ManagementPermissionUtil.java

/*
 * Copyright (c) 2010 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
 *
 *  WSO2 Inc. licenses this file to you under the Apache License,
 *  Version 2.0 (the "License"); you may not use this file except
 *  in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing,
 *  software distributed under the License is distributed on an
 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 *  KIND, either express or implied.  See the License for the
 *  specific language governing permissions and limitations
 *  under the License.
 */

package org.wso2.carbon.user.mgt.permission;

import org.wso2.carbon.CarbonException;
import org.wso2.carbon.core.util.AdminServicesUtil;
import org.wso2.carbon.user.api.Permission;
import org.wso2.carbon.user.core.AuthorizationManager;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.user.mgt.UserMgtConstants;
import org.wso2.carbon.user.mgt.common.UserAdminException;

/**
 * This is the class should be used by Admin service authors to get the Registry
 * and Realms.
 */
public class ManagementPermissionUtil {

    /**
     * Should only be called by the Admin Services.
     * @param roleName
     * @param rawPermissions
     * @throws UserAdminException
     */

    private ManagementPermissionUtil(){

    }

    public static void updateRoleUIPermission(String roleName, String[] rawPermissions)
            throws UserAdminException {
        try {
            String[] optimizedList = UserCoreUtil.optimizePermissions(rawPermissions);
            UserRealm realm = AdminServicesUtil.getUserRealm();
            AuthorizationManager authMan = realm.getAuthorizationManager();
            authMan.clearRoleActionOnAllResources(roleName, UserMgtConstants.EXECUTE_ACTION);
            for (String path : optimizedList) {
                authMan.authorizeRole(roleName, path, UserMgtConstants.EXECUTE_ACTION);
            }
        } catch (UserStoreException e) {
            // not logging already logged
            throw new UserAdminException(e.getMessage(), e);
        } catch (CarbonException e) {
            throw new UserAdminException(e.getMessage(), e);
        }
    }
    
	public static Permission[] getRoleUIPermissions(String roleName, String[] rawPermissions)
			throws UserAdminException {
		Permission[] permissions = new Permission[0];
		try {

			if (rawPermissions == null || rawPermissions.length == 0) {
				return permissions;
			}

			String[] optimizedList = UserCoreUtil.optimizePermissions(rawPermissions);
			UserRealm realm = AdminServicesUtil.getUserRealm();
			AuthorizationManager authMan = realm.getAuthorizationManager();
			permissions = new Permission[optimizedList.length];
			int i = 0;
			for (String path : optimizedList) {
				permissions[i++] = new Permission(path, UserMgtConstants.EXECUTE_ACTION);
			}
		} catch (UserStoreException e) {
			// not logging already logged
			throw new UserAdminException(e.getMessage(), e);
		} catch (CarbonException e) {
			throw new UserAdminException(e.getMessage(), e);
		}

		return permissions;
	}

}