Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
package it.inaf.ia2.gms.manager;
import it.inaf.ia2.gms.exception.BadRequestException;
import it.inaf.ia2.gms.exception.UnauthorizedException;
import it.inaf.ia2.gms.model.Permission;
import it.inaf.ia2.gms.persistence.LoggingDAO;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.service.GroupsService;
import org.springframework.stereotype.Service;
@Service
public class GroupsManager {
private final GroupsService groupsService;
private final PermissionsManager permissionsManager;
private final LoggingDAO loggingDAO;
public GroupsManager(GroupsService groupsService, PermissionsManager permissionsManager, LoggingDAO loggingDAO) {
this.groupsService = groupsService;
this.permissionsManager = permissionsManager;
this.loggingDAO = loggingDAO;
}
public GroupEntity getRoot() {
return getGroupById(GroupsService.ROOT);
}
public GroupEntity getGroupById(String groupId) {
GroupEntity group = groupsService.getGroupById(groupId);
verifyUserCanReadGroup(group);
return group;
}
public GroupEntity createGroup(String parentGroupId, String childGroupName, boolean leaf) {
GroupEntity parent = groupsService.getGroupById(parentGroupId);
return createGroup(parent, childGroupName, leaf);
}
public GroupEntity createGroup(GroupEntity parent, String childGroupName, boolean leaf) {
if (parent.isLeaf()) {
throw new BadRequestException("Unable to create a sub group inside a leaf group");
}
verifyUserCanManageGroup(parent);
groupsService.addGroup(parent, childGroupName, leaf);
return parent;
}
public GroupEntity updateGroup(String groupId, String newGroupName, boolean leaf) {
GroupEntity group = groupsService.getGroupById(groupId);
verifyUserCanManageGroup(group);
GroupEntity updatedGroup = groupsService.updateGroup(group, newGroupName, leaf);
return groupsService.getGroupByPath(updatedGroup.getParentPath());
}
public GroupEntity deleteGroup(String groupId) {
GroupEntity group = groupsService.getGroupById(groupId);
verifyUserCanManageGroup(group);
return groupsService.deleteGroup(group);
}
public void verifyUserCanReadGroup(GroupEntity group) {
if (permissionsManager.getCurrentUserPermission(group) == null) {
loggingDAO.logAction("Unauthorized group management request, group_id=" + group.getId());
throw new UnauthorizedException("Missing permission to see this group");
}
}
private void verifyUserCanManageGroup(GroupEntity group) {
if (permissionsManager.getCurrentUserPermission(group) != Permission.ADMIN) {
loggingDAO.logAction("Unauthorized group management request, group_id=" + group.getId());
throw new UnauthorizedException("Missing admin permission");
}
}
}