/**
* This file is part of Graylog.
*
* Graylog is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Graylog is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Graylog. If not, see <http://www.gnu.org/licenses/>.
*/
package org.graylog2.shared.security;
import com.google.common.base.Splitter;
import com.google.common.collect.ArrayListMultimap;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.ListMultimap;
import org.graylog2.plugin.security.Permission;
import org.graylog2.plugin.security.PluginPermissions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.inject.Inject;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import static com.google.common.base.Strings.isNullOrEmpty;
public class Permissions {
private static final Logger LOG = LoggerFactory.getLogger(Permissions.class);
private final Set<String> allPermissions;
private final Set<String> readerBasePermissions;
private final Map<String, Collection<String>> allPermissionsMap;
@Inject
public Permissions(final Set<PluginPermissions> pluginPermissions) {
this.allPermissions = buildPermissions(pluginPermissions, PluginPermissions::permissions);
this.readerBasePermissions = buildPermissions(pluginPermissions, PluginPermissions::readerBasePermissions);
this.allPermissionsMap = buildPermissionsMap(allPermissions);
}
public Set<String> allPermissions() {
return allPermissions;
}
public Map<String, Collection<String>> allPermissionsMap() {
return allPermissionsMap;
}
public Set<String> readerBasePermissions() {
return readerBasePermissions;
}
public Set<String> readerPermissions(String username) {
final ImmutableSet.Builder<String> perms = ImmutableSet.<String>builder().addAll(readerBasePermissions);
if (isNullOrEmpty(username)) {
LOG.error("Username cannot be empty or null for creating reader permissions");
throw new IllegalArgumentException("Username was null or empty when getting reader permissions.");
}
perms.addAll(userSelfEditPermissions(username));
return perms.build();
}
public Set<String> userSelfEditPermissions(String username) {
ImmutableSet.Builder<String> perms = ImmutableSet.builder();
perms.add(perInstance(RestPermissions.USERS_EDIT, username));
perms.add(perInstance(RestPermissions.USERS_PASSWORDCHANGE, username));
return perms.build();
}
private String perInstance(String permission, String instance) {
// TODO check for existing instance etc (use DomainPermission subclass)
return permission + ":" + instance;
}
private interface PermissionListCallback {
Set<Permission> permissions(PluginPermissions permissions);
}
private static Set<String> buildPermissions(Set<PluginPermissions> pluginPermissions, PermissionListCallback callback) {
final Set<String> permissionSet = new HashSet<>();
for (PluginPermissions pluginPermission : pluginPermissions) {
for (Permission permission : callback.permissions(pluginPermission)) {
if (!permissionSet.contains(permission.permission())) {
permissionSet.add(permission.permission());
} else {
LOG.error("Error adding permissions for plugin: {}", pluginPermission.getClass().getCanonicalName());
throw new IllegalArgumentException("Duplicate permission found. Permission \"" + permission.toString() + "\" already exists!");
}
}
}
return ImmutableSet.copyOf(permissionSet);
}
private Map<String, Collection<String>> buildPermissionsMap(Set<String> permissions) {
final ListMultimap<String, String> all = ArrayListMultimap.create();
for (String permission : permissions) {
final Iterator<String> split = Splitter.on(':').limit(2).split(permission).iterator();
final String group = split.next();
final String action = split.next();
all.put(group, action);
}
// Create an immutable copy of the map and the collections inside it.
return ImmutableMap.copyOf(all.asMap().entrySet()
.stream()
.collect(Collectors.toMap(
Map.Entry::getKey,
e -> ImmutableSet.copyOf(e.getValue()))));
}
}