base.jee.api.sql.DeleteGroupRole Maven / Gradle / Ivy
/**
* Creative commons Attribution-NonCommercial license.
*
* http://creativecommons.org/licenses/by-nc/2.5/au/deed.en_GB
*
* NO WARRANTY IS GIVEN OR IMPLIED, USE AT YOUR OWN RISK.
*/
package base.jee.api.sql;
import base.Command;
import base.jee.Constants;
import base.json.Json;
import base.security.PermissionException;
import base.security.ResourceUid;
import base.security.User;
import javax.sql.DataSource;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.UUID;
import static base.jee.api.sql.util.Log.log;
public class DeleteGroupRole extends Command {
private DataSource ds;
private User updator;
private UUID groupUuid;
private String role;
public DeleteGroupRole(DataSource ds, User user, UUID groupUuid, String role) {
if(ds == null) {
throw new IllegalArgumentException("Invalid parameter: ds");
}
if(role == null || role.length() == 0) {
throw new IllegalArgumentException("Invalid parameter: role");
}
if(user == null || !user.isAuthenticated()) {
throw new IllegalArgumentException("Invalid parameter: user");
}
if(groupUuid == null) {
throw new IllegalArgumentException("Invalid parameter: groupUuid");
}
if(role.trim().length() > Constants.MAX_ROLE_NAME_LENGTH) {
throw new IllegalArgumentException("Role names should not have more than " + Constants.MAX_ROLE_NAME_LENGTH + " characters.");
}
this.ds = ds;
this.groupUuid = groupUuid;
this.role = role.trim();
this.updator = user;
}
public DeleteGroupRole() {
}
@Override
protected void execute() throws IOException {
Connection c = null;
PreparedStatement s = null;
PreparedStatement t = null;
PreparedStatement u = null;
ResultSet r = null;
try {
c = ds.getConnection();
c.setAutoCommit(false);
if(!updator.hasRole(Constants.GROUP_MANAGE_ROLE)) {
c.rollback();
log(c, "WARN", updator, "Permission denied invoking: " + DeleteGroupRole.class.getSimpleName() + " " + getJsonParameters());
c.commit();
throw new PermissionException(this.getClass().getSimpleName(), updator, "You do not have permission to manage roles.", Constants.GROUP_MANAGE_ROLE);
}
s = c.prepareStatement("select (select count(*) from role where uid is null and resource is null and assignee_uuid=? and role=?), name from base_group where uuid=?");
s.setString(1, groupUuid.toString());
s.setString(2, role);
s.setString(3, groupUuid.toString());
r = s.executeQuery();
if(r.next() && r.getInt(1) > 0) {
t = c.prepareStatement("delete from role where resource is null and uid is null and role=? and assignee_uuid=?");
t.setString(1, role);
t.setString(2, groupUuid.toString());
int count = t.executeUpdate();
if(count > 0) {
u = c.prepareStatement("update token set roles='!' where person_uuid in (select person_uuid from group_member where group_uuid=?)");
u.setString(1, groupUuid.toString());
u.executeUpdate();
u.close();
u = null;
log(c, "INFO", updator, "Removed role \"" + Json.escape(role) + "\" from group \"" + Json.escape(r.getString(2)) + "\".", new ResourceUid("Group", groupUuid.toString()));
}
t.close();
t = null;
}
s.close();
s = null;
c.commit();
c.close();
c = null;
} catch(SQLException e) {
throw new IOException(e);
} finally {
if(r != null) { try { r.close(); } catch(SQLException e) { } }
if(s != null) { try { s.close(); } catch(SQLException e) { } }
if(t != null) { try { t.close(); } catch(SQLException e) { } }
if(u != null) { try { u.close(); } catch(SQLException e) { } }
if(c != null) {
try { c.rollback(); } catch (SQLException e) { }
try { c.close(); } catch (SQLException e) { }
}
}
}
@Override
public String getJsonParameters() {
return "{" +
"\"group\":" + groupUuid + "," +
"\"role\":\"" + Json.escape(role) + "\"," +
"\"updator.person\":" + updator.getPersonUuid() + "" +
"}";
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy