private void deleteFromAllAuthorities(
Predicate<RoleGrantedAuthority> predicate, String commitMessage, User currentUser)
throws IOException, GitAPIException {
ILockedRepository repo = null;
try {
List<String> users = listUsers();
users.add(ANONYMOUS_USER_LOGIN_NAME);
repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
boolean anyChanged = false;
for (String loginName : users) {
Set<RoleGrantedAuthority> authorities =
Sets.newHashSet(getUserAuthorities(loginName, repo));
Set<RoleGrantedAuthority> newAuthorities =
Sets.newHashSet(Sets.filter(authorities, predicate));
if (!newAuthorities.equals(authorities)) {
saveUserAuthorities(loginName, newAuthorities, repo, currentUser, false);
anyChanged = true;
}
}
if (anyChanged) {
PersonIdent ident = new PersonIdent(currentUser.getLoginName(), currentUser.getEmail());
Git.wrap(repo.r())
.commit()
.setAuthor(ident)
.setCommitter(ident)
.setMessage(commitMessage)
.call();
}
} finally {
Util.closeQuietly(repo);
}
}
public void renameRole(String roleName, String newRoleName, User currentUser) throws IOException {
Assert.hasLength(roleName);
Assert.hasLength(newRoleName);
Assert.notNull(currentUser);
// check that role exists by trying to load it
getRole(roleName);
// check that new role does not exist by trying to load it
try {
getRole(newRoleName);
throw new IllegalArgumentException("role already exists: " + newRoleName); // $NON-NLS-1$
} catch (RoleNotFoundException e) {
// okay
}
log.info("renaming role: {} -> {}", roleName, newRoleName); // $NON-NLS-1$
ILockedRepository repo = null;
try {
repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
File workingDir = RepositoryUtil.getWorkingDir(repo.r());
File file = new File(workingDir, roleName + ROLE_SUFFIX);
File newFile = new File(workingDir, newRoleName + ROLE_SUFFIX);
FileUtils.copyFile(file, newFile);
Git git = Git.wrap(repo.r());
git.rm().addFilepattern(roleName + ROLE_SUFFIX).call();
git.add().addFilepattern(newRoleName + ROLE_SUFFIX).call();
List<String> users = listUsers(repo);
users.add(ANONYMOUS_USER_LOGIN_NAME);
for (String user : users) {
List<RoleGrantedAuthority> authorities = getUserAuthorities(user, repo);
Set<RoleGrantedAuthority> newAuthorities = Sets.newHashSet();
for (Iterator<RoleGrantedAuthority> iter = authorities.iterator(); iter.hasNext(); ) {
RoleGrantedAuthority rga = iter.next();
if (rga.getRoleName().equals(roleName)) {
RoleGrantedAuthority newRga = new RoleGrantedAuthority(rga.getTarget(), newRoleName);
newAuthorities.add(newRga);
iter.remove();
}
}
if (!newAuthorities.isEmpty()) {
authorities.addAll(newAuthorities);
saveUserAuthorities(user, Sets.newHashSet(authorities), repo, currentUser, false);
}
}
PersonIdent ident = new PersonIdent(currentUser.getLoginName(), currentUser.getEmail());
git.commit()
.setAuthor(ident)
.setCommitter(ident)
.setMessage("rename role " + roleName + " to " + newRoleName) // $NON-NLS-1$ //$NON-NLS-2$
.call();
} catch (GitAPIException e) {
throw new IOException(e);
} finally {
Util.closeQuietly(repo);
}
}
/**
* Returns the role that has the specified name.
*
* @throws RoleNotFoundException when the role could not be found
*/
public Role getRole(String roleName) throws IOException {
Assert.hasLength(roleName);
ILockedRepository repo = null;
try {
repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
String json = BlobUtils.getHeadContent(repo.r(), roleName + ROLE_SUFFIX);
if (json == null) {
throw new RoleNotFoundException(roleName);
}
Gson gson = new GsonBuilder().enableComplexMapKeySerialization().create();
Map<String, Object> roleMap =
gson.fromJson(json, new TypeToken<Map<String, Object>>() {}.getType());
@SuppressWarnings("unchecked")
Collection<String> permissions =
(Collection<String>) roleMap.get("permissions"); // $NON-NLS-1$
EnumSet<Permission> rolePermissions = EnumSet.noneOf(Permission.class);
for (String permission : permissions) {
rolePermissions.add(Permission.valueOf(permission));
}
Role role = new Role(roleName, rolePermissions);
return role;
} finally {
Util.closeQuietly(repo);
}
}
/**
* Returns the user that has an OpenID whose real ID is equal to the specified OpenID.
*
* @throws UserNotFoundException when the user could not be found
*/
public User getUserByOpenId(String openId) throws IOException {
ILockedRepository repo = null;
try {
repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
File workingDir = RepositoryUtil.getWorkingDir(repo.r());
FileFilter filter =
new FileFilter() {
@Override
public boolean accept(File file) {
return file.isFile() && file.getName().endsWith(USER_SUFFIX);
}
};
for (File file : workingDir.listFiles(filter)) {
String loginName = StringUtils.substringBeforeLast(file.getName(), USER_SUFFIX);
String json = FileUtils.readFileToString(file, Charsets.UTF_8);
User user = getUser(loginName, json);
for (OpenId id : user.getOpenIds()) {
if (id.getRealId().equals(openId)) {
return user;
}
}
}
throw new OpenIdNotFoundException(openId);
} finally {
Util.closeQuietly(repo);
}
}
/** Returns all known role names. */
public List<String> listRoles() throws IOException {
ILockedRepository repo = null;
try {
repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
File workingDir = RepositoryUtil.getWorkingDir(repo.r());
FileFilter filter =
new FileFilter() {
@Override
public boolean accept(File file) {
return file.isFile() && file.getName().endsWith(ROLE_SUFFIX);
}
};
List<File> files = Lists.newArrayList(workingDir.listFiles(filter));
Function<File, String> function =
new Function<File, String>() {
@Override
public String apply(File file) {
return StringUtils.substringBeforeLast(file.getName(), ROLE_SUFFIX);
}
};
List<String> users = Lists.newArrayList(Lists.transform(files, function));
Collections.sort(users);
return users;
} finally {
Util.closeQuietly(repo);
}
}
/**
* Saves a role.
*
* @param role the role to save
* @param currentUser the user performing the save operation
*/
public void saveRole(Role role, User currentUser) throws IOException {
Assert.notNull(role);
Assert.notNull(currentUser);
ILockedRepository repo = null;
try {
repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
Map<String, Object> roleMap = new HashMap<String, Object>();
roleMap.put("name", role.getName()); // $NON-NLS-1$
Set<String> permissions = Sets.newHashSet();
for (Permission permission : role.getPermissions()) {
permissions.add(permission.name());
}
roleMap.put("permissions", permissions); // $NON-NLS-1$
Gson gson = new GsonBuilder().enableComplexMapKeySerialization().create();
String json = gson.toJson(roleMap);
File workingDir = RepositoryUtil.getWorkingDir(repo.r());
File workingFile = new File(workingDir, role.getName() + ROLE_SUFFIX);
FileUtils.write(workingFile, json, Charsets.UTF_8);
Git git = Git.wrap(repo.r());
git.add().addFilepattern(role.getName() + ROLE_SUFFIX).call();
PersonIdent ident = new PersonIdent(currentUser.getLoginName(), currentUser.getEmail());
git.commit().setAuthor(ident).setCommitter(ident).setMessage(role.getName()).call();
} catch (GitAPIException e) {
throw new IOException(e);
} finally {
Util.closeQuietly(repo);
}
}
/**
* Saves a user.
*
* @param user the user to save
* @param currentUser the user performing the save operation
*/
public void saveUser(User user, User currentUser) throws IOException {
Assert.notNull(user);
Assert.notNull(currentUser);
ILockedRepository repo = null;
try {
repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
Map<String, Object> userMap = new HashMap<String, Object>();
userMap.put("loginName", user.getLoginName()); // $NON-NLS-1$
userMap.put("password", user.getPassword()); // $NON-NLS-1$
userMap.put("email", user.getEmail()); // $NON-NLS-1$
userMap.put("disabled", Boolean.valueOf(user.isDisabled())); // $NON-NLS-1$
if (!user.getOpenIds().isEmpty()) {
userMap.put("openIds", user.getOpenIds()); // $NON-NLS-1$
}
Gson gson = new GsonBuilder().enableComplexMapKeySerialization().create();
String json = gson.toJson(userMap);
File workingDir = RepositoryUtil.getWorkingDir(repo.r());
File workingFile = new File(workingDir, user.getLoginName() + USER_SUFFIX);
FileUtils.write(workingFile, json, Charsets.UTF_8);
Git git = Git.wrap(repo.r());
git.add().addFilepattern(user.getLoginName() + USER_SUFFIX).call();
PersonIdent ident = new PersonIdent(currentUser.getLoginName(), currentUser.getEmail());
git.commit().setAuthor(ident).setCommitter(ident).setMessage(user.getLoginName()).call();
} catch (GitAPIException e) {
throw new IOException(e);
} finally {
Util.closeQuietly(repo);
}
}
/** Returns all known user login names. */
public List<String> listUsers() throws IOException {
ILockedRepository repo = null;
try {
repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
return listUsers(repo);
} finally {
Util.closeQuietly(repo);
}
}
/**
* Returns a user's authorities.
*
* @param loginName the login name of the user
* @throws UserNotFoundException when the user does not exist
*/
public List<RoleGrantedAuthority> getUserAuthorities(String loginName) throws IOException {
Assert.hasLength(loginName);
ILockedRepository repo = null;
try {
repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
return getUserAuthorities(loginName, repo);
} finally {
Util.closeQuietly(repo);
}
}
/**
* Returns the user that has the specified login name.
*
* @throws UserNotFoundException when the user could not be found
*/
public User getUser(String loginName) throws IOException {
Assert.hasLength(loginName);
ILockedRepository repo = null;
try {
repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
String json = BlobUtils.getHeadContent(repo.r(), loginName + USER_SUFFIX);
if (json == null) {
throw new UserNotFoundException(loginName);
}
return getUser(loginName, json);
} finally {
Util.closeQuietly(repo);
}
}
public void renameUser(String loginName, String newLoginName, User currentUser)
throws IOException {
Assert.hasLength(loginName);
Assert.hasLength(newLoginName);
Assert.notNull(currentUser);
// check that user exists by trying to load it
getUser(loginName);
// check that new user does not exist by trying to load it
try {
getUser(newLoginName);
throw new IllegalArgumentException("user already exists: " + newLoginName); // $NON-NLS-1$
} catch (UserNotFoundException e) {
// okay
}
ILockedRepository repo = null;
try {
repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
File workingDir = RepositoryUtil.getWorkingDir(repo.r());
File file = new File(workingDir, loginName + USER_SUFFIX);
File newFile = new File(workingDir, newLoginName + USER_SUFFIX);
FileUtils.copyFile(file, newFile);
file = new File(workingDir, loginName + AUTHORITIES_SUFFIX);
newFile = new File(workingDir, newLoginName + AUTHORITIES_SUFFIX);
FileUtils.copyFile(file, newFile);
Git git = Git.wrap(repo.r());
git.rm().addFilepattern(loginName + USER_SUFFIX).call();
git.rm().addFilepattern(loginName + AUTHORITIES_SUFFIX).call();
git.add().addFilepattern(newLoginName + USER_SUFFIX).call();
git.add().addFilepattern(newLoginName + AUTHORITIES_SUFFIX).call();
PersonIdent ident = new PersonIdent(currentUser.getLoginName(), currentUser.getEmail());
git.commit()
.setAuthor(ident)
.setCommitter(ident)
.setMessage(
"rename user " + loginName + " to " + newLoginName) // $NON-NLS-1$ //$NON-NLS-2$
.call();
} catch (GitAPIException e) {
throw new IOException(e);
} finally {
Util.closeQuietly(repo);
}
}
public void deleteRole(String roleName, User currentUser) throws IOException {
Assert.hasLength(roleName);
Assert.notNull(currentUser);
// check that role exists by trying to load it
getRole(roleName);
ILockedRepository repo = null;
try {
repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
Git git = Git.wrap(repo.r());
git.rm().addFilepattern(roleName + ROLE_SUFFIX).call();
// remove role from all users
List<String> users = listUsers(repo);
users.add(ANONYMOUS_USER_LOGIN_NAME);
for (String user : users) {
List<RoleGrantedAuthority> authorities = getUserAuthorities(user, repo);
boolean changed = false;
for (Iterator<RoleGrantedAuthority> iter = authorities.iterator(); iter.hasNext(); ) {
RoleGrantedAuthority rga = iter.next();
if (rga.getRoleName().equals(roleName)) {
iter.remove();
changed = true;
}
}
if (changed) {
saveUserAuthorities(user, Sets.newHashSet(authorities), repo, currentUser, false);
}
}
PersonIdent ident = new PersonIdent(currentUser.getLoginName(), currentUser.getEmail());
git.commit()
.setAuthor(ident)
.setCommitter(ident)
.setMessage("delete role " + roleName) // $NON-NLS-1$
.call();
} catch (GitAPIException e) {
throw new IOException(e);
} finally {
Util.closeQuietly(repo);
}
}
public void deleteUser(String loginName, User currentUser) throws IOException {
Assert.hasLength(loginName);
Assert.notNull(currentUser);
ILockedRepository repo = null;
try {
repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
Git git = Git.wrap(repo.r());
git.rm().addFilepattern(loginName + USER_SUFFIX).call();
git.rm().addFilepattern(loginName + AUTHORITIES_SUFFIX).call();
PersonIdent ident = new PersonIdent(currentUser.getLoginName(), currentUser.getEmail());
git.commit()
.setAuthor(ident)
.setCommitter(ident)
.setMessage("delete user " + loginName) // $NON-NLS-1$
.call();
} catch (GitAPIException e) {
throw new IOException(e);
} finally {
Util.closeQuietly(repo);
}
}
/**
* Saves a user's authorities
*
* @param loginName the login name of the user whose authorities are to be saved
* @param authorities the user's authorities to be saved
* @param currentUser the user performing the save operation
* @throws UserNotFoundException when the user does not exist
*/
public void saveUserAuthorities(
String loginName, Set<RoleGrantedAuthority> authorities, User currentUser)
throws IOException {
Assert.hasLength(loginName);
Assert.notNull(authorities);
Assert.notNull(currentUser);
if (!loginName.equals(ANONYMOUS_USER_LOGIN_NAME)) {
// check that user exists by trying to load it
getUser(loginName);
}
ILockedRepository repo = null;
try {
repo = globalRepositoryManager.getProjectCentralRepository(REPOSITORY_NAME, false);
saveUserAuthorities(loginName, authorities, repo, currentUser, true);
} catch (GitAPIException e) {
throw new IOException(e);
} finally {
Util.closeQuietly(repo);
}
}
@PostConstruct
public void init() throws IOException, GitAPIException {
String passwordHash = passwordEncoder.encode("admin"); // $NON-NLS-1$
User adminUser =
new User("admin", passwordHash, "*****@*****.**", false); // $NON-NLS-1$ //$NON-NLS-2$
ILockedRepository repo = null;
boolean created = false;
try {
repo =
globalRepositoryManager.createProjectCentralRepository(REPOSITORY_NAME, false, adminUser);
created = true;
} catch (IllegalStateException e) {
// okay
} finally {
Util.closeQuietly(repo);
}
if (created) {
createInitialAdmin(adminUser);
createInitialRoles(adminUser);
}
}
