package edu.ualberta.med.biobank.common.action.security;
import java.util.Set;
import org.hibernate.Hibernate;
import edu.ualberta.med.biobank.common.action.Action;
import edu.ualberta.med.biobank.common.action.ActionContext;
import edu.ualberta.med.biobank.common.action.exception.ActionException;
import edu.ualberta.med.biobank.common.permission.Permission;
import edu.ualberta.med.biobank.common.permission.security.UserManagerPermission;
import edu.ualberta.med.biobank.model.Domain;
import edu.ualberta.med.biobank.model.Group;
import edu.ualberta.med.biobank.model.Membership;
import edu.ualberta.med.biobank.model.PermissionEnum;
import edu.ualberta.med.biobank.model.Role;
import edu.ualberta.med.biobank.model.User;
public class UserGetAction implements Action<UserGetOutput> {
private static final long serialVersionUID = 1L;
private static final Permission PERMISSION = new UserManagerPermission();
private final UserGetInput input;
public UserGetAction(UserGetInput input) {
this.input = input;
}
@Override
public boolean isAllowed(ActionContext context) throws ActionException {
return PERMISSION.isAllowed(context);
}
@Override
public UserGetOutput run(ActionContext context) throws ActionException {
User user = context.load(User.class, input.getUserId());
User copy = new User();
MembershipContext managerContext = new MembershipContextGetAction(
new MembershipContextGetInput()).run(context).getContext();
copyProperties(user, copy);
copyMemberships(user, copy, context, managerContext.getRoles());
copyGroups(user, copy, context);
boolean isFullyManageable = user.isFullyManageable(context.getUser());
return new UserGetOutput(copy, managerContext, isFullyManageable);
}
private void copyProperties(User src, User dst) {
dst.setId(src.getId());
dst.setLogin(src.getLogin());
dst.setFullName(src.getFullName());
dst.setEmail(src.getEmail());
dst.setNeedPwdChange(src.getNeedPwdChange());
dst.setRecvBulkEmails(src.getRecvBulkEmails());
}
private void copyMemberships(User src, User dst, ActionContext context,
Set<Role> allRoles) {
User executingUser = context.getUser();
Set<PermissionEnum> permsScope;
Set<Role> rolesScope;
for (Membership m : src.getManageableMemberships(executingUser)) {
Membership copy = new Membership(m, dst);
copy.setId(m.getId());
Hibernate.initialize(copy.getDomain());
Domain domain = copy.getDomain();
Hibernate.initialize(domain.getCenters());
Hibernate.initialize(domain.getStudies());
// limit permission and role scope to manageable ones
permsScope = m.getManageablePermissions(executingUser);
rolesScope = m.getManageableRoles(executingUser, allRoles);
copy.getPermissions().retainAll(permsScope);
copy.getRoles().retainAll(rolesScope);
}
}
private void copyGroups(User src, User dst, ActionContext context) {
User executingUser = context.getUser();
for (Group g : src.getGroups()) {
if (g.isFullyManageable(executingUser)) {
Group copy = new Group();
copy.setId(g.getId());
copy.setName(g.getName());
copy.setDescription(g.getDescription());
dst.getGroups().add(copy);
}
}
}
}