AuthorizationService.java example

Explorer
MavenOneCMDB-master
/*
 * Lokomo OneCMDB - An Open Source Software for Configuration
 * Management of Datacenter Resources
 *
 * Copyright (C) 2006 Lokomo Systems AB
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or (at
 * your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301 USA.
 * 
 * Lokomo Systems AB can be contacted via e-mail: info@lokomo.com or via
 * paper mail: Lokomo Systems AB, Sv�rdv�gen 27, SE-182 33
 * Danderyd, Sweden.
 *
 */
package org.onecmdb.core.internal.authorization;

import java.util.ArrayList;
import java.util.List;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.onecmdb.core.IAttribute;
import org.onecmdb.core.IAuthorizationService;
import org.onecmdb.core.ICi;
import org.onecmdb.core.IModelService;
import org.onecmdb.core.ISession;
import org.onecmdb.core.IValue;
import org.onecmdb.core.internal.SchemaService;
import org.onecmdb.core.internal.model.QueryCriteria;
import org.onecmdb.core.internal.model.QueryResult;
import org.onecmdb.core.internal.session.Session;
import org.onecmdb.core.utils.ClassInjector;
import org.onecmdb.core.utils.graph.expression.ItemExpression;

public class AuthorizationService extends SchemaService implements IAuthorizationService {
	private String rootGroup;
	
	private boolean initilized = false;
	
	private Log log = LogFactory.getLog(this.getClass());
	
	public String getRootGroup() {
		return rootGroup;
	}

	public void setRootGroup(String rootGroup) {
		this.rootGroup = rootGroup;
	}

	public ICi getGroup(String group) {
		ItemExpression selector = new ItemExpression();
		selector.setAlias(group);
		
		return(null);
	}

	public void validateCreatePermission(ISession session, ICi ci) {
		if (!initilized) {
			return;
		}
	}

	public void validateDeletePermission(ISession session, ICi ci) {
		if (!initilized) {
			return;
		}
	}

	public void validateWritePermission(ISession session, ICi ci) {
		if (!initilized) {
			return;
		}
	}

	public void close() {
		// TODO Auto-generated method stub
	}

	public void init() {
		// TODO Auto-generated method stub
		super.setupSchema();
	
		// Update all objects to belong to the root group...
		
	}
	
	/**
	 * Get all group id's where the session has read priviliges in.
	 */
	public List<Long> getReadConstraints(ISession session) {
		return null;
	}

	/**
	 * If session has access to all groups then there is
	 * no constraints for the read operation...
	 */
	public boolean hasReadConstraints(ISession session) {
		return false;
	}

	public void setupAuthorization(ISession session) {
	}

	public RBACSession setupRBAC(Session session, List<String> roleNames) {
    	RBACSession rbac = new RBACSession();
    	List<Role> roles = new ArrayList<Role>();
    	
    	// Map this role to Role-->Permisions-->SecurityGroup
    	for (String roleName : roleNames) {
    		IModelService service = (IModelService) session.getService(IModelService.class);
    		QueryCriteria crit = new QueryCriteria();
    		crit.setOffspringOfAlias("CMDBRole");
    		crit.setText(roleName);
    		crit.setTextMatchValue(true);
    		crit.setMatchAttributeAlias("name");
    		QueryResult result = service.query(crit);
    		if (result.size() == 0) {
    			log.info("<" + session.getUsername() + "> role name <" + roleName + "> is not found!");
    		} else if (result.size() > 1) {
    			log.warn("<" + session.getUsername() + "> role name <" + roleName + "> is found more than once [" + result.size() + "]");
    		} else {
    			ICi role = (ICi) result.get(0);
    			roles.add(populateRBAC(roleName, role));
    		}
    	}
    	rbac.setRoles(roles);
    	return(rbac);
	}
	/**
	 * Populate OneCMDb RBAC objects.
	 * 
	 * Role -> Permission[] --> SecurityGroup
	 * 
	 * @param role
	 */
	private Role populateRBAC(String name, ICi role) {
		Role r = new Role();
		r.setName(name);

		if (role == null) {
			return(r);		
		}
		ClassInjector converter = new ClassInjector();
		converter.addAliasToClass("CMDBRole", Role.class.getName());
		converter.addAliasToClass("CMDBSecurityGroupPermission", GroupPermission.class.getName());
		converter.addAliasToClass("CMDBSecurityGroup", SecurityGroup.class.getName());

		r = (Role) converter.toBeanObject(role);

		return(r);
		/*
			// Fetch permissions.
	    	List<GroupPermission> permList = new ArrayList<GroupPermission>();

			List<IAttribute> permissions = role.getAttributesWithAlias("permission");
			for (IAttribute perm : permissions) {
				IValue permission = perm.getValue();
				if ((permission != null) && (permission instanceof ICi)) {
					ICi permCI = (ICi)permission;
					GroupPermission gp = new GroupPermission();
					// Find security groups.
					List<IAttribute> sGroups = ((ICi)permission).getAttributesWithAlias("group");
					for (IAttribute groupAttr : sGroups) {
						IValue group = groupAttr.getValue();
						// Need to follow the heiraricy of servers.

					}
				}
			}
		 */

	}
}