• Home
• edu.internet2.middleware.grouper
• grouper
• 5.11.0
• source code
• GrouperAttributeDefAdapter.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

edu.internet2.middleware.grouper.privs.GrouperAttributeDefAdapter Maven / Gradle / Ivy

/**
 * Copyright 2014 Internet2
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
/*
  Copyright (C) 2004-2007 University Corporation for Advanced Internet Development, Inc.
  Copyright (C) 2004-2007 The University Of Chicago

  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
  You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
*/

package edu.internet2.middleware.grouper.privs;
import java.util.Collection;
import java.util.LinkedHashSet;
import java.util.Set;

import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.Member;
import edu.internet2.middleware.grouper.MemberFinder;
import edu.internet2.middleware.grouper.attr.AttributeDef;
import edu.internet2.middleware.grouper.attr.assign.AttributeAssign;
import edu.internet2.middleware.grouper.hibernate.HibUtils;
import edu.internet2.middleware.grouper.hibernate.HqlQuery;
import edu.internet2.middleware.grouper.permissions.PermissionEntry;
import edu.internet2.middleware.grouper.pit.PITAttributeAssign;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.subject.Subject;

/** 
 * 
 
 * Grouper Attribute Definition Access Privilege interface.
 * 

 * Unless you are implementing a new implementation of this interface,
 * you should not need to directly use these methods as they are all
 * wrapped by methods in the {@link AttributeDef} class.
 * 
 * This access adapter affects the HQL queries to give better performance
 * 
 * 
 * @author  blair christensen.
 * @version $Id: GrouperAttributeDefAdapter.java,v 1.1 2009-09-21 06:14:26 mchyzer Exp $
 */
public class GrouperAttributeDefAdapter extends GrouperNonDbAttrDefAdapter {

  /**
   * 
   * @see edu.internet2.middleware.grouper.privs.BaseAttrDefAdapter#hqlFilterAttrDefsWhereClause(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.StringBuilder, java.lang.String, java.util.Set)
   */
  @Override
  public boolean hqlFilterAttrDefsWhereClause(GrouperSession grouperSession,
      Subject subject, HqlQuery hqlQuery, StringBuilder hqlTables, StringBuilder hqlWhereClause, String attributeDefColumn,
      Set privInSet) {
    //no privs no filter
    if (GrouperUtil.length(privInSet) == 0) {
      return false;
    }
    
    Member member = MemberFinder.internal_findBySubject(subject, null, false);
    Member allMember = MemberFinder.internal_findAllMember();

    Collection attrDefPrivs = GrouperPrivilegeAdapter.fieldIdSet(priv2list, privInSet); 
    String attrDefInClause = HibUtils.convertToInClause(attrDefPrivs, hqlQuery);
    
    String columnAlias = "__attrDefMembership" + GrouperUtil.uniqueId();
    
    //if not, we need an in clause
    hqlTables.append( ", MembershipEntry " + columnAlias);
    if (hqlWhereClause.length() != 0) {
      hqlWhereClause.append(" and ");
    }
    hqlWhereClause.append(columnAlias + ".ownerAttrDefId = " + attributeDefColumn
        + " and " + columnAlias + ".fieldId in (");
    hqlWhereClause.append(attrDefInClause).append(") and " + columnAlias + ".memberUuid in (");
    Set memberIds = GrouperUtil.toSet(allMember.getUuid());
    if (member != null) {
      memberIds.add(member.getUuid());
    }
    String memberInClause = HibUtils.convertToInClause(memberIds, hqlQuery);
    hqlWhereClause.append(memberInClause).append(")");

    // don't return disabled memberships
    hqlWhereClause.append(" and " + columnAlias + ".enabledDb = 'T'");
    return true;
  }

  /**
   * 
   * @see edu.internet2.middleware.grouper.privs.AttributeDefAdapter#postHqlFilterAttributeAssigns(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, java.util.Set)
   */
  @Override
  public Set postHqlFilterAttributeAssigns(GrouperSession grouperSession,
      Subject subject, Set attributeAssigns) {
    return attributeAssigns;
  }
  
  /**
   * @see edu.internet2.middleware.grouper.privs.AttributeDefAdapter#postHqlFilterPITAttributeAssigns(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, java.util.Set)
   */
  @Override
  public Set postHqlFilterPITAttributeAssigns(GrouperSession grouperSession,
      Subject subject, Set pitAttributeAssigns) {

    if (pitAttributeAssigns == null) {
      return null;
    }
    
    // if we get here, we're not wheel or root so filter out inactive assignments
    Set filteredAssignments = new LinkedHashSet();
    
    for (PITAttributeAssign pitAssignment : pitAttributeAssigns) {
      if (pitAssignment.isActive()) {
        filteredAssignments.add(pitAssignment);
      }
    }
    
    return filteredAssignments;
  }

  /**
   * 
   * @see edu.internet2.middleware.grouper.privs.BaseAttrDefAdapter#postHqlFilterPermissions(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, java.util.Set)
   */
  @Override
  public Set postHqlFilterPermissions(GrouperSession grouperSession,
      Subject subject, Set permissionEntries) {
    
    if (permissionEntries == null) {
      return null;
    }
    
    // if we get here, we're not wheel or root so filter out inactive permissions
    Set filteredPermissions = new LinkedHashSet();
    
    for (PermissionEntry permissionEntry : permissionEntries) {
      if (permissionEntry.isActive()) {
        filteredPermissions.add(permissionEntry);
      }
    }
    
    return filteredPermissions;
  }

  /**
   * @see edu.internet2.middleware.grouper.privs.AttributeDefAdapter#hqlFilterAttributeDefsNotWithPrivWhereClause(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, Privilege, boolean)
   */
  public boolean hqlFilterAttributeDefsNotWithPrivWhereClause(GrouperSession grouperSession,
      Subject subject, HqlQuery hqlQuery, StringBuilder hql, String attributeDefColumn, Privilege privilege, boolean considerAllSubject) {
    
    Member member = MemberFinder.internal_findBySubject(subject, null, true);
    Member allMember = MemberFinder.internal_findAllMember();

    String fieldId = privilege.getField().getUuid();
    
    if (hql.indexOf(" where ") == -1) {
      hql.append(" where ");
    } else {
      hql.append(" and ");
    }
    
    hql.append(" not exists (select __notInMembership.uuid from MembershipEntry __notInMembership where " +
        " __notInMembership.enabledDb = 'T' and __notInMembership.ownerAttrDefId = " + attributeDefColumn + " " +
            " and __notInMembership.fieldId = :notInMembershipFieldId and __notInMembership.memberUuid in ( " +
            " :notInMembershipMemberId" + (considerAllSubject ? ", :notInMembershipAllMemberId" : "") + ")) ");
    
    hqlQuery.setString("notInMembershipFieldId", fieldId);
    hqlQuery.setString("notInMembershipMemberId", member.getUuid());
    if (considerAllSubject) {
      hqlQuery.setString("notInMembershipAllMemberId", allMember.getUuid());
    }

    return true;
  }

  /**
   * @see edu.internet2.middleware.grouper.privs.AttributeDefAdapter#hqlFilterAttributeDefsWithPrivWhereClause(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, Privilege, boolean)
   */
  public boolean hqlFilterAttributeDefsWithPrivWhereClause(GrouperSession grouperSession,
      Subject subject, HqlQuery hqlQuery, StringBuilder hql, String attributeDefColumn, Privilege privilege, boolean considerAllSubject) {
    
    Member member = MemberFinder.internal_findBySubject(subject, null, true);
    Member allMember = MemberFinder.internal_findAllMember();
  
    String fieldId = privilege.getField().getUuid();
    
    if (hql.indexOf(" where ") == -1) {
      hql.append(" where ");
    } else {
      hql.append(" and ");
    }
    
    hql.append(" exists (select __inMembership.uuid from MembershipEntry __inMembership where " +
        " __inMembership.enabledDb = 'T' and __inMembership.ownerAttrDefId = " + attributeDefColumn + " " +
            " and __inMembership.fieldId = :inMembershipFieldId and __inMembership.memberUuid in ( " +
            " :inMembershipMemberId" + (considerAllSubject ? ", :inMembershipAllMemberId" : "") + ")) ");
    
    hqlQuery.setString("inMembershipFieldId", fieldId);
    hqlQuery.setString("inMembershipMemberId", member.getUuid());
    if (considerAllSubject) {
      hqlQuery.setString("inMembershipAllMemberId", allMember.getUuid());
    }
  
    return true;
  }

}