/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License, Version 1.0 only * (the "License"). You may not use this file except in compliance * with the License. * * You can obtain a copy of the license at * trunk/opends/resource/legal-notices/OpenDS.LICENSE * or https://OpenDS.dev.java.net/OpenDS.LICENSE. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable, * add the following below this CDDL HEADER, with the fields enclosed * by brackets "[]" replaced with your own identifying information: * Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END * * * Portions Copyright 2007 Sun Microsystems, Inc. */ package org.opends.server.authorization.dseecompat; import static org.opends.server.messages.MessageHandler.getMessage; import static org.opends.server.authorization.dseecompat.AciMessages.*; import java.util.regex.Pattern; /** * A class representing the permissions of an bind rule. The permissions * of an ACI look like deny(search, write). */ public class Permission { //the access type (allow,deny) private EnumAccessType accessType = null; private int rights; private static final String separatorToken = ","; private static final String rightsRegex = "\\s*(\\w+)\\s*(,\\s*(\\w+)\\s*)*"; /** * Constructor creating a class representing a permission part of an bind * rule. * @param accessType A string representing access type. * @param rights A string representing the rights. * @throws AciException If the access type string or rights string * is invalid. */ private Permission(String accessType, String rights) throws AciException { if ((this.accessType = EnumAccessType.decode(accessType)) == null){ int msgID = MSGID_ACI_SYNTAX_INVALID_ACCESS_TYPE_VERSION; String message = getMessage(msgID, accessType); throw new AciException(msgID, message); } if (!Pattern.matches(rightsRegex, rights)){ int msgID = MSGID_ACI_SYNTAX_INVALID_RIGHTS_SYNTAX; String message = getMessage(msgID, rights); throw new AciException(msgID, message); } else { Pattern separatorPattern = Pattern.compile(separatorToken); String[] rightsStr = separatorPattern.split(rights.replaceAll("\\s", "")); for (String r : rightsStr) { EnumRight right = EnumRight.decode(r); if (right != null) this.rights|= EnumRight.getMask(right); else { int msgID = MSGID_ACI_SYNTAX_INVALID_RIGHTS_KEYWORD; String message = getMessage(msgID, rights); throw new AciException(msgID, message); } } } } /** * Decode an string representation of bind rule permission into a Permission * class. * @param accessType A string representing the access type. * @param rights A string representing the rights. * @return A Permission class representing the permissions of the bind * rule. * @throws AciException If the accesstype or rights strings are invalid. */ public static Permission decode (String accessType, String rights) throws AciException { return new Permission(accessType, rights); } /** * Checks if a given access type enumeration is equal to this classes * access type. * @param accessType An enumeration representing an access type. * @return True if the access types are equal. */ public boolean hasAccessType(EnumAccessType accessType) { return this.accessType == accessType; } /** * Checks if the permission's rights has the specified rights. * @param rights The rights to check for. * @return True if the permission's rights has the specified rights. */ public boolean hasRights(int rights) { return (this.rights & rights) != 0; } }