All Downloads are FREE. Search and download functionalities are using the official Maven repository.

pl.edu.icm.unity.engine.SecuredTokensManagementImpl Maven / Gradle / Ivy

/*
 * Copyright (c) 2017 Bixbit - Krzysztof Benedyczak All rights reserved.
 * See LICENCE.txt file for licensing information.
 */

package pl.edu.icm.unity.engine;

import java.util.List;
import java.util.stream.Collectors;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import pl.edu.icm.unity.base.entity.EntityParam;
import pl.edu.icm.unity.base.exceptions.EngineException;
import pl.edu.icm.unity.base.token.Token;
import pl.edu.icm.unity.engine.api.authn.AuthorizationException;
import pl.edu.icm.unity.engine.api.authn.InvocationContext;
import pl.edu.icm.unity.engine.api.authn.LoginSession;
import pl.edu.icm.unity.engine.api.identity.EntityResolver;
import pl.edu.icm.unity.engine.api.token.SecuredTokensManagement;
import pl.edu.icm.unity.engine.api.token.TokensManagement;
import pl.edu.icm.unity.engine.authz.InternalAuthorizationManager;
import pl.edu.icm.unity.engine.authz.AuthzCapability;
import pl.edu.icm.unity.base.tx.Transactional;

/**
 * Implementation of {@link SecuredTokensManagement}
 * 
 * @author P.Piernik
 */
@Component
public class SecuredTokensManagementImpl implements SecuredTokensManagement
{

	private TokensManagement tokenMan;
	private InternalAuthorizationManager authz;
	private EntityResolver idResolver;

	@Autowired
	public SecuredTokensManagementImpl(TokensManagement tokenMan, InternalAuthorizationManager authz,
			EntityResolver idResolver)
	{
		super();
		this.tokenMan = tokenMan;
		this.authz = authz;
		this.idResolver = idResolver;
	}

	private List getOwned(long ownerId) throws AuthorizationException
	{
		List allTokens = tokenMan.getAllTokens();
		long userId = getUserEntityId();
		return allTokens.stream().filter(token -> token.getOwner().equals(userId)).collect(Collectors.toList());
	}
	
	@Transactional
	@Override
	public List getAllTokens(String type) throws EngineException
	{
		if (hasMaintanceCapability())
		{
			if (type != null)
				return tokenMan.getAllTokens(type);
			else
				return tokenMan.getAllTokens();
		} else
		{
			if (type != null)
			{
				return tokenMan.getOwnedTokens(type, new EntityParam(getUserEntityId()));
			}else
			{
				return getOwned(getUserEntityId());
			}
			
		}
	}

	
	@Transactional
	@Override
	public List getOwnedTokens(String type, EntityParam entity) throws EngineException
	{
		Long entityId = null;
		if (!hasMaintanceCapability())
		{
			entityId = idResolver.getEntityId(entity);

			if (entityId != getUserEntityId())
			{
				throw new AuthorizationException(
						"Can not get tokens owned by another user");
			}
		}
		if (type != null)
		{
			return tokenMan.getOwnedTokens(type, entity);
		}
		else
		{
			return getOwned(entityId);
		}

	}
	
	@Transactional
	@Override
	public List getOwnedTokens(String type) throws EngineException
	{
		if (type != null)
			return tokenMan.getOwnedTokens(type, new EntityParam(getUserEntityId()));
		else
			return getOwned(getUserEntityId());
	}	

	@Transactional
	@Override
	public void removeToken(String type, String value) throws AuthorizationException
	{
		if (!hasMaintanceCapability())
		{

			Token toRemove = tokenMan.getTokenById(type, value);

			if (toRemove.getOwner() != getUserEntityId())
			{
				throw new AuthorizationException(
						"Can not remove token owned by another user");
			}
		}
		tokenMan.removeToken(type, value);

	}

	private long getUserEntityId() throws AuthorizationException
	{
		if (InvocationContext.hasCurrent())
		{
			LoginSession ls = InvocationContext.getCurrent().getLoginSession();
			if (ls != null)
				return ls.getEntityId();
		}
		throw new AuthorizationException(
				"Access is denied. The operation requires logged user");
	}

	private boolean hasMaintanceCapability()
	{
		try
		{
			authz.checkAuthorization(AuthzCapability.maintenance);
		} catch (AuthorizationException e)
		{
			return false;
		}
		return true;
	}

}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy