Java tutorial
/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.wicket.authroles.authorization.strategies.role.metadata; import java.util.HashMap; import java.util.Map; import org.apache.wicket.authorization.Action; import org.apache.wicket.authroles.authorization.strategies.role.Roles; import org.apache.wicket.util.io.IClusterable; /** * For each Action, holds a set of roles that can perform that action. Roles can be granted access * to a given action via authorize(Action, String role) and denied access via unauthorize(Action, * String role). All permissions can be removed for a given action via authorizeAll(Action). * * @author Eelco Hillenius * @author Jonathan Locke */ public final class ActionPermissions implements IClusterable { private static final long serialVersionUID = 1L; /** Map from an action to a set of role strings */ private final Map<Action, Roles> rolesForAction = new HashMap<>(); /** * Gives permission for the given roles to perform the given action * * @param action * The action * @param rolesToAdd * The roles */ public final void authorize(final Action action, final Roles rolesToAdd) { if (action == null) { throw new IllegalArgumentException("Argument action cannot be null"); } if (rolesToAdd == null) { throw new IllegalArgumentException("Argument rolesToAdd cannot be null"); } Roles roles = rolesForAction.get(action); if (roles == null) { roles = new Roles(); rolesForAction.put(action, roles); } roles.addAll(rolesToAdd); } /** * Remove all authorization for the given action. * * @param action * The action to clear */ public final void authorizeAll(final Action action) { if (action == null) { throw new IllegalArgumentException("Argument action cannot be null"); } rolesForAction.remove(action); } /** * Gets the roles that have a binding for the given action. * * @param action * The action * @return The roles authorized for the given action */ public final Roles rolesFor(final Action action) { if (action == null) { throw new IllegalArgumentException("Argument action cannot be null"); } return rolesForAction.get(action); } /** * Remove the given authorized role from an action. Note that this is only relevant if a role * was previously authorized for that action. If no roles where previously authorized the effect * of the unauthorize call is that no roles at all will be authorized for that action. * * @param action * The action * @param rolesToRemove * The comma separated list of roles to remove */ public final void unauthorize(final Action action, final Roles rolesToRemove) { if (action == null) { throw new IllegalArgumentException("Argument action cannot be null"); } if (rolesToRemove == null) { throw new IllegalArgumentException("Argument rolesToRemove cannot be null"); } Roles roles = rolesForAction.get(action); if (roles != null) { roles.removeAll(rolesToRemove); } else { roles = new Roles(); rolesForAction.put(action, roles); } // If we removed the last authorized role, we authorize the empty role // so that removing authorization can't suddenly open something up to // everyone. if (roles.size() == 0) { roles.add(MetaDataRoleAuthorizationStrategy.NO_ROLE); } } }