public static List<String> extratcGroupNames(Set<UserGroup> groups) { List<String> groupNames = new ArrayList<String>(); if (groups == null) { return groupNames; } for (UserGroup ug : groups) { groupNames.add(ug.getGroupName()); } return groupNames; }
/** * Given a Group Set returns a List that contains all the group names * * @param groups * @return */ public static List<String> extratcGroupNames(Set<UserGroup> groups){ List<String> groupNames = new ArrayList<>(groups.size() + 1); for(UserGroup ug : groups){ groupNames.add(ug.getGroupName()); } return groupNames; }
private SecurityRule getRuleForGroup(List<SecurityRule> securityList, UserGroup group){ for(SecurityRule sr : securityList){ if(sr.getGroup() != null && sr.getGroup().getGroupName() != null && sr.getGroup().getGroupName().equals(group.getGroupName())){ return sr; } } return null; }
/** * @param id * @param name * @param role */ public RESTUser(Long id, String name, Role role, Set<UserGroup> groups, boolean allGroups) { super(); this.id = id; this.name = name; this.role = role; groupsNames = new ArrayList<String>(); if(groups != null){ for(UserGroup ug : groups){ if(allGroups || GroupReservedNames.isAllowedName(ug.getGroupName())){ groupsNames.add(ug.getGroupName()); } } } }
/** * Utility method to remove Reserved group (for example EVERYONE) from a group list * * @param groups * @return */ private Set<UserGroup> removeReservedGroups(Set<UserGroup> groups){ List<UserGroup> reserved = new ArrayList<UserGroup>(); for(UserGroup ug : groups){ if(!GroupReservedNames.isAllowedName(ug.getGroupName())){ reserved.add(ug); } } for(UserGroup ug : reserved){ groups.remove(ug); } return groups; }
/** * Utility method to remove Reserved group (for example EVERYONE) from a group list * * @param groups * @return */ private Set<UserGroup> checkReservedGroups(Set<UserGroup> groups){ List<UserGroup> reserved = new ArrayList<UserGroup>(); for(UserGroup ug : groups){ if(!GroupReservedNames.isAllowedName(ug.getGroupName())){ reserved.add(ug); } } for(UserGroup ug : reserved){ groups.remove(ug); } return groups; } }
@Override public long insert(UserGroup userGroup) throws BadRequestServiceEx { if (LOGGER.isDebugEnabled()) { LOGGER.debug("Persisting UserGroup... "); } if (userGroup == null || StringUtils.isEmpty(userGroup.getGroupName())) { throw new BadRequestServiceEx("The provided UserGroup instance is null or group Name is not specified!"); } if(!GroupReservedNames.isAllowedName(userGroup.getGroupName())){ throw new ReservedUserGroupNameEx("The usergroup name you try to save: '" + userGroup.getGroupName() + "' is a reserved name!"); } userGroup.setGroupName(userGroup.getGroupName()); userGroupDAO.persist(userGroup); if (LOGGER.isDebugEnabled()) { LOGGER.debug("UserGroup '" + userGroup.getGroupName() + "' persisted!"); } return userGroup.getId(); }
public boolean insertSpecialUsersGroups(){ if (LOGGER.isDebugEnabled()) { LOGGER.debug("Persisting Reserved UsersGroup... "); } UserGroup ug = new UserGroup(); ug.setGroupName(GroupReservedNames.EVERYONE.groupName()); userGroupDAO.persist(ug); if (LOGGER.isDebugEnabled()) { LOGGER.debug("Special UserGroup '" + ug.getGroupName() + "' persisted!"); } return true; }
private UserGroup synchronizeGroup(GrantedAuthority a) throws BadRequestServiceEx { UserGroup group = new UserGroup(); group.setGroupName(a.getAuthority()); if (userGroupService != null) { UserGroup userGroup = userGroupService.get(group.getGroupName()); if (userGroup == null) { LOGGER.log(Level.INFO, "Creating new group from LDAP: " + group.getGroupName()); long groupId = userGroupService.insert(group); userGroup = userGroupService.get(groupId); } return userGroup; } else { return group; } }
@Override public boolean delete(long id) throws NotFoundServiceEx, BadRequestServiceEx { UserGroup group = userGroupDAO.find(id); if(group == null){ LOGGER.error("Can't find usergroup with id '" + id + "'"); throw new NotFoundServiceEx("Can't find usergroup with id '" + id + "'"); } if(!GroupReservedNames.isAllowedName(group.getGroupName())){ throw new BadRequestServiceEx("Delete a special usergroup ('" + group.getGroupName() + "' in this case) isn't possible"); } Set<User> users = group.getUsers(); for(User u : users){ u.getGroups().remove(group); userDAO.merge(u); } userGroupDAO.remove(group); return true; }
@Override public UserGroupList getAll(SecurityContext sc, Integer page, Integer entries, boolean all) throws BadRequestWebEx { try { List<UserGroup> returnList = userGroupService.getAll(page, entries); List<RESTUserGroup> ugl = new ArrayList<RESTUserGroup>(); for(UserGroup ug : returnList){ if(all || GroupReservedNames.isAllowedName(ug.getGroupName())){ RESTUserGroup rug = new RESTUserGroup(ug.getId(), ug.getGroupName(), ug.getUsers(), ug.getDescription()); ugl.add(rug); } } return new UserGroupList(ugl); } catch (BadRequestServiceEx e) { LOGGER.error(e.getMessage(), e); throw new BadRequestWebEx(e.getMessage()); } }
@Deprecated @Override public List<SecurityRule> findGroupSecurityRule(List<String> groupNames, long resourceId) { Search searchCriteria = new Search(Resource.class); searchCriteria.addField("security"); Filter securityFilter = Filter.some("security", Filter.equal("resource.id", resourceId)); //Advanced filters Filters doesn't work, I don't know why... // Filter securityFilter = Filter.some( // "security", // Filter.and(Filter.equal("resource.id", resourceId), // Filter.in("group.groupName", groupNames), // Filter.isNotEmpty("group"))); searchCriteria.addFilter(securityFilter); List<SecurityRule> rules = super.search(searchCriteria); //WORKAROUND List<SecurityRule> filteredRules = new ArrayList<SecurityRule>(); for(SecurityRule sr : rules){ if(sr.getGroup() != null && groupNames.contains(sr.getGroup().getGroupName())){ filteredRules.add(sr); } } return filteredRules; }
@Override public List<SecurityRule> findGroupSecurityRule(List<String> userGroups, long resourceId) { Search searchCriteria = new Search(StoredData.class); //get all the security rules searchCriteria.addField("resource.security"); Filter securityFilter = Filter.some( "resource.security",Filter.equal("resource.security.resource.id", resourceId) ); searchCriteria.addFilter(securityFilter); List<SecurityRule> rules = super.search(searchCriteria); //WORKAROUND (See ResourceDAOImpl) List<SecurityRule> filteredRules = new ArrayList<SecurityRule>(); for(SecurityRule sr : rules){ if(sr.getGroup() != null && userGroups.contains(sr.getGroup().getGroupName())){ filteredRules.add(sr); } } return filteredRules; }
@Override public RESTUserGroup get(SecurityContext sc, String name) throws NotFoundWebEx { UserGroup ug = userGroupService.get(name); if(ug != null){ return new RESTUserGroup(ug.getId(),ug.getGroupName(),ug.getUsers(), ug.getDescription()); } return null; } }
@Override public RESTUserGroup get(SecurityContext sc, long id) throws NotFoundWebEx { try { UserGroup g = userGroupService.get(id); return new RESTUserGroup(g.getId(),g.getGroupName(),g.getUsers(), g.getDescription()); } catch (BadRequestServiceEx e) { throw new BadRequestWebEx("UserGroup Not found"); } } /*
@Override public void assignUserGroup(long userId, long groupId) throws NotFoundServiceEx{ UserGroup groupToAssign = userGroupDAO.find(groupId); // Check if the group user want to assign is an allowed one if(!GroupReservedNames.isAllowedName(groupToAssign.getGroupName())){ throw new NotFoundServiceEx("You can't re-assign the group EVERYONE or any other reserved groups..."); } User targetUser = userDAO.find(userId); if(groupToAssign == null || targetUser == null){ throw new NotFoundServiceEx("The userGroup or the user you provide doesn't exist"); } if(targetUser.getGroups() == null){ Set<UserGroup> groups = new HashSet<UserGroup>(); groups.add(groupToAssign); targetUser.setGroups(groups); userDAO.merge(targetUser); } else{ targetUser.getGroups().add(groupToAssign); userDAO.merge(targetUser); } }
@Override public void deassignUserGroup(long userId, long groupId) throws NotFoundServiceEx{ UserGroup groupToAssign = userGroupDAO.find(groupId); // Check if the group user want to remove is an allowed one if(!GroupReservedNames.isAllowedName(groupToAssign.getGroupName())){ throw new NotFoundServiceEx("You can't remove the group EVERYONE or any other reserved groups from the users group list..."); } User targetUser = userDAO.find(userId); if(groupToAssign == null || targetUser == null){ throw new NotFoundServiceEx("The userGroup or the user you provide doesn't exist"); } if(targetUser.getGroups() != null){ Set<UserGroup> ugs = targetUser.getGroups(); for( UserGroup group : ugs){ if( group.getId() == groupId){ targetUser.getGroups().remove(group); userDAO.merge(targetUser); return; } } } }
if(group.getGroupName().equals(GroupReservedNames.EVERYONE.groupName())){ if(!canRead || canWrite){ LOGGER.error("You are trying to assign to a resource the following permissions for the group EVERYONE: [canRead='" + canRead + "',canWrite'" + canWrite + "'] but...");
if (groups.contains(userGroup.getGroupName())) { if (rule.isCanWrite()) { shortResource.setCanEdit(true);
public RESTSecurityRule(SecurityRule rule) { if(rule.getUser() != null) { User ruleUser = rule.getUser(); user = new RESTUser(); user.setId(ruleUser.getId()); user.setName(ruleUser.getName()); } if(rule.getGroup() != null) { UserGroup ruleGroup = rule.getGroup(); group = new RESTUserGroup(); group.setId(ruleGroup.getId()); group.setGroupName(ruleGroup.getGroupName()); } canRead = rule.isCanRead(); canWrite = rule.isCanWrite(); }