PageRenderTime 32ms CodeModel.GetById 19ms app.highlight 9ms RepoModel.GetById 1ms app.codeStats 0ms

/hudson-core/src/main/java/hudson/security/SparseACL.java

http://github.com/hudson/hudson
Java | 109 lines | 62 code | 16 blank | 31 comment | 8 complexity | 1c18d664236a4dd3b4aa14b141b5a9c5 MD5 | raw file
  1/*
  2 * The MIT License
  3 * 
  4 * Copyright (c) 2004-2009, Sun Microsystems, Inc., Kohsuke Kawaguchi
  5 * 
  6 * Permission is hereby granted, free of charge, to any person obtaining a copy
  7 * of this software and associated documentation files (the "Software"), to deal
  8 * in the Software without restriction, including without limitation the rights
  9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 10 * copies of the Software, and to permit persons to whom the Software is
 11 * furnished to do so, subject to the following conditions:
 12 * 
 13 * The above copyright notice and this permission notice shall be included in
 14 * all copies or substantial portions of the Software.
 15 * 
 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 22 * THE SOFTWARE.
 23 */
 24package hudson.security;
 25
 26import org.acegisecurity.Authentication;
 27import org.acegisecurity.acls.sid.Sid;
 28
 29import java.util.ArrayList;
 30import java.util.List;
 31import java.util.logging.Logger;
 32import static java.util.logging.Level.FINE;
 33
 34/**
 35 * Accses control list.
 36 *
 37 * @author Kohsuke Kawaguchi
 38 */
 39public class SparseACL extends SidACL {
 40    public static final class Entry {
 41        // Sid has value-equality semantics
 42        //TODO: review and check whether we can do it private
 43        public final Sid sid;
 44        public final Permission permission;
 45        public final boolean allowed;
 46
 47        public Entry(Sid sid, Permission permission, boolean allowed) {
 48            this.sid = sid;
 49            this.permission = permission;
 50            this.allowed = allowed;
 51        }
 52
 53        public Sid getSid() {
 54            return sid;
 55        }
 56
 57        public Permission getPermission() {
 58            return permission;
 59        }
 60
 61        public boolean isAllowed() {
 62            return allowed;
 63        }
 64    }
 65
 66    private final List<Entry> entries = new ArrayList<Entry>();
 67    private ACL parent;
 68
 69    public SparseACL(ACL parent) {
 70        this.parent = parent;
 71    }
 72
 73    public void add(Entry e) {
 74        entries.add(e);
 75    }
 76
 77    public void add(Sid sid, Permission permission, boolean allowed) {
 78        add(new Entry(sid,permission,allowed));
 79    }
 80
 81    @Override
 82    public boolean hasPermission(Authentication a, Permission permission) {
 83        if(a==SYSTEM)   return true;
 84        Boolean b = _hasPermission(a,permission);
 85        if(b!=null) return b;
 86
 87        if(parent!=null) {
 88            if(LOGGER.isLoggable(FINE))
 89                LOGGER.fine("hasPermission("+a+","+permission+") is delegating to parent ACL: "+parent);
 90            return parent.hasPermission(a,permission);
 91        }
 92
 93        // the ultimate default is to reject everything
 94        return false;
 95    }
 96
 97    @Override
 98    protected Boolean hasPermission(Sid p, Permission permission) {
 99        for( ; permission!=null; permission=permission.impliedBy ) {
100            for (Entry e : entries) {
101                if(e.permission==permission && e.sid.equals(p))
102                    return e.allowed;
103            }
104        }
105        return null;
106    }
107
108    private static final Logger LOGGER = Logger.getLogger(SparseACL.class.getName());
109}