FindUserFunction.java

/*
 * eXist Open Source Native XML Database
 * Copyright (C) 2015 The eXist Project
 * http://exist-db.org
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *  
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program; if not, write to the Free Software Foundation
 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 */
package org.exist.xquery.functions.securitymanager;

import java.util.Collections;
import java.util.List;
import org.exist.dom.QName;
import org.exist.security.SecurityManager;
import org.exist.security.Subject;
import org.exist.storage.DBBroker;
import org.exist.xquery.BasicFunction;
import org.exist.xquery.Cardinality;
import org.exist.xquery.FunctionSignature;
import org.exist.xquery.XPathException;
import org.exist.xquery.XQueryContext;
import org.exist.xquery.value.BooleanValue;
import org.exist.xquery.value.FunctionParameterSequenceType;
import org.exist.xquery.value.FunctionReturnSequenceType;
import org.exist.xquery.value.Sequence;
import org.exist.xquery.value.SequenceType;
import org.exist.xquery.value.StringValue;
import org.exist.xquery.value.Type;
import org.exist.xquery.value.ValueSequence;


/**
 *
 * @author Adam Retter <adam@existsolutions.com>
 */
public class FindUserFunction extends BasicFunction {

    private final static QName qnFindUsersByUsername = new QName("find-users-by-username", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private final static QName qnFindUsersByName = new QName("find-users-by-name", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private final static QName qnFindUsersByNamePart = new QName("find-users-by-name-part", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private final static QName qnListUsers = new QName("list-users", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    private final static QName qnUserExists = new QName("user-exists", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX);
    
    
    public final static FunctionSignature FNS_FIND_USERS_BY_USERNAME = new FunctionSignature(
        qnFindUsersByUsername,
        "Finds users whoose username starts with a matching string",
        new SequenceType[] {
            new FunctionParameterSequenceType("starts-with", Type.STRING, Cardinality.EXACTLY_ONE, "The starting string against which to match usernames")
        },
        new FunctionReturnSequenceType(Type.STRING, Cardinality.ZERO_OR_MORE, "The list of matching usernames")
    );
    public final static FunctionSignature FNS_FIND_USERS_BY_NAME = new FunctionSignature(
        qnFindUsersByName,
        "Finds users whoose personal name starts with a matching string",
        new SequenceType[] {
            new FunctionParameterSequenceType("starts-with", Type.STRING, Cardinality.EXACTLY_ONE, "The starting string against which to match a personal name")
        },
        new FunctionReturnSequenceType(Type.STRING, Cardinality.ZERO_OR_MORE, "The list of matching usernames")
    );
    
    public final static FunctionSignature FNS_FIND_USERS_BY_NAME_PART = new FunctionSignature(
        qnFindUsersByNamePart,
        "Finds users whoose first name or last name starts with a matching string",
        new SequenceType[] {
            new FunctionParameterSequenceType("starts-with", Type.STRING, Cardinality.EXACTLY_ONE, "The starting string against which to match a first or last name")
        },
        new FunctionReturnSequenceType(Type.STRING, Cardinality.ZERO_OR_MORE, "The list of matching usernames")
    );
    
    public final static FunctionSignature FNS_LIST_USERS = new FunctionSignature(
        qnListUsers,
        "List all users. You must be a DBA to enumerate all users, if you are not a DBA you will just get the username of the currently logged in user.",
        null,
        new FunctionReturnSequenceType(Type.STRING, Cardinality.ONE_OR_MORE, "The list of users.")
    );
    
    public final static FunctionSignature FNS_USER_EXISTS = new FunctionSignature(
        qnUserExists,
        "Determines whether a user exists.",
        new SequenceType[] {
            new FunctionParameterSequenceType("user", Type.STRING, Cardinality.EXACTLY_ONE, "The username to check for existence.")
        },
        new FunctionReturnSequenceType(Type.BOOLEAN, Cardinality.EXACTLY_ONE, "true if the user account exists, false otherwise.")
    );


    public FindUserFunction(XQueryContext context, FunctionSignature signature) {
        super(context, signature);
    }

    @Override
    public Sequence eval(Sequence[] args, Sequence contextSequence) throws XPathException {

        final DBBroker broker = getContext().getBroker();
        final Subject currentUser = broker.getCurrentSubject();

        final SecurityManager securityManager = broker.getBrokerPool().getSecurityManager();
        
        final Sequence result;
        
        if(isCalledAs(qnListUsers.getLocalPart())) {
            result = new ValueSequence();
            if(currentUser.getName().equals(SecurityManager.GUEST_USER)) {
                result.add(new StringValue(SecurityManager.GUEST_USER));
            } else {
                addUserNamesToSequence(securityManager.findAllUserNames(), result);
            }
        } else {
        
            if(currentUser.getName().equals(SecurityManager.GUEST_USER)) {
                throw new XPathException("You must be an authenticated user");
            }
            
            if(isCalledAs(qnUserExists.getLocalPart())) {
                 final String username = args[0].getStringValue();
                 result = BooleanValue.valueOf(securityManager.hasAccount(username));
            } else {
                result = new ValueSequence();
                final String startsWith = args[0].getStringValue();

                final List<String> usernames;
                if(isCalledAs(qnFindUsersByUsername.getLocalPart())) {
                    usernames = securityManager.findUsernamesWhereUsernameStarts(startsWith);
                } else if(isCalledAs(qnFindUsersByName.getLocalPart())) {
                    usernames = securityManager.findUsernamesWhereNameStarts(startsWith);
                } else if(isCalledAs(qnFindUsersByNamePart.getLocalPart())) {
                    usernames = securityManager.findUsernamesWhereNamePartStarts(startsWith);
                } else {
                    throw new XPathException("Unknown function");
                }

                addUserNamesToSequence(usernames, result);
            }
        }
        
        return result;
    }
    
    private void addUserNamesToSequence(final List<String> userNames, final Sequence sequence) throws XPathException {
        //order a-z
        Collections.sort(userNames);

        for(final String userName : userNames) {
            sequence.add(new StringValue(userName));
        }
    }
}