server/src/main/java/org/apache/cloudstack/acl/ApiKeyPairManagerImpl.java - cloudstack - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
 package org.apache.cloudstack.acl;

 import com.cloud.utils.component.ManagerBase;

 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.stream.Collectors;
 import org.apache.cloudstack.acl.apikeypair.ApiKeyPairService;
 import org.apache.cloudstack.acl.apikeypair.ApiKeyPair;
 import org.apache.cloudstack.acl.apikeypair.ApiKeyPairPermission;
 import org.apache.cloudstack.acl.dao.ApiKeyPairDao;
 import org.apache.cloudstack.acl.dao.ApiKeyPairPermissionsDao;
 import org.apache.commons.collections.CollectionUtils;

 import javax.inject.Inject;
 import java.util.List;

 public class ApiKeyPairManagerImpl extends ManagerBase implements ApiKeyPairService {
     @Inject
     private ApiKeyPairDao apiKeyPairDao;
     @Inject
     private ApiKeyPairPermissionsDao apiKeyPairPermissionsDao;
     @Inject
     private RoleService roleService;

     @Override
     public List<ApiKeyPairPermission> findAllPermissionsByKeyPairId(Long apiKeyPairId, Long roleId) {
         List<ApiKeyPairPermissionVO> keyPairPermissions = apiKeyPairPermissionsDao.findAllByKeyPairIdSorted(apiKeyPairId);
         List<RolePermissionEntity> rolePermissions = roleService.findAllRolePermissionsEntityBy(roleId, true);

         if (CollectionUtils.isEmpty(keyPairPermissions)) {
             return rolePermissions.stream()
                     .map(rolePermission -> new ApiKeyPairPermissionVO(rolePermission.getRule().getRuleString(), rolePermission.getPermission(), rolePermission.getDescription()))
                     .collect(Collectors.toList());
         }

         Map<String, RolePermissionEntity> rolePermissionInfo = roleService.getRoleRulesAndPermissions(rolePermissions);
         if (roleService.roleHasPermission(rolePermissionInfo, new ArrayList<>(keyPairPermissions))) {
             return new ArrayList<>(keyPairPermissions);
         }

         Map<String, RolePermissionEntity> keyPairPermissionInfo = roleService.getRoleRulesAndPermissions(new ArrayList<>(keyPairPermissions));
         return getRulesToBeKeptForTheKeyPair(rolePermissionInfo, keyPairPermissionInfo)
                 .entrySet().stream().map((permission) -> new ApiKeyPairPermissionVO(permission.getKey(), permission.getValue().getPermission(), permission.getValue().getDescription()))
                 .collect(Collectors.toList());
     }

     private Map<String, RolePermissionEntity> getRulesToBeKeptForTheKeyPair(Map<String, RolePermissionEntity> rolePermissions, Map<String, RolePermissionEntity> keyPairPermissions) {
         Map<String, RolePermissionEntity> rulesToBeKept = new HashMap<>();
         for (Map.Entry<String, RolePermissionEntity> keyPairPermission : keyPairPermissions.entrySet()) {
             String rule = keyPairPermission.getKey();
             RolePermissionEntity permission = keyPairPermission.getValue();
             boolean permissionGrantedByRole = rolePermissions.containsKey(rule) && rolePermissions.get(rule).getPermission() == RolePermissionEntity.Permission.ALLOW;
             if (permission.getPermission() == RolePermissionEntity.Permission.ALLOW && permissionGrantedByRole) {
                 rulesToBeKept.put(rule, permission);
             }
         }
         return rulesToBeKept;
     }

     @Override
     public ApiKeyPair findByApiKey(String apiKey) {
         return apiKeyPairDao.findByApiKey(apiKey);
     }

     @Override
     public ApiKeyPair findById(Long id) {
         return apiKeyPairDao.findById(id);
     }
 }
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.
	package org.apache.cloudstack.acl;

	import com.cloud.utils.component.ManagerBase;

	import java.util.ArrayList;
	import java.util.HashMap;
	import java.util.Map;
	import java.util.stream.Collectors;
	import org.apache.cloudstack.acl.apikeypair.ApiKeyPairService;
	import org.apache.cloudstack.acl.apikeypair.ApiKeyPair;
	import org.apache.cloudstack.acl.apikeypair.ApiKeyPairPermission;
	import org.apache.cloudstack.acl.dao.ApiKeyPairDao;
	import org.apache.cloudstack.acl.dao.ApiKeyPairPermissionsDao;
	import org.apache.commons.collections.CollectionUtils;

	import javax.inject.Inject;
	import java.util.List;

	public class ApiKeyPairManagerImpl extends ManagerBase implements ApiKeyPairService {
	@Inject
	private ApiKeyPairDao apiKeyPairDao;
	@Inject
	private ApiKeyPairPermissionsDao apiKeyPairPermissionsDao;
	@Inject
	private RoleService roleService;

	@Override
	public List<ApiKeyPairPermission> findAllPermissionsByKeyPairId(Long apiKeyPairId, Long roleId) {
	List<ApiKeyPairPermissionVO> keyPairPermissions = apiKeyPairPermissionsDao.findAllByKeyPairIdSorted(apiKeyPairId);
	List<RolePermissionEntity> rolePermissions = roleService.findAllRolePermissionsEntityBy(roleId, true);

	if (CollectionUtils.isEmpty(keyPairPermissions)) {
	return rolePermissions.stream()
	.map(rolePermission -> new ApiKeyPairPermissionVO(rolePermission.getRule().getRuleString(), rolePermission.getPermission(), rolePermission.getDescription()))
	.collect(Collectors.toList());
	}

	Map<String, RolePermissionEntity> rolePermissionInfo = roleService.getRoleRulesAndPermissions(rolePermissions);
	if (roleService.roleHasPermission(rolePermissionInfo, new ArrayList<>(keyPairPermissions))) {
	return new ArrayList<>(keyPairPermissions);
	}

	Map<String, RolePermissionEntity> keyPairPermissionInfo = roleService.getRoleRulesAndPermissions(new ArrayList<>(keyPairPermissions));
	return getRulesToBeKeptForTheKeyPair(rolePermissionInfo, keyPairPermissionInfo)
	.entrySet().stream().map((permission) -> new ApiKeyPairPermissionVO(permission.getKey(), permission.getValue().getPermission(), permission.getValue().getDescription()))
	.collect(Collectors.toList());
	}

	private Map<String, RolePermissionEntity> getRulesToBeKeptForTheKeyPair(Map<String, RolePermissionEntity> rolePermissions, Map<String, RolePermissionEntity> keyPairPermissions) {
	Map<String, RolePermissionEntity> rulesToBeKept = new HashMap<>();
	for (Map.Entry<String, RolePermissionEntity> keyPairPermission : keyPairPermissions.entrySet()) {
	String rule = keyPairPermission.getKey();
	RolePermissionEntity permission = keyPairPermission.getValue();
	boolean permissionGrantedByRole = rolePermissions.containsKey(rule) && rolePermissions.get(rule).getPermission() == RolePermissionEntity.Permission.ALLOW;
	if (permission.getPermission() == RolePermissionEntity.Permission.ALLOW && permissionGrantedByRole) {
	rulesToBeKept.put(rule, permission);
	}
	}
	return rulesToBeKept;
	}

	@Override
	public ApiKeyPair findByApiKey(String apiKey) {
	return apiKeyPairDao.findByApiKey(apiKey);
	}

	@Override
	public ApiKeyPair findById(Long id) {
	return apiKeyPairDao.findById(id);
	}
	}