• Home
• org.molgenis
• molgenis-data-security
• 8.3.10
• source code
• GroupPermissionService.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.molgenis.data.security.auth.GroupPermissionService Maven / Gradle / Ivy

package org.molgenis.data.security.auth;

import static org.molgenis.data.security.auth.GroupService.EDITOR;
import static org.molgenis.data.security.auth.GroupService.MANAGER;
import static org.molgenis.data.security.auth.GroupService.VIEWER;
import static org.molgenis.security.core.PermissionSet.READ;
import static org.molgenis.security.core.PermissionSet.WRITE;
import static org.molgenis.security.core.PermissionSet.WRITEMETA;
import static org.molgenis.security.core.SidUtils.createAuthoritySid;
import static org.molgenis.security.core.SidUtils.createRoleSid;
import static org.molgenis.security.core.utils.SecurityUtils.AUTHORITY_USER;

import com.google.common.collect.ImmutableMap;
import java.util.Map;
import java.util.Objects;
import org.molgenis.data.security.GroupIdentity;
import org.molgenis.data.security.PackageIdentity;
import org.molgenis.data.security.permission.PermissionService;
import org.molgenis.data.security.permission.model.Permission;
import org.molgenis.security.core.PermissionSet;
import org.molgenis.security.core.model.GroupValue;
import org.springframework.security.acls.model.MutableAclService;
import org.springframework.security.acls.model.Sid;
import org.springframework.stereotype.Service;

@Service
public class GroupPermissionService {
  private final MutableAclService aclService;
  private final PermissionService permissionService;

  private static final Map PERMISSION_SETS_PER_ROLE =
      ImmutableMap.of(MANAGER, WRITEMETA, EDITOR, WRITE, VIEWER, READ);

  public GroupPermissionService(MutableAclService aclService, PermissionService permissionService) {
    this.aclService = Objects.requireNonNull(aclService);
    this.permissionService = Objects.requireNonNull(permissionService);
  }

  /**
   * Grants default permissions on the root package and group to the roles of the group
   *
   * @param groupValue details of the group for which the permissions will be granted
   */
  public void grantDefaultPermissions(GroupValue groupValue) {
    PackageIdentity packageIdentity = new PackageIdentity(groupValue.getRootPackage().getName());
    GroupIdentity groupIdentity = new GroupIdentity(groupValue.getName());
    aclService.createAcl(groupIdentity);
    groupValue
        .getRoles()
        .forEach(
            roleValue -> {
              PermissionSet permissionSet = PERMISSION_SETS_PER_ROLE.get(roleValue.getLabel());
              Sid roleSid = createRoleSid(roleValue.getName());
              permissionService.createPermission(
                  Permission.create(packageIdentity, roleSid, permissionSet));
              permissionService.createPermission(
                  Permission.create(groupIdentity, roleSid, permissionSet));
            });
    if (groupValue.isPublic()) {
      permissionService.createPermission(
          Permission.create(groupIdentity, createAuthoritySid(AUTHORITY_USER), READ));
    }
  }
}