/*
* Copyright (c) 2015 EMC Corporation
* All Rights Reserved
*/
package com.emc.sa.api.utils;
import java.net.URI;
import java.util.List;
import com.emc.storageos.api.service.authorization.PermissionsHelper;
import com.emc.storageos.api.service.authorization.PermissionsHelper.ACLInputFilter;
import com.emc.storageos.model.auth.ACLEntry;
import com.emc.storageos.model.auth.PrincipalsToValidate;
import com.emc.storageos.security.authorization.ACL;
import com.emc.storageos.security.authorization.PermissionsKey;
import com.emc.storageos.security.validator.StorageOSPrincipal;
import com.emc.storageos.security.validator.Validator;
import com.emc.storageos.svcs.errorhandling.resources.APIException;
import com.emc.storageos.svcs.errorhandling.resources.InternalException;
import com.google.common.collect.Lists;
public class CatalogACLInputFilter extends ACLInputFilter {
private final URI tenantId;
private List<String> groups;
private List<String> users;
public CatalogACLInputFilter(URI tenantId) {
this.tenantId = tenantId;
}
@Override
protected PermissionsKey getPermissionKeyForEntry(ACLEntry entry) throws InternalException {
PermissionsKey key;
StorageOSPrincipal principal = new StorageOSPrincipal();
if (entry.getGroup() != null) {
String group = entry.getGroup();
key = new PermissionsKey(PermissionsKey.Type.GROUP, group, this.tenantId);
principal.setName(group);
principal.setType(StorageOSPrincipal.Type.Group);
} else if (entry.getSubjectId() != null) {
key = new PermissionsKey(PermissionsKey.Type.SID, entry.getSubjectId(), this.tenantId);
principal.setName(entry.getSubjectId());
principal.setType(StorageOSPrincipal.Type.User);
} else {
throw APIException.badRequests.invalidEntryForCatalogServiceACL();
}
return key;
}
@Override
protected void validate() {
PrincipalsToValidate principalsToValidate = new PrincipalsToValidate();
principalsToValidate.setGroups(this.groups);
principalsToValidate.setUsers(this.users);
principalsToValidate.setTenantId(this.tenantId.toString());
StringBuilder error = new StringBuilder();
if (!Validator.validatePrincipals(principalsToValidate, error)) {
throw APIException.badRequests.invalidRoleAssignments(error.toString());
}
}
@Override
protected boolean isValidACL(String ace) {
return (PermissionsHelper.isUsageACL(ace) && !ace.equalsIgnoreCase(ACL.OWN.toString()));
}
@Override
protected void addPrincipalToList(PermissionsKey key) {
switch (key.getType()) {
case GROUP:
groups.add(key.getValue());
break;
case SID:
users.add(key.getValue());
break;
case TENANT:
default:
break;
}
}
@Override
protected void initLists() {
this.groups = Lists.newArrayList();
this.users = Lists.newArrayList();
}
}