1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.cms.security;
35
36 import static info.magnolia.cms.security.SecurityConstants.*;
37
38 import info.magnolia.context.MgnlContext;
39 import info.magnolia.jcr.iterator.FilteringPropertyIterator;
40 import info.magnolia.jcr.util.NodeTypes;
41 import info.magnolia.jcr.util.NodeUtil;
42 import info.magnolia.repository.RepositoryConstants;
43
44 import java.util.ArrayList;
45 import java.util.Collection;
46 import java.util.Collections;
47 import java.util.HashSet;
48 import java.util.Iterator;
49 import java.util.List;
50
51 import javax.jcr.ItemNotFoundException;
52 import javax.jcr.Node;
53 import javax.jcr.NodeIterator;
54 import javax.jcr.Property;
55 import javax.jcr.PropertyIterator;
56 import javax.jcr.RepositoryException;
57 import javax.jcr.Session;
58
59 import org.apache.commons.lang3.StringUtils;
60 import org.slf4j.Logger;
61 import org.slf4j.LoggerFactory;
62
63
64
65
66 public class MgnlGroupManager extends RepositoryBackedSecurityManager implements GroupManager {
67
68 private static final Logger log = LoggerFactory.getLogger(MgnlGroupManager.class);
69
70 @Override
71 public Group createGroup(final String name) throws AccessDeniedException {
72 return createGroup(null, name);
73 }
74
75
76
77
78
79
80
81 public Group createGroup(final String path, final String name) throws AccessDeniedException {
82 validateGroupName(name);
83 return MgnlContext.doInSystemContext(new SilentSessionOp<MgnlGroup>(getRepositoryName()) {
84
85 @Override
86 public MgnlGroup doExec(Session session) throws RepositoryException {
87 String parentPath = StringUtils.defaultString(path, "/");
88 Node groupNode = session.getNode(parentPath).addNode(name, NodeTypes.Group.NAME);
89 session.save();
90 return new MgnlGroup(groupNode.getIdentifier(), groupNode.getName(), Collections.EMPTY_LIST, Collections.EMPTY_LIST);
91 }
92
93 @Override
94 public String toString() {
95 return "create group " + name;
96 }
97 });
98 }
99
100 @Override
101 public Group getGroup(final String name) throws AccessDeniedException {
102 return MgnlContext.doInSystemContext(new SilentSessionOp<Group>(getRepositoryName()) {
103
104 @Override
105 public Group doExec(Session session) throws RepositoryException {
106 Node privilegedGroupNode = findPrincipalNode(name, session);
107 if (privilegedGroupNode == null) {
108 return null;
109 }
110 return newGroupInstance(privilegedGroupNode);
111 }
112
113 @Override
114 public String toString() {
115 return "get group " + name;
116 }
117 });
118 }
119
120 @Override
121 public Collection<Group> getAllGroups() {
122 return MgnlContext.doInSystemContext(new SilentSessionOp<Collection<Group>>(getRepositoryName()) {
123
124 @Override
125 public Collection<Group> doExec(Session session) throws RepositoryException {
126 List<Group> groups = new ArrayList<Group>();
127 Node rootNode = session.getNode("/");
128 findAllGroupsInFolder(rootNode, groups);
129 return groups;
130 }
131
132 @Override
133 public String toString() {
134 return "get all groups";
135 }
136
137 });
138 }
139
140 @Override
141 public Collection<String> getAllGroups(final String name) {
142 return MgnlContext.doInSystemContext(new SilentSessionOp<Collection<String>>(getRepositoryName()) {
143
144 List<String> groups;
145
146 @Override
147 public Collection<String> doExec(Session session) throws RepositoryException {
148 Group group = getGroup(name);
149 if (group == null) {
150 return null;
151 }
152 groups = new ArrayList<String>();
153 collectGroups(group);
154
155 return groups;
156 }
157
158 private void collectGroups(Group group) throws AccessDeniedException {
159 for (Iterator iter = group.getGroups().iterator(); iter.hasNext(); ) {
160 Group subGroup = getGroup((String) iter.next());
161 if (subGroup != null && !groups.contains(subGroup.getName())) {
162 groups.add(subGroup.getName());
163 collectGroups(subGroup);
164 }
165 }
166 }
167
168 @Override
169 public String toString() {
170 return "get all groups";
171 }
172 });
173 }
174
175 protected Group newGroupInstance(Node node) throws RepositoryException {
176
177 Collection<String> groups = new HashSet<String>();
178 if (node.hasNode(NODE_GROUPS)) {
179 for (PropertyIterator iter = new FilteringPropertyIterator(node.getNode(NODE_GROUPS).getProperties(), NodeUtil.ALL_PROPERTIES_EXCEPT_JCR_AND_MGNL_FILTER); iter.hasNext(); ) {
180 Property subgroup = iter.nextProperty();
181 String resources = getResourceName(subgroup.getString());
182 if (resources != null) {
183 groups.add(resources);
184 }
185 }
186 }
187 Collection<String> roles = new HashSet<String>();
188 if (node.hasNode(NODE_ROLES)) {
189 RoleManager roleMan = SecuritySupport.Factory.getInstance().getRoleManager();
190 for (PropertyIterator iter = new FilteringPropertyIterator(node.getNode(NODE_ROLES).getProperties(), NodeUtil.ALL_PROPERTIES_EXCEPT_JCR_AND_MGNL_FILTER); iter.hasNext(); ) {
191 Property role = iter.nextProperty();
192 try {
193 String roleName = roleMan.getRoleNameById(role.getString());
194 if (roleName != null) {
195 roles.add(roleName);
196 }
197 } catch (ItemNotFoundException e) {
198 log.warn("assigned role {} doesn't exist.", role.getString());
199 }
200 }
201 }
202 MgnlGroup group = new MgnlGroup(node.getIdentifier(), node.getName(), groups, roles);
203 return group;
204 }
205
206
207
208
209
210 @Override
211 protected Node findPrincipalNode(String principalName, Session session) throws RepositoryException {
212 return findPrincipalNode(principalName, session, NodeTypes.Group.NAME);
213 }
214
215 @Override
216 protected String getRepositoryName() {
217 return RepositoryConstants.USER_GROUPS;
218 }
219
220 @Override
221 public Group addRole(Group group, String roleName) throws AccessDeniedException {
222 try {
223 add(group.getName(), roleName, NODE_ROLES);
224 } catch (PrincipalNotFoundException e) {
225
226 return null;
227 }
228 return getGroup(group.getName());
229 }
230
231 @Override
232 public Group addGroup(Group group, String groupName) throws AccessDeniedException {
233 try {
234 add(group.getName(), groupName, NODE_GROUPS);
235 } catch (PrincipalNotFoundException e) {
236
237 return null;
238 }
239 return getGroup(groupName);
240 }
241
242
243
244
245
246 protected void findAllGroupsInFolder(Node node, Collection<Group> addTo) throws RepositoryException {
247 final NodeIterator nodesIter = findPrincipalNodes(node, NodeTypes.Group.NAME);
248 while (nodesIter.hasNext()) {
249 addTo.add(newGroupInstance(nodesIter.nextNode()));
250 }
251 }
252
253 protected void validateGroupName(String name) throws AccessDeniedException {
254 if (StringUtils.isBlank(name)) {
255 throw new IllegalArgumentException(name + " is not a valid group name.");
256 }
257
258 Group group = Security.getGroupManager().getGroup(name);
259
260 if (group != null) {
261 throw new IllegalArgumentException("Group with name " + name + " already exists.");
262 }
263 }
264
265 @Override
266 public Collection<String> getGroupsWithGroup(final String groupName) {
267 return MgnlContext.doInSystemContext(new SilentSessionOp<Collection<String>>(getRepositoryName()) {
268
269 @Override
270 public Collection<String> doExec(Session session) throws RepositoryException {
271 final Node groupNode = findPrincipalNode(groupName, session);
272 return findUsersOrGroupsHavingAssignedGroupOrRoleWithUid(session, groupNode, GROUPS_NODE_NAME);
273 }
274
275 @Override
276 public String toString() {
277 return "get group " + groupName;
278 }
279 });
280 }
281
282
283 @Override
284 public Collection<String> getGroupsWithRole(final String roleName) {
285 return MgnlContext.doInSystemContext(new SilentSessionOp<Collection<String>>(getRepositoryName()) {
286
287 @Override
288 public Collection<String> doExec(Session session) throws RepositoryException {
289 final Node principalNode = findPrincipalNode(roleName, MgnlContext.getJCRSession(RepositoryConstants.USER_ROLES), NodeTypes.Role.NAME);
290 return findUsersOrGroupsHavingAssignedGroupOrRoleWithUid(session, principalNode, ROLES_NODE_NAME);
291 }
292
293 @Override
294 public String toString() {
295 return "get group with role " + roleName;
296 }
297 });
298 }
299
300 @Override
301 public Group removeGroup(Group group, String groupName) throws AccessDeniedException {
302 try {
303 super.remove(group.getName(), groupName, NODE_GROUPS);
304 } catch (PrincipalNotFoundException e) {
305 throw new IllegalArgumentException("group doesn't exist in this GM" + e);
306 }
307 return getGroup(group.getName());
308 }
309
310 @Override
311 public Group removeRole(Group group, String roleName) throws AccessDeniedException {
312 try {
313 super.remove(group.getName(), roleName, NODE_ROLES);
314 } catch (PrincipalNotFoundException e) {
315 throw new IllegalArgumentException("role doesn't exist in this GM" + e);
316 }
317 return getGroup(group.getName());
318 }
319 }