SakaiRoleCreationIntegrationPlugin.java

/**********************************************************************************
* $URL: https://source.sakaiproject.org/svn/osp/trunk/integration/api-impl/src/java/org/theospi/portfolio/admin/service/SakaiRoleCreationIntegrationPlugin.java $
* $Id: SakaiRoleCreationIntegrationPlugin.java 105079 2012-02-24 23:08:11Z ottenhoff@longsight.com $
***********************************************************************************
*
 * Copyright (c) 2006, 2008 The Sakai Foundation
 *
 * Licensed under the Educational Community License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *       http://www.opensource.org/licenses/ECL-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
*
**********************************************************************************/

package org.theospi.portfolio.admin.service;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.sakaiproject.authz.api.*;
import org.sakaiproject.authz.cover.AuthzGroupService;
import org.sakaiproject.metaobj.worksite.mgt.WorksiteManager;
import org.sakaiproject.site.api.Site;
import org.sakaiproject.site.cover.SiteService;
import org.theospi.portfolio.admin.model.IntegrationOption;
import org.theospi.portfolio.shared.model.OspException;

import java.util.HashSet;
import java.util.Iterator;
import java.util.List;

public class SakaiRoleCreationIntegrationPlugin extends IntegrationPluginBase {
   protected final transient Log logger = LogFactory.getLog(getClass());

   private WorksiteManager worksiteManager;

   protected boolean currentlyIncluded(IntegrationOption option) {
      RoleIntegrationOption roleOption = (RoleIntegrationOption)option;

      if (roleOption instanceof ExistingWorksitesRoleIntegrationOption) {
         return existingWorksitesHasRole(
            (ExistingWorksitesRoleIntegrationOption)roleOption);
      }

      AuthzGroup realm = null;
      try {
         realm = AuthzGroupService.getAuthzGroup(roleOption.getRealm());
      } catch (GroupNotDefinedException e) {
         logger.error("", e);
         throw new OspException(e);
      }

      Role role = realm.getRole(roleOption.getRoleId());
      return (role != null);
   }

   protected boolean existingWorksitesHasRole(ExistingWorksitesRoleIntegrationOption roleOption) {
      List sites = SiteService.getSites(org.sakaiproject.site.api.SiteService.SelectionType.ANY,
            null, null, null, org.sakaiproject.site.api.SiteService.SortType.NONE, null);

      for (Iterator i=sites.iterator();i.hasNext();) {
         Site site = (Site)i.next();
         if (site.isType(roleOption.getWorksiteType())) {
            if (!checkSite(site, roleOption)) {
               return false;
            }
         }
      }

      return true;
   }

   protected boolean checkSite(Site site, ExistingWorksitesRoleIntegrationOption roleOption) {
      AuthzGroup siteRealm = getWorksiteManager().getSiteRealm(site.getId());

      return (siteRealm.getRole(roleOption.getRoleId()) != null);
   }

   public IntegrationOption updateOption(IntegrationOption option) {
      RoleIntegrationOption roleOption = (RoleIntegrationOption)option;

      if (option.isInclude() && !currentlyIncluded(roleOption)) {
         addRole(roleOption);
      }
      else if (currentlyIncluded(roleOption)) {
         removeRole(roleOption);
      }

      return option;
   }

   public boolean executeOption(IntegrationOption option) {
      updateOption(option);
      return true;
   }

   protected void addRole(RoleIntegrationOption roleOption) {
      if (roleOption instanceof ExistingWorksitesRoleIntegrationOption) {
         addRoleToAllWorksites((ExistingWorksitesRoleIntegrationOption)roleOption);
         return;
      }

      AuthzGroup realm = null;
      try {
         realm = AuthzGroupService.getAuthzGroup(roleOption.getRealm());
      } catch (GroupNotDefinedException e) {
         logger.error("", e);
         throw new OspException(e);
      }

      addRole(realm, roleOption);
   }

   protected void addRoleToAllWorksites(ExistingWorksitesRoleIntegrationOption roleOption) {
      List sites = SiteService.getSites(org.sakaiproject.site.api.SiteService.SelectionType.ANY,
            null, null, null, org.sakaiproject.site.api.SiteService.SortType.NONE, null);

      for (Iterator i=sites.iterator();i.hasNext();) {
         Site site = (Site)i.next();
         if (site.isType(roleOption.getWorksiteType())) {
            AuthzGroup siteRealm = getWorksiteManager().getSiteRealm(site.getId());
            addRole(siteRealm, roleOption);
         }
      }
   }

   protected void addRole(AuthzGroup realm, RoleIntegrationOption roleOption) {
      AuthzGroup edit = null;
      Role copy = realm.getRole(roleOption.getCopyOf());

      try {
         edit = AuthzGroupService.getAuthzGroup(realm.getId());
         Role newRole = edit.addRole(roleOption.getRoleId(), copy);

         if (roleOption.getPermissionsOn() != null) {
            newRole.allowFunctions(new HashSet(roleOption.getPermissionsOn()));
         }

         if (roleOption.getPermissionsOff() != null) {
            newRole.disallowFunctions(new HashSet(roleOption.getPermissionsOff()));
         }

         AuthzGroupService.save(edit);
      } catch (GroupNotDefinedException e) {
         logger.error("", e);
         throw new OspException(e);
      } catch (AuthzPermissionException e) {
         logger.error("", e);
         throw new OspException(e);
      } catch (RoleAlreadyDefinedException e) {
         logger.error("", e);
         throw new OspException(e);
      }
   }

   protected void removeRole(RoleIntegrationOption roleOption) {
      if (roleOption instanceof ExistingWorksitesRoleIntegrationOption) {
         removeRoleFromAllWorksites((ExistingWorksitesRoleIntegrationOption)roleOption);
         return;
      }

      AuthzGroup realm = null;
      try {
         realm = AuthzGroupService.getAuthzGroup(roleOption.getRealm());
      } catch (GroupNotDefinedException e) {
         logger.error("", e);
         throw new OspException(e);
      }
      removeRole(realm, roleOption);
   }

   protected void removeRoleFromAllWorksites(ExistingWorksitesRoleIntegrationOption roleOption) {
      List sites = SiteService.getSites(org.sakaiproject.site.api.SiteService.SelectionType.ANY,
            null, null, null, org.sakaiproject.site.api.SiteService.SortType.NONE, null);

      for (Iterator i=sites.iterator();i.hasNext();) {
         Site site = (Site)i.next();
         if (site.isType(roleOption.getWorksiteType())) {
            AuthzGroup siteRealm = getWorksiteManager().getSiteRealm(site.getId());
            removeRole(siteRealm, roleOption);
         }
      }
   }

   protected void removeRole(AuthzGroup realm, RoleIntegrationOption roleOption) {
      AuthzGroup edit = null;
      Role remove = realm.getRole(roleOption.getRoleId());

      try {
         edit = AuthzGroupService.getAuthzGroup(realm.getId());
         edit.removeRole(remove.getDescription());
         AuthzGroupService.save(edit);
      } catch (GroupNotDefinedException e) {
         logger.error("", e);
         throw new OspException(e);
      } catch (AuthzPermissionException e) {
         logger.error("", e);
         throw new OspException(e);
      }
   }

   public WorksiteManager getWorksiteManager() {
      return worksiteManager;
   }

   public void setWorksiteManager(WorksiteManager worksiteManager) {
      this.worksiteManager = worksiteManager;
   }

}