View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.syncope.core.provisioning.java.data;
20  
21  import java.util.stream.Collectors;
22  import org.apache.syncope.common.lib.SyncopeClientException;
23  import org.apache.syncope.common.lib.to.RoleTO;
24  import org.apache.syncope.common.lib.types.ClientExceptionType;
25  import org.apache.syncope.core.persistence.api.dao.ApplicationDAO;
26  import org.apache.syncope.core.persistence.api.dao.DynRealmDAO;
27  import org.apache.syncope.core.persistence.api.dao.RealmDAO;
28  import org.apache.syncope.core.persistence.api.dao.RoleDAO;
29  import org.apache.syncope.core.persistence.api.dao.search.SearchCond;
30  import org.apache.syncope.core.persistence.api.entity.DynRealm;
31  import org.apache.syncope.core.persistence.api.entity.EntityFactory;
32  import org.apache.syncope.core.persistence.api.entity.Privilege;
33  import org.apache.syncope.core.persistence.api.entity.Realm;
34  import org.apache.syncope.core.persistence.api.entity.Role;
35  import org.apache.syncope.core.persistence.api.entity.user.DynRoleMembership;
36  import org.apache.syncope.core.persistence.api.search.SearchCondConverter;
37  import org.apache.syncope.core.persistence.api.search.SearchCondVisitor;
38  import org.apache.syncope.core.provisioning.api.data.RoleDataBinder;
39  import org.slf4j.Logger;
40  import org.slf4j.LoggerFactory;
41  
42  public class RoleDataBinderImpl implements RoleDataBinder {
43  
44      protected static final Logger LOG = LoggerFactory.getLogger(RoleDataBinder.class);
45  
46      protected final RealmDAO realmDAO;
47  
48      protected final DynRealmDAO dynRealmDAO;
49  
50      protected final RoleDAO roleDAO;
51  
52      protected final ApplicationDAO applicationDAO;
53  
54      protected final EntityFactory entityFactory;
55  
56      protected final SearchCondVisitor searchCondVisitor;
57  
58      public RoleDataBinderImpl(
59              final RealmDAO realmDAO,
60              final DynRealmDAO dynRealmDAO,
61              final RoleDAO roleDAO,
62              final ApplicationDAO applicationDAO,
63              final EntityFactory entityFactory,
64              final SearchCondVisitor searchCondVisitor) {
65  
66          this.realmDAO = realmDAO;
67          this.dynRealmDAO = dynRealmDAO;
68          this.roleDAO = roleDAO;
69          this.applicationDAO = applicationDAO;
70          this.entityFactory = entityFactory;
71          this.searchCondVisitor = searchCondVisitor;
72      }
73  
74      protected void setDynMembership(final Role role, final String dynMembershipFIQL) {
75          SearchCond dynMembershipCond = SearchCondConverter.convert(searchCondVisitor, dynMembershipFIQL);
76          if (!dynMembershipCond.isValid()) {
77              SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidSearchParameters);
78              sce.getElements().add(dynMembershipFIQL);
79              throw sce;
80          }
81  
82          DynRoleMembership dynMembership;
83          if (role.getDynMembership() == null) {
84              dynMembership = entityFactory.newEntity(DynRoleMembership.class);
85              dynMembership.setRole(role);
86              role.setDynMembership(dynMembership);
87          } else {
88              dynMembership = role.getDynMembership();
89          }
90          dynMembership.setFIQLCond(dynMembershipFIQL);
91      }
92  
93      @Override
94      public Role create(final RoleTO roleTO) {
95          return update(entityFactory.newEntity(Role.class), roleTO);
96      }
97  
98      @Override
99      public Role update(final Role toBeUpdated, final RoleTO roleTO) {
100         toBeUpdated.setKey(roleTO.getKey());
101         Role role = roleDAO.save(toBeUpdated);
102 
103         role.getEntitlements().clear();
104         role.getEntitlements().addAll(roleTO.getEntitlements());
105 
106         role.getRealms().clear();
107         for (String realmFullPath : roleTO.getRealms()) {
108             Realm realm = realmDAO.findByFullPath(realmFullPath);
109             if (realm == null) {
110                 LOG.debug("Invalid realm full path {}, ignoring", realmFullPath);
111             } else {
112                 role.add(realm);
113             }
114         }
115 
116         role.getDynRealms().clear();
117         for (String key : roleTO.getDynRealms()) {
118             DynRealm dynRealm = dynRealmDAO.find(key);
119             if (dynRealm == null) {
120                 LOG.debug("Invalid dynamic ream {}, ignoring", key);
121             } else {
122                 role.add(dynRealm);
123             }
124         }
125 
126         role = roleDAO.save(role);
127 
128         // dynamic membership
129         roleDAO.clearDynMembers(role);
130         if (role.getKey() == null && roleTO.getDynMembershipCond() != null) {
131             setDynMembership(role, roleTO.getDynMembershipCond());
132         } else if (role.getDynMembership() != null && roleTO.getDynMembershipCond() == null) {
133             role.setDynMembership(null);
134         } else if (role.getDynMembership() == null && roleTO.getDynMembershipCond() != null) {
135             setDynMembership(role, roleTO.getDynMembershipCond());
136         } else if (role.getDynMembership() != null && roleTO.getDynMembershipCond() != null
137                 && !role.getDynMembership().getFIQLCond().equals(roleTO.getDynMembershipCond())) {
138 
139             setDynMembership(role, roleTO.getDynMembershipCond());
140         }
141 
142         role.getPrivileges().clear();
143         for (String key : roleTO.getPrivileges()) {
144             Privilege privilege = applicationDAO.findPrivilege(key);
145             if (privilege == null) {
146                 LOG.debug("Invalid privilege {}, ignoring", key);
147             } else {
148                 role.add(privilege);
149             }
150         }
151 
152         return roleDAO.saveAndRefreshDynMemberships(role);
153     }
154 
155     @Override
156     public RoleTO getRoleTO(final Role role) {
157         RoleTO roleTO = new RoleTO();
158 
159         roleTO.setKey(role.getKey());
160         roleTO.getEntitlements().addAll(role.getEntitlements());
161 
162         roleTO.getRealms().addAll(role.getRealms().stream().
163                 map(Realm::getFullPath).collect(Collectors.toList()));
164 
165         roleTO.getDynRealms().addAll(role.getDynRealms().stream().
166                 map(DynRealm::getKey).collect(Collectors.toList()));
167 
168         if (role.getDynMembership() != null) {
169             roleTO.setDynMembershipCond(role.getDynMembership().getFIQLCond());
170         }
171 
172         roleTO.getPrivileges().addAll(role.getPrivileges().stream().
173                 map(Privilege::getKey).collect(Collectors.toList()));
174 
175         return roleTO;
176     }
177 }