public class GroupList extends UserRecord<GroupList> { // ------------------------------------------------------------------------ // ------------------------------------------------------------------------ // SQL table definition below /* table name */ public static final String _TABLE_NAME = "GroupList"; public static String TABLE_NAME() { return DBProvider._translateTableName(_TABLE_NAME); } /* field definition */ public static final String FLD_userID = User.FLD_userID; public static final String FLD_groupID = DeviceGroup.FLD_groupID; private static DBField FieldInfo[] = { // GroupList fields newField_accountID(true), newField_userID(true), new DBField(FLD_groupID, String.class, DBField.TYPE_GROUP_ID(), "Device Group ID", "key=true"), // Common fields // newField_lastUpdateTime(), // newField_lastUpdateUser(true), newField_creationTime(), }; /* key class */ public static class Key extends UserKey<GroupList> { public Key() { super(); } public Key(String accountId, String userId, String groupId) { super.setFieldValue(FLD_accountID, ((accountId != null) ? accountId.toLowerCase() : "")); super.setFieldValue(FLD_userID, ((userId != null) ? userId.toLowerCase() : "")); super.setFieldValue(FLD_groupID, ((groupId != null) ? groupId.toLowerCase() : "")); } public DBFactory<GroupList> getFactory() { return GroupList.getFactory(); } } /* factory constructor */ private static DBFactory<GroupList> factory = null; public static DBFactory<GroupList> getFactory() { if (factory == null) { factory = DBFactory.createDBFactory( GroupList.TABLE_NAME(), GroupList.FieldInfo, DBFactory.KeyType.PRIMARY, GroupList.class, GroupList.Key.class, true /*editable*/, true /*viewable*/); factory.addParentTable(Account.TABLE_NAME()); factory.addParentTable(User.TABLE_NAME()); factory.addParentTable(DeviceGroup.TABLE_NAME()); } return factory; } /* Bean instance */ public GroupList() { super(); } /* database record */ public GroupList(GroupList.Key key) { super(key); } // ------------------------------------------------------------------------ /* table description */ public static String getTableDescription(Locale loc) { I18N i18n = I18N.getI18N(GroupList.class, loc); return i18n.getString( "GroupList.description", "This table defines " + "the authorized Groups that can be accessed by a given User."); } // SQL table definition above // ------------------------------------------------------------------------ // ------------------------------------------------------------------------ // Bean access fields below public String getGroupID() { String v = (String) this.getFieldValue(FLD_groupID); return StringTools.trim(v); } private void setGroupID(String v) { this.setFieldValue(FLD_groupID, StringTools.trim(v)); } // Bean access fields above // ------------------------------------------------------------------------ // ------------------------------------------------------------------------ public String toString() { return this.getAccountID() + "/" + this.getUserID() + "/" + this.getGroupID(); } // ------------------------------------------------------------------------ /* overridden to set default values */ public void setCreationDefaultValues() { // super.setRuntimeDefaultValues(); } // ------------------------------------------------------------------------ // ------------------------------------------------------------------------ public static boolean exists(String acctID, String userID, String groupID) throws DBException // if error occurs while testing existance { if ((acctID != null) && (userID != null) && (groupID != null)) { GroupList.Key grpListKey = new GroupList.Key(acctID, userID, groupID); return grpListKey.exists(); } return false; } // ------------------------------------------------------------------------ // ------------------------------------------------------------------------ /* get/create device list entry */ public static GroupList getGroupList(User user, String groupID, boolean createOK) throws DBException { // does not return null, if 'createOK' is true /* User specified? */ if (user == null) { throw new DBException("User not specified."); } String accountID = user.getAccountID(); String userID = user.getUserID(); /* group exists? */ if (StringTools.isBlank(groupID)) { throw new DBException("DeviceGroup ID not specified."); } else if (!DeviceGroup.exists(accountID, groupID)) { throw new DBException("DeviceGroup does not exist: " + accountID + "/" + groupID); } /* create/save record */ GroupList.Key grpListKey = new GroupList.Key(accountID, userID, groupID); if (grpListKey.exists()) { // may throw DBException // already exists GroupList listItem = grpListKey.getDBRecord(true); listItem.setUser(user); return listItem; } else if (createOK) { GroupList listItem = grpListKey.getDBRecord(); listItem.setCreationDefaultValues(); listItem.setUser(user); return listItem; } else { // record doesn't exist, and caller doesn't want us to create it return null; } } // ------------------------------------------------------------------------ // ------------------------------------------------------------------------ /* return the DBSelect statement for the specified account/group */ protected static DBSelect _getUserListSelect(String acctId, String groupId) { /* empty/null account */ if (StringTools.isBlank(acctId)) { return null; } /* empty/null user */ if (StringTools.isBlank(groupId)) { return null; } /* get select */ // DBSelect: SELECT * FROM GroupList WHERE ((accountID='acct') and (groupID='group')) ORDER BY // userID DBSelect<GroupList> dsel = new DBSelect<GroupList>(GroupList.getFactory()); dsel.setSelectedFields(GroupList.FLD_userID); DBWhere dwh = dsel.createDBWhere(); dsel.setWhere( dwh.WHERE_( dwh.AND( dwh.EQ(GroupList.FLD_accountID, acctId), dwh.EQ(GroupList.FLD_groupID, groupId)))); dsel.setOrderByFields(GroupList.FLD_userID); return dsel; } /* return list of all Devices within the specified DeviceGroup (NOT SCALABLE BEYOND A FEW HUNDRED GROUPS) */ public static java.util.List<String> getUsersForGroup(String acctId, String groupId) throws DBException { /* valid account/groupId? */ if (StringTools.isBlank(acctId)) { return null; } else if (StringTools.isBlank(groupId)) { return null; } /* get db selector */ DBSelect dsel = GroupList._getUserListSelect(acctId, groupId); if (dsel == null) { return null; } /* read users for group */ java.util.List<String> usrList = new Vector<String>(); DBConnection dbc = null; Statement stmt = null; ResultSet rs = null; try { dbc = DBConnection.getDefaultConnection(); stmt = dbc.execute(dsel.toString()); rs = stmt.getResultSet(); while (rs.next()) { String usrId = rs.getString(GroupList.FLD_userID); usrList.add(usrId); } } catch (SQLException sqe) { throw new DBException("Get Group GroupeList", sqe); } finally { if (rs != null) { try { rs.close(); } catch (Throwable t) { } } if (stmt != null) { try { stmt.close(); } catch (Throwable t) { } } DBConnection.release(dbc); } /* return list */ return usrList; } // ------------------------------------------------------------------------ // ------------------------------------------------------------------------ }
public class RoleAcl extends RoleRecord<RoleAcl> { // ------------------------------------------------------------------------ // ------------------------------------------------------------------------ // SQL table definition below /* table name */ public static final String _TABLE_NAME = "RoleAcl"; public static String TABLE_NAME() { return DBProvider.translateTableName(_TABLE_NAME); } /* field definition */ public static final String FLD_aclID = "aclID"; public static final String FLD_accessLevel = "accessLevel"; private static DBField FieldInfo[] = { // RoleAcl fields newField_accountID(true), newField_roleID(true), new DBField(FLD_aclID, String.class, DBField.TYPE_STRING(64), "ACL ID", "key=true"), new DBField( FLD_accessLevel, Integer.TYPE, DBField.TYPE_UINT16, "Access Level", "edit=2 enum=AclEntry$AccessLevel"), // Common fields newField_description(), newField_lastUpdateTime(), newField_creationTime(), }; /* key class */ public static class Key extends RoleKey<RoleAcl> { public Key() { super(); } public Key(String acctId, String roleId, String aclId) { super.setFieldValue(FLD_accountID, ((acctId != null) ? acctId.toLowerCase() : "")); super.setFieldValue(FLD_roleID, ((roleId != null) ? roleId.toLowerCase() : "")); super.setFieldValue(FLD_aclID, ((aclId != null) ? aclId.toLowerCase() : "")); } public DBFactory<RoleAcl> getFactory() { return RoleAcl.getFactory(); } } /* factory constructor */ private static DBFactory<RoleAcl> factory = null; public static DBFactory<RoleAcl> getFactory() { if (factory == null) { EnumTools.registerEnumClass(AccessLevel.class); factory = DBFactory.createDBFactory( RoleAcl.TABLE_NAME(), RoleAcl.FieldInfo, DBFactory.KeyType.PRIMARY, RoleAcl.class, RoleAcl.Key.class, true /*editable*/, true /*viewable*/); factory.addParentTable(Account.TABLE_NAME()); factory.addParentTable(Role.TABLE_NAME()); } return factory; } /* Bean instance */ public RoleAcl() { super(); } /* database record */ public RoleAcl(RoleAcl.Key key) { super(key); } // ------------------------------------------------------------------------ /* table description */ public static String getTableDescription(Locale loc) { I18N i18n = I18N.getI18N(RoleAcl.class, loc); return i18n.getString( "RoleAcl.description", "This table defines " + "Role specific Access Control permissions."); } // SQL table definition above // ------------------------------------------------------------------------ // ------------------------------------------------------------------------ // Bean access fields below public String getAclID() { String v = (String) this.getFieldValue(FLD_aclID); return StringTools.trim(v); } private void setAclID(String v) { this.setFieldValue(FLD_aclID, StringTools.trim(v)); } // ------------------------------------------------------------------------ public int getAccessLevel() { Integer v = (Integer) this.getFieldValue(FLD_accessLevel); return (v != null) ? v.intValue() : 0; } public void setAccessLevel(int v) { this.setFieldValue(FLD_accessLevel, EnumTools.getValueOf(AccessLevel.class, v).getIntValue()); } public void setAccessLevel(String v) { this.setFieldValue(FLD_accessLevel, EnumTools.getValueOf(AccessLevel.class, v).getIntValue()); } public boolean hasReadAccess() { return AclEntry.okRead(this.getAccessLevel()); } public boolean hasWriteAccess() { return AclEntry.okWrite(this.getAccessLevel()); } public boolean hasAllAccess() { // This can be implied to mean 'read all' access if no writing is allowed for this ACL return AclEntry.okAll(this.getAccessLevel()); } // Bean access fields above // ------------------------------------------------------------------------ // ------------------------------------------------------------------------ public String toString() { return this.getAccountID() + "/" + this.getRoleID() + "/" + this.getAclID(); } // ------------------------------------------------------------------------ /* overridden to set default values */ public void setCreationDefaultValues() { // super.setRuntimeDefaultValues(); } // ------------------------------------------------------------------------ // ------------------------------------------------------------------------ // ------------------------------------------------------------------------ // The following is an optimization for holding the Role record while // processing this RoleAcl. Use with caution. // ------------------------------------------------------------------------ /* return true if the specified role ACL exists */ public static boolean exists(String acctID, String roleID, String aclID) throws DBException // if error occurs while testing existance { if ((acctID != null) && (roleID != null) && (aclID != null)) { RoleAcl.Key aclKey = new RoleAcl.Key(acctID, roleID, aclID); return aclKey.exists(); } return false; } // ------------------------------------------------------------------------ /* return Role access level */ public static AccessLevel getAccessLevel(RoleAcl ra) { return (ra != null) ? EnumTools.getValueOf(AccessLevel.class, ra.getAccessLevel()) : EnumTools.getDefault(AccessLevel.class); } /* return Role access level */ public static AccessLevel getAccessLevel(Role role, String aclId, AccessLevel dftAccess) { if (role == null) { return dftAccess; } else if (StringTools.isBlank(aclId)) { return dftAccess; } else { try { RoleAcl roleAcl = RoleAcl.getRoleAcl(role, aclId); // may throw DBException if (roleAcl != null) { return RoleAcl.getAccessLevel(roleAcl); } else { return dftAccess; } } catch (DBException dbe) { // error occurred return AccessLevel.NONE; } } } /* set Role access level */ public static void setAccessLevel(Role role, String aclId, AccessLevel level) throws DBException { /* role specified? */ if (role == null) { throw new DBException("Role not specified."); } String acctId = role.getAccountID(); String roleId = role.getRoleID(); /* acl-id specified? */ if (StringTools.isBlank(aclId)) { throw new DBException("Acl-ID not specified."); } /* get/create role */ RoleAcl roleAcl = null; RoleAcl.Key aclKey = new RoleAcl.Key(acctId, roleId, aclId); if (aclKey.exists()) { // may throw DBException roleAcl = RoleAcl.getRoleAcl(role, aclId); // may throw DBException } else { roleAcl = aclKey.getDBRecord(); roleAcl.setRole(role); } /* set access level */ int levelInt = (level != null) ? level.getIntValue() : AccessLevel.NONE.getIntValue(); roleAcl.setAccessLevel(levelInt); /* save */ roleAcl.save(); // may throw DBException } /* set Role access level */ public static boolean deleteAccessLevel(Role role, String aclId) throws DBException { /* role specified? */ if (role == null) { return false; // quietly ignore } String acctId = role.getAccountID(); String roleId = role.getRoleID(); /* acl-id specified? */ if (StringTools.isBlank(aclId)) { return false; // quietly ignore } /* already deleted? */ boolean aclExists = RoleAcl.exists(acctId, roleId, aclId); if (!aclExists) { return false; } /* delete */ RoleAcl.Key aclKey = new RoleAcl.Key(acctId, roleId, aclId); aclKey.delete(true); // also delete dependencies return true; } // ------------------------------------------------------------------------ /* Return specified role */ public static RoleAcl getRoleAcl(Role role, String aclId) throws DBException { if ((role != null) && (aclId != null)) { RoleAcl.Key aclKey = new RoleAcl.Key(role.getAccountID(), role.getRoleID(), aclId); if (aclKey.exists()) { RoleAcl roleAcl = aclKey.getDBRecord(true); roleAcl.setRole(role); return roleAcl; } else { return null; } } else { throw new DBException("Role or AclID is null"); } } /* Return specified role ACL, create if specified */ public static RoleAcl getRoleAcl(Role role, String aclId, boolean create) throws DBException { // does not return null /* role specified? */ if (role == null) { throw new DBNotFoundException("Role not specified."); } String acctId = role.getAccountID(); String roleId = role.getRoleID(); /* acl-id specified? */ if (StringTools.isBlank(aclId)) { throw new DBNotFoundException("Acl-ID not specified."); } /* get/create role */ RoleAcl roleAcl = null; RoleAcl.Key aclKey = new RoleAcl.Key(acctId, roleId, aclId); if (!aclKey.exists()) { // may throw DBException if (create) { roleAcl = aclKey.getDBRecord(); roleAcl.setRole(role); roleAcl.setCreationDefaultValues(); return roleAcl; // not yet saved! } else { throw new DBNotFoundException("Acl-ID does not exists '" + aclKey + "'"); } } else if (create) { // we've been asked to create the Acl, and it already exists throw new DBAlreadyExistsException("Acl-ID already exists '" + aclKey + "'"); } else { roleAcl = RoleAcl.getRoleAcl(role, aclId); // may throw DBException if (roleAcl == null) { throw new DBException("Unable to read existing Role-ID '" + aclKey + "'"); } return roleAcl; } } /* Create specified role. Return null if acl already exists */ public static RoleAcl createNewRoleAcl(Role role, String aclID) throws DBException { RoleAcl roleAcl = RoleAcl.getRoleAcl(role, aclID, true); if (roleAcl != null) { roleAcl.save(); } return roleAcl; } // ------------------------------------------------------------------------ // ------------------------------------------------------------------------ // ------------------------------------------------------------------------ // Main admin entry point below private static final String ARG_ACCOUNT[] = new String[] {"account", "acct"}; private static final String ARG_ROLE[] = new String[] {"role"}; private static final String ARG_LIST[] = new String[] {"list"}; private static final String ARG_ACL[] = new String[] {"acl"}; private static final String ARG_SET[] = new String[] {"set"}; private static final String ARG_CREATE[] = new String[] {"create", "cr"}; private static final String ARG_EDIT[] = new String[] {"edit", "ed"}; private static final String ARG_DELETE[] = new String[] {"delete", "purge"}; private static void usage() { Print.logInfo("Usage:"); Print.logInfo(" java ... " + RoleAcl.class.getName() + " {options}"); Print.logInfo("Common Options:"); Print.logInfo(" -account=<id> Acount ID which owns Role"); Print.logInfo(" -role=<id> Role ID which owns RoleAcl"); Print.logInfo(" -list List Acls for Role"); Print.logInfo(" -acl=<id> Role ID to create/edit"); Print.logInfo(" -set=<val> RoleAcl value (create if necessary)"); Print.logInfo(" -create Create a new RoleAcl"); Print.logInfo(" -edit Edit an existing (or newly created) RoleAcl"); Print.logInfo(" -delete Delete specified RoleAcl"); System.exit(1); } public static void main(String args[]) { DBConfig.cmdLineInit(args, true); // main String acctID = RTConfig.getString(ARG_ACCOUNT, ""); String roleID = RTConfig.getString(ARG_ROLE, ""); String aclID = RTConfig.getString(ARG_ACL, ""); /* account-id specified? */ if ((acctID == null) || acctID.equals("")) { Print.logError("Account-ID not specified."); usage(); } /* get account */ Account acct = null; try { acct = Account.getAccount(acctID); // may return DBException if (acct == null) { Print.logError("Account-ID does not exist: " + acctID); usage(); } } catch (DBException dbe) { Print.logException("Error loading Account: " + acctID, dbe); // dbe.printException(); System.exit(99); } /* role-id specified? */ if ((roleID == null) || roleID.equals("")) { Print.logError("Role-ID not specified."); usage(); } /* get role */ Role role = null; try { role = Role.getRole(acct, roleID); // may return DBException if (role == null) { Print.logError("Role-ID does not exist: " + acctID + "/" + roleID); usage(); } } catch (DBException dbe) { Print.logException("Error loading Role: " + acctID + "/" + roleID, dbe); // dbe.printException(); System.exit(99); } /* RoleAcl exists? */ boolean aclExists = false; if ((aclID != null) && !aclID.equals("")) { try { aclExists = RoleAcl.exists(acctID, roleID, aclID); } catch (DBException dbe) { Print.logError( "Error determining if RoleAcl exists: " + acctID + "/" + roleID + "/" + aclID); System.exit(99); } } /* option count */ int opts = 0; /* list */ if (RTConfig.getBoolean(ARG_LIST, false)) { opts++; try { String aclList[] = role.getAclsForRole(); for (int i = 0; i < aclList.length; i++) { AccessLevel level = RoleAcl.getAccessLevel(role, aclList[i], AccessLevel.NONE); Print.sysPrintln(" " + aclList[i] + " ==> " + level); } } catch (DBException dbe) { Print.logError("Error getting Acl list: " + dbe); System.exit(99); } System.exit(0); } /* delete */ if (RTConfig.getBoolean(ARG_DELETE, false) && !acctID.equals("") && !roleID.equals("")) { opts++; if (!aclExists) { Print.logWarn("RoleAcl does not exist: " + acctID + "/" + roleID + "/" + aclID); Print.logWarn("Continuing with delete process ..."); } try { RoleAcl.Key aclKey = new RoleAcl.Key(acctID, roleID, aclID); aclKey.delete(true); // also delete dependencies Print.logInfo("RoleAcl deleted: " + acctID + "/" + roleID + "/" + aclID); } catch (DBException dbe) { Print.logError("Error deleting RoleAcl: " + acctID + "/" + roleID + "/" + aclID); dbe.printException(); System.exit(99); } System.exit(0); } /* create */ if (RTConfig.getBoolean(ARG_CREATE, false)) { opts++; if (aclExists) { Print.logWarn("RoleAcl already exists: " + acctID + "/" + roleID + "/" + aclID); } else { try { RoleAcl.createNewRoleAcl(role, aclID); Print.logInfo("Created RoleAcl: " + acctID + "/" + roleID + "/" + aclID); aclExists = true; } catch (DBException dbe) { Print.logError("Error creating RoleAcl: " + acctID + "/" + roleID + "/" + aclID); dbe.printException(); System.exit(99); } } } /* set */ if (RTConfig.hasProperty(ARG_SET)) { opts++; AccessLevel aclLevel = EnumTools.getValueOf(AccessLevel.class, RTConfig.getInt(ARG_SET, -1)); try { RoleAcl.setAccessLevel(role, aclID, aclLevel); Print.logInfo( "Set RoleAcl '" + acctID + "/" + roleID + "/" + aclID + "' to level " + aclLevel); } catch (DBException dbe) { Print.logError("Error setting RoleAcl: " + acctID + "/" + roleID + "/" + aclID); dbe.printException(); System.exit(99); } System.exit(0); } /* edit */ if (RTConfig.getBoolean(ARG_EDIT, false)) { opts++; if (!aclExists) { Print.logError("RoleAcl does not exist: " + acctID + "/" + roleID + "/" + aclID); } else { try { RoleAcl roleAcl = RoleAcl.getRoleAcl(role, aclID, false); // may throw DBException DBEdit editor = new DBEdit(roleAcl); editor.edit(); // may throw IOException } catch (IOException ioe) { if (ioe instanceof EOFException) { Print.logError("End of input"); } else { Print.logError("IO Error"); } } catch (DBException dbe) { Print.logError("Error editing RoleAcl: " + acctID + "/" + roleID + "/" + aclID); dbe.printException(); } } System.exit(0); } /* no options specified */ if (opts == 0) { Print.logWarn("Missing options ..."); usage(); } } // ------------------------------------------------------------------------ }