This project has retired. For details please refer to its Attic page.
DefaultRoleManagementService xref
View Javadoc

1   package org.apache.archiva.redback.rest.services;
2   /*
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *   http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing,
14   * software distributed under the License is distributed on an
15   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16   * KIND, either express or implied.  See the License for the
17   * specific language governing permissions and limitations
18   * under the License.
19   */
20  
21  import org.apache.archiva.redback.rbac.Permission;
22  import org.apache.archiva.redback.rbac.RBACManager;
23  import org.apache.archiva.redback.rbac.RbacManagerException;
24  import org.apache.archiva.redback.rbac.Resource;
25  import org.apache.archiva.redback.rbac.UserAssignment;
26  import org.apache.archiva.redback.role.RoleManager;
27  import org.apache.archiva.redback.role.RoleManagerException;
28  import org.apache.archiva.redback.role.model.ModelApplication;
29  import org.apache.archiva.redback.role.model.ModelRole;
30  import org.apache.archiva.redback.role.model.ModelTemplate;
31  import org.apache.archiva.redback.users.User;
32  import org.apache.archiva.redback.users.UserManager;
33  import org.apache.archiva.redback.users.UserManagerException;
34  import org.apache.archiva.redback.users.UserNotFoundException;
35  import org.apache.commons.lang.StringUtils;
36  import org.apache.archiva.redback.integration.model.AdminEditUserCredentials;
37  import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants;
38  import org.apache.archiva.redback.integration.util.RoleSorter;
39  import org.apache.archiva.redback.rest.api.model.Application;
40  import org.apache.archiva.redback.rest.api.model.ApplicationRoles;
41  import org.apache.archiva.redback.rest.api.model.ErrorMessage;
42  import org.apache.archiva.redback.rest.api.model.Role;
43  import org.apache.archiva.redback.rest.api.model.RoleTemplate;
44  import org.apache.archiva.redback.rest.api.services.RedbackServiceException;
45  import org.apache.archiva.redback.rest.api.services.RoleManagementService;
46  import org.slf4j.Logger;
47  import org.slf4j.LoggerFactory;
48  import org.springframework.stereotype.Service;
49  
50  import javax.inject.Inject;
51  import javax.inject.Named;
52  import javax.ws.rs.core.Response;
53  import java.util.ArrayList;
54  import java.util.Arrays;
55  import java.util.Collection;
56  import java.util.Collections;
57  import java.util.HashSet;
58  import java.util.List;
59  import java.util.Map;
60  import java.util.Set;
61  
62  /**
63   * @author Olivier Lamy
64   * @since 1.3
65   */
66  @Service("roleManagementService#rest")
67  public class DefaultRoleManagementService
68      implements RoleManagementService
69  {
70  
71      private Logger log = LoggerFactory.getLogger( getClass() );
72  
73      private RoleManager roleManager;
74  
75      private RBACManager rbacManager;
76  
77      private UserManager userManager;
78  
79      @Inject
80      public DefaultRoleManagementService( RoleManager roleManager,
81                                           @Named(value = "rbacManager#default") RBACManager rbacManager,
82                                           @Named(value = "userManager#default") UserManager userManager )
83      {
84          this.roleManager = roleManager;
85          this.rbacManager = rbacManager;
86          this.userManager = userManager;
87  
88          log.debug( "use rbacManager impl: {}", rbacManager.getClass().getName() );
89          log.debug( "use userManager impl: {}", userManager.getClass().getName() );
90      }
91  
92      public Boolean createTemplatedRole( String templateId, String resource )
93          throws RedbackServiceException
94      {
95          try
96          {
97              roleManager.createTemplatedRole( templateId, resource );
98          }
99          catch ( RoleManagerException e )
100         {
101             throw new RedbackServiceException( e.getMessage() );
102         }
103         return Boolean.TRUE;
104     }
105 
106     public Boolean removeTemplatedRole( String templateId, String resource )
107         throws RedbackServiceException
108     {
109 
110         try
111         {
112             roleManager.removeTemplatedRole( templateId, resource );
113         }
114         catch ( RoleManagerException e )
115         {
116             throw new RedbackServiceException( e.getMessage() );
117         }
118         return Boolean.TRUE;
119     }
120 
121     public Boolean updateRole( String templateId, String oldResource, String newResource )
122         throws RedbackServiceException
123     {
124         try
125         {
126             roleManager.updateRole( templateId, oldResource, newResource );
127         }
128         catch ( RoleManagerException e )
129         {
130             throw new RedbackServiceException( e.getMessage() );
131         }
132         return Boolean.TRUE;
133     }
134 
135     public Boolean assignRole( String roleId, String principal )
136         throws RedbackServiceException
137     {
138         try
139         {
140             roleManager.assignRole( roleId, principal );
141         }
142         catch ( RoleManagerException e )
143         {
144             throw new RedbackServiceException( e.getMessage() );
145         }
146         return Boolean.TRUE;
147     }
148 
149     public Boolean assignRoleByName( String roleName, String principal )
150         throws RedbackServiceException
151     {
152         try
153         {
154             roleManager.assignRoleByName( roleName, principal );
155         }
156         catch ( RoleManagerException e )
157         {
158             throw new RedbackServiceException( e.getMessage() );
159         }
160         return Boolean.TRUE;
161     }
162 
163     public Boolean assignTemplatedRole( String templateId, String resource, String principal )
164         throws RedbackServiceException
165     {
166         try
167         {
168             roleManager.assignTemplatedRole( templateId, resource, principal );
169         }
170         catch ( RoleManagerException e )
171         {
172             throw new RedbackServiceException( e.getMessage() );
173         }
174         return Boolean.TRUE;
175     }
176 
177     public Boolean unassignRole( String roleId, String principal )
178         throws RedbackServiceException
179     {
180         try
181         {
182             roleManager.unassignRole( roleId, principal );
183         }
184         catch ( RoleManagerException e )
185         {
186             throw new RedbackServiceException( e.getMessage() );
187         }
188         return Boolean.TRUE;
189     }
190 
191     public Boolean unassignRoleByName( String roleName, String principal )
192         throws RedbackServiceException
193     {
194         try
195         {
196             roleManager.unassignRoleByName( roleName, principal );
197         }
198         catch ( RoleManagerException e )
199         {
200             throw new RedbackServiceException( e.getMessage() );
201         }
202         return Boolean.TRUE;
203     }
204 
205     public Boolean roleExists( String roleId )
206         throws RedbackServiceException
207     {
208         try
209         {
210             return roleManager.roleExists( roleId );
211         }
212         catch ( RoleManagerException e )
213         {
214             throw new RedbackServiceException( e.getMessage() );
215         }
216     }
217 
218     public Boolean templatedRoleExists( String templateId, String resource )
219         throws RedbackServiceException
220     {
221         try
222         {
223             return roleManager.templatedRoleExists( templateId, resource );
224         }
225         catch ( RoleManagerException e )
226         {
227             throw new RedbackServiceException( e.getMessage() );
228         }
229 
230     }
231 
232     public Boolean verifyTemplatedRole( String templateId, String resource )
233         throws RedbackServiceException
234     {
235         try
236         {
237             roleManager.verifyTemplatedRole( templateId, resource );
238         }
239         catch ( RoleManagerException e )
240         {
241             throw new RedbackServiceException( e.getMessage() );
242         }
243         return Boolean.TRUE;
244     }
245 
246     public List<Role> getEffectivelyAssignedRoles( String username )
247         throws RedbackServiceException
248     {
249         if ( StringUtils.isEmpty( username ) )
250         {
251             throw new RedbackServiceException( new ErrorMessage( "user.cannot.be.null" ) );
252         }
253         try
254         {
255             List<org.apache.archiva.redback.rbac.Role> roles =
256                 filterAssignableRoles( rbacManager.getEffectivelyAssignedRoles( username ) );
257 
258             List<Role> effectivelyAssignedRoles = new ArrayList<Role>( roles.size() );
259 
260             for ( org.apache.archiva.redback.rbac.Role r : roles )
261             {
262                 effectivelyAssignedRoles.add( new Role( r ) );
263             }
264             return effectivelyAssignedRoles;
265         }
266         catch ( RbacManagerException rme )
267         {
268             // ignore, this can happen when the user has no roles assigned  
269         }
270         return new ArrayList<Role>( 0 );
271     }
272 
273 
274     public List<Application> getApplications( String username )
275         throws RedbackServiceException
276     {
277 
278         List<ModelApplication> modelApplications = roleManager.getModel().getApplications();
279 
280         List<Application> applications = new ArrayList<Application>( modelApplications.size() );
281 
282         for ( ModelApplication modelApplication : modelApplications )
283         {
284             Application application = new Application();
285             application.setDescription( modelApplication.getDescription() );
286             application.setId( modelApplication.getId() );
287             application.setLongDescription( modelApplication.getLongDescription() );
288             application.setVersion( modelApplication.getVersion() );
289             applications.add( application );
290         }
291 
292         return applications;
293     }
294 
295     public List<Role> getAllRoles()
296         throws RedbackServiceException
297     {
298         try
299         {
300             List<org.apache.archiva.redback.rbac.Role> roles = rbacManager.getAllRoles();
301 
302             if ( roles == null )
303             {
304                 return Collections.emptyList();
305             }
306 
307             roles = filterRolesForCurrentUserAccess( roles );
308 
309             List<Role> res = new ArrayList<Role>( roles.size() );
310 
311             for ( org.apache.archiva.redback.rbac.Role r : roles )
312             {
313                 res.add( new Role( r ) );
314             }
315             return res;
316 
317         }
318         catch ( RbacManagerException e )
319         {
320             throw new RedbackServiceException( e.getMessage() );
321         }
322     }
323 
324     public List<Role> getDetailedAllRoles()
325         throws RedbackServiceException
326     {
327         try
328         {
329             List<org.apache.archiva.redback.rbac.Role> roles = rbacManager.getAllRoles();
330 
331             if ( roles == null )
332             {
333                 return Collections.emptyList();
334             }
335 
336             roles = filterRolesForCurrentUserAccess( roles );
337 
338             List<Role> res = new ArrayList<Role>( roles.size() );
339 
340             for ( org.apache.archiva.redback.rbac.Role r : roles )
341             {
342                 res.add( getRole( r.getName() ) );
343             }
344             return res;
345 
346         }
347         catch ( RbacManagerException e )
348         {
349             throw new RedbackServiceException( e.getMessage() );
350         }
351     }
352 
353     private List<org.apache.archiva.redback.rbac.Role> filterAssignableRoles(
354         Collection<org.apache.archiva.redback.rbac.Role> roles )
355     {
356         List<org.apache.archiva.redback.rbac.Role> assignableRoles =
357             new ArrayList<org.apache.archiva.redback.rbac.Role>( roles.size() );
358         for ( org.apache.archiva.redback.rbac.Role r : roles )
359         {
360             if ( r.isAssignable() )
361             {
362                 assignableRoles.add( r );
363             }
364         }
365         return assignableRoles;
366     }
367 
368     public Role getRole( String roleName )
369         throws RedbackServiceException
370     {
371         try
372         {
373             org.apache.archiva.redback.rbac.Role rbacRole = rbacManager.getRole( roleName );
374             Role role = new Role( rbacRole );
375 
376             Map<String, org.apache.archiva.redback.rbac.Role> parentRoles = rbacManager.getParentRoles( rbacRole );
377             for ( String parentRoleName : parentRoles.keySet() )
378             {
379                 role.getParentRoleNames().add( parentRoleName );
380             }
381 
382             List<UserAssignment> userAssignments = rbacManager.getUserAssignmentsForRoles( Arrays.asList( roleName ) );
383 
384             if ( userAssignments != null )
385             {
386                 for ( UserAssignment userAssignment : userAssignments )
387                 {
388                     try
389                     {
390                         User user = userManager.findUser( userAssignment.getPrincipal() );
391                         role.getUsers().add( new org.apache.archiva.redback.rest.api.model.User( user ) );
392                     }
393                     catch ( UserNotFoundException e )
394                     {
395                         log.warn( "User '" + userAssignment.getPrincipal() + "' doesn't exist.", e );
396                     }
397                 }
398             }
399 
400             if ( !role.getParentRoleNames().isEmpty() )
401             {
402                 List<UserAssignment> userParentAssignments =
403                     rbacManager.getUserAssignmentsForRoles( parentRoles.keySet() );
404                 if ( userParentAssignments != null )
405                 {
406                     for ( UserAssignment userAssignment : userParentAssignments )
407                     {
408                         try
409                         {
410                             User user = userManager.findUser( userAssignment.getPrincipal() );
411                             role.getParentsRolesUsers().add(
412                                 new org.apache.archiva.redback.rest.api.model.User( user ) );
413                         }
414                         catch ( UserNotFoundException e )
415                         {
416                             log.warn( "User '" + userAssignment.getPrincipal() + "' doesn't exist.", e );
417                         }
418                     }
419                 }
420             }
421 
422             List<org.apache.archiva.redback.rest.api.model.User> otherUsers =
423                 new ArrayList<org.apache.archiva.redback.rest.api.model.User>();
424             for ( User u : userManager.getUsers() )
425             {
426                 org.apache.archiva.redback.rest.api.model.User user =
427                     new org.apache.archiva.redback.rest.api.model.User( u );
428                 if ( role.getParentsRolesUsers().contains( user ) )
429                 {
430                     continue;
431                 }
432                 if ( role.getUsers().contains( user ) )
433                 {
434                     continue;
435                 }
436                 otherUsers.add( user );
437             }
438 
439             role.setOtherUsers( otherUsers );
440 
441             return role;
442         }
443         catch ( RbacManagerException e )
444         {
445             throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
446         }
447         catch ( UserManagerException e )
448         {
449             throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
450         }
451     }
452 
453     public Boolean updateRoleDescription( String roleName, String description )
454         throws RedbackServiceException
455     {
456         try
457         {
458             org.apache.archiva.redback.rbac.Role rbacRole = rbacManager.getRole( roleName );
459             rbacRole.setDescription( description );
460             rbacManager.saveRole( rbacRole );
461         }
462         catch ( RbacManagerException e )
463         {
464             throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
465         }
466         return Boolean.TRUE;
467     }
468 
469     public Boolean updateRoleUsers( Role role )
470         throws RedbackServiceException
471     {
472 
473         for ( org.apache.archiva.redback.rest.api.model.User user : role.getUsers() )
474         {
475             String username = user.getUsername();
476 
477             try
478             {
479 
480                 if ( !userManager.userExists( username ) )
481                 {
482                     log.error( "user {} not exits", username );
483                     throw new RedbackServiceException(
484                         new ErrorMessage( "user.not.exists", new String[]{ username } ) );
485                 }
486 
487                 UserAssignment assignment;
488 
489                 if ( rbacManager.userAssignmentExists( username ) )
490                 {
491                     assignment = rbacManager.getUserAssignment( username );
492                 }
493                 else
494                 {
495                     assignment = rbacManager.createUserAssignment( username );
496                 }
497 
498                 assignment.addRoleName( role.getName() );
499                 assignment = rbacManager.saveUserAssignment( assignment );
500                 log.info( "{} role assigned to {}", role.getName(), username );
501             }
502             catch ( RbacManagerException e )
503             {
504                 log.error( "error during assign role " + role.getName() + " to user " + username, e );
505                 throw new RedbackServiceException(
506                     new ErrorMessage( "error.assign.role.user", new String[]{ role.getName(), username } ) );
507             }
508             catch ( UserManagerException e )
509             {
510                 throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
511             }
512         }
513 
514         for ( org.apache.archiva.redback.rest.api.model.User user : role.getRemovedUsers() )
515         {
516             String username = user.getUsername();
517 
518             try
519             {
520 
521                 if ( !userManager.userExists( username ) )
522                 {
523                     log.error( "user {} not exits", username );
524                     throw new RedbackServiceException(
525                         new ErrorMessage( "user.not.exists", new String[]{ username } ) );
526                 }
527 
528                 UserAssignment assignment;
529 
530                 if ( rbacManager.userAssignmentExists( username ) )
531                 {
532                     assignment = rbacManager.getUserAssignment( username );
533                 }
534                 else
535                 {
536                     assignment = rbacManager.createUserAssignment( username );
537                 }
538 
539                 assignment.removeRoleName( role.getName() );
540                 assignment = rbacManager.saveUserAssignment( assignment );
541                 log.info( "{} role unassigned to {}", role.getName(), username );
542             }
543             catch ( RbacManagerException e )
544             {
545                 log.error( "error during unassign role " + role.getName() + " to user " + username, e );
546                 throw new RedbackServiceException(
547                     new ErrorMessage( "error.unassign.role.user", new String[]{ role.getName(), username } ) );
548             }
549             catch ( UserManagerException e )
550             {
551                 throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
552             }
553         }
554 
555         return Boolean.TRUE;
556     }
557 
558     public List<ApplicationRoles> getApplicationRoles( String username )
559         throws RedbackServiceException
560     {
561         AdminEditUserCredentials user = null;
562         if ( StringUtils.isEmpty( username ) )
563         {
564             throw new RedbackServiceException( new ErrorMessage( "rbac.edit.user.empty.principal" ) );
565         }
566 
567         try
568         {
569             if ( !userManager.userExists( username ) )
570             {
571                 throw new RedbackServiceException(
572                     new ErrorMessage( "user.does.not.exist", new String[]{ username } ) );
573             }
574 
575             User u = userManager.findUser( username );
576 
577             if ( u == null )
578             {
579                 throw new RedbackServiceException( new ErrorMessage( "cannot.operate.on.null.user" ) );
580             }
581 
582             user = new AdminEditUserCredentials( u );
583         }
584         catch ( UserNotFoundException e )
585         {
586             throw new RedbackServiceException(
587                 new ErrorMessage( "user.does.not.exist", new String[]{ username, e.getMessage() } ) );
588         }
589         catch ( UserManagerException e )
590         {
591             throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
592         }
593         try
594         {
595             // check first if role assignments for user exist
596             if ( !rbacManager.userAssignmentExists( username ) )
597             {
598                 UserAssignment assignment = rbacManager.createUserAssignment( username );
599                 rbacManager.saveUserAssignment( assignment );
600             }
601 
602             List<org.apache.archiva.redback.rbac.Role> allRoles =
603                 filterRolesForCurrentUserAccess( rbacManager.getAllRoles() );
604 
605             List<ModelApplication> modelApplications = roleManager.getModel().getApplications();
606 
607             List<ApplicationRoles> applicationRolesList = new ArrayList<ApplicationRoles>( modelApplications.size() );
608 
609             for ( ModelApplication modelApplication : modelApplications )
610             {
611                 ApplicationRoles applicationRoles = new ApplicationRoles();
612 
613                 applicationRoles.setDescription( modelApplication.getDescription() );
614                 applicationRoles.setName( modelApplication.getId() );
615 
616                 Collection<org.apache.archiva.redback.rbac.Role> appRoles =
617                     filterApplicationRoles( modelApplication, allRoles, modelApplication.getTemplates() );
618 
619                 applicationRoles.setGlobalRoles( toRoleNames( appRoles ) );
620 
621                 Set<String> resources = discoverResources( modelApplication.getTemplates(), appRoles );
622 
623                 applicationRoles.setResources( resources );
624 
625                 applicationRoles.setRoleTemplates( toRoleTemplates( modelApplication.getTemplates() ) );
626 
627                 // cleanup app roles remove roles coming from templates
628 
629                 List<String> appRoleNames = new ArrayList<String>( appRoles.size() );
630 
631                 for ( String appRoleName : applicationRoles.getGlobalRoles() )
632                 {
633                     if ( !roleFromTemplate( appRoleName, modelApplication.getTemplates() ) )
634                     {
635                         appRoleNames.add( appRoleName );
636                     }
637                 }
638 
639                 applicationRoles.setGlobalRoles( appRoleNames );
640 
641                 applicationRolesList.add( applicationRoles );
642             }
643 
644             return applicationRolesList;
645 
646         }
647         catch ( RbacManagerException e )
648         {
649             RedbackServiceException redbackServiceException =
650                 new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
651             redbackServiceException.setHttpErrorCode( Response.Status.INTERNAL_SERVER_ERROR.getStatusCode() );
652             throw redbackServiceException;
653         }
654     }
655 
656     public Boolean updateUserRoles( org.apache.archiva.redback.rest.api.model.User user )
657         throws RedbackServiceException
658     {
659 
660         String username = user.getUsername();
661 
662         if ( StringUtils.isEmpty( username ) )
663         {
664             throw new RedbackServiceException( new ErrorMessage( "rbac.edit.user.empty.principal" ) );
665         }
666 
667         try
668         {
669 
670             if ( !userManager.userExists( username ) )
671             {
672                 throw new RedbackServiceException(
673                     new ErrorMessage( "user.does.not.exist", new String[]{ username } ) );
674             }
675 
676             User u = userManager.findUser( username );
677 
678             if ( u == null )
679             {
680                 throw new RedbackServiceException( new ErrorMessage( "cannot.operate.on.null.user" ) );
681             }
682 
683         }
684         catch ( UserNotFoundException e )
685         {
686             throw new RedbackServiceException(
687                 new ErrorMessage( "user.does.not.exist", new String[]{ username, e.getMessage() } ) );
688         }
689         catch ( UserManagerException e )
690         {
691             throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
692         }
693 
694         try
695         {
696 
697             UserAssignment assignment;
698 
699             if ( rbacManager.userAssignmentExists( username ) )
700             {
701                 assignment = rbacManager.getUserAssignment( username );
702             }
703             else
704             {
705                 assignment = rbacManager.createUserAssignment( username );
706             }
707 
708             assignment.setRoleNames( user.getAssignedRoles() );
709 
710             assignment = rbacManager.saveUserAssignment( assignment );
711 
712         }
713         catch ( RbacManagerException e )
714         {
715             RedbackServiceException redbackServiceException =
716                 new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
717             redbackServiceException.setHttpErrorCode( Response.Status.INTERNAL_SERVER_ERROR.getStatusCode() );
718             throw redbackServiceException;
719         }
720 
721         return Boolean.TRUE;
722 
723     }
724 
725     //----------------------------------------------------------------
726     // Internal methods
727     //----------------------------------------------------------------
728 
729     private org.apache.archiva.redback.rbac.Role isInList( String roleName,
730                                                            Collection<org.apache.archiva.redback.rbac.Role> roles )
731     {
732         for ( org.apache.archiva.redback.rbac.Role role : roles )
733         {
734             if ( roleName.equals( role.getName() ) )
735             {
736                 return role;
737             }
738         }
739         return null;
740     }
741 
742     private Collection<org.apache.archiva.redback.rbac.Role> filterApplicationRoles( ModelApplication application,
743                                                                                      List<org.apache.archiva.redback.rbac.Role> allRoles,
744                                                                                      List<ModelTemplate> applicationTemplates )
745     {
746         Set<org.apache.archiva.redback.rbac.Role> applicationRoles =
747             new HashSet<org.apache.archiva.redback.rbac.Role>();
748         List<ModelRole> roles = application.getRoles();
749 
750         for ( ModelRole modelRole : roles )
751         {
752             org.apache.archiva.redback.rbac.Role r = isInList( modelRole.getName(), allRoles );
753             if ( r != null )
754             {
755                 applicationRoles.add( r );
756             }
757         }
758 
759         List<String> roleNames = toRoleNames( allRoles );
760 
761         for ( ModelTemplate modelTemplate : applicationTemplates )
762         {
763             for ( org.apache.archiva.redback.rbac.Role r : allRoles )
764             {
765                 if ( StringUtils.startsWith( r.getName(),
766                                              modelTemplate.getNamePrefix() + modelTemplate.getDelimiter() ) )
767                 {
768                     applicationRoles.add( r );
769                 }
770             }
771         }
772 
773         return applicationRoles;
774     }
775 
776     private boolean roleFromTemplate( String roleName, List<ModelTemplate> applicationTemplates )
777     {
778 
779         for ( ModelTemplate modelTemplate : applicationTemplates )
780         {
781             if ( StringUtils.startsWith( roleName, modelTemplate.getNamePrefix() + modelTemplate.getDelimiter() ) )
782             {
783                 return true;
784             }
785 
786         }
787         return false;
788     }
789 
790     private List<String> toRoleNames( Collection<org.apache.archiva.redback.rbac.Role> roles )
791     {
792         List<String> names = new ArrayList<String>( roles.size() );
793 
794         for ( org.apache.archiva.redback.rbac.Role r : roles )
795         {
796             names.add( r.getName() );
797         }
798 
799         return names;
800     }
801 
802     private List<RoleTemplate> toRoleTemplates( List<ModelTemplate> modelTemplates )
803     {
804         if ( modelTemplates == null || modelTemplates.isEmpty() )
805         {
806             return new ArrayList<RoleTemplate>( 0 );
807         }
808 
809         List<RoleTemplate> roleTemplates = new ArrayList<RoleTemplate>( modelTemplates.size() );
810 
811         for ( ModelTemplate modelTemplate : modelTemplates )
812         {
813             RoleTemplate roleTemplate = new RoleTemplate();
814 
815             roleTemplate.setDelimiter( modelTemplate.getDelimiter() );
816             roleTemplate.setDescription( modelTemplate.getDescription() );
817             roleTemplate.setId( modelTemplate.getId() );
818             roleTemplate.setNamePrefix( modelTemplate.getNamePrefix() );
819 
820             roleTemplates.add( roleTemplate );
821         }
822 
823         return roleTemplates;
824     }
825 
826     private Set<String> discoverResources( List<ModelTemplate> applicationTemplates,
827                                            Collection<org.apache.archiva.redback.rbac.Role> roles )
828     {
829         Set<String> resources = new HashSet<String>();
830         for ( ModelTemplate modelTemplate : applicationTemplates )
831         {
832             for ( org.apache.archiva.redback.rbac.Role role : roles )
833             {
834                 String roleName = role.getName();
835                 if ( roleName.startsWith( modelTemplate.getNamePrefix() ) )
836                 {
837                     String delimiter = modelTemplate.getDelimiter();
838                     resources.add( roleName.substring( roleName.indexOf( delimiter ) + delimiter.length() ) );
839                 }
840             }
841         }
842         return resources;
843     }
844 
845     /**
846      * this is a hack. this is a hack around the requirements of putting RBAC constraints into the model. this adds one
847      * very major restriction to this security system, that a role name must contain the identifiers of the resource
848      * that is being constrained for adding and granting of roles, this is unacceptable in the long term and we need to
849      * get the model refactored to include this RBAC concept
850      *
851      * @param roleList
852      * @return
853      * @throws org.apache.archiva.redback.rbac.RbacManagerException
854      *
855      */
856     protected List<org.apache.archiva.redback.rbac.Role> filterRolesForCurrentUserAccess(
857         List<org.apache.archiva.redback.rbac.Role> roleList )
858         throws RedbackServiceException
859     {
860         RedbackRequestInformation redbackRequestInformation = RedbackAuthenticationThreadLocal.get();
861         // olamy: should not happened normally as annotations check this first
862         if ( redbackRequestInformation == null || redbackRequestInformation.getUser() == null )
863         {
864             throw new RedbackServiceException( new ErrorMessage( "login.mandatory" ) );
865         }
866         String currentUser = redbackRequestInformation.getUser().getUsername();
867 
868         List<org.apache.archiva.redback.rbac.Role> filteredRoleList =
869             new ArrayList<org.apache.archiva.redback.rbac.Role>();
870         try
871         {
872             Map<String, List<Permission>> assignedPermissionMap = rbacManager.getAssignedPermissionMap( currentUser );
873             List<String> resourceGrants = new ArrayList<String>();
874 
875             if ( assignedPermissionMap.containsKey( RedbackRoleConstants.USER_MANAGEMENT_ROLE_GRANT_OPERATION ) )
876             {
877                 List<Permission> roleGrantPermissions =
878                     assignedPermissionMap.get( RedbackRoleConstants.USER_MANAGEMENT_ROLE_GRANT_OPERATION );
879 
880                 for ( Permission permission : roleGrantPermissions )
881                 {
882                     if ( permission.getResource().getIdentifier().equals( Resource.GLOBAL ) )
883                     {
884                         // the current user has the rights to assign any given role
885                         return roleList;
886                     }
887                     else
888                     {
889                         resourceGrants.add( permission.getResource().getIdentifier() );
890                     }
891                 }
892 
893             }
894             else
895             {
896                 return Collections.emptyList();
897             }
898 
899             String delimiter = " - ";
900 
901             // we should have a list of resourceGrants now, this will provide us with the information necessary to restrict
902             // the role list
903             for ( org.apache.archiva.redback.rbac.Role role : roleList )
904             {
905                 int delimiterIndex = role.getName().indexOf( delimiter );
906                 for ( String resourceIdentifier : resourceGrants )
907                 {
908 
909                     if ( ( role.getName().indexOf( resourceIdentifier ) != -1 ) && ( delimiterIndex != -1 ) )
910                     {
911                         String resourceName = role.getName().substring( delimiterIndex + delimiter.length() );
912                         if ( resourceName.equals( resourceIdentifier ) )
913                         {
914                             filteredRoleList.add( role );
915                         }
916                     }
917                 }
918             }
919         }
920         catch ( RbacManagerException rme )
921         {
922             // ignore, this can happen when the user has no roles assigned  
923         }
924         Collections.sort( filteredRoleList, new RoleSorter() );
925         return filteredRoleList;
926     }
927 
928 
929 }