1 56 package org.opencrx.kernel.layer.application; 57 58 import java.util.Iterator ; 59 import java.util.List ; 60 import java.util.Map ; 61 62 import org.openmdx.application.log.AppLog; 63 import org.openmdx.base.exception.ServiceException; 64 import org.openmdx.compatibility.base.dataprovider.cci.AttributeSelectors; 65 import org.openmdx.compatibility.base.dataprovider.cci.AttributeSpecifier; 66 import org.openmdx.compatibility.base.dataprovider.cci.DataproviderObject; 67 import org.openmdx.compatibility.base.dataprovider.cci.DataproviderObject_1_0; 68 import org.openmdx.compatibility.base.dataprovider.cci.Directions; 69 import org.openmdx.compatibility.base.dataprovider.cci.RequestCollection; 70 import org.openmdx.compatibility.base.dataprovider.cci.SystemAttributes; 71 import org.openmdx.compatibility.base.marshalling.Marshaller; 72 import org.openmdx.compatibility.base.naming.Path; 73 import org.openmdx.model1.accessor.basic.cci.ModelElement_1_0; 74 import org.openmdx.model1.accessor.basic.cci.Model_1_0; 75 import org.openmdx.model1.code.AggregationKind; 76 77 public class SecureObject { 78 79 public SecureObject( 81 OpenCrxKernel_1 plugin, 82 RequestCollection delegation, 83 Model_1_0 model, 84 Path realmIdentity, 85 DataproviderObject args 86 ) { 87 this.plugin = plugin; 88 this.delegation = delegation; 89 this.model = model; 90 this.realmIdentity = realmIdentity; 91 this.args = args; 92 } 93 94 DataproviderObject_1_0 getUser( 96 String principalName 97 ) throws ServiceException { 98 99 DataproviderObject_1_0 principal = null; 101 try { 102 principal = this.delegation.addGetRequest( 103 this.realmIdentity.getDescendant(new String []{"principal", principalName}), 104 AttributeSelectors.ALL_ATTRIBUTES, 105 new AttributeSpecifier[]{} 106 ); 107 } 108 catch(ServiceException e) { 109 AppLog.warning("principal not found", principalName); 110 e.log(); 111 } 112 113 if((principal == null) || (principal.values("subject").size() == 0)) { 115 AppLog.warning("user for principal not defined", principal); 116 return null; 117 } 118 Path userIdentity = (Path)principal.values("subject").get(0); 119 DataproviderObject_1_0 user = null; 120 try { 121 user = this.delegation.addGetRequest( 122 userIdentity, 123 AttributeSelectors.ALL_ATTRIBUTES, 124 new AttributeSpecifier[]{} 125 ); 126 } 127 catch(ServiceException e) { 128 AppLog.warning("user for principal not found", principal + "; user=" + userIdentity); 129 e.log(); 130 } 131 return user; 132 } 133 134 private void applyAcls( 136 DataproviderObject_1_0 obj, 137 Marshaller marshaller, 138 Short mode, 139 String reportText, 140 List report 141 ) { 142 try { 143 DataproviderObject modifiedObj = this.plugin.retrieveObjectForModification(obj.path()); 145 modifiedObj.clearValues("owningUser").addAll(obj.values("owningUser")); 146 modifiedObj.clearValues("owningGroup").addAll(obj.values("owningGroup")); 147 marshaller.marshal(modifiedObj); 148 report.add(reportText); 149 150 if((mode != null) && (mode.intValue() == MODE_RECURSIVE)) { 151 Map references = (Map )this.model.getElement( 153 obj.values(SystemAttributes.OBJECT_CLASS).get(0) 154 ).values("reference").get(0); 155 for( 156 Iterator i = references.values().iterator(); 157 i.hasNext(); 158 ) { 159 ModelElement_1_0 featureDef = (ModelElement_1_0)i.next(); 160 ModelElement_1_0 referencedEnd = this.model.getElement( 161 featureDef.values("referencedEnd").get(0) 162 ); 163 if( 164 this.model.isReferenceType(featureDef) && 165 AggregationKind.COMPOSITE.equals(referencedEnd.values("aggregation").get(0)) && 166 ((Boolean )referencedEnd.values("isChangeable").get(0)).booleanValue() 167 ) { 168 String reference = (String )featureDef.values("name").get(0); 169 Path referencePath = obj.path().getChild(reference); 170 List content = this.delegation.addFindRequest( 171 referencePath, 172 null, 173 AttributeSelectors.ALL_ATTRIBUTES, 174 0, 175 Integer.MAX_VALUE, 176 Directions.ASCENDING 177 ); 178 for( 179 Iterator j = content.iterator(); 180 j.hasNext(); 181 ) { 182 this.applyAcls( 183 (DataproviderObject)j.next(), 184 marshaller, 185 mode, 186 reportText, 187 report 188 ); 189 } 190 } 191 } 192 } 193 } 194 catch(ServiceException e){ 195 e.log(); 196 report.add(e.getMessage()); 197 } 198 } 199 200 void setOwningUser( 202 DataproviderObject_1_0 obj, 203 List report 204 ) throws ServiceException { 205 this.applyAcls( 206 obj, 207 new Marshaller() { 208 public Object marshal(Object s) throws ServiceException { 209 if(s instanceof DataproviderObject) { 210 DataproviderObject obj = (DataproviderObject)s; 211 Path userIdentity = (Path)SecureObject.this.args.values("user").get(0); 212 if((userIdentity == null) && (obj.values(SystemAttributes.CREATED_BY).size() > 0)) { 213 DataproviderObject_1_0 user = SecureObject.this.getUser((String )obj.values(SystemAttributes.CREATED_BY).get(0)); 214 if(user != null) { 215 userIdentity = user.path(); 216 } 217 } 218 if(userIdentity != null) { 219 obj.clearValues("owningUser").add(userIdentity); 220 } 221 } 222 return s; 223 } 224 public Object unmarshal(Object s) { 225 throw new UnsupportedOperationException (); 226 } 227 }, 228 (Short )this.args.values("mode").get(0), 229 "setOwningUser", 230 report 231 ); 232 } 233 234 void addOwningGroup( 236 DataproviderObject_1_0 obj, 237 List report 238 ) throws ServiceException { 239 this.applyAcls( 240 obj, 241 new Marshaller() { 242 public Object marshal(Object s) throws ServiceException { 243 if(s instanceof DataproviderObject) { 244 Path owningGroupIdentity = (Path)SecureObject.this.args.values("group").get(0); 245 if(owningGroupIdentity != null) { 246 List groups = ((DataproviderObject)s).values("owningGroup"); 247 if(!groups.contains(owningGroupIdentity)) { 248 ((DataproviderObject)s).values("owningGroup").add( 249 owningGroupIdentity 250 ); 251 } 252 } 253 } 254 return s; 255 } 256 public Object unmarshal(Object s) { 257 throw new UnsupportedOperationException (); 258 } 259 }, 260 (Short )this.args.values("mode").get(0), 261 "addOwningGroup", 262 report 263 ); 264 } 265 266 void removeOwningGroup( 268 DataproviderObject_1_0 obj, 269 List report 270 ) throws ServiceException { 271 this.applyAcls( 272 obj, 273 new Marshaller() { 274 public Object marshal(Object s) throws ServiceException { 275 if(s instanceof DataproviderObject) { 276 Path owningGroupIdentity = (Path)SecureObject.this.args.values("group").get(0); 277 if(owningGroupIdentity != null) { 278 ((DataproviderObject)s).values("owningGroup").remove( 279 owningGroupIdentity 280 ); 281 } 282 } 283 return s; 284 } 285 public Object unmarshal(Object s) { 286 throw new UnsupportedOperationException (); 287 } 288 }, 289 (Short )this.args.values("mode").get(0), 290 "removeOwningGroup", 291 report 292 ); 293 } 294 295 void removeAllOwningGroup( 297 DataproviderObject_1_0 obj, 298 List report 299 ) throws ServiceException { 300 this.applyAcls( 301 obj, 302 new Marshaller() { 303 public Object marshal(Object s) throws ServiceException { 304 if(s instanceof DataproviderObject) { 305 ((DataproviderObject)s).clearValues("owningGroup"); 306 } 307 return s; 308 } 309 public Object unmarshal(Object s) { 310 throw new UnsupportedOperationException (); 311 } 312 }, 313 (Short )this.args.values("mode").get(0), 314 "removeAllOwningGroup", 315 report 316 ); 317 } 318 319 void setAccessLevel( 321 DataproviderObject_1_0 obj, 322 List report 323 ) throws ServiceException { 324 this.applyAcls( 325 obj, 326 new Marshaller() { 327 public Object marshal(Object s) throws ServiceException { 328 Number accessLevelBrowse = (Number )SecureObject.this.args.values("accessLevelBrowse").get(0); 329 if((accessLevelBrowse != null) && (accessLevelBrowse.intValue() > 0)) { 330 ((DataproviderObject)s).clearValues("accessLevelBrowse").add( 331 accessLevelBrowse 332 ); 333 } 334 Number accessLevelUpdate = (Number )SecureObject.this.args.values("accessLevelUpdate").get(0); 335 if((accessLevelUpdate != null) && (accessLevelUpdate.intValue() > 0)) { 336 ((DataproviderObject)s).clearValues("accessLevelUpdate").add( 337 accessLevelUpdate 338 ); 339 } 340 Number accessLevelDelete = (Number )SecureObject.this.args.values("accessLevelDelete").get(0); 341 if((accessLevelDelete != null) && (accessLevelDelete.intValue() > 0)) { 342 ((DataproviderObject)s).clearValues("accessLevelDelete").add( 343 accessLevelDelete 344 ); 345 } 346 return s; 347 } 348 public Object unmarshal(Object s) { 349 throw new UnsupportedOperationException (); 350 } 351 }, 352 (Short )this.args.values("mode").get(0), 353 "setAccessLevel", 354 report 355 ); 356 } 357 358 public static final int MODE_LOCAL = 0; 362 public static final int MODE_RECURSIVE = 1; 363 364 private final OpenCrxKernel_1 plugin; 365 private final Model_1_0 model; 366 private final RequestCollection delegation; 367 private final Path realmIdentity; 368 final DataproviderObject args; 369 370 } 371 372 | Popular Tags |