonePrincipal() {
098        return EVERYONE;
099    }
100
101}