org.xlcloud.console.entitlements.ExplicitEntitlementDictionary Maven / Gradle / Ivy
The newest version!
/*
* Copyright 2012 AMG.lab, a Bull Group Company
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.xlcloud.console.entitlements;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.Predicate;
import org.apache.log4j.Logger;
import org.xlcloud.console.context.EntitlementEngine;
import org.xlcloud.console.context.IdentityContext;
import org.xlcloud.console.entitlements.scope.predicates.EntitlementDictionaryPredicate;
import org.xlcloud.service.AccessToken;
import org.xlcloud.service.Entitlement;
import org.xlcloud.service.Group;
import org.xlcloud.service.HttpAction;
import org.xlcloud.service.User;
import org.xlcloud.service.api.WebResourceRegistry;
/**
* @author Tomek Adamczewski, AMG.net
* @author Konrad Król, AMG.net
*/
public class ExplicitEntitlementDictionary extends AbstractEntitlementDictionary {
public static String ACCOUNT_ID_PARAM_AS_REGEXP = "\\{" + WebResourceRegistry.PARAM_ACCOUNT_ID + "\\}";
public static String ACCOUNT_ID_PARAM = "{" + WebResourceRegistry.PARAM_ACCOUNT_ID + "}";
public static String USER_ID_PARAM_AS_REGEXP = "\\{" + WebResourceRegistry.PARAM_USER_ID + "\\}";
public static String USER_ID_PARAM = "{" + WebResourceRegistry.PARAM_USER_ID + "}";
public static String[] CATALOG_RESOURCES = {
WebResourceRegistry.STACK_BLUEPRINTS,
WebResourceRegistry.STACK_BLUEPRINTS + "/-*-",
WebResourceRegistry.PROJECTS + "/-*-/" + WebResourceRegistry.STACKS,
WebResourceRegistry.PROJECTS + "/-*-/" + WebResourceRegistry.STACKS + "/-*-",
WebResourceRegistry.PROJECTS + "/-*-/" + WebResourceRegistry.STACKS + "/-*-/" + WebResourceRegistry.PARAMETERS,
WebResourceRegistry.PROJECTS + "/-*-/" + WebResourceRegistry.STACKS + "/-*-/" + WebResourceRegistry.SESSIONS,
WebResourceRegistry.PROJECTS + "/-*-/" + WebResourceRegistry.STACKS + "/-*-/" + WebResourceRegistry.SESSIONS + "/-*-",
WebResourceRegistry.IMAGES,
WebResourceRegistry.IMAGES + "/-*-",
WebResourceRegistry.REPOSITORIES,
WebResourceRegistry.REPOSITORIES + "/-*-"};
private static final Logger LOG = Logger.getLogger(ExplicitEntitlementDictionary.class);
class InstantiateEntitlementException extends RuntimeException {
private static final long serialVersionUID = -4908672046826956085L;
public InstantiateEntitlementException( String message ) {
super(message);
}
}
private Set actions;
private String path;
private boolean initialDefault;
/**
* Instantiates new explicit entitlement.
*
* @param id
* id
* @param description
* description
* @param parent
* parent of this entitlement
* @param initialDefault
* initial by default
* @param path
* path of this entitlement
* @param actions
* actions required for this entitlement
*/
public ExplicitEntitlementDictionary( Long id, String description, CompositeEntitlementDictionary parent, boolean initialDefault,
String path, HttpAction... actions ) {
super(id, description, parent);
for (HttpAction action : actions) {
this.getActions().add(action);
}
this.initialDefault = initialDefault;
this.path = path;
}
/**
* Instantiates new explicit entitlement. Initial default is set to false
*
* @param id
* id
* @param description
* description
* @param parent
* parent of this entitlement
* @param path
* path of this entitlement
* @param actions
* actions required for this entitlement
*/
public ExplicitEntitlementDictionary( Long id, String description, CompositeEntitlementDictionary parent, String path,
HttpAction... actions ) {
this(id, description, parent, false, path, actions);
}
/**
* Instantiates new explicit entitlement without parent.
*
* @param id
* id
* @param description
* description
* @param path
* path of this entitlement
* @param actions
* actions required for this entitlement
*/
public ExplicitEntitlementDictionary( Long id, String description, String path, HttpAction... actions ) {
super(id, description);
for (HttpAction action : actions) {
this.getActions().add(action);
}
this.path = path;
}
/**
* Inidcates whether it is possible to instantiate entitlement object from
* this dictionary. If it is possible, a new entitlement can be instantiated
* by: {@link #instantiateEntitlement(Long, Long)}
*
* @param accountId
* account id for the instantiated entitlement
* @param userId
* user id for the instantiated entitlement
* @return {@code true} if the instantiation is possible, {@code false}
* otherwise
*/
public boolean canInstantiate(Long accountId, Long userId) {
if (isAccountScopedEntitlement() && accountId == null) {
return false;
}
if (isUserScopedEntitlement() && userId == null) {
return false;
}
return true;
}
/**
* Instantiates a new entitlement from this dictionary. It replaces all
* occurences of accountId, and userId in the resource path with specified
* ids. If the accountId or userId is included into resource path, but the
* corresponding parameter is null, then InstantiateEntitlementException
* exception is thrown.
*
* @param accountId
* account id for the instantiated entitlement
* @param userId
* user id for the instantiated entitlement
* @throws InstantiateEntitlementException
* @return instantiated entitlement
*/
public Entitlement instantiateEntitlement(Long accountId, Long userId) {
return instantiateEntitlement(accountId, userId, true);
}
/**
* Instantiates a new entitlement from this dictionary. It replaces all
* occurences of accountId, and userId in the resource path with specified
* ids. If validationEnabled is true and if the accountId or userId is
* included into resource path, but the corresponding parameter is null,
* then InstantiateEntitlementException exception is thrown.
*
* @param accountId
* account id
* @param userId
* user id
* @param validationEnabled
* indicates whether the validation is enabled or not
* @return instantiated entitlement
*/
public Entitlement instantiateEntitlement(Long accountId, Long userId, boolean validationEnabled) {
Entitlement entitlement = new Entitlement();
String renderedPath = new String(path);
if (accountId != null) {
renderedPath = renderedPath.replaceAll(ACCOUNT_ID_PARAM_AS_REGEXP, accountId.toString());
} else if (validationEnabled && isAccountScopedEntitlement()) {
throw new InstantiateEntitlementException("Entitlement: " + path + " requires accountId");
}
if (userId != null) {
renderedPath = renderedPath.replaceAll(USER_ID_PARAM_AS_REGEXP, userId.toString());
} else if (validationEnabled && isUserScopedEntitlement()) {
throw new InstantiateEntitlementException("Entitlement: " + path + " requires userId");
}
entitlement.setResource(renderedPath);
entitlement.getAction().addAll(actions);
return entitlement;
}
/**
* @return entitlement path
*/
public String getPath() {
return path;
}
/**
* Sets the value of {@link #path}
*
* @param path
* entitlement path
*/
public void setPath(String path) {
this.path = path;
}
/**
* Gets the value of {@link #actions}.
*
* @return value of {@link #actions}
*/
public Set getActions() {
if (actions == null) {
actions = new HashSet();
}
return actions;
}
/**
* Sets the value of {@link #actions}.
*
* @param actions
* entitlement actions
*/
public void setActions(Set actions) {
this.actions = actions;
}
/**
* @return the value of {@link #initialDefault}
*/
public boolean isInitialDefault() {
return initialDefault;
}
/** {@inheritDoc} */
@Override
public boolean availableFor(final EntitlementEngine entitlementEngine, final IdentityContext identityContext,
final EntitlementDictionaryPredicate predicate) {
return availableToPerform(entitlementEngine, identityContext) && visibleForCurrentScope(predicate);
}
/**
* Inidicates whether entitlement path contains accountId parameter to be
* replaced.
*
* @return {@code true} if this is account scoped entitlement, {@code false}
* otherwise.
*/
public boolean isAccountScopedEntitlement() {
return path.contains(ACCOUNT_ID_PARAM);
}
/**
* Inidicates whether entitlement path contains userId parameter to be
* replaced.
*
* @return {@code true} if this is user scoped entitlement, {@code false}
* otherwise.
*/
public boolean isUserScopedEntitlement() {
return path.contains(USER_ID_PARAM);
}
/**
* Inidicates whether the entitlement path is a catalog resource, which
* means it is one of: {@link #CATALOG_RESOURCES}.
*
* @return {@code true} if this catalog resouce entitlement, {@code false}
* otherwise.
*/
public boolean isCatalogResourceEntitlement() {
return Arrays.asList(CATALOG_RESOURCES).contains(path);
}
/** {@inheritDoc} */
@Override
public boolean isOwnedBy(final User user, final EntitlementEngine entitlementEngine) {
if (!canInstantiate(user.getAccountId(), user.getId())) {
return false;
}
try {
final String renderedPath = instantiateEntitlement(user.getAccountId(), user.getId()).getResource();
return forAllActions(new Predicate() {
@Override
public boolean evaluate(Object object) {
return entitlementEngine.canPerform(user, ((HttpAction) object), renderedPath);
}
});
} catch (InstantiateEntitlementException exception) {
LOG.error(exception.getMessage());
return false;
}
}
/** {@inheritDoc} */
@Override
public boolean isOwnedBy(final Group group, final EntitlementEngine entitlementEngine) {
if (!canInstantiate(group.getAccountId(), null)) {
return false;
}
try {
final String renderedPath = instantiateEntitlement(group.getAccountId(), null).getResource();
return forAllActions(new Predicate() {
@Override
public boolean evaluate(Object object) {
return entitlementEngine.canPerform(group, ((HttpAction) object), renderedPath);
}
});
} catch (InstantiateEntitlementException exception) {
LOG.error(exception.getMessage());
return false;
}
}
/** {@inheritDoc} */
@Override
public boolean isOwnedBy(final AccessToken accessToken, final User accessTokenUser, final EntitlementEngine entitlementEngine) {
if (!canInstantiate(accessTokenUser.getAccountId(), accessTokenUser.getId())) {
return false;
}
try {
final String renderedPath = instantiateEntitlement(accessTokenUser.getAccountId(), accessTokenUser.getId()).getResource();
return forAllActions(new Predicate() {
@Override
public boolean evaluate(Object object) {
return entitlementEngine.canPerform(accessToken, ((HttpAction) object), renderedPath);
}
});
} catch (InstantiateEntitlementException exception) {
LOG.error(exception.getMessage());
return false;
}
}
private boolean visibleForCurrentScope(final EntitlementDictionaryPredicate predicate) {
return (predicate != null ? predicate.evaluate(this) : true);
}
private boolean availableToPerform(final EntitlementEngine entitlementEngine, final IdentityContext identityContext) {
return forAllActions(new Predicate() {
@Override
public boolean evaluate(Object object) {
Entitlement entitlement = instantiateEntitlement(identityContext.getAccountId(), identityContext.getUserId(), false);
return entitlementEngine.canPerform(((HttpAction) object), entitlement.getResource());
}
});
}
private boolean forAllActions(Predicate predicate) {
return (CollectionUtils.countMatches(actions, predicate) == actions.size());
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy