View Javadoc

1   package net.sourceforge.blogentis.turbine;
2   
3   //-----------------------------------------------------------------------
4   //Blogentis - a blog publishing platform.
5   //Copyright (C) 2004 Tassos Bassoukos <abassouk@gmail.com>
6   //
7   //This library is free software; you can redistribute it and/or
8   //modify it under the terms of the GNU Lesser General Public
9   //License as published by the Free Software Foundation; either
10  //version 2.1 of the License, or (at your option) any later version.
11  //
12  //This library is distributed in the hope that it will be useful,
13  //but WITHOUT ANY WARRANTY; without even the implied warranty of
14  //MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15  //Lesser General Public License for more details.
16  //
17  //You should have received a copy of the GNU Lesser General Public
18  //License along with this library; if not, write to the Free Software
19  //Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20  //-----------------------------------------------------------------------
21  //
22  //$Id: SecureBlogAction.java,v 1.1 2004/10/22 17:34:14 tassos Exp $
23  //
24  
25  import net.sourceforge.blogentis.om.Blog;
26  
27  import org.apache.turbine.modules.actions.VelocitySecureAction;
28  import org.apache.turbine.util.RunData;
29  import org.apache.turbine.util.security.AccessControlList;
30  
31  /***
32   * @author abas
33   */
34  public abstract class SecureBlogAction extends VelocitySecureAction {
35      /***
36       * Get the array of permissions this actions needs. The logged-in user
37       * must have at least one of them to be allowed access to this screen.
38       * 
39       * @return the array of permissions.
40       */
41      protected abstract String[] getPermissions();
42      
43      protected final boolean isAuthorized(RunData data) {
44          if (!data.getUser().hasLoggedIn())
45              return false;
46          BlogParameterParser pp = (BlogParameterParser)data.getParameters();
47          Blog blog = pp.getBlog();
48          if (blog == null)
49              return false;
50          AccessControlList acl = data.getACL();
51          if (acl == null)
52              return false;
53          String[] permissions = getPermissions();
54          for(int i = 0; i < permissions.length; i++)
55              if (acl.hasPermission(permissions[i], blog.getName()))
56                  return true;
57          return false;
58      }
59  }