LoanGroupServiceSecurity.java

/*
    This file is part of Cyclos (www.cyclos.org).
    A project of the Social Trade Organisation (www.socialtrade.org).

    Cyclos is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    Cyclos is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with Cyclos; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

 */
package nl.strohalm.cyclos.services.loangroups;

import java.util.Collections;
import java.util.List;

import nl.strohalm.cyclos.access.AdminMemberPermission;
import nl.strohalm.cyclos.access.AdminSystemPermission;
import nl.strohalm.cyclos.access.BrokerPermission;
import nl.strohalm.cyclos.entities.Relationship;
import nl.strohalm.cyclos.entities.accounts.loans.LoanGroup;
import nl.strohalm.cyclos.entities.accounts.loans.LoanGroupQuery;
import nl.strohalm.cyclos.entities.members.Member;
import nl.strohalm.cyclos.exceptions.PermissionDeniedException;
import nl.strohalm.cyclos.services.BaseServiceSecurity;
import nl.strohalm.cyclos.services.loangroups.exceptions.MemberAlreadyInListException;
import nl.strohalm.cyclos.services.loangroups.exceptions.MemberNotInListException;
import nl.strohalm.cyclos.utils.access.LoggedUser;

import org.apache.commons.collections.CollectionUtils;

/**
 * Security implementation for {@link LoanGroupService}
 * 
 * @author jcomas
 */
public class LoanGroupServiceSecurity extends BaseServiceSecurity implements LoanGroupService {

    private LoanGroupServiceLocal loanGroupService;

    @Override
    public void addMember(final Member member, final LoanGroup loanGroup) throws MemberAlreadyInListException {
        permissionService.permission(member).admin(AdminMemberPermission.LOAN_GROUPS_MANAGE).check();
        loanGroupService.addMember(member, loanGroup);
    }

    @Override
    public LoanGroup load(final Long id, final Relationship... fetch) {
        permissionService.permission()
                .admin(AdminSystemPermission.LOAN_GROUPS_VIEW)
                .broker(BrokerPermission.LOAN_GROUPS_VIEW)
                .member()
                .check();
        LoanGroup loanGroup = loanGroupService.load(id, fetch);
        loanGroup = fetchService.fetch(loanGroup, LoanGroup.Relationships.MEMBERS);
        if (!CollectionUtils.isEmpty(loanGroup.getMembers())) {
            // At least the logged user needs to manage one of the members.
            boolean manages = false;
            for (Member m : loanGroup.getMembers()) {
                if (permissionService.manages(m)) {
                    manages = true;
                    break;
                }
            }
            if (!manages) {
                throw new PermissionDeniedException();
            }
        }

        return loanGroup;
    }

    @Override
    public int remove(final Long... ids) {
        permissionService.permission().admin(AdminSystemPermission.LOAN_GROUPS_MANAGE).check();
        return loanGroupService.remove(ids);
    }

    @Override
    public void removeMember(final Member member, final LoanGroup loanGroup) throws MemberNotInListException {
        permissionService.permission(member).admin(AdminMemberPermission.LOAN_GROUPS_MANAGE).check();
        loanGroupService.removeMember(member, loanGroup);
    }

    @Override
    public LoanGroup save(final LoanGroup loanGroup) {
        permissionService.permission().admin(AdminSystemPermission.LOAN_GROUPS_MANAGE).check();
        return loanGroupService.save(loanGroup);
    }

    @Override
    public List<LoanGroup> search(final LoanGroupQuery query) {
        if (!applyQueryRestrictions(query)) {
            return Collections.emptyList();
        }
        return loanGroupService.search(query);
    }

    public void setLoanGroupServiceLocal(final LoanGroupServiceLocal loanGroupService) {
        this.loanGroupService = loanGroupService;
    }

    @Override
    public void validate(final LoanGroup loanGroup) {
        // Nothing to check
        loanGroupService.validate(loanGroup);
    }

    private boolean applyQueryRestrictions(final LoanGroupQuery query) {
        if (!permissionService.permission()
                .admin(AdminSystemPermission.LOAN_GROUPS_VIEW, AdminMemberPermission.LOAN_GROUPS_VIEW)
                .broker(BrokerPermission.LOAN_GROUPS_VIEW)
                .member()
                .hasPermission()) {
            return false;
        }

        // Only administrators should use this flag in true.
        if (!LoggedUser.isAdministrator()) {
            query.setNotOfMember(false);
        }

        // Only administrators should use this attribute in null.
        if (query.getMember() == null && !LoggedUser.isAdministrator()) {
            return false;
        }

        // If there's a member, then it must be managed.
        if (query.getMember() != null && !permissionService.manages(query.getMember())) {
            return false;
        }

        return true;
    }

}