/*
This file is part of Cyclos (www.cyclos.org).
A project of the Social Trade Organisation (www.socialtrade.org).
Cyclos is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
Cyclos is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Cyclos; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
package nl.strohalm.cyclos.services.accounts.pos;
import java.util.Collections;
import java.util.List;
import nl.strohalm.cyclos.access.AdminMemberPermission;
import nl.strohalm.cyclos.access.BrokerPermission;
import nl.strohalm.cyclos.entities.Relationship;
import nl.strohalm.cyclos.entities.accounts.pos.MemberPos;
import nl.strohalm.cyclos.entities.accounts.pos.Pos;
import nl.strohalm.cyclos.entities.accounts.pos.PosQuery;
import nl.strohalm.cyclos.entities.groups.AdminGroup;
import nl.strohalm.cyclos.entities.members.Member;
import nl.strohalm.cyclos.exceptions.PermissionDeniedException;
import nl.strohalm.cyclos.services.BaseServiceSecurity;
import nl.strohalm.cyclos.utils.RelationshipHelper;
import nl.strohalm.cyclos.utils.access.LoggedUser;
/**
* Security implementation for {@link PosService}
* @author jcomas
*/
public class PosServiceSecurity extends BaseServiceSecurity implements PosService {
private PosServiceLocal posService;
@Override
public Pos assignPos(final Member member, final Long posId) {
if (posService.load(posId).getStatus() == Pos.Status.DISCARDED) {
throw new PermissionDeniedException();
}
permissionService.permission(member)
.admin(AdminMemberPermission.POS_ASSIGN)
.broker(BrokerPermission.POS_ASSIGN)
.check();
checkManage(posId);
return posService.assignPos(member, posId);
}
@Override
public void deletePos(final Long... ids) {
permissionService.permission()
.admin(AdminMemberPermission.POS_MANAGE)
.broker(BrokerPermission.POS_MANAGE)
.check();
for (Long posId : ids) {
checkManage(posId);
}
posService.deletePos(ids);
}
@Override
public Pos discardPos(final Long posId) {
permissionService.permission()
.admin(AdminMemberPermission.POS_DISCARD)
.broker(BrokerPermission.POS_DISCARD)
.member()
.check();
checkManage(true, posId);
return posService.discardPos(posId);
}
@Override
public Pos load(final Long id, final Relationship... fetch) {
permissionService.permission()
.admin(AdminMemberPermission.POS_VIEW)
.broker(BrokerPermission.POS_VIEW)
.member()
.check();
checkManage(true, id);
return posService.load(id, fetch);
}
@Override
public Pos loadByPosId(final String posId, final Relationship... fetch) {
final Pos pos = posService.loadByPosId(posId, fetch);
permissionService.permission()
.admin(AdminMemberPermission.POS_VIEW)
.broker(BrokerPermission.POS_VIEW)
.member()
.check();
checkManage(true, pos.getId());
return pos;
}
@Override
public Pos save(final Pos pos) {
permissionService.permission()
.admin(AdminMemberPermission.POS_MANAGE)
.broker(BrokerPermission.POS_MANAGE)
.member()
.check();
if (!pos.isTransient()) {
checkManage(true, pos.getId());
}
return posService.save(pos);
}
@Override
public List<Pos> search(final PosQuery query) {
if (!permissionService.hasPermission(AdminMemberPermission.POS_VIEW, BrokerPermission.POS_VIEW)) {
return Collections.emptyList();
}
if (LoggedUser.isAdministrator()) {
query.setManagedBy((AdminGroup) LoggedUser.group());
} else if (LoggedUser.isBroker()) {
query.setBroker((Member) LoggedUser.element());
}
return posService.search(query);
}
public void setPosServiceLocal(final PosServiceLocal posService) {
this.posService = posService;
}
@Override
public Pos unassignPos(final Long posId) {
permissionService.permission()
.admin(AdminMemberPermission.POS_ASSIGN)
.broker(BrokerPermission.POS_ASSIGN).check();
checkManage(posId);
return posService.unassignPos(posId);
}
@Override
public void validate(final Pos pos) {
// Nothing to check
posService.validate(pos);
}
private void checkManage(final boolean isMemberRequired, final Long posId) {
final Pos pos = posService.load(posId, RelationshipHelper.nested(Pos.Relationships.MEMBER_POS, MemberPos.Relationships.MEMBER));
if (pos.getMemberPos() != null) {
Member currentMember = pos.getMemberPos().getMember();
permissionService.checkManages(currentMember);
} else if (isMemberRequired && LoggedUser.isMember() && !LoggedUser.isBroker()) {
throw new PermissionDeniedException();
}
}
private void checkManage(final Long posId) {
checkManage(false, posId);
}
}