Introduce Argeo 2 security model-

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / auth / ImpliedByPrincipal.java

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/auth/ImpliedByPrincipal.java b/org.argeo.cms/src/org/argeo/cms/internal/auth/ImpliedByPrincipal.java
new file mode 100644 (file)
index 0000000..417ea69
--- /dev/null
+++ b/org.argeo.cms/src/org/argeo/cms/internal/auth/ImpliedByPrincipal.java
@@ -0,0 +1,90 @@
+package org.argeo.cms.internal.auth;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.naming.InvalidNameException;
+import javax.naming.ldap.LdapName;
+
+import org.argeo.cms.CmsException;
+import org.osgi.service.useradmin.Authorization;
+
+/**
+ * A {@link Principal} which has been implied by an {@link Authorization}. If it
+ * is empty it meeans this is an additional identity, otherwise it lists the
+ * users (typically the logged in user but possibly empty
+ * {@link ImpliedByPrincipal}s) which have implied it. When an additional
+ * identityx is removed, the related {@link ImpliedByPrincipal}s can thus be
+ * removed.
+ */
+public final class ImpliedByPrincipal implements Group {
+       private final LdapName name;
+       private Set<Principal> causes = new HashSet<Principal>();
+
+       public ImpliedByPrincipal(String name, Principal userPrincipal) {
+               try {
+                       this.name = new LdapName(name);
+               } catch (InvalidNameException e) {
+                       throw new CmsException("Badly formatted role name", e);
+               }
+               if (userPrincipal != null)
+                       causes.add(userPrincipal);
+       }
+
+       public ImpliedByPrincipal(LdapName name, Principal userPrincipal) {
+               this.name = name;
+               if (userPrincipal != null)
+                       causes.add(userPrincipal);
+       }
+
+       @Override
+       public String getName() {
+               return name.toString();
+       }
+
+       @Override
+       public boolean addMember(Principal user) {
+               throw new UnsupportedOperationException();
+       }
+
+       @Override
+       public boolean removeMember(Principal user) {
+               throw new UnsupportedOperationException();
+       }
+
+       @Override
+       public boolean isMember(Principal member) {
+               return causes.contains(member);
+       }
+
+       @Override
+       public Enumeration<? extends Principal> members() {
+               return Collections.enumeration(causes);
+       }
+
+       @Override
+       public int hashCode() {
+               return name.hashCode();
+       }
+
+       @Override
+       public boolean equals(Object obj) {
+               // if (this == obj)
+               // return true;
+               if (obj instanceof ImpliedByPrincipal) {
+                       ImpliedByPrincipal that = (ImpliedByPrincipal) obj;
+                       // TODO check members too?
+                       return name.equals(that.name);
+               }
+               return false;
+       }
+
+       @Override
+       public String toString() {
+               return name.toString() + ", implied by " + causes;
+       }
+}