001: /**********************************************************************************
002: * $URL: https://source.sakaiproject.org/svn/osp/tags/sakai_2-4-1/integration/api-impl/src/java/org/theospi/portfolio/admin/service/SakaiRoleCreationIntegrationPlugin.java $
003: * $Id: SakaiRoleCreationIntegrationPlugin.java 11372 2006-06-29 14:58:30Z chmaurer@iupui.edu $
004: ***********************************************************************************
005: *
006: * Copyright (c) 2006 The Sakai Foundation.
007: *
008: * Licensed under the Educational Community License, Version 1.0 (the "License");
009: * you may not use this file except in compliance with the License.
010: * You may obtain a copy of the License at
011: *
012: * http://www.opensource.org/licenses/ecl1.php
013: *
014: * Unless required by applicable law or agreed to in writing, software
015: * distributed under the License is distributed on an "AS IS" BASIS,
016: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017: * See the License for the specific language governing permissions and
018: * limitations under the License.
019: *
020: **********************************************************************************/package org.theospi.portfolio.admin.service;
021:
022: import org.apache.commons.logging.Log;
023: import org.apache.commons.logging.LogFactory;
024: import org.sakaiproject.authz.api.*;
025: import org.sakaiproject.authz.cover.AuthzGroupService;
026: import org.sakaiproject.metaobj.worksite.mgt.WorksiteManager;
027: import org.sakaiproject.site.api.Site;
028: import org.sakaiproject.site.cover.SiteService;
029: import org.theospi.portfolio.admin.model.IntegrationOption;
030: import org.theospi.portfolio.shared.model.OspException;
031:
032: import java.util.HashSet;
033: import java.util.Iterator;
034: import java.util.List;
035:
036: public class SakaiRoleCreationIntegrationPlugin extends
037: IntegrationPluginBase {
038: protected final transient Log logger = LogFactory
039: .getLog(getClass());
040:
041: private WorksiteManager worksiteManager;
042:
043: protected boolean currentlyIncluded(IntegrationOption option) {
044: RoleIntegrationOption roleOption = (RoleIntegrationOption) option;
045:
046: if (roleOption instanceof ExistingWorksitesRoleIntegrationOption) {
047: return existingWorksitesHasRole((ExistingWorksitesRoleIntegrationOption) roleOption);
048: }
049:
050: AuthzGroup realm = null;
051: try {
052: realm = AuthzGroupService.getAuthzGroup(roleOption
053: .getRealm());
054: } catch (GroupNotDefinedException e) {
055: logger.error("", e);
056: throw new OspException(e);
057: }
058:
059: Role role = realm.getRole(roleOption.getRoleId());
060: return (role != null);
061: }
062:
063: protected boolean existingWorksitesHasRole(
064: ExistingWorksitesRoleIntegrationOption roleOption) {
065: List sites = SiteService
066: .getSites(
067: org.sakaiproject.site.api.SiteService.SelectionType.ANY,
068: null,
069: null,
070: null,
071: org.sakaiproject.site.api.SiteService.SortType.NONE,
072: null);
073:
074: for (Iterator i = sites.iterator(); i.hasNext();) {
075: Site site = (Site) i.next();
076: if (site.isType(roleOption.getWorksiteType())) {
077: if (!checkSite(site, roleOption)) {
078: return false;
079: }
080: }
081: }
082:
083: return true;
084: }
085:
086: protected boolean checkSite(Site site,
087: ExistingWorksitesRoleIntegrationOption roleOption) {
088: AuthzGroup siteRealm = getWorksiteManager().getSiteRealm(
089: site.getId());
090:
091: return (siteRealm.getRole(roleOption.getRoleId()) != null);
092: }
093:
094: public IntegrationOption updateOption(IntegrationOption option) {
095: RoleIntegrationOption roleOption = (RoleIntegrationOption) option;
096:
097: if (option.isInclude() && !currentlyIncluded(roleOption)) {
098: addRole(roleOption);
099: } else if (currentlyIncluded(roleOption)) {
100: removeRole(roleOption);
101: }
102:
103: return option;
104: }
105:
106: public boolean executeOption(IntegrationOption option) {
107: updateOption(option);
108: return true;
109: }
110:
111: protected void addRole(RoleIntegrationOption roleOption) {
112: if (roleOption instanceof ExistingWorksitesRoleIntegrationOption) {
113: addRoleToAllWorksites((ExistingWorksitesRoleIntegrationOption) roleOption);
114: return;
115: }
116:
117: AuthzGroup realm = null;
118: try {
119: realm = AuthzGroupService.getAuthzGroup(roleOption
120: .getRealm());
121: } catch (GroupNotDefinedException e) {
122: logger.error("", e);
123: throw new OspException(e);
124: }
125:
126: addRole(realm, roleOption);
127: }
128:
129: protected void addRoleToAllWorksites(
130: ExistingWorksitesRoleIntegrationOption roleOption) {
131: List sites = SiteService
132: .getSites(
133: org.sakaiproject.site.api.SiteService.SelectionType.ANY,
134: null,
135: null,
136: null,
137: org.sakaiproject.site.api.SiteService.SortType.NONE,
138: null);
139:
140: for (Iterator i = sites.iterator(); i.hasNext();) {
141: Site site = (Site) i.next();
142: if (site.isType(roleOption.getWorksiteType())) {
143: AuthzGroup siteRealm = getWorksiteManager()
144: .getSiteRealm(site.getId());
145: addRole(siteRealm, roleOption);
146: }
147: }
148: }
149:
150: protected void addRole(AuthzGroup realm,
151: RoleIntegrationOption roleOption) {
152: AuthzGroup edit = null;
153: Role copy = realm.getRole(roleOption.getCopyOf());
154:
155: try {
156: edit = AuthzGroupService.getAuthzGroup(realm.getId());
157: Role newRole = edit.addRole(roleOption.getRoleId(), copy);
158:
159: if (roleOption.getPermissionsOn() != null) {
160: newRole.allowFunctions(new HashSet(roleOption
161: .getPermissionsOn()));
162: }
163:
164: if (roleOption.getPermissionsOff() != null) {
165: newRole.disallowFunctions(new HashSet(roleOption
166: .getPermissionsOff()));
167: }
168:
169: AuthzGroupService.save(edit);
170: } catch (GroupNotDefinedException e) {
171: logger.error("", e);
172: throw new OspException(e);
173: } catch (AuthzPermissionException e) {
174: logger.error("", e);
175: throw new OspException(e);
176: } catch (RoleAlreadyDefinedException e) {
177: logger.error("", e);
178: throw new OspException(e);
179: }
180: }
181:
182: protected void removeRole(RoleIntegrationOption roleOption) {
183: if (roleOption instanceof ExistingWorksitesRoleIntegrationOption) {
184: removeRoleFromAllWorksites((ExistingWorksitesRoleIntegrationOption) roleOption);
185: return;
186: }
187:
188: AuthzGroup realm = null;
189: try {
190: realm = AuthzGroupService.getAuthzGroup(roleOption
191: .getRealm());
192: } catch (GroupNotDefinedException e) {
193: logger.error("", e);
194: throw new OspException(e);
195: }
196: removeRole(realm, roleOption);
197: }
198:
199: protected void removeRoleFromAllWorksites(
200: ExistingWorksitesRoleIntegrationOption roleOption) {
201: List sites = SiteService
202: .getSites(
203: org.sakaiproject.site.api.SiteService.SelectionType.ANY,
204: null,
205: null,
206: null,
207: org.sakaiproject.site.api.SiteService.SortType.NONE,
208: null);
209:
210: for (Iterator i = sites.iterator(); i.hasNext();) {
211: Site site = (Site) i.next();
212: if (site.isType(roleOption.getWorksiteType())) {
213: AuthzGroup siteRealm = getWorksiteManager()
214: .getSiteRealm(site.getId());
215: removeRole(siteRealm, roleOption);
216: }
217: }
218: }
219:
220: protected void removeRole(AuthzGroup realm,
221: RoleIntegrationOption roleOption) {
222: AuthzGroup edit = null;
223: Role remove = realm.getRole(roleOption.getRoleId());
224:
225: try {
226: edit = AuthzGroupService.getAuthzGroup(realm.getId());
227: edit.removeRole(remove.getDescription());
228: AuthzGroupService.save(edit);
229: } catch (GroupNotDefinedException e) {
230: logger.error("", e);
231: throw new OspException(e);
232: } catch (AuthzPermissionException e) {
233: logger.error("", e);
234: throw new OspException(e);
235: }
236: }
237:
238: public WorksiteManager getWorksiteManager() {
239: return worksiteManager;
240: }
241:
242: public void setWorksiteManager(WorksiteManager worksiteManager) {
243: this.worksiteManager = worksiteManager;
244: }
245:
246: }
|