/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.uberfire.ext.security.management.service;
import java.util.Collection;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.jboss.errai.bus.server.annotations.Service;
import org.jboss.errai.security.shared.api.Group;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.uberfire.ext.security.management.BackendUserSystemManager;
import org.uberfire.ext.security.management.api.GroupManager;
import org.uberfire.ext.security.management.api.GroupManagerSettings;
import org.uberfire.ext.security.management.api.exception.NoImplementationAvailableException;
import org.uberfire.ext.security.management.api.exception.SecurityManagementException;
import org.uberfire.ext.security.management.api.service.GroupManagerService;
import org.uberfire.ext.security.management.util.SecurityManagementUtils;
/**
* <p>The UberFire service implementation for GroupsManager API.</p>
*/
@Service
@ApplicationScoped
public class GroupManagerServiceImpl implements GroupManagerService {
private static final Logger LOG = LoggerFactory.getLogger(GroupManagerServiceImpl.class);
@Inject
private BackendUserSystemManager userSystemManager;
private GroupManager service;
@PostConstruct
public void init() {
service = userSystemManager.groups();
}
private GroupManager getService() throws SecurityManagementException {
if (service == null) {
throw new NoImplementationAvailableException();
}
return service;
}
@Override
public SearchResponse<Group> search(SearchRequest request) throws SecurityManagementException {
final GroupManager serviceImpl = getService();
if (request.getPage() == 0) {
throw new IllegalArgumentException("First page must be 1.");
}
// Constraint registered UF roles as not allowed for searching.
final Set<String> registeredRoleNames = SecurityManagementUtils.getRegisteredRoleNames();
if (request.getConstrainedIdentifiers() == null) {
request.setConstrainedIdentifiers(registeredRoleNames);
} else {
request.getConstrainedIdentifiers().addAll(registeredRoleNames);
}
// Delegate the search to the specific provider.
return serviceImpl.search(request);
}
@Override
public Group get(String identifier) throws SecurityManagementException {
final GroupManager serviceImpl = getService();
return serviceImpl.get(identifier);
}
@Override
public Group create(Group group) throws SecurityManagementException {
final String name = group.getName();
if (isConstrained(name)) {
throw new IllegalArgumentException("Group with name '" + name + "' cannot be created, " +
"as it is a constrained value (it is a role or the admin group");
}
final GroupManager serviceImpl = getService();
return serviceImpl.create(group);
}
@Override
public Group update(Group group) throws SecurityManagementException {
final String name = group.getName();
if (isConstrained(name)) {
throw new IllegalArgumentException("Group with name '" + name + "' cannot be updated, " +
"as it is a constrained value (it is a role or the admin group");
}
final GroupManager serviceImpl = getService();
return serviceImpl.update(group);
}
@Override
public void delete(String... identifiers) throws SecurityManagementException {
for (final String name : identifiers) {
if (isConstrained(name)) {
throw new IllegalArgumentException("Group with name '" + name + "' cannot be deleted, " +
"as it is a constrained value (it is a role or the admin group");
}
}
final GroupManager serviceImpl = getService();
serviceImpl.delete(identifiers);
}
@Override
public GroupManagerSettings getSettings() {
final GroupManager serviceImpl = getService();
final GroupManagerSettings settings = serviceImpl.getSettings();
if (null != settings) {
settings.setConstrainedGroups(SecurityManagementUtils.getRegisteredRoleNames());
}
return settings;
}
@Override
public void assignUsers(String name,
Collection<String> users) throws SecurityManagementException {
final GroupManager serviceImpl = getService();
serviceImpl.assignUsers(name,
users);
}
protected boolean isConstrained(final String name) {
return SecurityManagementUtils.getRegisteredRoleNames().contains(name);
}
}