/**
* NOTE: This copyright does *not* cover user programs that use Hyperic
* program services by normal system calls through the application
* program interfaces provided as part of the Hyperic Plug-in Development
* Kit or the Hyperic Client Development Kit - this is merely considered
* normal use of the program, and does *not* fall under the heading of
* "derived work".
*
* Copyright (C) [2004-2013], VMware, Inc.
* This file is part of Hyperic.
*
* Hyperic is free software; you can redistribute it and/or modify
* it under the terms version 2 of the GNU General Public License as
* published by the Free Software Foundation. This program is distributed
* in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA.
*
*/
package org.hyperic.hq.authz.server.session;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.Set;
import javax.annotation.PostConstruct;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.hyperic.hibernate.PageInfo;
import org.hyperic.hq.appdef.server.session.ResourceDeletedZevent;
import org.hyperic.hq.appdef.shared.AppdefEntityConstants;
import org.hyperic.hq.appdef.shared.AppdefEntityID;
import org.hyperic.hq.appdef.shared.AppdefEntityTypeID;
import org.hyperic.hq.appdef.shared.AppdefGroupValue;
import org.hyperic.hq.authz.server.session.ResourceGroup.ResourceGroupCreateInfo;
import org.hyperic.hq.authz.server.session.events.group.GroupCreatedEvent;
import org.hyperic.hq.authz.server.session.events.group.GroupDeleteRequestedEvent;
import org.hyperic.hq.authz.server.session.events.group.GroupMembersAddedZevent;
import org.hyperic.hq.authz.server.session.events.group.GroupMembersChangedEvent;
import org.hyperic.hq.authz.server.session.events.group.GroupMembersRemovedZevent;
import org.hyperic.hq.authz.shared.AuthzConstants;
import org.hyperic.hq.authz.shared.AuthzSubjectManager;
import org.hyperic.hq.authz.shared.GroupCreationException;
import org.hyperic.hq.authz.shared.PermissionException;
import org.hyperic.hq.authz.shared.PermissionManager;
import org.hyperic.hq.authz.shared.PermissionManagerFactory;
import org.hyperic.hq.authz.shared.ResourceGroupManager;
import org.hyperic.hq.authz.shared.ResourceGroupValue;
import org.hyperic.hq.authz.shared.ResourceManager;
import org.hyperic.hq.common.DuplicateObjectException;
import org.hyperic.hq.common.NotFoundException;
import org.hyperic.hq.common.SystemException;
import org.hyperic.hq.common.VetoException;
import org.hyperic.hq.events.MaintenanceEvent;
import org.hyperic.hq.events.shared.EventLogManager;
import org.hyperic.hq.grouping.shared.GroupDuplicateNameException;
import org.hyperic.hq.grouping.shared.GroupEntry;
import org.hyperic.hq.management.server.session.GroupCriteriaDAO;
import org.hyperic.hq.zevents.ZeventManager;
import org.hyperic.util.pager.PageControl;
import org.hyperic.util.pager.PageList;
import org.hyperic.util.pager.Pager;
import org.quartz.SchedulerException;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
/**
* Use this session bean to manipulate ResourceGroups,
*
* All arguments and return values are value-objects.
*
*/
@Transactional
@Service
public class ResourceGroupManagerImpl implements ResourceGroupManager, ApplicationContextAware {
private final String BUNDLE = "org.hyperic.hq.authz.Resources";
private Pager _groupPager;
private Pager _ownedGroupPager;
private static final String GROUP_PAGER = PagerProcessor_resourceGroup.class.getName();
private static final String OWNEDGROUP_PAGER = PagerProcessor_ownedResourceGroup.class.getName();
private final ResourceEdgeDAO resourceEdgeDAO;
private final AuthzSubjectManager authzSubjectManager;
@Autowired
private EventLogManager eventLogManager;
private final Log log = LogFactory.getLog(ResourceGroupManagerImpl.class);
private final ResourceManager resourceManager;
private final ResourceGroupDAO resourceGroupDAO;
protected final ResourceDAO resourceDAO;
private final ResourceRelationDAO resourceRelationDAO;
private ApplicationContext applicationContext;
protected GroupCriteriaDAO groupCriteriaDAO;
protected PermissionManager permissionManager;
protected ResourceTypeDAO resourceTypeDAO;
private ZeventManager zeventManager;
@Autowired
public ResourceGroupManagerImpl(ResourceEdgeDAO resourceEdgeDAO,
AuthzSubjectManager authzSubjectManager,
ResourceManager resourceManager,
ResourceGroupDAO resourceGroupDAO, ResourceDAO resourceDAO,
ResourceRelationDAO resourceRelationDAO,
GroupCriteriaDAO groupCriteriaDAO,
ResourceTypeDAO resourceTypeDAO,
PermissionManager permissionManager,
ZeventManager zeventManager) {
this.resourceEdgeDAO = resourceEdgeDAO;
this.authzSubjectManager = authzSubjectManager;
this.resourceManager = resourceManager;
this.resourceGroupDAO = resourceGroupDAO;
this.resourceDAO = resourceDAO;
this.resourceRelationDAO = resourceRelationDAO;
this.groupCriteriaDAO = groupCriteriaDAO;
this.permissionManager = permissionManager;
this.resourceTypeDAO = resourceTypeDAO;
this.zeventManager = zeventManager;
}
@PostConstruct
public void afterPropertiesSet() throws Exception {
_groupPager = Pager.getPager(GROUP_PAGER);
_ownedGroupPager = Pager.getPager(OWNEDGROUP_PAGER);
}
/**
* Create a resource group. Currently no permission checking.
*
* @param roles List of {@link Role}s
* @param resources List of {@link Resource}s
*/
public ResourceGroup createResourceGroup(AuthzSubject whoami, ResourceGroupCreateInfo cInfo,
Collection<Role> roles, Collection<Resource> resources)
throws GroupCreationException, GroupDuplicateNameException {
ResourceGroup res = createGroup(whoami, cInfo, roles, resources);
applicationContext.publishEvent(new GroupCreatedEvent(res));
return res;
}
public ResourceGroup createResourceGroup(AuthzSubject whoami, ResourceGroupCreateInfo cInfo, Resource groupResource,
Collection<Role> roles)
throws GroupCreationException, GroupDuplicateNameException {
final ResourceGroup res = createGroup(whoami, cInfo, groupResource, roles);
return res;
}
@SuppressWarnings("unchecked")
private ResourceGroup createGroup(AuthzSubject whoami, ResourceGroupCreateInfo cInfo, Resource groupResource,
Collection<Role> roles)
throws GroupDuplicateNameException, GroupCreationException {
return createGroup(whoami, cInfo, roles, Collections.EMPTY_LIST, groupResource);
}
private ResourceGroup createGroup(AuthzSubject whoami, ResourceGroupCreateInfo cInfo,
Collection<Role> roles, Collection<Resource> resources)
throws GroupDuplicateNameException, GroupCreationException {
return createGroup(whoami, cInfo, roles, resources, null);
}
private ResourceGroup createGroup(AuthzSubject whoami, ResourceGroupCreateInfo cInfo, Collection<Role> roles,
Collection<Resource> resources, Resource groupResource)
throws GroupDuplicateNameException, GroupCreationException {
ResourceGroup existing = resourceGroupDAO.findByName(cInfo.getName());
if (existing != null) {
throw new GroupDuplicateNameException("Group by the name [" + cInfo.getName() + "] already exists");
}
ResourceGroup res = resourceGroupDAO.create(whoami, cInfo, resources, roles, groupResource);
ResourceRelation relation = resourceRelationDAO.findById(AuthzConstants.RELATION_CONTAINMENT_ID); // Self-edge
if (groupResource == null) {
resourceEdgeDAO.create(res.getResource(), res.getResource(), 0, relation);
}
applicationContext.publishEvent(new GroupCreatedEvent(res));
return res;
}
/**
* Do not allow resources to be added or removed from a group if the group
* has a downtime schedule in progress.
*/
private void checkGroupMaintenance(AuthzSubject subj, ResourceGroup group)
throws PermissionException, VetoException {
try {
MaintenanceEvent event = PermissionManagerFactory.getInstance()
.getMaintenanceEventManager().getMaintenanceEvent(subj, group.getId());
if ((event != null) && MaintenanceEvent.STATE_RUNNING.equals(event.getState())) {
String msg = ResourceBundle.getBundle(BUNDLE).getString(
"resourceGroup.update.error.downtime.running");
throw new VetoException(MessageFormat.format(msg, new String[] { group.getName() }));
}
} catch (SchedulerException se) {
// This should not happen. Indicates a serious system error.
String msg = ResourceBundle.getBundle(BUNDLE).getString(
"resourceGroup.update.error.downtime.scheduler.failure");
throw new SystemException(MessageFormat.format(msg, new String[] { group.getName() }),
se);
}
}
/**
* Find the group that has the given ID. Performs authz checking
* @param whoami user requesting to find the group
* @return {@link ResourceGroup} or null if it does not exist XXX scottmf,
* why is this method called find() but calls dao.get()???
*
*/
@Transactional(readOnly = true)
public ResourceGroup findResourceGroupById(AuthzSubject whoami, Integer id)
throws PermissionException {
ResourceGroup group = resourceGroupDAO.get(id);
if (group == null) {
return null;
}
checkGroupPermission(whoami, group.getId(), AuthzConstants.perm_viewResourceGroup);
return group;
}
private void checkGroupPermission(AuthzSubject whoami, Integer group, Integer op)
throws PermissionException {
PermissionManager pm = PermissionManagerFactory.getInstance();
pm.check(whoami.getId(), AuthzConstants.authzGroup, group, op);
}
/**
* Find the group that has the given ID. Does not do any authz checking
*
*/
@Transactional(readOnly = true)
public ResourceGroup findResourceGroupById(Integer id) {
return resourceGroupDAO.findById(id);
}
@Transactional(readOnly = true)
public ResourceGroup getResourceGroupById(Integer id) {
return resourceGroupDAO.get(id);
}
/**
* Find the role that has the given name.
* @param whoami user requesting to find the group
* @param name The name of the role you're looking for.
* @return The value-object of the role of the given name.
* @throws PermissionException whoami does not have viewResourceGroup on the
* requested group
*
*/
@Transactional(readOnly = true)
public ResourceGroup findResourceGroupByName(AuthzSubject whoami, String name)
throws PermissionException {
ResourceGroup group = resourceGroupDAO.findByName(name);
if (group == null) {
return null;
}
checkGroupPermission(whoami, group.getId(), AuthzConstants.perm_viewResourceGroup);
return group;
}
@Transactional(readOnly = true)
public boolean groupNameExists(String name) {
return resourceGroupDAO.findByName(name) != null;
}
/**
*
*/
@Transactional(readOnly = true)
public Collection<ResourceGroup> findDeletedGroups() {
return resourceGroupDAO.findDeletedGroups();
}
/**
* Update some of the fundamentals of groups (name, description, location).
* If name, description or location are null, the associated properties of
* the passed group will not change.
*
* @throws DuplicateObjectException if an attempt to rename the group would
* result in a group with the same name.
*
*/
public ResourceGroup updateGroup(AuthzSubject whoami, ResourceGroup group, String name,
String description, String location) throws PermissionException,
GroupDuplicateNameException {
checkGroupPermission(whoami, group.getId(), AuthzConstants.perm_modifyResourceGroup);
// XXX: Add Auditing
if ((name != null) && !name.equals(group.getName())) {
ResourceGroup existing = resourceGroupDAO.findByName(name);
if (existing != null) {
throw new GroupDuplicateNameException("Group by that name [" + name +
"] already exists");
}
group.setName(name);
group.getResource().setName(name);
}
if ((description != null) && !description.equals(group.getDescription())) {
group.setDescription(description);
}
if ((location != null) && !location.equals(group.getLocation())) {
group.setLocation(location);
}
return group;
}
public void removeGroupsCompatibleWith(String resourceType) throws VetoException {
Resource proto = resourceManager.findResourcePrototypeByName(resourceType);
removeGroupsCompatibleWith(proto);
}
/**
* Remove all groups compatable with the specified resource prototype.
*
* @throws VetoException if another subsystem cannot allow it (for
* constraint reasons)
*
*/
public void removeGroupsCompatibleWith(Resource proto) throws VetoException {
AuthzSubject overlord = authzSubjectManager.getOverlordPojo();
for (ResourceGroup group : getAllResourceGroups()) {
if (group.isCompatableWith(proto)) {
try {
removeResourceGroup(overlord, group);
} catch (PermissionException exc) {
log.warn("Perm denied while deleting group [" + group.getName() + " id=" +
group.getId() + "]", exc);
}
}
}
}
/**
* Delete the specified ResourceGroup.
* @param whoami The current running user.
* @param group The group to delete.
*
*/
public void removeResourceGroup(AuthzSubject whoami, ResourceGroup group)
throws PermissionException, VetoException {
checkGroupPermission(whoami, group.getId(), AuthzConstants.perm_removeResourceGroup);
// TODO scottmf, this should be invoking a pre-transaction callback
eventLogManager.deleteLogs(group.getResource());
applicationContext.publishEvent(new GroupDeleteRequestedEvent(group));
final Resource resource = group.getResource();
/**
* bug HQ-4526 - don't remove from resource table if it's
* policy.(authzPolicy) In policy, the removal of the resource is done
* in policyManagerImpl.
**/
boolean removeResource = resource.getResourceType().getId().equals(AuthzConstants.authzGroup);
resourceGroupDAO.remove(group, removeResource);
resourceGroupDAO.getSession().flush();
// Send resource delete event
ResourceDeletedZevent zevent = new ResourceDeletedZevent(whoami, AppdefEntityID.newGroupID(group.getId()));
ZeventManager.getInstance().enqueueEventAfterCommit(zevent);
}
public void removeResourceGroup(AuthzSubject whoami, Integer groupId) throws PermissionException, VetoException {
ResourceGroup group = resourceGroupDAO.findById(groupId);
removeResourceGroup(whoami, group);
}
/**
*
*/
public void addResources(AuthzSubject subj, ResourceGroup group, Collection<Resource> resources)
throws PermissionException, VetoException {
addResources(subj, group, resources, false);
}
/**
*
*/
public void addResources(AuthzSubject subj, ResourceGroup group, Collection<Resource> resources, boolean isDuringCalculation)
throws PermissionException, VetoException {
checkGroupPermission(subj, group.getId(), AuthzConstants.perm_modifyResourceGroup);
checkGroupMaintenance(subj, group);
addResources(group, resources, isDuringCalculation);
}
private void addResources(ResourceGroup group, Collection<Resource> resources, boolean isDuringCalculation) {
resourceGroupDAO.addMembers(group, resources);
applicationContext.publishEvent(new GroupMembersChangedEvent(group));
zeventManager.enqueueEventAfterCommit(new GroupMembersAddedZevent(group, resources, isDuringCalculation));
}
/**
* Add a resource to a group by resource id and resource type
*
*/
public ResourceGroup addResource(AuthzSubject whoami, ResourceGroup group, Resource resource)
throws PermissionException, VetoException {
checkGroupPermission(whoami, group.getId(), AuthzConstants.perm_modifyResourceGroup);
checkGroupMaintenance(whoami, group);
addResources(group, Collections.singletonList(resource), false);
return group;
}
public void addResource(AuthzSubject whoami, Resource resource, Collection<ResourceGroup> groups)
throws PermissionException, VetoException {
// Do all of the pre-condition checks first before
// iterating through addResources() because
// ResourceGroupDAO().addMembers() will commit
// the changes after each iteration.
for (ResourceGroup g : groups) {
checkGroupPermission(whoami, g.getId(), AuthzConstants.perm_modifyResourceGroup);
checkGroupMaintenance(whoami, g);
}
for (ResourceGroup g : groups) {
addResources(g, Collections.singletonList(resource), false);
}
}
public void removeResource(AuthzSubject whoami, Resource resource,
Collection<ResourceGroup> groups)
throws PermissionException, VetoException {
// Do all of the pre-condition checks first before
// iterating through removeResources() because
// ResourceGroupDAO().removeMembers() will commit
// the changes after each iteration.
for (ResourceGroup g : groups) {
checkGroupPermission(whoami, g.getId(), AuthzConstants.perm_modifyResourceGroup);
checkGroupMaintenance(whoami, g);
}
for (ResourceGroup g : groups) {
removeResources(g, Collections.singletonList(resource), false);
}
}
/**
* RemoveResources from a group.
* @param whoami The current running user.
* @param group The group .
*
*/
public void removeResources(AuthzSubject whoami, ResourceGroup group, Collection<Resource> resources)
throws PermissionException, VetoException {
removeResources(whoami, group, resources, false);
}
/**
* RemoveResources from a group.
* @param whoami The current running user.
* @param group The group .
*
*/
public void removeResources(AuthzSubject whoami, ResourceGroup group,
Collection<Resource> resources, boolean isDuringCalculation)
throws PermissionException, VetoException {
checkGroupPermission(whoami, group.getId(), AuthzConstants.perm_modifyResourceGroup);
checkGroupMaintenance(whoami, group);
removeResources(group, resources, isDuringCalculation);
}
private void removeResources(ResourceGroup group, Collection<Resource> resources, boolean isDuringCalculation) {
resourceGroupDAO.removeMembers(group, resources);
applicationContext.publishEvent(new GroupMembersChangedEvent(group));
zeventManager.enqueueEventAfterCommit(new GroupMembersRemovedZevent(group, isDuringCalculation));
}
/**
* Change the resource contents of a group to the specified list of
* resources.
*
* @param resources A list of {@link Resource}s to be in the group
*
*/
public void setResources(AuthzSubject whoami, ResourceGroup group, Collection<Resource> resources)
throws PermissionException, VetoException {
checkGroupPermission(whoami, group.getId(), AuthzConstants.perm_modifyResourceGroup);
checkGroupMaintenance(whoami, group);
final Set<Resource> origMembers = new HashSet<Resource>(resourceGroupDAO.getMembers(group));
applicationContext.publishEvent(new GroupMembersChangedEvent(group));
final Collection<Resource> added = new ArrayList<Resource>();
for (final Resource r : resources) {
if (!origMembers.contains(r)) {
added.add(r);
}
}
resourceGroupDAO.setMembers(group, resources);
zeventManager.enqueueEventAfterCommit(new GroupMembersAddedZevent(group, added, false));
}
/**
* List the resources in this group that the caller is authorized to see.
* @param whoami The current running user.
* @param groupValue This group.
* @param pc Paging information for the request
* @return list of authorized resources in this group.
*
*/
@Transactional(readOnly = true)
public Collection<Resource> getResources(AuthzSubject whoami, Integer id) {
return PermissionManagerFactory.getInstance().getGroupResources(whoami.getId(), id,
Boolean.FALSE);
}
/**
* Get all the resource groups including the root resource group.
*
*/
@Transactional(readOnly = true)
public List<ResourceGroupValue> getAllResourceGroups(AuthzSubject subject, PageControl pc)
throws PermissionException {
return getAllResourceGroups(subject, pc, false);
}
/**
* Get all the members of a group.
*
* @return {@link Resource}s
*
*/
@Transactional(readOnly = true)
public List<Resource> getMembers(ResourceGroup g) {
return resourceGroupDAO.getMembers(g);
}
@Transactional(readOnly = true)
public List<Resource> getMembers(Collection<ResourceGroup> groups) {
return resourceGroupDAO.getMembers(groups);
}
/**
* Get all the members of a group, in a Map by type.
*
* @return {@link Resource}s
*
*/
@Transactional(readOnly = true)
public Map<Integer, List<Integer>> getMembersByType(ResourceGroup g)
{
List<Resource> members = getMembers(g);
Map<Integer, List<Integer>> membersByType = new HashMap<Integer, List<Integer>>();
for (final Iterator<Resource> it=members.iterator(); it.hasNext(); ) {
final Resource member = it.next();
Integer protoId = member.getPrototype().getId();
List<Integer> resourceIds = membersByType.get(protoId);
if (resourceIds == null){
resourceIds = new ArrayList<Integer>();
}
resourceIds.add(member.getId());
membersByType.put(protoId, resourceIds);
}
return membersByType;
}
/**
* Get the member type counts of a group
*
*/
@Transactional(readOnly = true)
public Map<String, Number> getMemberTypes(ResourceGroup g) {
return resourceGroupDAO.getMemberTypes(g);
}
/**
* Get all the groups a resource belongs to
*
* @return {@link ResourceGroup}s
*
*/
@Transactional(readOnly = true)
public Collection<ResourceGroup> getGroups(Resource r) {
return resourceGroupDAO.getGroups(r);
}
/**
* Get the # of groups within HQ inventory
*
*/
@Transactional(readOnly = true)
public Number getGroupCount() {
return new Integer(resourceGroupDAO.size());
}
/**
* Returns true if the passed resource is a member of the given group.
*
*/
@Transactional(readOnly = true)
public boolean isMember(ResourceGroup group, Resource resource) {
return resourceGroupDAO.isMember(group, resource);
}
/**
* Get the # of members in a group
*
*/
@Transactional(readOnly = true)
public int getNumMembers(ResourceGroup g) {
return resourceGroupDAO.getNumMembers(g);
}
@Transactional(readOnly = true)
public AppdefGroupValue getGroupConvert(AuthzSubject subject, Integer groupId) {
ResourceGroup group = findResourceGroupById(groupId);
return getGroupConvert(subject, group);
}
/**
* Temporary method to convert a ResourceGroup into an AppdefGroupValue
*
*/
@Transactional(readOnly = true)
public AppdefGroupValue getGroupConvert(AuthzSubject subj, ResourceGroup g) {
AppdefGroupValue retVal = new AppdefGroupValue();
Collection<Resource> members = getMembers(g);
// Create our return group vo
retVal.setId(g.getId());
retVal.setName(g.getName());
retVal.setDescription(g.getDescription());
retVal.setLocation(g.getLocation());
retVal.setGroupType(g.getGroupType().intValue());
retVal.setGroupEntType(g.getGroupEntType().intValue());
retVal.setGroupEntResType(g.getGroupEntResType().intValue());
retVal.setTotalSize(members.size());
retVal.setSubject(subj);
retVal.setClusterId(g.getClusterId().intValue());
retVal.setMTime(new Long(g.getMtime()));
retVal.setCTime(new Long(g.getCtime()));
retVal.setModifiedBy(g.getModifiedBy());
retVal.setOwner(g.getResource().getOwner().getName());
// Add the group members
for (Resource r : members) {
if (r.getResourceType() != null) {
GroupEntry ge = new GroupEntry(r.getInstanceId(), r.getResourceType().getName());
retVal.addEntry(ge);
}
}
retVal.setAppdefResourceTypeValue(retVal.getAppdefResourceTypeValue(subj, g));
return retVal;
}
/**
* Get a list of {@link ResourceGroup}s which are compatible with the
* specified prototype.
*
* Do not return any groups contained within 'excludeGroups' (a list of
* {@link ResourceGroup}s
*
* @param prototype If specified, the resulting groups must be compatible
* with the prototype.
*
* @param pInfo Pageinfo with a sort field of type
* {@link ResourceGroupSortField}
*
*
*/
@Transactional(readOnly = true)
public PageList<ResourceGroup> findGroupsNotContaining(AuthzSubject subject, Resource member,
Resource prototype,
Collection<ResourceGroup> excGrps,
PageInfo pInfo) {
return resourceGroupDAO.findGroupsClusionary(subject, member, prototype, excGrps, pInfo,
false, false);
}
/**
* Get a list of {@link ResourceGroup}s which are compatible with the
* specified prototype.
*
* Do not return any groups contained within 'excludeGroups' (a list of
* {@link ResourceGroup}s
*
* @param prototype If specified, the resulting groups must be compatible
* with the prototype.
*
* @param pInfo Pageinfo with a sort field of type
* {@link ResourceGroupSortField}
*
*
*/
@Transactional(readOnly = true)
public PageList<ResourceGroup> findGroupsContaining(AuthzSubject subject, Resource member,
Collection<ResourceGroup> excludeGroups,
PageInfo pInfo) {
return resourceGroupDAO.findGroupsClusionary(subject, member, null, excludeGroups, pInfo,
true, false);
}
/**
* Get all the resource groups excluding the root resource group.
*
*/
@Transactional(readOnly = true)
public Collection<ResourceGroup> getAllResourceGroups(AuthzSubject subject, boolean excludeRoot)
throws PermissionException {
// first get the list of groups subject can view
PermissionManager pm = PermissionManagerFactory.getInstance();
Collection<Integer> groupIds;
/**
* XXX: Seems this could be optimized to actually get the real list of
* viewable resource groups instead of going through the perm manager to
* get the IDs
*/
try {
// TODO: G
groupIds = pm.findOperationScopeBySubject(subject,
AuthzConstants.groupOpViewResourceGroup, AuthzConstants.groupResourceTypeName);
} catch (NotFoundException e) {
// Makes no sense
throw new SystemException(e);
}
// now build a collection for all of them
Collection<ResourceGroup> groups = new ArrayList<ResourceGroup>();
for (Integer groupId : groupIds) {
if (groupId == null) {
continue;
}
ResourceGroup rgloc = resourceGroupDAO.findById(groupId);
if (excludeRoot) {
String name = rgloc.getName();
if (!name.equals(AuthzConstants.groupResourceTypeName) &&
!name.equals(AuthzConstants.rootResourceGroupName)) {
groups.add(rgloc);
}
} else {
groups.add(rgloc);
}
}
return groups;
}
/**
* Get all {@link ResourceGroup}s
*
*
*/
@Transactional(readOnly = true)
public Collection<ResourceGroup> getAllResourceGroups() {
return resourceGroupDAO.findAll();
}
/**
* Get all compatible resource groups of the given entity type and resource
* type.
*
*
*/
@Transactional(readOnly = true)
public Collection<ResourceGroup> getCompatibleResourceGroups(AuthzSubject subject,
Resource resProto)
throws PermissionException, NotFoundException {
// first get the list of groups subject can view
PermissionManager pm = PermissionManagerFactory.getInstance();
Collection<Integer> groupIds =
pm.findOperationScopeBySubject(subject, AuthzConstants.groupOpViewResourceGroup,
AuthzConstants.groupResourceTypeName);
Collection<ResourceGroup> groups = resourceGroupDAO.findCompatible(resProto);
for (Iterator<ResourceGroup> i = groups.iterator(); i.hasNext();) {
ResourceGroup g = i.next();
if (!groupIds.contains(g.getId())) {
i.remove();
}
}
return groups;
}
/**
* Get all the resource groups excluding the root resource group and paged
*/
@Transactional(readOnly = true)
private PageList<ResourceGroupValue> getAllResourceGroups(AuthzSubject subject, PageControl pc,
boolean excludeRoot)
throws PermissionException {
Collection<ResourceGroup> groups = getAllResourceGroups(subject, excludeRoot);
// TODO: G
return _ownedGroupPager.seek(groups, pc.getPagenum(), pc.getPagesize());
}
/**
* Get the resource groups with the specified ids
* @param ids the resource group ids
* @param pc Paging information for the request
*
*/
@Transactional(readOnly = true)
public PageList<ResourceGroupValue> getResourceGroupsById(AuthzSubject whoami, Integer[] ids,
PageControl pc)
throws PermissionException {
if (ids.length == 0) {
return new PageList<ResourceGroupValue>();
}
PageControl allPc = new PageControl();
// get all roles, sorted but not paged
allPc.setSortattribute(pc.getSortattribute());
allPc.setSortorder(pc.getSortorder());
Collection<ResourceGroup> all = getAllResourceGroups(whoami, false);
// build an index of ids
HashSet<Integer> index = new HashSet<Integer>();
index.addAll(Arrays.asList(ids));
int numToFind = index.size();
// find the requested roles
List<ResourceGroup> groups = new ArrayList<ResourceGroup>(numToFind);
Iterator<ResourceGroup> i = all.iterator();
while (i.hasNext() && (groups.size() < numToFind)) {
ResourceGroup g = i.next();
if (index.contains(g.getId())) {
groups.add(g);
}
}
// TODO: G
PageList<ResourceGroupValue> plist = _groupPager.seek(groups, pc.getPagenum(), pc
.getPagesize());
plist.setTotalSize(groups.size());
return plist;
}
/**
* Get all resource groups owned by with the specified owner
* @param owner of resource groups
*
*/
@Transactional(readOnly = true)
public Collection<ResourceGroup> getResourceGroupsByOwnerId(AuthzSubject whoami)
throws PermissionException {
Collection<ResourceGroup> all = getAllResourceGroups(whoami, false);
List<ResourceGroup> ownerGroups = new ArrayList<ResourceGroup>();
Iterator<ResourceGroup> i = all.iterator();
while (i.hasNext()) {
ResourceGroup g = i.next();
if (whoami.equals(g.getResource().getOwner())) {
ownerGroups.add(g);
}
}
return ownerGroups;
}
/**
* Change owner of a group.
*
*
*/
public void changeGroupOwner(AuthzSubject subject, ResourceGroup group, AuthzSubject newOwner)
throws PermissionException {
resourceManager.setResourceOwner(subject, group.getResource(), newOwner);
group.setModifiedBy(newOwner.getName());
}
/**
* Get a ResourceGroup owner's AuthzSubjectValue
* @param gid The group id
* @exception NotFoundException Unable to find a group by id
*
*/
@Transactional(readOnly = true)
public AuthzSubject getResourceGroupOwner(Integer gid) throws NotFoundException {
Resource gResource = resourceManager.findResourceByInstanceId(resourceManager
.findResourceTypeByName(AuthzConstants.groupResourceTypeName), gid);
return gResource.getOwner();
}
/**
*
*/
@Transactional(readOnly = true)
public ResourceGroup getResourceGroupByResource(Resource resource) {
return resourceGroupDAO.findResourceGroup(resource);
}
/**
* Set a ResourceGroup modifiedBy attribute
* @param whoami user requesting to find the group
* @param id The ID of the role you're looking for.
*
*/
public void setGroupModifiedBy(AuthzSubject whoami, Integer id) {
ResourceGroup groupLocal = resourceGroupDAO.findById(id);
groupLocal.setModifiedBy(whoami.getName());
}
/**
*
*/
public void updateGroupType(AuthzSubject subject, ResourceGroup g, int groupType,
int groupEntType, int groupEntResType) throws PermissionException {
checkGroupPermission(subject, g.getId(), AuthzConstants.perm_modifyResourceGroup);
g.setGroupType(new Integer(groupType));
if ((groupType == AppdefEntityConstants.APPDEF_TYPE_GROUP_COMPAT_PS) ||
(groupType == AppdefEntityConstants.APPDEF_TYPE_GROUP_COMPAT_SVC)) {
Resource r = findPrototype(new AppdefEntityTypeID(groupEntType, groupEntResType));
g.setResourcePrototype(r);
}
}
private Resource findPrototype(AppdefEntityTypeID id) {
Integer authzType;
switch (id.getType()) {
case AppdefEntityConstants.APPDEF_TYPE_PLATFORM:
authzType = AuthzConstants.authzPlatformProto;
break;
case AppdefEntityConstants.APPDEF_TYPE_SERVER:
authzType = AuthzConstants.authzServerProto;
break;
case AppdefEntityConstants.APPDEF_TYPE_SERVICE:
authzType = AuthzConstants.authzServiceProto;
break;
default:
throw new IllegalArgumentException("Unsupported prototype type: " + id.getType());
}
return resourceDAO.findByInstanceId(authzType, id.getId());
}
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
this.applicationContext = applicationContext;
}
public ResourceGroup getGroupById(Integer id) {
if (id == null) {
return null;
}
return resourceGroupDAO.get(id);
}
public void removeAllMembers(ResourceGroup group) {
resourceGroupDAO.removeAllMembers(group);
}
@Transactional(readOnly=true)
public List<ResourceGroup> getResourceGroupsByType(int groupType) {
return resourceGroupDAO.getGroupsByType(groupType);
}
public Collection<GroupMember> getOrphanedResourceGroupMembers() {
return resourceGroupDAO.getOrphanedResourceGroupMembers();
}
public void removeGroupMember(GroupMember m) {
resourceGroupDAO.getSession().delete(m);
}
}