MondrianAbstractPlatformUserRoleMapper.java

/*
 * This program is free software; you can redistribute it and/or modify it under the 
 * terms of the GNU Lesser General Public License, version 2.1 as published by the Free Software 
 * Foundation.
 *
 * You should have received a copy of the GNU Lesser General Public License along with this 
 * program; if not, you can obtain a copy at http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html 
 * or from the Free Software Foundation, Inc., 
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; 
 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 * See the GNU Lesser General Public License for more details.
 *
 * Copyright 2005 - 2009 Pentaho Corporation.  All rights reserved.
 *
 *
 * Created December 12, 2009
 * @author Marc Batchelor
 */
package org.pentaho.platform.plugin.action.mondrian.mapper;

import java.util.Arrays;

import org.pentaho.platform.api.engine.IConnectionUserRoleMapper;
import org.pentaho.platform.api.engine.IPentahoSession;
import org.pentaho.platform.api.engine.PentahoAccessControlException;
import org.pentaho.platform.engine.core.system.PentahoSystem;
import org.pentaho.platform.engine.security.SecurityHelper;
import org.pentaho.platform.plugin.action.mondrian.catalog.IMondrianCatalogService;
import org.pentaho.platform.plugin.action.mondrian.catalog.MondrianCatalog;
import org.pentaho.platform.plugin.action.mondrian.catalog.MondrianCatalogHelper;
import org.pentaho.platform.plugin.action.mondrian.catalog.MondrianSchema;
import org.springframework.security.Authentication;
import org.springframework.security.GrantedAuthority;

/**
 * @author mbatchelor
 *
 */
public abstract class MondrianAbstractPlatformUserRoleMapper implements IConnectionUserRoleMapper {

  public MondrianAbstractPlatformUserRoleMapper() {
    
  }
  
  /**
   * Subclasses simply need to implement this one method to do the specific
   * mapping desired.
   * 
   * @param mondrianRoles Sorted list of roles defined in the catalog
   * @param platformRoles Sorted list of the roles defined in the catalog
   * @return
   */
  protected abstract String[] mapRoles(String[] mondrianRoles, String[] platformRoles);
  
  /**
   * This method returns the role names as found in the Mondrian schema. The returned names
   * must be ordered (sorted) or code down-stream will not work.
   * @param userSession Users' session
   * @param catalogName The name of the catalog
   * @return Array of role names from the schema file
   */
  protected String[] getMondrianRolesFromCatalog(IPentahoSession userSession, String context) {
    String[] rtn = null; 
    // Get the catalog service
    IMondrianCatalogService catalogService = PentahoSystem.get(IMondrianCatalogService.class);
    if (catalogService != null) {
      // Get the catalog by name
      MondrianCatalog catalog = catalogService.getCatalog(context, userSession);
      if (catalog != null) {
        // The roles are in the schema object
        MondrianSchema schema = catalog.getSchema();
        if (schema != null) {
          // Ask the schema for the role names array
          String[] roleNames = schema.getRoleNames();
          if ( (roleNames != null) && (roleNames.length>0) ) {
            // Return the roles from the schema
            return roleNames;
          }
        }
      }
    }
    return rtn;
  }

  /**
   * This method returns the users' roles as specified in the Spring Security
   * authentication object. The role names returned must be sorted for other
   * code downstream to work properly.
   * @param session The users' session
   * @return Users' roles as defined in the authentication object
   */
  protected String[] getPlatformRolesFromSession(IPentahoSession session) {
    // Get the Spring Security authentication object
    Authentication auth = SecurityHelper.getAuthentication(session, false);
    String[] rtn = null;
    // Get the authorities
    GrantedAuthority[] gAuths = auth.getAuthorities();
    if ((gAuths != null) && (gAuths.length > 0) ) {
      // Copy role names out of the Authentication 
      rtn = new String[gAuths.length];
      for (int i=0; i<gAuths.length; i++) {
        rtn[i] = gAuths[i].getAuthority();
      }
      // Sort the returned list of roles
      Arrays.sort(rtn);
    }
    return rtn;
  }
  
  /* (non-Javadoc)
   * @see org.pentaho.platform.api.engine.IConnectionUserRoleMapper#mapConnectionRoles(org.pentaho.platform.api.engine.IPentahoSession, java.lang.String)
   */
  public String[] mapConnectionRoles(IPentahoSession userSession, String connectionContext)
      throws PentahoAccessControlException {
    // The connectionContextName for this mapper is the Mondrian Catalog.
    String[] mondrianRoleNames = getMondrianRolesFromCatalog(userSession, connectionContext);
    String[] platformRoleNames = getPlatformRolesFromSession(userSession);
    String[] mappedResult = null;
    if ( (mondrianRoleNames != null) && (platformRoleNames != null) && 
        (mondrianRoleNames.length > 0) && (platformRoleNames.length >0) ) {
      mappedResult = mapRoles(mondrianRoleNames, platformRoleNames);
    }
    return mappedResult;
  }

  /* (non-Javadoc)
   * @see org.pentaho.platform.api.engine.IConnectionUserRoleMapper#mapConnectionUser(org.pentaho.platform.api.engine.IPentahoSession, java.lang.String)
   */
  public Object mapConnectionUser(IPentahoSession userSession, String context)
      throws PentahoAccessControlException {
    throw new UnsupportedOperationException();
  }

}