/*******************************************************************************
*Copyright (c) 2009 Eucalyptus Systems, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, only version 3 of the License.
*
*
* This file is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Please contact Eucalyptus Systems, Inc., 130 Castilian
* Dr., Goleta, CA 93101 USA or visit <http://www.eucalyptus.com/licenses/>
* if you need additional information or have any questions.
*
* This file may incorporate work covered under the following copyright and
* permission notice:
*
* Software License Agreement (BSD License)
*
* Copyright (c) 2008, Regents of the University of California
* All rights reserved.
*
* Redistribution and use of this software in source and binary forms, with
* or without modification, are permitted provided that the following
* conditions are met:
*
* Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
* OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. USERS OF
* THIS SOFTWARE ACKNOWLEDGE THE POSSIBLE PRESENCE OF OTHER OPEN SOURCE
* LICENSED MATERIAL, COPYRIGHTED MATERIAL OR PATENTED MATERIAL IN THIS
* SOFTWARE, AND IF ANY SUCH MATERIAL IS DISCOVERED THE PARTY DISCOVERING
* IT MAY INFORM DR. RICH WOLSKI AT THE UNIVERSITY OF CALIFORNIA, SANTA
* BARBARA WHO WILL THEN ASCERTAIN THE MOST APPROPRIATE REMEDY, WHICH IN
* THE REGENTS’ DISCRETION MAY INCLUDE, WITHOUT LIMITATION, REPLACEMENT
* OF THE CODE SO IDENTIFIED, LICENSING OF THE CODE SO IDENTIFIED, OR
* WITHDRAWAL OF THE CODE CAPABILITY TO THE EXTENT NEEDED TO COMPLY WITH
* ANY SUCH LICENSES OR RIGHTS.
*******************************************************************************/
/*
*
* Author: Sunil Soman sunils@cs.ucsb.edu
*/
package edu.ucsb.eucalyptus.cloud.entities;
import edu.ucsb.eucalyptus.msgs.AccessControlListType;
import edu.ucsb.eucalyptus.msgs.Grant;
import edu.ucsb.eucalyptus.msgs.Grantee;
import org.hibernate.annotations.Cache;
import org.hibernate.annotations.CacheConcurrencyStrategy;
import edu.ucsb.eucalyptus.util.UserManagement;
import javax.persistence.*;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.List;
import org.apache.log4j.Logger;
import com.eucalyptus.auth.NoSuchUserException;
import com.eucalyptus.auth.Users;
@Entity
@PersistenceContext(name="eucalyptus_walrus")
@Table( name = "Grants" )
@Cache( usage = CacheConcurrencyStrategy.READ_WRITE )
public class GrantInfo {
@Id
@GeneratedValue
@Column( name = "grant_id" )
private Long id = -1l;
@Column(name="user_id")
private String userId;
@Column(name="grantGroup")
private String grantGroup;
@Column(name="allow_read")
private Boolean canRead;
@Column(name="allow_write")
private Boolean canWrite;
@Column(name="allow_read_acp")
private Boolean canReadACP;
@Column(name="allow_write_acp")
private Boolean canWriteACP;
private static Logger LOG = Logger.getLogger( ObjectInfo.class );
public GrantInfo(){
canRead = canWrite = canReadACP = canWriteACP = false;
}
public Long getId()
{
return this.id;
}
public boolean canRead() {
return canRead;
}
public void setCanRead(Boolean canRead) {
this.canRead = canRead;
}
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public String getGrantGroup() {
return grantGroup;
}
public void setGrantGroup(String grantGroup) {
this.grantGroup = grantGroup;
}
public boolean canWrite() {
return canWrite;
}
public void setCanWrite(Boolean canWrite) {
this.canWrite = canWrite;
}
public boolean canReadACP() {
return canReadACP;
}
public void setCanReadACP(Boolean canReadACP) {
this.canReadACP = canReadACP;
}
public boolean isWriteACP() {
return canWriteACP;
}
public void setCanWriteACP(Boolean writeACP) {
this.canWriteACP = writeACP;
}
public void setFullControl() {
canRead = canWrite = canReadACP = canWriteACP = true;
}
public static void addGrants(String ownerId, List<GrantInfo>grantInfos, AccessControlListType accessControlList) {
ArrayList<Grant> grants = accessControlList.getGrants();
if (grants.size() > 0) {
for (Grant grant: grants) {
String permission = grant.getPermission();
if(permission.equals("private")) {
setFullControl(ownerId, grantInfos);
continue;
}
GrantInfo grantInfo = new GrantInfo();
Grantee grantee = grant.getGrantee();
if(grantee.getCanonicalUser() != null) {
String displayName = grantee.getCanonicalUser().getDisplayName();
if(displayName == null || displayName.length() == 0) {
String id = grantee.getCanonicalUser().getID();
if(id == null || id.length() == 0)
continue;
try {
displayName = Users.lookupQueryId(id).getName();
} catch ( NoSuchUserException e ) {
LOG.warn(e,e);
}
if(displayName == null)
continue;
}
grantInfo.setUserId(displayName);
} else {
grantInfo.setGrantGroup(grantee.getGroup().getUri());
}
if (permission.equals("FULL_CONTROL")) {
grantInfo.setFullControl();
} else if (permission.equals("READ")) {
grantInfo.setCanRead(true);
} else if (permission.equals("WRITE")) {
grantInfo.setCanWrite(true);
} else if (permission.equals("READ_ACP")) {
grantInfo.setCanReadACP(true);
} else if (permission.equals("WRITE_ACP")) {
grantInfo.setCanWriteACP(true);
}
grantInfos.add(grantInfo);
}
} else {
setFullControl(ownerId, grantInfos);
}
}
public static void setFullControl(String userId, List<GrantInfo> grantInfos) {
GrantInfo grantInfo = new GrantInfo();
grantInfo.setUserId(userId);
grantInfo.setFullControl();
grantInfos.add(grantInfo);
}
public void setPermission(String permission) {
if("FULL_CONTROL".equals(permission)) {
setFullControl();
} else if("READ".equals(permission)) {
setCanRead(true);
} else if("WRITE".equals(permission)) {
setCanWrite(true);
} else if("READ_ACP".equals(permission)) {
setCanReadACP(true);
} else if("WRITE_ACP".equals(permission)) {
setCanWriteACP(true);
}
}
}