/**
* @see
* edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBase#processChangeLogEntries(java.util.List,
* edu.internet2.middleware.grouper.changeLog.ChangeLogProcessorMetadata)
*/
@Override
public long processChangeLogEntries(
List<ChangeLogEntry> changeLogEntryList,
ChangeLogProcessorMetadata changeLogProcessorMetadata) {
long currentId = -1;
boolean startedGrouperSession = false;
GrouperSession grouperSession = GrouperSession.staticGrouperSession(false);
if (grouperSession == null) {
grouperSession = GrouperSession.startRootSession();
startedGrouperSession = true;
} else {
grouperSession = grouperSession.internal_getRootSession();
}
// try catch so we can track that we made some progress
try {
for (ChangeLogEntry changeLogEntry : changeLogEntryList) {
currentId = changeLogEntry.getSequenceNumber();
// if this is a group add action and category
if (changeLogEntry.equalsCategoryAndAction(ChangeLogTypeBuiltin.GROUP_ADD)) {
String groupName = changeLogEntry.retrieveValueForLabel(ChangeLogLabels.GROUP_ADD.name);
if (GrouperDuoUtils.validDuoGroupName(groupName)) {
String groupExtension = GrouperUtil.extensionFromName(groupName);
// get the group in grouper
String groupDescription =
changeLogEntry.retrieveValueForLabel(ChangeLogLabels.GROUP_ADD.description);
// shouldnt be the case but check anyways
if (!GrouperDuoCommands.retrieveGroups().containsKey(groupExtension)) {
GrouperDuoCommands.createDuoGroup(groupExtension, groupDescription, true);
}
}
} else if (changeLogEntry.equalsCategoryAndAction(ChangeLogTypeBuiltin.GROUP_DELETE)) {
String groupName =
changeLogEntry.retrieveValueForLabel(ChangeLogLabels.GROUP_DELETE.name);
if (GrouperDuoUtils.validDuoGroupName(groupName)) {
String groupExtension = GrouperUtil.extensionFromName(groupName);
// shouldnt be the case but check anyways
GrouperDuoGroup grouperDuoGroup =
GrouperDuoCommands.retrieveGroups().get(groupExtension);
if (grouperDuoGroup != null) {
GrouperDuoCommands.deleteDuoGroup(grouperDuoGroup.getId(), true);
}
}
}
if (changeLogEntry.equalsCategoryAndAction(ChangeLogTypeBuiltin.GROUP_UPDATE)) {
String groupName =
changeLogEntry.retrieveValueForLabel(ChangeLogLabels.GROUP_UPDATE.name);
if (GrouperDuoUtils.validDuoGroupName(groupName)) {
String groupExtension = GrouperUtil.extensionFromName(groupName);
// get the group in grouper
Group group = GroupFinder.findByName(grouperSession, groupName, false);
if (group != null) {
// shouldnt be the case but check anyways
Map<String, GrouperDuoGroup> groupNameToDuoGroupMap =
GrouperDuoCommands.retrieveGroups();
GrouperDuoGroup grouperDuoGroup = groupNameToDuoGroupMap.get(groupExtension);
if (grouperDuoGroup != null) {
GrouperDuoCommands.updateDuoGroup(
grouperDuoGroup.getId(), group.getDescription(), true);
}
}
}
}
boolean isMembershipAdd =
changeLogEntry.equalsCategoryAndAction(ChangeLogTypeBuiltin.MEMBERSHIP_ADD);
boolean isMembershipDelete =
changeLogEntry.equalsCategoryAndAction(ChangeLogTypeBuiltin.MEMBERSHIP_DELETE);
boolean isMembershipUpdate =
changeLogEntry.equalsCategoryAndAction(ChangeLogTypeBuiltin.MEMBERSHIP_UPDATE);
if (isMembershipAdd || isMembershipDelete || isMembershipUpdate) {
String groupName =
changeLogEntry.retrieveValueForLabel(ChangeLogLabels.MEMBERSHIP_ADD.groupName);
if (GrouperDuoUtils.validDuoGroupName(groupName)) {
String sourceId =
changeLogEntry.retrieveValueForLabel(ChangeLogLabels.MEMBERSHIP_ADD.sourceId);
boolean inCorrectSubjectSource =
GrouperDuoUtils.configSourcesForSubjects().contains(sourceId);
if (inCorrectSubjectSource) {
String groupExtension = GrouperUtil.extensionFromName(groupName);
Group group = GroupFinder.findByName(grouperSession, groupName, false);
Map<String, GrouperDuoGroup> groupNameToDuoGroupMap =
GrouperDuoCommands.retrieveGroups();
GrouperDuoGroup grouperDuoGroup = groupNameToDuoGroupMap.get(groupExtension);
String subjectId =
changeLogEntry.retrieveValueForLabel(ChangeLogLabels.MEMBERSHIP_ADD.subjectId);
String subjectAttributeForDuoUsername =
GrouperDuoUtils.configSubjectAttributeForDuoUsername();
String username = null;
Subject subject = SubjectFinder.findByIdAndSource(subjectId, sourceId, false);
if (StringUtils.equals("id", subjectAttributeForDuoUsername)) {
username = subjectId;
} else {
if (subject != null) {
String attributeValue = subject.getAttributeValue(subjectAttributeForDuoUsername);
if (!StringUtils.isBlank(attributeValue)) {
username = attributeValue;
}
}
}
String duoGroupId = grouperDuoGroup != null ? grouperDuoGroup.getId() : null;
String duoUserId =
!StringUtils.isBlank(username)
? GrouperDuoCommands.retrieveUserIdFromUsername(username)
: null;
// cant do anything if missing these things
if (!StringUtils.isBlank(duoGroupId) && !StringUtils.isBlank(duoUserId)) {
boolean userInDuoGroup =
GrouperDuoCommands.userInGroup(duoUserId, duoGroupId, true);
boolean addUserToGroup = isMembershipAdd;
// if update it could have unexpired
if (isMembershipUpdate
&& group != null
&& subject != null
&& group.hasMember(subject)) {
addUserToGroup = true;
}
// see if any update is needed
if (addUserToGroup != userInDuoGroup) {
if (addUserToGroup) {
GrouperDuoCommands.assignUserToGroup(duoUserId, duoGroupId, true);
} else {
GrouperDuoCommands.removeUserFromGroup(duoUserId, duoGroupId, true);
}
}
}
}
}
}
// we successfully processed this record
}
} catch (Exception e) {
changeLogProcessorMetadata.registerProblem(e, "Error processing record", currentId);
// we made it to this -1
return currentId - 1;
} finally {
if (startedGrouperSession) {
GrouperSession.stopQuietly(grouperSession);
}
}
if (currentId == -1) {
throw new RuntimeException("Couldnt process any records");
}
return currentId;
}
/**
* Check if subject has privilege.
*
* <p>
*
* @param i BeanShell interpreter.
* @param stack BeanShell call stack.
* @param name Check for privilege on this {@link Group} or {@link Stem}.
* @param subjId Check if this {@link Subject} has privilege.
* @param priv Check this {@link AccessPrivilege}.
* @return True if succeeds.
* @throws GrouperShellException
* @since 0.0.1
*/
public static boolean invoke(
Interpreter i, CallStack stack, String name, String subjId, Privilege priv)
throws GrouperShellException {
GrouperShell.setOurCommand(i, true);
try {
GrouperSession s = GrouperShell.getSession(i);
Subject subj = SubjectFinder.findByIdOrIdentifier(subjId, true);
if (Privilege.isAccess(priv)) {
Group g = GroupFinder.findByName(s, name, true);
if (priv.equals(AccessPrivilege.ADMIN)) {
return g.hasAdmin(subj);
} else if (priv.equals(AccessPrivilege.OPTIN)) {
return g.hasOptin(subj);
} else if (priv.equals(AccessPrivilege.OPTOUT)) {
return g.hasOptout(subj);
} else if (priv.equals(AccessPrivilege.READ)) {
return g.hasRead(subj);
} else if (priv.equals(AccessPrivilege.UPDATE)) {
return g.hasUpdate(subj);
} else if (priv.equals(AccessPrivilege.GROUP_ATTR_READ)) {
return g.hasGroupAttrRead(subj);
} else if (priv.equals(AccessPrivilege.GROUP_ATTR_UPDATE)) {
return g.hasGroupAttrUpdate(subj);
} else if (priv.equals(AccessPrivilege.VIEW)) {
return g.hasView(subj);
} else {
throw new RuntimeException("Not expecting privilege: " + priv);
}
} else if (Privilege.isNaming(priv)) {
Stem ns = StemFinder.findByName(s, name, true);
if (priv.equals(NamingPrivilege.CREATE)) {
return ns.hasCreate(subj);
} else if (priv.equals(NamingPrivilege.STEM_ATTR_READ)) {
return ns.hasStemAttrRead(subj);
} else if (priv.equals(NamingPrivilege.STEM_ATTR_UPDATE)) {
return ns.hasStemAttrUpdate(subj);
} else if (priv.equals(NamingPrivilege.STEM) || priv.equals(NamingPrivilege.STEM_ADMIN)) {
return ns.hasStemAdmin(subj);
} else {
throw new RuntimeException("Not expecting privilege: " + priv);
}
} else if (Privilege.isAttributeDef(priv)) {
AttributeDef attributeDef = AttributeDefFinder.findByName(name, true);
if (priv.equals(AttributeDefPrivilege.ATTR_ADMIN)) {
return attributeDef.getPrivilegeDelegate().hasAttrAdmin(subj);
} else if (priv.equals(AttributeDefPrivilege.ATTR_OPTIN)) {
return attributeDef.getPrivilegeDelegate().hasAttrOptin(subj);
} else if (priv.equals(AttributeDefPrivilege.ATTR_OPTOUT)) {
return attributeDef.getPrivilegeDelegate().hasAttrOptout(subj);
} else if (priv.equals(AttributeDefPrivilege.ATTR_READ)) {
return attributeDef.getPrivilegeDelegate().hasAttrRead(subj);
} else if (priv.equals(AttributeDefPrivilege.ATTR_UPDATE)) {
return attributeDef.getPrivilegeDelegate().hasAttrUpdate(subj);
} else if (priv.equals(AttributeDefPrivilege.ATTR_DEF_ATTR_READ)) {
return attributeDef.getPrivilegeDelegate().hasAttrDefAttrRead(subj);
} else if (priv.equals(AttributeDefPrivilege.ATTR_DEF_ATTR_UPDATE)) {
return attributeDef.getPrivilegeDelegate().hasAttrDefAttrUpdate(subj);
} else if (priv.equals(AttributeDefPrivilege.ATTR_VIEW)) {
return attributeDef.getPrivilegeDelegate().hasAttrView(subj);
} else {
throw new RuntimeException("Not expecting privilege: " + priv);
}
} else {
throw new RuntimeException("Invalid privilege type: " + priv);
}
} catch (GroupNotFoundException eGNF) {
GrouperShell.error(i, eGNF);
} catch (StemNotFoundException eNSNF) {
GrouperShell.error(i, eNSNF);
} catch (SubjectNotFoundException eSNF) {
GrouperShell.error(i, eSNF);
} catch (SubjectNotUniqueException eSNU) {
GrouperShell.error(i, eSNU);
}
return false;
} // public static boolean invoke(i, stack, name, subjId, priv)