/**
*
*/
package com.thinkbiganalytics.metadata.modeshape.security.mixin;
import java.security.Principal;
import java.util.Collections;
/*-
* #%L
* kylo-metadata-modeshape
* %%
* Copyright (C) 2017 ThinkBig Analytics
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import javax.jcr.Node;
import javax.jcr.security.Privilege;
import com.thinkbiganalytics.metadata.api.security.AccessControlled;
import com.thinkbiganalytics.metadata.api.security.RoleMembership;
import com.thinkbiganalytics.metadata.modeshape.common.mixin.NodeEntityMixin;
import com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions;
import com.thinkbiganalytics.metadata.modeshape.security.role.JcrRoleMembership;
import com.thinkbiganalytics.metadata.modeshape.security.role.JcrSecurityRole;
import com.thinkbiganalytics.metadata.modeshape.support.JcrUtil;
import com.thinkbiganalytics.security.UsernamePrincipal;
import com.thinkbiganalytics.security.action.AllowedActions;
import com.thinkbiganalytics.security.role.SecurityRole;
/**
*
*/
public interface AccessControlledMixin extends AccessControlled, NodeEntityMixin {
@Override
default Set<RoleMembership> getRoleMemberships() {
JcrAllowedActions allowed = getJcrAllowedActions();
return JcrUtil.getPropertyObjectSet(getNode(), JcrRoleMembership.NODE_NAME, JcrRoleMembership.class, allowed).stream()
.map(RoleMembership.class::cast)
.collect(Collectors.toSet());
}
@Override
default Optional<RoleMembership> getRoleMembership(String roleName) {
JcrAllowedActions allowed = getJcrAllowedActions();
return JcrRoleMembership.find(getNode(), roleName, allowed).map(RoleMembership.class::cast);
}
@Override
default AllowedActions getAllowedActions() {
return getJcrAllowedActions();
}
default JcrAllowedActions getJcrAllowedActions() {
Node allowedNode = JcrUtil.getNode(getNode(), JcrAllowedActions.NODE_NAME);
return JcrUtil.createJcrObject(allowedNode, getJcrAllowedActionsType());
}
default void disableAccessControl(JcrAllowedActions prototype, Principal owner) {
disableAccessControl(prototype, owner, Collections.emptyList());
}
default void disableAccessControl(JcrAllowedActions prototype, Principal owner, List<SecurityRole> roles) {
JcrAllowedActions allowed = getJcrAllowedActions();
prototype.copy(allowed.getNode(), owner);
allowed.removeAccessControl(owner);
if (roles.isEmpty()) {
JcrRoleMembership.removeAll(getNode());
} else {
roles.forEach(role -> JcrRoleMembership.remove(getNode(), ((JcrSecurityRole) role).getNode()));
}
}
default void enableAccessControl(JcrAllowedActions prototype, Principal owner, List<SecurityRole> roles) {
JcrAllowedActions allowed = getJcrAllowedActions();
prototype.copy(allowed.getNode(), owner, Privilege.JCR_ALL);
allowed.setupAccessControl(owner);
roles.forEach(role -> JcrRoleMembership.create(getNode(), ((JcrSecurityRole) role).getNode(), allowed));
}
Class<? extends JcrAllowedActions> getJcrAllowedActionsType();
}