Source Code of org.geoserver.security.AbstractResourceAccessManager

/* (c) 2014 Open Source Geospatial Foundation - all rights reserved
 * (c) 2001 - 2013 OpenPlans
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 */
package org.geoserver.security;

import org.geoserver.catalog.Catalog;
import org.geoserver.catalog.CatalogInfo;
import org.geoserver.catalog.LayerGroupInfo;
import org.geoserver.catalog.LayerInfo;
import org.geoserver.catalog.NamespaceInfo;
import org.geoserver.catalog.Predicates;
import org.geoserver.catalog.ResourceInfo;
import org.geoserver.catalog.StyleInfo;
import org.geoserver.catalog.WorkspaceInfo;
import org.geoserver.ows.util.OwsUtils;
import org.geoserver.platform.GeoServerExtensions;
import org.geotools.filter.expression.InternalVolatileFunction;
import org.opengis.filter.Filter;
import org.opengis.filter.FilterFactory;
import org.springframework.security.core.Authentication;

/**
 * Abstract base class for {@link ResourceAccessManager} implementations.
 * <p>
 * This base class returns null from every method meaning no limits.
 * </p>
 * @author Justin Deoliveira, OpenGeo
 *
 */
public class AbstractResourceAccessManager implements ResourceAccessManager {

    @Override
    public WorkspaceAccessLimits getAccessLimits(Authentication user,
            WorkspaceInfo workspace) {
        return null;
    }

    @Override
    public DataAccessLimits getAccessLimits(Authentication user, LayerInfo layer) {
        return null;
    }

    @Override
    public DataAccessLimits getAccessLimits(Authentication user, ResourceInfo resource) {
        return null;
    }

    @Override
    public StyleAccessLimits getAccessLimits(Authentication user, StyleInfo style) {
        return null;
    }

    @Override
    public LayerGroupAccessLimits getAccessLimits(Authentication user, LayerGroupInfo layerGroup) {
        return null;
    }

    protected Catalog getCatalog() {
        return (Catalog) GeoServerExtensions.bean("catalog");
    }
    protected SecureCatalogImpl getSecurityWrapper() {
        return GeoServerExtensions.bean(SecureCatalogImpl.class);
    }

    @Override
    public Filter getSecurityFilter(final Authentication user,
            final Class<? extends CatalogInfo> clazz) {

        org.opengis.filter.expression.Function visible = new InternalVolatileFunction() {
            @Override
            public Boolean evaluate(Object object) {
                CatalogInfo info = (CatalogInfo) object;
                if(info instanceof NamespaceInfo) {
                    info = getCatalog().getWorkspaceByName(((NamespaceInfo) info).getPrefix());
                }
                String name = (String) OwsUtils.property(info, "name", String.class);
                WrapperPolicy policy = getSecurityWrapper()
                        .buildWrapperPolicy(AbstractResourceAccessManager.this, user, info);
                AccessLevel accessLevel = policy.getAccessLevel();
                boolean visible = !AccessLevel.HIDDEN.equals(accessLevel);
                return Boolean.valueOf(visible);
            }
        };

        FilterFactory factory = Predicates.factory;

        // create a filter combined with the security credentials check
        Filter filter = factory.equals(factory.literal(Boolean.TRUE), visible);

        return filter;
    }

}