Gitiles
Code Review Sign In
korap.ids-mannheim.de / KorAP / Kustvakt / f6d5a82eb24df6c131acfd12d83d329728c2d193 / . / core / src / main / java / de / ids_mannheim / korap / security / ac / ConditionManagement.java
blob: bda82604b4213266b1f1f48745c3575a3cb0fbec [file] [log] [blame]
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]1package de.ids_mannheim.korap.security.ac;
2
Michael Hanl00ef5462016-06-06 17:39:59 +0200[diff] [blame]3import de.ids_mannheim.korap.config.BeansFactory;
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]4import de.ids_mannheim.korap.exceptions.EmptyResultException;
5import de.ids_mannheim.korap.exceptions.KustvaktException;
6import de.ids_mannheim.korap.exceptions.NotAuthorizedException;
Michael Hanlf21773f2015-10-16 23:02:31 +0200[diff] [blame]7import de.ids_mannheim.korap.interfaces.db.PolicyHandlerIface;
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]8import de.ids_mannheim.korap.resources.KustvaktResource;
9import de.ids_mannheim.korap.resources.Permissions;
10import de.ids_mannheim.korap.security.PolicyCondition;
11import de.ids_mannheim.korap.user.User;
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]12import org.slf4j.Logger;
13import org.slf4j.LoggerFactory;
14
15import java.util.*;
16
17/**
18 * @author hanl
19 * @date 04/03/2014
20 */
21public class ConditionManagement {
22
Michael Hanlac113e52016-01-19 15:49:20 +0100[diff] [blame]23 private static final Logger jlog = LoggerFactory
24 .getLogger(ConditionManagement.class);
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]25 private User user;
26 private PolicyHandlerIface policydao;
27
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]28
29 public ConditionManagement (User user) {
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]30 this.user = user;
Michael Hanl00ef5462016-06-06 17:39:59 +0200[diff] [blame]31 this.policydao = BeansFactory.getKustvaktContext()
32 .getPolicyDbProvider();
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]33
34 }
35
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]36
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]37 /**
38 * adds a user to an existing group
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]39 *
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]40 * @param usernames
41 * @param condition
42 * @param admin
43 */
44 // todo: conflict resolution
45 // fixme: not applicable to korap system roles
46 // only works if there is a policy with that condition and permission set, if not, create one!
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]47 public void addUser (List<String> usernames, PolicyCondition condition,
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]48 boolean admin) throws NotAuthorizedException, KustvaktException {
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]49 if (policydao.matchCondition(this.user, condition.getSpecifier(), true) == 1) {
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]50 policydao.addToCondition(usernames, condition, admin);
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]51 }
52 else
Michael Hanlc4446022016-02-12 18:03:17 +0100[diff] [blame]53 jlog.error("Users '{}' could not be added to condition '{}'",
54 usernames, condition.getSpecifier());
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]55 }
56
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]57
58 public void addUser (String username, PolicyCondition condition,
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]59 boolean admin) throws NotAuthorizedException, KustvaktException {
60 addUser(Arrays.asList(username), condition, admin);
61 }
62
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]63
64 public void removeUser (List<String> users, PolicyCondition condition)
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]65 throws KustvaktException {
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]66 if (policydao.matchCondition(this.user, condition.getSpecifier(), true) == 1) {
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]67 policydao.removeFromCondition(users, condition);
68 }
69 }
70
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]71
72 public Set<String> getMembers (PolicyCondition condition) {
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]73 try {
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]74 if (policydao.matchCondition(this.user, condition.getSpecifier(),
75 true) == 1) {
76 return new HashSet<>(policydao.getUsersFromCondition(condition));
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]77 }
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]78 }
79 catch (KustvaktException e) {
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]80 return Collections.emptySet();
81 }
82 return Collections.emptySet();
83 }
84
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]85
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]86 @Deprecated
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]87 public void addUser (KustvaktResource resource, String user,
88 Permissions.Permission ... pps) throws NotAuthorizedException,
89 KustvaktException, EmptyResultException {
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]90 addUser(resource, Arrays.asList(user), pps);
91 }
92
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]93
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]94 @Deprecated
Michael Hanl8abaf9e2016-05-23 16:46:35 +0200[diff] [blame]95 public void addUser (KustvaktResource resource, List<String> users,
96 Permissions.Permission ... pps) throws NotAuthorizedException,
97 KustvaktException, EmptyResultException {
98 SecurityManager policies = SecurityManager.findbyId(resource.getId(),
99 this.user);
Michael Hanle25dea22015-09-24 19:37:56 +0200[diff] [blame]100 PolicyCondition c = policies.getExtensional(pps);
101 if (c != null)
102 this.addUser(users, c, false);
103 else {
104 PolicyCondition ex = new PolicyCondition();
105 new PolicyBuilder(this.user).setResources(resource)
106 .addCondition(ex.getSpecifier()).setPermissions(pps)
107 .create();
108 this.addUser(users, ex, false);
109 }
110 }
111
112}