PermissionsPanel.java

/*!
 * This program is free software; you can redistribute it and/or modify it under the
 * terms of the GNU Lesser General Public License, version 2.1 as published by the Free Software
 * Foundation.
 *
 * You should have received a copy of the GNU Lesser General Public License along with this
 * program; if not, you can obtain a copy at http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
 * or from the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 * See the GNU Lesser General Public License for more details.
 *
 * Copyright (c) 2002-2013 Pentaho Corporation..  All rights reserved.
 */

package org.pentaho.mantle.client.admin;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

import org.pentaho.mantle.client.messages.Messages;
import org.pentaho.platform.security.policy.rolebased.actions.AdministerSecurityAction;
import org.pentaho.platform.security.policy.rolebased.actions.RepositoryCreateAction;
import org.pentaho.platform.security.policy.rolebased.actions.RepositoryReadAction;

import com.google.gwt.core.client.GWT;
import com.google.gwt.core.client.JavaScriptObject;
import com.google.gwt.core.client.JsArrayString;
import com.google.gwt.core.client.JsonUtils;
import com.google.gwt.event.logical.shared.ValueChangeEvent;
import com.google.gwt.event.logical.shared.ValueChangeHandler;
import com.google.gwt.http.client.Request;
import com.google.gwt.http.client.RequestBuilder;
import com.google.gwt.http.client.RequestCallback;
import com.google.gwt.http.client.RequestException;
import com.google.gwt.http.client.Response;
import com.google.gwt.json.client.JSONArray;
import com.google.gwt.json.client.JSONObject;
import com.google.gwt.json.client.JSONString;
import com.google.gwt.user.client.Timer;
import com.google.gwt.user.client.ui.CheckBox;
import com.google.gwt.user.client.ui.Label;
import com.google.gwt.user.client.ui.ListBox;
import com.google.gwt.user.client.ui.VerticalPanel;

public class PermissionsPanel extends VerticalPanel {

  private Map<String, LogicalRoleInfo> logicalRoles = new HashMap<String, LogicalRoleInfo>();
  private Map<String, List<String>> masterRoleMap = new HashMap<String, List<String>>();
  private Map<String, List<String>> newRoleAssignments = new HashMap<String, List<String>>();
  private ListBox rolesListBox;
  private Set<String> immutableRoles = new HashSet<String>();

  public PermissionsPanel( ListBox rolesListBox ) {
    add( new Label( Messages.getString( "absCaption" ) ) );
    this.rolesListBox = rolesListBox;
  }

  public void initializeActionBaseSecurityElements( String roleMappings ) {
    JsLogicalRoleMap logicalRoleMap =
        (JsLogicalRoleMap) parseRoleMappings( JsonUtils.escapeJsonForEval( roleMappings ) );
    if ( logicalRoles.size() == 0 ) {
      for ( int i = 0; i < logicalRoleMap.getLogicalRoles().length(); i++ ) {

        CheckBox permCB = new CheckBox( logicalRoleMap.getLogicalRoles().get( i ).getLocalizedName() );
        permCB.addValueChangeHandler( new RolesValueChangeListener( logicalRoleMap.getLogicalRoles().get( i )
            .getRoleName() ) );
        add( permCB );
        logicalRoles.put( logicalRoleMap.getLogicalRoles().get( i ).getLocalizedName(), new LogicalRoleInfo(
            logicalRoleMap.getLogicalRoles().get( i ).getRoleName(), permCB ) );
      }
    }
    for ( int j = 0; j < logicalRoleMap.getRoleAssignments().length(); j++ ) {
      String roleName = logicalRoleMap.getRoleAssignments().get( j ).getRoleName();
      List<String> logicalRoles = new ArrayList<String>();
      JsArrayString jsLogicalRoles = logicalRoleMap.getRoleAssignments().get( j ).getAssignedLogicalRoles();
      if ( jsLogicalRoles != null ) {
        for ( int k = 0; k < jsLogicalRoles.length(); k++ ) {
          logicalRoles.add( jsLogicalRoles.get( k ) );
        }
      }
      masterRoleMap.put( roleName, logicalRoles );
      if ( logicalRoleMap.getRoleAssignments().get( j ).isImmutable() ) {
        immutableRoles.add( roleName );
      }
    }
  }

  public void setSelectedPermissions() {
    Timer t = new Timer() {
      public void run() {
        int selectedIndex = rolesListBox.getSelectedIndex();
        if ( selectedIndex >= 0 ) {
          String roleName = rolesListBox.getItemText( selectedIndex );
          List<String> logicalRoleAssignments = newRoleAssignments.get( roleName );
          if ( logicalRoleAssignments == null ) {
            logicalRoleAssignments = masterRoleMap.get( roleName );
          }
          for ( LogicalRoleInfo logicalRoleInfo : logicalRoles.values() ) {
            logicalRoleInfo.checkBox.setValue( ( logicalRoleAssignments != null )
                && logicalRoleAssignments.contains( logicalRoleInfo.roleName ) );
            logicalRoleInfo.checkBox.setEnabled( !immutableRoles.contains( roleName ) );
          }
        }
      }
    };
    t.scheduleRepeating( 100 );
  }

  class RolesValueChangeListener implements ValueChangeHandler<Boolean> {

    private String permissionTitle;

    public RolesValueChangeListener( String permissionTitle ) {
      this.permissionTitle = permissionTitle;
    }

    public void onValueChange( ValueChangeEvent<Boolean> event ) {
      if ( rolesListBox.getSelectedIndex() >= 0 ) {
        final boolean isCheckedAdminAction =
            permissionTitle.equals( AdministerSecurityAction.NAME ) && event.getValue();
        final boolean isUncheckedReadAction = permissionTitle.equals( RepositoryReadAction.NAME ) && !event.getValue();
        final boolean isUncheckedCreateAction =
            permissionTitle.equals( RepositoryCreateAction.NAME ) && !event.getValue();

        List<String> selectedLogicalRoles = new ArrayList<String>();
        for ( LogicalRoleInfo logicalRoleInfo : logicalRoles.values() ) {
          if ( logicalRoleInfo.checkBox.getValue() ) {
            // BACKLOG-326 If the user selects "Administer Security" then select [READ & CREATE] permission for this
            // role to perform correctly. If the user selects "Read Content" or "Create content" then deselect
            // "Administer Security" permission for this role
            if ( !( logicalRoleInfo.roleName.equals( AdministerSecurityAction.NAME ) && ( isUncheckedReadAction || isUncheckedCreateAction ) ) ) {
              selectedLogicalRoles.add( logicalRoleInfo.roleName );
              if ( isCheckedAdminAction ) {
                selectedLogicalRoles.add( RepositoryReadAction.NAME );
                selectedLogicalRoles.add( RepositoryCreateAction.NAME );
              }
            }
          }
        }
        String runtimeRole = rolesListBox.getItemText( rolesListBox.getSelectedIndex() );
        List<String> originalRoles = masterRoleMap.get( runtimeRole );
        if ( ( ( originalRoles == null ) || ( originalRoles.isEmpty() ) ) && ( selectedLogicalRoles.isEmpty() ) ) {
          newRoleAssignments.remove( runtimeRole );
        } else if ( ( originalRoles != null ) && ( originalRoles.containsAll( selectedLogicalRoles ) )
            && selectedLogicalRoles.containsAll( originalRoles ) ) {
          newRoleAssignments.remove( runtimeRole );
        } else {
          newRoleAssignments.put( runtimeRole, selectedLogicalRoles );
        }

        saveSecuritySettings();
      }
    }
  }

  private void saveSecuritySettings() {
    JSONObject jsNewRoleAssignments = new JSONObject();
    JSONArray jsLogicalRoleAssignments = new JSONArray();
    int x = 0;
    for ( Map.Entry<String, List<String>> roleAssignment : newRoleAssignments.entrySet() ) {
      JSONArray jsLogicalRoles = new JSONArray();
      int y = 0;
      for ( String logicalRoleName : roleAssignment.getValue() ) {
        jsLogicalRoles.set( y++, new JSONString( logicalRoleName ) );
      }
      JSONObject jsRoleAssignment = new JSONObject();
      jsRoleAssignment.put( "roleName", new JSONString( roleAssignment.getKey() ) );
      jsRoleAssignment.put( "logicalRoles", jsLogicalRoles );
      jsLogicalRoleAssignments.set( x++, jsRoleAssignment );
    }
    jsNewRoleAssignments.put( "assignments", jsLogicalRoleAssignments );
    RequestBuilder saveSettingRequestBuilder =
        new RequestBuilder( RequestBuilder.PUT, GWT.getHostPageBaseURL() + "api/userroledao/roleAssignments" );
    saveSettingRequestBuilder.setHeader( "Content-Type", "application/json" );
    saveSettingRequestBuilder.setHeader( "If-Modified-Since", "01 Jan 1970 00:00:00 GMT" );
    try {
      saveSettingRequestBuilder.sendRequest( jsNewRoleAssignments.toString(), new RequestCallback() {

        public void onError( Request request, Throwable exception ) {
        }

        public void onResponseReceived( Request request, Response response ) {
          if ( response.getStatusCode() == 200 ) {
            masterRoleMap.putAll( newRoleAssignments );
            newRoleAssignments.clear();
          }
        }
      } );
    } catch ( RequestException e ) {
      // ignored
    }
  }

  class LogicalRoleInfo {
    String roleName;
    CheckBox checkBox;

    LogicalRoleInfo( String roleName, CheckBox checkBox ) {
      this.roleName = roleName;
      this.checkBox = checkBox;
    }
  }

  private final native JavaScriptObject parseRoleMappings( String json )
  /*-{
    var arr = [];
    var obj = JSON.parse(json);
    if (obj != null) {
      if (obj.assignments.constructor.toString().indexOf("Array") == -1) {
        arr.push(obj.assignments);
        obj.assignments = arr;
      }
      for (var i = 0; i < obj.assignments.length; i++) {
        arr = [];
        if (obj.assignments[i].logicalRoles == undefined) continue;
        if (obj.assignments[i].logicalRoles.constructor.toString().indexOf("Array") == -1) {
          arr.push(obj.assignments[i].logicalRoles);
          obj.assignments[i].logicalRoles = arr;
        }
      }
      if (obj.localizedRoleNames.constructor.toString().indexOf("Array") == -1) {
        arr = [];
        arr.push(obj.localizedRoleNames);
        obj.localizedRoleNames = arr;
      }
    }
    
    return obj;
  }-*/;
}