api/src/java/org/apache/fulcrum/security/model/turbine/TurbineAccessControlListImpl.java - turbine-fulcrum-security - Git at Google

 package org.apache.fulcrum.security.model.turbine;

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */

 import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;

 import org.apache.avalon.framework.logger.Logger;
 import org.apache.fulcrum.security.GroupManager;
 import org.apache.fulcrum.security.RoleManager;
 import org.apache.fulcrum.security.entity.Group;
 import org.apache.fulcrum.security.entity.Permission;
 import org.apache.fulcrum.security.entity.Role;
 import org.apache.fulcrum.security.model.turbine.entity.TurbineRole;
 import org.apache.fulcrum.security.model.turbine.entity.TurbineUserGroupRole;
 import org.apache.fulcrum.security.util.FulcrumSecurityException;
 import org.apache.fulcrum.security.util.GroupSet;
 import org.apache.fulcrum.security.util.PermissionSet;
 import org.apache.fulcrum.security.util.RoleSet;

 /**
  * This is a control class that makes it easy to find out if a
  * particular User has a given Permission.  It also determines if a
  * User has a a particular Role.
  *
  * @author <a href="mailto:jmcnally@collab.net">John D. McNally</a>
  * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
  * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a>
  * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
  * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
  * @author <a href="mailto:marco@intermeta.de">Marco Kn&uuml;ttel</a>
  * @version $Id: TurbineAccessControlList.java 1096130 2019-03-25 10:37:19Z painter $
  */
 @SuppressWarnings("rawtypes")
 public class TurbineAccessControlListImpl
         implements TurbineAccessControlList
 {
     /** Serial version */
 	private static final long serialVersionUID = 2678947159949477950L;

     /** The sets of roles that the user has in different groups */
     private Map<Group, RoleSet> roleSets;

     /** The sets of permissions that the user has in different groups */
     private Map<Group, PermissionSet> permissionSets;

     /** The global group */
     private Group globalGroup;

     /** The group manager */
     private GroupManager groupManager;

     /** The distinct list of groups that this user is part of */
     private GroupSet groupSet = new GroupSet();

     /** The distinct list of roles that this user is part of */
     private RoleSet roleSet = new RoleSet();

     /** the distinct list of permissions that this user has */
     private PermissionSet permissionSet = new PermissionSet();

     /** the Avalon logger */
     private transient Logger logger;

     /**
      * Constructs a new AccessControlList.
      *
      * This class follows 'immutable' pattern - it's objects can't be modified
      * once they are created. This means that the permissions the users have are
      * in effect form the moment they log in to the moment they log out, and
      * changes made to the security settings in that time are not reflected
      * in the state of this object. If you need to reset an user's permissions
      * you need to invalidate his session. <br>
      *
      * @param turbineUserGroupRoleSet
      *            The set of user/group/role relations that this acl is built from
      * @param groupManager the Group manager
      * @param roleManager the Role manager
      * @param modelManager the model Manager
      * @param logger
      *
      * @throws FulcrumSecurityException if the global group cannot be retrieved
      */
     public TurbineAccessControlListImpl(
     		Set<? extends TurbineUserGroupRole> turbineUserGroupRoleSet,
     		GroupManager groupManager, RoleManager roleManager, TurbineModelManager modelManager, Logger logger) throws FulcrumSecurityException
     {
         this.roleSets = new HashMap<Group, RoleSet>();
         this.permissionSets = new HashMap<Group, PermissionSet>();
         this.groupManager = groupManager;

         this.logger = logger;

         for (TurbineUserGroupRole ugr : turbineUserGroupRoleSet)
         {
             Group group = ugr.getGroup();
             // check if group matches
             if (this.logger != null && this.groupManager != null && group.getClass() != this.groupManager.getGroupInstance().getClass()) {
                 this.logger.warn( "Turbine group classes do not match, some lookup might fail, check in componentConfiguration.xml. Expected class: " +
                         this.groupManager.getGroupInstance().getClass() + ", actual class: " +group.getClass()
             );
             }
             groupSet.add(group);

             Role role = ugr.getRole();
             if (!roleSet.containsId(role.getId()))
             {
                 // get fresh reference from role manager to make sure the related
                 // permissions are populated
                 if (roleManager != null)
                 {
                     role = roleManager.getRoleById(role.getId());
                 }
                 roleSet.add(role);
             }
             else
             {
                 role = roleSet.getById(role.getId());
             }
             if (roleSets.containsKey(group))
             {
             	roleSets.get(group).add(role);
             }
             else
             {
             	RoleSet rs = new RoleSet();
             	rs.add(role);
             	roleSets.put(group, rs);
             }
             // if required, otherwise skip
             if (role instanceof TurbineRole) {
 	            PermissionSet ps = ((TurbineRole) role).getPermissions();
 	            permissionSet.add(ps);
 	            if (permissionSets.containsKey(group))
 	            {
 	            	permissionSets.get(group).add(ps);
 	            }
 	            else
 	            {
 	            	permissionSets.put(group, ps);
 	            }
             }
         }
         // this check might be not needed any more, required for custom group
         if (modelManager != null)
         {
         	this.globalGroup = modelManager.getGlobalGroup();
         }
     }

     /**
      * Retrieves a set of Roles an user is assigned in a Group.
      *
      * @param group the Group
      * @return the set of Roles this user has within the Group.
      */
     @Override
     public RoleSet getRoles(Group group)
     {
         if (group == null)
         {
             return null;
         }
         return roleSets.get(group);
     }

     /**
      * Retrieves a set of Roles an user is assigned in the global Group.
      *
      * @return the set of Roles this user has within the global Group or null.
      */
     @Override
     public RoleSet getRoles()
     {
         return getRoles(globalGroup);
     }

     /**
      * Retrieves a set of Permissions an user is assigned in a Group.
      *
      * @param group the Group
      * @return the set of Permissions this user has within the Group.
      */
     @Override
     public PermissionSet getPermissions(Group group)
     {
         if (group == null)
         {
             return null;
         }
         return permissionSets.get(group);
     }

     /**
      * Retrieves a set of Permissions an user is assigned in the global Group.
      *
      * @return the set of Permissions this user has within the global Group.
      */
     @Override
     public PermissionSet getPermissions()
     {
         return getPermissions(globalGroup);
     }

     /**
      * Checks if the user is assigned a specific Role in the Group.
      *
      * @param role the Role
      * @param group the Group
      * @return <code>true</code> if the user is assigned the Role in the Group.
      */
     @Override
     public boolean hasRole(Role role, Group group)
     {
         RoleSet set = getRoles(group);
         if (set == null || role == null)
         {
             return false;
         }
         return set.contains(role);
     }

     /**
      * Checks if the user is assigned a specific Role in any of the given
      * Groups
      *
      * @param role the Role
      * @param groupset a Groupset
      * @return <code>true</code> if the user is assigned the Role in any of
      *         the given Groups.
      */
     @Override
     public boolean hasRole(Role role, GroupSet groupset)
     {
         if (role == null)
         {
             return false;
         }

         for (Group group : groupset)
         {
             RoleSet roles = getRoles(group);
             if (roles != null && roles.contains(role))
             {
                 return true;
             }
         }

         return false;
     }

     /**
      * Checks if the user is assigned a specific Role in the Group.
      *
      * @param roleName the Role name
      * @param groupName the Group name
      * @return <code>true</code> if the user is assigned the Role in the Group.
      */
     @Override
     public boolean hasRole(String roleName, String groupName)
     {
         try
         {
         	return hasRole(roleSet.getByName(roleName), groupSet.getByName(groupName));
         }
         catch (Exception e)
         {
             return false;
         }
     }

     /**
      * Checks if the user is assigned a specific Role in any of the given
      * Groups
      *
      * @param rolename the name of the Role
      * @param groupset a Groupset
      * @return <code>true</code> if the user is assigned the Role in any of
      *         the given Groups.
      */
     @Override
     public boolean hasRole(String rolename, GroupSet groupset)
     {
         try
         {
         	return hasRole(roleSet.getByName(rolename), groupset);
         }
         catch (Exception e)
         {
             return false;
         }
     }

     /**
      * Checks if the user is assigned a specific Role in the global Group.
      *
      * @param role the Role
      * @return <code>true</code> if the user is assigned the Role in the global Group.
      */
     @Override
     public boolean hasRole(Role role)
     {
         return hasRole(role, globalGroup);
     }

     /**
      * Checks if the user is assigned a specific Role in the global Group.
      *
      * @param role the Role
      * @return <code>true</code> if the user is assigned the Role in the global Group.
      */
     @Override
     public boolean hasRole(String role)
     {
         try
         {
             return hasRole(roleSet.getByName(role));
         }
         catch (Exception e)
         {
             return false;
         }
     }

     /**
      * Checks if the user is assigned a specific Permission in the Group.
      *
      * @param permission the Permission
      * @param group the Group
      * @return <code>true</code> if the user is assigned the Permission in the Group.
      */
     @Override
     public boolean hasPermission(Permission permission, Group group)
     {
         PermissionSet set = getPermissions(group);
         if (set == null || permission == null)
         {
             return false;
         }
         return set.contains(permission);
     }

     /**
      * Checks if the user is assigned a specific Permission in any of the given
      * Groups
      *
      * @param permission the Permission
      * @param groupset a Groupset
      * @return <code>true</code> if the user is assigned the Permission in any
      *         of the given Groups.
      */
     @Override
     public boolean hasPermission(Permission permission, GroupSet groupset)
     {
         if (permission == null)
         {
             return false;
         }

         for (Group group : groupset)
         {
             PermissionSet permissions = getPermissions(group);
             if (permissions != null && permissions.contains(permission))
             {
                 return true;
             }
         }

         return false;
     }

     /**
      * Checks if the user is assigned a specific Permission in the Group.
      *
      * @param permission the Permission
      * @param group the Group
      * @return <code>true</code> if the user is assigned the Permission in the Group.
      */
     @Override
     public boolean hasPermission(String permission, String group)
     {
         try
         {
             return hasPermission(permissionSet.getByName(permission), groupSet.getByName(group));
         }
         catch (Exception e)
         {
             return false;
         }
     }

     /**
      * Checks if the user is assigned a specific Permission in the Group.
      *
      * @param permission the Permission
      * @param group the Group
      * @return <code>true</code> if the user is assigned the Permission in the Group.
      */
     @Override
     public boolean hasPermission(String permission, Group group)
     {
         try
         {
             return hasPermission(permissionSet.getByName(permission), group);
         }
         catch (Exception e)
         {
             return false;
         }
     }

     /**
      * Checks if the user is assigned a specific Permission in any of the given
      * Groups
      *
      * @param permissionName the name of the Permission
      * @param groupset a Groupset
      * @return <code>true</code> if the user is assigned the Permission in any
      *         of the given Groups.
      */
     @Override
     public boolean hasPermission(String permissionName, GroupSet groupset)
     {
         Permission permission;
         try
         {
             permission = permissionSet.getByName(permissionName);
         }
         catch (Exception e)
         {
             return false;
         }

         if (permission == null)
         {
             return false;
         }

         for (Group group : groupset)
         {
             PermissionSet permissions = getPermissions(group);
             if (permissions != null && permissions.contains(permission))
             {
             	return true;
             }
         }
         return false;
     }

     /**
      * Checks if the user is assigned a specific Permission in the global Group.
      *
      * @param permission the Permission
      * @return <code>true</code> if the user is assigned the Permission in the global Group.
      */
     @Override
     public boolean hasPermission(Permission permission)
     {
         return hasPermission(permission, globalGroup);
     }

     /**
      * Checks if the user is assigned a specific Permission in the global Group.
      *
      * @param permission the Permission
      * @return <code>true</code> if the user is assigned the Permission in the global Group.
      */
     @Override
     public boolean hasPermission(String permission)
     {
         try
         {
             return hasPermission(permissionSet.getByName(permission));
         }
         catch (Exception e)
         {
             return false;
         }
     }

     /**
      * Returns all groups defined in the system.
      *
      * This is useful for debugging, when you want to display all roles
      * and permissions an user is assigned. This method is needed
      * because you can't call static methods of TurbineSecurity class
      * from within WebMacro/Velocity template
      *
      * @return A Group [] of all groups in the system.
      */
     @Override
     public Group[] getAllGroups()
     {
         try
         {
             return (groupManager != null)? groupManager.getAllGroups().toArray(new Group[0])
                     : new Group[0];
         }
         catch (FulcrumSecurityException e)
         {
             return new Group[0];
         }
     }

     @Override
     public GroupSet getGroupSet()
     {
         return groupSet;
     }
 }
	package org.apache.fulcrum.security.model.turbine;

	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/

	import java.util.HashMap;
	import java.util.Map;
	import java.util.Set;

	import org.apache.avalon.framework.logger.Logger;
	import org.apache.fulcrum.security.GroupManager;
	import org.apache.fulcrum.security.RoleManager;
	import org.apache.fulcrum.security.entity.Group;
	import org.apache.fulcrum.security.entity.Permission;
	import org.apache.fulcrum.security.entity.Role;
	import org.apache.fulcrum.security.model.turbine.entity.TurbineRole;
	import org.apache.fulcrum.security.model.turbine.entity.TurbineUserGroupRole;
	import org.apache.fulcrum.security.util.FulcrumSecurityException;
	import org.apache.fulcrum.security.util.GroupSet;
	import org.apache.fulcrum.security.util.PermissionSet;
	import org.apache.fulcrum.security.util.RoleSet;

	/**
	* This is a control class that makes it easy to find out if a
	* particular User has a given Permission. It also determines if a
	* User has a a particular Role.
	*
	* @author <a href="mailto:jmcnally@collab.net">John D. McNally</a>
	* @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
	* @author <a href="mailto:greg@shwoop.com">Greg Ritter</a>
	* @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
	* @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
	* @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a>
	* @version $Id: TurbineAccessControlList.java 1096130 2019-03-25 10:37:19Z painter $
	*/
	@SuppressWarnings("rawtypes")
	public class TurbineAccessControlListImpl
	implements TurbineAccessControlList
	{
	/** Serial version */
	private static final long serialVersionUID = 2678947159949477950L;

	/** The sets of roles that the user has in different groups */
	private Map<Group, RoleSet> roleSets;

	/** The sets of permissions that the user has in different groups */
	private Map<Group, PermissionSet> permissionSets;

	/** The global group */
	private Group globalGroup;

	/** The group manager */
	private GroupManager groupManager;

	/** The distinct list of groups that this user is part of */
	private GroupSet groupSet = new GroupSet();

	/** The distinct list of roles that this user is part of */
	private RoleSet roleSet = new RoleSet();

	/** the distinct list of permissions that this user has */
	private PermissionSet permissionSet = new PermissionSet();

	/** the Avalon logger */
	private transient Logger logger;

	/**
	* Constructs a new AccessControlList.
	*
	* This class follows 'immutable' pattern - it's objects can't be modified
	* once they are created. This means that the permissions the users have are
	* in effect form the moment they log in to the moment they log out, and
	* changes made to the security settings in that time are not reflected
	* in the state of this object. If you need to reset an user's permissions
	* you need to invalidate his session. <br>
	*
	* @param turbineUserGroupRoleSet
	* The set of user/group/role relations that this acl is built from
	* @param groupManager the Group manager
	* @param roleManager the Role manager
	* @param modelManager the model Manager
	* @param logger
	*
	* @throws FulcrumSecurityException if the global group cannot be retrieved
	*/
	public TurbineAccessControlListImpl(
	Set<? extends TurbineUserGroupRole> turbineUserGroupRoleSet,
	GroupManager groupManager, RoleManager roleManager, TurbineModelManager modelManager, Logger logger) throws FulcrumSecurityException
	{
	this.roleSets = new HashMap<Group, RoleSet>();
	this.permissionSets = new HashMap<Group, PermissionSet>();
	this.groupManager = groupManager;

	this.logger = logger;

	for (TurbineUserGroupRole ugr : turbineUserGroupRoleSet)
	{
	Group group = ugr.getGroup();
	// check if group matches
	if (this.logger != null && this.groupManager != null && group.getClass() != this.groupManager.getGroupInstance().getClass()) {
	this.logger.warn( "Turbine group classes do not match, some lookup might fail, check in componentConfiguration.xml. Expected class: " +
	this.groupManager.getGroupInstance().getClass() + ", actual class: " +group.getClass()
	);
	}
	groupSet.add(group);

	Role role = ugr.getRole();
	if (!roleSet.containsId(role.getId()))
	{
	// get fresh reference from role manager to make sure the related
	// permissions are populated
	if (roleManager != null)
	{
	role = roleManager.getRoleById(role.getId());
	}
	roleSet.add(role);
	}
	else
	{
	role = roleSet.getById(role.getId());
	}
	if (roleSets.containsKey(group))
	{
	roleSets.get(group).add(role);
	}
	else
	{
	RoleSet rs = new RoleSet();
	rs.add(role);
	roleSets.put(group, rs);
	}
	// if required, otherwise skip
	if (role instanceof TurbineRole) {
	PermissionSet ps = ((TurbineRole) role).getPermissions();
	permissionSet.add(ps);
	if (permissionSets.containsKey(group))
	{
	permissionSets.get(group).add(ps);
	}
	else
	{
	permissionSets.put(group, ps);
	}
	}
	}
	// this check might be not needed any more, required for custom group
	if (modelManager != null)
	{
	this.globalGroup = modelManager.getGlobalGroup();
	}
	}

	/**
	* Retrieves a set of Roles an user is assigned in a Group.
	*
	* @param group the Group
	* @return the set of Roles this user has within the Group.
	*/
	@Override
	public RoleSet getRoles(Group group)
	{
	if (group == null)
	{
	return null;
	}
	return roleSets.get(group);
	}

	/**
	* Retrieves a set of Roles an user is assigned in the global Group.
	*
	* @return the set of Roles this user has within the global Group or null.
	*/
	@Override
	public RoleSet getRoles()
	{
	return getRoles(globalGroup);
	}

	/**
	* Retrieves a set of Permissions an user is assigned in a Group.
	*
	* @param group the Group
	* @return the set of Permissions this user has within the Group.
	*/
	@Override
	public PermissionSet getPermissions(Group group)
	{
	if (group == null)
	{
	return null;
	}
	return permissionSets.get(group);
	}

	/**
	* Retrieves a set of Permissions an user is assigned in the global Group.
	*
	* @return the set of Permissions this user has within the global Group.
	*/
	@Override
	public PermissionSet getPermissions()
	{
	return getPermissions(globalGroup);
	}

	/**
	* Checks if the user is assigned a specific Role in the Group.
	*
	* @param role the Role
	* @param group the Group
	* @return <code>true</code> if the user is assigned the Role in the Group.
	*/
	@Override
	public boolean hasRole(Role role, Group group)
	{
	RoleSet set = getRoles(group);
	if (set == null \|\| role == null)
	{
	return false;
	}
	return set.contains(role);
	}

	/**
	* Checks if the user is assigned a specific Role in any of the given
	* Groups
	*
	* @param role the Role
	* @param groupset a Groupset
	* @return <code>true</code> if the user is assigned the Role in any of
	* the given Groups.
	*/
	@Override
	public boolean hasRole(Role role, GroupSet groupset)
	{
	if (role == null)
	{
	return false;
	}

	for (Group group : groupset)
	{
	RoleSet roles = getRoles(group);
	if (roles != null && roles.contains(role))
	{
	return true;
	}
	}

	return false;
	}

	/**
	* Checks if the user is assigned a specific Role in the Group.
	*
	* @param roleName the Role name
	* @param groupName the Group name
	* @return <code>true</code> if the user is assigned the Role in the Group.
	*/
	@Override
	public boolean hasRole(String roleName, String groupName)
	{
	try
	{
	return hasRole(roleSet.getByName(roleName), groupSet.getByName(groupName));
	}
	catch (Exception e)
	{
	return false;
	}
	}

	/**
	* Checks if the user is assigned a specific Role in any of the given
	* Groups
	*
	* @param rolename the name of the Role
	* @param groupset a Groupset
	* @return <code>true</code> if the user is assigned the Role in any of
	* the given Groups.
	*/
	@Override
	public boolean hasRole(String rolename, GroupSet groupset)
	{
	try
	{
	return hasRole(roleSet.getByName(rolename), groupset);
	}
	catch (Exception e)
	{
	return false;
	}
	}

	/**
	* Checks if the user is assigned a specific Role in the global Group.
	*
	* @param role the Role
	* @return <code>true</code> if the user is assigned the Role in the global Group.
	*/
	@Override
	public boolean hasRole(Role role)
	{
	return hasRole(role, globalGroup);
	}

	/**
	* Checks if the user is assigned a specific Role in the global Group.
	*
	* @param role the Role
	* @return <code>true</code> if the user is assigned the Role in the global Group.
	*/
	@Override
	public boolean hasRole(String role)
	{
	try
	{
	return hasRole(roleSet.getByName(role));
	}
	catch (Exception e)
	{
	return false;
	}
	}

	/**
	* Checks if the user is assigned a specific Permission in the Group.
	*
	* @param permission the Permission
	* @param group the Group
	* @return <code>true</code> if the user is assigned the Permission in the Group.
	*/
	@Override
	public boolean hasPermission(Permission permission, Group group)
	{
	PermissionSet set = getPermissions(group);
	if (set == null \|\| permission == null)
	{
	return false;
	}
	return set.contains(permission);
	}

	/**
	* Checks if the user is assigned a specific Permission in any of the given
	* Groups
	*
	* @param permission the Permission
	* @param groupset a Groupset
	* @return <code>true</code> if the user is assigned the Permission in any
	* of the given Groups.
	*/
	@Override
	public boolean hasPermission(Permission permission, GroupSet groupset)
	{
	if (permission == null)
	{
	return false;
	}

	for (Group group : groupset)
	{
	PermissionSet permissions = getPermissions(group);
	if (permissions != null && permissions.contains(permission))
	{
	return true;
	}
	}

	return false;
	}

	/**
	* Checks if the user is assigned a specific Permission in the Group.
	*
	* @param permission the Permission
	* @param group the Group
	* @return <code>true</code> if the user is assigned the Permission in the Group.
	*/
	@Override
	public boolean hasPermission(String permission, String group)
	{
	try
	{
	return hasPermission(permissionSet.getByName(permission), groupSet.getByName(group));
	}
	catch (Exception e)
	{
	return false;
	}
	}

	/**
	* Checks if the user is assigned a specific Permission in the Group.
	*
	* @param permission the Permission
	* @param group the Group
	* @return <code>true</code> if the user is assigned the Permission in the Group.
	*/
	@Override
	public boolean hasPermission(String permission, Group group)
	{
	try
	{
	return hasPermission(permissionSet.getByName(permission), group);
	}
	catch (Exception e)
	{
	return false;
	}
	}

	/**
	* Checks if the user is assigned a specific Permission in any of the given
	* Groups
	*
	* @param permissionName the name of the Permission
	* @param groupset a Groupset
	* @return <code>true</code> if the user is assigned the Permission in any
	* of the given Groups.
	*/
	@Override
	public boolean hasPermission(String permissionName, GroupSet groupset)
	{
	Permission permission;
	try
	{
	permission = permissionSet.getByName(permissionName);
	}
	catch (Exception e)
	{
	return false;
	}

	if (permission == null)
	{
	return false;
	}

	for (Group group : groupset)
	{
	PermissionSet permissions = getPermissions(group);
	if (permissions != null && permissions.contains(permission))
	{
	return true;
	}
	}
	return false;
	}

	/**
	* Checks if the user is assigned a specific Permission in the global Group.
	*
	* @param permission the Permission
	* @return <code>true</code> if the user is assigned the Permission in the global Group.
	*/
	@Override
	public boolean hasPermission(Permission permission)
	{
	return hasPermission(permission, globalGroup);
	}

	/**
	* Checks if the user is assigned a specific Permission in the global Group.
	*
	* @param permission the Permission
	* @return <code>true</code> if the user is assigned the Permission in the global Group.
	*/
	@Override
	public boolean hasPermission(String permission)
	{
	try
	{
	return hasPermission(permissionSet.getByName(permission));
	}
	catch (Exception e)
	{
	return false;
	}
	}

	/**
	* Returns all groups defined in the system.
	*
	* This is useful for debugging, when you want to display all roles
	* and permissions an user is assigned. This method is needed
	* because you can't call static methods of TurbineSecurity class
	* from within WebMacro/Velocity template
	*
	* @return A Group [] of all groups in the system.
	*/
	@Override
	public Group[] getAllGroups()
	{
	try
	{
	return (groupManager != null)? groupManager.getAllGroups().toArray(new Group[0])
	: new Group[0];
	}
	catch (FulcrumSecurityException e)
	{
	return new Group[0];
	}
	}

	@Override
	public GroupSet getGroupSet()
	{
	return groupSet;
	}
	}