All Downloads are FREE. Search and download functionalities are using the official Maven repository.
  • Log In
  • Register

    • org.exist.security.AbstractGroup Maven / Gradle / Ivy

    There is a newer version: 6.3.0
    Show newest version
    /*
 *  eXist Open Source Native XML Database
 *  Copyright (C) 2003-2011 The eXist Project
 *  http://exist-db.org
 *
 *  This program is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public License
 *  as published by the Free Software Foundation; either version 2
 *  of the License, or (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 *
 *  $Id: AbstractGroup.java 12846 2010-10-01 05:23:29Z shabanovd $
 */

package org.exist.security;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.exist.config.Configuration;
import org.exist.config.ConfigurationException;
import org.exist.config.Configurator;
import org.exist.config.Reference;
import org.exist.config.ReferenceImpl;
import org.exist.config.annotation.ConfigurationClass;
import org.exist.config.annotation.ConfigurationFieldAsElement;
import org.exist.config.annotation.ConfigurationReferenceBy;
import org.exist.security.internal.GroupImpl;
import org.exist.storage.DBBroker;

@ConfigurationClass("")
public abstract class AbstractGroup extends AbstractPrincipal implements Comparable, Group {

    private final static Logger LOG = LogManager.getLogger(AbstractGroup.class);
    
    @ConfigurationFieldAsElement("manager")
    @ConfigurationReferenceBy("name")
    private List> managers = new ArrayList>();
    
    @ConfigurationFieldAsElement("metadata")
    private Map metadata = new HashMap();

    public AbstractGroup(final DBBroker broker, final AbstractRealm realm, final int id, final String name, final List managers) throws ConfigurationException {
        super(broker, realm, realm.collectionGroups, id, name);
        
        if(managers != null) {
            for(final Account manager : managers) {
                _addManager(manager);
            }
        }
    }

    public AbstractGroup(final DBBroker broker, final AbstractRealm realm, final String name) throws ConfigurationException {
        super(broker, realm, realm.collectionGroups, UNDEFINED_ID, name);
    }

    public AbstractGroup(final AbstractRealm realm, final Configuration configuration) throws ConfigurationException {
        super(realm, configuration);

        //it require, because class's fields initializing after super constructor
        if (this.configuration != null) {
                this.configuration = Configurator.configure(this, this.configuration);
        }
    }

    @Override
    public int compareTo(final Object other) {
        if(!(other instanceof GroupImpl)) {
            throw new IllegalArgumentException("wrong type");
        }
        return name.compareTo(((GroupImpl)other).name);
    }

    @Override
    public String toString() {
        final StringBuilder buf = new StringBuilder();
        buf.append("");
        try {
            for(final Account manager : getManagers()) {
                buf.append("");
            }
        } catch(final Throwable e) {
            e.printStackTrace();
            buf.append("");
        }
        buf.append("");
        
        return buf.toString();
    }

    @Override
    public void assertCanModifyGroup(final Account user) throws PermissionDeniedException {
        if(user == null) {
            throw new PermissionDeniedException("Unspecified Account is not allowed to modify group '" + getName() + "'");
        } else if(!user.hasDbaRole() && !isManager(user)) {
            throw new PermissionDeniedException("Account '" + user.getName() + "' is not allowed to modify group '" + getName() + "'");
        }
    }

    @Override
    public boolean isManager(final Account account) {
    	for(final Reference manager : managers) {
            final Account acc = manager.resolve();
            if(acc != null && acc.equals(account)) {
                return true;
            }
    	}
    	return false;
    }

    protected void _addManager(final Account account) {
        //check the manager is not already present
        for(final Reference manager : managers) {
            final String refName = manager.getName();
            if(refName != null && refName.equals(account.getName())) {
                return;
            }
        }

        //add the manager
        managers.add(
            new ReferenceImpl(
                getRealm().getSecurityManager(),
                account,
                account.getName()
            )
        );
    }

    @Override
    public void addManager(final Account manager) throws PermissionDeniedException {
    	final Subject subject = getDatabase().getActiveBroker().getCurrentSubject();
        assertCanModifyGroup(subject);
        
        _addManager(manager);
    }

    @Override
    public void addManagers(final List managers) throws PermissionDeniedException {
    	if(managers != null) {
            for(final Account manager : managers) {
                addManager(manager);
            }
        }
    }
    
    public void addManager(final String name) throws PermissionDeniedException {
        final Subject subject = getDatabase().getActiveBroker().getCurrentSubject();
        assertCanModifyGroup(subject);
        
        //check the manager is not already present`
        for(final Reference ref : managers) {
            final String refName = ref.getName();
            if(refName != null && refName.equals(name)) {
                return;
            }
        }

        managers.add(new ReferenceImpl(getRealm().getSecurityManager(), "getAccount", name));
    }

    @Override
    public List getManagers() {
    	
        //we use a HashSet to ensure a unique set of managers
        //under some cases it is possible for the same manager to
        //appear twice in a group config file, but we only want
        //to know about them once!
    	final Set set = new HashSet();
    	
        if(managers != null) {
            for(final Reference ref : managers) {
                final Account acc = ref.resolve();
                if(acc != null) {
                    set.add(acc);
                } else {
                    LOG.warn("Unable to resolve reference to group manager '" + ref.getName() + "' for group '" + getName() + "'");
                }
            }
        }
    	
        return new ArrayList(set);
    }

    @Override
    public void removeManager(final Account account) throws PermissionDeniedException {

        final Subject subject = getDatabase().getActiveBroker().getCurrentSubject();
        assertCanModifyGroup(subject);

        for(final Reference ref : managers) {
            final Account acc = ref.resolve();
            if(acc.getName().equals(account.getName())) {
                managers.remove(ref);
                break;
            }
        }
    }
    
    //this method used only at tests, don't use it other places
    public void setManagers(final List> managers) {
        this.managers = managers;
    }
    
    @Override
    public String getMetadataValue(final SchemaType schemaType) {
        return metadata.get(schemaType.getNamespace());
    }

    @Override
    public void setMetadataValue(final SchemaType schemaType, final String value) {
        metadata.put(schemaType.getNamespace(), value);
    }

    @Override
    public Set getMetadataKeys() {
        final Set metadataKeys = new HashSet();
        
        for(final String key : metadata.keySet()) {
            //XXX: other types?
            if(AXSchemaType.valueOfNamespace(key) != null) {
                metadataKeys.add(AXSchemaType.valueOfNamespace(key));
            } else if(EXistSchemaType.valueOfNamespace(key) != null){
                metadataKeys.add(EXistSchemaType.valueOfNamespace(key));
            }
        }
        return metadataKeys;
    }
    
    @Override
    public void clearMetadata() {
    	metadata.clear();
    }
}    
    
    
    

    




    
    
    © 2015 - 2025 Weber Informatics LLC | Privacy Policy