/**
    * Copyright 2005-2006 the original author or authors.
    *
    * Licensed under the Gnu General Pubic License, Version 2.0 (the
    * "License"); you may not use this file except in compliance with
    * the License. You may obtain a copy of the License at
    *
    *      http://www.opensource.org/licenses/gpl-license.php
    *
   * This program is distributed in the hope that it will be useful,
   * but WITHOUT ANY WARRANTY; without even the implied warranty of
   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
   * See the Gnu General Public License for more details.
   */
  package org.figure8.join.view;
  
  import org.figure8.join.core.InvalidParameterException;
  import org.figure8.join.businessobjects.security.User;
  import org.figure8.join.businessobjects.security.Role;
  import org.figure8.join.businessobjects.security.Permission;
  
  import java.io.Serializable;
  import java.util.List;
  import java.util.HashMap;
  import java.util.Collection;
  import java.util.ArrayList;
  /**
   * This is a JavaBean encapsulating a User domain model object and its
   * permission. This is necessary because in our model, a User is decoupled
   * from its security permission.<br/>
   * Instance of <code>UserView</code> class are intended to be stored within
   * a HttpSession.
   * @author <a href="mailto:laurent.broudoux@free.fr">Laurent Broudoux</a>
   * @version $Revision: 1.2 $
   */
  public class UserView implements Serializable{
  
     // Attributes ---------------------------------------------------------------
  
     /** The encapsulated user domain object */
     protected User user = null;
     /**
      * Map containing user's permission. Keys are security roles,
      * values are permissions on different resources for this role.
      */
     protected HashMap permissions = new HashMap();
     /**
      * Non encrypted password of user (the one provided through authentication form)
      * This is necessary in case of user calling a remote Join web-service that expect
      * clear password for doing its own authentication. Not so unsafe because clear
      * password will only be kept in VM memory...
      */
     protected String clearPassword = null;
  
  
     // Constructors -------------------------------------------------------------
  
     /**
      * Creates a new instance of UserView
      * @param user The encasuplated user business object
      */
     public UserView(User user){
        this.user = user;
     }
  
     /**
      * Creates a new instance of UserView with a set of <code>Permission</code>s
      * @param user The encasuplated user business object
      * @param permissions A list of <code>org.figure8.join.businessobjects.security.Permission</code>s
      */
     public UserView(User user, List permissions){
        this.user = user;
        if (permissions != null)
           for (int i=0; i < permissions.size(); i++)
              addPermission((Permission)permissions.get(i));
     }
  
  
     // Public -------------------------------------------------------------------
  
     /** @return The encapsulated user business object */
     public User getUser(){
        return user;
     }
  
     /**
      * Add a security permission to this user.
      * @param permission Permission to add
      */
     public void addPermission(Permission permission){
        // Get existing permissions related to security role.
        List permissionsForRole = null;
        Object obj = permissions.get(permission.getRole());
  
        if (obj != null)
           permissionsForRole = (List)obj;
        else
           permissionsForRole = new ArrayList();
  
       // Add this permission to the existing set under this role.
       permissionsForRole.add(permission);
       permissions.put(permission.getRole(), permissionsForRole);
    }
 
    /** @return All the permissions acquired by this user */
    public Collection getPermissions(){
       return permissions.values();
    }
    /**
     * @param role The security role to filter permissions for
     * @return All the permissions correspondinf to role acquired by this user
     */
    public Collection getPermissions(Role role){
       return (Collection)permissions.get(role);
    }
 
    /**
     * Tells if this user has permission to endorse this security role
     * @param role Security role that has to be endorsed by user
     * @return true is user as permission corresponding to role, false otherwise
     */
    public boolean hasPermission(Role role){
       if (permissions.get(role) != null)
          return true;
       return false;
    }
 
    /**
     * Tells if this user has permission to endorse this security role for this resource
     * @param resource Entity for whom user should have permission
     * @param role Security role that has to be endorsed by user
     * @return true is user as permission corresponding to role for resource, false otherwise
     */
    public boolean hasPermissionForResource(Object resource, Role role){
       // First, retrieve resource identifier.
       String resourceId = null;
       try {resourceId = role.getPermissionResourceResolver().getResourceId(resource);}
       catch (InvalidParameterException ipe) {return false;}
 
       if (hasPermission(role)){
          List permissionsForRole = (List)permissions.get(role);
          // Browse permissions and compare their resource id.
          for (int i=0; i < permissionsForRole.size(); i++){
             Permission permission = (Permission)permissionsForRole.get(i);
             if (permission.isResourcePermission() && permission.getResourceId().equals(resourceId))
                return true;
          }
       }
       return false;
    }
 
    /** @return The non encrypted password of wrapped user */
    public String getClearPassword(){
       return clearPassword;
    }
    /** @param clearPassword The non encrypted password of wrapped user */
    public void setClearPassword(String clearPassword){
       this.clearPassword = clearPassword;
    }
 }