HibernateModelManagerImpl.java
package org.apache.fulcrum.security.hibernate.turbine;
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
import org.apache.fulcrum.security.entity.Group;
import org.apache.fulcrum.security.entity.Permission;
import org.apache.fulcrum.security.entity.Role;
import org.apache.fulcrum.security.entity.User;
import org.apache.fulcrum.security.hibernate.PersistenceHelper;
import org.apache.fulcrum.security.model.turbine.AbstractTurbineModelManager;
import org.apache.fulcrum.security.model.turbine.TurbineModelManager;
import org.apache.fulcrum.security.model.turbine.entity.TurbineGroup;
import org.apache.fulcrum.security.model.turbine.entity.TurbinePermission;
import org.apache.fulcrum.security.model.turbine.entity.TurbineRole;
import org.apache.fulcrum.security.model.turbine.entity.TurbineUser;
import org.apache.fulcrum.security.model.turbine.entity.TurbineUserGroupRole;
import org.apache.fulcrum.security.util.DataBackendException;
import org.apache.fulcrum.security.util.UnknownEntityException;
/**
* This implementation persists to a database via Hibernate.
*
* @author <a href="mailto:epugh@upstate.com">Eric Pugh</a>
* @version $Id: HibernateModelManagerImpl.java 1374014 2012-08-16 19:47:27Z tv
* $
*/
public class HibernateModelManagerImpl extends AbstractTurbineModelManager implements TurbineModelManager
{
private PersistenceHelper persistenceHelper;
/**
* Grants a Role a Permission
*
* @param role
* the Role.
* @param permission
* the Permission.
* @throws DataBackendException
* if there was an error accessing the data backend.
* @throws UnknownEntityException
* if role or permission is not present.
*/
public synchronized void grant(Role role, Permission permission) throws DataBackendException, UnknownEntityException
{
boolean roleExists = false;
boolean permissionExists = false;
try
{
roleExists = getRoleManager().checkExists(role);
permissionExists = getPermissionManager().checkExists(permission);
if (roleExists && permissionExists)
{
((TurbineRole) role).addPermission(permission);
((TurbinePermission) permission).addRole(role);
getPersistenceHelper().updateEntity(permission);
getPersistenceHelper().updateEntity(role);
return;
}
}
catch (Exception e)
{
throw new DataBackendException("grant(Role,Permission) failed", e);
}
if (!roleExists)
{
throw new UnknownEntityException("Unknown role '" + role.getName() + "'");
}
if (!permissionExists)
{
throw new UnknownEntityException("Unknown permission '" + permission.getName() + "'");
}
}
/**
* Revokes a Permission from a Role.
*
* @param role
* the Role.
* @param permission
* the Permission.
* @throws DataBackendException
* if there was an error accessing the data backend.
* @throws UnknownEntityException
* if role or permission is not present.
*/
public synchronized void revoke(Role role, Permission permission) throws DataBackendException, UnknownEntityException
{
boolean roleExists = false;
boolean permissionExists = false;
try
{
roleExists = getRoleManager().checkExists(role);
permissionExists = getPermissionManager().checkExists(permission);
if (roleExists && permissionExists)
{
((TurbineRole) role).removePermission(permission);
((TurbinePermission) permission).removeRole(role);
getPersistenceHelper().updateEntity(role);
getPersistenceHelper().updateEntity(permission);
}
}
catch (DataBackendException e)
{
throw new DataBackendException("revoke(Role,Permission) failed", e);
}
if (!roleExists)
{
throw new UnknownEntityException("Unknown role '" + role.getName() + "'");
}
if (!permissionExists)
{
throw new UnknownEntityException("Unknown permission '" + permission.getName() + "'");
}
}
/**
* @return Returns the persistenceHelper.
*/
public PersistenceHelper getPersistenceHelper()
{
if (persistenceHelper == null)
{
persistenceHelper = (PersistenceHelper) resolve(PersistenceHelper.ROLE);
}
return persistenceHelper;
}
/**
* Grant an User a Role in a Group.
*
* @param user
* the user.
* @param group
* the group.
* @param role
* the role.
* @throws DataBackendException
* if there was an error accessing the data backend.
* @throws UnknownEntityException
* if user account, group or role is not present.
*/
public void grant(User user, Group group, Role role) throws DataBackendException, UnknownEntityException
{
boolean roleExists = false;
boolean userExists = false;
boolean groupExists = false;
try
{
roleExists = getRoleManager().checkExists(role);
userExists = getUserManager().checkExists(user);
groupExists = getGroupManager().checkExists(group);
if (roleExists && groupExists && userExists)
{
TurbineUserGroupRole ugr = new TurbineUserGroupRole();
ugr.setGroup(group);
ugr.setRole(role);
ugr.setUser(user);
((TurbineUser) user).addUserGroupRole(ugr);
((TurbineGroup) group).addUserGroupRole(ugr);
((TurbineRole) role).addUserGroupRole(ugr);
getPersistenceHelper().updateEntity(user);
getPersistenceHelper().updateEntity(group);
getPersistenceHelper().updateEntity(role);
}
}
catch (DataBackendException e)
{
throw new DataBackendException("grant(User,Group,Role) failed", e);
}
if (!roleExists)
{
throw new UnknownEntityException("Unknown role '" + role.getName() + "'");
}
if (!groupExists)
{
throw new UnknownEntityException("Unknown group '" + group.getName() + "'");
}
if (!userExists)
{
throw new UnknownEntityException("Unknown user '" + user.getName() + "'");
}
}
/**
* Revoke a Role in a Group from an User.
*
* @param user
* the user.
* @param group
* the group.
* @param role
* the role.
* @throws DataBackendException
* if there was an error accessing the data backend.
* @throws UnknownEntityException
* if user account, group or role is not present.
*/
public void revoke(User user, Group group, Role role) throws DataBackendException, UnknownEntityException
{
boolean roleExists = false;
boolean userExists = false;
boolean groupExists = false;
try
{
roleExists = getRoleManager().checkExists(role);
userExists = getUserManager().checkExists(user);
groupExists = getGroupManager().checkExists(group);
if (roleExists && groupExists && userExists)
{
boolean ugrFound = false;
for (TurbineUserGroupRole ugr : ((TurbineUser) user).getUserGroupRoleSet())
{
if (ugr.getUser().equals(user) && ugr.getGroup().equals(group) && ugr.getRole().equals(role))
{
ugrFound = true;
((TurbineUser) user).removeUserGroupRole(ugr);
((TurbineGroup) group).removeUserGroupRole(ugr);
((TurbineRole) role).removeUserGroupRole(ugr);
getPersistenceHelper().updateEntity(user);
getPersistenceHelper().updateEntity(group);
getPersistenceHelper().updateEntity(role);
break;
}
}
if (!ugrFound)
{
throw new UnknownEntityException("Could not find User/Group/Role");
}
return;
}
}
catch (DataBackendException e)
{
throw new DataBackendException("revoke(User,Group,Role) failed", e);
}
if (!roleExists)
{
throw new UnknownEntityException("Unknown role '" + role.getName() + "'");
}
if (!groupExists)
{
throw new UnknownEntityException("Unknown group '" + group.getName() + "'");
}
if (!userExists)
{
throw new UnknownEntityException("Unknown user '" + user.getName() + "'");
}
}
@Override
public void replace( User user, Role oldRole, Role newRole )
throws DataBackendException, UnknownEntityException
{
Group group = getGlobalGroup();
revoke( user, group, oldRole );
grant( user, group, newRole );
}
}