authorization/dseecompat/Permission.java

c9d44c649b67bea43e7549e2bf52870db9e770d0dugan/*
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan * CDDL HEADER START
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan *
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan * The contents of this file are subject to the terms of the
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan * Common Development and Distribution License, Version 1.0 only
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan * (the "License").  You may not use this file except in compliance
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan * with the License.
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan *
8cf870d281dc8c242f083d14dfef05f24aa5fceeJnRouvignac * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
8cf870d281dc8c242f083d14dfef05f24aa5fceeJnRouvignac * or http://forgerock.org/license/CDDLv1.0.html.
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan * See the License for the specific language governing permissions
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan * and limitations under the License.
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan *
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan * When distributing Covered Code, include this CDDL HEADER in each
8cf870d281dc8c242f083d14dfef05f24aa5fceeJnRouvignac * file and include the License file at legal-notices/CDDLv1_0.txt.
8cf870d281dc8c242f083d14dfef05f24aa5fceeJnRouvignac * If applicable, add the following below this CDDL HEADER, with the
8cf870d281dc8c242f083d14dfef05f24aa5fceeJnRouvignac * fields enclosed by brackets "[]" replaced with your own identifying
8cf870d281dc8c242f083d14dfef05f24aa5fceeJnRouvignac * information:
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan *      Portions Copyright [yyyy] [name of copyright owner]
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan *
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan * CDDL HEADER END
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan *
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan *
65e99be301d5a19db33f25841f671756e8dbb9b5ludovicp *      Copyright 2008 Sun Microsystems, Inc.
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac *      Portions Copyright 2013 ForgeRock AS
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan */
c9d44c649b67bea43e7549e2bf52870db9e770d0duganpackage org.opends.server.authorization.dseecompat;
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suterimport static org.opends.messages.AccessControlMessages.*;
31ef6298b4179ddca52d4b1d0aad873af9d17155duganimport static org.opends.server.authorization.dseecompat.Aci.*;
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac
0253a7dc97ec1ab462376979562c69636573904aJnRouvignacimport java.util.Iterator;
0253a7dc97ec1ab462376979562c69636573904aJnRouvignacimport java.util.Set;
c9d44c649b67bea43e7549e2bf52870db9e770d0duganimport java.util.regex.Pattern;
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan
0253a7dc97ec1ab462376979562c69636573904aJnRouvignacimport org.opends.messages.Message;
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan/**
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan * A class representing the permissions of an bind rule. The permissions
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan * of an ACI look like deny(search, write).
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan */
c9d44c649b67bea43e7549e2bf52870db9e770d0duganpublic class Permission {
31ef6298b4179ddca52d4b1d0aad873af9d17155dugan
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac    /**
31ef6298b4179ddca52d4b1d0aad873af9d17155dugan     *  The access type (allow,deny) corresponding to the ACI permission value.
31ef6298b4179ddca52d4b1d0aad873af9d17155dugan     */
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan    private EnumAccessType accessType = null;
31ef6298b4179ddca52d4b1d0aad873af9d17155dugan
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac    /**
31ef6298b4179ddca52d4b1d0aad873af9d17155dugan     * The rights (search, add, delete, ...) corresponding to the ACI rights
31ef6298b4179ddca52d4b1d0aad873af9d17155dugan     * value.
31ef6298b4179ddca52d4b1d0aad873af9d17155dugan     */
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan    private int rights;
31ef6298b4179ddca52d4b1d0aad873af9d17155dugan
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac    /**
31ef6298b4179ddca52d4b1d0aad873af9d17155dugan     * Regular expression token representing the separator.
31ef6298b4179ddca52d4b1d0aad873af9d17155dugan     */
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan    private static final String separatorToken = ",";
31ef6298b4179ddca52d4b1d0aad873af9d17155dugan
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac    /**
31ef6298b4179ddca52d4b1d0aad873af9d17155dugan     * Regular expression used to match the ACI rights string.
31ef6298b4179ddca52d4b1d0aad873af9d17155dugan     */
31ef6298b4179ddca52d4b1d0aad873af9d17155dugan    private static final String rightsRegex = ZERO_OR_MORE_WHITESPACE +
31ef6298b4179ddca52d4b1d0aad873af9d17155dugan            WORD_GROUP + ZERO_OR_MORE_WHITESPACE +
31ef6298b4179ddca52d4b1d0aad873af9d17155dugan            "(," + ZERO_OR_MORE_WHITESPACE + WORD_GROUP +
31ef6298b4179ddca52d4b1d0aad873af9d17155dugan            ZERO_OR_MORE_WHITESPACE +  ")*";
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan    /**
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan     * Constructor creating a class representing a permission part of an bind
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan     * rule.
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan     * @param accessType A string representing access type.
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan     * @param rights  A string representing the rights.
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan     * @throws AciException If the access type string or rights string
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan     * is invalid.
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan     */
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan    private Permission(String accessType, String rights)
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan    throws AciException {
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan        if ((this.accessType =
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan            EnumAccessType.decode(accessType)) == null){
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter            Message message =
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter                WARN_ACI_SYNTAX_INVALID_ACCESS_TYPE_VERSION.get(accessType);
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter            throw new AciException(message);
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan        }
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan        if (!Pattern.matches(rightsRegex, rights)){
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter            Message message = WARN_ACI_SYNTAX_INVALID_RIGHTS_SYNTAX.get(rights);
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter            throw new AciException(message);
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan        }
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan        else {
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan            Pattern separatorPattern = Pattern.compile(separatorToken);
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan            String[] rightsStr =
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan                separatorPattern.split(rights.replaceAll("\\s", ""));
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan            for (String r : rightsStr) {
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan                EnumRight right = EnumRight.decode(r);
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan                if (right != null)
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan                    this.rights|= EnumRight.getMask(right);
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan                else {
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter                    Message message =
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter                        WARN_ACI_SYNTAX_INVALID_RIGHTS_KEYWORD.get(rights);
53247d28ba99538f841a13ea2cde01c3faa3ef36kenneth_suter                    throw new AciException(message);
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan                }
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan            }
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan        }
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan    }
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan    /**
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan     * Decode an string representation of bind rule permission into a Permission
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan     * class.
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan     * @param accessType  A string representing the access type.
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan     * @param rights   A string representing the rights.
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan     * @return  A Permission class representing the permissions of the bind
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan     * rule.
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan     * @throws AciException  If the accesstype or rights strings are invalid.
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan     */
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac    public static Permission decode (String accessType, String rights)
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac            throws AciException {
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan        return new Permission(accessType, rights);
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan    }
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan    /**
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan     * Checks if a given access type enumeration is equal to this classes
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan     * access type.
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan     * @param accessType An enumeration representing an access type.
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan     * @return True if the access types are equal.
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan     */
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan    public boolean hasAccessType(EnumAccessType accessType) {
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan        return this.accessType == accessType;
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan    }
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan    /**
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan     * Checks if the permission's rights has the specified rights.
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan     * @param  rights The rights to check for.
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan     * @return True if the permission's rights has the specified rights.
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan     */
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan    public boolean hasRights(int rights) {
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan        return (this.rights & rights) != 0;
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan    }
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac    /** {@inheritDoc} */
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac    @Override
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac    public String toString() {
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac        final StringBuilder sb = new StringBuilder();
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac        toString(sb);
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac        return sb.toString();
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac    }
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac    /**
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac     * Appends a string representation of this object to the provided buffer.
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac     *
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac     * @param buffer
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac     *          The buffer into which a string representation of this object
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac     *          should be appended.
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac     */
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac    public final void toString(StringBuilder buffer) {
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac        if (this.accessType != null) {
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac            buffer.append(accessType.toString().toLowerCase());
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac            Set<EnumRight> enumRights = EnumRight.getEnumRight(rights);
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac            if (enumRights != null) {
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac                buffer.append("(");
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac                for (Iterator<EnumRight> iter = enumRights.iterator(); iter
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac                        .hasNext();) {
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac                    buffer.append(iter.next().getRight());
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac                    if (iter.hasNext()) {
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac                        buffer.append(",");
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac                    }
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac                }
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac                buffer.append(")");
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac            } else {
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac                buffer.append("(all)");
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac            }
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac        }
0253a7dc97ec1ab462376979562c69636573904aJnRouvignac    }
c9d44c649b67bea43e7549e2bf52870db9e770d0dugan}