AdminPlugin.java example

Explorer
kraken-master
/*
 * Copyright 2011 Future Systems, Inc.
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 * http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.krakenapps.dom.msgbus;

import org.apache.felix.ipojo.annotations.Component;
import org.apache.felix.ipojo.annotations.Requires;
import org.krakenapps.api.PrimitiveConverter;
import org.krakenapps.dom.api.AdminApi;
import org.krakenapps.dom.api.ConfigManager;
import org.krakenapps.dom.api.DOMException;
import org.krakenapps.dom.api.RoleApi;
import org.krakenapps.dom.api.UserApi;
import org.krakenapps.dom.model.Admin;
import org.krakenapps.dom.model.User;
import org.krakenapps.msgbus.MsgbusException;
import org.krakenapps.msgbus.Request;
import org.krakenapps.msgbus.Response;
import org.krakenapps.msgbus.handler.MsgbusMethod;
import org.krakenapps.msgbus.handler.MsgbusPermission;
import org.krakenapps.msgbus.handler.MsgbusPlugin;

@Component(name = "dom-admin-plugin")
@MsgbusPlugin
public class AdminPlugin {
	@Requires
	private AdminApi adminApi;

	@Requires
	private UserApi userApi;

	@Requires
	private RoleApi roleApi;

	@Requires
	private ConfigManager conf;

	@MsgbusMethod
	public void getAdmins(Request req, Response resp) {
		resp.put("admins", PrimitiveConverter.serialize(adminApi.getAdmins(req.getOrgDomain())));
	}

	@MsgbusMethod
	public void getAdmin(Request req, Response resp) {
		User user = userApi.getUser(req.getOrgDomain(), req.getString("login_name"));
		Admin admin = adminApi.getAdmin(req.getOrgDomain(), user);
		resp.put("admin", PrimitiveConverter.serialize(admin));
	}

	@MsgbusMethod
	@MsgbusPermission(group = "dom", code = "admin_grant")
	public void setAdmin(Request req, Response resp) {
		String loginName = req.getString("login_name");
		Admin before = adminApi.findAdmin(req.getOrgDomain(), loginName);
		if (before == null)
			before = new Admin();
		Admin admin = (Admin) PrimitiveConverter.overwrite(before, req.getParams(), conf.getParseCallback(req.getOrgDomain()));
		adminApi.setAdmin(req.getOrgDomain(), req.getAdminLoginName(), loginName, admin);
	}

	@MsgbusMethod
	@MsgbusPermission(group = "dom", code = "admin_grant")
	public void unsetAdmin(Request req, Response resp) {
		String loginName = req.getString("login_name");
		adminApi.unsetAdmin(req.getOrgDomain(), req.getAdminLoginName(), loginName);
	}

	@MsgbusMethod
	public void getPermissions(Request req, Response resp) {
		Admin admin = adminApi.getAdmin(req.getOrgDomain(), req.getAdminLoginName());
		resp.put("permissions", PrimitiveConverter.serialize(admin.getRole().getPermissions()));
	}

	@MsgbusMethod
	public void hasPermission(Request req, Response resp) {
		String group = req.getString("group");
		String permission = req.getString("permission");
		resp.put("result", roleApi.hasPermission(req.getOrgDomain(), req.getAdminLoginName(), group, permission));
	}

	@MsgbusMethod
	public void updateOtpSeed(Request req, Response resp) {
		String loginName = req.getString("login_name");

		String domain = req.getOrgDomain();
		Admin admin = adminApi.findAdmin(domain, req.getAdminLoginName());
		if (admin == null)
			throw new MsgbusException("dom", "admin-not-found");

		User target = userApi.findUser(domain, req.getString("login_name"));

		if (target == null)
			throw new MsgbusException("dom", "user-not-found");

		if (admin.getRole().getLevel() == 2) {
			if (req.getAdminLoginName().equals(loginName)) {
				String newSeed = adminApi.updateOtpSeed(domain, req.getAdminLoginName(), loginName);
				resp.put("otp_seed", newSeed);
				return;
			} else if (adminApi.canManage(domain, admin, target)) {
				String newSeed = adminApi.updateOtpSeed(domain, req.getAdminLoginName(), loginName);
				resp.put("otp_seed", newSeed);
				return;
			} else {
				throw new DOMException("no-permission");
			}
		}

		if (!adminApi.canManage(domain, admin, target))
			throw new DOMException("no-permission");

		String newSeed = adminApi.updateOtpSeed(domain, req.getAdminLoginName(), loginName);
		resp.put("otp_seed", newSeed);
	}
}