001 package org.tynamo.security.components;
002
003 import org.apache.tapestry5.Block;
004 import org.apache.tapestry5.annotations.Parameter;
005 import org.apache.tapestry5.ioc.annotations.Inject;
006 import org.tynamo.security.services.SecurityService;
007
008
009 /**
010 * @see SecurityService#hasAnyPermissions(String)
011 */
012 public class IfGranted
013 {
014
015 //~ Instance fields ----------------------------------------------------------------------------
016
017 /**
018 * Security service for doing our lookups
019 */
020 @Inject
021 private SecurityService securityService;
022
023 /**
024 * Must have all of these permissions, separated by a |
025 */
026 @Parameter(
027 required = false,
028 defaultPrefix = "literal"
029 )
030 private String allPermissions;
031
032 /**
033 * Can have any of these permissions, separated by |
034 */
035 @Parameter(
036 required = false,
037 defaultPrefix = "literal"
038 )
039 private String anyPermissions;
040
041 /**
042 * Must have all of these roles, separated by , or |
043 */
044 @Parameter(
045 required = false,
046 defaultPrefix = "literal"
047 )
048 private String allRoles;
049
050 /**
051 * Can hav any of these roles, separated by , or |
052 */
053 @Parameter(
054 required = false,
055 defaultPrefix = "literal"
056 )
057 private String anyRoles;
058
059 /**
060 * Optional parameter to invert the test. If true, then the body is rendered when the test
061 * parameter is false (not true).
062 */
063 @Parameter
064 private boolean negate;
065
066 /**
067 * An alternate {@link Block} to render if the test parameter is false. The default, null, means
068 * render nothing in that situation.
069 */
070 @Parameter(name = "else")
071 private Block elseBlock;
072
073 /**
074 * DOCUMENT ME!
075 */
076 private boolean test; // result of our security check.
077
078 //~ Methods ------------------------------------------------------------------------------------
079
080 /**
081 * True is the default. return true if all non-null expressions are satisfied.
082 *
083 * @return DOCUMENT ME!
084 */
085 private boolean doCheck()
086 {
087 boolean check = true;
088
089 if ((null != allPermissions) && !allPermissions.isEmpty())
090 {
091
092 if (!securityService.hasAllPermissions(allPermissions))
093 {
094 return false;
095 }
096 }
097
098 if ((null != anyPermissions) && !anyPermissions.isEmpty())
099 {
100
101 if (!securityService.hasAnyPermissions(anyPermissions))
102 {
103 return false;
104 }
105 }
106
107 if ((null != allRoles) && !allRoles.isEmpty())
108 {
109
110 if (!securityService.hasAllRoles(allRoles))
111 {
112 return false;
113 }
114 }
115
116 if ((null != anyRoles) && !anyRoles.isEmpty())
117 {
118
119 if (!securityService.hasAnyRoles(anyRoles))
120 {
121 return false;
122 }
123 }
124
125 return check;
126 }
127
128 /**
129 * DOCUMENT ME!
130 */
131 void setupRender()
132 {
133 test = doCheck();
134 }
135
136 /**
137 * Returns null if the test method returns true, which allows normal rendering (of the body). If
138 * the test parameter is false, returns the else parameter (this may also be null).
139 *
140 * @return DOCUMENT ME!
141 */
142 Object beginRender()
143 {
144 return (test != negate) ? null : elseBlock;
145 }
146
147 /**
148 * If the test method returns true, then the body is rendered, otherwise not. The component does
149 * not have a template or do any other rendering besides its body.
150 *
151 * @return DOCUMENT ME!
152 */
153 boolean beforeRenderBody()
154 {
155 return test != negate;
156 }
157 } // end class IfGranted