/**
* Saves a user.
*
* @param user the user to save
* @param currentUser the user performing the save operation
*/
public void saveUser(User user, User currentUser) throws IOException {
Assert.notNull(user);
Assert.notNull(currentUser);
ILockedRepository repo = null;
try {
repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
Map<String, Object> userMap = new HashMap<String, Object>();
userMap.put("loginName", user.getLoginName()); // $NON-NLS-1$
userMap.put("password", user.getPassword()); // $NON-NLS-1$
userMap.put("email", user.getEmail()); // $NON-NLS-1$
userMap.put("disabled", Boolean.valueOf(user.isDisabled())); // $NON-NLS-1$
if (!user.getOpenIds().isEmpty()) {
userMap.put("openIds", user.getOpenIds()); // $NON-NLS-1$
}
Gson gson = new GsonBuilder().enableComplexMapKeySerialization().create();
String json = gson.toJson(userMap);
File workingDir = RepositoryUtil.getWorkingDir(repo.r());
File workingFile = new File(workingDir, user.getLoginName() + USER_SUFFIX);
FileUtils.write(workingFile, json, Charsets.UTF_8);
Git git = Git.wrap(repo.r());
git.add().addFilepattern(user.getLoginName() + USER_SUFFIX).call();
PersonIdent ident = new PersonIdent(currentUser.getLoginName(), currentUser.getEmail());
git.commit().setAuthor(ident).setCommitter(ident).setMessage(user.getLoginName()).call();
} catch (GitAPIException e) {
throw new IOException(e);
} finally {
Util.closeQuietly(repo);
}
}
/* (non-Javadoc)
* @see gov.nih.nci.security.dao.SearchCriteria#getFieldAndValues()
*/
public Hashtable getFieldAndValues() {
// TODO Auto-generated method stub
Hashtable ht = new Hashtable();
if (user.getLoginName() != null) {
ht.put("loginName", user.getLoginName());
}
if (user.getPreMigrationLoginName() != null) {
ht.put("preMigrationLoginName", user.getPreMigrationLoginName());
}
if (user.getLastName() != null) {
ht.put("lastName", getEncryptedString(user.getLastName()));
}
if (user.getFirstName() != null) {
ht.put("firstName", getEncryptedString(user.getFirstName()));
}
if (user.getOrganization() != null) {
ht.put("organization", getEncryptedString(user.getOrganization()));
}
if (user.getDepartment() != null) {
ht.put("department", getEncryptedString(user.getDepartment()));
}
if (user.getEmailId() != null) {
ht.put("emailId", getEncryptedString(user.getEmailId()));
}
if (ht.size() == 0) {
ht.put("loginName", "%");
}
return ht;
}
private void deleteFromAllAuthorities(
Predicate<RoleGrantedAuthority> predicate, String commitMessage, User currentUser)
throws IOException, GitAPIException {
ILockedRepository repo = null;
try {
List<String> users = listUsers();
users.add(ANONYMOUS_USER_LOGIN_NAME);
repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
boolean anyChanged = false;
for (String loginName : users) {
Set<RoleGrantedAuthority> authorities =
Sets.newHashSet(getUserAuthorities(loginName, repo));
Set<RoleGrantedAuthority> newAuthorities =
Sets.newHashSet(Sets.filter(authorities, predicate));
if (!newAuthorities.equals(authorities)) {
saveUserAuthorities(loginName, newAuthorities, repo, currentUser, false);
anyChanged = true;
}
}
if (anyChanged) {
PersonIdent ident = new PersonIdent(currentUser.getLoginName(), currentUser.getEmail());
Git.wrap(repo.r())
.commit()
.setAuthor(ident)
.setCommitter(ident)
.setMessage(commitMessage)
.call();
}
} finally {
Util.closeQuietly(repo);
}
}
public void renameRole(String roleName, String newRoleName, User currentUser) throws IOException {
Assert.hasLength(roleName);
Assert.hasLength(newRoleName);
Assert.notNull(currentUser);
// check that role exists by trying to load it
getRole(roleName);
// check that new role does not exist by trying to load it
try {
getRole(newRoleName);
throw new IllegalArgumentException("role already exists: " + newRoleName); // $NON-NLS-1$
} catch (RoleNotFoundException e) {
// okay
}
log.info("renaming role: {} -> {}", roleName, newRoleName); // $NON-NLS-1$
ILockedRepository repo = null;
try {
repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
File workingDir = RepositoryUtil.getWorkingDir(repo.r());
File file = new File(workingDir, roleName + ROLE_SUFFIX);
File newFile = new File(workingDir, newRoleName + ROLE_SUFFIX);
FileUtils.copyFile(file, newFile);
Git git = Git.wrap(repo.r());
git.rm().addFilepattern(roleName + ROLE_SUFFIX).call();
git.add().addFilepattern(newRoleName + ROLE_SUFFIX).call();
List<String> users = listUsers(repo);
users.add(ANONYMOUS_USER_LOGIN_NAME);
for (String user : users) {
List<RoleGrantedAuthority> authorities = getUserAuthorities(user, repo);
Set<RoleGrantedAuthority> newAuthorities = Sets.newHashSet();
for (Iterator<RoleGrantedAuthority> iter = authorities.iterator(); iter.hasNext(); ) {
RoleGrantedAuthority rga = iter.next();
if (rga.getRoleName().equals(roleName)) {
RoleGrantedAuthority newRga = new RoleGrantedAuthority(rga.getTarget(), newRoleName);
newAuthorities.add(newRga);
iter.remove();
}
}
if (!newAuthorities.isEmpty()) {
authorities.addAll(newAuthorities);
saveUserAuthorities(user, Sets.newHashSet(authorities), repo, currentUser, false);
}
}
PersonIdent ident = new PersonIdent(currentUser.getLoginName(), currentUser.getEmail());
git.commit()
.setAuthor(ident)
.setCommitter(ident)
.setMessage("rename role " + roleName + " to " + newRoleName) // $NON-NLS-1$ //$NON-NLS-2$
.call();
} catch (GitAPIException e) {
throw new IOException(e);
} finally {
Util.closeQuietly(repo);
}
}
private void saveUserAuthorities(
String loginName,
Set<RoleGrantedAuthority> authorities,
ILockedRepository repo,
User currentUser,
boolean commit)
throws IOException, GitAPIException {
Map<String, Set<String>> authoritiesMap = new HashMap<String, Set<String>>();
for (RoleGrantedAuthority rga : authorities) {
GrantedAuthorityTarget target = rga.getTarget();
String targetStr = target.getType().name() + ":" + target.getTargetId(); // $NON-NLS-1$
Set<String> roleNames = authoritiesMap.get(targetStr);
if (roleNames == null) {
roleNames = Sets.newHashSet();
authoritiesMap.put(targetStr, roleNames);
}
roleNames.add(rga.getRoleName());
}
Gson gson = new GsonBuilder().enableComplexMapKeySerialization().create();
String json = gson.toJson(authoritiesMap);
File workingDir = RepositoryUtil.getWorkingDir(repo.r());
File workingFile = new File(workingDir, loginName + AUTHORITIES_SUFFIX);
FileUtils.write(workingFile, json, Charsets.UTF_8);
Git git = Git.wrap(repo.r());
git.add().addFilepattern(loginName + AUTHORITIES_SUFFIX).call();
if (commit) {
PersonIdent ident = new PersonIdent(currentUser.getLoginName(), currentUser.getEmail());
git.commit().setAuthor(ident).setCommitter(ident).setMessage(loginName).call();
}
}
/**
* Saves a role.
*
* @param role the role to save
* @param currentUser the user performing the save operation
*/
public void saveRole(Role role, User currentUser) throws IOException {
Assert.notNull(role);
Assert.notNull(currentUser);
ILockedRepository repo = null;
try {
repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
Map<String, Object> roleMap = new HashMap<String, Object>();
roleMap.put("name", role.getName()); // $NON-NLS-1$
Set<String> permissions = Sets.newHashSet();
for (Permission permission : role.getPermissions()) {
permissions.add(permission.name());
}
roleMap.put("permissions", permissions); // $NON-NLS-1$
Gson gson = new GsonBuilder().enableComplexMapKeySerialization().create();
String json = gson.toJson(roleMap);
File workingDir = RepositoryUtil.getWorkingDir(repo.r());
File workingFile = new File(workingDir, role.getName() + ROLE_SUFFIX);
FileUtils.write(workingFile, json, Charsets.UTF_8);
Git git = Git.wrap(repo.r());
git.add().addFilepattern(role.getName() + ROLE_SUFFIX).call();
PersonIdent ident = new PersonIdent(currentUser.getLoginName(), currentUser.getEmail());
git.commit().setAuthor(ident).setCommitter(ident).setMessage(role.getName()).call();
} catch (GitAPIException e) {
throw new IOException(e);
} finally {
Util.closeQuietly(repo);
}
}
private void createInitialRoles(User adminUser) throws IOException {
saveRole(new Role("Administrator", EnumSet.of(Permission.ADMIN)), adminUser); // $NON-NLS-1$
saveRole(
new Role("Editor", EnumSet.of(Permission.EDIT_BRANCH, Permission.EDIT_PAGE)),
adminUser); //$NON-NLS-1$
saveRole(new Role("Reader", EnumSet.of(Permission.VIEW)), adminUser); // $NON-NLS-1$
Set<RoleGrantedAuthority> authorities =
Collections.singleton(
new RoleGrantedAuthority(
GrantedAuthorityTarget.APPLICATION, "Administrator")); // $NON-NLS-1$
saveUserAuthorities(adminUser.getLoginName(), authorities, adminUser);
authorities =
Collections.singleton(
new RoleGrantedAuthority(GrantedAuthorityTarget.APPLICATION, "Reader")); // $NON-NLS-1$
saveUserAuthorities(ANONYMOUS_USER_LOGIN_NAME, authorities, adminUser);
}
public void renameUser(String loginName, String newLoginName, User currentUser)
throws IOException {
Assert.hasLength(loginName);
Assert.hasLength(newLoginName);
Assert.notNull(currentUser);
// check that user exists by trying to load it
getUser(loginName);
// check that new user does not exist by trying to load it
try {
getUser(newLoginName);
throw new IllegalArgumentException("user already exists: " + newLoginName); // $NON-NLS-1$
} catch (UserNotFoundException e) {
// okay
}
ILockedRepository repo = null;
try {
repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
File workingDir = RepositoryUtil.getWorkingDir(repo.r());
File file = new File(workingDir, loginName + USER_SUFFIX);
File newFile = new File(workingDir, newLoginName + USER_SUFFIX);
FileUtils.copyFile(file, newFile);
file = new File(workingDir, loginName + AUTHORITIES_SUFFIX);
newFile = new File(workingDir, newLoginName + AUTHORITIES_SUFFIX);
FileUtils.copyFile(file, newFile);
Git git = Git.wrap(repo.r());
git.rm().addFilepattern(loginName + USER_SUFFIX).call();
git.rm().addFilepattern(loginName + AUTHORITIES_SUFFIX).call();
git.add().addFilepattern(newLoginName + USER_SUFFIX).call();
git.add().addFilepattern(newLoginName + AUTHORITIES_SUFFIX).call();
PersonIdent ident = new PersonIdent(currentUser.getLoginName(), currentUser.getEmail());
git.commit()
.setAuthor(ident)
.setCommitter(ident)
.setMessage(
"rename user " + loginName + " to " + newLoginName) // $NON-NLS-1$ //$NON-NLS-2$
.call();
} catch (GitAPIException e) {
throw new IOException(e);
} finally {
Util.closeQuietly(repo);
}
}
public void deleteRole(String roleName, User currentUser) throws IOException {
Assert.hasLength(roleName);
Assert.notNull(currentUser);
// check that role exists by trying to load it
getRole(roleName);
ILockedRepository repo = null;
try {
repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
Git git = Git.wrap(repo.r());
git.rm().addFilepattern(roleName + ROLE_SUFFIX).call();
// remove role from all users
List<String> users = listUsers(repo);
users.add(ANONYMOUS_USER_LOGIN_NAME);
for (String user : users) {
List<RoleGrantedAuthority> authorities = getUserAuthorities(user, repo);
boolean changed = false;
for (Iterator<RoleGrantedAuthority> iter = authorities.iterator(); iter.hasNext(); ) {
RoleGrantedAuthority rga = iter.next();
if (rga.getRoleName().equals(roleName)) {
iter.remove();
changed = true;
}
}
if (changed) {
saveUserAuthorities(user, Sets.newHashSet(authorities), repo, currentUser, false);
}
}
PersonIdent ident = new PersonIdent(currentUser.getLoginName(), currentUser.getEmail());
git.commit()
.setAuthor(ident)
.setCommitter(ident)
.setMessage("delete role " + roleName) // $NON-NLS-1$
.call();
} catch (GitAPIException e) {
throw new IOException(e);
} finally {
Util.closeQuietly(repo);
}
}
public void deleteUser(String loginName, User currentUser) throws IOException {
Assert.hasLength(loginName);
Assert.notNull(currentUser);
ILockedRepository repo = null;
try {
repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
Git git = Git.wrap(repo.r());
git.rm().addFilepattern(loginName + USER_SUFFIX).call();
git.rm().addFilepattern(loginName + AUTHORITIES_SUFFIX).call();
PersonIdent ident = new PersonIdent(currentUser.getLoginName(), currentUser.getEmail());
git.commit()
.setAuthor(ident)
.setCommitter(ident)
.setMessage("delete user " + loginName) // $NON-NLS-1$
.call();
} catch (GitAPIException e) {
throw new IOException(e);
} finally {
Util.closeQuietly(repo);
}
}
