PosServiceSecurity.java

/*
    This file is part of Cyclos (www.cyclos.org).
    A project of the Social Trade Organisation (www.socialtrade.org).

    Cyclos is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    Cyclos is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with Cyclos; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

 */
package nl.strohalm.cyclos.services.accounts.pos;

import java.util.Collections;
import java.util.List;

import nl.strohalm.cyclos.access.AdminMemberPermission;
import nl.strohalm.cyclos.access.BrokerPermission;
import nl.strohalm.cyclos.entities.Relationship;
import nl.strohalm.cyclos.entities.accounts.pos.MemberPos;
import nl.strohalm.cyclos.entities.accounts.pos.Pos;
import nl.strohalm.cyclos.entities.accounts.pos.PosQuery;
import nl.strohalm.cyclos.entities.groups.AdminGroup;
import nl.strohalm.cyclos.entities.members.Member;
import nl.strohalm.cyclos.exceptions.PermissionDeniedException;
import nl.strohalm.cyclos.services.BaseServiceSecurity;
import nl.strohalm.cyclos.utils.RelationshipHelper;
import nl.strohalm.cyclos.utils.access.LoggedUser;

/**
 * Security implementation for {@link PosService}
 * @author jcomas
 */
public class PosServiceSecurity extends BaseServiceSecurity implements PosService {

    private PosServiceLocal posService;

    @Override
    public Pos assignPos(final Member member, final Long posId) {
        if (posService.load(posId).getStatus() == Pos.Status.DISCARDED) {
            throw new PermissionDeniedException();
        }

        permissionService.permission(member)
                .admin(AdminMemberPermission.POS_ASSIGN)
                .broker(BrokerPermission.POS_ASSIGN)
                .check();

        checkManage(posId);
        return posService.assignPos(member, posId);
    }

    @Override
    public void deletePos(final Long... ids) {
        permissionService.permission()
                .admin(AdminMemberPermission.POS_MANAGE)
                .broker(BrokerPermission.POS_MANAGE)
                .check();

        for (Long posId : ids) {
            checkManage(posId);
        }
        posService.deletePos(ids);
    }

    @Override
    public Pos discardPos(final Long posId) {
        permissionService.permission()
                .admin(AdminMemberPermission.POS_DISCARD)
                .broker(BrokerPermission.POS_DISCARD)
                .member()
                .check();
        checkManage(true, posId);
        return posService.discardPos(posId);
    }

    @Override
    public Pos load(final Long id, final Relationship... fetch) {
        permissionService.permission()
                .admin(AdminMemberPermission.POS_VIEW)
                .broker(BrokerPermission.POS_VIEW)
                .member()
                .check();

        checkManage(true, id);
        return posService.load(id, fetch);
    }

    @Override
    public Pos loadByPosId(final String posId, final Relationship... fetch) {
        final Pos pos = posService.loadByPosId(posId, fetch);

        permissionService.permission()
                .admin(AdminMemberPermission.POS_VIEW)
                .broker(BrokerPermission.POS_VIEW)
                .member()
                .check();

        checkManage(true, pos.getId());
        return pos;
    }

    @Override
    public Pos save(final Pos pos) {
        permissionService.permission()
                .admin(AdminMemberPermission.POS_MANAGE)
                .broker(BrokerPermission.POS_MANAGE)
                .member()
                .check();

        if (!pos.isTransient()) {
            checkManage(true, pos.getId());
        }
        return posService.save(pos);
    }

    @Override
    public List<Pos> search(final PosQuery query) {
        if (!permissionService.hasPermission(AdminMemberPermission.POS_VIEW, BrokerPermission.POS_VIEW)) {
            return Collections.emptyList();
        }

        if (LoggedUser.isAdministrator()) {
            query.setManagedBy((AdminGroup) LoggedUser.group());
        } else if (LoggedUser.isBroker()) {
            query.setBroker((Member) LoggedUser.element());
        }
        return posService.search(query);
    }

    public void setPosServiceLocal(final PosServiceLocal posService) {
        this.posService = posService;
    }

    @Override
    public Pos unassignPos(final Long posId) {
        permissionService.permission()
                .admin(AdminMemberPermission.POS_ASSIGN)
                .broker(BrokerPermission.POS_ASSIGN).check();

        checkManage(posId);
        return posService.unassignPos(posId);
    }

    @Override
    public void validate(final Pos pos) {
        // Nothing to check
        posService.validate(pos);
    }

    private void checkManage(final boolean isMemberRequired, final Long posId) {
        final Pos pos = posService.load(posId, RelationshipHelper.nested(Pos.Relationships.MEMBER_POS, MemberPos.Relationships.MEMBER));
        if (pos.getMemberPos() != null) {
            Member currentMember = pos.getMemberPos().getMember();
            permissionService.checkManages(currentMember);
        } else if (isMemberRequired && LoggedUser.isMember() && !LoggedUser.isBroker()) {
            throw new PermissionDeniedException();
        }
    }

    private void checkManage(final Long posId) {
        checkManage(false, posId);
    }
}