1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.syncope.core.provisioning.java.data;
20
21 import java.util.stream.Collectors;
22 import org.apache.syncope.common.lib.SyncopeClientException;
23 import org.apache.syncope.common.lib.to.RoleTO;
24 import org.apache.syncope.common.lib.types.ClientExceptionType;
25 import org.apache.syncope.core.persistence.api.dao.ApplicationDAO;
26 import org.apache.syncope.core.persistence.api.dao.DynRealmDAO;
27 import org.apache.syncope.core.persistence.api.dao.RealmDAO;
28 import org.apache.syncope.core.persistence.api.dao.RoleDAO;
29 import org.apache.syncope.core.persistence.api.dao.search.SearchCond;
30 import org.apache.syncope.core.persistence.api.entity.DynRealm;
31 import org.apache.syncope.core.persistence.api.entity.EntityFactory;
32 import org.apache.syncope.core.persistence.api.entity.Privilege;
33 import org.apache.syncope.core.persistence.api.entity.Realm;
34 import org.apache.syncope.core.persistence.api.entity.Role;
35 import org.apache.syncope.core.persistence.api.entity.user.DynRoleMembership;
36 import org.apache.syncope.core.persistence.api.search.SearchCondConverter;
37 import org.apache.syncope.core.persistence.api.search.SearchCondVisitor;
38 import org.apache.syncope.core.provisioning.api.data.RoleDataBinder;
39 import org.slf4j.Logger;
40 import org.slf4j.LoggerFactory;
41
42 public class RoleDataBinderImpl implements RoleDataBinder {
43
44 protected static final Logger LOG = LoggerFactory.getLogger(RoleDataBinder.class);
45
46 protected final RealmDAO realmDAO;
47
48 protected final DynRealmDAO dynRealmDAO;
49
50 protected final RoleDAO roleDAO;
51
52 protected final ApplicationDAO applicationDAO;
53
54 protected final EntityFactory entityFactory;
55
56 protected final SearchCondVisitor searchCondVisitor;
57
58 public RoleDataBinderImpl(
59 final RealmDAO realmDAO,
60 final DynRealmDAO dynRealmDAO,
61 final RoleDAO roleDAO,
62 final ApplicationDAO applicationDAO,
63 final EntityFactory entityFactory,
64 final SearchCondVisitor searchCondVisitor) {
65
66 this.realmDAO = realmDAO;
67 this.dynRealmDAO = dynRealmDAO;
68 this.roleDAO = roleDAO;
69 this.applicationDAO = applicationDAO;
70 this.entityFactory = entityFactory;
71 this.searchCondVisitor = searchCondVisitor;
72 }
73
74 protected void setDynMembership(final Role role, final String dynMembershipFIQL) {
75 SearchCond dynMembershipCond = SearchCondConverter.convert(searchCondVisitor, dynMembershipFIQL);
76 if (!dynMembershipCond.isValid()) {
77 SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidSearchParameters);
78 sce.getElements().add(dynMembershipFIQL);
79 throw sce;
80 }
81
82 DynRoleMembership dynMembership;
83 if (role.getDynMembership() == null) {
84 dynMembership = entityFactory.newEntity(DynRoleMembership.class);
85 dynMembership.setRole(role);
86 role.setDynMembership(dynMembership);
87 } else {
88 dynMembership = role.getDynMembership();
89 }
90 dynMembership.setFIQLCond(dynMembershipFIQL);
91 }
92
93 @Override
94 public Role create(final RoleTO roleTO) {
95 return update(entityFactory.newEntity(Role.class), roleTO);
96 }
97
98 @Override
99 public Role update(final Role toBeUpdated, final RoleTO roleTO) {
100 toBeUpdated.setKey(roleTO.getKey());
101 Role role = roleDAO.save(toBeUpdated);
102
103 role.getEntitlements().clear();
104 role.getEntitlements().addAll(roleTO.getEntitlements());
105
106 role.getRealms().clear();
107 for (String realmFullPath : roleTO.getRealms()) {
108 Realm realm = realmDAO.findByFullPath(realmFullPath);
109 if (realm == null) {
110 LOG.debug("Invalid realm full path {}, ignoring", realmFullPath);
111 } else {
112 role.add(realm);
113 }
114 }
115
116 role.getDynRealms().clear();
117 for (String key : roleTO.getDynRealms()) {
118 DynRealm dynRealm = dynRealmDAO.find(key);
119 if (dynRealm == null) {
120 LOG.debug("Invalid dynamic ream {}, ignoring", key);
121 } else {
122 role.add(dynRealm);
123 }
124 }
125
126 role = roleDAO.save(role);
127
128
129 roleDAO.clearDynMembers(role);
130 if (role.getKey() == null && roleTO.getDynMembershipCond() != null) {
131 setDynMembership(role, roleTO.getDynMembershipCond());
132 } else if (role.getDynMembership() != null && roleTO.getDynMembershipCond() == null) {
133 role.setDynMembership(null);
134 } else if (role.getDynMembership() == null && roleTO.getDynMembershipCond() != null) {
135 setDynMembership(role, roleTO.getDynMembershipCond());
136 } else if (role.getDynMembership() != null && roleTO.getDynMembershipCond() != null
137 && !role.getDynMembership().getFIQLCond().equals(roleTO.getDynMembershipCond())) {
138
139 setDynMembership(role, roleTO.getDynMembershipCond());
140 }
141
142 role.getPrivileges().clear();
143 for (String key : roleTO.getPrivileges()) {
144 Privilege privilege = applicationDAO.findPrivilege(key);
145 if (privilege == null) {
146 LOG.debug("Invalid privilege {}, ignoring", key);
147 } else {
148 role.add(privilege);
149 }
150 }
151
152 return roleDAO.saveAndRefreshDynMemberships(role);
153 }
154
155 @Override
156 public RoleTO getRoleTO(final Role role) {
157 RoleTO roleTO = new RoleTO();
158
159 roleTO.setKey(role.getKey());
160 roleTO.getEntitlements().addAll(role.getEntitlements());
161
162 roleTO.getRealms().addAll(role.getRealms().stream().
163 map(Realm::getFullPath).collect(Collectors.toList()));
164
165 roleTO.getDynRealms().addAll(role.getDynRealms().stream().
166 map(DynRealm::getKey).collect(Collectors.toList()));
167
168 if (role.getDynMembership() != null) {
169 roleTO.setDynMembershipCond(role.getDynMembership().getFIQLCond());
170 }
171
172 roleTO.getPrivileges().addAll(role.getPrivileges().stream().
173 map(Privilege::getKey).collect(Collectors.toList()));
174
175 return roleTO;
176 }
177 }