1package org.apache.archiva.redback.authorization.rbac.evaluator;
23/*4 * Licensed to the Apache Software Foundation (ASF) under one5 * or more contributor license agreements. See the NOTICE file6 * distributed with this work for additional information7 * regarding copyright ownership. The ASF licenses this file8 * to you under the Apache License, Version 2.0 (the9 * "License"); you may not use this file except in compliance10 * with the License. You may obtain a copy of the License at11 *12 * http://www.apache.org/licenses/LICENSE-2.013 *14 * Unless required by applicable law or agreed to in writing,15 * software distributed under the License is distributed on an16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY17 * KIND, either express or implied. See the License for the18 * specific language governing permissions and limitations19 * under the License.20 */2122import org.apache.archiva.redback.rbac.Resource;
23import org.apache.archiva.redback.users.UserManager;
24import org.apache.archiva.redback.users.UserManagerException;
25import org.apache.archiva.redback.users.UserNotFoundException;
26import org.apache.archiva.redback.rbac.Permission;
27import org.springframework.stereotype.Service;
2829import javax.inject.Inject;
30import javax.inject.Named;
3132/**33 * DefaultPermissionEvaluator:34 * <p/>35 * Currently only one expression is available for evaluation, ${username} will be replaced with the username36 * of the person making the authorization check37 *38 * @author Jesse McConnell <jesse@codehaus.org>39 */40 @Service("permissionEvaluator")
41publicclassDefaultPermissionEvaluator42implementsPermissionEvaluator43 {
44 @Inject
45 @Named(value = "userManager#default")
46privateUserManager userManager;
4748publicboolean evaluate( Permission permission, String operation, String resource, String principal )
49throwsPermissionEvaluationException50 {
51 String permissionResource = permission.getResource().getIdentifier();
5253// expression evaluation checking54if ( permissionResource.startsWith( "${" ) )
55 {
56 String tempStr = permissionResource.substring( 2, permissionResource.indexOf( '}' ) );
5758if ( "username".equals( tempStr ) )
59 {
60try61 {
62 permissionResource = userManager.findUser( principal ).getUsername();
63 }
64catch ( UserNotFoundException e )
65 {
66thrownewPermissionEvaluationException( "unable to locate user to retrieve username", e );
67 }
68catch ( UserManagerException e )
69 {
70thrownewPermissionEvaluationException( "trouble finding user: " + e.getMessage(), e );
71 }
72 }
73 }
7475// check if this permission applies to the operation at all76if ( permission.getOperation().getName().equals( operation ) )
77 {
78// check if it is a global resource, if it is then since the operations match we return true79if ( Resource.GLOBAL.equals( permission.getResource().getIdentifier() ) )
80 {
81returntrue;
82 }
8384// if we are not checking a specific resource, the operation is enough85if ( resource == null )
86 {
87returntrue;
88 }
8990// check if the resource identifier of the permission matches the resource we are checking against91// if it does then return true92if ( permissionResource.equals( resource ) )
93 {
94returntrue;
95 }
96 }
9798return false;
99 }
100101publicUserManager getUserManager()
102 {
103return userManager;
104 }
105106publicvoid setUserManager( UserManager userManager )
107 {
108this.userManager = userManager;
109 }
110 }