SecuredDatasource.java

/*
 * Copyright (c) 2017 OBiBa. All rights reserved.
 *
 * This program and the accompanying materials
 * are made available under the terms of the GNU Public License v3.0.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

package org.obiba.magma.security;

import java.util.Set;

import org.obiba.magma.Datasource;
import org.obiba.magma.MagmaRuntimeException;
import org.obiba.magma.NoSuchValueTableException;
import org.obiba.magma.ValueTable;
import org.obiba.magma.security.permissions.Permissions;
import org.obiba.magma.security.permissions.Permissions.DatasourcePermissionBuilder;
import org.obiba.magma.support.AbstractDatasourceWrapper;

import com.google.common.base.Function;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;

public class SecuredDatasource extends AbstractDatasourceWrapper {

  private final Authorizer authz;

  public SecuredDatasource(Authorizer authorizer, Datasource datasource) {
    super(datasource);
    if(authorizer == null) throw new IllegalArgumentException("authorizer cannot be null");
    authz = authorizer;
  }

  @Override
  public ValueTable getValueTable(String name) throws NoSuchValueTableException {
    ValueTable table = getWrappedDatasource().getValueTable(name);
    if(table != null && !authzReadTable(name)) throw new NoSuchValueTableException(getName(), name);
    return new SecuredValueTable(authz, this, table);
  }

  @Override
  public Set<ValueTable> getValueTables() {
    return ImmutableSet.copyOf(Iterables.transform(
        Iterables.filter(getWrappedDatasource().getValueTables(), builder().tables().read().asPredicate(authz)),
        new Function<ValueTable, ValueTable>() {

          @Override
          public ValueTable apply(ValueTable from) {
            return new SecuredValueTable(authz, SecuredDatasource.this, from);
          }
        }));
  }

  @Override
  public boolean hasValueTable(String name) {
    return getWrappedDatasource().hasValueTable(name) && authzReadTable(name);
  }

  @Override
  public boolean canDropTable(String name) {
    return getWrappedDatasource().canDropTable(name) && authzDropTable(name);
  }

  @Override
  public void dropTable(String name) {
    if(hasValueTable(name)) {
      if(!authzDropTable(name)) {
        throw new MagmaRuntimeException("not authorized to drop table " + getName() + "." + name);
      }
      getWrappedDatasource().dropTable(name);
    }
  }

  protected boolean authzReadTable(String name) {
    return authz.isPermitted(builder().table(name).read().build());
  }

  protected boolean authzDropTable(String name) {
    return authz.isPermitted(builder().table(name).delete().build());
  }

  private DatasourcePermissionBuilder builder() {
    return Permissions.DatasourcePermissionBuilder.forDatasource(getWrappedDatasource());
  }
}