AccountTypeServiceSecurity.java

/*
    This file is part of Cyclos (www.cyclos.org).
    A project of the Social Trade Organisation (www.socialtrade.org).

    Cyclos is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    Cyclos is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with Cyclos; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

 */
package nl.strohalm.cyclos.services.accounts;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;

import nl.strohalm.cyclos.access.AdminSystemPermission;
import nl.strohalm.cyclos.entities.Relationship;
import nl.strohalm.cyclos.entities.accounts.AccountType;
import nl.strohalm.cyclos.entities.accounts.AccountTypeQuery;
import nl.strohalm.cyclos.entities.accounts.MemberAccountType;
import nl.strohalm.cyclos.entities.accounts.MemberGroupAccountSettings;
import nl.strohalm.cyclos.entities.accounts.SystemAccountType;
import nl.strohalm.cyclos.entities.groups.AdminGroup;
import nl.strohalm.cyclos.entities.groups.MemberGroup;
import nl.strohalm.cyclos.services.BaseServiceSecurity;
import nl.strohalm.cyclos.utils.access.LoggedUser;
import nl.strohalm.cyclos.utils.access.PermissionHelper;

import org.apache.commons.beanutils.BeanComparator;

/**
 * Security implementation for {@link AccountTypeService}
 * 
 * @author Luis
 */
public class AccountTypeServiceSecurity extends BaseServiceSecurity implements AccountTypeService {

    private AccountTypeServiceLocal accountTypeService;

    @Override
    public MemberAccountType getDefault(final MemberGroup group, final Relationship... fetch) {
        PermissionHelper.checkContains(permissionService.getVisibleMemberGroups(), group);
        return accountTypeService.getDefault(group, fetch);
    }

    @Override
    @SuppressWarnings("unchecked")
    public List<? extends AccountType> listAll() {
        // Listing all is actually listing all visible types
        List<AccountType> accountTypes = new ArrayList<AccountType>();
        accountTypes.addAll(accountTypeService.getVisibleAccountTypes());
        Collections.sort(accountTypes, new BeanComparator("name"));
        return accountTypes;
    }

    @Override
    public Collection<AccountType> load(final Collection<Long> ids) {
        Collection<AccountType> accountTypes = accountTypeService.load(ids);
        for (AccountType accountType : accountTypes) {
            checkVisible(accountType);
        }
        return accountTypes;
    }

    @Override
    public AccountType load(final Long id) {
        AccountType accountType = accountTypeService.load(id);
        checkVisible(accountType);
        return accountType;
    }

    @Override
    public int remove(final Long... ids) {
        permissionService.permission().admin(AdminSystemPermission.ACCOUNTS_MANAGE).check();
        return accountTypeService.remove(ids);
    }

    @Override
    public <AT extends AccountType> AT save(final AT accountType) {
        permissionService.permission().admin(AdminSystemPermission.ACCOUNTS_MANAGE).check();
        return accountTypeService.save(accountType);
    }

    @Override
    public List<? extends AccountType> search(final AccountTypeQuery query) {
        List<? extends AccountType> accountTypes = accountTypeService.search(query);
        accountTypes.retainAll(accountTypeService.getVisibleAccountTypes());
        return accountTypes;
    }

    public void setAccountTypeServiceLocal(final AccountTypeServiceLocal accountTypeService) {
        this.accountTypeService = accountTypeService;
    }

    @Override
    public void validate(final AccountType accountType) {
        // No permissions needed for validation
        accountTypeService.validate(accountType);
    }

    private boolean checkVisible(final AccountType accountType) {
        if (permissionService.permission().admin(AdminSystemPermission.ACCOUNTS_VIEW).hasPermission()) {
            return true;
        }
        if (accountType instanceof SystemAccountType) {
            // A system account can only be visible by admins with specific permissions
            AdminGroup group = LoggedUser.group();
            Collection<SystemAccountType> systemTypes = fetchService.fetch(group, AdminGroup.Relationships.VIEW_INFORMATION_OF).getViewInformationOf();
            return systemTypes.contains(accountType);
        } else {
            Collection<MemberGroup> groups = permissionService.getManagedMemberGroups();
            // Check for all associations with groups, to see if the account is visible
            MemberAccountType memberType = (MemberAccountType) fetchService.fetch(accountType, MemberAccountType.Relationships.SETTINGS);
            for (MemberGroupAccountSettings settings : memberType.getSettings()) {
                if (groups.contains(settings.getGroup())) {
                    return true;
                }
            }
            return false;
        }
    }
}