@Override public long insert(UserGroup userGroup) throws BadRequestServiceEx { if (LOGGER.isDebugEnabled()) { LOGGER.debug("Persisting UserGroup... "); } if (userGroup == null || StringUtils.isEmpty(userGroup.getGroupName())) { throw new BadRequestServiceEx("The provided UserGroup instance is null or group Name is not specified!"); } if(!GroupReservedNames.isAllowedName(userGroup.getGroupName())){ throw new ReservedUserGroupNameEx("The usergroup name you try to save: '" + userGroup.getGroupName() + "' is a reserved name!"); } userGroup.setGroupName(userGroup.getGroupName()); userGroupDAO.persist(userGroup); if (LOGGER.isDebugEnabled()) { LOGGER.debug("UserGroup '" + userGroup.getGroupName() + "' persisted!"); } return userGroup.getId(); }
@Override public RESTUserGroup get(SecurityContext sc, String name) throws NotFoundWebEx { UserGroup ug = userGroupService.get(name); if(ug != null){ return new RESTUserGroup(ug.getId(),ug.getGroupName(),ug.getUsers(), ug.getDescription()); } return null; } }
@Override public long insert(SecurityContext sc, UserGroup userGroup){ if (userGroup == null) { throw new BadRequestWebEx("User is null"); } if (userGroup.getId() != null) { throw new BadRequestWebEx("Id should be null"); } long id = -1; try { id = userGroupService.insert(userGroup); } catch (BadRequestServiceEx e) { throw new BadRequestWebEx(e.getMessage()); } return id; }
@Override public RESTUserGroup get(SecurityContext sc, long id) throws NotFoundWebEx { try { UserGroup g = userGroupService.get(id); return new RESTUserGroup(g.getId(),g.getGroupName(),g.getUsers(), g.getDescription()); } catch (BadRequestServiceEx e) { throw new BadRequestWebEx("UserGroup Not found"); } } /*
@Override public UserGroupList getAll(SecurityContext sc, Integer page, Integer entries, boolean all) throws BadRequestWebEx { try { List<UserGroup> returnList = userGroupService.getAll(page, entries); List<RESTUserGroup> ugl = new ArrayList<RESTUserGroup>(); for(UserGroup ug : returnList){ if(all || GroupReservedNames.isAllowedName(ug.getGroupName())){ RESTUserGroup rug = new RESTUserGroup(ug.getId(), ug.getGroupName(), ug.getUsers(), ug.getDescription()); ugl.add(rug); } } return new UserGroupList(ugl); } catch (BadRequestServiceEx e) { LOGGER.error(e.getMessage(), e); throw new BadRequestWebEx(e.getMessage()); } }
/** * Add security filtering in order to filter out resources the user has not read access to */ public void addReadSecurityConstraints(Search searchCriteria, User user) { // no further constraints for admin user if(user.getRole() == Role.ADMIN) { return; } Filter userFiltering = Filter.equal("user.name", user.getName()); if(! user.getGroups().isEmpty()) { List<Long> groupsId = new ArrayList<>(); for (UserGroup group : user.getGroups()) { groupsId.add(group.getId()); } userFiltering = Filter.or( userFiltering, Filter.in("group.id", groupsId)); } Filter securityFilter = Filter.some( "security", Filter.and( Filter.equal("canRead", true), userFiltering ) ); searchCriteria.addFilter(securityFilter); }
@Override public long getCount(User user, String nameLike, boolean all) throws BadRequestServiceEx { if (user == null) throw new BadRequestServiceEx("User must be defined."); Search searchCriteria = new Search(UserGroup.class); searchCriteria.addSortAsc("groupName"); Role userRole = user.getRole(); if (userRole.equals((Role)Role.USER)){ Set<UserGroup> userGrp = user.getGroups(); Collection<Long> grpIds = new Vector<Long>(); for(UserGroup grp :userGrp){ grpIds.add(grp.getId()); } searchCriteria.addFilterIn("id", grpIds); } if (nameLike != null) { searchCriteria.addFilterILike("groupName", nameLike); } if(!all) searchCriteria.addFilterNotEqual("groupName", GroupReservedNames.EVERYONE.groupName()); return userGroupDAO.count(searchCriteria); }
@Override public void deassignUserGroup(long userId, long groupId) throws NotFoundServiceEx{ UserGroup groupToAssign = userGroupDAO.find(groupId); // Check if the group user want to remove is an allowed one if(!GroupReservedNames.isAllowedName(groupToAssign.getGroupName())){ throw new NotFoundServiceEx("You can't remove the group EVERYONE or any other reserved groups from the users group list..."); } User targetUser = userDAO.find(userId); if(groupToAssign == null || targetUser == null){ throw new NotFoundServiceEx("The userGroup or the user you provide doesn't exist"); } if(targetUser.getGroups() != null){ Set<UserGroup> ugs = targetUser.getGroups(); for( UserGroup group : ugs){ if( group.getId() == groupId){ targetUser.getGroups().remove(group); userDAO.merge(targetUser); return; } } } }
@Override public List<UserGroup> getAllAllowed(User user, Integer page, Integer entries, String nameLike, boolean all) throws BadRequestServiceEx { if (user == null) throw new BadRequestServiceEx("User must be defined."); if (((page != null) && (entries == null)) || ((page == null) && (entries != null))) { throw new BadRequestServiceEx("Page and entries params should be declared together."); } Search searchCriteria = new Search(UserGroup.class); if (page != null) { searchCriteria.setMaxResults(entries); searchCriteria.setPage(page); } searchCriteria.addSortAsc("groupName"); Role userRole = user.getRole(); if (userRole.equals((Role)Role.USER)){ Set<UserGroup> userGrp = user.getGroups(); Collection<Long> grpIds = new Vector<Long>(); for(UserGroup grp :userGrp){ grpIds.add(grp.getId()); } searchCriteria.addFilterIn("id", grpIds); } if (nameLike != null) searchCriteria.addFilterILike("groupName", nameLike); if(!all) searchCriteria.addFilterNotEqual("groupName", GroupReservedNames.EVERYONE.groupName()); List<UserGroup> found = userGroupDAO.search(searchCriteria); return found; }
public RESTSecurityRule(SecurityRule rule) { if(rule.getUser() != null) { User ruleUser = rule.getUser(); user = new RESTUser(); user.setId(ruleUser.getId()); user.setName(ruleUser.getName()); } if(rule.getGroup() != null) { UserGroup ruleGroup = rule.getGroup(); group = new RESTUserGroup(); group.setId(ruleGroup.getId()); group.setGroupName(ruleGroup.getGroupName()); } canRead = rule.isCanRead(); canWrite = rule.isCanWrite(); }
@Override public void updateSecurityRules(long id, List<SecurityRule> rules) throws BadRequestServiceEx, InternalErrorServiceEx, NotFoundServiceEx { Resource resource = resourceDAO.find(id); if (resource != null) { Search searchCriteria = new Search(); searchCriteria.addFilterEqual("resource.id", id); List<SecurityRule> resourceRules = this.securityDAO.search(searchCriteria); // remove previous rules for (SecurityRule rule : resourceRules) { securityDAO.remove(rule); } // insert new rules for (SecurityRule rule : rules) { rule.setResource(resource); //Retrieve from db the entity usergroup, if the securityrule is related to a group if (rule.getGroup() != null) { UserGroup ug = userGroupDAO.find(rule.getGroup().getId()); if (ug == null) { throw new InternalErrorServiceEx("The usergroup having the provided Id doesn't exist"); } rule.setGroup(ug); } securityDAO.persist(rule); } } else { throw new NotFoundServiceEx("Resource not found " + id); } }