/*
|
* CDDL HEADER START
|
*
|
* The contents of this file are subject to the terms of the
|
* Common Development and Distribution License, Version 1.0 only
|
* (the "License"). You may not use this file except in compliance
|
* with the License.
|
*
|
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
|
* or http://forgerock.org/license/CDDLv1.0.html.
|
* See the License for the specific language governing permissions
|
* and limitations under the License.
|
*
|
* When distributing Covered Code, include this CDDL HEADER in each
|
* file and include the License file at legal-notices/CDDLv1_0.txt.
|
* If applicable, add the following below this CDDL HEADER, with the
|
* fields enclosed by brackets "[]" replaced with your own identifying
|
* information:
|
* Portions Copyright [yyyy] [name of copyright owner]
|
*
|
* CDDL HEADER END
|
*
|
*
|
* Copyright 2008 Sun Microsystems, Inc.
|
* Portions Copyright 2013-2015 ForgeRock AS
|
*/
|
package org.opends.server.authorization.dseecompat;
|
|
import static org.opends.messages.AccessControlMessages.*;
|
import static org.opends.server.authorization.dseecompat.Aci.*;
|
|
import java.util.Iterator;
|
import java.util.Set;
|
import java.util.regex.Pattern;
|
|
import org.forgerock.i18n.LocalizableMessage;
|
|
/**
|
* A class representing the permissions of an bind rule. The permissions
|
* of an ACI look like deny(search, write).
|
*/
|
public class Permission {
|
|
/**
|
* The access type (allow,deny) corresponding to the ACI permission value.
|
*/
|
private EnumAccessType accessType;
|
|
/**
|
* The rights (search, add, delete, ...) corresponding to the ACI rights
|
* value.
|
*/
|
private int rights;
|
|
/**
|
* Regular expression token representing the separator.
|
*/
|
private static final String separatorToken = ",";
|
|
/**
|
* Regular expression used to match the ACI rights string.
|
*/
|
private static final String rightsRegex = ZERO_OR_MORE_WHITESPACE +
|
WORD_GROUP + ZERO_OR_MORE_WHITESPACE +
|
"(," + ZERO_OR_MORE_WHITESPACE + WORD_GROUP +
|
ZERO_OR_MORE_WHITESPACE + ")*";
|
|
/**
|
* Constructor creating a class representing a permission part of an bind
|
* rule.
|
* @param accessType A string representing access type.
|
* @param rights A string representing the rights.
|
* @throws AciException If the access type string or rights string
|
* is invalid.
|
*/
|
private Permission(String accessType, String rights)
|
throws AciException {
|
this.accessType = EnumAccessType.decode(accessType);
|
if (this.accessType == null){
|
LocalizableMessage message =
|
WARN_ACI_SYNTAX_INVALID_ACCESS_TYPE_VERSION.get(accessType);
|
throw new AciException(message);
|
}
|
if (!Pattern.matches(rightsRegex, rights)){
|
LocalizableMessage message = WARN_ACI_SYNTAX_INVALID_RIGHTS_SYNTAX.get(rights);
|
throw new AciException(message);
|
}
|
else {
|
Pattern separatorPattern = Pattern.compile(separatorToken);
|
String[] rightsStr =
|
separatorPattern.split(rights.replaceAll("\\s", ""));
|
for (String r : rightsStr) {
|
EnumRight right = EnumRight.decode(r);
|
if (right != null)
|
this.rights|= EnumRight.getMask(right);
|
else {
|
LocalizableMessage message =
|
WARN_ACI_SYNTAX_INVALID_RIGHTS_KEYWORD.get(rights);
|
throw new AciException(message);
|
}
|
}
|
}
|
}
|
|
/**
|
* Decode an string representation of bind rule permission into a Permission
|
* class.
|
* @param accessType A string representing the access type.
|
* @param rights A string representing the rights.
|
* @return A Permission class representing the permissions of the bind
|
* rule.
|
* @throws AciException If the accesstype or rights strings are invalid.
|
*/
|
public static Permission decode (String accessType, String rights)
|
throws AciException {
|
return new Permission(accessType, rights);
|
}
|
|
/**
|
* Checks if a given access type enumeration is equal to this classes
|
* access type.
|
* @param accessType An enumeration representing an access type.
|
* @return True if the access types are equal.
|
*/
|
public boolean hasAccessType(EnumAccessType accessType) {
|
return this.accessType == accessType;
|
}
|
|
/**
|
* Checks if the permission's rights has the specified rights.
|
* @param rights The rights to check for.
|
* @return True if the permission's rights has the specified rights.
|
*/
|
public boolean hasRights(int rights) {
|
return (this.rights & rights) != 0;
|
}
|
|
/** {@inheritDoc} */
|
@Override
|
public String toString() {
|
final StringBuilder sb = new StringBuilder();
|
toString(sb);
|
return sb.toString();
|
}
|
|
/**
|
* Appends a string representation of this object to the provided buffer.
|
*
|
* @param buffer
|
* The buffer into which a string representation of this object
|
* should be appended.
|
*/
|
public final void toString(StringBuilder buffer) {
|
if (this.accessType != null) {
|
buffer.append(accessType.toString().toLowerCase());
|
Set<EnumRight> enumRights = EnumRight.getEnumRight(rights);
|
if (enumRights != null) {
|
buffer.append("(");
|
for (Iterator<EnumRight> iter = enumRights.iterator(); iter
|
.hasNext();) {
|
buffer.append(iter.next().getRight());
|
if (iter.hasNext()) {
|
buffer.append(",");
|
}
|
}
|
buffer.append(")");
|
} else {
|
buffer.append("(all)");
|
}
|
}
|
}
|
}
|
