/*
Copyright 2010-2013 Josh Drummond
This file is part of WebPasswordSafe.
WebPasswordSafe is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
WebPasswordSafe is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with WebPasswordSafe; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
package net.webpasswordsafe.server.plugin.authorization;
import java.util.Map;
import net.webpasswordsafe.common.model.User;
import net.webpasswordsafe.common.util.Constants;
import net.webpasswordsafe.common.util.Constants.Function;
import net.webpasswordsafe.common.util.Constants.Role;
import net.webpasswordsafe.server.report.ReportConfig;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
/**
* @author Josh Drummond
*
*/
public class DefaultAuthorizer implements Authorizer
{
private static Logger LOG = Logger.getLogger(DefaultAuthorizer.class);
@Autowired
private ReportConfig reportConfig;
private boolean allowAdminBypassPasswordPermissions;
@Override
public boolean isAuthorized(User user, String action)
{
boolean isAuthorized = false;
if ((user != null) && (action != null))
{
if (action.equals(Function.ADD_GROUP.name()) ||
action.equals(Function.UPDATE_GROUP.name()) ||
action.equals(Function.DELETE_GROUP.name()) ||
action.equals(Function.ADD_USER.name()) ||
action.equals(Function.UPDATE_USER.name()) ||
(allowAdminBypassPasswordPermissions && action.equals(Function.BYPASS_PASSWORD_PERMISSIONS.name())) ||
action.equals(Function.BYPASS_TEMPLATE_SHARING.name()) ||
action.equals(Function.UNBLOCK_IP.name()))
{
isAuthorized = user.getRoles().contains(Role.ROLE_ADMIN);
}
else if (action.equals(Function.ADD_PASSWORD.name()) ||
action.equals(Function.ADD_TEMPLATE.name()) ||
action.equals(Function.UPDATE_TEMPLATE.name()))
{
isAuthorized = user.getRoles().contains(Role.ROLE_USER);
}
else if (action.startsWith(Constants.VIEW_REPORT_PREFIX))
{
String reportName = action.substring(Constants.VIEW_REPORT_PREFIX.length());
Map<String, Object> report = reportConfig.getReport(reportName);
if (report != null)
{
Role reportRole = Role.valueOf((String)report.get(Constants.ROLE));
isAuthorized = user.getRoles().contains(reportRole);
}
}
}
LOG.debug("user=["+((user==null)?"":user.getUsername())+"] action=["+action+"] authorized? "+isAuthorized);
return isAuthorized;
}
public boolean isAllowAdminBypassPasswordPermissions()
{
return allowAdminBypassPasswordPermissions;
}
public void setAllowAdminBypassPasswordPermissions(
boolean allowAdminBypassPasswordPermissions)
{
this.allowAdminBypassPasswordPermissions = allowAdminBypassPasswordPermissions;
}
}