Skip to content
Find file Normal view History Permalink
GroupsManager.java 2.79 KiB
Newer Older
Sonia Zorba's avatar
Refactoring of the business layer; Removed Basic-Auth web service
Sonia Zorba committed
1 2 3 4 5 6 7 8 9 10 11 
package it.inaf.ia2.gms.manager;

import it.inaf.ia2.gms.exception.BadRequestException;
import it.inaf.ia2.gms.exception.UnauthorizedException;
import it.inaf.ia2.gms.model.Permission;
import it.inaf.ia2.gms.persistence.LoggingDAO;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.service.GroupsService;
import org.springframework.stereotype.Service;

@Service
Sonia Zorba's avatar
Added creation time and creator user to groups, memberships and permissions entities  
Sonia Zorba committed
12 
public class GroupsManager extends UserAwareComponent {
Sonia Zorba's avatar
Refactoring of the business layer; Removed Basic-Auth web service
Sonia Zorba committed
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 

    private final GroupsService groupsService;
    private final PermissionsManager permissionsManager;
    private final LoggingDAO loggingDAO;

    public GroupsManager(GroupsService groupsService, PermissionsManager permissionsManager, LoggingDAO loggingDAO) {
        this.groupsService = groupsService;
        this.permissionsManager = permissionsManager;
        this.loggingDAO = loggingDAO;
    }

    public GroupEntity getRoot() {
        return getGroupById(GroupsService.ROOT);
    }

    public GroupEntity getGroupById(String groupId) {
        GroupEntity group = groupsService.getGroupById(groupId);
        verifyUserCanReadGroup(group);
        return group;
    }
Sonia Zorba's avatar
Bugfix group creation  
Sonia Zorba committed
34 35 36 37 
    public GroupEntity getGroupByPath(String path) {
        GroupEntity group = groupsService.getGroupByPath(path);
        verifyUserCanReadGroup(group);
        return group;
Sonia Zorba's avatar
Refactoring of the business layer; Removed Basic-Auth web service
Sonia Zorba committed
38 39 40 41 42 43 44 45 46 47 
    }

    public GroupEntity createGroup(GroupEntity parent, String childGroupName, boolean leaf) {

        if (parent.isLeaf()) {
            throw new BadRequestException("Unable to create a sub group inside a leaf group");
        }

        verifyUserCanManageGroup(parent);
Sonia Zorba's avatar
Added creation time and creator user to groups, memberships and permissions entities  
Sonia Zorba committed
48 
        return groupsService.addGroup(parent, childGroupName, leaf, getCurrentUserId());
Sonia Zorba's avatar
Refactoring of the business layer; Removed Basic-Auth web service
Sonia Zorba committed
49 50 51 52 53 54 55 
    }

    public GroupEntity updateGroup(String groupId, String newGroupName, boolean leaf) {

        GroupEntity group = groupsService.getGroupById(groupId);
        verifyUserCanManageGroup(group);
Sonia Zorba's avatar
Bugfix group creation  
Sonia Zorba committed
56 
        return groupsService.updateGroup(group, newGroupName, leaf);
Sonia Zorba's avatar
Refactoring of the business layer; Removed Basic-Auth web service
Sonia Zorba committed
57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 
    }

    public GroupEntity deleteGroup(String groupId) {
        GroupEntity group = groupsService.getGroupById(groupId);
        verifyUserCanManageGroup(group);
        return groupsService.deleteGroup(group);
    }

    public void verifyUserCanReadGroup(GroupEntity group) {
        if (permissionsManager.getCurrentUserPermission(group) == null) {
            loggingDAO.logAction("Unauthorized group management request, group_id=" + group.getId());
            throw new UnauthorizedException("Missing permission to see this group");
        }
    }

    private void verifyUserCanManageGroup(GroupEntity group) {
        if (permissionsManager.getCurrentUserPermission(group) != Permission.ADMIN) {
            loggingDAO.logAction("Unauthorized group management request, group_id=" + group.getId());
            throw new UnauthorizedException("Missing admin permission");
        }
    }
}