public static void createDefaultUsers() {
try {
// the baasbox default user used to connect to the DB like anonymous user
String username = BBConfiguration.getBaasBoxUsername();
String password = BBConfiguration.getBaasBoxPassword();
UserService.signUp(
username,
password,
new Date(),
DefaultRoles.ANONYMOUS_USER.toString(),
null,
null,
null,
null,
false);
// the baasbox default user used to act internally as the administrator
username = BBConfiguration.getBaasBoxAdminUsername();
password = BBConfiguration.getBaasBoxAdminPassword();
UserService.signUp(
username,
password,
new Date(),
DefaultRoles.ADMIN.toString(),
null,
null,
null,
null,
false);
moveUserToRole("admin", DefaultRoles.BASE_ADMIN.toString(), DefaultRoles.ADMIN.toString());
} catch (Exception e) {
throw new RuntimeException(e);
}
}
public static void createDefaultUsers() throws Exception {
Logger.trace("Method Start");
// the baasbox default user used to connect to the DB like anonymous user
String username = BBConfiguration.getBaasBoxUsername();
String password = BBConfiguration.getBaasBoxPassword();
UserService.signUp(
username, password, DefaultRoles.ANONYMOUS_USER.toString(), null, null, null, null);
OGraphDatabase db = DbHelper.getConnection();
OUser admin = db.getMetadata().getSecurity().getUser("admin");
admin.setPassword(BBConfiguration.configuration.getString(BBConfiguration.ADMIN_PASSWORD));
admin.save();
Logger.trace("Method End");
}
public static ODocument updateProfile(
ODocument profile,
JsonNode nonAppUserAttributes,
JsonNode privateAttributes,
JsonNode friendsAttributes,
JsonNode appUsersAttributes)
throws Exception {
if (nonAppUserAttributes != null) {
ODocument attrObj = profile.field(UserDao.ATTRIBUTES_VISIBLE_BY_ANONYMOUS_USER);
if (attrObj == null) attrObj = new ODocument(UserDao.USER_ATTRIBUTES_CLASS);
attrObj.fromJSON(nonAppUserAttributes.toString());
PermissionsHelper.grantRead(
attrObj, RoleDao.getRole(DefaultRoles.REGISTERED_USER.toString()));
PermissionsHelper.grantRead(attrObj, RoleDao.getRole(DefaultRoles.ANONYMOUS_USER.toString()));
PermissionsHelper.grantRead(attrObj, RoleDao.getFriendRole());
profile.field(UserDao.ATTRIBUTES_VISIBLE_BY_ANONYMOUS_USER, attrObj);
attrObj.save();
}
if (privateAttributes != null) {
ODocument attrObj = profile.field(UserDao.ATTRIBUTES_VISIBLE_ONLY_BY_THE_USER);
if (attrObj == null) attrObj = new ODocument(UserDao.USER_ATTRIBUTES_CLASS);
attrObj.fromJSON(privateAttributes.toString());
PermissionsHelper.grant(
attrObj, Permissions.ALLOW, getOUserByUsername(getUsernameByProfile(profile)));
profile.field(UserDao.ATTRIBUTES_VISIBLE_ONLY_BY_THE_USER, attrObj);
attrObj.save();
}
if (friendsAttributes != null) {
ODocument attrObj = profile.field(UserDao.ATTRIBUTES_VISIBLE_BY_FRIENDS_USER);
if (attrObj == null) attrObj = new ODocument(UserDao.USER_ATTRIBUTES_CLASS);
attrObj.fromJSON(friendsAttributes.toString());
PermissionsHelper.grantRead(attrObj, RoleDao.getFriendRole());
profile.field(UserDao.ATTRIBUTES_VISIBLE_BY_FRIENDS_USER, attrObj);
attrObj.save();
}
if (appUsersAttributes != null) {
ODocument attrObj = profile.field(UserDao.ATTRIBUTES_VISIBLE_BY_REGISTERED_USER);
if (attrObj == null) attrObj = new ODocument(UserDao.USER_ATTRIBUTES_CLASS);
attrObj.fromJSON(appUsersAttributes.toString());
PermissionsHelper.grantRead(
attrObj, RoleDao.getRole(DefaultRoles.REGISTERED_USER.toString()));
PermissionsHelper.grantRead(attrObj, RoleDao.getFriendRole());
profile.field(UserDao.ATTRIBUTES_VISIBLE_BY_REGISTERED_USER, attrObj);
attrObj.save();
}
profile.save();
return profile;
}
public static void createDefaultRoles() {
Logger.trace("Method Start");
OGraphDatabase db = DbHelper.getConnection();
final ORole anonymousUserRole =
db.getMetadata()
.getSecurity()
.createRole(DefaultRoles.ANONYMOUS_USER.toString(), ORole.ALLOW_MODES.DENY_ALL_BUT);
anonymousUserRole.save();
final ORole registeredUserRole =
db.getMetadata()
.getSecurity()
.createRole(DefaultRoles.REGISTERED_USER.toString(), ORole.ALLOW_MODES.DENY_ALL_BUT);
registeredUserRole.save();
final ORole backOfficeRole =
db.getMetadata()
.getSecurity()
.createRole(DefaultRoles.BACKOFFICE_USER.toString(), ORole.ALLOW_MODES.DENY_ALL_BUT);
backOfficeRole.save();
registeredUserRole.addRule(ODatabaseSecurityResources.DATABASE, ORole.PERMISSION_READ);
registeredUserRole.addRule(
ODatabaseSecurityResources.SCHEMA,
ORole.PERMISSION_READ + ORole.PERMISSION_CREATE + ORole.PERMISSION_UPDATE);
registeredUserRole.addRule(
ODatabaseSecurityResources.CLUSTER + "." + OMetadata.CLUSTER_INTERNAL_NAME,
ORole.PERMISSION_READ);
registeredUserRole.addRule(
ODatabaseSecurityResources.CLUSTER + ".orole", ORole.PERMISSION_READ);
registeredUserRole.addRule(
ODatabaseSecurityResources.CLUSTER + ".ouser", ORole.PERMISSION_READ);
registeredUserRole.addRule(ODatabaseSecurityResources.ALL_CLASSES, ORole.PERMISSION_ALL);
registeredUserRole.addRule(ODatabaseSecurityResources.ALL_CLUSTERS, ORole.PERMISSION_ALL);
registeredUserRole.addRule(ODatabaseSecurityResources.COMMAND, ORole.PERMISSION_ALL);
registeredUserRole.addRule(ODatabaseSecurityResources.RECORD_HOOK, ORole.PERMISSION_ALL);
backOfficeRole.addRule(ODatabaseSecurityResources.DATABASE, ORole.PERMISSION_READ);
backOfficeRole.addRule(
ODatabaseSecurityResources.SCHEMA,
ORole.PERMISSION_READ + ORole.PERMISSION_CREATE + ORole.PERMISSION_UPDATE);
backOfficeRole.addRule(
ODatabaseSecurityResources.CLUSTER + "." + OMetadata.CLUSTER_INTERNAL_NAME,
ORole.PERMISSION_READ);
backOfficeRole.addRule(ODatabaseSecurityResources.CLUSTER + ".orole", ORole.PERMISSION_READ);
backOfficeRole.addRule(ODatabaseSecurityResources.CLUSTER + ".ouser", ORole.PERMISSION_READ);
backOfficeRole.addRule(ODatabaseSecurityResources.ALL_CLASSES, ORole.PERMISSION_ALL);
backOfficeRole.addRule(ODatabaseSecurityResources.ALL_CLUSTERS, ORole.PERMISSION_ALL);
backOfficeRole.addRule(ODatabaseSecurityResources.COMMAND, ORole.PERMISSION_ALL);
backOfficeRole.addRule(ODatabaseSecurityResources.RECORD_HOOK, ORole.PERMISSION_ALL);
backOfficeRole.addRule(
ODatabaseSecurityResources.BYPASS_RESTRICTED,
ORole.PERMISSION_ALL); // the backoffice users can access and manipulate all records
anonymousUserRole.addRule(ODatabaseSecurityResources.DATABASE, ORole.PERMISSION_READ);
anonymousUserRole.addRule(ODatabaseSecurityResources.SCHEMA, ORole.PERMISSION_READ);
anonymousUserRole.addRule(
ODatabaseSecurityResources.CLUSTER + "." + OMetadata.CLUSTER_INTERNAL_NAME,
ORole.PERMISSION_READ);
anonymousUserRole.addRule(ODatabaseSecurityResources.CLUSTER + ".orole", ORole.PERMISSION_READ);
anonymousUserRole.addRule(ODatabaseSecurityResources.CLUSTER + ".ouser", ORole.PERMISSION_READ);
anonymousUserRole.addRule(ODatabaseSecurityResources.ALL_CLASSES, ORole.PERMISSION_READ);
anonymousUserRole.addRule(ODatabaseSecurityResources.ALL_CLUSTERS, 7);
anonymousUserRole.addRule(ODatabaseSecurityResources.COMMAND, ORole.PERMISSION_READ);
anonymousUserRole.addRule(ODatabaseSecurityResources.RECORD_HOOK, ORole.PERMISSION_READ);
anonymousUserRole.save();
registeredUserRole.save();
Logger.trace("Method End");
}
public static ODocument signUp(
String username,
String password,
Date signupDate,
String role,
JsonNode nonAppUserAttributes,
JsonNode privateAttributes,
JsonNode friendsAttributes,
JsonNode appUsersAttributes,
boolean generated)
throws OSerializationException, Exception {
ODatabaseRecordTx db = DbHelper.getConnection();
ODocument profile = null;
UserDao dao = UserDao.getInstance();
try {
// because we have to create an OUser record and a User Object, we need a transaction
DbHelper.requestTransaction();
if (role == null) profile = dao.create(username, password);
else profile = dao.create(username, password, role);
ORID userRid = ((ODocument) profile.field("user")).getIdentity();
ORole friendRole = RoleDao.createFriendRole(username);
friendRole.getDocument().field(RoleService.FIELD_ASSIGNABLE, true);
friendRole.getDocument().field(RoleService.FIELD_MODIFIABLE, false);
friendRole.getDocument().field(RoleService.FIELD_INTERNAL, true);
friendRole
.getDocument()
.field(RoleService.FIELD_DESCRIPTION, "These are friends of " + username);
/* these attributes are visible by:
* Anonymous users
* Registered user
* Friends
* User
*/
// anonymous
{
ODocument attrObj = new ODocument(dao.USER_ATTRIBUTES_CLASS);
try {
if (nonAppUserAttributes != null) attrObj.fromJSON(nonAppUserAttributes.toString());
else attrObj.fromJSON("{}");
} catch (OSerializationException e) {
throw new OSerializationException(
dao.ATTRIBUTES_VISIBLE_BY_ANONYMOUS_USER + " is not a valid JSON object", e);
}
PermissionsHelper.grantRead(
attrObj, RoleDao.getRole(DefaultRoles.REGISTERED_USER.toString()));
PermissionsHelper.grantRead(
attrObj, RoleDao.getRole(DefaultRoles.ANONYMOUS_USER.toString()));
PermissionsHelper.grantRead(attrObj, friendRole);
PermissionsHelper.changeOwner(attrObj, userRid);
profile.field(dao.ATTRIBUTES_VISIBLE_BY_ANONYMOUS_USER, attrObj);
attrObj.save();
}
/* these attributes are visible by:
* User
*/
{
ODocument attrObj = new ODocument(dao.USER_ATTRIBUTES_CLASS);
try {
if (privateAttributes != null) attrObj.fromJSON(privateAttributes.toString());
else attrObj.fromJSON("{}");
} catch (OSerializationException e) {
throw new OSerializationException(
dao.ATTRIBUTES_VISIBLE_ONLY_BY_THE_USER + " is not a valid JSON object", e);
}
profile.field(dao.ATTRIBUTES_VISIBLE_ONLY_BY_THE_USER, attrObj);
PermissionsHelper.changeOwner(attrObj, userRid);
attrObj.save();
}
/* these attributes are visible by:
* Friends
* User
*/
{
ODocument attrObj = new ODocument(dao.USER_ATTRIBUTES_CLASS);
try {
if (friendsAttributes != null) attrObj.fromJSON(friendsAttributes.toString());
else attrObj.fromJSON("{}");
} catch (OSerializationException e) {
throw new OSerializationException(
dao.ATTRIBUTES_VISIBLE_BY_FRIENDS_USER + " is not a valid JSON object", e);
}
PermissionsHelper.grantRead(attrObj, friendRole);
PermissionsHelper.changeOwner(attrObj, userRid);
profile.field(dao.ATTRIBUTES_VISIBLE_BY_FRIENDS_USER, attrObj);
attrObj.save();
}
/* these attributes are visible by:
* Registered user
* Friends
* User
*/
{
ODocument attrObj = new ODocument(dao.USER_ATTRIBUTES_CLASS);
try {
if (appUsersAttributes != null) attrObj.fromJSON(appUsersAttributes.toString());
else attrObj.fromJSON("{}");
} catch (OSerializationException e) {
throw new OSerializationException(
dao.ATTRIBUTES_VISIBLE_BY_REGISTERED_USER + " is not a valid JSON object", e);
}
PermissionsHelper.grantRead(
attrObj, RoleDao.getRole(DefaultRoles.REGISTERED_USER.toString()));
PermissionsHelper.changeOwner(attrObj, userRid);
profile.field(dao.ATTRIBUTES_VISIBLE_BY_REGISTERED_USER, attrObj);
attrObj.save();
}
ODocument attrObj = new ODocument(dao.USER_ATTRIBUTES_CLASS);
attrObj.field(dao.USER_LOGIN_INFO, new ArrayList());
attrObj.field(UserDao.GENERATED_USERNAME, generated);
PermissionsHelper.grantRead(
attrObj, RoleDao.getRole(DefaultRoles.REGISTERED_USER.toString()));
PermissionsHelper.changeOwner(attrObj, userRid);
profile.field(dao.ATTRIBUTES_SYSTEM, attrObj);
PermissionsHelper.grantRead(
profile, RoleDao.getRole(DefaultRoles.REGISTERED_USER.toString()));
PermissionsHelper.grantRead(profile, RoleDao.getRole(DefaultRoles.ANONYMOUS_USER.toString()));
PermissionsHelper.changeOwner(profile, userRid);
profile.field(dao.USER_SIGNUP_DATE, signupDate == null ? new Date() : signupDate);
profile.save();
DbHelper.commitTransaction();
} catch (OSerializationException e) {
DbHelper.rollbackTransaction();
throw e;
} catch (Exception e) {
DbHelper.rollbackTransaction();
throw e;
}
return profile;
} // signUp
/**
* * Creates an entry into the ODocument-Collection and create a new Class named "collectionName"
*
* @param collectionName
* @return an ODocument instance representing the collection
* @throws CollectionAlreadyExistsException
* @throws OpenTransactionException, CollectionAlreadyExistsException, InvalidCollectionException,
* InvalidModelException, Throwable
*/
public ODocument create(String collectionName)
throws OpenTransactionException, CollectionAlreadyExistsException, InvalidCollectionException,
InvalidModelException, Throwable {
if (DbHelper.isInTransaction())
throw new OpenTransactionException("Cannot create a collection within an open transaction");
if (Logger.isTraceEnabled()) Logger.trace("Method Start");
if (Character.isDigit(collectionName.charAt(0))) {
throw new InvalidCollectionException("Collection names cannot start by a digit");
}
if (collectionName.contains(";")) {
throw new InvalidCollectionException("Collection cannot contain ;");
}
if (collectionName.contains(":")) {
throw new InvalidCollectionException("Collection cannot contain :");
}
if (collectionName.contains(".")) {
throw new InvalidCollectionException("Collection cannot contain .");
}
if (collectionName.contains("@")) {
throw new InvalidCollectionException("Collection cannot contain @");
}
if (collectionName.startsWith("_")) {
throw new InvalidCollectionException("Collection cannot start with _");
}
if (!collectionName.matches(COLLECTION_NAME_REGEX)) {
throw new InvalidCollectionException(
"Collection name must be complaint with the regular expression: "
+ COLLECTION_NAME_REGEX);
}
if (collectionName.toUpperCase().startsWith("_BB_")) {
throw new InvalidCollectionException(
"Collection name is not valid: it can't be prefixed with _BB_");
}
try {
if (existsCollection(collectionName))
throw new CollectionAlreadyExistsException(
"Collection " + collectionName + " already exists");
} catch (SqlInjectionException e) {
throw new InvalidCollectionException(e);
}
ODocument doc = super.create();
doc.field("name", collectionName);
save(doc);
// create new class
OClass documentClass = db.getMetadata().getSchema().getClass(CLASS_NODE_NAME);
db.getMetadata().getSchema().createClass(collectionName, documentClass);
// grants to the new class
ORole registeredRole = RoleDao.getRole(DefaultRoles.REGISTERED_USER.toString());
ORole anonymousRole = RoleDao.getRole(DefaultRoles.ANONYMOUS_USER.toString());
registeredRole.addRule(
ODatabaseSecurityResources.CLASS + "." + collectionName, ORole.PERMISSION_ALL);
registeredRole.addRule(
ODatabaseSecurityResources.CLUSTER + "." + collectionName, ORole.PERMISSION_ALL);
anonymousRole.addRule(
ODatabaseSecurityResources.CLASS + "." + collectionName, ORole.PERMISSION_READ);
anonymousRole.addRule(
ODatabaseSecurityResources.CLUSTER + "." + collectionName, ORole.PERMISSION_READ);
PermissionsHelper.grantRead(doc, registeredRole);
PermissionsHelper.grantRead(doc, anonymousRole);
if (Logger.isTraceEnabled()) Logger.trace("Method End");
return doc;
} // getNewModelInstance(String collectionName)
