1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package org.caleigo.core;
19
20 /*** <Description for DataAccessManager>
21 *
22 * @author Dennis Zikovic
23 * @version 1.00
24 *
25 *//*
26 *
27 * WHEN WHO WHY & WHAT
28 * -----------------------------------------------------------------------------
29 * 2002-09-24 Dennis Zikovic Creation
30 */
31 public abstract class DataAccessManager
32 {
33
34 public static final int NONE = 0;
35 public static final int READ = 1;
36 public static final int WRITE = 2;
37 public static final int CONTENT_BASED = 3;
38
39
40 private static final InheritableThreadLocal sActiveAccessManger;
41 private static DataAccessManager sDefaultAccessManger;
42
43
44
45 static
46 {
47 sDefaultAccessManger = new ConstantDataAccessManager(NONE);
48 sActiveAccessManger = new InheritableThreadLocal();
49
50 }
51
52 /*** Returns the currently active DataAccessManager. Note that different
53 * managers based on the calling thread.
54 */
55 public static DataAccessManager getManager()
56 {
57 if(sActiveAccessManger.get()!=null)
58 return ((AccessManagerHolder)sActiveAccessManger.get()).manager;
59 else
60 return sDefaultAccessManger;
61 }
62
63 /*** Sets the default DataAccessManager object that will be used as the
64 * access manager for all threads that has not had another manager
65 * explicitly set. <p>
66 * The manager will also be inherited by future threads created in
67 * the calling thread or any of its unmodified child threads.<p>
68 */
69 public static void setDefaultManager(DataAccessManager newManager)
70 {
71 if(sDefaultAccessManger!=null && !sDefaultAccessManger.acceptsReplacement(newManager))
72 throw new SecurityException("Current default DataAccessManager does not accept replacement by "+newManager);
73 sDefaultAccessManger = newManager;
74 }
75
76 /*** Sets the active DataAccessManager object that defines the current user's
77 * data access rights in the system. This is done for the current thread
78 * and all the threads child threads that have not defined their own
79 * DataAccessManager. <p>
80 * The manager will also be inherited by future threads
81 * created in the calling thread or any of its unmodified child threads.
82 */
83 public static void setManagerReqursively(DataAccessManager newManager)
84 {
85 if(!getManager().acceptsReplacement(newManager))
86 throw new SecurityException("Current DataAccessManager does not accept replacement by "+newManager);
87 ((AccessManagerHolder)sActiveAccessManger.get()).manager = newManager;
88 }
89
90 /*** Sets the active DataAccessManager object that defines the current user's
91 * data access rights in the system. This is done for the current thread
92 * ONLY and future changes to the manager in any parent threads will no
93 * longer affect the thhread that call this method. <p>
94 * The manager will also be inherited by future threads created in
95 * the calling thread or any of its unmodified child threads.<p>
96 */
97 public static void setManager(DataAccessManager newManager)
98 {
99 if(!getManager().acceptsReplacement(newManager))
100 throw new SecurityException("Current DataAccessManager does not accept replacement by "+newManager);
101 sActiveAccessManger.set(new AccessManagerHolder(newManager));
102 }
103
104
105
106 /*** Returns the access level for the provided IDataSourceDescriptor defined
107 * as NONE, READ, WRITE or CONTENT_BASED. If the access is not content
108 * based no further check with hasReadAccess or hasWriteAccess is
109 * necessary wich can save alot of performance.
110 */
111 public abstract int getAccessLevel(IDataSourceDescriptor dataSourceDescriptor);
112
113 /*** Returns the access level for the provided IEntityDescriptor defined
114 * as NONE, READ, WRITE or CONTENT_BASED. If the access is not content
115 * based no further check with hasReadAccess or hasWriteAccess is
116 * necessary wich can save alot of performance.
117 */
118 public abstract int getAccessLevel(IEntityDescriptor entityDescriptor);
119
120 /*** Returns the access level for the provided IFieldDescriptor defined
121 * as NONE, READ, WRITE or CONTENT_BASED. If the access is not content
122 * based no further check with hasReadAccess or hasWriteAccess is
123 * necessary wich can save alot of performance.
124 */
125 public abstract int getAccessLevel(IFieldDescriptor fieldDescriptor);
126
127 /*** Returns the access level for the provided IEntityAction defined
128 * as NONE, READ, WRITE or CONTENT_BASED. If the access is not content
129 * based no further check with hasReadAccess or hasWriteAccess is
130 * necessary wich can save alot of performance.
131 */
132 public abstract int getAccessLevel(IEntityAction entityAction);
133
134 /*** Returns true if the user has read access to the provided IDataSource.
135 */
136 public abstract boolean hasReadAccess(IDataSource dataSource);
137
138 /*** Returns true if the user has read access to the provided IEntity.
139 */
140 public abstract boolean hasReadAccess(IEntity entity);
141
142 /*** Returns true if the user has read access to the provided fieldDescriptor
143 * in the data content scope of the provided IEntity object.
144 */
145 public abstract boolean hasReadAccess(IFieldDescriptor fieldDescriptor, IEntity data);
146
147 /*** Returns true if the user has read access to the provided IEntityAction
148 * object in the data content scope of the provided IEntity object.
149 */
150 public abstract boolean hasReadAccess(IEntityAction entityAction, IEntity data);
151
152 /*** Returns true if the user has write access to the provided IDataSource.
153 */
154 public abstract boolean hasWriteAccess(IDataSource dataSource);
155
156 /*** Returns true if the user has write access to the provided IEntity.
157 */
158 public abstract boolean hasWriteAccess(IEntity entity);
159
160 /*** Returns true if the user has write access to the provided
161 * fieldDescriptor in the data content scope of the provided IEntity object.
162 */
163 public abstract boolean hasWriteAccess(IFieldDescriptor fieldDescriptor, IEntity data);
164
165 /*** Returns true if the user has write access to the provided IEntityAction
166 * object in the data content scope of the provided IEntity object.
167 */
168 public abstract boolean hasWriteAccess(IEntityAction entityAction, IEntity data);
169
170 /*** This method allows a current manager to reject replacement by another
171 * DataAccessManager.
172 */
173 public abstract boolean acceptsReplacement(DataAccessManager newManager);
174
175
176
177 private static class AccessManagerHolder
178 {
179 public DataAccessManager manager;
180
181 public AccessManagerHolder(DataAccessManager startingManager)
182 {
183 manager = startingManager;
184 }
185 }
186
187 public static interface IContentAccessVerifier
188 {
189 public boolean hasReadAccess(Object descriptionObject, Object dataObject);
190 public boolean hasWriteAccess(Object descriptionObject, Object dataObject);
191 }
192
193 /*** This simple DataAccessManager restricts access for all managed elements
194 * to a single access level. It can used as a default manager to allow full
195 * write access or view only access to any DataSource.
196 */
197 public static class ConstantDataAccessManager extends DataAccessManager
198 {
199
200 private final int mDefaultAccessLevel;
201
202
203 public ConstantDataAccessManager(int defaultAccessLevel)
204 {
205 if(defaultAccessLevel<NONE || defaultAccessLevel>WRITE)
206 throw new IllegalArgumentException("The access level must be NONE, READ or WRITE!");
207 mDefaultAccessLevel = defaultAccessLevel;
208 }
209
210
211
212 /*** Returns the access level for the provided IDataSourceDescriptor defined
213 * as NONE, READ, WRITE or CONTENT_BASED. If the access is not content
214 * based no further check with hasReadAccess or hasWriteAccess is
215 * necessary wich can save alot of performance.
216 */
217 public int getAccessLevel(IDataSourceDescriptor dataSourceDescriptor)
218 {
219 return mDefaultAccessLevel;
220 }
221
222 /*** Returns the access level for the provided IEntityDescriptor defined
223 * as NONE, READ, WRITE or CONTENT_BASED. If the access is not content
224 * based no further check with hasReadAccess or hasWriteAccess is
225 * necessary wich can save alot of performance.
226 */
227 public int getAccessLevel(IEntityDescriptor entityDescriptor)
228 {
229 return this.getAccessLevel(entityDescriptor.getDataSourceDescriptor());
230 }
231
232 /*** Returns the access level for the provided IFieldDescriptor defined
233 * as NONE, READ, WRITE or CONTENT_BASED. If the access is not content
234 * based no further check with hasReadAccess or hasWriteAccess is
235 * necessary wich can save alot of performance.
236 */
237 public int getAccessLevel(IFieldDescriptor fieldDescriptor)
238 {
239 return this.getAccessLevel(fieldDescriptor.getEntityDescriptor());
240 }
241
242 /*** Returns the access level for the provided IEntityAction defined
243 * as NONE, READ, WRITE or CONTENT_BASED. If the access is not content
244 * based no further check with hasReadAccess or hasWriteAccess is
245 * necessary wich can save alot of performance.
246 */
247 public int getAccessLevel(IEntityAction entityAction)
248 {
249 return this.getAccessLevel(entityAction.getEntityDescriptor());
250 }
251
252 /*** Returns true if the user has read access to the provided IDataSource.
253 */
254 public boolean hasReadAccess(IDataSource dataSource)
255 {
256 return mDefaultAccessLevel >= READ;
257 }
258
259 /*** Returns true if the user has read access to the provided IEntity.
260 */
261 public boolean hasReadAccess(IEntity entity)
262 {
263 return this.hasReadAccess(entity.getDataSource());
264 }
265
266 /*** Returns true if the user has read access to the provided fieldDescriptor
267 * in the data content scope of the provided IEntity object.
268 */
269 public boolean hasReadAccess(IFieldDescriptor fieldDescriptor, IEntity data)
270 {
271 return this.hasReadAccess(data);
272 }
273
274 /*** Returns true if the user has read access to the provided IEntityAction
275 * object in the data content scope of the provided IEntity object.
276 */
277 public boolean hasReadAccess(IEntityAction entityAction, IEntity data)
278 {
279 return this.hasReadAccess(data);
280 }
281
282 /*** Returns true if the user has write access to the provided IDataSource.
283 */
284 public boolean hasWriteAccess(IDataSource dataSource)
285 {
286 return mDefaultAccessLevel >= WRITE;
287 }
288
289 /*** Returns true if the user has write access to the provided IEntity.
290 */
291 public boolean hasWriteAccess(IEntity entity)
292 {
293 return this.hasWriteAccess(entity.getDataSource());
294 }
295
296 /*** Returns true if the user has write access to the provided
297 * fieldDescriptor in the data content scope of the provided IEntity object.
298 */
299 public boolean hasWriteAccess(IFieldDescriptor fieldDescriptor, IEntity data)
300 {
301 return this.hasWriteAccess(data);
302 }
303
304 /*** Returns true if the user has write access to the provided IEntityAction
305 * object in the data content scope of the provided IEntity object.
306 */
307 public boolean hasWriteAccess(IEntityAction entityAction, IEntity data)
308 {
309 return this.hasWriteAccess(data);
310 }
311
312 /*** This method allows a current manager to reject replacement by another
313 * DataAccessManager.
314 */
315 public boolean acceptsReplacement(DataAccessManager newManager)
316 {
317 return true;
318 }
319
320
321
322 /*** Access method that returns the default accss level of the manager.
323 */
324 public int getDefaultAccessLevel()
325 {
326 return mDefaultAccessLevel;
327 }
328 }
329 }