/** * resolve attribute role. * * @param ctx EvaluationContext * @param attributeIdValue whole attribute * @param resolvableAttribute resolvable part of attribute * @param tail tail after resolvable part * @return Object[] result * @throws de.escidoc.core.common.exceptions.system.WebserverSystemException * @throws de.escidoc.core.common.exceptions.application.notfound.GrantNotFoundException * @throws de.escidoc.core.common.exceptions.application.notfound.ResourceNotFoundException */ private Object[] resolveRoleAttribute( final EvaluationCtx ctx, final String attributeIdValue, final String resolvableAttribute, final String tail) throws GrantNotFoundException, WebserverSystemException, ResourceNotFoundException { final String userOrGroupId = FinderModuleHelper.retrieveSingleResourceAttribute(ctx, Constants.URI_RESOURCE_ID, true); final String grantId = FinderModuleHelper.retrieveSingleResourceAttribute(ctx, Constants.URI_SUBRESOURCE_ID, true); final String roleId; if (grantId == null || grantId.length() == 0) { // if no grantId is present // fetch grant-attribute from invocation-mapping roleId = fetchSingleResourceAttribute(ctx, resolvableAttribute + "-new"); } else { final RoleGrant grant = resolvableAttribute.matches(".*" + XmlUtility.NAME_USER_ACCOUNT + ".*") ? getUserAccountGrant(ctx, userOrGroupId, grantId) : getUserGroupGrant(ctx, grantId); assertGrant(grantId, grant); roleId = grant.getRoleId(); } final EvaluationResult result = CustomEvaluationResultBuilder.createSingleStringValueResult(roleId); return new Object[] {result, resolvableAttribute}; }
/** * resolve attribute created-by. * * @param ctx EvaluationContext * @param attributeIdValue whole attribute * @param resolvableAttribute resolvable part of attribute * @param tail tail after resolvable part * @return Object[] result * @throws de.escidoc.core.common.exceptions.system.WebserverSystemException * @throws de.escidoc.core.common.exceptions.system.SqlDatabaseSystemException * @throws de.escidoc.core.common.exceptions.application.notfound.GrantNotFoundException * @throws de.escidoc.core.common.exceptions.application.notfound.ResourceNotFoundException */ private Object[] resolveCreatedByAttribute( final EvaluationCtx ctx, final String attributeIdValue, final String resolvableAttribute, final String tail) throws GrantNotFoundException, SqlDatabaseSystemException, ResourceNotFoundException, WebserverSystemException { final String userOrGroupId = FinderModuleHelper.retrieveSingleResourceAttribute(ctx, Constants.URI_RESOURCE_ID, true); final String grantId = FinderModuleHelper.retrieveSingleResourceAttribute(ctx, Constants.URI_SUBRESOURCE_ID, true); if (grantId == null || grantId.length() == 0) { throw new GrantNotFoundException("no grantId found"); } final RoleGrant grant = resolvableAttribute.matches(".*" + XmlUtility.NAME_USER_ACCOUNT + ".*") ? userAccountDao.retrieveGrant(userOrGroupId, grantId) : userGroupDao.retrieveGrant(grantId); assertGrant(grantId, grant); final String createdBy = grant.getCreatorId(); final EvaluationResult result = CustomEvaluationResultBuilder.createSingleStringValueResult(createdBy); return new Object[] {result, resolvableAttribute}; }
/** * Fetches the scopes of the role identified in the attribute for the provided user account. * * @param userAccountId The id of the user account to fetch the value from. * @param attributeId The name of the attribute. * @return Returns the attribute value in an {@code EvaluationResult}. * @throws de.escidoc.core.common.exceptions.system.SystemException */ private EvaluationResult fetchRoleScopes( final String userAccountId, final CharSequence attributeId) throws SystemException { // get role to fetch final Matcher roleMatcher = PATTERN_PARSE_ROLE_GRANT_ROLE.matcher(attributeId); String roleName = null; if (roleMatcher.find()) { roleName = roleMatcher.group(4); } if (roleName == null || roleName.length() == 0) { return CustomEvaluationResultBuilder.createEmptyEvaluationResult(); } Set<String> userGroups = null; try { userGroups = securityHelper.getUserGroups(userAccountId); } catch (UserAccountNotFoundException e) { // The caller doesn't expect to get an exception from here if // the user doesn't exist. } final Map<String, HashSet<String>> criterias = new HashMap<String, HashSet<String>>(); final HashSet<String> roles = new HashSet<String>(); roles.add(roleName); final HashSet<String> users = new HashSet<String>(); users.add(userAccountId); criterias.put(de.escidoc.core.common.business.Constants.FILTER_PATH_USER_ID, users); criterias.put(de.escidoc.core.common.business.Constants.FILTER_PATH_ROLE_ID, roles); if (userGroups != null && !userGroups.isEmpty()) { criterias.put( de.escidoc.core.common.business.Constants.FILTER_PATH_GROUP_ID, (HashSet<String>) userGroups); } final List<RoleGrant> roleGrants = userAccountDao.retrieveGrants(criterias, null, ListSorting.ASCENDING); final EvaluationResult result; if (roleGrants != null) { final List<StringAttribute> results = new ArrayList<StringAttribute>(); for (final RoleGrant roleGrant : roleGrants) { if (roleGrant.getRevocationDate() == null) { results.add(new StringAttribute(roleGrant.getObjectId())); } } result = new EvaluationResult(new BagAttribute(Constants.URI_XMLSCHEMA_STRING, results)); } else { result = CustomEvaluationResultBuilder.createEmptyEvaluationResult(); } return result; }
/** * See Interface for functional description. * * @see UserAccountDaoInterface #retrieveGrant(java.lang.String, java.lang.String) */ @Override public RoleGrant retrieveGrant(final String userId, final String grantId) throws SqlDatabaseSystemException { RoleGrant result = null; if (grantId != null) { try { result = getHibernateTemplate().get(RoleGrant.class, grantId); if (result == null || !result.getUserAccountByUserId().getId().equals(userId)) { result = null; } } catch (final DataAccessException e) { throw new SqlDatabaseSystemException(e); } catch (final IllegalStateException e) { throw new SqlDatabaseSystemException(e); } catch (final HibernateException e) { //noinspection ThrowableResultOfMethodCallIgnored throw new SqlDatabaseSystemException(convertHibernateAccessException(e)); // Ignore FindBugs } } return result; }
/** * resolve attribute assigned-on. check if tail is present and resolvable (dependent on variable * SUPPORTED_ASSIGNED_ON_OBJECT_ATTRIBUTES). if tail is not resolvable, mark whole attribute as * unresolvable. * * @param ctx EvaluationContext * @param attributeIdValue whole attribute * @param resolvableAttribute resolvable part of attribute * @param tail tail after resolvable part * @return Object[] result * @throws de.escidoc.core.common.exceptions.system.WebserverSystemException * @throws de.escidoc.core.common.exceptions.application.notfound.GrantNotFoundException * @throws de.escidoc.core.common.exceptions.system.TripleStoreSystemException * @throws de.escidoc.core.common.exceptions.application.notfound.ResourceNotFoundException * @throws de.escidoc.core.common.exceptions.system.SystemException */ private Object[] resolveAssignedOnAttribute( final EvaluationCtx ctx, final String attributeIdValue, final String resolvableAttribute, final String tail) throws TripleStoreSystemException, SystemException, GrantNotFoundException, ResourceNotFoundException, WebserverSystemException { EvaluationResult result; final String userOrGroupId = FinderModuleHelper.retrieveSingleResourceAttribute(ctx, Constants.URI_RESOURCE_ID, true); final String grantId = FinderModuleHelper.retrieveSingleResourceAttribute(ctx, Constants.URI_SUBRESOURCE_ID, true); String assignedOnObjectId; if (grantId == null || grantId.length() == 0) { // if no grantId is present // fetch grant-attribute from invocation-mapping try { assignedOnObjectId = fetchSingleResourceAttribute(ctx, resolvableAttribute + "-new"); } catch (final Exception e) { // not assigned to an object // so mark complete attribute as unresolvable result = CustomEvaluationResultBuilder.createSingleStringValueResult( de.escidoc.core.common.business.Constants.UNRESOLVED_ATTRIBUTE_VALUE); return new Object[] {result, attributeIdValue}; } } else { final RoleGrant grant = resolvableAttribute.matches(".*" + XmlUtility.NAME_USER_ACCOUNT + ".*") ? getUserAccountGrant(ctx, userOrGroupId, grantId) : getUserGroupGrant(ctx, grantId); assertGrant(grantId, grant); assignedOnObjectId = grant.getObjectId(); } if (assignedOnObjectId == null) { // not assigned on an object // so mark complete attribute as unresolvable result = CustomEvaluationResultBuilder.createSingleStringValueResult( de.escidoc.core.common.business.Constants.UNRESOLVED_ATTRIBUTE_VALUE); return new Object[] {result, attributeIdValue}; } // check if tailing attribute is resolvable for assigned object-type if (tail != null) { final String objectType = fetchObjectType(ctx, assignedOnObjectId); if (objectType.equals(XmlUtility.NAME_COMPONENT) && tail.equals(XmlUtility.NAME_CONTEXT)) { // if we have to resolve the context of a component, // we first have to get the itemId and resolve context for // the itemId final List<String> itemIds = FinderModuleHelper.retrieveFromTripleStore( true, tsu.getRetrieveWhereClause( true, TripleStoreUtility.PROP_COMPONENT, assignedOnObjectId, null, null, null), assignedOnObjectId, TripleStoreUtility.PROP_COMPONENT, this.tsu); if (itemIds == null || itemIds.isEmpty() || itemIds.size() != 1) { result = CustomEvaluationResultBuilder.createResourceNotFoundResult( new ItemNotFoundException( "item for component " + assignedOnObjectId + " not found")); } else { assignedOnObjectId = itemIds.get(0); } } } result = CustomEvaluationResultBuilder.createSingleStringValueResult(assignedOnObjectId); return new Object[] {result, resolvableAttribute}; }