![[Jenkins]](/kapua/static/dff81f37/images/svgs/logo.svg){kind=logo}
Package: RolePermissionServiceImpl
RolePermissionServiceImpl
| name | instruction | branch | complexity | line | method | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| RolePermissionServiceImpl() |
|
|
|
|
|
||||||||||||||||||||
| count(KapuaQuery) |
|
|
|
|
|
||||||||||||||||||||
| create(RolePermissionCreator) |
|
|
|
|
|
||||||||||||||||||||
| delete(KapuaId, KapuaId) |
|
|
|
|
|
||||||||||||||||||||
| find(KapuaId, KapuaId) |
|
|
|
|
|
||||||||||||||||||||
| findByRoleId(KapuaId, KapuaId) |
|
|
|
|
|
||||||||||||||||||||
| lambda$count$8(KapuaQuery, EntityManager) |
|
|
|
|
|
||||||||||||||||||||
| lambda$create$0(RolePermissionCreator, EntityManager) |
|
|
|
|
|
||||||||||||||||||||
| lambda$create$1(RolePermission) |
|
|
|
|
|
||||||||||||||||||||
| lambda$delete$2(KapuaId, KapuaId, EntityManager) |
|
|
|
|
|
||||||||||||||||||||
| lambda$delete$3(KapuaId, KapuaId, RolePermission) |
|
|
|
|
|
||||||||||||||||||||
| lambda$find$4(KapuaId, KapuaId, EntityManager) |
|
|
|
|
|
||||||||||||||||||||
| lambda$find$5(KapuaId, KapuaId) |
|
|
|
|
|
||||||||||||||||||||
| lambda$find$6(RolePermission) |
|
|
|
|
|
||||||||||||||||||||
| lambda$query$7(KapuaQuery, EntityManager) |
|
|
|
|
|
||||||||||||||||||||
| query(KapuaQuery) |
|
|
|
|
|
||||||||||||||||||||
| static {...} |
|
|
|
|
|
||||||||||||||||||||
Coverage
1: /*******************************************************************************
2: * Copyright (c) 2016, 2022 Eurotech and/or its affiliates and others
3: *
4: * This program and the accompanying materials are made
5: * available under the terms of the Eclipse Public License 2.0
6: * which is available at https://www.eclipse.org/legal/epl-2.0/
7: *
8: * SPDX-License-Identifier: EPL-2.0
9: *
10: * Contributors:
11: * Eurotech - initial API and implementation
12: *******************************************************************************/
13: package org.eclipse.kapua.service.authorization.role.shiro;
14:
15: import org.eclipse.kapua.KapuaEntityNotFoundException;
16: import org.eclipse.kapua.KapuaEntityUniquenessException;
17: import org.eclipse.kapua.KapuaErrorCodes;
18: import org.eclipse.kapua.KapuaException;
19: import org.eclipse.kapua.commons.jpa.EntityManagerContainer;
20: import org.eclipse.kapua.commons.service.internal.AbstractKapuaService;
21: import org.eclipse.kapua.commons.util.ArgumentValidator;
22: import org.eclipse.kapua.locator.KapuaLocator;
23: import org.eclipse.kapua.locator.KapuaProvider;
24: import org.eclipse.kapua.model.KapuaEntityAttributes;
25: import org.eclipse.kapua.model.domain.Actions;
26: import org.eclipse.kapua.model.id.KapuaId;
27: import org.eclipse.kapua.model.query.KapuaQuery;
28: import org.eclipse.kapua.service.authorization.AuthorizationDomains;
29: import org.eclipse.kapua.service.authorization.AuthorizationService;
30: import org.eclipse.kapua.service.authorization.permission.Permission;
31: import org.eclipse.kapua.service.authorization.permission.PermissionFactory;
32: import org.eclipse.kapua.service.authorization.permission.shiro.PermissionValidator;
33: import org.eclipse.kapua.service.authorization.role.Role;
34: import org.eclipse.kapua.service.authorization.role.RolePermission;
35: import org.eclipse.kapua.service.authorization.role.RolePermissionAttributes;
36: import org.eclipse.kapua.service.authorization.role.RolePermissionCreator;
37: import org.eclipse.kapua.service.authorization.role.RolePermissionListResult;
38: import org.eclipse.kapua.service.authorization.role.RolePermissionQuery;
39: import org.eclipse.kapua.service.authorization.role.RolePermissionService;
40: import org.eclipse.kapua.service.authorization.role.RoleService;
41: import org.eclipse.kapua.service.authorization.shiro.AuthorizationEntityManagerFactory;
42:
43: import java.util.AbstractMap;
44: import java.util.ArrayList;
45: import java.util.List;
46: import java.util.Map;
47:
48: /**
49: * {@link RolePermission} service implementation.
50: *
51: * @since 1.0
52: */
53: @KapuaProvider
54: public class RolePermissionServiceImpl extends AbstractKapuaService implements RolePermissionService {
55:
56: private static final RoleService ROLE_SERVICE = KapuaLocator.getInstance().getService(RoleService.class);
57:
58: public RolePermissionServiceImpl() {
59: super(AuthorizationEntityManagerFactory.getInstance(), RolePermissionCacheFactory.getInstance());
60: }
61:
62: @Override
63: public RolePermission create(RolePermissionCreator rolePermissionCreator)
64: throws KapuaException {
65: ArgumentValidator.notNull(rolePermissionCreator, "rolePermissionCreator");
66: ArgumentValidator.notNull(rolePermissionCreator.getRoleId(), "rolePermissionCreator.roleId");
67: ArgumentValidator.notNull(rolePermissionCreator.getPermission(), "rolePermissionCreator.permission");
68:
69: //
70: // Check Access
71: KapuaLocator locator = KapuaLocator.getInstance();
72: AuthorizationService authorizationService = locator.getService(AuthorizationService.class);
73: PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
74: authorizationService.checkPermission(permissionFactory.newPermission(AuthorizationDomains.ROLE_DOMAIN, Actions.write, rolePermissionCreator.getScopeId()));
75:
76: //
77: // Check role existence
78:• if (ROLE_SERVICE.find(rolePermissionCreator.getScopeId(), rolePermissionCreator.getRoleId()) == null) {
79: throw new KapuaEntityNotFoundException(Role.TYPE, rolePermissionCreator.getRoleId());
80: }
81:
82: //
83: // Check that the given permission matches the definition of the Domains.
84: PermissionValidator.validatePermission(rolePermissionCreator.getPermission());
85:
86: //
87: // If permission are created out of the role permission scope, check that the current user has the permission on the external scopeId.
88: Permission permission = rolePermissionCreator.getPermission();
89:• if (permission.getTargetScopeId() == null || !permission.getTargetScopeId().equals(rolePermissionCreator.getScopeId())) {
90: authorizationService.checkPermission(permission);
91: }
92:
93: //
94: // Check duplicates
95: RolePermissionQuery query = new RolePermissionQueryImpl(rolePermissionCreator.getScopeId());
96: query.setPredicate(
97: query.andPredicate(
98: query.attributePredicate(KapuaEntityAttributes.SCOPE_ID, rolePermissionCreator.getScopeId()),
99: query.attributePredicate(RolePermissionAttributes.ROLE_ID, rolePermissionCreator.getRoleId()),
100: query.attributePredicate(RolePermissionAttributes.PERMISSION_DOMAIN, rolePermissionCreator.getPermission().getDomain()),
101: query.attributePredicate(RolePermissionAttributes.PERMISSION_ACTION, rolePermissionCreator.getPermission().getAction()),
102: query.attributePredicate(RolePermissionAttributes.PERMISSION_TARGET_SCOPE_ID, rolePermissionCreator.getPermission().getTargetScopeId()),
103: query.attributePredicate(RolePermissionAttributes.PERMISSION_GROUP_ID, rolePermissionCreator.getPermission().getGroupId()),
104: query.attributePredicate(RolePermissionAttributes.PERMISSION_FORWARDABLE, rolePermissionCreator.getPermission().getForwardable())
105: )
106: );
107:• if (count(query) > 0) {
108: List<Map.Entry<String, Object>> uniquesFieldValues = new ArrayList<>();
109:
110: uniquesFieldValues.add(new AbstractMap.SimpleEntry<>(KapuaEntityAttributes.SCOPE_ID, rolePermissionCreator.getScopeId()));
111: uniquesFieldValues.add(new AbstractMap.SimpleEntry<>(RolePermissionAttributes.ROLE_ID, rolePermissionCreator.getRoleId()));
112: uniquesFieldValues.add(new AbstractMap.SimpleEntry<>(RolePermissionAttributes.PERMISSION_DOMAIN, rolePermissionCreator.getPermission().getDomain()));
113: uniquesFieldValues.add(new AbstractMap.SimpleEntry<>(RolePermissionAttributes.PERMISSION_ACTION, rolePermissionCreator.getPermission().getAction()));
114: uniquesFieldValues.add(new AbstractMap.SimpleEntry<>(RolePermissionAttributes.PERMISSION_TARGET_SCOPE_ID, rolePermissionCreator.getPermission().getTargetScopeId()));
115: uniquesFieldValues.add(new AbstractMap.SimpleEntry<>(RolePermissionAttributes.PERMISSION_GROUP_ID, rolePermissionCreator.getPermission().getGroupId()));
116: uniquesFieldValues.add(new AbstractMap.SimpleEntry<>(RolePermissionAttributes.PERMISSION_FORWARDABLE, rolePermissionCreator.getPermission().getForwardable()));
117:
118: throw new KapuaEntityUniquenessException(RolePermission.TYPE, uniquesFieldValues);
119: }
120:
121: return entityManagerSession.doTransactedAction(EntityManagerContainer.<RolePermission>create().onResultHandler(em -> RolePermissionDAO.create(em, rolePermissionCreator))
122: .onAfterHandler((entity) -> entityCache.removeList(entity.getScopeId(), entity.getRoleId())));
123: }
124:
125: @Override
126: public void delete(KapuaId scopeId, KapuaId rolePermissionId) throws KapuaException {
127: ArgumentValidator.notNull(scopeId, KapuaEntityAttributes.SCOPE_ID);
128: ArgumentValidator.notNull(rolePermissionId, KapuaEntityAttributes.ENTITY_ID);
129:
130: // Check Access
131: KapuaLocator locator = KapuaLocator.getInstance();
132: AuthorizationService authorizationService = locator.getService(AuthorizationService.class);
133: PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
134: authorizationService.checkPermission(permissionFactory.newPermission(AuthorizationDomains.ROLE_DOMAIN, Actions.delete, scopeId));
135:
136: entityManagerSession.doTransactedAction(EntityManagerContainer.<RolePermission>create().onResultHandler(em -> {
137: // TODO: check if it is correct to remove this statement (already thrown by the delete method, but
138: // without TYPE)
139: RolePermission rolePermission = RolePermissionDAO.find(em, scopeId, rolePermissionId);
140:• if (rolePermission == null) {
141: throw new KapuaEntityNotFoundException(RolePermission.TYPE, rolePermissionId);
142:• } else if (KapuaId.ONE.equals(rolePermissionId)) {
143: throw new KapuaException(KapuaErrorCodes.PERMISSION_DELETE_NOT_ALLOWED);
144: }
145:
146: return RolePermissionDAO.delete(em, scopeId, rolePermissionId);
147: }).onAfterHandler((entity) -> {
148: entityCache.remove(scopeId, rolePermissionId);
149: entityCache.removeList(scopeId, entity.getRoleId());
150: }));
151: }
152:
153: @Override
154: public RolePermission find(KapuaId scopeId, KapuaId rolePermissionId)
155: throws KapuaException {
156: ArgumentValidator.notNull(scopeId, KapuaEntityAttributes.SCOPE_ID);
157: ArgumentValidator.notNull(rolePermissionId, KapuaEntityAttributes.ENTITY_ID);
158:
159: //
160: // Check Access
161: KapuaLocator locator = KapuaLocator.getInstance();
162: AuthorizationService authorizationService = locator.getService(AuthorizationService.class);
163: PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
164: authorizationService.checkPermission(permissionFactory.newPermission(AuthorizationDomains.ROLE_DOMAIN, Actions.read, scopeId));
165:
166: return entityManagerSession.doAction(EntityManagerContainer.<RolePermission>create().onResultHandler(em -> RolePermissionDAO.find(em, scopeId, rolePermissionId))
167: .onBeforeHandler(() -> (RolePermission) entityCache.get(scopeId, rolePermissionId))
168: .onAfterHandler((entity) -> entityCache.put(entity)));
169: }
170:
171: @Override
172: public RolePermissionListResult findByRoleId(KapuaId scopeId, KapuaId roleId)
173: throws KapuaException {
174: ArgumentValidator.notNull(scopeId, KapuaEntityAttributes.SCOPE_ID);
175: ArgumentValidator.notNull(roleId, KapuaEntityAttributes.ENTITY_ID);
176:
177: //
178: // Check Access
179: KapuaLocator locator = KapuaLocator.getInstance();
180: AuthorizationService authorizationService = locator.getService(AuthorizationService.class);
181: PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
182: authorizationService.checkPermission(permissionFactory.newPermission(AuthorizationDomains.ROLE_DOMAIN, Actions.read, scopeId));
183:
184: RolePermissionListResult listResult = (RolePermissionListResult) entityCache.getList(scopeId, roleId);
185:• if (listResult == null) {
186:
187: //
188: // Build query
189: RolePermissionQuery query = new RolePermissionQueryImpl(scopeId);
190: query.setPredicate(query.attributePredicate(RolePermissionAttributes.ROLE_ID, roleId));
191:
192: listResult = query(query);
193: entityCache.putList(scopeId, roleId, listResult);
194: }
195: return listResult;
196: }
197:
198: @Override
199: public RolePermissionListResult query(KapuaQuery query)
200: throws KapuaException {
201: ArgumentValidator.notNull(query, "query");
202:
203: //
204: // Check Access
205: KapuaLocator locator = KapuaLocator.getInstance();
206: AuthorizationService authorizationService = locator.getService(AuthorizationService.class);
207: PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
208: authorizationService.checkPermission(permissionFactory.newPermission(AuthorizationDomains.ROLE_DOMAIN, Actions.read, query.getScopeId()));
209:
210: return entityManagerSession.doAction(EntityManagerContainer.<RolePermissionListResult>create().onResultHandler(em -> RolePermissionDAO.query(em, query)));
211: }
212:
213: @Override
214: public long count(KapuaQuery query)
215: throws KapuaException {
216: ArgumentValidator.notNull(query, "query");
217:
218: //
219: // Check Access
220: KapuaLocator locator = KapuaLocator.getInstance();
221: AuthorizationService authorizationService = locator.getService(AuthorizationService.class);
222: PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
223: authorizationService.checkPermission(permissionFactory.newPermission(AuthorizationDomains.ROLE_DOMAIN, Actions.read, query.getScopeId()));
224:
225: return entityManagerSession.doAction(EntityManagerContainer.<Long>create().onResultHandler(em -> RolePermissionDAO.count(em, query)));
226: }
227: }