/hudson-core/src/main/java/hudson/security/SparseACL.java

http://github.com/hudson/hudson · Java · 109 lines · 62 code · 16 blank · 31 comment · 8 complexity · 1c18d664236a4dd3b4aa14b141b5a9c5 MD5 · raw file

  1. /*
  2. * The MIT License
  3. *
  4. * Copyright (c) 2004-2009, Sun Microsystems, Inc., Kohsuke Kawaguchi
  5. *
  6. * Permission is hereby granted, free of charge, to any person obtaining a copy
  7. * of this software and associated documentation files (the "Software"), to deal
  8. * in the Software without restriction, including without limitation the rights
  9. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  10. * copies of the Software, and to permit persons to whom the Software is
  11. * furnished to do so, subject to the following conditions:
  12. *
  13. * The above copyright notice and this permission notice shall be included in
  14. * all copies or substantial portions of the Software.
  15. *
  16. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  17. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  18. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  19. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  20. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  21. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  22. * THE SOFTWARE.
  23. */
  24. package hudson.security;
  25. import org.acegisecurity.Authentication;
  26. import org.acegisecurity.acls.sid.Sid;
  27. import java.util.ArrayList;
  28. import java.util.List;
  29. import java.util.logging.Logger;
  30. import static java.util.logging.Level.FINE;
  31. /**
  32. * Accses control list.
  33. *
  34. * @author Kohsuke Kawaguchi
  35. */
  36. public class SparseACL extends SidACL {
  37. public static final class Entry {
  38. // Sid has value-equality semantics
  39. //TODO: review and check whether we can do it private
  40. public final Sid sid;
  41. public final Permission permission;
  42. public final boolean allowed;
  43. public Entry(Sid sid, Permission permission, boolean allowed) {
  44. this.sid = sid;
  45. this.permission = permission;
  46. this.allowed = allowed;
  47. }
  48. public Sid getSid() {
  49. return sid;
  50. }
  51. public Permission getPermission() {
  52. return permission;
  53. }
  54. public boolean isAllowed() {
  55. return allowed;
  56. }
  57. }
  58. private final List<Entry> entries = new ArrayList<Entry>();
  59. private ACL parent;
  60. public SparseACL(ACL parent) {
  61. this.parent = parent;
  62. }
  63. public void add(Entry e) {
  64. entries.add(e);
  65. }
  66. public void add(Sid sid, Permission permission, boolean allowed) {
  67. add(new Entry(sid,permission,allowed));
  68. }
  69. @Override
  70. public boolean hasPermission(Authentication a, Permission permission) {
  71. if(a==SYSTEM) return true;
  72. Boolean b = _hasPermission(a,permission);
  73. if(b!=null) return b;
  74. if(parent!=null) {
  75. if(LOGGER.isLoggable(FINE))
  76. LOGGER.fine("hasPermission("+a+","+permission+") is delegating to parent ACL: "+parent);
  77. return parent.hasPermission(a,permission);
  78. }
  79. // the ultimate default is to reject everything
  80. return false;
  81. }
  82. @Override
  83. protected Boolean hasPermission(Sid p, Permission permission) {
  84. for( ; permission!=null; permission=permission.impliedBy ) {
  85. for (Entry e : entries) {
  86. if(e.permission==permission && e.sid.equals(p))
  87. return e.allowed;
  88. }
  89. }
  90. return null;
  91. }
  92. private static final Logger LOGGER = Logger.getLogger(SparseACL.class.getName());
  93. }