1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.cms.security;
35
36 import static info.magnolia.cms.security.SecurityConstants.NODE_GROUPS;
37 import static info.magnolia.cms.security.SecurityConstants.NODE_ROLES;
38 import info.magnolia.cms.core.ItemType;
39 import info.magnolia.context.MgnlContext;
40 import info.magnolia.jcr.iterator.FilteringPropertyIterator;
41 import info.magnolia.jcr.predicate.JCRPropertyHidingPredicate;
42 import info.magnolia.repository.RepositoryConstants;
43
44 import java.util.ArrayList;
45 import java.util.Collection;
46 import java.util.Collections;
47 import java.util.HashSet;
48 import java.util.Iterator;
49 import java.util.List;
50
51 import javax.jcr.ItemNotFoundException;
52 import javax.jcr.Node;
53 import javax.jcr.NodeIterator;
54 import javax.jcr.Property;
55 import javax.jcr.PropertyIterator;
56 import javax.jcr.RepositoryException;
57 import javax.jcr.Session;
58 import javax.jcr.query.Query;
59
60 import org.slf4j.Logger;
61 import org.slf4j.LoggerFactory;
62
63
64
65
66
67 public class MgnlGroupManager extends RepositoryBackedSecurityManager implements GroupManager {
68 private static final Logger log = LoggerFactory.getLogger(MgnlGroupManager.class);
69
70 @Override
71 public Group createGroup(final String name) throws AccessDeniedException {
72 return MgnlContext.doInSystemContext(new SilentSessionOp<MgnlGroup>(getRepositoryName()) {
73
74 @Override
75 public MgnlGroup doExec(Session session) throws RepositoryException {
76 Node groupNode = session.getNode("/").addNode(name,ItemType.GROUP.getSystemName());
77 session.save();
78 return new MgnlGroup(groupNode.getIdentifier(), groupNode.getName(), Collections.EMPTY_LIST, Collections.EMPTY_LIST);
79 }
80
81 @Override
82 public String toString() {
83 return "create group " + name;
84 }
85 });
86 }
87
88 @Override
89 public Group getGroup(final String name) throws AccessDeniedException {
90 return MgnlContext.doInSystemContext(new SilentSessionOp<Group>(getRepositoryName()) {
91
92 @Override
93 public Group doExec(Session session) throws RepositoryException {
94 if (!session.itemExists("/" + name)){
95 return null;
96 }
97 Node groupNode = session.getNode("/" + name);
98 return newGroupInstance(groupNode);
99 }
100
101 @Override
102 public String toString() {
103 return "get group " + name;
104 }
105 });
106 }
107
108 @Override
109 public Collection<Group> getAllGroups() {
110 return MgnlContext.doInSystemContext(new SilentSessionOp<Collection<Group>>(getRepositoryName()) {
111
112 @Override
113 public Collection<Group> doExec(Session session) throws RepositoryException {
114 List<Group> groups = new ArrayList<Group>();
115 for (NodeIterator iter = session.getNode("/").getNodes(); iter.hasNext();) {
116 Node node = iter.nextNode();
117 if (!node.isNodeType(ItemType.GROUP.getSystemName())) {
118 continue;
119 }
120 groups.add(newGroupInstance(node));
121 }
122 return groups;
123 }
124
125 @Override
126 public String toString() {
127 return "get all groups";
128 }
129
130 });
131 }
132
133 @Override
134 public Collection<String> getAllGroups(final String name) {
135 return MgnlContext.doInSystemContext(new SilentSessionOp<Collection<String>>(getRepositoryName()) {
136
137 List<String> groups;
138
139 @Override
140 public Collection<String> doExec(Session session) throws RepositoryException {
141 Group group = getGroup(name);
142 if(group == null){
143 return null;
144 }
145 groups = new ArrayList<String>();
146 collectGroups(group);
147
148 return groups;
149 }
150
151 private void collectGroups(Group group) throws AccessDeniedException{
152 for (Iterator iter = group.getGroups().iterator(); iter.hasNext();){
153 Group subGroup = getGroup((String) iter.next());
154 if(subGroup != null && !groups.contains(subGroup.getName())){
155 groups.add(subGroup.getName());
156 collectGroups(subGroup);
157 }
158 }
159 }
160
161 @Override
162 public String toString() {
163 return "get all groups";
164 }
165 });
166 }
167
168 protected Group newGroupInstance(Node node) throws RepositoryException {
169
170 Collection<String> groups = new HashSet<String>();
171 if (node.hasNode(NODE_GROUPS)) {
172 for (PropertyIterator iter = new FilteringPropertyIterator(node.getNode(NODE_GROUPS).getProperties(), new JCRPropertyHidingPredicate()); iter.hasNext();) {
173 Property subgroup = iter.nextProperty();
174 String resources = getResourceName(subgroup.getString());
175 if(resources != null){
176 groups.add(resources);
177 }
178 }
179 }
180 Collection<String> roles = new HashSet<String>();
181 if (node.hasNode(NODE_ROLES)) {
182 RoleManager roleMan = SecuritySupport.Factory.getInstance().getRoleManager();
183 for (PropertyIterator iter = new FilteringPropertyIterator(node.getNode(NODE_ROLES).getProperties(), new JCRPropertyHidingPredicate()); iter.hasNext();) {
184 Property role = iter.nextProperty();
185 try {
186 String roleName = roleMan.getRoleNameById(role.getString());
187 if (roleName != null) {
188 roles.add(roleName);
189 }
190 } catch (ItemNotFoundException e) {
191 log.warn("assigned role " + role.getString() + " doesn't exist.");
192 }
193 }
194 }
195 MgnlGroup group = new MgnlGroup(node.getIdentifier(), node.getName(), groups, roles);
196 return group;
197 }
198
199 @Override
200 protected Node findPrincipalNode(String principalName, Session session) throws RepositoryException {
201 final String where = "where name() = '" + principalName + "'";
202
203 final String statement = "select * from [" + ItemType.GROUP + "] " + where;
204
205 Query query = session.getWorkspace().getQueryManager().createQuery(statement, Query.JCR_SQL2);
206 NodeIterator iter = query.execute().getNodes();
207 Node group = null;
208 while (iter.hasNext()) {
209 Node node = iter.nextNode();
210
211 if (node.isNodeType(ItemType.GROUP.getSystemName())) {
212 group = node;
213 break;
214 }
215 }
216 if (iter.hasNext()) {
217 log.error("More than one group found with name \"{}\"", principalName);
218 }
219 return group;
220 }
221
222 @Override
223 protected String getRepositoryName() {
224 return RepositoryConstants.USER_GROUPS;
225 }
226
227 @Override
228 public Group addRole(Group group, String roleName) throws AccessDeniedException {
229 try {
230 add(group.getName(), roleName, NODE_ROLES);
231 } catch (PrincipalNotFoundException e) {
232
233 return null;
234 }
235 return getGroup(group.getName());
236 }
237
238 @Override
239 public Group addGroup(Group group, String groupName) throws AccessDeniedException {
240 try {
241 add(group.getName(), groupName, NODE_GROUPS);
242 } catch (PrincipalNotFoundException e) {
243
244 return null;
245 }
246 return getGroup(groupName);
247 }
248 }