useradmin/useradmin/src/main/java/org/apache/felix/useradmin/impl/RoleChecker.java - felix-dev - Git at Google

 /**
  *  Licensed to the Apache Software Foundation (ASF) under one or more
  *  contributor license agreements.  See the NOTICE file distributed with
  *  this work for additional information regarding copyright ownership.
  *  The ASF licenses this file to You under the Apache License, Version 2.0
  *  (the "License"); you may not use this file except in compliance with
  *  the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  *  Unless required by applicable law or agreed to in writing, software
  *  distributed under the License is distributed on an "AS IS" BASIS,
  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  */
 package org.apache.felix.useradmin.impl;

 import java.util.ArrayList;
 import java.util.List;

 import org.osgi.service.useradmin.Group;
 import org.osgi.service.useradmin.Role;

 /**
  * Helper class to check for implied role memberships.
  */
 final class RoleChecker {

     /**
      * Verifies whether the given role is implied by the memberships of the given user.
      *
      * @param user the user to check the roles for, cannot be <code>null</code>;
      * @param impliedRole the implied role to check for, cannot be <code>null</code>.
      * @return <code>true</code> if the given user has the implied role, <code>false</code> otherwise.
      */
     public boolean isImpliedBy(Role role, Role impliedRole) {
         if (role instanceof Group) {
             return isGroupImpliedBy((Group) role, impliedRole, new ArrayList());
         } else /* if ((role instanceof User) || (role instanceof Role)) */ {
             return isRoleImpliedBy(role, impliedRole);
         }
     }

     /**
      * Verifies whether the given group is implied by the given role.
      *
      * @param group the group to check, cannot be <code>null</code>;
      * @param impliedRole the implied role to check for, cannot be <code>null</code>;
      * @param seenGroups a list of all seen groups, used for detecting cycles in groups, cannot be <code>null</code>.
      * @return <code>true</code> if the given group has the implied role, <code>false</code> otherwise.
      */
     private boolean isGroupImpliedBy(Group group, Role impliedRole, List seenGroups) {
         Role[] basicRoles = group.getMembers();
         Role[] requiredRoles = group.getRequiredMembers();

         boolean isImplied = true;

         // Check whether all required roles are implied...
         for (int i = 0; (requiredRoles != null) && isImplied && (i < requiredRoles.length); i++) {
             Role requiredRole = requiredRoles[i];
             if (seenGroups.contains(requiredRole)) {
                 // Found a cycle between groups; always yield false!
                 return false;
             }

             if (requiredRole instanceof Group) {
                 seenGroups.add(requiredRole);
                 isImplied = isGroupImpliedBy((Group) requiredRole, impliedRole, seenGroups);
             } else /* if ((requiredRole instanceof User) || (requiredRole instanceof Role)) */ {
                 isImplied  = isRoleImpliedBy(requiredRole, impliedRole);
             }
         }

         // Required role is not implied by the given role; we can stop now...
         if (!isImplied) {
             return false;
         }

         // Ok; all required roles are implied, let's verify whether a least one basic role is implied...
         isImplied = false;

         // Check whether at least one basic role is implied...
         for (int i = 0; (basicRoles != null) && !isImplied && (i < basicRoles.length); i++) {
             Role basicRole = (Role) basicRoles[i];
             if (seenGroups.contains(basicRole)) {
                 // Found a cycle between groups; always yield false!
                 return false;
             }

             if (basicRole instanceof Group) {
                 seenGroups.add(basicRole);
                 isImplied = isGroupImpliedBy((Group) basicRole, impliedRole, seenGroups);
             } else /* if ((basicRole instanceof User) || (basicRole instanceof Role)) */ {
                 isImplied = isRoleImpliedBy(basicRole, impliedRole);
             }
         }

         return isImplied;
     }

     /**
      * Verifies whether the given role is implied by the given role.
      *
      * @param role the role to check, cannot be <code>null</code>;
      * @param impliedRole the implied role to check for, cannot be <code>null</code>;
      * @return <code>true</code> if the given role is implied by the given role, <code>false</code> otherwise.
      */
     private boolean isRoleImpliedBy(Role role, Role impliedRole) {
         return Role.USER_ANYONE.equals(role.getName()) || (impliedRole != null && impliedRole.getName().equals(role.getName()));
     }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.felix.useradmin.impl;

	import java.util.ArrayList;
	import java.util.List;

	import org.osgi.service.useradmin.Group;
	import org.osgi.service.useradmin.Role;

	/**
	* Helper class to check for implied role memberships.
	*/
	final class RoleChecker {

	/**
	* Verifies whether the given role is implied by the memberships of the given user.
	*
	* @param user the user to check the roles for, cannot be <code>null</code>;
	* @param impliedRole the implied role to check for, cannot be <code>null</code>.
	* @return <code>true</code> if the given user has the implied role, <code>false</code> otherwise.
	*/
	public boolean isImpliedBy(Role role, Role impliedRole) {
	if (role instanceof Group) {
	return isGroupImpliedBy((Group) role, impliedRole, new ArrayList());
	} else /* if ((role instanceof User) \|\| (role instanceof Role)) */ {
	return isRoleImpliedBy(role, impliedRole);
	}
	}

	/**
	* Verifies whether the given group is implied by the given role.
	*
	* @param group the group to check, cannot be <code>null</code>;
	* @param impliedRole the implied role to check for, cannot be <code>null</code>;
	* @param seenGroups a list of all seen groups, used for detecting cycles in groups, cannot be <code>null</code>.
	* @return <code>true</code> if the given group has the implied role, <code>false</code> otherwise.
	*/
	private boolean isGroupImpliedBy(Group group, Role impliedRole, List seenGroups) {
	Role[] basicRoles = group.getMembers();
	Role[] requiredRoles = group.getRequiredMembers();

	boolean isImplied = true;

	// Check whether all required roles are implied...
	for (int i = 0; (requiredRoles != null) && isImplied && (i < requiredRoles.length); i++) {
	Role requiredRole = requiredRoles[i];
	if (seenGroups.contains(requiredRole)) {
	// Found a cycle between groups; always yield false!
	return false;
	}

	if (requiredRole instanceof Group) {
	seenGroups.add(requiredRole);
	isImplied = isGroupImpliedBy((Group) requiredRole, impliedRole, seenGroups);
	} else /* if ((requiredRole instanceof User) \|\| (requiredRole instanceof Role)) */ {
	isImplied = isRoleImpliedBy(requiredRole, impliedRole);
	}
	}

	// Required role is not implied by the given role; we can stop now...
	if (!isImplied) {
	return false;
	}

	// Ok; all required roles are implied, let's verify whether a least one basic role is implied...
	isImplied = false;

	// Check whether at least one basic role is implied...
	for (int i = 0; (basicRoles != null) && !isImplied && (i < basicRoles.length); i++) {
	Role basicRole = (Role) basicRoles[i];
	if (seenGroups.contains(basicRole)) {
	// Found a cycle between groups; always yield false!
	return false;
	}

	if (basicRole instanceof Group) {
	seenGroups.add(basicRole);
	isImplied = isGroupImpliedBy((Group) basicRole, impliedRole, seenGroups);
	} else /* if ((basicRole instanceof User) \|\| (basicRole instanceof Role)) */ {
	isImplied = isRoleImpliedBy(basicRole, impliedRole);
	}
	}

	return isImplied;
	}

	/**
	* Verifies whether the given role is implied by the given role.
	*
	* @param role the role to check, cannot be <code>null</code>;
	* @param impliedRole the implied role to check for, cannot be <code>null</code>;
	* @return <code>true</code> if the given role is implied by the given role, <code>false</code> otherwise.
	*/
	private boolean isRoleImpliedBy(Role role, Role impliedRole) {
	return Role.USER_ANYONE.equals(role.getName()) \|\| (impliedRole != null && impliedRole.getName().equals(role.getName()));
	}
	}