base.jee.api.cassandra.DeleteResourceRole Maven / Gradle / Ivy

Go to download
/**
 * Creative commons Attribution-NonCommercial license.
 *
 * http://creativecommons.org/licenses/by-nc/2.5/au/deed.en_GB
 *
 * NO WARRANTY IS GIVEN OR IMPLIED, USE AT YOUR OWN RISK.
 */
package base.jee.api.cassandra;

import java.io.IOException;

import com.datastax.driver.core.Session;
import com.datastax.driver.core.PreparedStatement;
import java.util.UUID;

import base.Command;
import base.jee.Constants;
import base.json.Json;
import base.security.PermissionException;
import base.security.ResourceUid;
import base.security.User;

import static base.jee.api.cassandra.util.Log.log;
import static base.jee.api.cassandra.util.UpdatePersonTokenRoleString.updatePersonTokenRoleString;

public class DeleteResourceRole extends Command {

	private CassandraAPI c;
	private User user;
	private UUID personUuid;
	private String resource;
	private String uid;
	private String role;

	public DeleteResourceRole(CassandraAPI c, User user, String resource, String uid, UUID personUuid, String role) throws PermissionException {

		if(c == null) {
			throw new IllegalArgumentException("Invalid parameter: c");
		}
		if(user == null || !user.isAuthenticated()) {
			throw new PermissionException(getClass().getSimpleName(), user, "Requires authenticated user.", Constants.PERSON_MANAGE_ROLE);
		}
		if(role == null || role.length() == 0) {
			throw new IllegalArgumentException("Invalid parameter: role");
		}
		if(resource == null || resource.length() == 0) {
			throw new IllegalArgumentException("Invalid parameter: resource");
		}
		if(uid == null || uid.length() == 0) {
			throw new IllegalArgumentException("Invalid parameter: uid");
		}
		if(personUuid == null) {
			throw new IllegalArgumentException("Invalid parameter: personUuid");
		}

		if(role.trim().length() > Constants.MAX_ROLE_NAME_LENGTH) {
			throw new IllegalArgumentException("Role names should not have more than " + Constants.MAX_ROLE_NAME_LENGTH + " characters.");
		}
		if(resource.trim().length() > Constants.MAX_ROLE_RESOURCE_LENGTH) {
			throw new IllegalArgumentException("Role resources should not contain more than " + Constants.MAX_ROLE_RESOURCE_LENGTH + " characters.");
		}
		if(uid.trim().length() > Constants.MAX_ROLE_RESOURCE_UID_LENGTH) {
			throw new IllegalArgumentException("Role resources UID should not contain more than " + Constants.MAX_ROLE_RESOURCE_UID_LENGTH + " characters.");
		}

		this.c = c;
		this.personUuid = personUuid;
		this.role = role.trim();
		this.resource = resource.trim();
		this.uid = uid.trim();
		this.user = user;

	}

	public DeleteResourceRole() {
	}

	@Override
	protected void execute() throws IOException {
		Session s = c.getCassandraSession();

		if(!user.hasRole(Constants.PERSON_MANAGE_ROLE)) {
			log(s, "WARN", user, "Permission denied invoking: " + DeleteResourceRole.class.getSimpleName() + " " + getJsonParameters());
			throw new IllegalStateException("You do not have permission to manage roles.");
		}

		PreparedStatement p = s.prepare("delete from role where resource=? and uid=? and role=? and person_uuid=?");
		s.execute(p.bind(resource, uid, role, personUuid));

		log(s, "INFO", user, "Removed role " + role + " for person " + personUuid, new ResourceUid("Person", personUuid.toString()), new ResourceUid(resource, uid));
		updatePersonTokenRoleString(s, personUuid);

	}



	@Override
	public String getJsonParameters() {
		return "{" +
				"\"person\":\"" + user.getPersonUuid() + "\"," +
				"\"role.person\":" + personUuid + "," +
				"\"role\":\"" + Json.escape(role) + "\"," +
				"\"resource\":\"" + Json.escape(resource) + "\"," +
				"\"uid\":\"" + Json.escape(uid) + "\"" +
				"}";
	}

}