| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| package org.apache.usergrid.services.groups; |
| |
| |
| import java.util.Arrays; |
| import java.util.List; |
| import java.util.Map; |
| import java.util.Set; |
| import java.util.UUID; |
| |
| import org.apache.usergrid.persistence.cache.CacheScope; |
| import org.apache.usergrid.persistence.cache.ScopedCache; |
| import org.slf4j.Logger; |
| import org.slf4j.LoggerFactory; |
| import org.apache.usergrid.persistence.EntityRef; |
| import org.apache.usergrid.persistence.Query; |
| import org.apache.usergrid.persistence.entities.Role; |
| import org.apache.usergrid.services.AbstractPathBasedCollectionService; |
| import org.apache.usergrid.services.ServiceContext; |
| import org.apache.usergrid.services.ServicePayload; |
| import org.apache.usergrid.services.ServiceResults; |
| |
| import com.google.common.base.CharMatcher; |
| import com.google.common.base.Preconditions; |
| |
| import static org.apache.commons.lang.StringUtils.isBlank; |
| import static org.apache.usergrid.services.ServiceResults.genericServiceResults; |
| |
| |
| public class GroupsService extends AbstractPathBasedCollectionService { |
| |
| private static final Logger logger = LoggerFactory.getLogger( GroupsService.class ); |
| |
| static CharMatcher matcher = CharMatcher.JAVA_LETTER_OR_DIGIT.or( CharMatcher.anyOf( "-./" ) ); |
| |
| |
| public GroupsService() { |
| super(); |
| if (logger.isTraceEnabled()) { |
| logger.trace("/groups"); |
| } |
| |
| // rolenames is the one case of Entity Dictionary name not equal to path segment |
| declareEntityDictionary( new EntityDictionaryEntry( "rolenames", "roles" ) ); |
| |
| declareEntityDictionaries( Arrays.asList( "permissions" ) ); |
| } |
| |
| |
| @Override |
| public ServiceResults postCollection( ServiceContext context ) throws Exception { |
| |
| String path = ( String ) context.getProperty( "path" ); |
| |
| if ( path == null ) { |
| throw new IllegalArgumentException( "You must provide a 'path' property when creating a group" ); |
| } |
| |
| if (logger.isTraceEnabled()) { |
| logger.trace("Creating group with path {}", path); |
| } |
| |
| Preconditions.checkArgument( matcher.matchesAllOf( path ), "Illegal characters found in group name: " + path ); |
| |
| return super.postCollection( context ); |
| } |
| |
| |
| public ServiceResults getGroupRoles( UUID groupId ) throws Exception { |
| Map<String, Role> roles = em.getGroupRolesWithTitles( groupId ); |
| ServiceResults results = genericServiceResults().withData( roles ); |
| return results; |
| } |
| |
| |
| public ServiceResults getApplicationRolePermissions( String roleName ) throws Exception { |
| Set<String> permissions = em.getRolePermissions( roleName ); |
| ServiceResults results = genericServiceResults().withData( permissions ); |
| return results; |
| } |
| |
| |
| public ServiceResults addGroupRole( UUID groupId, String roleName ) throws Exception { |
| em.addGroupToRole( groupId, roleName ); |
| ScopedCache scopedCache = cacheFactory.getScopedCache(new CacheScope(em.getApplication().asId())); |
| scopedCache.invalidate(); |
| localShiroCache.invalidateAll(); |
| return getGroupRoles( groupId ); |
| } |
| |
| |
| public ServiceResults deleteGroupRole( UUID groupId, String roleName ) throws Exception { |
| em.removeGroupFromRole( groupId, roleName ); |
| ScopedCache scopedCache = cacheFactory.getScopedCache(new CacheScope(em.getApplication().asId())); |
| scopedCache.invalidate(); |
| localShiroCache.invalidateAll(); |
| return getGroupRoles( groupId ); |
| } |
| |
| |
| @Override |
| public ServiceResults getEntityDictionary( ServiceContext context, List<EntityRef> refs, |
| EntityDictionaryEntry dictionary ) throws Exception { |
| |
| if ( "rolenames".equalsIgnoreCase( dictionary.getName() ) ) { |
| EntityRef entityRef = refs.get( 0 ); |
| checkPermissionsForEntitySubPath( context, entityRef, "rolenames" ); |
| |
| if ( context.parameterCount() == 0 ) { |
| |
| return getGroupRoles( entityRef.getUuid() ); |
| } |
| else if ( context.parameterCount() == 1 ) { |
| |
| String roleName = context.getParameters().get( 1 ).getName(); |
| if ( isBlank( roleName ) ) { |
| return null; |
| } |
| |
| return getApplicationRolePermissions( roleName ); |
| } |
| } |
| else if ( "permissions".equalsIgnoreCase( dictionary.getName() ) ) { |
| EntityRef entityRef = refs.get( 0 ); |
| checkPermissionsForEntitySubPath( context, entityRef, "permissions" ); |
| |
| return genericServiceResults().withData( em.getGroupPermissions( entityRef.getUuid() ) ); |
| } |
| |
| return super.getEntityDictionary( context, refs, dictionary ); |
| } |
| |
| |
| @Override |
| public ServiceResults postEntityDictionary( ServiceContext context, List<EntityRef> refs, |
| EntityDictionaryEntry dictionary, ServicePayload payload ) |
| throws Exception { |
| |
| if ( "permissions".equalsIgnoreCase( dictionary.getName() ) ) { |
| EntityRef entityRef = refs.get( 0 ); |
| checkPermissionsForEntitySubPath( context, entityRef, "permissions" ); |
| |
| String permission = payload.getStringProperty( "permission" ); |
| if ( isBlank( permission ) ) { |
| return null; |
| } |
| |
| em.grantGroupPermission( entityRef.getUuid(), permission ); |
| ScopedCache scopedCache = cacheFactory.getScopedCache(new CacheScope(em.getApplication().asId())); |
| scopedCache.invalidate(); |
| localShiroCache.invalidateAll(); |
| |
| return genericServiceResults().withData( em.getGroupPermissions( entityRef.getUuid() ) ); |
| } |
| |
| return super.postEntityDictionary( context, refs, dictionary, payload ); |
| } |
| |
| |
| @Override |
| public ServiceResults putEntityDictionary( ServiceContext context, List<EntityRef> refs, |
| EntityDictionaryEntry dictionary, ServicePayload payload ) |
| throws Exception { |
| |
| if ( "rolenames".equalsIgnoreCase( dictionary.getName() ) ) { |
| EntityRef entityRef = refs.get( 0 ); |
| checkPermissionsForEntitySubPath( context, entityRef, "rolenames" ); |
| |
| if ( context.parameterCount() == 0 ) { |
| |
| String name = payload.getStringProperty( "name" ); |
| if ( isBlank( name ) ) { |
| return null; |
| } |
| |
| return addGroupRole( entityRef.getUuid(), name ); |
| } |
| } |
| |
| return super.postEntityDictionary( context, refs, dictionary, payload ); |
| } |
| |
| |
| @Override |
| public ServiceResults deleteEntityDictionary( ServiceContext context, List<EntityRef> refs, |
| EntityDictionaryEntry dictionary ) throws Exception { |
| |
| if ( "rolenames".equalsIgnoreCase( dictionary.getName() ) ) { |
| EntityRef entityRef = refs.get( 0 ); |
| checkPermissionsForEntitySubPath( context, entityRef, "rolenames" ); |
| |
| if ( context.parameterCount() == 1 ) { |
| |
| String roleName = context.getParameters().get( 1 ).getName(); |
| if ( isBlank( roleName ) ) { |
| return null; |
| } |
| |
| return deleteGroupRole( entityRef.getUuid(), roleName ); |
| } |
| } |
| else if ( "permissions".equalsIgnoreCase( dictionary.getName() ) ) { |
| EntityRef entityRef = refs.get( 0 ); |
| checkPermissionsForEntitySubPath( context, entityRef, "permissions" ); |
| |
| Query q = context.getParameters().get( 0 ).getQuery(); |
| if ( q == null ) { |
| return null; |
| } |
| |
| List<String> permissions = q.getPermissions(); |
| if ( permissions == null ) { |
| return null; |
| } |
| |
| for ( String permission : permissions ) { |
| em.revokeGroupPermission( entityRef.getUuid(), permission ); |
| } |
| ScopedCache scopedCache = cacheFactory.getScopedCache(new CacheScope(em.getApplication().asId())); |
| scopedCache.invalidate(); |
| localShiroCache.invalidateAll(); |
| |
| return genericServiceResults().withData( em.getGroupPermissions( entityRef.getUuid() ) ); |
| } |
| |
| return super.deleteEntityDictionary( context, refs, dictionary ); |
| } |
| } |