Admin.java

package service.filestore.roles;

import javax.jcr.RepositoryException;
import javax.jcr.Session;

import models.User;
import models.UserDAO;

import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.UserManager;

public class Admin {

  public static final String GROUP_ID = "filestoreAdmin";

  protected final Group group;

  protected Admin(final Group group) {
    this.group = group;
  }

  /**
   * Get the underlying group for the admin instance.
   *
   * @return Jackrabbit group
   */
  public Group getGroup() {
    return group;
  }

  /**
   * Get the admin group instance, creating it if necessary
   *
   * @param session
   *          the session to use to fetch this instance
   * @return admin instance bound to the provided session
   */
  public static Admin getInstance(final Session session)
      throws RepositoryException {
    return new Admin(getUnderlyingGroup((JackrabbitSession) session));
  }

  public static boolean isAdmin(Session session, UserDAO dao, User user)
      throws RepositoryException {
    return getInstance(session).getGroup().isMember(dao.jackrabbitUser(user));
  }

  protected static Group getUnderlyingGroup(final JackrabbitSession session)
      throws RepositoryException {
    final UserManager um = session.getUserManager();
    try {
      // Create group
      return um.createGroup(GROUP_ID);
    } catch (AuthorizableExistsException e) {
      // Great! Find it instead
      return findAdminGroup(um);
    }
  }

  protected static Group findAdminGroup(final UserManager um)
      throws RepositoryException {
    return (Group) um.getAuthorizable(GROUP_ID);
  }

}