MultiLevelAdministrationHandler.java example

Explorer
gluster-ovirt-poc-master
- backend
  - manager
- frontend
package org.ovirt.engine.core.bll;

import java.util.List;

import org.ovirt.engine.core.common.businessentities.DbUser;
import org.ovirt.engine.core.common.businessentities.RoleType;
import org.ovirt.engine.core.common.businessentities.permissions;
import org.ovirt.engine.core.common.businessentities.roles;
import org.ovirt.engine.core.compat.Guid;
import org.ovirt.engine.core.compat.LogCompat;
import org.ovirt.engine.core.compat.LogFactoryCompat;
import org.ovirt.engine.core.dal.dbbroker.DbFacade;
import org.ovirt.engine.core.dao.DbUserDAO;
import org.ovirt.engine.core.dao.PermissionDAO;
import org.ovirt.engine.core.dao.RoleDAO;

/**
 * This class caches config values for used with many commands
 *
 */
public class MultiLevelAdministrationHandler {

    public static final Guid SYSTEM_OBJECT_ID = new Guid("AAA00000-0000-0000-0000-123456789AAA");
    public static final Guid EVERYONE_OBJECT_ID = new Guid("EEE00000-0000-0000-0000-123456789EEE");
    private static LogCompat log = LogFactoryCompat.getLog(MultiLevelAdministrationHandler.class);

    public static PermissionDAO getPermissionDAO() {
        return DbFacade.getInstance().getPermissionDAO();
    }

    public static RoleDAO getRoleDAO() {
        return DbFacade.getInstance().getRoleDAO();
    }

    public static DbUserDAO getDbUserDAO() {
        return DbFacade.getInstance().getDbUserDAO();
    }

    /**
     * Admin user is a user with at least one permission that contains admin
     * role
     *
     * @param userId
     * @return True if user is admin
     */
    public static boolean isAdminUser(Guid userId) {
        List<roles> userRoles = getRoleDAO().getAllForAdElement(userId);

        for (roles r : userRoles) {
            if (r.getType() == RoleType.ADMIN) {
                if (log.isDebugEnabled()) {
                    log.debugFormat("LoginAdminUser: User logged to admin using role {0}", r.getname());
                }
                return true;
            }
        }
        return false;
    }

    public static void addPermission(permissions... permissions) {
        for (permissions perms : permissions) {
            getPermissionDAO().save(perms);
        }
    }

    /**
     * Set the user lastAdminStatusCheck flag to the value specified
     *
     * @param userId
     * @param hasPermissions
     *            will saved as {@link DbUser.lastAdminStatusCheck} value
     * @see {@link DbUser}
     */
    public static void setIsAdminGUIFlag(Guid userId, boolean hasPermissions) {
        DbUser user = getDbUserDAO().get(userId);
        if (user.getLastAdminCheckStatus() != hasPermissions) {
            user.setLastAdminCheckStatus(hasPermissions);
            getDbUserDAO().update(user);
        }
    }

    /**
     * Checks if supplied role is the last (or maybe only) role with super user privileges.
     *
     * @param roleId
     *               the role id.
     * @return true if role is the last with Super User privileges, otherwise, false
     */
    public static boolean isLastSuperUserPermission(Guid roleId) {
        boolean retValue=false;
        if (PredefinedRoles.SUPER_USER.getId().equals(roleId)) {
            // check that there is at least one super-user left in the system
            List<permissions> permissions = getPermissionDAO().getAllForRole(
                    PredefinedRoles.SUPER_USER.getId());
            if (permissions.size() <= 1) {
                retValue = true;
            }
        }
        return retValue;
    }

    /**
     * Checks if supplied group is the last (or maybe only)  with super user privileges.
     *
     * @param group_id
     *                the group is
     * @return true if group is the last with Super User privileges, otherwise, false
     */
    public static boolean isLastSuperUserGroup(Guid groupId) {
        boolean retValue=false;
        // check that there is at least one super-user left in the system
        List<permissions> permissions = getPermissionDAO().getAllForRole(
                PredefinedRoles.SUPER_USER.getId());
        if (permissions.size() <= 1) {
            // get group role
            permissions = getPermissionDAO().getAllForAdElement(groupId);
            for (permissions permission : permissions){
                if (permission.getrole_id().equals(PredefinedRoles.SUPER_USER.getId())){
                    retValue = true;
                    break;
                }
            }
        }
        return retValue;
    }
}