/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.wicket.authroles.authorization.strategies.role.metadata;
import java.util.HashMap;
import java.util.Map;
import org.apache.wicket.Component;
import org.apache.wicket.IClusterable;
import org.apache.wicket.authroles.authorization.strategies.role.Roles;
import org.apache.wicket.request.component.IRequestableComponent;
/**
* An internal data structure that maps a given component class to a set of role strings.
* Permissions can be granted to instantiate a given component class via authorize(Class, Roles
* roles) and denied via unauthorize(Class, Roles roles). All authorization can be removed for a
* given class with authorizeAll(Class).
*
* @author Eelco Hillenius
* @author Jonathan Locke
*/
public class InstantiationPermissions implements IClusterable
{
private static final long serialVersionUID = 1L;
/** Holds roles objects for component classes */
private final Map<Class<? extends Component>, Roles> rolesForComponentClass = new HashMap<Class<? extends Component>, Roles>();
/**
* Gives the given role permission to instantiate the given class.
*
* @param <T>
* @param componentClass
* The component class
* @param rolesToAdd
* The roles to add
*/
public final <T extends Component> void authorize(final Class<T> componentClass,
final Roles rolesToAdd)
{
if (componentClass == null)
{
throw new IllegalArgumentException("Argument componentClass cannot be null");
}
if (rolesToAdd == null)
{
throw new IllegalArgumentException("Argument rolesToadd cannot be null");
}
Roles roles = rolesForComponentClass.get(componentClass);
if (roles == null)
{
roles = new Roles();
rolesForComponentClass.put(componentClass, roles);
}
roles.addAll(rolesToAdd);
}
/**
* Gives all roles permission to instantiate the given class. Note that this is only relevant if
* a role was previously authorized for that class. If no roles where previously authorized the
* effect of the unauthorize call is that no roles at all will be authorized for that class.
*
* @param <T>
* @param componentClass
* The component class
*/
public final <T extends Component> void authorizeAll(final Class<T> componentClass)
{
if (componentClass == null)
{
throw new IllegalArgumentException("Argument componentClass cannot be null");
}
rolesForComponentClass.remove(componentClass);
}
/**
* Gets the roles that have a binding with the given component class.
*
* @param <T>
*
* @param componentClass
* the component class
* @return the roles that have a binding with the given component class, or null if no entries
* are found
*/
public <T extends IRequestableComponent> Roles authorizedRoles(final Class<T> componentClass)
{
if (componentClass == null)
{
throw new IllegalArgumentException("Argument componentClass cannot be null");
}
return rolesForComponentClass.get(componentClass);
}
/**
* Removes permission for the given role to instantiate the given class.
*
* @param <T>
*
* @param componentClass
* The class
* @param rolesToRemove
* The role to deny
*/
public final <T extends Component> void unauthorize(final Class<T> componentClass,
final Roles rolesToRemove)
{
if (componentClass == null)
{
throw new IllegalArgumentException("Argument componentClass cannot be null");
}
if (rolesToRemove == null)
{
throw new IllegalArgumentException("Argument rolesToRemove cannot be null");
}
Roles roles = rolesForComponentClass.get(componentClass);
if (roles != null)
{
roles.removeAll(rolesToRemove);
}
else
{
roles = new Roles();
rolesForComponentClass.put(componentClass, roles);
}
// If we removed the last authorized role, we authorize the empty role
// so that removing authorization can't suddenly open something up to
// everyone.
if (roles.size() == 0)
{
roles.add(MetaDataRoleAuthorizationStrategy.NO_ROLE);
}
}
/**
* @return gets map with roles objects for a component classes
*/
protected final Map<Class<? extends Component>, Roles> getRolesForComponentClass()
{
return rolesForComponentClass;
}
}