/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.ambari.server.controller.internal; import java.util.Collection; import java.util.Collections; import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; import java.util.Map; import java.util.Set; import org.apache.ambari.server.StaticallyInject; import org.apache.ambari.server.controller.AmbariManagementController; import org.apache.ambari.server.controller.spi.NoSuchParentResourceException; import org.apache.ambari.server.controller.spi.NoSuchResourceException; import org.apache.ambari.server.controller.spi.Predicate; import org.apache.ambari.server.controller.spi.Request; import org.apache.ambari.server.controller.spi.Resource; import org.apache.ambari.server.controller.spi.Resource.Type; import org.apache.ambari.server.controller.spi.SystemException; import org.apache.ambari.server.controller.spi.UnsupportedPropertyException; import org.apache.ambari.server.controller.utilities.PropertyHelper; import org.apache.ambari.server.orm.dao.PermissionDAO; import org.apache.ambari.server.orm.dao.RoleAuthorizationDAO; import org.apache.ambari.server.orm.entities.PermissionEntity; import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity; import org.apache.commons.lang.StringUtils; import com.google.inject.Inject; /** * A write-only resource provider for securely stored credentials */ @StaticallyInject public class RoleAuthorizationResourceProvider extends ReadOnlyResourceProvider { // ----- Property ID constants --------------------------------------------- public static final String AUTHORIZATION_ID_PROPERTY_ID = PropertyHelper.getPropertyId("AuthorizationInfo", "authorization_id"); public static final String PERMISSION_ID_PROPERTY_ID = PropertyHelper.getPropertyId("AuthorizationInfo", "permission_id"); public static final String AUTHORIZATION_NAME_PROPERTY_ID = PropertyHelper.getPropertyId("AuthorizationInfo", "authorization_name"); private static final Set<String> PK_PROPERTY_IDS; private static final Set<String> PROPERTY_IDS; private static final Map<Type, String> KEY_PROPERTY_IDS; static { Set<String> set; set = new HashSet<>(); set.add(AUTHORIZATION_ID_PROPERTY_ID); set.add(PERMISSION_ID_PROPERTY_ID); PK_PROPERTY_IDS = Collections.unmodifiableSet(set); set = new HashSet<>(); set.add(AUTHORIZATION_ID_PROPERTY_ID); set.add(PERMISSION_ID_PROPERTY_ID); set.add(AUTHORIZATION_NAME_PROPERTY_ID); PROPERTY_IDS = Collections.unmodifiableSet(set); HashMap<Type, String> map = new HashMap<>(); map.put(Type.Permission, PERMISSION_ID_PROPERTY_ID); map.put(Type.RoleAuthorization, AUTHORIZATION_ID_PROPERTY_ID); KEY_PROPERTY_IDS = Collections.unmodifiableMap(map); } /** * Data access object used to obtain authorization entities. */ @Inject private static RoleAuthorizationDAO roleAuthorizationDAO; /** * Data access object used to obtain permission entities. */ @Inject private static PermissionDAO permissionDAO; /** * Create a new resource provider. */ public RoleAuthorizationResourceProvider(AmbariManagementController managementController) { super(PROPERTY_IDS, KEY_PROPERTY_IDS, managementController); } @Override public Set<Resource> getResources(Request request, Predicate predicate) throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException { Set<String> requestedIds = getRequestPropertyIds(request, predicate); Set<Resource> resources = new HashSet<>(); Set<Map<String, Object>> propertyMaps; if (predicate == null) { // The request must be from / propertyMaps = Collections.singleton(Collections.<String, Object>emptyMap()); } else { propertyMaps = getPropertyMaps(predicate); } if (propertyMaps != null) { for (Map<String, Object> propertyMap : propertyMaps) { Object object = propertyMap.get(PERMISSION_ID_PROPERTY_ID); Collection<RoleAuthorizationEntity> authorizationEntities; Integer permissionId; if (object instanceof String) { try { permissionId = Integer.valueOf((String) object); } catch (NumberFormatException e) { LOG.warn(PERMISSION_ID_PROPERTY_ID + " is not a valid integer value", e); throw new NoSuchResourceException("The requested resource doesn't exist: Authorization not found, " + predicate, e); } } else if (object instanceof Number) { permissionId = ((Number) object).intValue(); } else { permissionId = null; } if (permissionId == null) { authorizationEntities = roleAuthorizationDAO.findAll(); } else { PermissionEntity permissionEntity = permissionDAO.findById(permissionId); if (permissionEntity == null) { authorizationEntities = null; } else { authorizationEntities = permissionEntity.getAuthorizations(); } } if (authorizationEntities != null) { String authorizationId = (String) propertyMap.get(AUTHORIZATION_ID_PROPERTY_ID); if (!StringUtils.isEmpty(authorizationId)) { // Filter the entities Iterator<RoleAuthorizationEntity> iterator = authorizationEntities.iterator(); while (iterator.hasNext()) { if (!authorizationId.equals(iterator.next().getAuthorizationId())) { iterator.remove(); } } } for (RoleAuthorizationEntity entity : authorizationEntities) { resources.add(toResource(permissionId, entity, requestedIds)); } } } } return resources; } @Override protected Set<String> getPKPropertyIds() { return PK_PROPERTY_IDS; } /** * Creates a new resource from the given RoleAuthorizationEntity and set of requested ids. * * @param entity the RoleAuthorizationEntity * @param requestedIds the properties to include in the resulting resource instance * @return a resource */ private Resource toResource(Integer permissionId, RoleAuthorizationEntity entity, Set<String> requestedIds) { Resource resource = new ResourceImpl(Type.RoleAuthorization); setResourceProperty(resource, AUTHORIZATION_ID_PROPERTY_ID, entity.getAuthorizationId(), requestedIds); if (permissionId != null) { setResourceProperty(resource, PERMISSION_ID_PROPERTY_ID, permissionId, requestedIds); } setResourceProperty(resource, AUTHORIZATION_NAME_PROPERTY_ID, entity.getAuthorizationName(), requestedIds); return resource; } }