/hudson-core/src/main/java/hudson/security/SparseACL.java
Java | 109 lines | 62 code | 16 blank | 31 comment | 8 complexity | 1c18d664236a4dd3b4aa14b141b5a9c5 MD5 | raw file
1/* 2 * The MIT License 3 * 4 * Copyright (c) 2004-2009, Sun Microsystems, Inc., Kohsuke Kawaguchi 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24package hudson.security; 25 26import org.acegisecurity.Authentication; 27import org.acegisecurity.acls.sid.Sid; 28 29import java.util.ArrayList; 30import java.util.List; 31import java.util.logging.Logger; 32import static java.util.logging.Level.FINE; 33 34/** 35 * Accses control list. 36 * 37 * @author Kohsuke Kawaguchi 38 */ 39public class SparseACL extends SidACL { 40 public static final class Entry { 41 // Sid has value-equality semantics 42 //TODO: review and check whether we can do it private 43 public final Sid sid; 44 public final Permission permission; 45 public final boolean allowed; 46 47 public Entry(Sid sid, Permission permission, boolean allowed) { 48 this.sid = sid; 49 this.permission = permission; 50 this.allowed = allowed; 51 } 52 53 public Sid getSid() { 54 return sid; 55 } 56 57 public Permission getPermission() { 58 return permission; 59 } 60 61 public boolean isAllowed() { 62 return allowed; 63 } 64 } 65 66 private final List<Entry> entries = new ArrayList<Entry>(); 67 private ACL parent; 68 69 public SparseACL(ACL parent) { 70 this.parent = parent; 71 } 72 73 public void add(Entry e) { 74 entries.add(e); 75 } 76 77 public void add(Sid sid, Permission permission, boolean allowed) { 78 add(new Entry(sid,permission,allowed)); 79 } 80 81 @Override 82 public boolean hasPermission(Authentication a, Permission permission) { 83 if(a==SYSTEM) return true; 84 Boolean b = _hasPermission(a,permission); 85 if(b!=null) return b; 86 87 if(parent!=null) { 88 if(LOGGER.isLoggable(FINE)) 89 LOGGER.fine("hasPermission("+a+","+permission+") is delegating to parent ACL: "+parent); 90 return parent.hasPermission(a,permission); 91 } 92 93 // the ultimate default is to reject everything 94 return false; 95 } 96 97 @Override 98 protected Boolean hasPermission(Sid p, Permission permission) { 99 for( ; permission!=null; permission=permission.impliedBy ) { 100 for (Entry e : entries) { 101 if(e.permission==permission && e.sid.equals(p)) 102 return e.allowed; 103 } 104 } 105 return null; 106 } 107 108 private static final Logger LOGGER = Logger.getLogger(SparseACL.class.getName()); 109}