Newer
Older
package it.inaf.ia2.gms.manager;
import it.inaf.ia2.gms.exception.UnauthorizedException;
import it.inaf.ia2.gms.model.Permission;
import it.inaf.ia2.gms.model.RapUser;
import it.inaf.ia2.gms.persistence.GroupsDAO;
import it.inaf.ia2.gms.persistence.LoggingDAO;
import it.inaf.ia2.gms.persistence.MembershipsDAO;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.MembershipEntity;
import it.inaf.ia2.gms.persistence.model.PermissionEntity;
import it.inaf.ia2.gms.rap.RapClient;
import it.inaf.ia2.gms.service.PermissionUtils;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
@Service
public class MembershipManager extends UserAwareComponent {
@Autowired
private MembershipsDAO membershipsDAO;
@Autowired
private GroupsDAO groupsDAO;
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
@Autowired
private PermissionsManager permissionsManager;
@Autowired
private RapClient rapClient;
@Autowired
private LoggingDAO loggingDAO;
public List<GroupEntity> getCurrentUserMemberships() {
return membershipsDAO.getUserMemberships(getCurrentUserId());
}
public boolean isCurrentUserMemberOf(String groupId) {
return membershipsDAO.isMemberOf(getCurrentUserId(), groupId);
}
public List<RapUser> getMembers(GroupEntity group) {
Permission groupPermission = permissionsManager.getCurrentUserPermission(group);
if (groupPermission == Permission.TRAVERSE) {
throw new UnauthorizedException("You don't have the permission to view members");
}
List<MembershipEntity> memberships = membershipsDAO.findByGroup(group.getId());
Set<String> userIdentifiers = memberships.stream()
.map(m -> m.getUserId())
.collect(Collectors.toSet());
return rapClient.getUsers(userIdentifiers);
}
public List<GroupEntity> getUserGroups(GroupEntity parent, String userId) {
List<PermissionEntity> permissions = permissionsManager.getCurrentUserPermissions(parent);
List<GroupEntity> allGroups = membershipsDAO.getUserMemberships(userId, parent.getPath());
// Select only groups visible to the current user
Set<String> visibleGroupIds = new HashSet<>();
for (GroupEntity group : allGroups) {
PermissionUtils.getGroupPermission(group, permissions)
.ifPresent(p -> visibleGroupIds.add(group.getId()));
}
return groupsDAO.findGroupsByIds(visibleGroupIds);
}
public MembershipEntity addMember(GroupEntity group, String userId) {
verifyUserCanManageMembers(group);
MembershipEntity membership = new MembershipEntity();
membership.setGroupId(group.getId());
membership.setUserId(userId);
membership = membershipsDAO.addMember(membership);
loggingDAO.logAction("Added member, group_id=" + group.getId() + ", user_id=" + userId);
return membership;
}
public void removeMember(GroupEntity group, String userId) {
verifyUserCanManageMembers(group);
membershipsDAO.removeMembership(group.getId(), userId);
loggingDAO.logAction("Member removed, group_id=" + group.getId() + ", user_id=" + userId);
}
private Permission verifyUserCanManageMembers(GroupEntity group) {
Permission permission = permissionsManager.getCurrentUserPermission(group);
if (permission != Permission.ADMIN && permission != Permission.MANAGE_MEMBERS) {
throw new UnauthorizedException("Missing admin or manage members permissions");
}
return permission;
}
}