src/main/java/org/apache/directory/fortress/core/impl/GroupMgrImpl.java - directory-fortress-core - Git at Google

 /*
  *   Licensed to the Apache Software Foundation (ASF) under one
  *   or more contributor license agreements.  See the NOTICE file
  *   distributed with this work for additional information
  *   regarding copyright ownership.  The ASF licenses this file
  *   to you under the Apache License, Version 2.0 (the
  *   "License"); you may not use this file except in compliance
  *   with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  *   Unless required by applicable law or agreed to in writing,
  *   software distributed under the License is distributed on an
  *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  *   KIND, either express or implied.  See the License for the
  *   specific language governing permissions and limitations
  *   under the License.
  *
  */
 package org.apache.directory.fortress.core.impl;

 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.List;

 import org.apache.commons.collections.CollectionUtils;
 import org.apache.directory.fortress.annotation.AdminPermissionOperation;
 import org.apache.directory.fortress.core.GlobalErrIds;
 import org.apache.directory.fortress.core.GroupMgr;
 import org.apache.directory.fortress.core.ReviewMgr;
 import org.apache.directory.fortress.core.ReviewMgrFactory;
 import org.apache.directory.fortress.core.SecurityException;
 import org.apache.directory.fortress.core.model.Group;
 import org.apache.directory.fortress.core.model.Role;
 import org.apache.directory.fortress.core.model.User;
 import org.apache.directory.fortress.core.model.UserRole;


 /**
  * This Manager impl supplies CRUD methods used to manage groups stored within the ldap directory.
  * LDAP group nodes are used for utility and security functions within various systems and apps.
  * <p>
  * This class is thread safe.
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
 public class GroupMgrImpl extends Manageable implements GroupMgr, Serializable
 {
     private static final String CLS_NM = GroupMgrImpl.class.getName();
     private GroupP groupP = new GroupP();

     /**
      * {@inheritDoc}
      */
     @Override
     @AdminPermissionOperation
     public Group add( Group group ) throws org.apache.directory.fortress.core.SecurityException
     {
         String methodName = "add";
         assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
         checkAccess(CLS_NM, methodName);

         if(!group.isMemberDn())
         {
             if( group.getType() == Group.Type.ROLE )
             {
                 loadRoleDns( group );
             }
             else
             {
                 loadUserDns( group );
             }
             group.setMemberDn(true);
         }

         return groupP.add( group );
     }

     /**
      * {@inheritDoc}
      */
     @Override
     @AdminPermissionOperation
     public Group update( Group group ) throws SecurityException
     {
         String methodName = "update";
         assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
         checkAccess(CLS_NM, methodName);

         return groupP.update( group );
     }

     /**
      * {@inheritDoc}
      */
     @Override
     @AdminPermissionOperation
     public Group delete( Group group ) throws SecurityException
     {
         String methodName = "delete";
         assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
         checkAccess(CLS_NM, methodName);

         return groupP.delete( group );
     }

     /**
      * {@inheritDoc}
      */
     @AdminPermissionOperation(operationName="addProperty")
     public Group add( Group group, String key, String value ) throws SecurityException
     {
         String methodName = "addProperty";
         assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
         checkAccess(CLS_NM, methodName);

         return groupP.add( group, key, value );
     }

     /**
      * {@inheritDoc}
      */
     @AdminPermissionOperation(operationName="deleteProperty")
     public Group delete( Group group, String key, String value ) throws SecurityException
     {
         String methodName = "deleteProperty";
         assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
         checkAccess(CLS_NM, methodName);

         return groupP.delete( group, key, value );
     }

     /**
      * {@inheritDoc}
      */
     @Override
     @AdminPermissionOperation
     public Group read( Group group ) throws SecurityException
     {
         String methodName = "read";
         assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
         checkAccess(CLS_NM, methodName);

         return groupP.read( group );
     }

     /**
      * {@inheritDoc}
      */
     @Override
     @AdminPermissionOperation
     public List<Group> find( Group group ) throws SecurityException
     {
         String methodName = "find";
         assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
         checkAccess(CLS_NM, methodName);

         return groupP.search( group );
     }

     /**
      * {@inheritDoc}
      */
     @AdminPermissionOperation(operationName="findWithUsers")
     public List<Group> find( User user ) throws SecurityException
     {
         String methodName = "findWithUsers";
         assertContext(CLS_NM, methodName, user, GlobalErrIds.USER_NULL);
         checkAccess( CLS_NM, methodName );
         loadUserDn( user );

         return groupP.search( user );
     }

     /**
      * {@inheritDoc}
      */
     @Override
     @AdminPermissionOperation
     public List<Group> roleGroups( Role role ) throws SecurityException
     {
         String methodName = "roleGroups";
         assertContext(CLS_NM, methodName, role, GlobalErrIds.ROLE_NULL);
         checkAccess( CLS_NM, methodName );
         loadRoleDn( role );

         return groupP.roleGroups( role );
     }

     /**
      * {@inheritDoc}
      */
     @Override
     @AdminPermissionOperation
     public List<UserRole> groupRoles( Group group ) throws SecurityException
     {
         String methodName = "groupRoles";
         assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
         checkAccess( CLS_NM, methodName );

         return groupP.groupRoles( group );
     }

     /**
      * {@inheritDoc}
      */
     @Override
     @AdminPermissionOperation
     public Group assign( Group group, String member ) throws SecurityException
     {
         String methodName = "assign";
         assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
         checkAccess(CLS_NM, methodName);
         ReviewMgr reviewMgr = ReviewMgrFactory.createInstance( this.contextId );
         String dn;
         if( group.getType() == Group.Type.ROLE )
         {
             Role inRole = new Role( member );
             inRole.setContextId( group.getContextId() );
             Role role = reviewMgr.readRole( inRole );
             dn = role.getDn();
             // Validate SSD constraints
             SDUtil.getInstance().validateSSD( group, role );
         }
         else
         {
             User inUser = new User( member );
             inUser.setContextId( group.getContextId() );
             User user = reviewMgr.readUser( inUser );
             dn = user.getDn();
         }

         return groupP.assign( group, dn );
     }

     /**
      * {@inheritDoc}
      */
     @Override
     @AdminPermissionOperation
     public Group deassign( Group group, String member ) throws SecurityException
     {
         String methodName = "deassign";
         assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
         checkAccess(CLS_NM, methodName);
         ReviewMgr reviewMgr = ReviewMgrFactory.createInstance( this.contextId );
         String dn;
         if( group.getType() == Group.Type.ROLE )
         {
             Role role = reviewMgr.readRole( new Role( member ) );
             dn = role.getDn();
         }
         else
         {
             User user = reviewMgr.readUser( new User( member ) );
             dn = user.getDn();
         }

         return groupP.deassign( group, dn );
     }

     private void loadUserDns( Group group ) throws SecurityException
     {
         if( CollectionUtils.isNotEmpty( group.getMembers() ))
         {
             ReviewMgr reviewMgr = ReviewMgrFactory.createInstance( this.contextId );
             List<String> userDns = new ArrayList<String>();

             for( String member : group.getMembers() )
             {
                 User user = reviewMgr.readUser( new User( member ) );
                 userDns.add( user.getDn() );
             }

             group.setMembers( userDns );
         }
     }

     private void loadRoleDns( Group group ) throws SecurityException
     {
         if( CollectionUtils.isNotEmpty( group.getMembers() ))
         {
             ReviewMgr reviewMgr = ReviewMgrFactory.createInstance( this.contextId );
             List<String> roleDns = new ArrayList<String>();

             for( String member : group.getMembers() )
             {
                 Role role = reviewMgr.readRole( new Role( member ) );
                 roleDns.add( role.getDn() );
             }

             group.setMembers( roleDns );
         }
     }

     private void loadUserDn( User inUser ) throws SecurityException
     {
         ReviewMgr reviewMgr = ReviewMgrFactory.createInstance( this.contextId );
         User outUser = reviewMgr.readUser( inUser );
         inUser.setDn( outUser.getDn() );
     }

     private void loadRoleDn( Role inRole ) throws SecurityException
     {
         ReviewMgr reviewMgr = ReviewMgrFactory.createInstance( this.contextId );
         Role outRole = reviewMgr.readRole( inRole );
         inRole.setDn( outRole.getDn() );
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*
	*/
	package org.apache.directory.fortress.core.impl;

	import java.io.Serializable;
	import java.util.ArrayList;
	import java.util.List;

	import org.apache.commons.collections.CollectionUtils;
	import org.apache.directory.fortress.annotation.AdminPermissionOperation;
	import org.apache.directory.fortress.core.GlobalErrIds;
	import org.apache.directory.fortress.core.GroupMgr;
	import org.apache.directory.fortress.core.ReviewMgr;
	import org.apache.directory.fortress.core.ReviewMgrFactory;
	import org.apache.directory.fortress.core.SecurityException;
	import org.apache.directory.fortress.core.model.Group;
	import org.apache.directory.fortress.core.model.Role;
	import org.apache.directory.fortress.core.model.User;
	import org.apache.directory.fortress.core.model.UserRole;


	/**
	* This Manager impl supplies CRUD methods used to manage groups stored within the ldap directory.
	* LDAP group nodes are used for utility and security functions within various systems and apps.
	* <p>
	* This class is thread safe.
	*
	* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
	*/
	public class GroupMgrImpl extends Manageable implements GroupMgr, Serializable
	{
	private static final String CLS_NM = GroupMgrImpl.class.getName();
	private GroupP groupP = new GroupP();

	/**
	* {@inheritDoc}
	*/
	@Override
	@AdminPermissionOperation
	public Group add( Group group ) throws org.apache.directory.fortress.core.SecurityException
	{
	String methodName = "add";
	assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
	checkAccess(CLS_NM, methodName);

	if(!group.isMemberDn())
	{
	if( group.getType() == Group.Type.ROLE )
	{
	loadRoleDns( group );
	}
	else
	{
	loadUserDns( group );
	}
	group.setMemberDn(true);
	}

	return groupP.add( group );
	}

	/**
	* {@inheritDoc}
	*/
	@Override
	@AdminPermissionOperation
	public Group update( Group group ) throws SecurityException
	{
	String methodName = "update";
	assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
	checkAccess(CLS_NM, methodName);

	return groupP.update( group );
	}

	/**
	* {@inheritDoc}
	*/
	@Override
	@AdminPermissionOperation
	public Group delete( Group group ) throws SecurityException
	{
	String methodName = "delete";
	assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
	checkAccess(CLS_NM, methodName);

	return groupP.delete( group );
	}

	/**
	* {@inheritDoc}
	*/
	@AdminPermissionOperation(operationName="addProperty")
	public Group add( Group group, String key, String value ) throws SecurityException
	{
	String methodName = "addProperty";
	assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
	checkAccess(CLS_NM, methodName);

	return groupP.add( group, key, value );
	}

	/**
	* {@inheritDoc}
	*/
	@AdminPermissionOperation(operationName="deleteProperty")
	public Group delete( Group group, String key, String value ) throws SecurityException
	{
	String methodName = "deleteProperty";
	assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
	checkAccess(CLS_NM, methodName);

	return groupP.delete( group, key, value );
	}

	/**
	* {@inheritDoc}
	*/
	@Override
	@AdminPermissionOperation
	public Group read( Group group ) throws SecurityException
	{
	String methodName = "read";
	assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
	checkAccess(CLS_NM, methodName);

	return groupP.read( group );
	}

	/**
	* {@inheritDoc}
	*/
	@Override
	@AdminPermissionOperation
	public List<Group> find( Group group ) throws SecurityException
	{
	String methodName = "find";
	assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
	checkAccess(CLS_NM, methodName);

	return groupP.search( group );
	}

	/**
	* {@inheritDoc}
	*/
	@AdminPermissionOperation(operationName="findWithUsers")
	public List<Group> find( User user ) throws SecurityException
	{
	String methodName = "findWithUsers";
	assertContext(CLS_NM, methodName, user, GlobalErrIds.USER_NULL);
	checkAccess( CLS_NM, methodName );
	loadUserDn( user );

	return groupP.search( user );
	}

	/**
	* {@inheritDoc}
	*/
	@Override
	@AdminPermissionOperation
	public List<Group> roleGroups( Role role ) throws SecurityException
	{
	String methodName = "roleGroups";
	assertContext(CLS_NM, methodName, role, GlobalErrIds.ROLE_NULL);
	checkAccess( CLS_NM, methodName );
	loadRoleDn( role );

	return groupP.roleGroups( role );
	}

	/**
	* {@inheritDoc}
	*/
	@Override
	@AdminPermissionOperation
	public List<UserRole> groupRoles( Group group ) throws SecurityException
	{
	String methodName = "groupRoles";
	assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
	checkAccess( CLS_NM, methodName );

	return groupP.groupRoles( group );
	}

	/**
	* {@inheritDoc}
	*/
	@Override
	@AdminPermissionOperation
	public Group assign( Group group, String member ) throws SecurityException
	{
	String methodName = "assign";
	assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
	checkAccess(CLS_NM, methodName);
	ReviewMgr reviewMgr = ReviewMgrFactory.createInstance( this.contextId );
	String dn;
	if( group.getType() == Group.Type.ROLE )
	{
	Role inRole = new Role( member );
	inRole.setContextId( group.getContextId() );
	Role role = reviewMgr.readRole( inRole );
	dn = role.getDn();
	// Validate SSD constraints
	SDUtil.getInstance().validateSSD( group, role );
	}
	else
	{
	User inUser = new User( member );
	inUser.setContextId( group.getContextId() );
	User user = reviewMgr.readUser( inUser );
	dn = user.getDn();
	}

	return groupP.assign( group, dn );
	}

	/**
	* {@inheritDoc}
	*/
	@Override
	@AdminPermissionOperation
	public Group deassign( Group group, String member ) throws SecurityException
	{
	String methodName = "deassign";
	assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
	checkAccess(CLS_NM, methodName);
	ReviewMgr reviewMgr = ReviewMgrFactory.createInstance( this.contextId );
	String dn;
	if( group.getType() == Group.Type.ROLE )
	{
	Role role = reviewMgr.readRole( new Role( member ) );
	dn = role.getDn();
	}
	else
	{
	User user = reviewMgr.readUser( new User( member ) );
	dn = user.getDn();
	}

	return groupP.deassign( group, dn );
	}

	private void loadUserDns( Group group ) throws SecurityException
	{
	if( CollectionUtils.isNotEmpty( group.getMembers() ))
	{
	ReviewMgr reviewMgr = ReviewMgrFactory.createInstance( this.contextId );
	List<String> userDns = new ArrayList<String>();

	for( String member : group.getMembers() )
	{
	User user = reviewMgr.readUser( new User( member ) );
	userDns.add( user.getDn() );
	}

	group.setMembers( userDns );
	}
	}

	private void loadRoleDns( Group group ) throws SecurityException
	{
	if( CollectionUtils.isNotEmpty( group.getMembers() ))
	{
	ReviewMgr reviewMgr = ReviewMgrFactory.createInstance( this.contextId );
	List<String> roleDns = new ArrayList<String>();

	for( String member : group.getMembers() )
	{
	Role role = reviewMgr.readRole( new Role( member ) );
	roleDns.add( role.getDn() );
	}

	group.setMembers( roleDns );
	}
	}

	private void loadUserDn( User inUser ) throws SecurityException
	{
	ReviewMgr reviewMgr = ReviewMgrFactory.createInstance( this.contextId );
	User outUser = reviewMgr.readUser( inUser );
	inUser.setDn( outUser.getDn() );
	}

	private void loadRoleDn( Role inRole ) throws SecurityException
	{
	ReviewMgr reviewMgr = ReviewMgrFactory.createInstance( this.contextId );
	Role outRole = reviewMgr.readRole( inRole );
	inRole.setDn( outRole.getDn() );
	}
	}