Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
package it.inaf.ia2.gms.manager;
import it.inaf.ia2.gms.exception.UnauthorizedException;
import it.inaf.ia2.gms.model.Permission;
import it.inaf.ia2.gms.model.RapUser;
import it.inaf.ia2.gms.model.UserPermission;
import it.inaf.ia2.gms.persistence.LoggingDAO;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.PermissionEntity;
import it.inaf.ia2.gms.rap.RapClient;
import it.inaf.ia2.gms.service.PermissionUtils;
import it.inaf.ia2.gms.service.PermissionsService;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
@Service
public class PermissionsManager extends UserAwareComponent {
private final PermissionsService permissionsService;
private final RapClient rapClient;
private final LoggingDAO loggingDAO;
@Autowired
public PermissionsManager(PermissionsService permissionsService, RapClient rapClient, LoggingDAO loggingDAO) {
this.permissionsService = permissionsService;
this.rapClient = rapClient;
this.loggingDAO = loggingDAO;
}
public List<UserPermission> getAllPermissions(GroupEntity group) {
verifyUserCanManagePermissions(group);
List<PermissionEntity> permissions = permissionsService.getGroupPermissions(group);
Set<String> userIdentifiers = permissions.stream()
.map(p -> p.getUserId())
.collect(Collectors.toSet());
Map<String, RapUser> users = rapClient.getUsers(userIdentifiers).stream()
.collect(Collectors.toMap(RapUser::getId, Function.identity()));
List<UserPermission> result = new ArrayList<>();
for (PermissionEntity p : permissions) {
RapUser rapUser = users.get(p.getUserId());
if (rapUser != null) {
UserPermission permission = new UserPermission();
permission.setPermission(p.getPermission());
permission.setUser(rapUser);
result.add(permission);
}
}
return result;
}
public Permission getUserPermission(GroupEntity group, String userId) {
verifyUserCanManagePermissions(group);
List<PermissionEntity> permissions = permissionsService.findUserPermissions(group, getCurrentUserId());
return PermissionUtils.getGroupPermission(group, permissions).orElse(null);
}
public PermissionEntity addPermission(GroupEntity group, String userId, Permission permission) {
verifyUserCanManagePermissions(group);
return permissionsService.addPermission(group, userId, permission);
}
public void removePermission(GroupEntity group, String userId) {
verifyUserCanManagePermissions(group);
permissionsService.removePermission(group, userId);
}
private void verifyUserCanManagePermissions(GroupEntity group) {
Permission permission = getCurrentUserPermission(group);
if (permission != Permission.ADMIN) {
loggingDAO.logAction("Unauthorized attempt to manage permissions");
throw new UnauthorizedException("Only admin users can handle permissions");
}
}
public List<PermissionEntity> getCurrentUserPermissions(GroupEntity group) {
return permissionsService.findUserPermissions(group, getCurrentUserId());
}
public Permission getCurrentUserPermission(GroupEntity group) {
List<PermissionEntity> permissions = permissionsService.findUserPermissions(group, getCurrentUserId());
return PermissionUtils.getGroupPermission(group, permissions).orElse(null);
}
}