001    /*
002     * CDDL HEADER START
003     *
004     * The contents of this file are subject to the terms of the
005     * Common Development and Distribution License, Version 1.0 only
006     * (the "License").  You may not use this file except in compliance
007     * with the License.
008     *
009     * You can obtain a copy of the license at
010     * trunk/opends/resource/legal-notices/OpenDS.LICENSE
011     * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
012     * See the License for the specific language governing permissions
013     * and limitations under the License.
014     *
015     * When distributing Covered Code, include this CDDL HEADER in each
016     * file and include the License file at
017     * trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
018     * add the following below this CDDL HEADER, with the fields enclosed
019     * by brackets "[]" replaced with your own identifying information:
020     *      Portions Copyright [yyyy] [name of copyright owner]
021     *
022     * CDDL HEADER END
023     *
024     *
025     *      Copyright 2008 Sun Microsystems, Inc.
026     */
027    
028    package org.opends.server.authorization.dseecompat;
029    import org.opends.messages.Message;
030    
031    import static org.opends.messages.AccessControlMessages.*;
032    import static org.opends.server.authorization.dseecompat.Aci.*;
033    import java.util.regex.Pattern;
034    
035    /**
036     * A class representing the permissions of an bind rule. The permissions
037     * of an ACI look like deny(search, write).
038     */
039    public class Permission {
040    
041        /*
042         *  The access type (allow,deny) corresponding to the ACI permission value.
043         */
044        private EnumAccessType accessType = null;
045    
046        /*
047         * The rights (search, add, delete, ...) corresponding to the ACI rights
048         * value.
049         */
050        private int rights;
051    
052        /*
053         * Regular expression token representing the separator.
054         */
055        private static final String separatorToken = ",";
056    
057        /*
058         * Regular expression used to match the ACI rights string.
059         */
060        private static final String rightsRegex = ZERO_OR_MORE_WHITESPACE +
061                WORD_GROUP + ZERO_OR_MORE_WHITESPACE +
062                "(," + ZERO_OR_MORE_WHITESPACE + WORD_GROUP +
063                ZERO_OR_MORE_WHITESPACE +  ")*";
064    
065        /**
066         * Constructor creating a class representing a permission part of an bind
067         * rule.
068         * @param accessType A string representing access type.
069         * @param rights  A string representing the rights.
070         * @throws AciException If the access type string or rights string
071         * is invalid.
072         */
073        private Permission(String accessType, String rights)
074        throws AciException {
075            if ((this.accessType =
076                EnumAccessType.decode(accessType)) == null){
077                Message message =
078                    WARN_ACI_SYNTAX_INVALID_ACCESS_TYPE_VERSION.get(accessType);
079                throw new AciException(message);
080            }
081            if (!Pattern.matches(rightsRegex, rights)){
082                Message message = WARN_ACI_SYNTAX_INVALID_RIGHTS_SYNTAX.get(rights);
083                throw new AciException(message);
084            }
085            else {
086                Pattern separatorPattern = Pattern.compile(separatorToken);
087                String[] rightsStr =
088                    separatorPattern.split(rights.replaceAll("\\s", ""));
089                for (String r : rightsStr) {
090                    EnumRight right = EnumRight.decode(r);
091                    if (right != null)
092                        this.rights|= EnumRight.getMask(right);
093                    else {
094                        Message message =
095                            WARN_ACI_SYNTAX_INVALID_RIGHTS_KEYWORD.get(rights);
096                        throw new AciException(message);
097                    }
098                }
099            }
100        }
101    
102        /**
103         * Decode an string representation of bind rule permission into a Permission
104         * class.
105         * @param accessType  A string representing the access type.
106         * @param rights   A string representing the rights.
107         * @return  A Permission class representing the permissions of the bind
108         * rule.
109         * @throws AciException  If the accesstype or rights strings are invalid.
110         */
111        public static
112        Permission decode (String accessType, String rights)
113        throws AciException {
114            return new Permission(accessType, rights);
115        }
116    
117        /**
118         * Checks if a given access type enumeration is equal to this classes
119         * access type.
120         * @param accessType An enumeration representing an access type.
121         * @return True if the access types are equal.
122         */
123        public boolean hasAccessType(EnumAccessType accessType) {
124            return this.accessType == accessType;
125        }
126    
127        /**
128         * Checks if the permission's rights has the specified rights.
129         * @param  rights The rights to check for.
130         * @return True if the permission's rights has the specified rights.
131         */
132        public boolean hasRights(int rights) {
133            return (this.rights & rights) != 0;
134        }
135    }