org.drools.repository.security.PermissionManager Maven / Gradle / Ivy
package org.drools.repository.security;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.Property;
import javax.jcr.PropertyIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import org.drools.repository.RulesRepository;
import org.drools.repository.RulesRepositoryException;
/**
* Deals with storing permissions for data and so on.
* @author Michael Neale
*/
public class PermissionManager {
private RulesRepository repository;
public PermissionManager(RulesRepository repo) {
this.repository = repo;
}
/**
* Save the users permissions.
* @param userName = obviously, the user name.
* @param perms - a map of the role type to the targets that it applies to.
* eg: package.admin => PACKAGE UUID
* analyst => category path
* ADMIN => empty (no list needed for admin)
* @throws RepositoryException
*/
public void updateUserPermissions(String userName, Map> perms) {
if (!isValideUserName(userName)) {
return;
}
try {
Node permsNode = getUserPermissionNode(userName);
permsNode.remove(); //remove this so we get a fresh set
permsNode = getUserPermissionNode(userName).addNode("jcr:content", "nt:unstructured");
for (Iterator>> iterator = perms.entrySet().iterator(); iterator.hasNext();) {
Map.Entry> en = iterator.next();
String perm = en.getKey();
List targets = en.getValue();
if (targets == null) targets = new ArrayList();
permsNode.setProperty(perm, targets.toArray(new String[targets.size()]));
}
this.repository.save();
} catch (RepositoryException e) {
throw new RulesRepositoryException(e);
}
}
public void createUser(String userName) {
if (!isValideUserName(userName)) {
throw new RulesRepositoryException("Invalide user name");
}
if (containsUser(userName)) {
throw new RulesRepositoryException("User name [" + userName + "] already exists");
}
try {
Node permsNode = getUserPermissionNode(userName);
permsNode.remove(); //remove this so we get a fresh set
permsNode = getUserPermissionNode(userName).addNode("jcr:content", "nt:unstructured");
this.repository.save();
} catch (RepositoryException e) {
throw new RulesRepositoryException(e);
}
}
private boolean containsUser(String userName) {
try {
Node userRoot = getUsersRootNode(getRootNode(repository));
if (userRoot.hasNode(userName)) {
return true;
}
} catch (RepositoryException e) {
}
return false;
}
private Node getUserPermissionNode(String userName)
throws RepositoryException {
Node permsNode = getNode(getUserInfoNode(userName, repository), "permissions", "nt:file");
return permsNode;
}
/** get the specified user info node (it is an nt:folder type) */
public static Node getUserInfoNode(String userName, RulesRepository repo) throws RepositoryException {
Node root = getRootNode(repo);
return getNode(getUsersRootNode(root), userName, "nt:folder");
}
/** The root node of the repository */
public static Node getRootNode(RulesRepository repo) throws RepositoryException {
return repo.getSession().getRootNode().getNode(RulesRepository.RULES_REPOSITORY_NAME);
}
/**
* Get the top node for "user_info"
* @throws RepositoryException
*/
public static Node getUsersRootNode(Node root) throws RepositoryException {
return getNode(root, "user_info", "nt:folder");
}
/**
* obtain a mapping of permissions for a given user.
* @throws RepositoryException
*/
public Map> retrieveUserPermissions(String userName) {
try {
Map> result = new HashMap>(10);
if (!isValideUserName(userName)) {
return result;
}
if (!getUserPermissionNode(userName).hasNode("jcr:content")) {
return result;
}
Node permsNode = getUserPermissionNode(userName).getNode("jcr:content");
PropertyIterator it = permsNode.getProperties();
while (it.hasNext()) {
Property p = (Property) it.next();
String name = p.getName();
if (!name.startsWith("jcr")) {
if (p.getDefinition().isMultiple()) {
Value[] vs = p.getValues();
List perms = new ArrayList();
for (int i = 0; i < vs.length; i++) {
perms.add(vs[i].getString());
}
result.put(name, perms);
} else {
Value v = p.getValue();
List perms = new ArrayList(1);
perms.add(v.getString());
result.put(name, perms);
}
}
}
return result;
} catch (RepositoryException e) {
throw new RulesRepositoryException(e);
}
}
/**
* Gets or creates a node.
*/
public static Node getNode(Node node, String name, String nodeType) throws RepositoryException {
Node permsNode;
if (!node.hasNode(name)) {
permsNode = node.addNode(name, nodeType);
} else {
permsNode = node.getNode(name);
}
return permsNode;
}
/**
* Returns a list of users and their permissions types for display.
* The Map maps:
*
* userName => [list of permission types, eg admin, package.admin etc... no IDs]
* For display purposes only.
* @throws RepositoryException
*/
public Map> listUsers() {
try {
Map> listing = new HashMap>();
Node root = getRootNode(this.repository);
Node usersNode = getUsersRootNode(root);
NodeIterator users = usersNode.getNodes();
while (users.hasNext()) {
Node userNode = (Node) users.next();
listing.put(userNode.getName(), listOfPermTypes(userNode));
}
return listing;
} catch (RepositoryException e) {
throw new RulesRepositoryException(e);
}
}
private List listOfPermTypes(Node userNode) throws RepositoryException {
List permTypes = new ArrayList();
Node permsNode = getNode(userNode, "permissions", "nt:file");
Node content = getNode(permsNode, "jcr:content", "nt:unstructured");
PropertyIterator perms = content.getProperties();
while (perms.hasNext()) {
Property p = (Property) perms.next();
String name = p.getName();
if (!name.startsWith("jcr")) {
permTypes.add(name);
}
}
return permTypes;
}
void deleteAllUsers() throws RepositoryException {
Node root = getRootNode(this.repository);
getUsersRootNode(root).remove();
}
public void removeUserPermissions(String userName) {
if (!isValideUserName(userName)) {
return;
}
try {
Node permsNode = getUserPermissionNode(userName);
permsNode.getParent().remove(); //remove this so we get a fresh set
} catch (RepositoryException e) {
throw new RulesRepositoryException(e);
}
}
private boolean isValideUserName(String userName) {
if("".equals(userName.trim()) || userName.trim().length() == 0) {
return false;
}
return true;
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy