private String fetchDefaultGroupNameForUser(final String username) { String defaultGroupName = null; if (allowsDefaultGroup()) { final CMQueryResult result = view.select( attribute(userClass(), userNameAttribute()), attribute(userGroupDomain(), UserRole.DEFAULT_GROUP), attribute(roleClass(), roleClass().getCodeAttributeName())) // .from(userClass()) // .join(roleClass(), over(userGroupDomain())) // .where( condition( attribute(userClass(), userNameAttribute()), // eq(username))) // .run(); for (final CMQueryRow row : result) { final CMCard group = row.getCard(roleClass()); final CMRelation relation = row.getRelation(userGroupDomain()).getRelation(); final String groupName = (String) group.getCode(); final Object isDefaultGroup = relation.get(UserRole.DEFAULT_GROUP); if (isDefaultGroup != null) { if ((Boolean) isDefaultGroup) { defaultGroupName = groupName; } } } } return defaultGroupName; }
public void saveFilterPrivilege(final PrivilegeInfo privilegeInfo) { final CMQueryResult result = view.select(anyAttribute(grantClass)) .from(grantClass) .where( and( condition( attribute(grantClass, GROUP_ID_ATTRIBUTE), eq(privilegeInfo.getGroupId())), condition( attribute(grantClass, TYPE_ATTRIBUTE), eq(PrivilegedObjectType.FILTER.getValue())))) // .run(); for (final CMQueryRow row : result) { final CMCard grantCard = row.getCard(grantClass); final Long storedViewId = ((Integer) grantCard.get(PRIVILEGED_OBJECT_ID_ATTRIBUTE)).longValue(); if (storedViewId.equals(privilegeInfo.getPrivilegedObjectId())) { updateGrantCard(grantCard, privilegeInfo); return; } } createFilterGrantCard(privilegeInfo); }
private void createFilterGrantCard(final PrivilegeInfo privilegeInfo) { final CMCardDefinition grantCardToBeCreated = view.createCardFor(grantClass); grantCardToBeCreated .set(GROUP_ID_ATTRIBUTE, privilegeInfo.getGroupId()) // .set(PRIVILEGED_OBJECT_ID_ATTRIBUTE, privilegeInfo.getPrivilegedObjectId()) // .set(MODE_ATTRIBUTE, privilegeInfo.getMode().getValue()) // .set(TYPE_ATTRIBUTE, PrivilegedObjectType.FILTER.getValue()) // .set(STATUS_ATTRIBUTE, CardStatus.ACTIVE.value()) // .save(); }
public SecurityLogic( // final CMDataView view, // final ViewConverter viewConverter, // final DataViewFilterStore filterStore // ) { this.view = view; this.grantClass = view.findClass(GRANT_CLASS_NAME); this.viewConverter = viewConverter; this.filterStore = filterStore; }
@SuppressWarnings("unchecked") private Iterable<CMClass> filterNonReservedAndNonBaseClasses() { final Iterable<CMClass> classes = (Iterable<CMClass>) view.findClasses(); final List<CMClass> nonReservedClasses = Lists.newArrayList(); for (final CMClass clazz : classes) { if (!clazz.isSystem() && !clazz.isBaseClass()) { nonReservedClasses.add(clazz); } } return nonReservedClasses; }
@Override public CMUser fetchUserById(final Long userId) { final CMQueryRow row = view.select(anyAttribute(userClass())) // .from(userClass()) // .where( condition( attribute(userClass(), userClass().getKeyAttributeName()), eq(userId))) // .run() // .getOnlyRow(); return buildUserFromCard(row.getCard(userClass())); }
private void updateGrantCard(final CMCard grantCard, final PrivilegeInfo privilegeInfo) { final CMCardDefinition mutableGrantCard = view.update(grantCard); if (privilegeInfo.getMode() != null) { // check if null to allow the update of other attributes // without specify the mode mutableGrantCard.set(MODE_ATTRIBUTE, privilegeInfo.getMode().getValue()); // } mutableGrantCard // .set(PRIVILEGE_FILTER_ATTRIBUTE, privilegeInfo.getPrivilegeFilter()) // .set(ATTRIBUTES_PRIVILEGES_ATTRIBUTE, privilegeInfo.getAttributesPrivileges()) // .save(); }
public void saveGroupUIConfiguration(final Long groupId, final UIConfiguration configuration) { final CMClass roleClass = view.findClass("Role"); final CMQueryRow row = view.select(anyAttribute(roleClass)) // .from(roleClass) // .where(condition(attribute(roleClass, "Id"), eq(groupId))) // .run() .getOnlyRow(); final CMCard roleCard = row.getCard(roleClass); final CMCardDefinition cardDefinition = view.update(roleCard); if (isStringArrayNull(configuration.getDisabledModules())) { cardDefinition.set(GROUP_ATTRIBUTE_DISABLEDMODULES, null); } else { cardDefinition.set(GROUP_ATTRIBUTE_DISABLEDMODULES, configuration.getDisabledModules()); } if (isStringArrayNull(configuration.getDisabledCardTabs())) { cardDefinition.set(GROUP_ATTRIBUTE_DISABLEDCARDTABS, null); } else { cardDefinition.set(GROUP_ATTRIBUTE_DISABLEDCARDTABS, configuration.getDisabledCardTabs()); } if (isStringArrayNull(configuration.getDisabledProcessTabs())) { cardDefinition.set(GROUP_ATTRIBUTE_DISABLEDPROCESSTABS, null); } else { cardDefinition.set( GROUP_ATTRIBUTE_DISABLEDPROCESSTABS, configuration.getDisabledProcessTabs()); } cardDefinition.set(GROUP_ATTRIBUTE_HIDESIDEPANEL, configuration.isHideSidePanel()); cardDefinition.set(GROUP_ATTRIBUTE_FULLSCREEN, configuration.isFullScreenMode()); cardDefinition.set( GROUP_ATTRIBUTE_SIMPLE_HISTORY_CARD, configuration.isSimpleHistoryModeForCard()); cardDefinition.set( GROUP_ATTRIBUTE_SIMPLE_HISTORY_PROCESS, configuration.isSimpleHistoryModeForProcess()); cardDefinition.set( GROUP_ATTRIBUTE_PROCESS_WIDGET_ALWAYS_ENABLED, configuration.isProcessWidgetAlwaysEnabled()); // FIXME: manage cloud admin cardDefinition.save(); }
public UIConfiguration fetchGroupUIConfiguration(final Long groupId) { final CMClass roleClass = view.findClass("Role"); final CMQueryRow row = view.select(anyAttribute(roleClass)) // .from(roleClass) // .where(condition(attribute(roleClass, "Id"), eq(groupId))) // .run() .getOnlyRow(); final CMCard roleCard = row.getCard(roleClass); final UIConfiguration uiConfiguration = new UIConfiguration(); final String[] disabledModules = (String[]) roleCard.get(GROUP_ATTRIBUTE_DISABLEDMODULES); if (!isStringArrayNull(disabledModules)) { uiConfiguration.setDisabledModules(disabledModules); } final String[] disabledCardTabs = (String[]) roleCard.get(GROUP_ATTRIBUTE_DISABLEDCARDTABS); if (!isStringArrayNull(disabledCardTabs)) { uiConfiguration.setDisabledCardTabs(disabledCardTabs); } final String[] disabledProcessTabs = (String[]) roleCard.get(GROUP_ATTRIBUTE_DISABLEDPROCESSTABS); if (!isStringArrayNull(disabledProcessTabs)) { uiConfiguration.setDisabledProcessTabs(disabledProcessTabs); } uiConfiguration.setHideSidePanel((Boolean) roleCard.get(GROUP_ATTRIBUTE_HIDESIDEPANEL)); uiConfiguration.setFullScreenMode((Boolean) roleCard.get(GROUP_ATTRIBUTE_FULLSCREEN)); uiConfiguration.setSimpleHistoryModeForCard( (Boolean) roleCard.get(GROUP_ATTRIBUTE_SIMPLE_HISTORY_CARD)); uiConfiguration.setSimpleHistoryModeForProcess( (Boolean) roleCard.get(GROUP_ATTRIBUTE_SIMPLE_HISTORY_PROCESS)); uiConfiguration.setProcessWidgetAlwaysEnabled( (Boolean) roleCard.get(GROUP_ATTRIBUTE_PROCESS_WIDGET_ALWAYS_ENABLED)); uiConfiguration.setCloudAdmin((Boolean) roleCard.get(GROUP_ATTRIBUTE_CLOUD_ADMIN)); return uiConfiguration; }
@Override public List<CMUser> fetchAllUsers() { final CMQueryResult result = view.select(anyAttribute(userClass())) // .from(userClass()) // .run(); final List<CMUser> allUsers = Lists.newArrayList(); for (final CMQueryRow row : result) { final CMCard userCard = row.getCard(userClass()); final CMUser user = buildUserFromCard(userCard); allUsers.add(user); } return allUsers; }
@Override public List<Long> fetchUserIdsFromGroupId(final Long groupId) { final CMQueryResult result = view.select(anyAttribute(userClass())) // .from(userClass()) // .join(roleClass(), over(userGroupDomain())) // .where( condition( attribute(roleClass(), roleClass().getKeyAttributeName()), eq(groupId))) // .run(); final List<Long> userIdsForSpecifiedGroup = Lists.newArrayList(); for (final CMQueryRow row : result) { final CMCard userCard = row.getCard(userClass()); userIdsForSpecifiedGroup.add(userCard.getId()); } return userIdsForSpecifiedGroup; }
protected CMCard fetchUserCard(final Login login) throws NoSuchElementException { final Alias userClassAlias = EntryTypeAlias.canonicalAlias(userClass()); final CMQueryResult queryResult = view.select(anyAttribute(userClass())) // .from(userClass(), as(userClassAlias)) // .where( and( // activeCondition(userClassAlias), // condition( attribute(userClassAlias, loginAttributeName(login)), // eq(login.getValue())))) // .run(); final CMCard userCard; if (queryResult.size() == 1) { userCard = queryResult.getOnlyRow().getCard(userClassAlias); } else { userCard = null; } return userCard; }
private void createClassGrantCard(final PrivilegeInfo privilegeInfo) { final CMCardDefinition grantCardToBeCreated = view.createCardFor(grantClass); // manage the null value for the privilege mode // could happens updating row and column privileges PrivilegeMode privilegeMode = privilegeInfo.getMode(); if (privilegeMode == null) { privilegeMode = PrivilegeMode.NONE; } grantCardToBeCreated // .set(GROUP_ID_ATTRIBUTE, privilegeInfo.getGroupId()) // .set(PRIVILEGED_CLASS_ID_ATTRIBUTE, privilegeInfo.getPrivilegedObjectId()) // .set(MODE_ATTRIBUTE, privilegeMode.getValue()) // .set(TYPE_ATTRIBUTE, PrivilegedObjectType.CLASS.getValue()) // .set(PRIVILEGE_FILTER_ATTRIBUTE, privilegeInfo.getPrivilegeFilter()) // .set(ATTRIBUTES_PRIVILEGES_ATTRIBUTE, privilegeInfo.getAttributesPrivileges()) // .set(STATUS_ATTRIBUTE, CardStatus.ACTIVE.value()) // .save(); }
/** * @param userBuilder * @param groupName */ private void addGroupDescription( // final UserImplBuilder userBuilder, // final String groupName // ) { try { final CMCard roleCard = view.select(anyAttribute(roleClass())) // .from(roleClass()) // .where(condition(attribute(roleClass(), ROLE_NAME_COLUMN), eq(groupName))) // .run() // .getOnlyRow() // .getCard(roleClass()); final Object roleDescription = roleCard.getDescription(); if (roleDescription != null) { userBuilder.withGroupDescription(roleDescription.toString()); } } catch (final Exception e) { logger.debug("Error reading description of group " + groupName); } }
private List<String> fetchGroupNamesForUser(final Long userId) { final List<String> groupNames = new ArrayList<String>(); final Alias groupClassAlias = EntryTypeAlias.canonicalAlias(roleClass()); final Alias userClassAlias = EntryTypeAlias.canonicalAlias(userClass()); final CMQueryResult userGroupsRows = view.select(attribute(groupClassAlias, Role.CODE)) // .from(roleClass()) // .join(userClass(), as(userClassAlias), over(userGroupDomain())) // .where( and( // condition( attribute(roleClass(), Role.ACTIVE), // eq(true)), // condition( attribute(userClass(), userIdAttribute()), // eq(userId)))) // .run(); for (final CMQueryRow row : userGroupsRows) { final CMCard groupCard = row.getCard(groupClassAlias); groupNames.add((String) groupCard.getCode()); } return groupNames; }
@Override protected SerializablePrivilege extractPrivilegedObject(final CMCard privilegeCard) { final Long etr = privilegeCard.get(PRIVILEGED_CLASS_ID_ATTRIBUTE, Long.class); return view.findClass(etr); }
/* * FIXME * * this methods is called for two different purposes * * 1) change the mode * * 2) change the row and column privilege configuration remove the mode * * Only flag and implement two different methods or uniform the values set * in the privilegeInfo object to have always all the attributes and update * them all */ public void saveClassPrivilege(final PrivilegeInfo privilegeInfo, final boolean modeOnly) { /* * Extract the grants defined for the given group id */ final CMQueryResult grantRows = view.select(anyAttribute(grantClass)) .from(grantClass) .where( // and( // condition( attribute(grantClass, GROUP_ID_ATTRIBUTE), eq(privilegeInfo.getGroupId())), // condition( attribute(grantClass, TYPE_ATTRIBUTE), eq(PrivilegedObjectType.CLASS.getValue())) // ) // ) // .run(); /* * FIXME why does not add a condition to to the query, and extract only * the row for the given entryTypeId ??? */ for (final CMQueryRow row : grantRows) { final CMCard grantCard = row.getCard(grantClass); final Long entryTypeId = grantCard.get(PRIVILEGED_CLASS_ID_ATTRIBUTE, Long.class); if (entryTypeId.equals(privilegeInfo.getPrivilegedObjectId())) { if (modeOnly) { // replace the privilegeInfo with the // data already stored to not override them final Object filter = grantCard.get(PRIVILEGE_FILTER_ATTRIBUTE); if (filter != null) { privilegeInfo.setPrivilegeFilter((String) filter); } final Object attributes = grantCard.get(ATTRIBUTES_PRIVILEGES_ATTRIBUTE); if (attributes != null) { privilegeInfo.setAttributesPrivileges((String[]) attributes); } } else { /* * Iterate over the attributes privileges and keep only the * ones that override the mode of the attribute */ final CMEntryType entryType = view.findClass(entryTypeId); final Map<String, String> attributeModes = attributesMode(entryType); final List<String> attributesPrivilegesToSave = new ArrayList<String>(); for (final String attributePrivilege : privilegeInfo.getAttributesPrivileges()) { final String[] parts = attributePrivilege.split(":"); final String attributeName = parts[0]; final String privilege = parts[1]; if (attributeModes.containsKey(attributeName)) { if (!attributeModes.get(attributeName).equals(privilege)) { attributesPrivilegesToSave.add(attributePrivilege); } } } privilegeInfo.setAttributesPrivileges( // attributesPrivilegesToSave.toArray( // new String[attributesPrivilegesToSave.size()] // )); } updateGrantCard(grantCard, privilegeInfo); return; } } createClassGrantCard(privilegeInfo); }