0001: /**********************************************************************************
0002: * $URL: https://source.sakaiproject.org/svn/trunk/sakai/admin-tools/su/src/java/org/sakaiproject/tool/su/SuTool.java $
0003: * $Id: SuTool.java 5970 2006-02-15 03:07:19Z ggolden@umich.edu $
0004: ***********************************************************************************
0005: *
0006: * Copyright (c) 2003, 2004, 2005, 2006 The Sakai Foundation.
0007: *
0008: * Licensed under the Educational Community License, Version 1.0 (the "License");
0009: * you may not use this file except in compliance with the License.
0010: * You may obtain a copy of the License at
0011: *
0012: * http://www.opensource.org/licenses/ecl1.php
0013: *
0014: * Unless required by applicable law or agreed to in writing, software
0015: * distributed under the License is distributed on an "AS IS" BASIS,
0016: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
0017: * See the License for the specific language governing permissions and
0018: * limitations under the License.
0019: *
0020: **********************************************************************************/package org.sakaiproject.authz.impl;
0021:
0022: import java.util.HashMap;
0023: import java.util.HashSet;
0024: import java.util.Iterator;
0025: import java.util.Map;
0026: import java.util.Set;
0027: import java.util.Stack;
0028:
0029: import org.apache.commons.logging.Log;
0030: import org.apache.commons.logging.LogFactory;
0031: import org.sakaiproject.authz.api.AuthzGroup;
0032: import org.sakaiproject.authz.api.Member;
0033: import org.sakaiproject.authz.api.Role;
0034: import org.sakaiproject.authz.api.RoleAlreadyDefinedException;
0035: import org.sakaiproject.authz.cover.AuthzGroupService;
0036: import org.sakaiproject.entity.api.Reference;
0037: import org.sakaiproject.entity.api.ResourceProperties;
0038: import org.sakaiproject.entity.api.ResourcePropertiesEdit;
0039: import org.sakaiproject.time.api.Time;
0040: import org.sakaiproject.time.cover.TimeService;
0041: import org.sakaiproject.user.api.User;
0042: import org.sakaiproject.user.cover.UserDirectoryService;
0043: import org.sakaiproject.util.BaseResourceProperties;
0044: import org.sakaiproject.util.BaseResourcePropertiesEdit;
0045: import org.sakaiproject.util.StringUtil;
0046: import org.w3c.dom.Document;
0047: import org.w3c.dom.Element;
0048: import org.w3c.dom.Node;
0049: import org.w3c.dom.NodeList;
0050:
0051: /**
0052: * <p>
0053: * BaseAuthzGroup is an implementation of the AuthGroup API AuthzGroup.
0054: * </p>
0055: */
0056: public class BaseAuthzGroup implements AuthzGroup {
0057: /** Our log (commons). */
0058: private static Log M_log = LogFactory.getLog(BaseAuthzGroup.class);
0059:
0060: /** A fixed class serian number. */
0061: private static final long serialVersionUID = 1L;
0062:
0063: /** The internal 'db' key. */
0064: protected Integer m_key = null;
0065:
0066: /** The azGroup id. */
0067: protected String m_id = null;
0068:
0069: /** The properties. */
0070: protected ResourcePropertiesEdit m_properties = null;
0071:
0072: /** Map of userId to Member */
0073: protected Map m_userGrants = null;
0074:
0075: /** Map of Role id to a Role defined in this AuthzGroup. */
0076: protected Map m_roles = null;
0077:
0078: /** The external azGroup id, or null if not defined. */
0079: protected String m_providerRealmId = null;
0080:
0081: /** The role to use for maintain users. */
0082: protected String m_maintainRole = null;
0083:
0084: /** The created user id. */
0085: protected String m_createdUserId = null;
0086:
0087: /** The last modified user id. */
0088: protected String m_lastModifiedUserId = null;
0089:
0090: /** The time created. */
0091: protected Time m_createdTime = null;
0092:
0093: /** The time last modified. */
0094: protected Time m_lastModifiedTime = null;
0095:
0096: /** Set while the azGroup is not fully loaded from the storage. */
0097: protected boolean m_lazy = false;
0098:
0099: /** The event code for this azGroup. */
0100: protected String m_event = null;
0101:
0102: /** Active flag. */
0103: protected boolean m_active = false;
0104:
0105: /** True if created by the "new" call rather than "add" - it has not yet been stored. */
0106: protected boolean m_isNew = false;
0107:
0108: /**
0109: * Construct.
0110: *
0111: * @param id
0112: * The azGroup id.
0113: */
0114: public BaseAuthzGroup(String id) {
0115: m_id = id;
0116:
0117: // setup for properties
0118: ResourcePropertiesEdit props = new BaseResourcePropertiesEdit();
0119: m_properties = props;
0120:
0121: m_userGrants = new HashMap();
0122: m_roles = new HashMap();
0123:
0124: // if the id is not null (a new azGroup, rather than a reconstruction)
0125: // add the automatic (live) properties
0126: if (m_id != null)
0127: ((BaseAuthzGroupService) (AuthzGroupService.getInstance()))
0128: .addLiveProperties(this );
0129: }
0130:
0131: /**
0132: * Construct from another AuthzGroup object.
0133: *
0134: * @param azGroup
0135: * The azGroup object to use for values.
0136: */
0137: public BaseAuthzGroup(AuthzGroup azGroup) {
0138: setAll(azGroup);
0139: }
0140:
0141: /**
0142: * (Re)Construct from parts.
0143: *
0144: * @param dbid
0145: * The database id.
0146: * @param id
0147: * The azGroup id.
0148: * @param providerId
0149: * The provider id.
0150: * @param maintainRole
0151: * The maintain role id.
0152: * @param createdBy
0153: * The user created by id.
0154: * @param createdOn
0155: * The time created.
0156: * @param modifiedBy
0157: * The user modified by id.
0158: * @param modifiedOn
0159: * The time modified.
0160: */
0161: public BaseAuthzGroup(Integer dbid, String id, String providerId,
0162: String maintainRole, String createdBy, Time createdOn,
0163: String modifiedBy, Time modifiedOn) {
0164: // setup for properties
0165: ResourcePropertiesEdit props = new BaseResourcePropertiesEdit();
0166: m_properties = props;
0167:
0168: m_userGrants = new HashMap();
0169: m_roles = new HashMap();
0170:
0171: m_key = dbid;
0172: m_id = id;
0173: m_providerRealmId = StringUtil.trimToNull(providerId);
0174: m_maintainRole = StringUtil.trimToNull(maintainRole);
0175:
0176: m_createdUserId = createdBy;
0177: m_lastModifiedUserId = modifiedBy;
0178: m_createdTime = createdOn;
0179: m_lastModifiedTime = modifiedOn;
0180:
0181: // setup for properties, but mark them lazy since we have not yet established them from data
0182: ((BaseResourcePropertiesEdit) m_properties).setLazy(true);
0183:
0184: m_lazy = true;
0185: }
0186:
0187: /**
0188: * Construct from information in XML.
0189: *
0190: * @param el
0191: * The XML DOM Element definining the azGroup.
0192: */
0193: public BaseAuthzGroup(Element el) {
0194: m_userGrants = new HashMap();
0195: m_roles = new HashMap();
0196:
0197: // setup for properties
0198: m_properties = new BaseResourcePropertiesEdit();
0199:
0200: m_id = StringUtil.trimToNull(el.getAttribute("id"));
0201: m_providerRealmId = StringUtil.trimToNull(el
0202: .getAttribute("provider-id"));
0203: m_maintainRole = StringUtil.trimToNull(el
0204: .getAttribute("maintain-role"));
0205:
0206: m_createdUserId = StringUtil.trimToNull(el
0207: .getAttribute("created-id"));
0208: m_lastModifiedUserId = StringUtil.trimToNull(el
0209: .getAttribute("modified-id"));
0210:
0211: String time = StringUtil.trimToNull(el
0212: .getAttribute("created-time"));
0213: if (time != null) {
0214: m_createdTime = TimeService.newTimeGmt(time);
0215: }
0216:
0217: time = StringUtil.trimToNull(el.getAttribute("modified-time"));
0218: if (time != null) {
0219: m_lastModifiedTime = TimeService.newTimeGmt(time);
0220: }
0221:
0222: // process the children (properties, grants, abilities, roles)
0223: NodeList children = el.getChildNodes();
0224: final int length = children.getLength();
0225: for (int i = 0; i < length; i++) {
0226: Node child = children.item(i);
0227: if (child.getNodeType() != Node.ELEMENT_NODE)
0228: continue;
0229: Element element = (Element) child;
0230:
0231: // look for properties
0232: if (element.getTagName().equals("properties")) {
0233: // re-create properties
0234: m_properties = new BaseResourcePropertiesEdit(element);
0235: }
0236:
0237: // look for a role
0238: else if (element.getTagName().equals("role")) {
0239: BaseRole role = new BaseRole(element, this );
0240: m_roles.put(role.getId(), role);
0241: }
0242:
0243: // process a grant
0244: else if (element.getTagName().equals("grant")) {
0245: String userId = StringUtil.trimToNullLower(element
0246: .getAttribute("user"));
0247: String roleId = StringUtil.trimToNull(element
0248: .getAttribute("role"));
0249: String active = StringUtil.trimToNull(element
0250: .getAttribute("active"));
0251: String provided = StringUtil.trimToNull(element
0252: .getAttribute("provided"));
0253:
0254: // record this user - role grant - just use the first one
0255: BaseRole role = (BaseRole) m_roles.get(roleId);
0256: if (role != null) {
0257: // if already granted, update to point to the role with the most permissions
0258: BaseMember grant = (BaseMember) m_userGrants
0259: .get(userId);
0260: if (grant != null) {
0261: if (role.m_locks.size() > ((BaseRole) grant.role).m_locks
0262: .size()) {
0263: M_log
0264: .warn("(el): additional lesser user grant ignored: "
0265: + m_id
0266: + " "
0267: + userId
0268: + " "
0269: + grant.role.getId()
0270: + " keeping: " + roleId);
0271: grant.role = role;
0272: } else {
0273: M_log
0274: .warn("(el): additional lesser user grant ignored: "
0275: + m_id
0276: + " "
0277: + userId
0278: + " "
0279: + roleId
0280: + " keeping: "
0281: + grant.role.getId());
0282: }
0283: } else {
0284: grant = new BaseMember(role, Boolean.valueOf(
0285: active).booleanValue(), Boolean
0286: .valueOf(provided).booleanValue(),
0287: userId);
0288: m_userGrants.put(userId, grant);
0289: }
0290: } else {
0291: M_log.warn("(el): role null: " + roleId);
0292: }
0293: }
0294:
0295: // look for user - [ Role | lock ] ability (the old way, pre 1.23)
0296: else if (element.getTagName().equals("ability")) {
0297: String userId = StringUtil.trimToNullLower(element
0298: .getAttribute("user"));
0299: String roleId = StringUtil.trimToNull(element
0300: .getAttribute("role"));
0301: String lock = StringUtil.trimToNull(element
0302: .getAttribute("lock"));
0303: String anon = StringUtil.trimToNull(element
0304: .getAttribute("anon"));
0305: String auth = StringUtil.trimToNull(element
0306: .getAttribute("auth"));
0307:
0308: // old way anon was stored
0309: // add the lock to the anon role definition
0310: if (anon != null) {
0311: if (roleId != null) {
0312: // the old pubview was done this way, we handle it so no need for warning
0313: if (!("pubview".equals(roleId))) {
0314: M_log.warn("(el) role for anon: " + m_id
0315: + " " + roleId);
0316: }
0317: }
0318:
0319: if (lock != null) {
0320: BaseRole role = (BaseRole) m_roles
0321: .get(AuthzGroupService.ANON_ROLE);
0322: if (role == null) {
0323: role = new BaseRole(
0324: AuthzGroupService.ANON_ROLE);
0325: m_roles.put(AuthzGroupService.ANON_ROLE,
0326: role);
0327: }
0328: role.allowFunction(lock);
0329: }
0330: }
0331:
0332: // old way auth was stored
0333: // add the lock to the auth role definition
0334: else if (auth != null) {
0335: if (roleId != null) {
0336: // the old pubview was done this way, we handle it so no need for warning
0337: if (!("pubview".equals(roleId))) {
0338: M_log.warn("(el) role for auth: " + m_id
0339: + " " + roleId);
0340: }
0341: }
0342:
0343: if (lock != null) {
0344: BaseRole role = (BaseRole) m_roles
0345: .get(AuthzGroupService.AUTH_ROLE);
0346: if (role == null) {
0347: role = new BaseRole(
0348: AuthzGroupService.AUTH_ROLE);
0349: m_roles.put(AuthzGroupService.AUTH_ROLE,
0350: role);
0351: }
0352: role.allowFunction(lock);
0353: }
0354: }
0355:
0356: else if (userId != null) {
0357: BaseRole role = (BaseRole) m_roles.get(roleId);
0358: if (role != null) {
0359: // if already granted, update to point to the role with the most permissions
0360: BaseMember grant = (BaseMember) m_userGrants
0361: .get(userId);
0362: if (grant != null) {
0363: if (role.m_locks.size() > ((BaseRole) grant.role).m_locks
0364: .size()) {
0365: M_log
0366: .warn("(el): additional lesser user grant ignored: "
0367: + m_id
0368: + " "
0369: + userId
0370: + " "
0371: + grant.role.getId()
0372: + " keeping: " + roleId);
0373: grant.role = role;
0374: } else {
0375: M_log
0376: .warn("(el): additional lesser user grant ignored: "
0377: + m_id
0378: + " "
0379: + userId
0380: + " "
0381: + roleId
0382: + " keeping: "
0383: + grant.role.getId());
0384: }
0385: } else {
0386: grant = new BaseMember(role, true, false,
0387: userId);
0388: m_userGrants.put(userId, grant);
0389: }
0390: } else {
0391: M_log.warn("(el): role null: " + roleId);
0392: }
0393: }
0394: }
0395: }
0396:
0397: // pull out some properties into fields to convert old (pre 1.23) versions
0398: if (m_createdUserId == null) {
0399: m_createdUserId = m_properties.getProperty("CHEF:creator");
0400: }
0401: if (m_lastModifiedUserId == null) {
0402: m_lastModifiedUserId = m_properties
0403: .getProperty("CHEF:modifiedby");
0404: }
0405: if (m_createdTime == null) {
0406: try {
0407: m_createdTime = m_properties
0408: .getTimeProperty("DAV:creationdate");
0409: } catch (Exception ignore) {
0410: }
0411: }
0412: if (m_lastModifiedTime == null) {
0413: try {
0414: m_lastModifiedTime = m_properties
0415: .getTimeProperty("DAV:getlastmodified");
0416: } catch (Exception ignore) {
0417: }
0418: }
0419: m_properties.removeProperty("CHEF:creator");
0420: m_properties.removeProperty("CHEF:modifiedby");
0421: m_properties.removeProperty("DAV:creationdate");
0422: m_properties.removeProperty("DAV:getlastmodified");
0423:
0424: // make sure we have our times
0425: if ((m_createdTime == null) && (m_lastModifiedTime != null)) {
0426: m_createdTime = (Time) m_lastModifiedTime.clone();
0427: }
0428:
0429: if (m_createdTime == null) {
0430: m_createdTime = TimeService.newTime();
0431: }
0432:
0433: if (m_lastModifiedTime == null) {
0434: m_lastModifiedTime = (Time) m_createdTime.clone();
0435: }
0436:
0437: // and our users
0438: if ((m_createdUserId == null) && (m_lastModifiedUserId != null)) {
0439: m_createdUserId = m_lastModifiedUserId;
0440: }
0441:
0442: if (m_createdUserId == null) {
0443: m_createdUserId = UserDirectoryService.ADMIN_ID;
0444: }
0445:
0446: if (m_lastModifiedUserId == null) {
0447: m_lastModifiedUserId = m_createdUserId;
0448: }
0449:
0450: // recognize old (ContentHosting) pubview realms where anon/auth were granted "pubview" role
0451: // roles can not be nested anymore - remove the pubview role and put the one "content.read" lock into .anon
0452: if (m_roles.get("pubview") != null) {
0453: m_roles.remove("pubview");
0454:
0455: BaseRole role = (BaseRole) m_roles
0456: .get(AuthzGroupService.ANON_ROLE);
0457: if (role == null) {
0458: role = new BaseRole(AuthzGroupService.ANON_ROLE);
0459: m_roles.put(AuthzGroupService.ANON_ROLE, role);
0460: }
0461: role.allowFunction("content.read");
0462: }
0463: }
0464:
0465: /**
0466: * {@inheritDoc}
0467: */
0468: public String getDescription() {
0469: // the special ones
0470: if (getId().startsWith("!site.template")) {
0471: return "Site AuthzGroup Template";
0472: }
0473:
0474: else if (getId().equals("!site.user")) {
0475: return "My Workspace AuthzGroup Template";
0476: }
0477:
0478: else if (getId().startsWith("!user.template")) {
0479: return "User AuthzGroup Template";
0480: }
0481:
0482: else if (getId().equals("!site.helper")) {
0483: return "Site Helper Patch AuthzGroup";
0484: }
0485:
0486: else if (getId().startsWith("!")) {
0487: return "Special AuthzGroup";
0488: }
0489:
0490: // the rest are references to some resource
0491: try {
0492: Reference ref = ((BaseAuthzGroupService) (AuthzGroupService
0493: .getInstance())).entityManager().newReference(
0494: getId());
0495: return ref.getDescription();
0496: } catch (Throwable ignore) {
0497: }
0498:
0499: return "unknown";
0500: }
0501:
0502: /**
0503: * Take all values from this object.
0504: *
0505: * @param azGroup
0506: * The AuthzGroup to take values from.
0507: */
0508: protected void setAll(AuthzGroup azGroup) {
0509: if (((BaseAuthzGroup) azGroup).m_lazy)
0510: ((BaseAuthzGroupService) (AuthzGroupService.getInstance())).m_storage
0511: .completeGet(((BaseAuthzGroup) azGroup));
0512:
0513: m_key = ((BaseAuthzGroup) azGroup).m_key;
0514: m_id = ((BaseAuthzGroup) azGroup).m_id;
0515: m_providerRealmId = ((BaseAuthzGroup) azGroup).m_providerRealmId;
0516: m_maintainRole = ((BaseAuthzGroup) azGroup).m_maintainRole;
0517:
0518: m_createdUserId = ((BaseAuthzGroup) azGroup).m_createdUserId;
0519: m_lastModifiedUserId = ((BaseAuthzGroup) azGroup).m_lastModifiedUserId;
0520: if (((BaseAuthzGroup) azGroup).m_createdTime != null)
0521: m_createdTime = (Time) ((BaseAuthzGroup) azGroup).m_createdTime
0522: .clone();
0523: if (((BaseAuthzGroup) azGroup).m_lastModifiedTime != null)
0524: m_lastModifiedTime = (Time) ((BaseAuthzGroup) azGroup).m_lastModifiedTime
0525: .clone();
0526:
0527: // make a deep copy of the roles as new Role objects
0528: m_roles = new HashMap();
0529: for (Iterator it = ((BaseAuthzGroup) azGroup).m_roles
0530: .entrySet().iterator(); it.hasNext();) {
0531: Map.Entry entry = (Map.Entry) it.next();
0532: BaseRole role = (BaseRole) entry.getValue();
0533: String id = (String) entry.getKey();
0534:
0535: m_roles.put(id, new BaseRole(id, role));
0536: }
0537:
0538: // make a deep copy (w/ new Member objects pointing to my own roles) of the user - role grants
0539: m_userGrants = new HashMap();
0540: for (Iterator it = ((BaseAuthzGroup) azGroup).m_userGrants
0541: .entrySet().iterator(); it.hasNext();) {
0542: Map.Entry entry = (Map.Entry) it.next();
0543: BaseMember grant = (BaseMember) entry.getValue();
0544: String id = (String) entry.getKey();
0545:
0546: m_userGrants.put(id, new BaseMember((Role) m_roles
0547: .get(grant.role.getId()), grant.active,
0548: grant.provided, grant.userId));
0549: }
0550:
0551: m_properties = new BaseResourcePropertiesEdit();
0552: m_properties.addAll(azGroup.getProperties());
0553: ((BaseResourcePropertiesEdit) m_properties)
0554: .setLazy(((BaseResourceProperties) azGroup
0555: .getProperties()).isLazy());
0556:
0557: m_lazy = false;
0558: }
0559:
0560: /**
0561: * {@inheritDoc}
0562: */
0563: public Element toXml(Document doc, Stack stack) {
0564: if (m_lazy)
0565: ((BaseAuthzGroupService) (AuthzGroupService.getInstance())).m_storage
0566: .completeGet(this );
0567:
0568: Element azGroup = doc.createElement("azGroup");
0569:
0570: if (stack.isEmpty()) {
0571: doc.appendChild(azGroup);
0572: } else {
0573: ((Element) stack.peek()).appendChild(azGroup);
0574: }
0575:
0576: stack.push(azGroup);
0577:
0578: azGroup.setAttribute("id", getId());
0579: if (m_providerRealmId != null) {
0580: azGroup.setAttribute("provider-id", m_providerRealmId);
0581: }
0582: if (m_maintainRole != null) {
0583: azGroup.setAttribute("maintain-role", m_maintainRole);
0584: }
0585:
0586: azGroup.setAttribute("created-id", m_createdUserId);
0587: azGroup.setAttribute("modified-id", m_lastModifiedUserId);
0588: azGroup.setAttribute("created-time", m_createdTime.toString());
0589: azGroup.setAttribute("modified-time", m_lastModifiedTime
0590: .toString());
0591:
0592: // properties
0593: getProperties().toXml(doc, stack);
0594:
0595: // roles (write before grants!)
0596: for (Iterator i = m_roles.values().iterator(); i.hasNext();) {
0597: BaseRole role = (BaseRole) i.next();
0598: role.toXml(doc, stack);
0599: }
0600:
0601: // user - role grants
0602: for (Iterator i = m_userGrants.entrySet().iterator(); i
0603: .hasNext();) {
0604: Map.Entry entry = (Map.Entry) i.next();
0605: BaseMember grant = (BaseMember) entry.getValue();
0606: String user = (String) entry.getKey();
0607:
0608: Element element = doc.createElement("grant");
0609: azGroup.appendChild(element);
0610: element.setAttribute("user", user);
0611: element.setAttribute("role", grant.role.getId());
0612: element.setAttribute("active", Boolean
0613: .valueOf(grant.active).toString());
0614: element.setAttribute("provided", Boolean.valueOf(
0615: grant.provided).toString());
0616: }
0617:
0618: stack.pop();
0619:
0620: return azGroup;
0621: }
0622:
0623: /**
0624: * {@inheritDoc}
0625: */
0626: public String getId() {
0627: if (m_id == null)
0628: return "";
0629: return m_id;
0630: }
0631:
0632: /**
0633: * {@inheritDoc}
0634: */
0635: public Integer getKey() {
0636: return m_key;
0637: }
0638:
0639: /**
0640: * {@inheritDoc}
0641: */
0642: public String getUrl() {
0643: return ((BaseAuthzGroupService) (AuthzGroupService
0644: .getInstance())).getAccessPoint(false)
0645: + m_id;
0646: }
0647:
0648: /**
0649: * {@inheritDoc}
0650: */
0651: public String getReference() {
0652: return ((BaseAuthzGroupService) (AuthzGroupService
0653: .getInstance())).authzGroupReference(m_id);
0654: }
0655:
0656: /**
0657: * @inheritDoc
0658: */
0659: public String getReference(String rootProperty) {
0660: return getReference();
0661: }
0662:
0663: /**
0664: * @inheritDoc
0665: */
0666: public String getUrl(String rootProperty) {
0667: return getUrl();
0668: }
0669:
0670: /**
0671: * {@inheritDoc}
0672: */
0673: public ResourceProperties getProperties() {
0674: if (m_lazy)
0675: ((BaseAuthzGroupService) (AuthzGroupService.getInstance())).m_storage
0676: .completeGet(this );
0677:
0678: return m_properties;
0679: }
0680:
0681: /**
0682: * {@inheritDoc}
0683: */
0684: public User getCreatedBy() {
0685: try {
0686: return UserDirectoryService.getUser(m_createdUserId);
0687: } catch (Exception e) {
0688: return UserDirectoryService.getAnonymousUser();
0689: }
0690: }
0691:
0692: /**
0693: * {@inheritDoc}
0694: */
0695: public User getModifiedBy() {
0696: try {
0697: return UserDirectoryService.getUser(m_lastModifiedUserId);
0698: } catch (Exception e) {
0699: return UserDirectoryService.getAnonymousUser();
0700: }
0701: }
0702:
0703: /**
0704: * {@inheritDoc}
0705: */
0706: public Time getCreatedTime() {
0707: return m_createdTime;
0708: }
0709:
0710: /**
0711: * {@inheritDoc}
0712: */
0713: public Time getModifiedTime() {
0714: return m_lastModifiedTime;
0715: }
0716:
0717: /**
0718: * {@inheritDoc}
0719: */
0720: public boolean isAllowed(String user, String lock) {
0721: if (m_lazy)
0722: ((BaseAuthzGroupService) (AuthzGroupService.getInstance())).m_storage
0723: .completeGet(this );
0724:
0725: // consider a role granted
0726: BaseMember grant = (BaseMember) m_userGrants.get(user);
0727: if ((grant != null) && (grant.active)) {
0728: if (grant.role.isAllowed(lock))
0729: return true;
0730: }
0731:
0732: // consider auth role
0733: if (!UserDirectoryService.getAnonymousUser().getId().equals(
0734: user)) {
0735: Role auth = (Role) m_roles.get(AuthzGroupService.AUTH_ROLE);
0736: if (auth != null) {
0737: if (auth.isAllowed(lock))
0738: return true;
0739: }
0740: }
0741:
0742: // consider anon role
0743: Role anon = (Role) m_roles.get(AuthzGroupService.ANON_ROLE);
0744: if (anon != null) {
0745: if (anon.isAllowed(lock))
0746: return true;
0747: }
0748:
0749: return false;
0750: }
0751:
0752: /**
0753: * {@inheritDoc}
0754: */
0755: public boolean hasRole(String user, String role) {
0756: if (m_lazy)
0757: ((BaseAuthzGroupService) (AuthzGroupService.getInstance())).m_storage
0758: .completeGet(this );
0759:
0760: BaseMember grant = (BaseMember) m_userGrants.get(user);
0761: if ((grant != null) && (grant.active)
0762: && (grant.role.getId().equals(role)))
0763: return true;
0764:
0765: return false;
0766: }
0767:
0768: /**
0769: * {@inheritDoc}
0770: */
0771: public Set getUsers() {
0772: if (m_lazy)
0773: ((BaseAuthzGroupService) (AuthzGroupService.getInstance())).m_storage
0774: .completeGet(this );
0775:
0776: Set rv = new HashSet();
0777: for (Iterator it = m_userGrants.entrySet().iterator(); it
0778: .hasNext();) {
0779: Map.Entry entry = (Map.Entry) it.next();
0780: String user = (String) entry.getKey();
0781: Member grant = (Member) entry.getValue();
0782: if (grant.isActive()) {
0783: rv.add(user);
0784: }
0785: }
0786:
0787: return rv;
0788: }
0789:
0790: /**
0791: * {@inheritDoc}
0792: */
0793: public Set getMembers() {
0794: // Note: this is the only way to see non-active grants
0795:
0796: if (m_lazy)
0797: ((BaseAuthzGroupService) (AuthzGroupService.getInstance())).m_storage
0798: .completeGet(this );
0799:
0800: Set rv = new HashSet();
0801: for (Iterator it = m_userGrants.entrySet().iterator(); it
0802: .hasNext();) {
0803: Map.Entry entry = (Map.Entry) it.next();
0804: Member grant = (Member) entry.getValue();
0805: rv.add(grant);
0806: }
0807:
0808: return rv;
0809: }
0810:
0811: /**
0812: * {@inheritDoc}
0813: */
0814: public Set getUsersIsAllowed(String lock) {
0815: if (m_lazy)
0816: ((BaseAuthzGroupService) (AuthzGroupService.getInstance())).m_storage
0817: .completeGet(this );
0818:
0819: Set rv = new HashSet();
0820: for (Iterator it = m_userGrants.entrySet().iterator(); it
0821: .hasNext();) {
0822: Map.Entry entry = (Map.Entry) it.next();
0823: String user = (String) entry.getKey();
0824: BaseMember grant = (BaseMember) entry.getValue();
0825: if (grant.active && grant.role.isAllowed(lock)) {
0826: rv.add(user);
0827: }
0828: }
0829:
0830: return rv;
0831: }
0832:
0833: /**
0834: * {@inheritDoc}
0835: */
0836: public Set getUsersHasRole(String role) {
0837: if (m_lazy)
0838: ((BaseAuthzGroupService) (AuthzGroupService.getInstance())).m_storage
0839: .completeGet(this );
0840:
0841: Set rv = new HashSet();
0842: for (Iterator it = m_userGrants.entrySet().iterator(); it
0843: .hasNext();) {
0844: Map.Entry entry = (Map.Entry) it.next();
0845: String user = (String) entry.getKey();
0846: BaseMember grant = (BaseMember) entry.getValue();
0847: if (grant.active && grant.role.getId().equals(role)) {
0848: rv.add(user);
0849: }
0850: }
0851:
0852: return rv;
0853: }
0854:
0855: /**
0856: * {@inheritDoc}
0857: */
0858: public Role getUserRole(String user) {
0859: if (m_lazy)
0860: ((BaseAuthzGroupService) (AuthzGroupService.getInstance())).m_storage
0861: .completeGet(this );
0862:
0863: BaseMember grant = (BaseMember) m_userGrants.get(user);
0864: if ((grant != null) && (grant.active))
0865: return grant.role;
0866:
0867: return null;
0868: }
0869:
0870: /**
0871: * {@inheritDoc}
0872: */
0873: public Member getMember(String user) {
0874: if (m_lazy)
0875: ((BaseAuthzGroupService) (AuthzGroupService.getInstance())).m_storage
0876: .completeGet(this );
0877:
0878: BaseMember grant = (BaseMember) m_userGrants.get(user);
0879: return grant;
0880: }
0881:
0882: /**
0883: * {@inheritDoc}
0884: */
0885: public Set getRoles() {
0886: if (m_lazy)
0887: ((BaseAuthzGroupService) (AuthzGroupService.getInstance())).m_storage
0888: .completeGet(this );
0889:
0890: return new HashSet(m_roles.values());
0891: }
0892:
0893: public Set getRolesIsAllowed(String function) {
0894: if (m_lazy)
0895: ((BaseAuthzGroupService) (AuthzGroupService.getInstance())).m_storage
0896: .completeGet(this );
0897:
0898: Set rv = new HashSet();
0899: for (Iterator i = m_roles.values().iterator(); i.hasNext();) {
0900: Role r = (Role) i.next();
0901: if (r.isAllowed(function)) {
0902: rv.add(r.getId());
0903: }
0904: }
0905:
0906: return rv;
0907: }
0908:
0909: /**
0910: * {@inheritDoc}
0911: */
0912: public Role getRole(String id) {
0913: if (m_lazy)
0914: ((BaseAuthzGroupService) (AuthzGroupService.getInstance())).m_storage
0915: .completeGet(this );
0916:
0917: return (Role) m_roles.get(id);
0918: }
0919:
0920: /**
0921: * {@inheritDoc}
0922: */
0923: public String getProviderGroupId() {
0924: return m_providerRealmId;
0925: }
0926:
0927: /**
0928: * {@inheritDoc}
0929: */
0930: public boolean isEmpty() {
0931: if (m_lazy)
0932: ((BaseAuthzGroupService) (AuthzGroupService.getInstance())).m_storage
0933: .completeGet(this );
0934:
0935: // no roles, no grants to users, nothing in anon or auth
0936: if (m_roles.isEmpty() && m_userGrants.isEmpty()) {
0937: return true;
0938: }
0939:
0940: return false;
0941: }
0942:
0943: /**
0944: * {@inheritDoc}
0945: */
0946: public String getMaintainRole() {
0947: if (m_maintainRole == null) {
0948: return "maintain";
0949: }
0950:
0951: return m_maintainRole;
0952: }
0953:
0954: /**
0955: * {@inheritDoc}
0956: */
0957: public boolean equals(Object obj) {
0958: if (!(obj instanceof AuthzGroup))
0959: return false;
0960: return ((AuthzGroup) obj).getId().equals(getId());
0961: }
0962:
0963: /**
0964: * {@inheritDoc}
0965: */
0966: public int hashCode() {
0967: return getId().hashCode();
0968: }
0969:
0970: /**
0971: * {@inheritDoc}
0972: */
0973: public int compareTo(Object obj) {
0974: if (!(obj instanceof AuthzGroup))
0975: throw new ClassCastException();
0976:
0977: // if the object are the same, say so
0978: if (obj == this )
0979: return 0;
0980:
0981: // sort based on id
0982: int compare = getId().compareTo(((AuthzGroup) obj).getId());
0983:
0984: return compare;
0985: }
0986:
0987: /**
0988: * {@inheritDoc}
0989: */
0990: public void addMember(String user, String roleId, boolean active,
0991: boolean provided) {
0992: Role role = (Role) m_roles.get(roleId);
0993: if (role == null) {
0994: M_log.warn(".addUserRole: role undefined: " + roleId);
0995: return;
0996: }
0997:
0998: BaseMember grant = (BaseMember) m_userGrants.get(user);
0999: if (grant == null) {
1000: grant = new BaseMember(role, active, provided, user);
1001: m_userGrants.put(user, grant);
1002: } else {
1003: grant.role = role;
1004: grant.active = active;
1005: grant.provided = provided;
1006: }
1007: }
1008:
1009: /**
1010: * {@inheritDoc}
1011: */
1012: public void removeMember(String user) {
1013: if (m_lazy)
1014: ((BaseAuthzGroupService) (AuthzGroupService.getInstance())).m_storage
1015: .completeGet(this );
1016:
1017: m_userGrants.remove(user);
1018: }
1019:
1020: /**
1021: * Take all values from this object.
1022: *
1023: * @param azGroup
1024: * The AuthzGroup object to take values from.
1025: */
1026: protected void set(AuthzGroup azGroup) {
1027: setAll(azGroup);
1028: }
1029:
1030: /**
1031: * {@inheritDoc}
1032: */
1033: public void removeMembers() {
1034: if (m_lazy)
1035: ((BaseAuthzGroupService) (AuthzGroupService.getInstance())).m_storage
1036: .completeGet(this );
1037:
1038: m_userGrants.clear();
1039: }
1040:
1041: /**
1042: * {@inheritDoc}
1043: */
1044: public Role addRole(String id) throws RoleAlreadyDefinedException {
1045: if (m_lazy)
1046: ((BaseAuthzGroupService) (AuthzGroupService.getInstance())).m_storage
1047: .completeGet(this );
1048:
1049: Role role = (Role) m_roles.get(id);
1050: if (role != null)
1051: throw new RoleAlreadyDefinedException(id);
1052:
1053: role = new BaseRole(id);
1054: m_roles.put(role.getId(), role);
1055:
1056: return role;
1057: }
1058:
1059: /**
1060: * {@inheritDoc}
1061: */
1062: public Role addRole(String id, Role other)
1063: throws RoleAlreadyDefinedException {
1064: if (m_lazy)
1065: ((BaseAuthzGroupService) (AuthzGroupService.getInstance())).m_storage
1066: .completeGet(this );
1067:
1068: Role role = (Role) m_roles.get(id);
1069: if (role != null)
1070: throw new RoleAlreadyDefinedException(id);
1071:
1072: role = new BaseRole(id, other);
1073: m_roles.put(role.getId(), role);
1074:
1075: return role;
1076: }
1077:
1078: /**
1079: * {@inheritDoc}
1080: */
1081: public void removeRole(String roleId) {
1082: if (m_lazy)
1083: ((BaseAuthzGroupService) (AuthzGroupService.getInstance())).m_storage
1084: .completeGet(this );
1085:
1086: Role r = (Role) m_roles.get(roleId);
1087: if (r != null) {
1088: m_roles.remove(roleId);
1089:
1090: // remove the role from any appearance in m_userGrants
1091: for (Iterator it = m_userGrants.entrySet().iterator(); it
1092: .hasNext();) {
1093: Map.Entry entry = (Map.Entry) it.next();
1094: BaseMember grant = (BaseMember) entry.getValue();
1095: String id = (String) entry.getKey();
1096:
1097: if (grant.role.equals(r)) {
1098: it.remove();
1099: }
1100: }
1101: }
1102: }
1103:
1104: /**
1105: * {@inheritDoc}
1106: */
1107: public void removeRoles() {
1108: if (m_lazy)
1109: ((BaseAuthzGroupService) (AuthzGroupService.getInstance())).m_storage
1110: .completeGet(this );
1111:
1112: // clear roles and grants (since grants grant roles)
1113: m_roles.clear();
1114: m_userGrants.clear();
1115: }
1116:
1117: /**
1118: * {@inheritDoc}
1119: */
1120: public void setProviderGroupId(String id) {
1121: m_providerRealmId = StringUtil.trimToNull(id);
1122: }
1123:
1124: /**
1125: * {@inheritDoc}
1126: */
1127: public void setMaintainRole(String role) {
1128: m_maintainRole = StringUtil.trimToNull(role);
1129: }
1130:
1131: /**
1132: * Access the event code for this azGroup.
1133: *
1134: * @return The event code for this azGroup.
1135: */
1136: protected String getEvent() {
1137: return m_event;
1138: }
1139:
1140: /**
1141: * Set the event code for this azGroup.
1142: *
1143: * @param event
1144: * The event code for this azGroup.
1145: */
1146: protected void setEvent(String event) {
1147: m_event = event;
1148: }
1149:
1150: /**
1151: * {@inheritDoc}
1152: */
1153: public ResourcePropertiesEdit getPropertiesEdit() {
1154: if (m_lazy)
1155: ((BaseAuthzGroupService) (AuthzGroupService.getInstance())).m_storage
1156: .completeGet(this );
1157:
1158: return m_properties;
1159: }
1160:
1161: /**
1162: * {@inheritDoc}
1163: */
1164: public boolean keepIntersection(AuthzGroup other) {
1165: if (other == null)
1166: return false;
1167:
1168: boolean rv = false;
1169:
1170: // get un-lazy
1171: if (m_lazy)
1172: ((BaseAuthzGroupService) (AuthzGroupService.getInstance())).m_storage
1173: .completeGet(this );
1174:
1175: // for each member
1176: for (Iterator it = m_userGrants.entrySet().iterator(); it
1177: .hasNext();) {
1178: Map.Entry entry = (Map.Entry) it.next();
1179: Member grant = (Member) entry.getValue();
1180:
1181: Member otherMember = other.getMember(grant.getUserId());
1182:
1183: // remove our member if the other has no member
1184: if (otherMember == null) {
1185: it.remove();
1186: rv = true;
1187: }
1188:
1189: // make sure we are just as active as other
1190: else {
1191: if (grant.isActive() != otherMember.isActive()) {
1192: grant.setActive(otherMember.isActive());
1193: rv = true;
1194: }
1195: }
1196: }
1197:
1198: return rv;
1199: }
1200:
1201: /**
1202: * Enable editing.
1203: */
1204: protected void activate() {
1205: m_active = true;
1206: }
1207:
1208: /**
1209: * Check to see if the azGroup is still active, or has already been closed.
1210: *
1211: * @return true if the azGroup is active, false if it's been closed.
1212: */
1213: public boolean isActiveEdit() {
1214: return m_active;
1215: }
1216:
1217: /**
1218: * Close the azGroup object - it cannot be used after this.
1219: */
1220: protected void closeEdit() {
1221: m_active = false;
1222: }
1223: }
|