Package: AccountServiceImpl

AccountServiceImpl

name	instruction	branch	complexity	line	method
AccountServiceImpl()	M: 10 C: 0 0%	M: 0 C: 0 100%	M: 1 C: 0 0%	M: 2 C: 0 0%	M: 1 C: 0 0%
checkAccountPermission(KapuaId, KapuaId, Domain, Actions)	M: 8 C: 0 0%	M: 0 C: 0 100%	M: 1 C: 0 0%	M: 2 C: 0 0%	M: 1 C: 0 0%
checkAccountPermission(KapuaId, KapuaId, Domain, Actions, boolean)	M: 29 C: 0 0%	M: 2 C: 0 0%	M: 2 C: 0 0%	M: 4 C: 0 0%	M: 1 C: 0 0%
count(KapuaQuery)	M: 23 C: 0 0%	M: 0 C: 0 100%	M: 1 C: 0 0%	M: 5 C: 0 0%	M: 1 C: 0 0%
create(AccountCreator)	M: 159 C: 0 0%	M: 20 C: 0 0%	M: 11 C: 0 0%	M: 27 C: 0 0%	M: 1 C: 0 0%
delete(KapuaId, KapuaId)	M: 50 C: 0 0%	M: 2 C: 0 0%	M: 2 C: 0 0%	M: 11 C: 0 0%	M: 1 C: 0 0%
find(KapuaId)	M: 35 C: 0 0%	M: 2 C: 0 0%	M: 2 C: 0 0%	M: 9 C: 0 0%	M: 1 C: 0 0%
find(KapuaId, KapuaId)	M: 42 C: 0 0%	M: 2 C: 0 0%	M: 2 C: 0 0%	M: 10 C: 0 0%	M: 1 C: 0 0%
findByName(String)	M: 35 C: 0 0%	M: 2 C: 0 0%	M: 2 C: 0 0%	M: 9 C: 0 0%	M: 1 C: 0 0%
findChildAccountsTrusted(KapuaId)	M: 16 C: 0 0%	M: 0 C: 0 100%	M: 1 C: 0 0%	M: 5 C: 0 0%	M: 1 C: 0 0%
findChildrenRecursively(KapuaId)	M: 33 C: 0 0%	M: 2 C: 0 0%	M: 2 C: 0 0%	M: 8 C: 0 0%	M: 1 C: 0 0%
lambda$count$16(KapuaQuery, EntityManager)	M: 5 C: 0 0%	M: 0 C: 0 100%	M: 1 C: 0 0%	M: 1 C: 0 0%	M: 1 C: 0 0%
lambda$create$0(AccountCreator)	M: 5 C: 0 0%	M: 0 C: 0 100%	M: 1 C: 0 0%	M: 1 C: 0 0%	M: 1 C: 0 0%
lambda$create$1(AccountCreator, EntityManager)	M: 31 C: 0 0%	M: 0 C: 0 100%	M: 1 C: 0 0%	M: 5 C: 0 0%	M: 1 C: 0 0%
lambda$delete$6(KapuaId, KapuaId, Actions, EntityManager)	M: 55 C: 0 0%	M: 8 C: 0 0%	M: 5 C: 0 0%	M: 11 C: 0 0%	M: 1 C: 0 0%
lambda$delete$7(KapuaId, KapuaId, Account)	M: 7 C: 0 0%	M: 0 C: 0 100%	M: 1 C: 0 0%	M: 1 C: 0 0%	M: 1 C: 0 0%
lambda$find$10(KapuaId)	M: 7 C: 0 0%	M: 0 C: 0 100%	M: 1 C: 0 0%	M: 1 C: 0 0%	M: 1 C: 0 0%
lambda$find$11(KapuaId, EntityManager)	M: 5 C: 0 0%	M: 0 C: 0 100%	M: 1 C: 0 0%	M: 1 C: 0 0%	M: 1 C: 0 0%
lambda$find$8(KapuaId, KapuaId)	M: 7 C: 0 0%	M: 0 C: 0 100%	M: 1 C: 0 0%	M: 1 C: 0 0%	M: 1 C: 0 0%
lambda$find$9(KapuaId, KapuaId, EntityManager)	M: 5 C: 0 0%	M: 0 C: 0 100%	M: 1 C: 0 0%	M: 1 C: 0 0%	M: 1 C: 0 0%
lambda$findByName$12(String)	M: 8 C: 0 0%	M: 0 C: 0 100%	M: 1 C: 0 0%	M: 1 C: 0 0%	M: 1 C: 0 0%
lambda$findByName$13(String, EntityManager)	M: 4 C: 0 0%	M: 0 C: 0 100%	M: 1 C: 0 0%	M: 1 C: 0 0%	M: 1 C: 0 0%
lambda$findChildAccountsTrusted$17(KapuaId, EntityManager)	M: 7 C: 0 0%	M: 0 C: 0 100%	M: 1 C: 0 0%	M: 1 C: 0 0%	M: 1 C: 0 0%
lambda$findChildrenRecursively$14(Account, EntityManager)	M: 30 C: 0 0%	M: 0 C: 0 100%	M: 1 C: 0 0%	M: 5 C: 0 0%	M: 1 C: 0 0%
lambda$query$15(KapuaQuery, EntityManager)	M: 4 C: 0 0%	M: 0 C: 0 100%	M: 1 C: 0 0%	M: 1 C: 0 0%	M: 1 C: 0 0%
lambda$update$2(Account)	M: 5 C: 0 0%	M: 0 C: 0 100%	M: 1 C: 0 0%	M: 1 C: 0 0%	M: 1 C: 0 0%
lambda$update$3(Account, Account)	M: 13 C: 0 0%	M: 4 C: 0 0%	M: 3 C: 0 0%	M: 1 C: 0 0%	M: 1 C: 0 0%
lambda$update$4(Account)	M: 8 C: 0 0%	M: 0 C: 0 100%	M: 1 C: 0 0%	M: 2 C: 0 0%	M: 1 C: 0 0%
lambda$update$5(Account, EntityManager)	M: 4 C: 0 0%	M: 0 C: 0 100%	M: 1 C: 0 0%	M: 1 C: 0 0%	M: 1 C: 0 0%
query(KapuaQuery)	M: 22 C: 0 0%	M: 0 C: 0 100%	M: 1 C: 0 0%	M: 5 C: 0 0%	M: 1 C: 0 0%
update(Account)	M: 240 C: 0 0%	M: 42 C: 0 0%	M: 22 C: 0 0%	M: 39 C: 0 0%	M: 1 C: 0 0%

Coverage

1: /*******************************************************************************
2: * Copyright (c) 2016, 2022 Eurotech and/or its affiliates and others
3: *
4: * This program and the accompanying materials are made
5: * available under the terms of the Eclipse Public License 2.0
6: * which is available at https://www.eclipse.org/legal/epl-2.0/
7: *
8: * SPDX-License-Identifier: EPL-2.0
9: *
10: * Contributors:
11: * Eurotech - initial API and implementation
12: * Red Hat Inc
13: *******************************************************************************/
14: package org.eclipse.kapua.service.account.internal;
15:
16: import org.apache.commons.lang3.StringUtils;
17: import org.eclipse.kapua.KapuaDuplicateNameException;
18: import org.eclipse.kapua.KapuaDuplicateNameInAnotherAccountError;
19: import org.eclipse.kapua.KapuaEntityNotFoundException;
20: import org.eclipse.kapua.KapuaException;
21: import org.eclipse.kapua.KapuaIllegalAccessException;
22: import org.eclipse.kapua.KapuaIllegalArgumentException;
23: import org.eclipse.kapua.commons.configuration.AbstractKapuaConfigurableResourceLimitedService;
24: import org.eclipse.kapua.commons.jpa.EntityManagerContainer;
25: import org.eclipse.kapua.commons.security.KapuaSecurityUtils;
26: import org.eclipse.kapua.commons.service.internal.cache.NamedEntityCache;
27: import org.eclipse.kapua.commons.setting.system.SystemSetting;
28: import org.eclipse.kapua.commons.setting.system.SystemSettingKey;
29: import org.eclipse.kapua.commons.util.ArgumentValidator;
30: import org.eclipse.kapua.commons.util.CommonsValidationRegex;
31: import org.eclipse.kapua.locator.KapuaProvider;
32: import org.eclipse.kapua.model.KapuaEntityAttributes;
33: import org.eclipse.kapua.model.KapuaNamedEntityAttributes;
34: import org.eclipse.kapua.model.domain.Actions;
35: import org.eclipse.kapua.model.domain.Domain;
36: import org.eclipse.kapua.model.id.KapuaId;
37: import org.eclipse.kapua.model.query.KapuaQuery;
38: import org.eclipse.kapua.service.account.Account;
39: import org.eclipse.kapua.service.account.AccountAttributes;
40: import org.eclipse.kapua.service.account.AccountCreator;
41: import org.eclipse.kapua.service.account.AccountDomains;
42: import org.eclipse.kapua.service.account.AccountFactory;
43: import org.eclipse.kapua.service.account.AccountListResult;
44: import org.eclipse.kapua.service.account.AccountQuery;
45: import org.eclipse.kapua.service.account.AccountService;
46: import org.eclipse.kapua.service.account.internal.exception.KapuaAccountErrorCodes;
47: import org.eclipse.kapua.service.account.internal.exception.KapuaAccountException;
48: import org.eclipse.kapua.service.authorization.AuthorizationService;
49: import org.eclipse.kapua.service.authorization.permission.PermissionFactory;
50:
51: import javax.inject.Inject;
52: import javax.persistence.TypedQuery;
53: import java.util.Objects;
54:
55: /**
56: * {@link AccountService} implementation.
57: *
58: * @since 1.0.0
59: */
60: @KapuaProvider
61: public class AccountServiceImpl extends AbstractKapuaConfigurableResourceLimitedService<Account, AccountCreator, AccountService, AccountListResult, AccountQuery, AccountFactory>
62: implements AccountService {
63:
64: @Inject
65: private AuthorizationService authorizationService;
66:
67: @Inject
68: private PermissionFactory permissionFactory;
69:
70: private static final String NO_EXPIRATION_DATE_SET = "no expiration date set";
71:
72: /**
73: * Constructor.
74: *
75: * @since 1.0.0
76: */
77: public AccountServiceImpl() {
78: super(AccountService.class.getName(), AccountDomains.ACCOUNT_DOMAIN, AccountEntityManagerFactory.getInstance(), AccountCacheFactory.getInstance(), AccountService.class, AccountFactory.class);
79: }
80:
81: @Override
82: //@RaiseServiceEvent
83: public Account create(AccountCreator accountCreator) throws KapuaException {
84: //
85: // Argument validation
86: ArgumentValidator.notNull(accountCreator, "accountCreator");
87: ArgumentValidator.notNull(accountCreator.getScopeId(), "accountCreator.scopeId");
88: ArgumentValidator.notEmptyOrNull(accountCreator.getName(), "accountCreator.name");
89: ArgumentValidator.match(accountCreator.getName(), CommonsValidationRegex.NAME_REGEXP, "accountCreator.name");
90: ArgumentValidator.notEmptyOrNull(accountCreator.getOrganizationName(), "accountCreator.organizationName");
91: ArgumentValidator.notEmptyOrNull(accountCreator.getOrganizationEmail(), "accountCreator.organizationEmail");
92: ArgumentValidator.match(accountCreator.getOrganizationEmail(), CommonsValidationRegex.EMAIL_REGEXP, "accountCreator.organizationEmail");
93:
94: //
95: // Check Access
96: authorizationService.checkPermission(permissionFactory.newPermission(AccountDomains.ACCOUNT_DOMAIN, Actions.write, accountCreator.getScopeId()));
97:
98: //
99: // Check entity limit
100: checkAllowedEntities(accountCreator.getScopeId(), "Accounts");
101:
102: //
103: // Check if the parent account exists
104:• if (find(accountCreator.getScopeId()) == null) {
105: throw new KapuaIllegalArgumentException(KapuaEntityAttributes.SCOPE_ID, "parent account does not exist: " + accountCreator.getScopeId() + "::");
106: }
107:
108: //
109: // check if the account collides with the SystemSettingKey#COMMONS_CONTROL_TOPIC_CLASSIFIER
110:• if (!StringUtils.isEmpty(SystemSetting.getInstance().getMessageClassifier())) {
111:• if (SystemSetting.getInstance().getMessageClassifier().equals(accountCreator.getName())) {
112: throw new KapuaIllegalArgumentException("name", "Reserved account name");// obfuscate this message? or change to something more clear like "the account name collides with some system
113: // configuration parameter"?
114: }
115: }
116:
117: //
118: // Check duplicate name
119: AccountQuery query = new AccountQueryImpl(accountCreator.getScopeId());
120: query.setPredicate(query.attributePredicate(KapuaNamedEntityAttributes.NAME, accountCreator.getName()));
121:
122:• if (count(query) > 0) {
123: throw new KapuaDuplicateNameException(accountCreator.getName());
124: }
125:
126:• if (findByName(accountCreator.getName()) != null) {
127: throw new KapuaDuplicateNameInAnotherAccountError(accountCreator.getName());
128: }
129:
130: // check that expiration date is no later than parent expiration date
131: Account parentAccount = KapuaSecurityUtils.doPrivileged(() -> find(accountCreator.getScopeId()));
132:• if (parentAccount != null && parentAccount.getExpirationDate() != null) {
133: // parent account never expires no check is needed
134:• if (accountCreator.getExpirationDate() == null || parentAccount.getExpirationDate().before(accountCreator.getExpirationDate())) {
135: // if current account expiration date is null it will be obviously after parent expiration date
136:• throw new KapuaIllegalArgumentException(AccountAttributes.EXPIRATION_DATE, accountCreator.getExpirationDate() != null ? accountCreator.getExpirationDate().toString() : NO_EXPIRATION_DATE_SET);
137: }
138: }
139:
140: //
141: // Do create
142: return entityManagerSession.doTransactedAction(
143: EntityManagerContainer.<Account>create()
144: .onResultHandler(em -> {
145: Account account = AccountDAO.create(em, accountCreator);
146: em.persist(account);
147:
148: // Set the parent account path
149: String parentAccountPath = AccountDAO.find(em, KapuaId.ANY, accountCreator.getScopeId()).getParentAccountPath() + "/" + account.getId();
150: account.setParentAccountPath(parentAccountPath);
151:
152: // Return updated account
153: return AccountDAO.update(em, account);
154: }));
155: }
156:
157: @Override
158: //@RaiseServiceEvent
159: public Account update(Account account) throws KapuaException {
160: //
161: // Argument validation
162: ArgumentValidator.notNull(account.getId(), "account.id");
163: ArgumentValidator.notEmptyOrNull(account.getName(), "account.name");
164: ArgumentValidator.match(account.getName(), CommonsValidationRegex.NAME_REGEXP, "account.name");
165: ArgumentValidator.notNull(account.getOrganization(), "account.organization");
166: ArgumentValidator.match(account.getOrganization().getEmail(), CommonsValidationRegex.EMAIL_REGEXP, "account.organization.email");
167:
168: //
169: // Check Access
170:• if (KapuaSecurityUtils.getSession().getScopeId().equals(account.getId())) {
171: // Editing self
172: authorizationService.checkPermission(permissionFactory.newPermission(AccountDomains.ACCOUNT_DOMAIN, Actions.write, account.getId()));
173: } else {
174: // Editing child
175: authorizationService.checkPermission(permissionFactory.newPermission(AccountDomains.ACCOUNT_DOMAIN, Actions.write, account.getScopeId()));
176: }
177:
178:• if (account.getExpirationDate() != null) {
179: SystemSetting setting = SystemSetting.getInstance();
180: //check if the updated account is an admin account
181:• if (setting.getString(SystemSettingKey.SYS_ADMIN_ACCOUNT).equals(account.getName())) {
182: //throw exception if trying to set an expiration date for an admin account
183: throw new KapuaAccountException(KapuaAccountErrorCodes.OPERATION_NOT_ALLOWED, null, "Admin account cannot have an expiration date set");
184: }
185: }
186:
187: //
188: // Check existence
189: Account oldAccount = find(account.getId());
190:• if (oldAccount == null) {
191: throw new KapuaEntityNotFoundException(Account.TYPE, account.getId());
192: }
193:
194: //
195: // Check if user tries to change expiration date of the account in which it is defined (the account is not the admin one considering previous checks)
196:• if (KapuaSecurityUtils.getSession().getScopeId().equals(account.getId())) {
197: // Editing self - aka user that edits its account
198:• if ( (oldAccount.getExpirationDate() == null && account.getExpirationDate() != null) || //old exp. date was "no expiration" and now the update restricts it
199:• (oldAccount.getExpirationDate() != null && ! oldAccount.getExpirationDate().equals(account.getExpirationDate())) ) { //old exp. date was some date and the update refers to another date
200: // Editing the expiration date
201: throw new KapuaAccountException(KapuaAccountErrorCodes.OPERATION_NOT_ALLOWED, null, "A user cannot modify expiration date of the account in which it's defined");
202: }
203: }
204:
205: //
206: // Check that expiration date is no later than parent expiration date
207: Account parentAccount = null;
208:• if (oldAccount.getScopeId() != null) {
209: parentAccount = KapuaSecurityUtils.doPrivileged(() -> find(oldAccount.getScopeId()));
210: }
211:
212:• if (parentAccount != null && parentAccount.getExpirationDate() != null) {
213: // if parent account never expires no check is needed
214:• if (account.getExpirationDate() == null || parentAccount.getExpirationDate().before(account.getExpirationDate())) {
215: // if current account expiration date is null it will be obviously after parent expiration date
216:• throw new KapuaIllegalArgumentException(AccountAttributes.EXPIRATION_DATE, account.getExpirationDate() != null ? account.getExpirationDate().toString() : NO_EXPIRATION_DATE_SET);
217: }
218: }
219:
220:• if (account.getExpirationDate() != null) {
221: // check that expiration date is after all the children account
222: // if expiration date is null it means the account never expires, so it will be obviously later its children
223: AccountListResult childrenAccounts = findChildrenRecursively(account.getId());
224: // if child account expiration date is null it will be obviously after current account expiration date
225:• if (childrenAccounts.getItems().stream().anyMatch(childAccount -> childAccount.getExpirationDate() == null || childAccount.getExpirationDate().after(account.getExpirationDate()))) {
226:• throw new KapuaIllegalArgumentException(AccountAttributes.EXPIRATION_DATE, account.getExpirationDate() != null ? account.getExpirationDate().toString() : NO_EXPIRATION_DATE_SET);
227: }
228: }
229:
230: //
231: // Verify unchanged parent account ID and parent account path
232:• if (!Objects.equals(oldAccount.getScopeId(), account.getScopeId())) {
233: throw new KapuaIllegalArgumentException("account.scopeId", account.getScopeId().toStringId());
234: }
235:• if (!oldAccount.getParentAccountPath().equals(account.getParentAccountPath())) {
236: throw new KapuaIllegalArgumentException("account.parentAccountPath", account.getParentAccountPath());
237: }
238:• if (!oldAccount.getName().equals(account.getName())) {
239: throw new KapuaIllegalArgumentException("account.name", account.getName());
240: }
241:
242: //
243: // Do update
244: return entityManagerSession.doTransactedAction(
245: EntityManagerContainer.<Account>create()
246: .onBeforeHandler(() -> {
247: entityCache.remove(null, account);
248: return null;
249: })
250: .onResultHandler(em -> AccountDAO.update(em, account))
251: );
252: }
253:
254: @Override
255: //@RaiseServiceEvent
256: public void delete(KapuaId scopeId, KapuaId accountId) throws KapuaException {
257: //
258: // Argument validation
259: ArgumentValidator.notNull(scopeId, KapuaEntityAttributes.SCOPE_ID);
260: ArgumentValidator.notNull(accountId, KapuaEntityAttributes.ENTITY_ID);
261:
262: //
263: // Check Access
264: Actions action = Actions.delete;
265: authorizationService.checkPermission(permissionFactory.newPermission(AccountDomains.ACCOUNT_DOMAIN, action, scopeId));
266:
267: //
268: // Check if it has children
269:• if (!findChildAccountsTrusted(accountId).isEmpty()) {
270: throw new KapuaAccountException(KapuaAccountErrorCodes.OPERATION_NOT_ALLOWED, null, "This account cannot be deleted. Delete its child first.");
271: }
272:
273: //
274: // Do delete
275: entityManagerSession.doTransactedAction(
276: EntityManagerContainer.<Account>create()
277: .onResultHandler(em -> {
278:• Account account = scopeId.equals(accountId) ?
279: AccountDAO.find(em, KapuaId.ANY, accountId) :
280: AccountDAO.find(em, scopeId, accountId);
281:
282:• if (account == null) {
283: throw new KapuaEntityNotFoundException(Account.TYPE, accountId);
284: }
285:
286: // do not allow deletion of the kapua admin account
287: SystemSetting settings = SystemSetting.getInstance();
288:• if (settings.getString(SystemSettingKey.SYS_PROVISION_ACCOUNT_NAME).equals(account.getName())) {
289: throw new KapuaIllegalAccessException(action.name());
290: }
291:
292:• if (settings.getString(SystemSettingKey.SYS_ADMIN_USERNAME).equals(account.getName())) {
293: throw new KapuaIllegalAccessException(action.name());
294: }
295:
296: return AccountDAO.delete(em, scopeId, accountId);
297: })
298: .onAfterHandler((emptyParam) -> entityCache.remove(scopeId, accountId)));
299: }
300:
301: @Override
302: public Account find(KapuaId scopeId, KapuaId accountId) throws KapuaException {
303: //
304: // Argument validation
305: ArgumentValidator.notNull(scopeId, KapuaEntityAttributes.SCOPE_ID);
306: ArgumentValidator.notNull(accountId, KapuaEntityAttributes.ENTITY_ID);
307:
308: // If looking for a ScopeId equals to Account KapuaId, we are looking for our Account,
309: // so we need to use the un-scoped find (which checks for permissions).
310: // Otherwise, we will never find our account on our scope.
311: // In our scope we will find only our direct child Accounts
312:• if (scopeId.equals(accountId)) {
313: return find(accountId);
314: }
315:
316: //
317: // Check Access
318: checkAccountPermission(scopeId, accountId, AccountDomains.ACCOUNT_DOMAIN, Actions.read);
319:
320: //
321: // Do find
322: return entityManagerSession.doAction(
323: EntityManagerContainer.<Account>create()
324: .onBeforeHandler(() -> (Account) entityCache.get(scopeId, accountId))
325: .onResultHandler(em -> AccountDAO.find(em, scopeId, accountId))
326: .onAfterHandler(entityCache::put)
327: );
328: }
329:
330: @Override
331: public Account find(KapuaId accountId) throws KapuaException {
332: //
333: // Argument validation
334: ArgumentValidator.notNull(accountId, KapuaEntityAttributes.ENTITY_ID);
335:
336: //
337: // Do find
338: Account account = entityManagerSession.doAction(
339: EntityManagerContainer.<Account>create()
340: .onBeforeHandler(() -> (Account) entityCache.get(null, accountId))
341: .onResultHandler(em -> AccountDAO.find(em, KapuaId.ANY, accountId))
342: .onAfterHandler(entityCache::put)
343: );
344:
345: //
346: // Check Access
347:• if (account != null) {
348: checkAccountPermission(account.getScopeId(), account.getId(), AccountDomains.ACCOUNT_DOMAIN, Actions.read);
349: }
350:
351: //
352: // Return result
353: return account;
354: }
355:
356: @Override
357: public Account findByName(String name) throws KapuaException {
358: //
359: // Argument validation
360: ArgumentValidator.notEmptyOrNull(name, "name");
361:
362: //
363: // Do find
364: Account account = entityManagerSession.doAction(
365: EntityManagerContainer.<Account>create()
366: .onBeforeHandler(() -> (Account) ((NamedEntityCache) entityCache).get(null, name))
367: .onResultHandler(em -> AccountDAO.findByName(em, name))
368: .onAfterHandler(entityCache::put));
369:
370: //
371: // Check access
372:• if (account != null) {
373: checkAccountPermission(account.getScopeId(), account.getId(), AccountDomains.ACCOUNT_DOMAIN, Actions.read);
374: }
375:
376: //
377: // Return result
378: return account;
379: }
380:
381: @Override
382: public AccountListResult findChildrenRecursively(KapuaId scopeId) throws KapuaException {
383: //
384: // Argument validation
385: ArgumentValidator.notNull(scopeId, KapuaEntityAttributes.SCOPE_ID);
386:
387: //
388: // Check Access
389: Account account = find(scopeId);
390:
391: //
392: // Make sure account exists
393:• if (account == null) {
394: throw new KapuaEntityNotFoundException(Account.TYPE, scopeId);
395: }
396:
397: //
398: // Check access
399: checkAccountPermission(account.getScopeId(), account.getId(), AccountDomains.ACCOUNT_DOMAIN, Actions.read, true);
400:
401: //
402: // Do find
403: return entityManagerSession.doAction(
404: EntityManagerContainer.<AccountListResult>create()
405: .onResultHandler(em -> {
406: TypedQuery<Account> q = em.createNamedQuery("Account.findChildAccountsRecursive", Account.class);
407: q.setParameter("parentAccountPath", "\\" + account.getParentAccountPath() + "/%");
408:
409: AccountListResult result = new AccountListResultImpl();
410: result.addItems(q.getResultList());
411: return result;
412: }));
413: }
414:
415: @Override
416: public AccountListResult query(KapuaQuery query) throws KapuaException {
417: //
418: // Argument validation
419: ArgumentValidator.notNull(query, "query");
420:
421: //
422: // Check Access
423: authorizationService.checkPermission(permissionFactory.newPermission(AccountDomains.ACCOUNT_DOMAIN, Actions.read, query.getScopeId()));
424:
425: //
426: // Do query
427: return entityManagerSession.doAction(
428: EntityManagerContainer.<AccountListResult>create()
429: .onResultHandler(em -> AccountDAO.query(em, query))
430: );
431: }
432:
433: @Override
434: public long count(KapuaQuery query) throws KapuaException {
435: //
436: // Argument validation
437: ArgumentValidator.notNull(query, "query");
438:
439: //
440: // Check Access
441: authorizationService.checkPermission(permissionFactory.newPermission(AccountDomains.ACCOUNT_DOMAIN, Actions.read, query.getScopeId()));
442:
443: //
444: // Do count
445: return entityManagerSession.doAction(
446: EntityManagerContainer.<Long>create()
447: .onResultHandler(em -> AccountDAO.count(em, query))
448: );
449: }
450:
451: private AccountListResult findChildAccountsTrusted(KapuaId accountId)
452: throws KapuaException {
453: //
454: // Argument Validation
455: ArgumentValidator.notNull(accountId, KapuaEntityAttributes.ENTITY_ID);
456: ArgumentValidator.notNull(accountId.getId(), "accountId.id");
457:
458: //
459: // Do find
460: return entityManagerSession.doAction(
461: EntityManagerContainer.<AccountListResult>create()
462: .onResultHandler(em -> AccountDAO.query(em, new AccountQueryImpl(accountId)))
463: );
464: }
465:
466: private void checkAccountPermission(KapuaId scopeId, KapuaId accountId, Domain domain, Actions action) throws KapuaException {
467: checkAccountPermission(scopeId, accountId, domain, action, false);
468: }
469:
470: /**
471: * Checks if the current session can retrieve the {@link Account}, by both having an explicit permission or because
472: * it's looking for its own {@link Account}
473: *
474: * @param accountId The {@link KapuaId} of the {@link Account} to look for
475: */
476: private void checkAccountPermission(KapuaId scopeId, KapuaId accountId, Domain domain, Actions action, boolean forwardable) throws KapuaException {
477:• if (KapuaSecurityUtils.getSession().getScopeId().equals(accountId)) {
478: // I'm looking for myself, so let's check if I have the correct permission
479: authorizationService.checkPermission(permissionFactory.newPermission(domain, action, accountId, null, forwardable));
480: } else {
481: // I'm looking for another account, so I need to check the permission on the account scope
482: authorizationService.checkPermission(permissionFactory.newPermission(domain, action, scopeId, null, forwardable));
483: }
484: }
485: }