UserDirectoryUtils.java

/**
 * Licensed to The Apereo Foundation under one or more contributor license
 * agreements. See the NOTICE file distributed with this work for additional
 * information regarding copyright ownership.
 *
 *
 * The Apereo Foundation licenses this file to you under the Educational
 * Community License, Version 2.0 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy of the License
 * at:
 *
 *   http://opensource.org/licenses/ecl2.txt
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
 * License for the specific language governing permissions and limitations under
 * the License.
 *
 */

package org.opencastproject.userdirectory.utils;

import org.opencastproject.security.api.Organization;
import org.opencastproject.security.api.Role;
import org.opencastproject.security.api.SecurityConstants;
import org.opencastproject.security.api.SecurityService;
import org.opencastproject.security.api.User;

import org.apache.commons.lang3.StringUtils;

import java.util.Set;

/**
 * Utility class for common operations.
 * This class is not visible to other OSGI bundles.
 */
public final class UserDirectoryUtils {

  /** Hidden constructor */
  private UserDirectoryUtils() { }

  /**
   * Return false if the current user hasn't an admin role and the roles list contain same role, true otherwise
   *
   * @param securityService the SecurityService
   * @param roles roles list to test
   * @return true if the roles list doesn't contain an admin role
   *            or if the current user is allowed to create, update or delete users or groups with the given roles
   */
  public static boolean isCurrentUserAuthorizedHandleRoles(SecurityService securityService, Set<Role> roles) {
    User user = securityService.getUser();
    if (user == null)
      return false;

    Organization org = user.getOrganization();

    for (Role role : roles) {
      if (StringUtils.equals(SecurityConstants.GLOBAL_ADMIN_ROLE, role.getName()))
        return user.hasRole(SecurityConstants.GLOBAL_ADMIN_ROLE);

      if (org != null && StringUtils.equals(org.getAdminRole(), role.getName()))
        return user.hasRole(SecurityConstants.GLOBAL_ADMIN_ROLE)
                || user.hasRole(org.getAdminRole());
    }
    return true;
  }
}