ACLManager.java

/*
 * A CCNx command line utility.
 *
 * Copyright (C) 2008-2012 Palo Alto Research Center, Inc.
 *
 * This work is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License version 2 as published by the
 * Free Software Foundation. 
 * This work is distributed in the hope that it will be useful, but WITHOUT ANY
 * WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
 * for more details. You should have received a copy of the GNU General Public
 * License along with this program; if not, write to the
 * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 * Boston, MA 02110-1301, USA.
 */

package org.ccnx.ccn.utils.explorer;

import java.awt.Insets;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.util.ArrayList;

import javax.swing.JButton;
import javax.swing.JDialog;
import javax.swing.JLabel;
import javax.swing.JOptionPane;
import javax.swing.JScrollPane;
import javax.swing.JTable;

import org.ccnx.ccn.config.UserConfiguration;
import org.ccnx.ccn.profiles.security.access.AccessDeniedException;
import org.ccnx.ccn.profiles.security.access.group.ACL;
import org.ccnx.ccn.profiles.security.access.group.GroupAccessControlManager;
import org.ccnx.ccn.profiles.security.access.group.GroupAccessControlProfile;
import org.ccnx.ccn.profiles.security.access.group.GroupManager;
import org.ccnx.ccn.profiles.security.access.group.ACL.ACLObject;
import org.ccnx.ccn.profiles.security.access.group.ACL.ACLOperation;
import org.ccnx.ccn.protocol.ContentName;

public class ACLManager extends JDialog implements ActionListener {

	private static final long serialVersionUID = 1L;
	
	private GroupAccessControlManager acm;
	private GroupManager gm;
	private PrincipalEnumerator pEnum;
	private ContentName node;
	ContentName userStorage = new ContentName(UserConfiguration.defaultNamespace(), "Users");
	ContentName groupStorage = new ContentName(UserConfiguration.defaultNamespace(), "Groups");
	
	private ContentName[] userList;
	private ContentName[] groupList;
	private ACLObject currentACLObject;
	private ACL currentACL;
	private ACLTable userACLTable;
	private ACLTable groupACLTable;
	
	// GUI elements
	private JButton applyChangesButton;
	private JButton cancelChangesButton;
	
	
	public ACLManager(String path, GroupAccessControlManager gacm) {

		super();
		setBounds(100, 100, 400, 500);
		setTitle("Manage Access Controls for "+path);
		getContentPane().setLayout(null);
		
		// enumerate existing users and groups
		try{
			acm = gacm;
			gm = acm.groupManager();
		} catch (Exception e) {
			e.printStackTrace();
		}
		pEnum = new PrincipalEnumerator(gm);
		ArrayList<ContentName> temp = pEnum.enumerateUsers();
		userList = temp.toArray(new ContentName[temp.size()]);
		ArrayList<ContentName> temp2 = pEnum.enumerateGroups();
		groupList = temp2.toArray(new ContentName[temp2.size()]);
		
		getNodeName(path);
		getExistingACL();
		try {
			currentACL = currentACLObject.acl();
		} catch (Exception e) {
			e.printStackTrace();
		}
		
		// title label
		final JLabel userAndGroupLabel = new JLabel();
		userAndGroupLabel.setBounds(10, 30, 300, 15);
		userAndGroupLabel.setText("Permissions for " + path);
		getContentPane().add(userAndGroupLabel);
				
		// user table
		userACLTable = new ACLTable("Users", userList, currentACL);
		JTable usersTable = new JTable(userACLTable);
		usersTable.setAutoResizeMode(JTable.AUTO_RESIZE_OFF);
		usersTable.getColumnModel().getColumn(0).setPreferredWidth(200);
		usersTable.getColumnModel().getColumn(1).setPreferredWidth(50);
		usersTable.getColumnModel().getColumn(2).setPreferredWidth(50);
		usersTable.getColumnModel().getColumn(3).setPreferredWidth(50);
		
		final JScrollPane usersScrollPane = new JScrollPane();
		usersScrollPane.setBounds(8, 70, 370, 150);
		usersScrollPane.setViewportView(usersTable);
		getContentPane().add(usersScrollPane);
		
		// group table
		groupACLTable = new ACLTable("Groups", groupList, currentACL);
		JTable groupsTable = new JTable(groupACLTable);
		groupsTable.setAutoResizeMode(JTable.AUTO_RESIZE_OFF);
		groupsTable.getColumnModel().getColumn(0).setPreferredWidth(200);
		groupsTable.getColumnModel().getColumn(1).setPreferredWidth(50);
		groupsTable.getColumnModel().getColumn(2).setPreferredWidth(50);
		groupsTable.getColumnModel().getColumn(3).setPreferredWidth(50);
		
		final JScrollPane groupsScrollPane = new JScrollPane();
		groupsScrollPane.setBounds(8, 230, 370, 150);
		groupsScrollPane.setViewportView(groupsTable);
		getContentPane().add(groupsScrollPane);

		// apply and cancel buttons
		applyChangesButton = new JButton();
		applyChangesButton.addActionListener(this);
		applyChangesButton.setMargin(new Insets(2, 2, 2, 2));
		applyChangesButton.setBounds(50, 400, 112, 25);
		applyChangesButton.setText("Apply Changes");
		getContentPane().add(applyChangesButton);

		cancelChangesButton = new JButton();
		cancelChangesButton.addActionListener(this);
		cancelChangesButton.setMargin(new Insets(2, 2, 2, 2));
		cancelChangesButton.setText("Cancel");
		cancelChangesButton.setBounds(200, 400, 112, 25);
		getContentPane().add(cancelChangesButton);
		
	}

	public boolean hasACL() {
		if (currentACLObject != null) return true;
		return false;
	}
	
	private void getNodeName(String path) {
		try{
			node = ContentName.fromNative(path);
		}
		catch (Exception e) {
			e.printStackTrace();
		}
	}
	
	private void getExistingACL() {
		try{
			currentACLObject = acm.getEffectiveACLObject(node);
		}
		catch (IllegalStateException ise) {
			System.out.println("Fatal error: the repository has no root ACL.");
			ise.printStackTrace();
		}
		catch (Exception e) {
			e.printStackTrace();
		}		
	}	

	public void actionPerformed(ActionEvent ae) {
		if (applyChangesButton == ae.getSource()) applyChanges();
		else if (cancelChangesButton == ae.getSource()) closeACLManagerWindow();	
	}
	
	private void applyChanges() {
		ArrayList<ACLOperation> userUpdates = userACLTable.computeACLUpdates();
		ArrayList<ACLOperation> groupUpdates = groupACLTable.computeACLUpdates();
		System.out.println("User updates:");
		for (ACLOperation aclo: userUpdates) System.out.println(aclo.targetName() + " ---> " + aclo.targetLabel());
		System.out.println("Group updates:");
		for (ACLOperation aclo: groupUpdates) System.out.println(aclo.targetName() + " ---> " + aclo.targetLabel());
		try {			
			if (! currentACLObject.getBaseName().equals(GroupAccessControlProfile.aclName(node))) {
				// There is no actual ACL at this node.
				// So we copy the effective ACL to this node before updating it.
				acm.setACL(node, currentACL);
			}
			if (userUpdates.size() > 0) acm.updateACL(node, userUpdates);
			if (groupUpdates.size() > 0) acm.updateACL(node, groupUpdates);
		} catch (AccessDeniedException ade) {
			JOptionPane.showMessageDialog(this, "You do not have the access right to edit the ACL at this node.");
			closeACLManagerWindow();
			ade.printStackTrace();
		}
		catch (Exception e) {
			e.printStackTrace();
		}
		closeACLManagerWindow();
	}
	
	private void closeACLManagerWindow() {
		this.setVisible(false);
		this.dispose();
	}
	
}