MidPointPrincipal.java

/*
 * Copyright (c) 2010-2016 Evolveum
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.evolveum.midpoint.security.api;

import java.util.ArrayList;
import java.util.Collection;

import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;

import org.apache.commons.lang.Validate;
import org.jetbrains.annotations.NotNull;
import org.springframework.security.core.userdetails.UserDetails;

import com.evolveum.midpoint.util.DebugDumpable;
import com.evolveum.midpoint.util.DebugUtil;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AdminGuiConfigurationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.evolveum.prism.xml.ns._public.types_3.PolyStringType;

/**
 * @author semancik
 *
 */
public class MidPointPrincipal implements UserDetails,  DebugDumpable {
	
	private static final long serialVersionUID = 8299738301872077768L;
    @NotNull private final UserType user;
    private Collection<Authorization> authorizations = new ArrayList<>();
    private ActivationStatusType effectiveActivationStatus;
    private AdminGuiConfigurationType adminGuiConfiguration;
    private SecurityPolicyType applicableSecurityPolicy;
    // TODO: or a set?
    @NotNull private final Collection<DelegatorWithOtherPrivilegesLimitations> delegatorWithOtherPrivilegesLimitationsCollection = new ArrayList<>();

    public MidPointPrincipal(@NotNull UserType user) {
        Validate.notNull(user, "User must not be null.");
        this.user = user;
    }

	/* (non-Javadoc)
	 * @see org.springframework.security.core.userdetails.UserDetails#getAuthorities()
	 */
	@Override
	public Collection<Authorization> getAuthorities() {
		return authorizations;
	}

	/* (non-Javadoc)
	 * @see org.springframework.security.core.userdetails.UserDetails#getPassword()
	 */
	@Override
	public String getPassword() {
		// We won't return password
		return null;
	}

	/* (non-Javadoc)
	 * @see org.springframework.security.core.userdetails.UserDetails#getUsername()
	 */
	@Override
	public String getUsername() {
		return getUser().getName().getOrig();
	}

	/* (non-Javadoc)
	 * @see org.springframework.security.core.userdetails.UserDetails#isAccountNonExpired()
	 */
	@Override
	public boolean isAccountNonExpired() {
		// TODO
		return true;
	}

	/* (non-Javadoc)
	 * @see org.springframework.security.core.userdetails.UserDetails#isAccountNonLocked()
	 */
	@Override
	public boolean isAccountNonLocked() {
		// TODO
		return true;
	}

	/* (non-Javadoc)
	 * @see org.springframework.security.core.userdetails.UserDetails#isCredentialsNonExpired()
	 */
	@Override
	public boolean isCredentialsNonExpired() {
		// TODO
		return true;
	}

	/* (non-Javadoc)
	 * @see org.springframework.security.core.userdetails.UserDetails#isEnabled()
	 */
	@Override
	public boolean isEnabled() {
        if (effectiveActivationStatus == null) {
        	ActivationType activation = user.getActivation();
            if (activation == null) {
            	effectiveActivationStatus = ActivationStatusType.ENABLED;
            } else {
            	effectiveActivationStatus = activation.getEffectiveStatus();
	            if (effectiveActivationStatus == null) {
	            	throw new IllegalArgumentException("Null effective activation status in "+user);
	            }
            }
        }
		return effectiveActivationStatus == ActivationStatusType.ENABLED;
	}

	@NotNull
	public UserType getUser() {
        return user;
    }

    public PolyStringType getName() {
        return getUser().getName();
    }

    public String getFamilyName() {
        PolyStringType string = getUser().getFamilyName();
        return string != null ? string.getOrig() : null;
    }

    public String getFullName() {
        PolyStringType string = getUser().getFullName();
        return string != null ? string.getOrig() : null;
    }

    public String getGivenName() {
        PolyStringType string = getUser().getGivenName();
        return string != null ? string.getOrig() : null;
    }

    public String getOid() {
        return getUser().getOid();
    }

	public AdminGuiConfigurationType getAdminGuiConfiguration() {
		return adminGuiConfiguration;
	}

	public void setAdminGuiConfiguration(AdminGuiConfigurationType adminGuiConfiguration) {
		this.adminGuiConfiguration = adminGuiConfiguration;
	}

	public SecurityPolicyType getApplicableSecurityPolicy() {
		return applicableSecurityPolicy;
	}

	public void setApplicableSecurityPolicy(SecurityPolicyType applicableSecurityPolicy) {
		this.applicableSecurityPolicy = applicableSecurityPolicy;
	}

	@NotNull
	public Collection<DelegatorWithOtherPrivilegesLimitations> getDelegatorWithOtherPrivilegesLimitationsCollection() {
		return delegatorWithOtherPrivilegesLimitationsCollection;
	}

	public void addDelegatorWithOtherPrivilegesLimitations(DelegatorWithOtherPrivilegesLimitations value) {
		delegatorWithOtherPrivilegesLimitationsCollection.add(value);
	}

	/**
	 * Semi-shallow clone.
	 */
	public MidPointPrincipal clone() {
		MidPointPrincipal clone = new MidPointPrincipal(this.user);
		clone.adminGuiConfiguration = this.adminGuiConfiguration;
		clone.applicableSecurityPolicy = this.applicableSecurityPolicy;
		clone.authorizations = cloneAuthorities();
		clone.effectiveActivationStatus = this.effectiveActivationStatus;
		clone.delegatorWithOtherPrivilegesLimitationsCollection.addAll(delegatorWithOtherPrivilegesLimitationsCollection);
		return clone;
	}

	private Collection<Authorization> cloneAuthorities() {
		Collection<Authorization> clone = new ArrayList<>(authorizations.size());
		clone.addAll(authorizations);
		return clone;
	}

	/* (non-Javadoc)
	 * @see com.evolveum.midpoint.util.DebugDumpable#debugDump()
	 */
	@Override
	public String debugDump() {
		return debugDump(0);
	}

	/* (non-Javadoc)
	 * @see com.evolveum.midpoint.util.DebugDumpable#debugDump(int)
	 */
	@Override
	public String debugDump(int indent) {
		StringBuilder sb = new StringBuilder();
		DebugUtil.debugDumpLabelLn(sb, "MidPointPrincipal", indent);
		DebugUtil.debugDumpWithLabelLn(sb, "User", user.asPrismObject(), indent + 1);
		DebugUtil.debugDumpWithLabelLn(sb, "Authorizations", authorizations, indent + 1);
		DebugUtil.debugDumpWithLabel(sb, "Delegators with other privilege limitations", delegatorWithOtherPrivilegesLimitationsCollection, indent + 1);
		return sb.toString();
	}

	@Override
	public String toString() {
		return "MidPointPrincipal(" + user + ", autz=" + authorizations + ")";
	}

    public ObjectReferenceType toObjectReference() {
        if (user.getOid() == null) {
            return null;
        }
        ObjectReferenceType rv = new ObjectReferenceType();
        rv.setType(UserType.COMPLEX_TYPE);
        rv.setOid(user.getOid());
        return rv;
    }
}