001package org.apache.fulcrum.security.hibernate.turbine; 002 003/* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021import org.apache.fulcrum.security.entity.Group; 022import org.apache.fulcrum.security.entity.Permission; 023import org.apache.fulcrum.security.entity.Role; 024import org.apache.fulcrum.security.entity.User; 025import org.apache.fulcrum.security.hibernate.PersistenceHelper; 026import org.apache.fulcrum.security.model.turbine.AbstractTurbineModelManager; 027import org.apache.fulcrum.security.model.turbine.TurbineModelManager; 028import org.apache.fulcrum.security.model.turbine.entity.TurbineGroup; 029import org.apache.fulcrum.security.model.turbine.entity.TurbinePermission; 030import org.apache.fulcrum.security.model.turbine.entity.TurbineRole; 031import org.apache.fulcrum.security.model.turbine.entity.TurbineUser; 032import org.apache.fulcrum.security.model.turbine.entity.TurbineUserGroupRole; 033import org.apache.fulcrum.security.util.DataBackendException; 034import org.apache.fulcrum.security.util.UnknownEntityException; 035 036/** 037 * This implementation persists to a database via Hibernate. 038 * 039 * @author <a href="mailto:epugh@upstate.com">Eric Pugh</a> 040 * @version $Id: HibernateModelManagerImpl.java 1374014 2012-08-16 19:47:27Z tv 041 * $ 042 */ 043public class HibernateModelManagerImpl extends AbstractTurbineModelManager implements TurbineModelManager 044{ 045 private PersistenceHelper persistenceHelper; 046 047 /** 048 * Grants a Role a Permission 049 * 050 * @param role 051 * the Role. 052 * @param permission 053 * the Permission. 054 * @throws DataBackendException 055 * if there was an error accessing the data backend. 056 * @throws UnknownEntityException 057 * if role or permission is not present. 058 */ 059 public synchronized void grant(Role role, Permission permission) throws DataBackendException, UnknownEntityException 060 { 061 boolean roleExists = false; 062 boolean permissionExists = false; 063 try 064 { 065 roleExists = getRoleManager().checkExists(role); 066 permissionExists = getPermissionManager().checkExists(permission); 067 068 if (roleExists && permissionExists) 069 { 070 ((TurbineRole) role).addPermission(permission); 071 ((TurbinePermission) permission).addRole(role); 072 getPersistenceHelper().updateEntity(permission); 073 getPersistenceHelper().updateEntity(role); 074 return; 075 } 076 } 077 catch (Exception e) 078 { 079 throw new DataBackendException("grant(Role,Permission) failed", e); 080 } 081 if (!roleExists) 082 { 083 throw new UnknownEntityException("Unknown role '" + role.getName() + "'"); 084 } 085 if (!permissionExists) 086 { 087 throw new UnknownEntityException("Unknown permission '" + permission.getName() + "'"); 088 } 089 } 090 091 /** 092 * Revokes a Permission from a Role. 093 * 094 * @param role 095 * the Role. 096 * @param permission 097 * the Permission. 098 * @throws DataBackendException 099 * if there was an error accessing the data backend. 100 * @throws UnknownEntityException 101 * if role or permission is not present. 102 */ 103 public synchronized void revoke(Role role, Permission permission) throws DataBackendException, UnknownEntityException 104 { 105 boolean roleExists = false; 106 boolean permissionExists = false; 107 try 108 { 109 roleExists = getRoleManager().checkExists(role); 110 permissionExists = getPermissionManager().checkExists(permission); 111 if (roleExists && permissionExists) 112 { 113 ((TurbineRole) role).removePermission(permission); 114 ((TurbinePermission) permission).removeRole(role); 115 getPersistenceHelper().updateEntity(role); 116 getPersistenceHelper().updateEntity(permission); 117 } 118 } 119 catch (DataBackendException e) 120 { 121 throw new DataBackendException("revoke(Role,Permission) failed", e); 122 } 123 if (!roleExists) 124 { 125 throw new UnknownEntityException("Unknown role '" + role.getName() + "'"); 126 } 127 if (!permissionExists) 128 { 129 throw new UnknownEntityException("Unknown permission '" + permission.getName() + "'"); 130 } 131 } 132 133 /** 134 * @return Returns the persistenceHelper. 135 */ 136 public PersistenceHelper getPersistenceHelper() 137 { 138 if (persistenceHelper == null) 139 { 140 persistenceHelper = (PersistenceHelper) resolve(PersistenceHelper.ROLE); 141 } 142 return persistenceHelper; 143 } 144 145 /** 146 * Grant an User a Role in a Group. 147 * 148 * @param user 149 * the user. 150 * @param group 151 * the group. 152 * @param role 153 * the role. 154 * @throws DataBackendException 155 * if there was an error accessing the data backend. 156 * @throws UnknownEntityException 157 * if user account, group or role is not present. 158 */ 159 public void grant(User user, Group group, Role role) throws DataBackendException, UnknownEntityException 160 { 161 boolean roleExists = false; 162 boolean userExists = false; 163 boolean groupExists = false; 164 try 165 { 166 roleExists = getRoleManager().checkExists(role); 167 userExists = getUserManager().checkExists(user); 168 groupExists = getGroupManager().checkExists(group); 169 if (roleExists && groupExists && userExists) 170 { 171 TurbineUserGroupRole ugr = new TurbineUserGroupRole(); 172 ugr.setGroup(group); 173 ugr.setRole(role); 174 ugr.setUser(user); 175 ((TurbineUser) user).addUserGroupRole(ugr); 176 ((TurbineGroup) group).addUserGroupRole(ugr); 177 ((TurbineRole) role).addUserGroupRole(ugr); 178 getPersistenceHelper().updateEntity(user); 179 getPersistenceHelper().updateEntity(group); 180 getPersistenceHelper().updateEntity(role); 181 } 182 } 183 catch (DataBackendException e) 184 { 185 throw new DataBackendException("grant(User,Group,Role) failed", e); 186 } 187 if (!roleExists) 188 { 189 throw new UnknownEntityException("Unknown role '" + role.getName() + "'"); 190 } 191 if (!groupExists) 192 { 193 throw new UnknownEntityException("Unknown group '" + group.getName() + "'"); 194 } 195 if (!userExists) 196 { 197 throw new UnknownEntityException("Unknown user '" + user.getName() + "'"); 198 } 199 } 200 201 /** 202 * Revoke a Role in a Group from an User. 203 * 204 * @param user 205 * the user. 206 * @param group 207 * the group. 208 * @param role 209 * the role. 210 * @throws DataBackendException 211 * if there was an error accessing the data backend. 212 * @throws UnknownEntityException 213 * if user account, group or role is not present. 214 */ 215 public void revoke(User user, Group group, Role role) throws DataBackendException, UnknownEntityException 216 { 217 boolean roleExists = false; 218 boolean userExists = false; 219 boolean groupExists = false; 220 try 221 { 222 roleExists = getRoleManager().checkExists(role); 223 userExists = getUserManager().checkExists(user); 224 groupExists = getGroupManager().checkExists(group); 225 if (roleExists && groupExists && userExists) 226 { 227 boolean ugrFound = false; 228 for (TurbineUserGroupRole ugr : ((TurbineUser) user).getUserGroupRoleSet()) 229 { 230 if (ugr.getUser().equals(user) && ugr.getGroup().equals(group) && ugr.getRole().equals(role)) 231 { 232 ugrFound = true; 233 234 ((TurbineUser) user).removeUserGroupRole(ugr); 235 ((TurbineGroup) group).removeUserGroupRole(ugr); 236 ((TurbineRole) role).removeUserGroupRole(ugr); 237 238 getPersistenceHelper().updateEntity(user); 239 getPersistenceHelper().updateEntity(group); 240 getPersistenceHelper().updateEntity(role); 241 242 break; 243 } 244 } 245 if (!ugrFound) 246 { 247 throw new UnknownEntityException("Could not find User/Group/Role"); 248 } 249 250 return; 251 } 252 } 253 catch (DataBackendException e) 254 { 255 throw new DataBackendException("revoke(User,Group,Role) failed", e); 256 } 257 if (!roleExists) 258 { 259 throw new UnknownEntityException("Unknown role '" + role.getName() + "'"); 260 } 261 if (!groupExists) 262 { 263 throw new UnknownEntityException("Unknown group '" + group.getName() + "'"); 264 } 265 if (!userExists) 266 { 267 throw new UnknownEntityException("Unknown user '" + user.getName() + "'"); 268 } 269 } 270 271 @Override 272 public void replace( User user, Role oldRole, Role newRole ) 273 throws DataBackendException, UnknownEntityException 274 { 275 Group group = getGlobalGroup(); 276 revoke( user, group, oldRole ); 277 grant( user, group, newRole ); 278 } 279}