@Override
public List<String> getBoundLogicalRoleNames(Session session, List<String> runtimeRoleNames)
throws NamespaceException, RepositoryException {
Set<String> boundRoleNames = new HashSet<String>();
HashMap<ITenant, List<String>> tenantMap = new HashMap<ITenant, List<String>>();
boolean includeSuperAdminLogicalRoles = false;
for (String runtimeRoleName : runtimeRoleNames) {
if (!superAdminRoleName.equals(runtimeRoleName)) {
ITenant tenant = JcrTenantUtils.getTenant(runtimeRoleName, false);
List<String> runtimeRoles = tenantMap.get(tenant);
if (runtimeRoles == null) {
runtimeRoles = new ArrayList<String>();
tenantMap.put(tenant, runtimeRoles);
}
runtimeRoles.add(tenantedRoleNameUtils.getPrincipleName(runtimeRoleName));
} else {
includeSuperAdminLogicalRoles = true;
}
}
for (Map.Entry<ITenant, List<String>> mapEntry : tenantMap.entrySet()) {
boundRoleNames.addAll(
getBoundLogicalRoleNames(session, mapEntry.getKey(), mapEntry.getValue()));
}
if (includeSuperAdminLogicalRoles) {
boundRoleNames.addAll(immutableRoleBindingNames.get(superAdminRoleName));
}
return new ArrayList<String>(boundRoleNames);
}
private String getPrincipalName(String principalId) {
String principalName = null;
if (tenantedRoleNameUtils != null) {
principalName = tenantedRoleNameUtils.getPrincipleName(principalId);
}
return principalName;
}
private IPentahoUser convertToPentahoUser(User jackrabbitUser) throws RepositoryException {
if (userCache.containsKey(jackrabbitUser.getID())) {
return (IPentahoUser) userCache.get(jackrabbitUser.getID());
}
IPentahoUser pentahoUser = null;
Value[] propertyValues = null;
String description = null;
try {
propertyValues = jackrabbitUser.getProperty("description"); // $NON-NLS-1$
description = propertyValues.length > 0 ? propertyValues[0].getString() : null;
} catch (Exception ex) {
}
Credentials credentials = jackrabbitUser.getCredentials();
String password = null;
if (credentials instanceof CryptedSimpleCredentials) {
password = new String(((CryptedSimpleCredentials) credentials).getPassword());
}
pentahoUser =
new PentahoUser(
tenantedUserNameUtils.getTenant(jackrabbitUser.getID()),
tenantedUserNameUtils.getPrincipleName(jackrabbitUser.getID()),
password,
description,
!jackrabbitUser.isDisabled());
userCache.put(jackrabbitUser.getID(), pentahoUser);
return pentahoUser;
}
protected RepositoryFileAce toAce(final Session session, final AccessControlEntry acEntry)
throws RepositoryException {
Principal principal = acEntry.getPrincipal();
RepositoryFileSid sid = null;
String name = principal.getName();
if (principal instanceof Group) {
if (tenantedRoleNameUtils != null) {
name = tenantedRoleNameUtils.getPrincipleName(name);
}
sid = new RepositoryFileSid(name, RepositoryFileSid.Type.ROLE);
} else {
if (tenantedUserNameUtils != null) {
name = tenantedUserNameUtils.getPrincipleName(name);
}
sid = new RepositoryFileSid(name, RepositoryFileSid.Type.USER);
}
logger.debug(
String.format("principal class [%s]", principal.getClass().getName())); // $NON-NLS-1$
Privilege[] privileges = acEntry.getPrivileges();
return new RepositoryFileAce(
sid, permissionConversionHelper.privilegesToPentahoPermissions(session, privileges));
}
private IPentahoRole convertToPentahoRole(Group jackrabbitGroup) throws RepositoryException {
IPentahoRole role = null;
Value[] propertyValues = null;
String description = null;
try {
propertyValues = jackrabbitGroup.getProperty("description"); // $NON-NLS-1$
description = propertyValues.length > 0 ? propertyValues[0].getString() : null;
} catch (Exception ex) {
}
role =
new PentahoRole(
tenantedRoleNameUtils.getTenant(jackrabbitGroup.getID()),
tenantedRoleNameUtils.getPrincipleName(jackrabbitGroup.getID()),
description);
return role;
}
private RepositoryFileAcl toAcl(
final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id)
throws RepositoryException {
Node node = session.getNodeByIdentifier(id.toString());
if (node == null) {
throw new RepositoryException(
Messages.getInstance()
.getString(
"JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND",
id.toString())); // $NON-NLS-1$
}
String absPath = node.getPath();
AccessControlManager acMgr = session.getAccessControlManager();
AccessControlList acList = getAccessControlList(acMgr, absPath);
RepositoryFileSid owner = null;
String ownerString = getOwner(session, absPath, acList);
if (ownerString != null) {
// for now, just assume all owners are users; only has UI impact
if (tenantedUserNameUtils != null) {
ownerString = tenantedUserNameUtils.getPrincipleName(ownerString);
}
owner = new RepositoryFileSid(ownerString, RepositoryFileSid.Type.USER);
}
RepositoryFileAcl.Builder aclBuilder = new RepositoryFileAcl.Builder(id, owner);
aclBuilder.entriesInheriting(isEntriesInheriting(session, absPath, acList));
List<AccessControlEntry> cleanedAcEntries =
JcrRepositoryFileAclUtils.removeAclMetadata(
Arrays.asList(acList.getAccessControlEntries()));
for (AccessControlEntry acEntry : cleanedAcEntries) {
aclBuilder.ace(toAce(session, acEntry));
}
return aclBuilder.build();
}
@Override
public List<String> getBoundLogicalRoleNames(
Session session, ITenant tenant, List<String> runtimeRoleNames)
throws NamespaceException, RepositoryException {
if ((tenant == null) || (tenant.getId() == null)) {
return getBoundLogicalRoleNames(session, runtimeRoleNames);
}
if (!TenantUtils.isAccessibleTenant(tenant)) {
return new ArrayList<String>();
}
final List<String> uncachedRuntimeRoleNames = new ArrayList<String>();
final Set<String> cachedBoundLogicalRoleNames = new HashSet<String>();
for (String runtimeRoleName : runtimeRoleNames) {
String roleName = tenantedRoleNameUtils.getPrincipleName(runtimeRoleName);
String roleId = tenantedRoleNameUtils.getPrincipleId(tenant, runtimeRoleName);
Object fromRegionCache =
cacheManager.getFromRegionCache(LOGICAL_ROLE_BINDINGS_REGION, roleId);
if (fromRegionCache != null) {
cachedBoundLogicalRoleNames.addAll((Collection<String>) fromRegionCache);
} else {
uncachedRuntimeRoleNames.add(roleName);
}
}
if (uncachedRuntimeRoleNames.isEmpty()) {
// no need to hit the repo
return new ArrayList<String>(cachedBoundLogicalRoleNames);
}
PentahoJcrConstants pentahoJcrConstants = new PentahoJcrConstants(session);
final String phoNsPrefix =
session.getNamespacePrefix(PentahoJcrConstants.PHO_NS) + ":"; // $NON-NLS-1$
final String onlyPentahoPattern = phoNsPrefix + "*"; // $NON-NLS-1$
HashMultimap<String, String> boundLogicalRoleNames = HashMultimap.create();
Node runtimeRolesFolderNode = getRuntimeRolesFolderNode(session, tenant);
NodeIterator runtimeRoleNodes = runtimeRolesFolderNode.getNodes(onlyPentahoPattern);
if (!runtimeRoleNodes.hasNext()) {
// no bindings setup yet; fall back on bootstrap bindings
for (String runtimeRoleName : uncachedRuntimeRoleNames) {
String roleId = tenantedRoleNameUtils.getPrincipleId(tenant, runtimeRoleName);
if (bootstrapRoleBindings.containsKey(runtimeRoleName)) {
boundLogicalRoleNames.putAll(roleId, bootstrapRoleBindings.get(runtimeRoleName));
}
}
} else {
for (String runtimeRoleName : uncachedRuntimeRoleNames) {
if (NodeHelper.hasNode(runtimeRolesFolderNode, phoNsPrefix, runtimeRoleName)) {
Node runtimeRoleFolderNode =
NodeHelper.getNode(runtimeRolesFolderNode, phoNsPrefix, runtimeRoleName);
if (runtimeRoleFolderNode.hasProperty(pentahoJcrConstants.getPHO_BOUNDROLES())) {
Value[] values =
runtimeRoleFolderNode
.getProperty(pentahoJcrConstants.getPHO_BOUNDROLES())
.getValues();
String roleId = tenantedRoleNameUtils.getPrincipleId(tenant, runtimeRoleName);
for (Value value : values) {
boundLogicalRoleNames.put(roleId, value.getString());
}
}
}
}
}
// now add in immutable bound logical role names
for (String runtimeRoleName : uncachedRuntimeRoleNames) {
if (immutableRoleBindings.containsKey(runtimeRoleName)) {
String roleId = tenantedRoleNameUtils.getPrincipleId(tenant, runtimeRoleName);
boundLogicalRoleNames.putAll(roleId, immutableRoleBindingNames.get(runtimeRoleName));
}
}
// update cache
Map<String, Collection<String>> stringCollectionMap = boundLogicalRoleNames.asMap();
for (Entry<String, Collection<String>> stringCollectionEntry : stringCollectionMap.entrySet()) {
cacheManager.putInRegionCache(
LOGICAL_ROLE_BINDINGS_REGION,
stringCollectionEntry.getKey(),
stringCollectionEntry.getValue());
}
// now add in those runtime roles that have no bindings to the cache
for (String runtimeRoleName : uncachedRuntimeRoleNames) {
String roleId = tenantedRoleNameUtils.getPrincipleId(tenant, runtimeRoleName);
if (cacheManager.getFromRegionCache(LOGICAL_ROLE_BINDINGS_REGION, roleId) == null) {
cacheManager.putInRegionCache(
LOGICAL_ROLE_BINDINGS_REGION, roleId, Collections.emptyList());
}
}
// combine cached findings plus ones from repo
Set<String> res = new HashSet<String>();
res.addAll(cachedBoundLogicalRoleNames);
res.addAll(boundLogicalRoleNames.values());
return new ArrayList<String>(res);
}
