PermissionBean.java

package fi.insomnia.bortal.beans;

import java.security.Principal;

import javax.annotation.Resource;
import javax.annotation.security.DeclareRoles;
import javax.ejb.EJB;
import javax.ejb.SessionContext;
import javax.ejb.Stateless;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import fi.insomnia.bortal.enums.apps.BillPermission;
import fi.insomnia.bortal.enums.apps.IAppPermission;
import fi.insomnia.bortal.enums.apps.MapPermission;
import fi.insomnia.bortal.enums.apps.ShopPermission;
import fi.insomnia.bortal.enums.apps.SpecialPermission;
import fi.insomnia.bortal.enums.apps.UserPermission;
import fi.insomnia.bortal.facade.UserFacade;
import fi.insomnia.bortal.model.User;

@Stateless
@DeclareRoles({
		UserPermission.S_CREATE_NEW,
		UserPermission.S_LOGIN,
		UserPermission.S_LOGOUT,
		UserPermission.S_MODIFY,
		UserPermission.S_MODIFY_ACCOUNTEVENTS,
		UserPermission.S_VIEW_ACCOUNTEVENTS,
		UserPermission.S_VIEW_ALL,
		UserPermission.S_VIEW_SELF,
		UserPermission.S_WRITE_ROLES,
		UserPermission.S_READ_ROLES,

		MapPermission.S_VIEW,
		MapPermission.S_MANAGE_MAPS,
		MapPermission.S_MANAGE_OTHERS,
		MapPermission.S_BUY_PLACES,

		ShopPermission.S_LIST_ALL_PRODUCTS,
		ShopPermission.S_LIST_USERPRODUCTS,
		ShopPermission.S_SHOP_TO_OTHERS,
		ShopPermission.S_MANAGE_PRODUCTS,
		ShopPermission.S_SHOP_PRODUCTS,

		BillPermission.S_CREATE_BILL,
		BillPermission.S_READ_ALL,
		BillPermission.S_WRITE_ALL,
		BillPermission.S_VIEW_OWN,

		SpecialPermission.S_SUPERADMIN,
		SpecialPermission.S_USER,
		SpecialPermission.S_ANONYMOUS,
})
public class PermissionBean implements PermissionBeanLocal {

	private static final Logger logger = LoggerFactory.getLogger(PermissionBean.class);

	@Resource
	private SessionContext context;

	@EJB
	private LoggingBeanLocal loggingbean;

	@EJB
	private UserFacade userfacade;

	//
	// @Override
	// public boolean hasPermission(String perm) {
	// return context.isCallerInRole(perm);
	// }

	@Override
	public boolean hasPermission(IAppPermission perm) {

		if (perm == null)
		{
			return true;
		}
		return perm == null || context.isCallerInRole(perm.getFullName());

	}

	@Override
	public boolean fatalPermission(IAppPermission permission, Object... failmessage) throws PermissionDeniedException {
		boolean ret = hasPermission(permission);
		if (!ret) {
			StringBuilder message = new StringBuilder().append(" permission: ").append(permission);
			if (failmessage == null || failmessage.length == 0) {
				message.append(" MSG: SessionHandler mbean permission exception: Permission: ")
						.append(permission);
			} else {
				for (Object part : failmessage) {
					message.append(part == null ? "NULL" : part.toString());
				}
			}
			// throw new SecurityException("Foobar");

			throw new PermissionDeniedException(loggingbean, getCurrentUser(), message.toString());
		}
		return true;
	}

	@Override
	public void fatalNotLoggedIn() throws PermissionDeniedException {
		if (!isLoggedIn()) {
			throw new PermissionDeniedException(loggingbean, getCurrentUser(), "User is not logged in!");
		}
	}

	@Override
	public boolean isCurrentUser(User user) {
		return (context.getCallerPrincipal() == null || user == null) ? false : context.getCallerPrincipal().getName().equals(user.getLogin());
	}

	@Override
	public boolean isLoggedIn() {

		return !getAnonUser().equals(getCurrentUser()) || getCurrentUser().isSuperadmin();
	}

	@Override
	public User getCurrentUser() {
		Principal principal = context.getCallerPrincipal();

		User ret = userfacade.findByLogin(principal.getName());
		if (ret == null) {
			ret = getAnonUser();
		}
		return ret;
	}

	/**
	 * Makes sure default user and public role exist and the user is member of
	 * the role.
	 */
	@Override
	public User getAnonUser() {
		User defaultUser = userfacade.findByLogin(User.ANONYMOUS_LOGINNAME);
		if (defaultUser == null) {
			defaultUser = new User();
			defaultUser.setLogin(User.ANONYMOUS_LOGINNAME);
			defaultUser.setNick(User.ANONYMOUS_LOGINNAME);
			userfacade.create(defaultUser);

			// defaultUser.setSuperadmin(true);
		}
		return defaultUser;
	}
}