base.jee.api.sql.GetGroupRoles Maven / Gradle / Ivy

Go to download
/**
 * Creative commons Attribution-NonCommercial license.
 *
 * http://creativecommons.org/licenses/by-nc/2.5/au/deed.en_GB
 *
 * NO WARRANTY IS GIVEN OR IMPLIED, USE AT YOUR OWN RISK.
 */
package base.jee.api.sql;

import base.Query;
import base.jee.Constants;
import base.security.PermissionException;
import base.security.PersonRole;
import base.security.User;

import javax.sql.DataSource;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.UUID;

import static base.jee.api.sql.util.Log.log;

public class GetGroupRoles extends Query {

	private DataSource ds;
	private User user;
	private UUID groupUuid;

	public GetGroupRoles(DataSource ds, User user, UUID groupUuid) throws PermissionException {

		if(ds == null) {
			throw new IllegalArgumentException("Invalid parameter: ds");
		}
		if(groupUuid == null) {
			throw new IllegalArgumentException("Invalid parameter: groupUuid");
		}
		if(user == null || !user.isAuthenticated()) {
			throw new PermissionException(getClass().getSimpleName(), user, "Requires authenticated user.", null);
		}

		this.ds = ds;
		this.user = user;
		this.groupUuid = groupUuid;
	}

	public GetGroupRoles() {
	}

	@Override
	public Query newWithParameters(Map parameters) throws PermissionException {
		return new GetGroupRoles(
				((SqlAPI)parameters.get("api")).getDataSource(),
				(User)parameters.get("user"),
				UUID.fromString(((String)parameters.get("uuid"))));
	}

	public List execute() throws IOException {
		List results = new LinkedList<>();
		Connection c = null;
		PreparedStatement q = null;
		ResultSet r = null;

		try {
			c = ds.getConnection();
			c.setAutoCommit(false);

			if(!user.hasRole(Constants.GROUP_MANAGE_ROLE)) {
				c.rollback();
				log(c, "WARN", user, "Permission denied invoking: " + GetGroupRoles.class.getSimpleName() + " " + getJsonParameters());
				c.commit();
				throw new PermissionException(getClass().getSimpleName(), user, "You do not have permission to manage group roles", Constants.GROUP_MANAGE_ROLE);
			}

			q = c.prepareStatement(
					"select distinct resource, uid, role "+
					"from role " +
					"where assignee_uuid=? " +
					"order by role, resource, uid");
			q.setString(1, groupUuid.toString());
			r = q.executeQuery();
			while(r.next()) {
				results.add(new PersonRole(groupUuid, r.getString(1), r.getString(2), r.getString(3)));
			}
			r.close();
			r = null;
			q.close();
			q = null;
			c.rollback();
			c.close();
			c = null;
		} catch(SQLException e) {
			throw new IOException(e);
		} finally {
			if(r != null) { try { r.close(); } catch(Exception f) {} }
			if(q != null) { try { q.close(); } catch(Exception f) {} }
			if(c != null) {
				try { c.rollback(); } catch (SQLException e) { }
				try { c.close(); } catch (SQLException e) { }
			}
		}
		return results;
	}

	@Override
	public String getJsonParameters() {
		return "{" +
				"\"requesting.person\":\"" + user.getPersonUuid() + "\"," +
				"\"group.uuid\":\"" + groupUuid + "\"" +
				"}";
	}

}