Пример #1
0
  private String fetchDefaultGroupNameForUser(final String username) {
    String defaultGroupName = null;
    if (allowsDefaultGroup()) {
      final CMQueryResult result =
          view.select(
                  attribute(userClass(), userNameAttribute()),
                  attribute(userGroupDomain(), UserRole.DEFAULT_GROUP),
                  attribute(roleClass(), roleClass().getCodeAttributeName())) //
              .from(userClass()) //
              .join(roleClass(), over(userGroupDomain())) //
              .where(
                  condition(
                      attribute(userClass(), userNameAttribute()), //
                      eq(username))) //
              .run();

      for (final CMQueryRow row : result) {
        final CMCard group = row.getCard(roleClass());
        final CMRelation relation = row.getRelation(userGroupDomain()).getRelation();
        final String groupName = (String) group.getCode();
        final Object isDefaultGroup = relation.get(UserRole.DEFAULT_GROUP);
        if (isDefaultGroup != null) {
          if ((Boolean) isDefaultGroup) {
            defaultGroupName = groupName;
          }
        }
      }
    }
    return defaultGroupName;
  }
Пример #2
0
  public void saveFilterPrivilege(final PrivilegeInfo privilegeInfo) {
    final CMQueryResult result =
        view.select(anyAttribute(grantClass))
            .from(grantClass)
            .where(
                and(
                    condition(
                        attribute(grantClass, GROUP_ID_ATTRIBUTE), eq(privilegeInfo.getGroupId())),
                    condition(
                        attribute(grantClass, TYPE_ATTRIBUTE),
                        eq(PrivilegedObjectType.FILTER.getValue())))) //
            .run();

    for (final CMQueryRow row : result) {
      final CMCard grantCard = row.getCard(grantClass);
      final Long storedViewId =
          ((Integer) grantCard.get(PRIVILEGED_OBJECT_ID_ATTRIBUTE)).longValue();
      if (storedViewId.equals(privilegeInfo.getPrivilegedObjectId())) {
        updateGrantCard(grantCard, privilegeInfo);
        return;
      }
    }

    createFilterGrantCard(privilegeInfo);
  }
Пример #3
0
 private void createFilterGrantCard(final PrivilegeInfo privilegeInfo) {
   final CMCardDefinition grantCardToBeCreated = view.createCardFor(grantClass);
   grantCardToBeCreated
       .set(GROUP_ID_ATTRIBUTE, privilegeInfo.getGroupId()) //
       .set(PRIVILEGED_OBJECT_ID_ATTRIBUTE, privilegeInfo.getPrivilegedObjectId()) //
       .set(MODE_ATTRIBUTE, privilegeInfo.getMode().getValue()) //
       .set(TYPE_ATTRIBUTE, PrivilegedObjectType.FILTER.getValue()) //
       .set(STATUS_ATTRIBUTE, CardStatus.ACTIVE.value()) //
       .save();
 }
Пример #4
0
 public SecurityLogic( //
     final CMDataView view, //
     final ViewConverter viewConverter, //
     final DataViewFilterStore filterStore //
     ) {
   this.view = view;
   this.grantClass = view.findClass(GRANT_CLASS_NAME);
   this.viewConverter = viewConverter;
   this.filterStore = filterStore;
 }
Пример #5
0
 @SuppressWarnings("unchecked")
 private Iterable<CMClass> filterNonReservedAndNonBaseClasses() {
   final Iterable<CMClass> classes = (Iterable<CMClass>) view.findClasses();
   final List<CMClass> nonReservedClasses = Lists.newArrayList();
   for (final CMClass clazz : classes) {
     if (!clazz.isSystem() && !clazz.isBaseClass()) {
       nonReservedClasses.add(clazz);
     }
   }
   return nonReservedClasses;
 }
Пример #6
0
 @Override
 public CMUser fetchUserById(final Long userId) {
   final CMQueryRow row =
       view.select(anyAttribute(userClass())) //
           .from(userClass()) //
           .where(
               condition(
                   attribute(userClass(), userClass().getKeyAttributeName()), eq(userId))) //
           .run() //
           .getOnlyRow();
   return buildUserFromCard(row.getCard(userClass()));
 }
Пример #7
0
  private void updateGrantCard(final CMCard grantCard, final PrivilegeInfo privilegeInfo) {
    final CMCardDefinition mutableGrantCard = view.update(grantCard);
    if (privilegeInfo.getMode() != null) {
      // check if null to allow the update of other attributes
      // without specify the mode
      mutableGrantCard.set(MODE_ATTRIBUTE, privilegeInfo.getMode().getValue()); //
    }

    mutableGrantCard //
        .set(PRIVILEGE_FILTER_ATTRIBUTE, privilegeInfo.getPrivilegeFilter()) //
        .set(ATTRIBUTES_PRIVILEGES_ATTRIBUTE, privilegeInfo.getAttributesPrivileges()) //
        .save();
  }
Пример #8
0
 public void saveGroupUIConfiguration(final Long groupId, final UIConfiguration configuration) {
   final CMClass roleClass = view.findClass("Role");
   final CMQueryRow row =
       view.select(anyAttribute(roleClass)) //
           .from(roleClass) //
           .where(condition(attribute(roleClass, "Id"), eq(groupId))) //
           .run()
           .getOnlyRow();
   final CMCard roleCard = row.getCard(roleClass);
   final CMCardDefinition cardDefinition = view.update(roleCard);
   if (isStringArrayNull(configuration.getDisabledModules())) {
     cardDefinition.set(GROUP_ATTRIBUTE_DISABLEDMODULES, null);
   } else {
     cardDefinition.set(GROUP_ATTRIBUTE_DISABLEDMODULES, configuration.getDisabledModules());
   }
   if (isStringArrayNull(configuration.getDisabledCardTabs())) {
     cardDefinition.set(GROUP_ATTRIBUTE_DISABLEDCARDTABS, null);
   } else {
     cardDefinition.set(GROUP_ATTRIBUTE_DISABLEDCARDTABS, configuration.getDisabledCardTabs());
   }
   if (isStringArrayNull(configuration.getDisabledProcessTabs())) {
     cardDefinition.set(GROUP_ATTRIBUTE_DISABLEDPROCESSTABS, null);
   } else {
     cardDefinition.set(
         GROUP_ATTRIBUTE_DISABLEDPROCESSTABS, configuration.getDisabledProcessTabs());
   }
   cardDefinition.set(GROUP_ATTRIBUTE_HIDESIDEPANEL, configuration.isHideSidePanel());
   cardDefinition.set(GROUP_ATTRIBUTE_FULLSCREEN, configuration.isFullScreenMode());
   cardDefinition.set(
       GROUP_ATTRIBUTE_SIMPLE_HISTORY_CARD, configuration.isSimpleHistoryModeForCard());
   cardDefinition.set(
       GROUP_ATTRIBUTE_SIMPLE_HISTORY_PROCESS, configuration.isSimpleHistoryModeForProcess());
   cardDefinition.set(
       GROUP_ATTRIBUTE_PROCESS_WIDGET_ALWAYS_ENABLED,
       configuration.isProcessWidgetAlwaysEnabled());
   // FIXME: manage cloud admin
   cardDefinition.save();
 }
Пример #9
0
  public UIConfiguration fetchGroupUIConfiguration(final Long groupId) {
    final CMClass roleClass = view.findClass("Role");
    final CMQueryRow row =
        view.select(anyAttribute(roleClass)) //
            .from(roleClass) //
            .where(condition(attribute(roleClass, "Id"), eq(groupId))) //
            .run()
            .getOnlyRow();
    final CMCard roleCard = row.getCard(roleClass);
    final UIConfiguration uiConfiguration = new UIConfiguration();

    final String[] disabledModules = (String[]) roleCard.get(GROUP_ATTRIBUTE_DISABLEDMODULES);
    if (!isStringArrayNull(disabledModules)) {
      uiConfiguration.setDisabledModules(disabledModules);
    }

    final String[] disabledCardTabs = (String[]) roleCard.get(GROUP_ATTRIBUTE_DISABLEDCARDTABS);
    if (!isStringArrayNull(disabledCardTabs)) {
      uiConfiguration.setDisabledCardTabs(disabledCardTabs);
    }

    final String[] disabledProcessTabs =
        (String[]) roleCard.get(GROUP_ATTRIBUTE_DISABLEDPROCESSTABS);
    if (!isStringArrayNull(disabledProcessTabs)) {
      uiConfiguration.setDisabledProcessTabs(disabledProcessTabs);
    }
    uiConfiguration.setHideSidePanel((Boolean) roleCard.get(GROUP_ATTRIBUTE_HIDESIDEPANEL));
    uiConfiguration.setFullScreenMode((Boolean) roleCard.get(GROUP_ATTRIBUTE_FULLSCREEN));
    uiConfiguration.setSimpleHistoryModeForCard(
        (Boolean) roleCard.get(GROUP_ATTRIBUTE_SIMPLE_HISTORY_CARD));
    uiConfiguration.setSimpleHistoryModeForProcess(
        (Boolean) roleCard.get(GROUP_ATTRIBUTE_SIMPLE_HISTORY_PROCESS));
    uiConfiguration.setProcessWidgetAlwaysEnabled(
        (Boolean) roleCard.get(GROUP_ATTRIBUTE_PROCESS_WIDGET_ALWAYS_ENABLED));
    uiConfiguration.setCloudAdmin((Boolean) roleCard.get(GROUP_ATTRIBUTE_CLOUD_ADMIN));

    return uiConfiguration;
  }
Пример #10
0
 @Override
 public List<CMUser> fetchAllUsers() {
   final CMQueryResult result =
       view.select(anyAttribute(userClass())) //
           .from(userClass()) //
           .run();
   final List<CMUser> allUsers = Lists.newArrayList();
   for (final CMQueryRow row : result) {
     final CMCard userCard = row.getCard(userClass());
     final CMUser user = buildUserFromCard(userCard);
     allUsers.add(user);
   }
   return allUsers;
 }
Пример #11
0
  @Override
  public List<Long> fetchUserIdsFromGroupId(final Long groupId) {
    final CMQueryResult result =
        view.select(anyAttribute(userClass())) //
            .from(userClass()) //
            .join(roleClass(), over(userGroupDomain())) //
            .where(
                condition(
                    attribute(roleClass(), roleClass().getKeyAttributeName()), eq(groupId))) //
            .run();

    final List<Long> userIdsForSpecifiedGroup = Lists.newArrayList();
    for (final CMQueryRow row : result) {
      final CMCard userCard = row.getCard(userClass());
      userIdsForSpecifiedGroup.add(userCard.getId());
    }
    return userIdsForSpecifiedGroup;
  }
Пример #12
0
 protected CMCard fetchUserCard(final Login login) throws NoSuchElementException {
   final Alias userClassAlias = EntryTypeAlias.canonicalAlias(userClass());
   final CMQueryResult queryResult =
       view.select(anyAttribute(userClass())) //
           .from(userClass(), as(userClassAlias)) //
           .where(
               and( //
                   activeCondition(userClassAlias), //
                   condition(
                       attribute(userClassAlias, loginAttributeName(login)), //
                       eq(login.getValue())))) //
           .run();
   final CMCard userCard;
   if (queryResult.size() == 1) {
     userCard = queryResult.getOnlyRow().getCard(userClassAlias);
   } else {
     userCard = null;
   }
   return userCard;
 }
Пример #13
0
  private void createClassGrantCard(final PrivilegeInfo privilegeInfo) {
    final CMCardDefinition grantCardToBeCreated = view.createCardFor(grantClass);

    // manage the null value for the privilege mode
    // could happens updating row and column privileges
    PrivilegeMode privilegeMode = privilegeInfo.getMode();
    if (privilegeMode == null) {
      privilegeMode = PrivilegeMode.NONE;
    }

    grantCardToBeCreated //
        .set(GROUP_ID_ATTRIBUTE, privilegeInfo.getGroupId()) //
        .set(PRIVILEGED_CLASS_ID_ATTRIBUTE, privilegeInfo.getPrivilegedObjectId()) //
        .set(MODE_ATTRIBUTE, privilegeMode.getValue()) //
        .set(TYPE_ATTRIBUTE, PrivilegedObjectType.CLASS.getValue()) //
        .set(PRIVILEGE_FILTER_ATTRIBUTE, privilegeInfo.getPrivilegeFilter()) //
        .set(ATTRIBUTES_PRIVILEGES_ATTRIBUTE, privilegeInfo.getAttributesPrivileges()) //
        .set(STATUS_ATTRIBUTE, CardStatus.ACTIVE.value()) //
        .save();
  }
Пример #14
0
  /**
   * @param userBuilder
   * @param groupName
   */
  private void addGroupDescription( //
      final UserImplBuilder userBuilder, //
      final String groupName //
      ) {
    try {
      final CMCard roleCard =
          view.select(anyAttribute(roleClass())) //
              .from(roleClass()) //
              .where(condition(attribute(roleClass(), ROLE_NAME_COLUMN), eq(groupName))) //
              .run() //
              .getOnlyRow() //
              .getCard(roleClass());

      final Object roleDescription = roleCard.getDescription();
      if (roleDescription != null) {
        userBuilder.withGroupDescription(roleDescription.toString());
      }
    } catch (final Exception e) {
      logger.debug("Error reading description of group " + groupName);
    }
  }
Пример #15
0
 private List<String> fetchGroupNamesForUser(final Long userId) {
   final List<String> groupNames = new ArrayList<String>();
   final Alias groupClassAlias = EntryTypeAlias.canonicalAlias(roleClass());
   final Alias userClassAlias = EntryTypeAlias.canonicalAlias(userClass());
   final CMQueryResult userGroupsRows =
       view.select(attribute(groupClassAlias, Role.CODE)) //
           .from(roleClass()) //
           .join(userClass(), as(userClassAlias), over(userGroupDomain())) //
           .where(
               and( //
                   condition(
                       attribute(roleClass(), Role.ACTIVE), //
                       eq(true)), //
                   condition(
                       attribute(userClass(), userIdAttribute()), //
                       eq(userId)))) //
           .run();
   for (final CMQueryRow row : userGroupsRows) {
     final CMCard groupCard = row.getCard(groupClassAlias);
     groupNames.add((String) groupCard.getCode());
   }
   return groupNames;
 }
Пример #16
0
 @Override
 protected SerializablePrivilege extractPrivilegedObject(final CMCard privilegeCard) {
   final Long etr = privilegeCard.get(PRIVILEGED_CLASS_ID_ATTRIBUTE, Long.class);
   return view.findClass(etr);
 }
Пример #17
0
  /*
   * FIXME
   *
   * this methods is called for two different purposes
   *
   * 1) change the mode
   *
   * 2) change the row and column privilege configuration remove the mode
   *
   * Only flag and implement two different methods or uniform the values set
   * in the privilegeInfo object to have always all the attributes and update
   * them all
   */
  public void saveClassPrivilege(final PrivilegeInfo privilegeInfo, final boolean modeOnly) {
    /*
     * Extract the grants defined for the given group id
     */
    final CMQueryResult grantRows =
        view.select(anyAttribute(grantClass))
            .from(grantClass)
            .where( //
                and( //
                    condition(
                        attribute(grantClass, GROUP_ID_ATTRIBUTE),
                        eq(privilegeInfo.getGroupId())), //
                    condition(
                        attribute(grantClass, TYPE_ATTRIBUTE),
                        eq(PrivilegedObjectType.CLASS.getValue())) //
                    ) //
                ) //
            .run();

    /*
     * FIXME why does not add a condition to to the query, and extract only
     * the row for the given entryTypeId ???
     */
    for (final CMQueryRow row : grantRows) {
      final CMCard grantCard = row.getCard(grantClass);
      final Long entryTypeId = grantCard.get(PRIVILEGED_CLASS_ID_ATTRIBUTE, Long.class);
      if (entryTypeId.equals(privilegeInfo.getPrivilegedObjectId())) {

        if (modeOnly) {
          // replace the privilegeInfo with the
          // data already stored to not override them
          final Object filter = grantCard.get(PRIVILEGE_FILTER_ATTRIBUTE);
          if (filter != null) {
            privilegeInfo.setPrivilegeFilter((String) filter);
          }

          final Object attributes = grantCard.get(ATTRIBUTES_PRIVILEGES_ATTRIBUTE);
          if (attributes != null) {
            privilegeInfo.setAttributesPrivileges((String[]) attributes);
          }
        } else {
          /*
           * Iterate over the attributes privileges and keep only the
           * ones that override the mode of the attribute
           */
          final CMEntryType entryType = view.findClass(entryTypeId);
          final Map<String, String> attributeModes = attributesMode(entryType);
          final List<String> attributesPrivilegesToSave = new ArrayList<String>();
          for (final String attributePrivilege : privilegeInfo.getAttributesPrivileges()) {
            final String[] parts = attributePrivilege.split(":");
            final String attributeName = parts[0];
            final String privilege = parts[1];
            if (attributeModes.containsKey(attributeName)) {
              if (!attributeModes.get(attributeName).equals(privilege)) {
                attributesPrivilegesToSave.add(attributePrivilege);
              }
            }
          }

          privilegeInfo.setAttributesPrivileges( //
              attributesPrivilegesToSave.toArray( //
                  new String[attributesPrivilegesToSave.size()] //
                  ));
        }

        updateGrantCard(grantCard, privilegeInfo);
        return;
      }
    }

    createClassGrantCard(privilegeInfo);
  }