UserNamespaceAuthorizationHelper.java

/*
* Copyright 2015 herd contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*     http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.finra.herd.service.helper;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;

import org.apache.commons.lang3.BooleanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import org.finra.herd.core.helper.ConfigurationHelper;
import org.finra.herd.core.helper.WildcardHelper;
import org.finra.herd.dao.NamespaceDao;
import org.finra.herd.dao.UserDao;
import org.finra.herd.dao.UserNamespaceAuthorizationDao;
import org.finra.herd.model.api.xml.NamespaceAuthorization;
import org.finra.herd.model.api.xml.NamespaceKey;
import org.finra.herd.model.api.xml.NamespacePermissionEnum;
import org.finra.herd.model.dto.ApplicationUser;
import org.finra.herd.model.dto.ConfigurationValue;
import org.finra.herd.model.jpa.UserEntity;
import org.finra.herd.model.jpa.UserNamespaceAuthorizationEntity;

/**
 * A helper class for UserNamespaceAuthorization related code.
 */
@Component
public class UserNamespaceAuthorizationHelper
{
    @Autowired
    private ConfigurationHelper configurationHelper;

    @Autowired
    private NamespaceDao namespaceDao;

    @Autowired
    private UserDao userDao;

    @Autowired
    private UserNamespaceAuthorizationDao userNamespaceAuthorizationDao;

    @Autowired
    private WildcardHelper wildcardHelper;

    /**
     * Builds a set of namespace authorizations per specified user and adds them to the application user.
     *
     * @param applicationUser the application user
     */
    public void buildNamespaceAuthorizations(ApplicationUser applicationUser)
    {
        // Get the user id from the application user.
        String userId = applicationUser.getUserId();

        // Check if user namespace authorization is not enabled or this user is a namespace authorization administrator.
        if (BooleanUtils.isNotTrue(configurationHelper.getBooleanProperty(ConfigurationValue.USER_NAMESPACE_AUTHORIZATION_ENABLED)) ||
            isNamespaceAuthorizationAdmin(userId))
        {
            // Assign all permissions for all namespaces configured in the system.
            applicationUser.setNamespaceAuthorizations(getAllNamespaceAuthorizations());
        }
        else
        {
            // Assign a set of namespace authorizations per specified user.
            Set<NamespaceAuthorization> namespaceAuthorizations = new HashSet<>();
            applicationUser.setNamespaceAuthorizations(namespaceAuthorizations);
            for (UserNamespaceAuthorizationEntity userNamespaceAuthorizationEntity : userNamespaceAuthorizationDao
                .getUserNamespaceAuthorizationsByUserId(userId))
            {
                namespaceAuthorizations.add(toNamespaceAuthorization(userNamespaceAuthorizationEntity));
            }

            // Search authorizations by wildcard token
            for (UserNamespaceAuthorizationEntity wildcardEntity : userNamespaceAuthorizationDao
                .getUserNamespaceAuthorizationsByUserIdStartsWith(WildcardHelper.WILDCARD_TOKEN))
            {
                if (wildcardHelper.matches(userId.toUpperCase(), wildcardEntity.getUserId().toUpperCase()))
                {
                    namespaceAuthorizations.add(toNamespaceAuthorization(wildcardEntity));
                }
            }
        }
    }

    /**
     * Returns a list of namespace authorizations for all namespaces registered in the system and with all permissions enabled.
     *
     * @return namespacePermissions the list of namespace authorizations
     */
    public Set<NamespaceAuthorization> getAllNamespaceAuthorizations()
    {
        Set<NamespaceAuthorization> namespaceAuthorizations = new LinkedHashSet<>();

        List<NamespaceKey> namespaceKeys = namespaceDao.getNamespaces();
        for (NamespaceKey namespaceKey : namespaceKeys)
        {
            NamespaceAuthorization namespaceAuthorization = new NamespaceAuthorization();
            namespaceAuthorizations.add(namespaceAuthorization);
            namespaceAuthorization.setNamespace(namespaceKey.getNamespaceCode());
            namespaceAuthorization.setNamespacePermissions(getAllNamespacePermissions());
        }

        return namespaceAuthorizations;
    }

    /**
     * Returns a list of namespace permissions per specified namespace authorization entity.
     *
     * @param userNamespaceAuthorizationEntity the user namespace authorization entity
     *
     * @return namespacePermissions the list of namespace permissions
     */
    public List<NamespacePermissionEnum> getNamespacePermissions(UserNamespaceAuthorizationEntity userNamespaceAuthorizationEntity)
    {
        List<NamespacePermissionEnum> namespacePermissions = new ArrayList<>();

        if (BooleanUtils.isTrue(userNamespaceAuthorizationEntity.getReadPermission()))
        {
            namespacePermissions.add(NamespacePermissionEnum.READ);
        }
        if (BooleanUtils.isTrue(userNamespaceAuthorizationEntity.getWritePermission()))
        {
            namespacePermissions.add(NamespacePermissionEnum.WRITE);
        }
        if (BooleanUtils.isTrue(userNamespaceAuthorizationEntity.getExecutePermission()))
        {
            namespacePermissions.add(NamespacePermissionEnum.EXECUTE);
        }
        if (BooleanUtils.isTrue(userNamespaceAuthorizationEntity.getGrantPermission()))
        {
            namespacePermissions.add(NamespacePermissionEnum.GRANT);
        }

        return namespacePermissions;
    }

    /**
     * Returns a list of all available namespace permissions.
     *
     * @return namespacePermissions the list of namespace permissions
     */
    private List<NamespacePermissionEnum> getAllNamespacePermissions()
    {
        return Arrays.asList(NamespacePermissionEnum.READ, NamespacePermissionEnum.WRITE, NamespacePermissionEnum.EXECUTE, NamespacePermissionEnum.GRANT);
    }

    /**
     * Converts the given UserNamespaceAuthorizationEntity to NamespaceAuthorization.
     *
     * @param userNamespaceAuthorizationEntity The UserNamespaceAuthorizationEntity
     *
     * @return The NamespaceAuthorization
     */
    private NamespaceAuthorization toNamespaceAuthorization(UserNamespaceAuthorizationEntity userNamespaceAuthorizationEntity)
    {
        NamespaceAuthorization namespaceAuthorization = new NamespaceAuthorization();
        namespaceAuthorization.setNamespace(userNamespaceAuthorizationEntity.getNamespace().getCode());
        namespaceAuthorization.setNamespacePermissions(getNamespacePermissions(userNamespaceAuthorizationEntity));
        return namespaceAuthorization;
    }

    /**
     * Returns true if user is a namespace authorization administrator.
     *
     * @param userId the user id
     *
     * @return true if user is a namespace authorization administrator, false otherwise
     */
    protected boolean isNamespaceAuthorizationAdmin(String userId)
    {
        UserEntity userEntity = userDao.getUserByUserId(userId);
        return userEntity != null ? userEntity.getNamespaceAuthorizationAdmin() : false;
    }
}