Source Code of org.beangle.webapp.security.action.SecurityActionSupport

/* Copyright c 2005-2012.
 * Licensed under GNU  LESSER General Public License, Version 3.
 * http://www.gnu.org/licenses
 */
package org.beangle.webapp.security.action;

import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;

import org.apache.struts2.ServletActionContext;
import org.apache.struts2.interceptor.NoParameters;
import org.beangle.commons.collection.CollectUtils;
import org.beangle.model.query.builder.OqlBuilder;
import org.beangle.security.AuthorizationException;
import org.beangle.security.blueprint.Resource;
import org.beangle.security.blueprint.User;
import org.beangle.security.blueprint.restrict.RestrictField;
import org.beangle.security.blueprint.restrict.Restriction;
import org.beangle.security.blueprint.restrict.service.RestrictionService;
import org.beangle.security.blueprint.service.AuthorityService;
import org.beangle.security.blueprint.service.UserToken;
import org.beangle.security.core.Authentication;
import org.beangle.security.core.AuthenticationException;
import org.beangle.security.core.context.SecurityContextHolder;
import org.beangle.security.web.access.DefaultResourceExtractor;
import org.beangle.struts2.action.EntityDrivenAction;

import com.opensymphony.xwork2.ActionContext;

public abstract class SecurityActionSupport extends EntityDrivenAction implements NoParameters {

  protected AuthorityService authorityService;

  protected RestrictionService restrictionService;

  // FIXME new DefaultResourceExtractor
  protected Resource getResource() {
    return authorityService.getResource(new DefaultResourceExtractor()
        .extract(ServletActionContext.getRequest()));
  }

  protected boolean isAdmin(User user) {
    return authorityService.getUserService().isAdmin(user);
  }

  protected List<Restriction> getRestrictions() {
    final Map<String, Object> session = ActionContext.getContext().getSession();
    @SuppressWarnings("unchecked")
    Map<Long, List<Restriction>> restrictionMap = (Map<Long, List<Restriction>>) session
        .get("security.restriction");
    if (null == restrictionMap) {
      restrictionMap = CollectUtils.newHashMap();
      session.put("security.restriction", restrictionMap);
    }
    Resource resource = getResource();
    if (resource.getObjects().isEmpty()) { return Collections.emptyList(); }
    List<Restriction> realms = restrictionMap.get(resource.getId());
    User user = getUser();
    if (null == realms) {
      realms = restrictionService.getRestrictions(user, resource);
      restrictionMap.put(resource.getId(), realms);
    }
    // 没有权限就报错
    if (realms.isEmpty()) { throw new AuthorizationException(SecurityContextHolder.getContext()
        .getAuthentication(), resource.getName()); }
    return realms;
  }

  protected List<Object> getRestricitonValues(String name) {
    List<Restriction> restrictions = getRestrictions();
    Set<Object> values = CollectUtils.newHashSet();
    boolean gotIt = false;
    for (Restriction restiction : restrictions) {
      RestrictField param = restiction.getPattern().getObject().getField(name);
      if (null != param) {
        String value = restiction.getItem(param);
        if (null != value) {
          gotIt = true;
          values.addAll(restrictionService.select(restrictionService.getValues(param),
              restiction, param));
        }
      }
    }
    if (!gotIt) {
      List<RestrictField> params = entityDao.get(RestrictField.class, "name", name);
      if (params.isEmpty()) { throw new RuntimeException("bad pattern parameter named :"
          + name); }
      RestrictField param = (RestrictField) params.get(0);
      return restrictionService.getValues(param);
    } else {
      return CollectUtils.newArrayList(values);
    }
  }

  protected void applyRestriction(OqlBuilder<?> query) {
    //Resource resource = getResource();
    restrictionService.apply(query, getRestrictions());
  }

  protected UserToken getAuthentication() {
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    if (null == auth) throw new AuthenticationException();
    UserToken user = (UserToken) auth.getPrincipal();
    if (null == user.getId()) throw new AuthenticationException();
    return user;
  }

  protected Long getUserId() {
    return getAuthentication().getId();
  }

  protected String getUsername() {
    return getAuthentication().getUsername();
  }

  protected String getFullName() {
    return getAuthentication().getFullname();
  }

  protected User getUser() {
    return (User) entityDao.get(User.class, getUserId());
  }

  protected Long getUserCategoryId() {
    return getAuthentication().getCategory().getId();
  }

  public void setAuthorityService(AuthorityService authorityService) {
    this.authorityService = authorityService;
  }

  public void setRestrictionService(RestrictionService restrictionService) {
    this.restrictionService = restrictionService;
  }
}