guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleObjectPermissionSet.java - guacamole-client - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */

 package org.apache.guacamole.net.auth.simple;

 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.GuacamoleSecurityException;
 import org.apache.guacamole.net.auth.permission.ObjectPermission;
 import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;

 /**
  * A read-only implementation of ObjectPermissionSet which uses a backing Set
  * of Permissions to determine which permissions are present.
  */
 public class SimpleObjectPermissionSet implements ObjectPermissionSet {

     /**
      * The set of all permissions currently granted.
      */
     private Set<ObjectPermission> permissions = Collections.emptySet();

     /**
      * Creates a new empty SimpleObjectPermissionSet. If you are not extending
      * SimpleObjectPermissionSet and only need an immutable, empty
      * ObjectPermissionSet, consider using {@link ObjectPermissionSet#EMPTY_SET}
      * instead.
      */
     public SimpleObjectPermissionSet() {
     }

     /**
      * Creates a new set of ObjectPermissions for each possible combination of
      * the given identifiers and permission types.
      *
      * @param identifiers
      *     The identifiers which should have one ObjectPermission for each of
      *     the given permission types.
      *
      * @param types
      *     The permissions which should be granted for each of the given
      *     identifiers.
      *
      * @return
      *     A new set of ObjectPermissions containing one ObjectPermission for
      *     each possible combination of the given identifiers and permission
      *     types.
      */
     private static Set<ObjectPermission> createPermissions(Collection<String> identifiers,
             Collection<ObjectPermission.Type> types) {

         // Add a permission of each type to the set for each identifier given
         Set<ObjectPermission> permissions = new HashSet<>(identifiers.size());
         types.forEach(type -> {
             identifiers.forEach(identifier -> permissions.add(new ObjectPermission(type, identifier)));
         });

         return permissions;

     }

     /**
      * Creates a new SimpleObjectPermissionSet which contains permissions for
      * all possible unique combinations of the given identifiers and permission
      * types.
      *
      * @param identifiers
      *     The identifiers which should be associated permissions having each
      *     of the given permission types.
      *
      * @param types
      *     The types of permissions which should be granted for each of the
      *     given identifiers.
      */
     public SimpleObjectPermissionSet(Collection<String> identifiers,
             Collection<ObjectPermission.Type> types) {
         this(createPermissions(identifiers, types));
     }

     /**
      * Creates a new SimpleObjectPermissionSet which contains only READ
      * permissions for each of the given identifiers.
      *
      * @param identifiers
      *     The identifiers which should each be associated with READ
      *     permission.
      */
     public SimpleObjectPermissionSet(Collection<String> identifiers) {
         this(identifiers, Collections.singletonList(ObjectPermission.Type.READ));
     }

     /**
      * Creates a new SimpleObjectPermissionSet which contains the permissions
      * within the given Set.
      *
      * @param permissions
      *     The Set of permissions this SimpleObjectPermissionSet should
      *     contain.
      */
     public SimpleObjectPermissionSet(Set<ObjectPermission> permissions) {
         this.permissions = permissions;
     }

     /**
      * Sets the Set which backs this SimpleObjectPermissionSet. Future function
      * calls on this SimpleObjectPermissionSet will use the provided Set.
      *
      * @param permissions
      *     The Set of permissions this SimpleObjectPermissionSet should
      *     contain.
      */
     protected void setPermissions(Set<ObjectPermission> permissions) {
         this.permissions = permissions;
     }

     @Override
     public Set<ObjectPermission> getPermissions() {
         return permissions;
     }

     @Override
     public boolean hasPermission(ObjectPermission.Type permission,
             String identifier) throws GuacamoleException {

         ObjectPermission objectPermission =
                 new ObjectPermission(permission, identifier);

         return permissions.contains(objectPermission);

     }

     @Override
     public void addPermission(ObjectPermission.Type permission,
             String identifier) throws GuacamoleException {
         throw new GuacamoleSecurityException("Permission denied.");
     }

     @Override
     public void removePermission(ObjectPermission.Type permission,
             String identifier) throws GuacamoleException {
         throw new GuacamoleSecurityException("Permission denied.");
     }

     @Override
     public Collection<String> getAccessibleObjects(
             Collection<ObjectPermission.Type> permissionTypes,
             Collection<String> identifiers) throws GuacamoleException {

         Collection<String> accessibleObjects = new ArrayList<String>(permissions.size());

         // For each identifier/permission combination
         for (String identifier : identifiers) {
             for (ObjectPermission.Type permissionType : permissionTypes) {

                 // Add identifier if at least one requested permission is granted
                 ObjectPermission permission = new ObjectPermission(permissionType, identifier);
                 if (permissions.contains(permission)) {
                     accessibleObjects.add(identifier);
                     break;
                 }

             }
         }

         return accessibleObjects;

     }

     @Override
     public void addPermissions(Set<ObjectPermission> permissions)
             throws GuacamoleException {
         throw new GuacamoleSecurityException("Permission denied.");
     }

     @Override
     public void removePermissions(Set<ObjectPermission> permissions)
             throws GuacamoleException {
         throw new GuacamoleSecurityException("Permission denied.");
     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/

	package org.apache.guacamole.net.auth.simple;

	import java.util.ArrayList;
	import java.util.Collection;
	import java.util.Collections;
	import java.util.HashSet;
	import java.util.Set;
	import org.apache.guacamole.GuacamoleException;
	import org.apache.guacamole.GuacamoleSecurityException;
	import org.apache.guacamole.net.auth.permission.ObjectPermission;
	import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;

	/**
	* A read-only implementation of ObjectPermissionSet which uses a backing Set
	* of Permissions to determine which permissions are present.
	*/
	public class SimpleObjectPermissionSet implements ObjectPermissionSet {

	/**
	* The set of all permissions currently granted.
	*/
	private Set<ObjectPermission> permissions = Collections.emptySet();

	/**
	* Creates a new empty SimpleObjectPermissionSet. If you are not extending
	* SimpleObjectPermissionSet and only need an immutable, empty
	* ObjectPermissionSet, consider using {@link ObjectPermissionSet#EMPTY_SET}
	* instead.
	*/
	public SimpleObjectPermissionSet() {
	}

	/**
	* Creates a new set of ObjectPermissions for each possible combination of
	* the given identifiers and permission types.
	*
	* @param identifiers
	* The identifiers which should have one ObjectPermission for each of
	* the given permission types.
	*
	* @param types
	* The permissions which should be granted for each of the given
	* identifiers.
	*
	* @return
	* A new set of ObjectPermissions containing one ObjectPermission for
	* each possible combination of the given identifiers and permission
	* types.
	*/
	private static Set<ObjectPermission> createPermissions(Collection<String> identifiers,
	Collection<ObjectPermission.Type> types) {

	// Add a permission of each type to the set for each identifier given
	Set<ObjectPermission> permissions = new HashSet<>(identifiers.size());
	types.forEach(type -> {
	identifiers.forEach(identifier -> permissions.add(new ObjectPermission(type, identifier)));
	});

	return permissions;

	}

	/**
	* Creates a new SimpleObjectPermissionSet which contains permissions for
	* all possible unique combinations of the given identifiers and permission
	* types.
	*
	* @param identifiers
	* The identifiers which should be associated permissions having each
	* of the given permission types.
	*
	* @param types
	* The types of permissions which should be granted for each of the
	* given identifiers.
	*/
	public SimpleObjectPermissionSet(Collection<String> identifiers,
	Collection<ObjectPermission.Type> types) {
	this(createPermissions(identifiers, types));
	}

	/**
	* Creates a new SimpleObjectPermissionSet which contains only READ
	* permissions for each of the given identifiers.
	*
	* @param identifiers
	* The identifiers which should each be associated with READ
	* permission.
	*/
	public SimpleObjectPermissionSet(Collection<String> identifiers) {
	this(identifiers, Collections.singletonList(ObjectPermission.Type.READ));
	}

	/**
	* Creates a new SimpleObjectPermissionSet which contains the permissions
	* within the given Set.
	*
	* @param permissions
	* The Set of permissions this SimpleObjectPermissionSet should
	* contain.
	*/
	public SimpleObjectPermissionSet(Set<ObjectPermission> permissions) {
	this.permissions = permissions;
	}

	/**
	* Sets the Set which backs this SimpleObjectPermissionSet. Future function
	* calls on this SimpleObjectPermissionSet will use the provided Set.
	*
	* @param permissions
	* The Set of permissions this SimpleObjectPermissionSet should
	* contain.
	*/
	protected void setPermissions(Set<ObjectPermission> permissions) {
	this.permissions = permissions;
	}

	@Override
	public Set<ObjectPermission> getPermissions() {
	return permissions;
	}

	@Override
	public boolean hasPermission(ObjectPermission.Type permission,
	String identifier) throws GuacamoleException {

	ObjectPermission objectPermission =
	new ObjectPermission(permission, identifier);

	return permissions.contains(objectPermission);

	}

	@Override
	public void addPermission(ObjectPermission.Type permission,
	String identifier) throws GuacamoleException {
	throw new GuacamoleSecurityException("Permission denied.");
	}

	@Override
	public void removePermission(ObjectPermission.Type permission,
	String identifier) throws GuacamoleException {
	throw new GuacamoleSecurityException("Permission denied.");
	}

	@Override
	public Collection<String> getAccessibleObjects(
	Collection<ObjectPermission.Type> permissionTypes,
	Collection<String> identifiers) throws GuacamoleException {

	Collection<String> accessibleObjects = new ArrayList<String>(permissions.size());

	// For each identifier/permission combination
	for (String identifier : identifiers) {
	for (ObjectPermission.Type permissionType : permissionTypes) {

	// Add identifier if at least one requested permission is granted
	ObjectPermission permission = new ObjectPermission(permissionType, identifier);
	if (permissions.contains(permission)) {
	accessibleObjects.add(identifier);
	break;
	}

	}
	}

	return accessibleObjects;

	}

	@Override
	public void addPermissions(Set<ObjectPermission> permissions)
	throws GuacamoleException {
	throw new GuacamoleSecurityException("Permission denied.");
	}

	@Override
	public void removePermissions(Set<ObjectPermission> permissions)
	throws GuacamoleException {
	throw new GuacamoleSecurityException("Permission denied.");
	}

	}