PermissionBean.java

package fi.insomnia.bortal.beans;

import java.security.Principal;

import javax.annotation.Resource;
import javax.annotation.security.DeclareRoles;
import javax.ejb.EJB;
import javax.ejb.SessionContext;
import javax.ejb.Stateless;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.facade.UserFacade;
import fi.insomnia.bortal.model.User;

@Stateless
@DeclareRoles({ "ANONYMOUS", "SUPERADMIN", "USER", "LOGIN/READ", "LOGIN/WRITE",
		"LOGIN/EXECUTE", "USER_MANAGEMENT/READ", "USER_MANAGEMENT/WRITE",
		"USER_MANAGEMENT/EXECUTE", "ACCOUNT_MANAGEMENT/READ",
		"ACCOUNT_MANAGEMENT/WRITE", "ACCOUNT_MANAGEMENT/EXECUTE", "BILL/READ",
		"BILL/WRITE", "BILL/EXECUTE", "MAP/READ", "MAP/WRITE", "MAP/EXECUTE",
		"ROLE_MANAGEMENT/READ", "ROLE_MANAGEMENT/WRITE", "ROLE_MANAGEMENT/EXECUTE",
		"PRODUCT/READ", "PRODUCT/WRITE", "PRODUCT/EXECUTE", "SHOP/READ",
		"SHOP/WRITE", "SHOP/EXECUTE", "GAME/READ", "GAME/WRITE", "GAME/EXECUTE",
		"POLL/READ", "POLL/WRITE", "POLL/EXECUTE" })
public class PermissionBean implements PermissionBeanLocal {
	public static final String DEFAULT_USER_LOGIN = "anonymous";

	private static final Logger logger = LoggerFactory.getLogger(PermissionBean.class);

	@Resource
	private SessionContext context;

	@EJB
	private LoggingBeanLocal loggingbean;

	@EJB
	private UserFacade userfacade;

	private UserBean userbean;

	//
	// @Override
	// public boolean hasPermission(String perm) {
	// return context.isCallerInRole(perm);
	// }

	@Override
	public boolean hasPermission(Permission target, RolePermission permission) {

		return getCurrentUser().isSuperadmin()
				|| context.isCallerInRole(target.append(permission));

		// User user = getCurrentUser();
		//
		// Boolean ret = BortalLocalContextHolder.hasPermission(target,
		// permission);
		// // Boolean ret = BortalLocalContextHolder.hasPermission(target,
		// // permission);
		// if (ret == null) {
		// try {
		// for (Role role : userbean.findUsersRoles(user)) {
		// if (role == null) {
		// continue;
		// }
		//
		// for (RoleRight rr : role.getRoleRights()) {
		// BortalLocalContextHolder.setPermission(rr);
		//
		// ret = BortalLocalContextHolder.hasPermission(target, permission);
		// if (ret != null) {
		// break;
		// }
		//
		// }
		// if (ret != null) {
		// break;
		// }
		// }
		// } catch (PermissionDeniedException e) {
		// logger.warn("Permission denied when it should be allowed!!", e);
		// }
		// }
		//
		// // TODO: FIX THIS!! really bad idea....
		//
		// if (user.isSuperadmin()) {
		// return true;
		// }
		//
		// if (ret == null) {
		// ret = false;
		// BortalLocalContextHolder.setPermission(target, permission, ret);
		// }
		//
		// return ret;

	}

	@Override
	public void fatalPermission(Permission target, RolePermission permission, Object... failmessage) throws PermissionDeniedException {
		boolean ret = hasPermission(target, permission);
		if (!ret) {
			StringBuilder message = new StringBuilder("Target: ").append(target).append(" permission: ").append(permission);
			if (failmessage == null || failmessage.length == 0) {
				message.append(" MSG: SessionHandler mbean permission exception: Target: ")
						.append(target)
						.append(", Permission: ")
						.append(permission);
			} else {
				for (Object part : failmessage) {
					message.append(part == null ? "NULL" : part.toString());
				}
			}
			// throw new SecurityException("Foobar");

			throw new PermissionDeniedException(loggingbean, getCurrentUser(), message.toString());
		}
	}

	@Override
	public void fatalNotLoggedIn() throws PermissionDeniedException {
		if (!isLoggedIn()) {
			throw new PermissionDeniedException(loggingbean, getCurrentUser(), "User is not logged in!");
		}
	}

	@Override
	public boolean isCurrentUser(User user) {
		return (context.getCallerPrincipal() == null || user == null) ? false : context.getCallerPrincipal().getName().equals(user.getLogin());
	}

	@Override
	public boolean isLoggedIn() {
		return !getAnonUser().equals(getCurrentUser()) || getCurrentUser().isSuperadmin();
	}

	@Override
	public User getCurrentUser() {
		Principal principal = context.getCallerPrincipal();

		User ret = userfacade.findByLogin(principal.getName());
		if (ret == null) {
			ret = getAnonUser();
		}
		return ret;
	}

	/**
	 * Makes sure default user and public role exist and the user is member of
	 * the role.
	 */
	@Override
	public User getAnonUser() {
		User defaultUser = userfacade.findByLogin(DEFAULT_USER_LOGIN);
		if (defaultUser == null) {
			defaultUser = new User();
			defaultUser.setLogin(DEFAULT_USER_LOGIN);
			defaultUser.setNick(DEFAULT_USER_LOGIN);
			userfacade.create(defaultUser);

			defaultUser.setSuperadmin(true);
		}
		return defaultUser;
	}
}