/**
* License Agreement for OpenSearchServer
*
* Copyright (C) 2012-2014 Emmanuel Keller / Jaeksoft
*
* http://www.open-search-server.com
*
* This file is part of OpenSearchServer.
*
* OpenSearchServer is free software: you can redistribute it and/or
* modify it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* OpenSearchServer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with OpenSearchServer.
* If not, see <http://www.gnu.org/licenses/>.
**/
package com.jaeksoft.searchlib.filter;
import java.io.IOException;
import java.util.Collection;
import org.apache.commons.lang3.StringUtils;
import org.apache.lucene.analysis.Analyzer;
import org.apache.lucene.index.Term;
import org.apache.lucene.search.BooleanClause.Occur;
import org.apache.lucene.search.BooleanQuery;
import org.apache.lucene.search.Query;
import org.apache.lucene.search.TermQuery;
import org.xml.sax.SAXException;
import com.jaeksoft.searchlib.SearchLibException;
import com.jaeksoft.searchlib.authentication.AuthManager;
import com.jaeksoft.searchlib.query.ParseException;
import com.jaeksoft.searchlib.request.AbstractLocalSearchRequest;
import com.jaeksoft.searchlib.request.AbstractSearchRequest;
import com.jaeksoft.searchlib.schema.SchemaField;
import com.jaeksoft.searchlib.util.Timer;
import com.jaeksoft.searchlib.util.XmlWriter;
import com.jaeksoft.searchlib.web.ServletTransaction;
import com.jaeksoft.searchlib.webservice.query.search.SearchQueryAbstract.OperatorEnum;
public class AuthFilter extends FilterAbstract<AuthFilter> {
private transient Query query;
public AuthFilter() {
super(null, Source.REQUEST, false, null);
}
@Override
final public String getDescription() {
return "Auth filter";
}
@Override
public void writeXmlConfig(XmlWriter xmlWriter) throws SAXException {
}
@Override
final public String getCacheKey(SchemaField defaultField,
Analyzer analyzer, AbstractLocalSearchRequest request)
throws ParseException {
StringBuilder sb = new StringBuilder(getDescription());
sb.append(" - ");
if (request == null)
return sb.toString();
Collection<String> users = request.getUsers();
if (users != null) {
for (String user : users) {
sb.append(user);
sb.append('|');
}
}
sb.append(" - ");
Collection<String> groups = request.getGroups();
if (groups != null) {
for (String group : groups) {
sb.append(group);
sb.append('|');
}
}
return sb.toString();
}
private Query getQuery(AbstractSearchRequest request, AuthManager auth)
throws ParseException, IOException {
if (query != null)
return query;
Collection<String> users = request.getUsers();
Collection<String> groups = request.getGroups();
BooleanQuery booleanQuery = new BooleanQuery(true);
String field;
if (users != null) {
field = auth.getUserAllowField();
if (!StringUtils.isEmpty(field))
for (String user : users)
booleanQuery.add(new TermQuery(new Term(field, user)),
Occur.SHOULD);
field = auth.getUserDenyField();
if (!StringUtils.isEmpty(field))
for (String user : users)
booleanQuery.add(new TermQuery(new Term(field, user)),
Occur.MUST_NOT);
}
if (groups != null) {
field = auth.getGroupAllowField();
if (!StringUtils.isEmpty(field))
for (String group : groups)
booleanQuery.add(new TermQuery(new Term(field, group)),
Occur.SHOULD);
field = auth.getGroupDenyField();
if (!StringUtils.isEmpty(field))
for (String group : groups)
booleanQuery.add(new TermQuery(new Term(field, group)),
Occur.MUST_NOT);
}
// Logging.info("SECURE QUERY: " + booleanQuery.toString());
query = booleanQuery;
return query;
}
@Override
public FilterHits getFilterHits(SchemaField defaultField,
Analyzer analyzer, AbstractLocalSearchRequest request, Timer timer)
throws ParseException, IOException, SearchLibException {
AuthManager auth = request.getConfig().getAuthManager();
Query query = getQuery(request, auth);
return new FilterHits(
getResult(request.getConfig(), query, null, timer),
isNegative(), timer);
}
@Override
public AuthFilter duplicate() {
return new AuthFilter();
}
@Override
public void copyTo(FilterAbstract<?> selectedItem) {
if (!(selectedItem instanceof AuthFilter))
throw new RuntimeException("Wrong filter type "
+ selectedItem.getClass().getName());
super.copyTo(selectedItem);
AuthFilter copyTo = (AuthFilter) selectedItem;
copyTo.query = null;
}
@Override
final public void setFromServlet(final ServletTransaction transaction,
final String prefix) {
}
@Override
final public void setParam(final String params) throws SearchLibException {
}
@Override
public void reset() {
query = null;
}
@Override
public OperatorEnum getOperator(OperatorEnum defaultOperator) {
// Always returns AND
return OperatorEnum.AND;
}
}