MembershipManager.java

package it.inaf.ia2.gms.manager;

import it.inaf.ia2.gms.exception.UnauthorizedException;
import it.inaf.ia2.gms.model.Permission;
import it.inaf.ia2.gms.persistence.GroupsDAO;
import it.inaf.ia2.gms.persistence.LoggingDAO;
import it.inaf.ia2.gms.persistence.MembershipsDAO;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.MembershipEntity;
import it.inaf.ia2.gms.persistence.model.PermissionEntity;
import it.inaf.ia2.gms.service.PermissionUtils;
import it.inaf.ia2.gms.authn.RapClient;
import it.inaf.ia2.rap.data.RapUser;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
public class MembershipManager extends UserAwareComponent {

    @Autowired
    private MembershipsDAO membershipsDAO;

    @Autowired
    private GroupsDAO groupsDAO;

    @Autowired
    private PermissionsManager permissionsManager;

    @Autowired
    private RapClient rapClient;

    @Autowired
    private LoggingDAO loggingDAO;

    public List<GroupEntity> getCurrentUserMemberships() {
        return membershipsDAO.getUserMemberships(getCurrentUserId());
    }

    public boolean isCurrentUserMemberOf(String groupId) {
        return membershipsDAO.isMemberOf(getCurrentUserId(), groupId);
    }

    public List<RapUser> getMembers(GroupEntity group) {

        Permission groupPermission = permissionsManager.getCurrentUserPermission(group);

        if (!Permission.includes(groupPermission, Permission.VIEW_MEMBERS)) {
            throw new UnauthorizedException("You don't have the permission to view members");
        }

        List<MembershipEntity> memberships = membershipsDAO.findByGroup(group.getId());

        Set<String> userIdentifiers = memberships.stream()
                .map(m -> m.getUserId())
                .collect(Collectors.toSet());

        return rapClient.getUsers(userIdentifiers);
    }

    public List<GroupEntity> getUserGroups(GroupEntity parent, String userId) {

        List<PermissionEntity> permissions = permissionsManager.getCurrentUserPermissions(parent);

        List<GroupEntity> allGroups = membershipsDAO.getUserMemberships(userId, parent.getPath());

        // Select only groups visible to the current user
        Set<String> visibleGroupIds = new HashSet<>();
        for (GroupEntity group : allGroups) {
            PermissionUtils.getGroupPermission(group, permissions)
                    .ifPresent(p -> visibleGroupIds.add(group.getId()));
        }
        return groupsDAO.findGroupsByIds(visibleGroupIds);
    }

    public MembershipEntity addMember(GroupEntity group, String userId) {

        verifyUserCanManageMembers(group);

        MembershipEntity membership = new MembershipEntity();
        membership.setGroupId(group.getId());
        membership.setUserId(userId);

        membership = membershipsDAO.addMember(membership);
        loggingDAO.logAction("Added member, group_id=" + group.getId() + ", user_id=" + userId);

        return membership;
    }

    public void removeMember(GroupEntity group, String userId) {
        verifyUserCanManageMembers(group);
        membershipsDAO.removeMembership(group.getId(), userId);
        loggingDAO.logAction("Member removed, group_id=" + group.getId() + ", user_id=" + userId);
    }

    private Permission verifyUserCanManageMembers(GroupEntity group) {
        Permission permission = permissionsManager.getCurrentUserPermission(group);
        if (!Permission.includes(permission, Permission.MANAGE_MEMBERS)) {
            throw new UnauthorizedException("Missing manage members permissions");
        }
        return permission;
    }
}