SecureBlogScreen xref

View Javadoc

1   package net.sourceforge.blogentis.turbine;
2   
3   //-----------------------------------------------------------------------
4   //Blogentis - a blog publishing platform.
5   //Copyright (C) 2004 Tassos Bassoukos <abassouk@gmail.com>
6   //
7   //This library is free software; you can redistribute it and/or
8   //modify it under the terms of the GNU Lesser General Public
9   //License as published by the Free Software Foundation; either
10  //version 2.1 of the License, or (at your option) any later version.
11  //
12  //This library is distributed in the hope that it will be useful,
13  //but WITHOUT ANY WARRANTY; without even the implied warranty of
14  //MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15  //Lesser General Public License for more details.
16  //
17  //You should have received a copy of the GNU Lesser General Public
18  //License along with this library; if not, write to the Free Software
19  //Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20  //-----------------------------------------------------------------------
21  //
22  //$Id: SecureBlogScreen.java,v 1.1 2004/10/22 17:34:14 tassos Exp $
23  //
24  
25  import net.sourceforge.blogentis.om.Blog;
26  
27  import org.apache.turbine.util.RunData;
28  import org.apache.turbine.util.security.AccessControlList;
29  import org.apache.velocity.context.Context;
30  
31  /***
32   * Base Screen that requires a particulare permission to be held by the user.
33   * 
34   * @author abas
35   */
36  public abstract class SecureBlogScreen
37          extends BaseBlogScreen {
38      /***
39       * Get the array of permissions this screen supports. The logged-in user
40       * must have at least one of them to be allowed access to this screen.
41       * 
42       * @return the array of permissions.
43       */
44      protected abstract String[] getPermissions();
45  
46      protected final boolean isAuthorized(RunData data, Context context) {
47          if (!data.getUser().hasLoggedIn())
48              return false;
49          BlogParameterParser pp = (BlogParameterParser)data.getParameters();
50          Blog blog = pp.getBlog();
51          if (blog == null)
52              return false;
53          AccessControlList acl = data.getACL();
54          if (acl == null)
55              return false;
56          String[] permissions = getPermissions();
57          for(int i = 0; i < permissions.length; i++)
58              if (acl.hasPermission(permissions[i], blog.getName()))
59                  return true;
60          return false;
61      }
62  }