SecuredValueTable.java

/*
 * Copyright (c) 2017 OBiBa. All rights reserved.
 *
 * This program and the accompanying materials
 * are made available under the terms of the GNU Public License v3.0.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

package org.obiba.magma.security;

import javax.validation.constraints.NotNull;

import org.obiba.magma.Datasource;
import org.obiba.magma.NoSuchVariableException;
import org.obiba.magma.ValueTable;
import org.obiba.magma.Variable;
import org.obiba.magma.security.permissions.Permissions;
import org.obiba.magma.security.permissions.Permissions.ValueTablePermissionBuilder;
import org.obiba.magma.support.AbstractValueTableWrapper;

import com.google.common.base.Predicate;
import com.google.common.collect.Iterables;

public class SecuredValueTable extends AbstractValueTableWrapper {

  private final Authorizer authz;

  private final SecuredDatasource securedDatasource;

  private final ValueTable table;

  public SecuredValueTable(Authorizer authorizer, SecuredDatasource securedDatasource, ValueTable table) {
    if(authorizer == null) throw new IllegalArgumentException("authorizer cannot be null");
    if(securedDatasource == null) throw new IllegalArgumentException("securedDatasource cannot be null");
    if(table == null) throw new IllegalArgumentException("table cannot be null");
    authz = authorizer;
    this.securedDatasource = securedDatasource;
    this.table = table;
  }

  @NotNull
  @Override
  public Datasource getDatasource() {
    return securedDatasource;
  }

  @Override
  public Variable getVariable(String name) throws NoSuchVariableException {
    Variable v = super.getVariable(name);
    if(isReadable(v)) {
      return v;
    }
    throw new NoSuchVariableException(table.getName(), name);
  }

  @Override
  public boolean hasVariable(String name) {
    return super.hasVariable(name) && isReadable(name);

  }

  @Override
  public Iterable<Variable> getVariables() {
    return Iterables.filter(super.getVariables(), new Predicate<Variable>() {

      @Override
      public boolean apply(Variable input) {
        return isReadable(input);
      }

    });
  }

  @Override
  public ValueTable getWrappedValueTable() {
    return table;
  }

  private boolean isReadable(String name) {
    return authz.isPermitted(builder().variable(name).read().build());
  }

  private boolean isReadable(Variable variable) {
    return isReadable(variable.getName());
  }

  private ValueTablePermissionBuilder builder() {
    return Permissions.ValueTablePermissionBuilder.forValueTable(table);
  }

}