GroupAdminUserGroupService.java example

Explorer

geoserver-master
- doc
  - en
    - developer
      - source
        programming-guide
        ows-services
        hello
        src
        main
        java
        HelloWorld.java
        web-ui
        ComponentInfo.java
    - user
      - source
        security
        tutorials
        ldap
        acme-ldap
        src
        main
        java
        org
        acme
        Ldap.java
- src

/* (c) 2014 Open Source Geospatial Foundation - all rights reserved
 * (c) 2001 - 2013 OpenPlans
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 */
package org.geoserver.security;

import static org.geoserver.security.validation.UserGroupServiceException.USER_IN_OTHER_GROUP_NOT_MODIFIABLE_$1;

import java.io.IOException;
import java.util.List;
import java.util.SortedSet;

import org.geoserver.security.impl.GeoServerRole;
import org.geoserver.security.impl.GeoServerUser;
import org.geoserver.security.impl.GeoServerUserGroup;
import org.geoserver.security.validation.PasswordPolicyException;
import org.geoserver.security.validation.UserGroupServiceException;

/**
 * User group service wrapper that filters contents based on an authenticated group administrator.
 * <p>
 * This wrapper filters out the administrative roles {@link GeoServerRole#ADMIN_ROLE} and 
 * {@link GeoServerRole#GROUP_ADMIN_ROLE}. It also forces read-only access to the role store.
 * </p>
 * @author Justin Deoliveira, OpenGeo
 *
 */
public class GroupAdminUserGroupService extends AuthorizingUserGroupService {

    List<String> groups;
    
    GroupAdminUserGroupService(GeoServerUserGroupService delegate, List<String> groups) {
        super(delegate);
        this.groups = groups;
    }

    @Override
    public GeoServerUserGroupStore createStore() throws IOException {
        return new GroupAdminUserGroupService(delegate.createStore(), groups);
    }

    @Override
    public int getGroupCount() throws IOException {
        return groups.size();
    }

    @Override
    protected GeoServerUser filterUser(GeoServerUser user) {
        return user;
    }

    @Override
    protected GeoServerUserGroup filterGroup(GeoServerUserGroup group) {
        if (groups.contains(group.getGroupname())) {
            return group;
        }
        return null;
    }

    @Override
    public boolean removeUser(GeoServerUser user) throws IOException {
        checkUserNotInOtherGroup(user);
        return super.removeUser(user);
    }

    @Override
    public void updateUser(GeoServerUser user) throws IOException,
            PasswordPolicyException {
        checkUserNotInOtherGroup(user);
        super.updateUser(user);
    }

    void checkUserNotInOtherGroup(GeoServerUser user) throws IOException {
        SortedSet<GeoServerUserGroup> userGroups = delegate.getGroupsForUser(user);
        if (userGroups.isEmpty()) {
            return;
        }

        for (GeoServerUserGroup userGroup : userGroups) {
            if (!groups.contains(userGroup.getGroupname())) {
                String msg = new UserGroupServiceException(USER_IN_OTHER_GROUP_NOT_MODIFIABLE_$1, 
                    new Object[]{user}).getMessage();
                throw new IOException(msg);
            }
        }
    }
}