authorization/dseecompat/Permission.java

823N/A/*
823N/A * CDDL HEADER START
823N/A *
823N/A * The contents of this file are subject to the terms of the
823N/A * Common Development and Distribution License, Version 1.0 only
823N/A * (the "License").  You may not use this file except in compliance
823N/A * with the License.
823N/A *
823N/A * You can obtain a copy of the license at
823N/A * trunk/opends/resource/legal-notices/OpenDS.LICENSE
823N/A * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
823N/A * See the License for the specific language governing permissions
823N/A * and limitations under the License.
823N/A *
823N/A * When distributing Covered Code, include this CDDL HEADER in each
823N/A * file and include the License file at
823N/A * trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
823N/A * add the following below this CDDL HEADER, with the fields enclosed
873N/A * by brackets "[]" replaced with your own identifying information:
823N/A *      Portions Copyright [yyyy] [name of copyright owner]
823N/A *
823N/A * CDDL HEADER END
823N/A *
823N/A *
3215N/A *      Copyright 2008 Sun Microsystems, Inc.
823N/A */
823N/A
823N/Apackage org.opends.server.authorization.dseecompat;
2086N/Aimport org.opends.messages.Message;
823N/A
2086N/Aimport static org.opends.messages.AccessControlMessages.*;
897N/Aimport static org.opends.server.authorization.dseecompat.Aci.*;
823N/Aimport java.util.regex.Pattern;
823N/A
823N/A/**
823N/A * A class representing the permissions of an bind rule. The permissions
823N/A * of an ACI look like deny(search, write).
823N/A */
823N/Apublic class Permission {
897N/A
897N/A    /*
897N/A     *  The access type (allow,deny) corresponding to the ACI permission value.
897N/A     */
823N/A    private EnumAccessType accessType = null;
897N/A
897N/A    /*
897N/A     * The rights (search, add, delete, ...) corresponding to the ACI rights
897N/A     * value.
897N/A     */
823N/A    private int rights;
897N/A
897N/A    /*
897N/A     * Regular expression token representing the separator.
897N/A     */
823N/A    private static final String separatorToken = ",";
897N/A
897N/A    /*
897N/A     * Regular expression used to match the ACI rights string.
897N/A     */
897N/A    private static final String rightsRegex = ZERO_OR_MORE_WHITESPACE +
897N/A            WORD_GROUP + ZERO_OR_MORE_WHITESPACE +
897N/A            "(," + ZERO_OR_MORE_WHITESPACE + WORD_GROUP +
897N/A            ZERO_OR_MORE_WHITESPACE +  ")*";
823N/A
823N/A    /**
823N/A     * Constructor creating a class representing a permission part of an bind
823N/A     * rule.
823N/A     * @param accessType A string representing access type.
823N/A     * @param rights  A string representing the rights.
823N/A     * @throws AciException If the access type string or rights string
823N/A     * is invalid.
823N/A     */
823N/A    private Permission(String accessType, String rights)
823N/A    throws AciException {
823N/A        if ((this.accessType =
823N/A            EnumAccessType.decode(accessType)) == null){
2086N/A            Message message =
2086N/A                WARN_ACI_SYNTAX_INVALID_ACCESS_TYPE_VERSION.get(accessType);
2086N/A            throw new AciException(message);
823N/A        }
823N/A        if (!Pattern.matches(rightsRegex, rights)){
2086N/A            Message message = WARN_ACI_SYNTAX_INVALID_RIGHTS_SYNTAX.get(rights);
2086N/A            throw new AciException(message);
823N/A        }
823N/A        else {
823N/A            Pattern separatorPattern = Pattern.compile(separatorToken);
823N/A            String[] rightsStr =
823N/A                separatorPattern.split(rights.replaceAll("\\s", ""));
823N/A            for (String r : rightsStr) {
823N/A                EnumRight right = EnumRight.decode(r);
823N/A                if (right != null)
823N/A                    this.rights|= EnumRight.getMask(right);
823N/A                else {
2086N/A                    Message message =
2086N/A                        WARN_ACI_SYNTAX_INVALID_RIGHTS_KEYWORD.get(rights);
2086N/A                    throw new AciException(message);
823N/A                }
823N/A            }
823N/A        }
823N/A    }
823N/A
823N/A    /**
823N/A     * Decode an string representation of bind rule permission into a Permission
823N/A     * class.
823N/A     * @param accessType  A string representing the access type.
823N/A     * @param rights   A string representing the rights.
823N/A     * @return  A Permission class representing the permissions of the bind
823N/A     * rule.
823N/A     * @throws AciException  If the accesstype or rights strings are invalid.
823N/A     */
823N/A    public static
823N/A    Permission decode (String accessType, String rights)
823N/A    throws AciException {
823N/A        return new Permission(accessType, rights);
823N/A    }
823N/A
823N/A    /**
823N/A     * Checks if a given access type enumeration is equal to this classes
823N/A     * access type.
823N/A     * @param accessType An enumeration representing an access type.
823N/A     * @return True if the access types are equal.
823N/A     */
823N/A    public boolean hasAccessType(EnumAccessType accessType) {
823N/A        return this.accessType == accessType;
823N/A    }
823N/A
823N/A    /**
823N/A     * Checks if the permission's rights has the specified rights.
823N/A     * @param  rights The rights to check for.
823N/A     * @return True if the permission's rights has the specified rights.
823N/A     */
823N/A    public boolean hasRights(int rights) {
823N/A        return (this.rights & rights) != 0;
823N/A    }
823N/A}