1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33 package edu.internet2.middleware.grouper;
34
35 import static edu.internet2.middleware.grouper.hooks.examples.GroupTypeTupleIncludeExcludeHook.excludeDescription;
36 import static edu.internet2.middleware.grouper.hooks.examples.GroupTypeTupleIncludeExcludeHook.excludeDisplayExtensionSuffix;
37 import static edu.internet2.middleware.grouper.hooks.examples.GroupTypeTupleIncludeExcludeHook.excludeExtensionSuffix;
38 import static edu.internet2.middleware.grouper.hooks.examples.GroupTypeTupleIncludeExcludeHook.includeDescription;
39 import static edu.internet2.middleware.grouper.hooks.examples.GroupTypeTupleIncludeExcludeHook.includeDisplayExtensionSuffix;
40 import static edu.internet2.middleware.grouper.hooks.examples.GroupTypeTupleIncludeExcludeHook.includeExtensionSuffix;
41 import static edu.internet2.middleware.grouper.hooks.examples.GroupTypeTupleIncludeExcludeHook.overallDescription;
42 import static edu.internet2.middleware.grouper.hooks.examples.GroupTypeTupleIncludeExcludeHook.systemOfRecordAndIncludesDescription;
43 import static edu.internet2.middleware.grouper.hooks.examples.GroupTypeTupleIncludeExcludeHook.systemOfRecordAndIncludesDisplayExtensionSuffix;
44 import static edu.internet2.middleware.grouper.hooks.examples.GroupTypeTupleIncludeExcludeHook.systemOfRecordAndIncludesExtensionSuffix;
45 import static edu.internet2.middleware.grouper.hooks.examples.GroupTypeTupleIncludeExcludeHook.systemOfRecordDescription;
46 import static edu.internet2.middleware.grouper.hooks.examples.GroupTypeTupleIncludeExcludeHook.systemOfRecordDisplayExtensionSuffix;
47 import static edu.internet2.middleware.grouper.hooks.examples.GroupTypeTupleIncludeExcludeHook.systemOfRecordExtensionSuffix;
48
49 import java.sql.Timestamp;
50 import java.util.Collection;
51 import java.util.Collections;
52 import java.util.Date;
53 import java.util.HashMap;
54 import java.util.HashSet;
55 import java.util.Iterator;
56 import java.util.LinkedHashMap;
57 import java.util.LinkedHashSet;
58 import java.util.Map;
59 import java.util.Set;
60
61 import org.apache.commons.lang.StringUtils;
62 import org.apache.commons.lang.builder.EqualsBuilder;
63 import org.apache.commons.lang.builder.HashCodeBuilder;
64 import org.apache.commons.lang.builder.ToStringBuilder;
65 import org.apache.commons.lang.time.StopWatch;
66 import org.apache.commons.logging.Log;
67 import org.hibernate.CallbackException;
68 import org.hibernate.Session;
69 import org.hibernate.classic.Lifecycle;
70
71 import edu.internet2.middleware.grouper.annotations.GrouperIgnoreClone;
72 import edu.internet2.middleware.grouper.annotations.GrouperIgnoreDbVersion;
73 import edu.internet2.middleware.grouper.annotations.GrouperIgnoreFieldConstant;
74 import edu.internet2.middleware.grouper.app.loader.GrouperLoader;
75 import edu.internet2.middleware.grouper.attr.AttributeDef;
76 import edu.internet2.middleware.grouper.attr.AttributeDefName;
77 import edu.internet2.middleware.grouper.attr.AttributeDefType;
78 import edu.internet2.middleware.grouper.attr.assign.AttributeAssign;
79 import edu.internet2.middleware.grouper.attr.assign.AttributeAssignEffMshipDelegate;
80 import edu.internet2.middleware.grouper.attr.assign.AttributeAssignGroupDelegate;
81 import edu.internet2.middleware.grouper.attr.assign.AttributeAssignMembershipDelegate;
82 import edu.internet2.middleware.grouper.attr.assign.AttributeAssignable;
83 import edu.internet2.middleware.grouper.attr.finder.AttributeAssignFinder;
84 import edu.internet2.middleware.grouper.attr.value.AttributeAssignValue;
85 import edu.internet2.middleware.grouper.attr.value.AttributeAssignValueResult;
86 import edu.internet2.middleware.grouper.attr.value.AttributeValueDelegate;
87 import edu.internet2.middleware.grouper.audit.AuditEntry;
88 import edu.internet2.middleware.grouper.audit.AuditTypeBuiltin;
89 import edu.internet2.middleware.grouper.cfg.GrouperConfig;
90 import edu.internet2.middleware.grouper.changeLog.ChangeLogEntry;
91 import edu.internet2.middleware.grouper.changeLog.ChangeLogLabels;
92 import edu.internet2.middleware.grouper.changeLog.ChangeLogTypeBuiltin;
93 import edu.internet2.middleware.grouper.ddl.GrouperDdlUtils;
94 import edu.internet2.middleware.grouper.entity.Entity;
95 import edu.internet2.middleware.grouper.entity.EntityUtils;
96 import edu.internet2.middleware.grouper.exception.AttributeDefNotFoundException;
97 import edu.internet2.middleware.grouper.exception.AttributeNotFoundException;
98 import edu.internet2.middleware.grouper.exception.CompositeNotFoundException;
99 import edu.internet2.middleware.grouper.exception.GrantPrivilegeAlreadyExistsException;
100 import edu.internet2.middleware.grouper.exception.GrantPrivilegeException;
101 import edu.internet2.middleware.grouper.exception.GroupAddException;
102 import edu.internet2.middleware.grouper.exception.GroupDeleteException;
103 import edu.internet2.middleware.grouper.exception.GroupModifyAlreadyExistsException;
104 import edu.internet2.middleware.grouper.exception.GroupModifyException;
105 import edu.internet2.middleware.grouper.exception.GroupNotFoundException;
106 import edu.internet2.middleware.grouper.exception.GrouperException;
107 import edu.internet2.middleware.grouper.exception.GrouperSessionException;
108 import edu.internet2.middleware.grouper.exception.GrouperValidationException;
109 import edu.internet2.middleware.grouper.exception.InsufficientPrivilegeException;
110 import edu.internet2.middleware.grouper.exception.MemberAddAlreadyExistsException;
111 import edu.internet2.middleware.grouper.exception.MemberAddException;
112 import edu.internet2.middleware.grouper.exception.MemberDeleteAlreadyDeletedException;
113 import edu.internet2.middleware.grouper.exception.MemberDeleteException;
114 import edu.internet2.middleware.grouper.exception.MemberNotFoundException;
115 import edu.internet2.middleware.grouper.exception.MembershipAlreadyExistsException;
116 import edu.internet2.middleware.grouper.exception.MembershipNotFoundException;
117 import edu.internet2.middleware.grouper.exception.RevokePrivilegeAlreadyRevokedException;
118 import edu.internet2.middleware.grouper.exception.RevokePrivilegeException;
119 import edu.internet2.middleware.grouper.exception.SchemaException;
120 import edu.internet2.middleware.grouper.exception.StemAddException;
121 import edu.internet2.middleware.grouper.exception.StemNotFoundException;
122 import edu.internet2.middleware.grouper.exception.UnableToPerformAlreadyExistsException;
123 import edu.internet2.middleware.grouper.exception.UnableToPerformException;
124 import edu.internet2.middleware.grouper.group.TypeOfGroup;
125 import edu.internet2.middleware.grouper.hibernate.AuditControl;
126 import edu.internet2.middleware.grouper.hibernate.GrouperTransaction;
127 import edu.internet2.middleware.grouper.hibernate.GrouperTransactionHandler;
128 import edu.internet2.middleware.grouper.hibernate.GrouperTransactionType;
129 import edu.internet2.middleware.grouper.hibernate.HibUtilsMapping;
130 import edu.internet2.middleware.grouper.hibernate.HibernateHandler;
131 import edu.internet2.middleware.grouper.hibernate.HibernateHandlerBean;
132 import edu.internet2.middleware.grouper.hibernate.HibernateSession;
133 import edu.internet2.middleware.grouper.hooks.GroupHooks;
134 import edu.internet2.middleware.grouper.hooks.beans.HooksGroupBean;
135 import edu.internet2.middleware.grouper.hooks.examples.GroupTypeTupleIncludeExcludeHook;
136 import edu.internet2.middleware.grouper.hooks.logic.GrouperHookType;
137 import edu.internet2.middleware.grouper.hooks.logic.GrouperHooksUtils;
138 import edu.internet2.middleware.grouper.hooks.logic.HookVeto;
139 import edu.internet2.middleware.grouper.hooks.logic.VetoTypeGrouper;
140 import edu.internet2.middleware.grouper.instrumentation.InstrumentationDataBuiltinTypes;
141 import edu.internet2.middleware.grouper.instrumentation.InstrumentationThread;
142 import edu.internet2.middleware.grouper.internal.dao.GrouperDAOException;
143 import edu.internet2.middleware.grouper.internal.dao.QueryOptions;
144 import edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GrouperVersioned;
145 import edu.internet2.middleware.grouper.internal.util.GrouperUuid;
146 import edu.internet2.middleware.grouper.internal.util.Quote;
147 import edu.internet2.middleware.grouper.internal.util.U;
148 import edu.internet2.middleware.grouper.log.EventLog;
149 import edu.internet2.middleware.grouper.member.SearchStringEnum;
150 import edu.internet2.middleware.grouper.member.SortStringEnum;
151 import edu.internet2.middleware.grouper.membership.MembershipType;
152 import edu.internet2.middleware.grouper.misc.CompositeType;
153 import edu.internet2.middleware.grouper.misc.E;
154 import edu.internet2.middleware.grouper.misc.GrouperDAOFactory;
155 import edu.internet2.middleware.grouper.misc.GrouperHasContext;
156 import edu.internet2.middleware.grouper.misc.GrouperObject;
157 import edu.internet2.middleware.grouper.misc.GrouperSessionHandler;
158 import edu.internet2.middleware.grouper.misc.GrouperVersion;
159 import edu.internet2.middleware.grouper.misc.M;
160 import edu.internet2.middleware.grouper.misc.Owner;
161 import edu.internet2.middleware.grouper.misc.SaveMode;
162 import edu.internet2.middleware.grouper.permissions.PermissionRoleDelegate;
163 import edu.internet2.middleware.grouper.permissions.role.Role;
164 import edu.internet2.middleware.grouper.permissions.role.RoleHierarchyType;
165 import edu.internet2.middleware.grouper.permissions.role.RoleInheritanceDelegate;
166 import edu.internet2.middleware.grouper.permissions.role.RoleSet;
167 import edu.internet2.middleware.grouper.privs.AccessPrivilege;
168 import edu.internet2.middleware.grouper.privs.AccessResolver;
169 import edu.internet2.middleware.grouper.privs.Privilege;
170 import edu.internet2.middleware.grouper.privs.PrivilegeHelper;
171 import edu.internet2.middleware.grouper.rules.RuleCheckType;
172 import edu.internet2.middleware.grouper.rules.RuleDefinition;
173 import edu.internet2.middleware.grouper.rules.RuleEngine;
174 import edu.internet2.middleware.grouper.rules.RuleThenEnum;
175 import edu.internet2.middleware.grouper.rules.RuleUtils;
176 import edu.internet2.middleware.grouper.rules.beans.RulesMembershipBean;
177 import edu.internet2.middleware.grouper.rules.beans.RulesPrivilegeBean;
178 import edu.internet2.middleware.grouper.subj.GrouperSubject;
179 import edu.internet2.middleware.grouper.subj.LazySubject;
180 import edu.internet2.middleware.grouper.subj.SubjectHelper;
181 import edu.internet2.middleware.grouper.tableIndex.TableIndex;
182 import edu.internet2.middleware.grouper.tableIndex.TableIndexType;
183 import edu.internet2.middleware.grouper.util.GrouperUtil;
184 import edu.internet2.middleware.grouper.util.PerformanceLogger;
185 import edu.internet2.middleware.grouper.validator.AddAlternateGroupNameValidator;
186 import edu.internet2.middleware.grouper.validator.AddCompositeMemberValidator;
187 import edu.internet2.middleware.grouper.validator.CanOptinValidator;
188 import edu.internet2.middleware.grouper.validator.CanOptoutValidator;
189 import edu.internet2.middleware.grouper.validator.CompositeValidator;
190 import edu.internet2.middleware.grouper.validator.FieldTypeValidator;
191 import edu.internet2.middleware.grouper.validator.GrouperValidator;
192 import edu.internet2.middleware.grouper.validator.NamingValidator;
193 import edu.internet2.middleware.grouper.validator.NotNullOrEmptyValidator;
194 import edu.internet2.middleware.grouper.validator.NotNullValidator;
195 import edu.internet2.middleware.grouper.xml.export.XmlExportGroup;
196 import edu.internet2.middleware.grouper.xml.export.XmlImportable;
197 import edu.internet2.middleware.grouperClient.collections.MultiKey;
198 import edu.internet2.middleware.subject.Source;
199 import edu.internet2.middleware.subject.SourceUnavailableException;
200 import edu.internet2.middleware.subject.Subject;
201 import edu.internet2.middleware.subject.SubjectNotFoundException;
202 import edu.internet2.middleware.subject.SubjectNotUniqueException;
203
204
205
206
207
208
209
210
211 @SuppressWarnings("serial")
212 public class Group extends GrouperAPI implements Role, GrouperHasContext, Owner,
213 Hib3GrouperVersioned, Comparable, XmlImportable<Group>, AttributeAssignable, Entity, GrouperObject {
214
215
216
217
218 public static final String VALIDATION_GROUP_DESCRIPTION_TOO_LONG_KEY = "groupDescriptionTooLong";
219
220
221
222
223 public static final String VALIDATION_GROUP_DISPLAY_EXTENSION_TOO_LONG_KEY = "groupDisplayExtensionTooLong";
224
225
226
227
228 public static final String VALIDATION_GROUP_EXTENSION_TOO_LONG_KEY = "groupExtensionTooLong";
229
230
231
232
233 public static final String VALIDATION_GROUP_DISPLAY_NAME_TOO_LONG_KEY = "groupDisplayNameTooLong";
234
235
236
237
238 public static final String VALIDATION_GROUP_NAME_TOO_LONG_KEY = "groupNameTooLong";
239
240
241 public static final String TABLE_GROUPER_GROUPS = "grouper_groups";
242
243
244 public static final String COLUMN_UUID = "uuid";
245
246
247 public static final String COLUMN_ID = "id";
248
249
250 public static final String COLUMN_PARENT_STEM = "parent_stem";
251
252
253 public static final String COLUMN_CREATOR_ID = "creator_id";
254
255
256 public static final String COLUMN_CREATE_TIME = "create_time";
257
258
259 public static final String COLUMN_MODIFIER_ID = "modifier_id";
260
261
262 public static final String COLUMN_MODIFY_TIME = "modify_time";
263
264
265 public static final String COLUMN_NAME = "name";
266
267
268 public static final String COLUMN_DISPLAY_NAME = "display_name";
269
270
271 public static final String COLUMN_EXTENSION = "extension";
272
273
274 public static final String COLUMN_DISPLAY_EXTENSION = "display_extension";
275
276
277 public static final String COLUMN_DESCRIPTION = "description";
278
279
280 public static final String COLUMN_OLD_ID = "old_id";
281
282
283 public static final String COLUMN_OLD_UUID = "old_uuid";
284
285
286 public static final String COLUMN_LAST_MEMBERSHIP_CHANGE = "last_membership_change";
287
288
289 public static final String COLUMN_LAST_IMMEDIATE_MEMBERSHIP_CHANGE = "last_imm_membership_change";
290
291
292 public static final String COLUMN_ALTERNATE_NAME = "alternate_name";
293
294
295 public static final String COLUMN_TYPE_OF_GROUP = "type_of_group";
296
297
298 public static final String COLUMN_ID_INDEX = "id_index";
299
300
301 public static final String COLUMN_DISABLED_TIMESTAMP = "disabled_timestamp";
302
303
304 public static final String COLUMN_ENABLED_TIMESTAMP = "enabled_timestamp";
305
306
307 public static final String COLUMN_ENABLED = "enabled";
308
309
310
311
312
313
314
315 @Deprecated
316 public Composite getComposite() throws CompositeNotFoundException {
317 return this.getComposite(true);
318 }
319
320
321
322
323
324
325
326 public Composite getComposite(boolean throwExceptionIfNotFound) {
327 try {
328 return CompositeFinder.findAsOwner(this, true);
329 } catch (CompositeNotFoundException cnfe) {
330 if (throwExceptionIfNotFound) {
331 throw cnfe;
332 }
333 return null;
334 }
335 }
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376 public static Group saveGroup(final GrouperSession GROUPER_SESSION, final String groupNameToEdit,
377 final String uuid, final String name, final String displayExtension, final String description,
378 SaveMode saveMode, final boolean createParentStemsIfNotExist)
379 throws StemNotFoundException, InsufficientPrivilegeException, StemAddException,
380 GroupModifyException, GroupNotFoundException, GroupAddException {
381
382 GroupSaveroupSave.html#GroupSave">GroupSave groupSave = new GroupSave(GROUPER_SESSION);
383
384 groupSave.assignGroupNameToEdit(groupNameToEdit).assignUuid(uuid);
385 groupSave.assignName(name).assignDisplayExtension(displayExtension);
386 groupSave.assignDescription(description).assignSaveMode(saveMode);
387 groupSave.assignCreateParentStemsIfNotExist(createParentStemsIfNotExist);
388 Group group = groupSave.save();
389
390 return group;
391
392 }
393
394
395 private static final EventLogEventLog EVENT_LOG = new EventLog();
396
397 private static final String KEY_CREATOR = "creator";
398
399 private static final String KEY_MODIFIER = "modifier";
400
401 private static final String KEY_SUBJECT = "subject";
402
403
404 @GrouperIgnoreDbVersion
405 @GrouperIgnoreFieldConstant
406 @GrouperIgnoreClone
407 private Member cachedMember = null;
408
409
410 @GrouperIgnoreDbVersion
411 @GrouperIgnoreFieldConstant
412 @GrouperIgnoreClone
413 private HashMap<String, Subject> subjectCache = new HashMap<String, Subject>();
414
415
416
417 @GrouperIgnoreDbVersion
418 @GrouperIgnoreFieldConstant
419 @GrouperIgnoreClone
420
421
422 private Map<String, AttributeAssignValue> attributes;
423
424 private long createTime = 0;
425
426 private String creatorUUID;
427
428
429 private String modifierUUID;
430
431 private long modifyTime = 0;
432
433 private String parentUuid;
434
435
436 private TypeOfGroup typeOfGroup = TypeOfGroup.group;
437
438
439
440 @GrouperIgnoreDbVersion
441 @GrouperIgnoreFieldConstant
442 @GrouperIgnoreClone
443 private Map<String, AttributeDefName> types;
444
445
446 private Map<String, AttributeAssign> typeAssignments;
447
448
449 private String uuid;
450
451
452 private String name;
453
454
455 private String alternateNameDb;
456
457
458 private String displayName;
459
460
461 private String extension;
462
463
464 private Long idIndex;
465
466
467 private String displayExtension;
468
469
470 private String description;
471
472
473 private String contextId;
474
475
476
477
478 private boolean enabled = true;
479
480
481
482
483 private Long enabledTimeDb;
484
485
486
487
488 private Long disabledTimeDb;
489
490
491
492
493
494 public String getContextId() {
495 return this.contextId;
496 }
497
498
499
500
501
502 public void setContextId(String contextId1) {
503 this.contextId = contextId1;
504 }
505
506
507
508
509
510
511 public static final String FIELD_ALTERNATE_NAME_DB = "alternateNameDb";
512
513
514 public static final String FIELD_CREATE_TIME = "createTime";
515
516
517 public static final String FIELD_CREATOR_UUID = "creatorUUID";
518
519
520 public static final String FIELD_DB_VERSION = "dbVersion";
521
522
523 public static final String FIELD_DESCRIPTION = "description";
524
525
526 public static final String FIELD_DISPLAY_EXTENSION = "displayExtension";
527
528
529 public static final String FIELD_DISPLAY_NAME = "displayName";
530
531
532 public static final String FIELD_EXTENSION = "extension";
533
534
535 public static final String FIELD_ID_INDEX = "idIndex";
536
537
538 public static final String FIELD_LAST_MEMBERSHIP_CHANGE_DB = "lastMembershipChangeDb";
539
540
541 public static final String FIELD_LAST_IMMEDIATE_MEMBERSHIP_CHANGE_DB = "lastImmediateMembershipChangeDb";
542
543
544 public static final String FIELD_MODIFIER_UUID = "modifierUUID";
545
546
547 public static final String FIELD_MODIFY_TIME = "modifyTime";
548
549
550 public static final String FIELD_NAME = "name";
551
552
553 public static final String FIELD_PARENT_UUID = "parentUuid";
554
555
556 public static final String FIELD_TYPE_OF_GROUP = "typeOfGroup";
557
558
559 public static final String FIELD_UUID = "uuid";
560
561
562 public static final String FIELD_DISABLED_TIME_DB = "disabledTimeDb";
563
564
565 public static final String FIELD_ENABLED = "enabled";
566
567
568 public static final String FIELD_ENABLED_TIME_DB = "enabledTimeDb";
569
570
571
572
573 private static final Set<String> DB_VERSION_FIELDS = GrouperUtil.toSet(
574 FIELD_CREATE_TIME, FIELD_CREATOR_UUID, FIELD_DESCRIPTION,
575 FIELD_DISPLAY_EXTENSION, FIELD_DISPLAY_NAME, FIELD_EXTENSION, FIELD_MODIFIER_UUID,
576 FIELD_MODIFY_TIME, FIELD_NAME, FIELD_PARENT_UUID, FIELD_TYPE_OF_GROUP, FIELD_UUID,
577 FIELD_ID_INDEX, FIELD_DISABLED_TIME_DB, FIELD_ENABLED, FIELD_ENABLED_TIME_DB,
578 FIELD_ALTERNATE_NAME_DB, FIELD_LAST_MEMBERSHIP_CHANGE_DB, FIELD_LAST_IMMEDIATE_MEMBERSHIP_CHANGE_DB);
579
580
581
582
583 private static final Set<String> CLONE_FIELDS = GrouperUtil.toSet(
584 FIELD_CREATE_TIME, FIELD_CREATOR_UUID, FIELD_DB_VERSION,
585 FIELD_DESCRIPTION, FIELD_DISPLAY_EXTENSION, FIELD_DISPLAY_NAME, FIELD_EXTENSION,
586 FIELD_HIBERNATE_VERSION_NUMBER, FIELD_ID_INDEX, FIELD_MODIFIER_UUID, FIELD_MODIFY_TIME, FIELD_NAME,
587 FIELD_PARENT_UUID, FIELD_TYPE_OF_GROUP, FIELD_UUID, FIELD_LAST_MEMBERSHIP_CHANGE_DB,
588 FIELD_ALTERNATE_NAME_DB, FIELD_LAST_IMMEDIATE_MEMBERSHIP_CHANGE_DB,
589 FIELD_DISABLED_TIME_DB, FIELD_ENABLED, FIELD_ENABLED_TIME_DB);
590
591
592
593
594
595
596
597
598 private boolean internal_isEnabledUsingTimestamps() {
599 long now = System.currentTimeMillis();
600 if (this.enabledTimeDb != null && this.enabledTimeDb > now) {
601 return false;
602 }
603 if (this.disabledTimeDb != null && this.disabledTimeDb < now) {
604 return false;
605 }
606 return true;
607 }
608
609
610
611
612
613 public boolean isEnabled() {
614 return this.enabled;
615 }
616
617
618
619
620
621 public void setEnabled(boolean enabled) {
622 this.enabled = enabled;
623 }
624
625
626
627
628
629 public String getEnabledDb() {
630 if (this.enabled) {
631 return "T";
632 }
633
634 return "F";
635 }
636
637
638
639
640
641
642 public void setEnabledDb(String enabled) {
643 this.enabled = GrouperUtil.booleanValue(enabled);
644 }
645
646
647
648
649
650 public Long getEnabledTimeDb() {
651 return this.enabledTimeDb;
652 }
653
654
655
656
657
658 public Timestamp getEnabledTime() {
659 if (this.enabledTimeDb == null) {
660 return null;
661 }
662
663 return new Timestamp(this.enabledTimeDb);
664 }
665
666
667
668
669
670 public void setEnabledTimeDb(Long enabledTimeDb) {
671 this.enabledTimeDb = enabledTimeDb;
672 }
673
674
675
676
677
678 public void setEnabledTime(Timestamp enabledTimeDb) {
679 if (enabledTimeDb == null) {
680 this.enabledTimeDb = null;
681 } else {
682 this.enabledTimeDb = enabledTimeDb.getTime();
683 }
684
685 setEnabled(internal_isEnabledUsingTimestamps());
686 }
687
688
689
690
691
692 public Long getDisabledTimeDb() {
693 return this.disabledTimeDb;
694 }
695
696
697
698
699
700 public Timestamp getDisabledTime() {
701 if (this.disabledTimeDb == null) {
702 return null;
703 }
704
705 return new Timestamp(this.disabledTimeDb);
706 }
707
708
709
710
711
712 public void setDisabledTimeDb(Long disabledTimeDb) {
713 this.disabledTimeDb = disabledTimeDb;
714 }
715
716
717
718
719
720 public void setDisabledTime(Timestamp disabledTimeDb) {
721 if (disabledTimeDb == null) {
722 this.disabledTimeDb = null;
723 } else {
724 this.disabledTimeDb = disabledTimeDb.getTime();
725 }
726
727 setEnabled(this.internal_isEnabledUsingTimestamps());
728 }
729
730
731 @GrouperIgnoreClone @GrouperIgnoreDbVersion @GrouperIgnoreFieldConstant
732 private AttributeAssignGroupDelegate attributeAssignGroupDelegate;
733
734
735
736
737
738 public AttributeAssignGroupDelegate getAttributeDelegate() {
739 if (this.attributeAssignGroupDelegate == null) {
740 this.attributeAssignGroupDelegate = new AttributeAssignGroupDelegate(this);
741 }
742 return this.attributeAssignGroupDelegate;
743 }
744
745
746 @GrouperIgnoreClone @GrouperIgnoreDbVersion @GrouperIgnoreFieldConstant
747 private AttributeValueDelegate attributeValueDelegate;
748
749
750
751
752
753 public AttributeValueDelegate getAttributeValueDelegate() {
754 if (this.attributeValueDelegate == null) {
755 this.attributeValueDelegate = new AttributeValueDelegate(this.getAttributeDelegate());
756 }
757 return this.attributeValueDelegate;
758 }
759
760
761
762
763
764
765 public AttributeAssignEffMshipDelegate getAttributeDelegateEffMship(Member member) {
766 return new AttributeAssignEffMshipDelegate(this, member);
767 }
768
769
770
771
772
773
774 public AttributeValueDelegate getAttributeValueDelegateEffMship(Member member) {
775 return new AttributeValueDelegate(this.getAttributeDelegateEffMship(member));
776 }
777
778
779
780
781
782
783
784 public AttributeAssignMembershipDelegate getAttributeDelegateMembership(Member member) {
785 return getAttributeDelegateMembership(member, Group.getDefaultList());
786 }
787
788
789
790
791
792
793
794 public AttributeAssignMembershipDelegate getAttributeDelegateMembership(Member member, Field field) {
795 Membership membership = MembershipFinder.findImmediateMembership(GrouperSession.staticGrouperSession(),
796 this, member.getSubject(), field, false);
797 if (membership == null) {
798 throw new RuntimeException("Cannot get the immediate membership attribute delegate if not an immediate member: "
799 + this + ", " + GrouperUtil.subjectToString(member.getSubject()) + ", " + field);
800 }
801 return new AttributeAssignMembershipDelegate(membership);
802 }
803
804
805
806
807
808
809
810 public AttributeValueDelegate getAttributeValueDelegateMembership(Member member, Field field) {
811 return new AttributeValueDelegate(this.getAttributeDelegateMembership(member, field));
812 }
813
814
815
816
817
818
819 public AttributeValueDelegate getAttributeValueDelegateMembership(Member member) {
820 return new AttributeValueDelegate(this.getAttributeDelegateMembership(member));
821 }
822
823
824
825
826
827
828
829
830
831
832 public static Field getDefaultList() throws GrouperException {
833 return FieldFinder.find(GrouperConfig.LIST, true);
834 }
835
836
837 private static final Log LOG = GrouperUtil.getLog(Group.class);
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860 public void assignCompositeMember(final CompositeType type, final Grouprouper/Group.html#Group">Group left, final Group right)
861 throws InsufficientPrivilegeException, MemberAddException, MemberDeleteException {
862
863 final String errorMessageSuffix = ", group name: " + this.name + ", compositeType: " + type
864 + ", left group name: " + (left == null ? "null" : left.getName())
865 + ", right group name: " + (right == null ? "null" : right.getName());
866
867 Composite composite = null;
868 try {
869 composite = this.getComposite();
870 } catch (CompositeNotFoundException cnfe) {
871
872 }
873 if (composite != null) {
874
875
876 if (!composite.getTypeDb().equals(type.getName())
877 || !composite.getLeftFactorUuid().equals(left.getUuid())
878 || !composite.getRightFactorUuid().equals(right.getUuid())) {
879
880 if (LOG.isDebugEnabled()) {
881 LOG.debug("Deleting and adding composite member for group: " + this.getExtension() + ": "
882 + type.getName() + ": " + left.getExtension() + " - " + right.getExtension());
883 }
884
885 final StringBuilder differences = new StringBuilder();
886 if (!composite.getTypeDb().equals(type.getName())) {
887 differences.append("type from: " + composite.getTypeDb() + " to: " + type.getName());
888 }
889 if (!composite.getLeftFactorUuid().equals(left.getUuid())) {
890 try {
891 differences.append("left group from: " + composite.getLeftGroup().getName() + ", to: " + left.getName());
892 } catch (GroupNotFoundException gnfe) {
893 differences.append("left group from: " + composite.getLeftFactorUuid() + ", to: " + left.getName());
894 }
895 }
896 if (!composite.getRightFactorUuid().equals(right.getUuid())) {
897 try {
898 differences.append("right group from: " + composite.getRightGroup().getName() + ", to: " + right.getName());
899 } catch (GroupNotFoundException gnfe) {
900 differences.append("right group from: " + composite.getRightFactorUuid() + ", to: " + right.getName());
901 }
902 }
903 final Composite COMPOSITE = composite;
904
905 HibernateSession.callbackHibernateSession(
906 GrouperTransactionType.READ_WRITE_OR_USE_EXISTING, AuditControl.WILL_AUDIT,
907 new HibernateHandler() {
908
909 public Object callback(HibernateHandlerBean hibernateHandlerBean)
910 throws GrouperDAOException {
911
912 try {
913
914 hibernateHandlerBean.getHibernateSession().setCachingEnabled(false);
915
916 Group.this.deleteCompositeMember();
917 Group.this.addCompositeMember(type, left, right);
918
919 if (!hibernateHandlerBean.isCallerWillCreateAudit()) {
920
921 AuditEntryit/AuditEntry.html#AuditEntry">AuditEntry auditEntry = new AuditEntry(AuditTypeBuiltin.GROUP_COMPOSITE_UPDATE, "id",
922 COMPOSITE.getUuid(), "ownerId", Group.this.getUuid(), "ownerName", Group.this.getName(), "leftFactorId",
923 left.getUuid(), "leftFactorName", left.getName(), "rightFactorId", right.getUuid(),
924 "rightFactorName", right.getName(), "type", type.toString());
925 auditEntry.setDescription("Updated composite: " + Group.this.getName() + ", " + differences.toString());
926 auditEntry.saveOrUpdate(true);
927 }
928
929 return null;
930 } catch (MemberAddException mae) {
931 GrouperUtil.injectInException(mae, errorMessageSuffix);
932 throw mae;
933 } catch (RuntimeException re) {
934 GrouperUtil.injectInException(re, errorMessageSuffix);
935 throw re;
936 }
937 }
938 });
939 }
940 } else {
941 if (LOG.isDebugEnabled()) {
942 LOG.debug("Adding composite member for group: " + this.getExtension() + ": "
943 + type.getName() + ": " + left.getExtension() + " - " + right.getExtension());
944 }
945 this.addCompositeMember(type, left, right);
946 }
947
948 }
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971 public Composite addCompositeMember(CompositeType type, Groupref="../../../../edu/internet2/middleware/grouper/Group.html#Group">Group left, Group right)
972 throws InsufficientPrivilegeException,
973 MemberAddException {
974 return internal_addCompositeMember(GrouperSession.staticGrouperSession(), type, left, right, null);
975 }
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002 public void addMember(Subject subj)
1003 throws InsufficientPrivilegeException,
1004 MemberAddException
1005 {
1006 this.addMember(subj, true);
1007 }
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037 public boolean addMember(Subject subj, boolean exceptionIfAlreadyMember)
1038 throws InsufficientPrivilegeException,
1039 MemberAddException
1040 {
1041 try {
1042 Field defaultList = getDefaultList();
1043 return this.addMember(subj, defaultList, exceptionIfAlreadyMember);
1044 }
1045 catch (SchemaException eS) {
1046 throw new MemberAddException(eS.getMessage(), eS);
1047 }
1048 }
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080 public void addMember(Subject subj, Field f)
1081 throws InsufficientPrivilegeException,
1082 MemberAddException,
1083 SchemaException
1084 {
1085 this.addMember(subj, f, true);
1086 }
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121 public boolean addMember(final Subject subj, final Field f, final boolean exceptionIfAlreadyMember)
1122 throws InsufficientPrivilegeException,
1123 MemberAddException, SchemaException {
1124 return this.internal_addMember(subj, f, exceptionIfAlreadyMember, null, null, null);
1125 }
1126
1127
1128
1129
1130
1131
1132
1133 public int replaceMembers(Collection<Subject> newSubjectList) {
1134 return replaceMembers(newSubjectList, Group.getDefaultList());
1135 }
1136
1137
1138
1139
1140
1141
1142
1143
1144 public int replaceMembers(Collection<Subject> newSubjectList, Field field) {
1145
1146 Map<String, Object> infoMap = new HashMap<String, Object>();
1147 infoMap.put("operation", "replaceMembers");
1148 infoMap.put("groupName", this.getName());
1149
1150 try {
1151 Set<Member> existingMembers = GrouperUtil.nonNull(this.getMembers(field));
1152
1153 infoMap.put("existingMemberListSize", GrouperUtil.length(existingMembers));
1154 infoMap.put("newMemberListSize", GrouperUtil.length(newSubjectList));
1155
1156
1157 Map<MultiKey, Member> existingMemberMap = new HashMap<MultiKey, Member>();
1158
1159 int changedRecords = 0;
1160
1161
1162 for (Member member : existingMembers) {
1163
1164 MultiKey multiKey = new MultiKey(member.getSubjectSourceId(), member.getSubjectId());
1165
1166 existingMemberMap.put(multiKey, member);
1167
1168 }
1169
1170
1171 Map<MultiKey, Subject> newMemberMap = new HashMap<MultiKey, Subject>();
1172
1173
1174 for (Subject subject : GrouperUtil.nonNull(newSubjectList)) {
1175
1176 MultiKey multiKey = new MultiKey(subject.getSourceId(), subject.getId());
1177
1178 newMemberMap.put(multiKey, subject);
1179
1180 }
1181
1182
1183 Iterator<MultiKey> newMemberListIterator = newMemberMap.keySet().iterator();
1184
1185 while (newMemberListIterator.hasNext()) {
1186
1187 MultiKey newMemberMultiKey = newMemberListIterator.next();
1188
1189 if (existingMemberMap.containsKey(newMemberMultiKey)) {
1190 newMemberListIterator.remove();
1191 existingMemberMap.remove(newMemberMultiKey);
1192 if (LOG.isDebugEnabled()) {
1193 LOG.debug("Replace members on " + this.getName() + ": Subject "
1194 + newMemberMultiKey.getKey(0) + " - " + newMemberMultiKey.getKey(1) + " already is in the list");
1195 }
1196 }
1197 }
1198
1199 int addedMemberCount = 0;
1200
1201
1202
1203 for (MultiKey newMemberMultiKey : newMemberMap.keySet()) {
1204
1205 Subject newSubject = newMemberMap.get(newMemberMultiKey);
1206
1207 this.addMember(newSubject, field, true);
1208
1209 if (LOG.isDebugEnabled()) {
1210 LOG.debug("Replace members on " + this.getName() + ": Subject "
1211 + newMemberMultiKey.getKey(0) + " - " + newMemberMultiKey.getKey(1) + " is added");
1212 }
1213
1214 changedRecords++;
1215 addedMemberCount++;
1216 }
1217
1218 infoMap.put("addedMemberCount", addedMemberCount);
1219
1220 int deletedMemberCount = 0;
1221
1222 for (MultiKey removeMultiKey : existingMemberMap.keySet()) {
1223
1224 Member removeMember = existingMemberMap.get(removeMultiKey);
1225
1226 this.deleteMember(removeMember, field, true);
1227
1228 if (LOG.isDebugEnabled()) {
1229 LOG.debug("Replace members on " + this.getName() + ": Subject "
1230 + removeMultiKey.getKey(0) + " - " + removeMultiKey.getKey(1) + " already is removed");
1231 }
1232
1233 changedRecords++;
1234 deletedMemberCount++;
1235 }
1236
1237 infoMap.put("deletedMemberCount", deletedMemberCount);
1238 infoMap.put("changedRecords", changedRecords);
1239
1240 if (LOG.isInfoEnabled()) {
1241 LOG.info(GrouperUtil.mapToString(infoMap));
1242 }
1243
1244 return changedRecords;
1245 } catch (RuntimeException re) {
1246
1247 LOG.error(GrouperUtil.mapToString(infoMap));
1248 throw re;
1249
1250 }
1251 }
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272 @Deprecated
1273 public boolean addMember(final Subject subject, final boolean defaultPrivs,
1274 final boolean memberChecked,
1275 final boolean adminChecked,
1276 final boolean updateChecked, final boolean readChecked, final boolean viewChecked,
1277 final boolean optinChecked, final boolean optoutChecked, final boolean attrReadChecked,
1278 final boolean attrUpdateChecked, final Date startDate, final Date endDate, final boolean revokeIfUnchecked) {
1279 return this.addOrEditMember(subject, defaultPrivs, memberChecked, adminChecked, updateChecked,
1280 readChecked, viewChecked, optinChecked, optoutChecked, attrReadChecked, attrUpdateChecked,
1281 startDate, endDate, revokeIfUnchecked);
1282 }
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302 public boolean addOrEditMember(final Subject subject, final boolean defaultPrivs,
1303 final boolean memberChecked,
1304 final boolean adminChecked,
1305 final boolean updateChecked, final boolean readChecked, final boolean viewChecked,
1306 final boolean optinChecked, final boolean optoutChecked, final boolean attrReadChecked,
1307 final boolean attrUpdateChecked, final Date startDate, final Date endDate, final boolean revokeIfUnchecked) {
1308
1309 return (Boolean)GrouperTransaction.callbackGrouperTransaction(GrouperTransactionType.READ_WRITE_OR_USE_EXISTING, new GrouperTransactionHandler() {
1310
1311 @Override
1312 public Object callback(GrouperTransaction grouperTransaction)
1313 throws GrouperDAOException {
1314
1315 boolean hadChange = Group.this.addOrEditMember(subject, defaultPrivs, memberChecked, startDate, endDate, revokeIfUnchecked);
1316
1317 if (!defaultPrivs) {
1318
1319
1320 if (adminChecked) {
1321 hadChange = hadChange | Group.this.grantPriv(subject, AccessPrivilege.ADMIN, false);
1322 } else {
1323 if (revokeIfUnchecked) {
1324 hadChange = hadChange | Group.this.revokePriv(subject, AccessPrivilege.ADMIN, false);
1325 }
1326 }
1327
1328
1329 if (updateChecked) {
1330 hadChange = hadChange | Group.this.grantPriv(subject, AccessPrivilege.UPDATE, false);
1331 } else {
1332 if (revokeIfUnchecked) {
1333 hadChange = hadChange | Group.this.revokePriv(subject, AccessPrivilege.UPDATE, false);
1334 }
1335 }
1336
1337
1338 if (readChecked) {
1339 hadChange = hadChange | Group.this.grantPriv(subject, AccessPrivilege.READ, false);
1340 } else {
1341 if (revokeIfUnchecked) {
1342 hadChange = hadChange | Group.this.revokePriv(subject, AccessPrivilege.READ, false);
1343 }
1344 }
1345
1346
1347 if (viewChecked) {
1348 hadChange = hadChange | Group.this.grantPriv(subject, AccessPrivilege.VIEW, false);
1349 } else {
1350 if (revokeIfUnchecked) {
1351 hadChange = hadChange | Group.this.revokePriv(subject, AccessPrivilege.VIEW, false);
1352 }
1353 }
1354
1355
1356 if (optinChecked) {
1357 hadChange = hadChange | Group.this.grantPriv(subject, AccessPrivilege.OPTIN, false);
1358 } else {
1359 if (revokeIfUnchecked) {
1360 hadChange = hadChange | Group.this.revokePriv(subject, AccessPrivilege.OPTIN, false);
1361 }
1362 }
1363
1364
1365 if (optoutChecked) {
1366 hadChange = hadChange | Group.this.grantPriv(subject, AccessPrivilege.OPTOUT, false);
1367 } else {
1368 if (revokeIfUnchecked) {
1369 hadChange = hadChange | Group.this.revokePriv(subject, AccessPrivilege.OPTOUT, false);
1370 }
1371 }
1372
1373
1374 if (attrReadChecked) {
1375 hadChange = hadChange | Group.this.grantPriv(subject, AccessPrivilege.GROUP_ATTR_READ, false);
1376 } else {
1377 if (revokeIfUnchecked) {
1378 hadChange = hadChange | Group.this.revokePriv(subject, AccessPrivilege.GROUP_ATTR_READ, false);
1379 }
1380 }
1381
1382
1383 if (attrUpdateChecked) {
1384 hadChange = hadChange | Group.this.grantPriv(subject, AccessPrivilege.GROUP_ATTR_UPDATE, false);
1385 } else {
1386 if (revokeIfUnchecked) {
1387 hadChange = hadChange | Group.this.revokePriv(subject, AccessPrivilege.GROUP_ATTR_UPDATE, false);
1388 }
1389 }
1390 }
1391
1392 return hadChange;
1393 }
1394 });
1395
1396
1397 }
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410 @Deprecated
1411 public boolean addMember(final Subject subject, final boolean defaultPrivs,
1412 final boolean memberChecked, final Date startDate, final Date endDate, final boolean revokeIfUnchecked) {
1413 return this.addOrEditMember(subject, defaultPrivs, memberChecked, startDate, endDate, revokeIfUnchecked);
1414 }
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426 public boolean addOrEditMember(final Subject subject, final boolean defaultPrivs,
1427 final boolean memberChecked, final Date startDate, final Date endDate, final boolean revokeIfUnchecked) {
1428
1429 return (Boolean)GrouperTransaction.callbackGrouperTransaction(GrouperTransactionType.READ_WRITE_OR_USE_EXISTING, new GrouperTransactionHandler() {
1430
1431 @Override
1432 public Object callback(GrouperTransaction grouperTransaction)
1433 throws GrouperDAOException {
1434
1435 boolean addedMember = defaultPrivs || memberChecked || startDate != null || endDate != null;
1436
1437 boolean hadChange = false;
1438
1439 if (addedMember) {
1440
1441 Field field = Group.getDefaultList();
1442
1443 Member member = MemberFinder.findBySubject(GrouperSession.staticGrouperSession(), subject, true);
1444
1445
1446 Membership membership =
1447 GrouperDAOFactory.getFactory().getMembership().findByGroupOwnerAndMemberAndFieldAndType(
1448 Group.this.getUuid(), member.getUuid(), field, MembershipType.IMMEDIATE.getTypeString(), false, false);
1449
1450 if (membership != null) {
1451
1452 if ( !Group.this.canHavePrivilege(GrouperSession.staticGrouperSession().getSubject(), field.getWritePrivilege(), false)) {
1453
1454
1455 if (SubjectHelper.eq(subject, GrouperSession.staticGrouperSession().getSubject())) {
1456
1457
1458 GrouperValidator v = CanOptinValidator.validate(Group.this, subject, field);
1459 if (v.isInvalid()) {
1460 throw new InsufficientPrivilegeException();
1461 }
1462 } else {
1463 throw new InsufficientPrivilegeException();
1464 }
1465 }
1466
1467
1468 boolean hasChange = false;
1469 if (!GrouperUtil.equals(startDate, membership.getEnabledTime())) {
1470 hasChange = true;
1471 membership.setEnabledTime(startDate == null ? null : new Timestamp(startDate.getTime()));
1472 }
1473 if (!GrouperUtil.equals(endDate, membership.getDisabledTime())) {
1474 hasChange = true;
1475 membership.setDisabledTime(endDate == null ? null : new Timestamp(endDate.getTime()));
1476 }
1477
1478 if (hasChange) {
1479 GrouperDAOFactory.getFactory().getMembership().update(membership);
1480 }
1481 return hasChange;
1482 }
1483
1484 addedMember = Group.this.internal_addMember(subject, field, false, null, GrouperUtil.toTimestamp(startDate),
1485 GrouperUtil.toTimestamp(endDate));
1486 hadChange = hadChange || addedMember;
1487
1488 } else {
1489
1490
1491 if (revokeIfUnchecked) {
1492 hadChange = hadChange | Group.this.deleteMember(subject, false);
1493 }
1494 }
1495
1496 return hadChange;
1497 }
1498 });
1499
1500
1501 }
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539 public boolean internal_addMember(final Subject subj, final Field f,
1540 final boolean exceptionIfAlreadyMember, final String uuid, final Timestamp startDate, final Timestamp endDate)
1541 throws InsufficientPrivilegeException,
1542 MemberAddException, SchemaException {
1543 return this.internal_addMember(subj, f, exceptionIfAlreadyMember, uuid, startDate, endDate, true);
1544 }
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583 public boolean internal_addMember(final Subject subj, final Field f,
1584 final boolean exceptionIfAlreadyMember, final String uuid, final Timestamp startDate, final Timestamp endDate, final boolean checkSecurity)
1585 throws InsufficientPrivilegeException,
1586 MemberAddException, SchemaException {
1587 final StopWatch sw = new StopWatch();
1588 sw.start();
1589
1590 final String errorMessageSuffix = ", group name: " + this.name
1591 + ", subject: " + GrouperUtil.subjectToString(subj) + ", field: " + (f == null ? null : f.getName());
1592
1593 return (Boolean)HibernateSession.callbackHibernateSession(
1594 GrouperTransactionType.READ_WRITE_OR_USE_EXISTING, AuditControl.WILL_AUDIT,
1595 new HibernateHandler() {
1596
1597 public Object callback(HibernateHandlerBean hibernateHandlerBean)
1598 throws GrouperDAOException {
1599
1600 try {
1601
1602 hibernateHandlerBean.getHibernateSession().setCachingEnabled(false);
1603
1604 if ( !FieldType.LIST.equals( f.getType() ) ) {
1605 throw new SchemaException( E.FIELD_INVALID_TYPE + f.getType() );
1606 }
1607 if (checkSecurity && !Group.this.canWriteField(f) ) {
1608 GrouperValidator v = CanOptinValidator.validate(Group.this, subj, f);
1609 if (v.isInvalid()) {
1610 throw new InsufficientPrivilegeException();
1611 }
1612 }
1613
1614 if ( ( Group.getDefaultList().equals(f) ) && ( Group.this.hasComposite() ) ) {
1615 throw new MemberAddException(E.GROUP_AMTC + ", " + Group.this.getName());
1616 }
1617 boolean doesntExist = true;
1618 Membership membership = null;
1619
1620 try {
1621 membership = Membership.internal_addImmediateMembership( GrouperSession.staticGrouperSession(), Group.this,
1622 subj, f , uuid, startDate, endDate);
1623
1624 } catch (MemberAddAlreadyExistsException memberAddAlreadyExistsException) {
1625 if (exceptionIfAlreadyMember) {
1626 throw memberAddAlreadyExistsException;
1627 }
1628 doesntExist = false;
1629 } catch (MembershipAlreadyExistsException membershipAlreadyExistsException) {
1630 if (exceptionIfAlreadyMember) {
1631
1632 throw new MemberAddAlreadyExistsException(membershipAlreadyExistsException);
1633 }
1634 doesntExist = false;
1635 } catch (HookVeto hookVeto) {
1636
1637 throw hookVeto;
1638 } catch (Exception exception) {
1639 throw new RuntimeException(exception);
1640 }
1641
1642
1643 if (
1644 (GrouperConfig.retrieveConfig().propertyValueBoolean(GrouperConfig.PROP_USE_WHEEL_GROUP, false) &&
1645 StringUtils.equals(Group.this.getName(), GrouperConfig.retrieveConfig().propertyValueString( GrouperConfig.PROP_WHEEL_GROUP )))
1646 || (GrouperConfig.retrieveConfig().propertyValueBoolean("groups.wheel.readonly.use", false) &&
1647 StringUtils.equals(Group.this.getName(), GrouperConfig.retrieveConfig().propertyValueString("groups.wheel.readonly.group")))
1648 || (GrouperConfig.retrieveConfig().propertyValueBoolean("groups.wheel.viewonly.use", false) &&
1649 StringUtils.equals(Group.this.getName(), GrouperConfig.retrieveConfig().propertyValueString("groups.wheel.viewonly.group")))) {
1650 PrivilegeHelper.wheelMemberCacheClear();
1651 }
1652
1653 if (doesntExist) {
1654
1655
1656 PrivilegeHelper.flushCache();
1657
1658 EVENT_LOG.groupAddMember(GrouperSession.staticGrouperSession(), Group.this.getName(), subj, f, sw);
1659
1660 RulesMembershipBeanershipBean.html#RulesMembershipBean">RulesMembershipBean rulesMembershipBean = new RulesMembershipBean(membership, Group.this, subj);
1661
1662
1663 if (StringUtils.equals(f.getUuid(), Group.getDefaultList().getUuid())) {
1664
1665
1666 RuleEngine.fireRule(RuleCheckType.membershipAdd, rulesMembershipBean);
1667
1668 RuleEngine.fireRule(RuleCheckType.membershipAddInFolder, rulesMembershipBean);
1669
1670 }
1671
1672
1673 RuleEngine.fireRule(RuleCheckType.subjectAssignInStem, rulesMembershipBean);
1674
1675 if (!hibernateHandlerBean.isCallerWillCreateAudit()) {
1676
1677 AuditEntryit/AuditEntry.html#AuditEntry">AuditEntry auditEntry = new AuditEntry(AuditTypeBuiltin.MEMBERSHIP_GROUP_ADD, "id",
1678 membership == null ? null : membership.getUuid(), "fieldId", f.getUuid(),
1679 "fieldName", f.getName(), "memberId", membership.getMemberUuid(),
1680 "membershipType", membership.getType(),
1681 "groupId", Group.this.getUuid(), "groupName", Group.this.getName());
1682
1683 auditEntry.setDescription("Added membership: group: " + Group.this.getName()
1684 + ", subject: " + subj.getSource().getId() + "." + subj.getId() + ", field: "
1685 + f.getName());
1686 auditEntry.saveOrUpdate(true);
1687 }
1688
1689
1690
1691
1692
1693 if ((Group.getDefaultList().equals(f)) && (Group.this.hasComposite())) {
1694 throw new IllegalStateException("Group (name=" + Group.this.getName() + ") turned into a composite while adding an immediate membership.");
1695 }
1696 }
1697 sw.stop();
1698 return doesntExist;
1699 } catch (RuntimeException re) {
1700 GrouperUtil.injectInException(re, errorMessageSuffix);
1701 throw re;
1702 }
1703 }
1704 });
1705
1706 }
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731 public void addType(GroupType type)
1732 throws GroupModifyException,
1733 InsufficientPrivilegeException,
1734 SchemaException {
1735 addType(type, true);
1736 }
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763 public boolean addType(final GroupType type, final boolean exceptionIfAlreadyHasType)
1764 throws GroupModifyException, InsufficientPrivilegeException, SchemaException {
1765 return internal_addType(type, null, exceptionIfAlreadyHasType);
1766 }
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777 public boolean internal_addType(final GroupType type, final String groupTypeAssignmentId, final boolean exceptionIfAlreadyHasType)
1778 throws GroupModifyException, InsufficientPrivilegeException, SchemaException {
1779
1780 return (Boolean)HibernateSession.callbackHibernateSession(
1781 GrouperTransactionType.READ_WRITE_OR_USE_EXISTING, AuditControl.WILL_AUDIT, new HibernateHandler() {
1782
1783 public Object callback(HibernateHandlerBean hibernateHandlerBean)
1784 throws GrouperDAOException {
1785
1786 hibernateHandlerBean.getHibernateSession().setCachingEnabled(false);
1787
1788 StopWatch sw = new StopWatch();
1789 sw.start();
1790 if ( Group.this.hasType(type, false) ) {
1791 if (exceptionIfAlreadyHasType) {
1792 throw new GroupModifyException(E.GROUP_HAS_TYPE + ", " + type);
1793 }
1794 return false;
1795 }
1796 if ( type.isSystemType() ) {
1797 throw new SchemaException("cannot edit system group types");
1798 }
1799 if ( !PrivilegeHelper.canAdmin( GrouperSession.staticGrouperSession(), Group.this,
1800 GrouperSession.staticGrouperSession().getSubject() ) ) {
1801 throw new InsufficientPrivilegeException(E.CANNOT_ADMIN);
1802 }
1803 Group.this.internal_getGroupTypeAssignments();
1804 Group.this.getTypesDb();
1805
1806 if (GrouperLoader.isDryRun()) {
1807 GrouperLoader.dryRunWriteLine("Group add type: " + type.getName());
1808 } else {
1809
1810 AttributeAssign groupTypeAssignment = null;
1811 try {
1812 groupTypeAssignment = Group.this.getAttributeDelegate().internal_assignAttributeHelper(null, type.getAttributeDefName(), true, groupTypeAssignmentId, null).getAttributeAssign();
1813 Group.this.types.put(type.getName(), type.getAttributeDefName());
1814 Group.this.typeAssignments.put(type.getName(), groupTypeAssignment);
1815
1816
1817 Group.this.attributes = null;
1818 Group.this.getAttributesDb();
1819
1820 } catch (RuntimeException re) {
1821 throw re;
1822 }
1823 if (!hibernateHandlerBean.isCallerWillCreateAudit()) {
1824 AuditEntryit/AuditEntry.html#AuditEntry">AuditEntry auditEntry = new AuditEntry(AuditTypeBuiltin.GROUP_TYPE_ASSIGN, "id",
1825 groupTypeAssignment.getId(), "groupId", Group.this.getUuid(),
1826 "groupName", Group.this.getName(), "typeId", type.getUuid(), "typeName", type.getName());
1827 auditEntry.setDescription("Assigned group type: " + name + ", typeId: " + type.getUuid()
1828 + ", to group: " + Group.this.getName() + ", groupId: " + Group.this.getUuid());
1829 auditEntry.saveOrUpdate(true);
1830 }
1831 }
1832
1833
1834 sw.stop();
1835 EventLog.info(
1836 GrouperSession.staticGrouperSession(),
1837 M.GROUP_ADDTYPE + Quote.single(Group.this.getName()) + " type=" + Quote.single( type.getName() ),
1838 sw
1839 );
1840 return true;
1841 }
1842 });
1843 }
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862 public boolean canReadField(Field f)
1863 throws IllegalArgumentException,
1864 SchemaException
1865 {
1866 return this.canReadField(GrouperSession.staticGrouperSession().getSubject(), f);
1867 }
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886 public boolean canReadField(Subject subj, Field f)
1887 throws IllegalArgumentException,
1888 SchemaException
1889 {
1890 GrouperValidator v = NotNullValidator.validate(subj);
1891 if (v.isInvalid()) {
1892 throw new IllegalArgumentException( "subject: " + v.getErrorMessage() );
1893 }
1894 v = NotNullValidator.validate(f);
1895 if (v.isInvalid()) {
1896 throw new IllegalArgumentException( "field: " + v.getErrorMessage() );
1897 }
1898 v = FieldTypeValidator.validate(f);
1899 if (v.isInvalid()) {
1900 throw new SchemaException( v.getErrorMessage() );
1901 }
1902 GroupType groupType = f.getGroupType(false);
1903 if (groupType != null && !this.hasType(groupType)) {
1904 throw new SchemaException(E.INVALID_GROUP_TYPE + groupType.toString());
1905 }
1906 try {
1907 PrivilegeHelper.dispatch( GrouperSession.staticGrouperSession(), this, subj, f.getReadPriv() );
1908 return true;
1909 }
1910 catch (InsufficientPrivilegeException eIP) {
1911 return false;
1912 }
1913 }
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932 public boolean canWriteField(Field f)
1933 throws IllegalArgumentException,
1934 SchemaException
1935 {
1936 return this.canWriteField(GrouperSession.staticGrouperSession().getSubject(), f);
1937 }
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956 public boolean canWriteField(Subject subj, Field f)
1957 throws IllegalArgumentException,
1958 SchemaException
1959 {
1960 return this.internal_canWriteField(subj, f);
1961 }
1962
1963
1964
1965
1966 private static ThreadLocal<Boolean> threadLocalInGroupDelete = new InheritableThreadLocal<Boolean>();
1967
1968
1969
1970
1971
1972 public static boolean deleteOccuring() {
1973 Boolean deleteOccuring = threadLocalInGroupDelete.get();
1974 if (deleteOccuring != null) {
1975 return deleteOccuring;
1976 }
1977 return false;
1978 }
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996 public void delete() throws GroupDeleteException, InsufficientPrivilegeException {
1997 final String errorMessageSuffix = ", stem name: " + this.name + ", group extension: " + this.extension
1998 + ", group dExtension: " + this.displayExtension + ", uuid: " + this.uuid + ", ";
1999
2000 HibernateSession.callbackHibernateSession(
2001 GrouperTransactionType.READ_WRITE_OR_USE_EXISTING, AuditControl.WILL_AUDIT,
2002 new HibernateHandler() {
2003
2004 public Object callback(HibernateHandlerBean hibernateHandlerBean)
2005 throws GrouperDAOException {
2006
2007 hibernateHandlerBean.getHibernateSession().setCachingEnabled(false);
2008
2009 StopWatch sw = new StopWatch();
2010 sw.start();
2011 GrouperSession.validate( GrouperSession.staticGrouperSession() );
2012 if ( !PrivilegeHelper.canAdmin( GrouperSession.staticGrouperSession(), Group.this,
2013 GrouperSession.staticGrouperSession().getSubject() ) ) {
2014 throw new InsufficientPrivilegeException(
2015 E.CANNOT_ADMIN + errorMessageSuffix);
2016 }
2017 try {
2018
2019 threadLocalInGroupDelete.set(true);
2020
2021
2022 if (Group.this.hasComposite()) {
2023 Group.this.deleteCompositeMember();
2024 }
2025
2026
2027
2028 if (GrouperConfig.retrieveConfig().propertyValueBoolean("grouper.delete.compositeMembershipsOnGroupDelete", true)) {
2029 for (Composite composite : GrouperUtil.nonNull(GrouperDAOFactory.getFactory().getComposite().findAsFactor( Group.this ))) {
2030 composite.getOwnerGroup().deleteCompositeMember();
2031 }
2032 }
2033
2034
2035
2036 GrouperSession.internal_callbackRootGrouperSession(new GrouperSessionHandler() {
2037
2038 public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
2039
2040 Membership.internal_deleteAllFieldType(
2041 GrouperSession.staticGrouperSession().internal_getRootSession(), Group.this, FieldType.LIST );
2042
2043 return null;
2044 }
2045 });
2046
2047
2048 GrouperSession.internal_callbackRootGrouperSession(new GrouperSessionHandler() {
2049
2050 public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
2051 Set<AttributeAssign> attributeAssigns = GrouperDAOFactory.getFactory().getAttributeAssign().findByOwnerGroupId(Group.this.getId());
2052
2053 for (AttributeAssign attributeAssign : attributeAssigns) {
2054 attributeAssign.delete();
2055 }
2056 return null;
2057 }
2058 });
2059
2060
2061 Subject groupSubject = Group.this.toSubject();
2062 GrouperSession.staticGrouperSession().internal_getRootSession()
2063 .getAccessResolver().revokeAllPrivilegesForSubject(groupSubject);
2064 GrouperSession.staticGrouperSession().internal_getRootSession()
2065 .getNamingResolver().revokeAllPrivilegesForSubject(groupSubject);
2066 GrouperSession.staticGrouperSession().internal_getRootSession()
2067 .getAttributeDefResolver().revokeAllPrivilegesForSubject(groupSubject);
2068
2069
2070
2071 Group.this._revokeAllAccessPrivs();
2072
2073
2074 String theName = Group.this.getName();
2075 GrouperDAOFactory.getFactory().getGroup().delete(Group.this);
2076
2077 if (!hibernateHandlerBean.isCallerWillCreateAudit()) {
2078 AuditEntry auditEntry = null;
2079 if (Group.this.typeOfGroup == TypeOfGroup.entity) {
2080
2081 auditEntry = new AuditEntry(AuditTypeBuiltin.ENTITY_DELETE, "id",
2082 Group.this.getUuid(), "name", Group.this.getName(), "parentStemId", Group.this.getParentUuid(),
2083 "displayName", Group.this.getDisplayName(), "description", Group.this.getDescription());
2084 auditEntry.setDescription("Deleted entity: " + Group.this.getName());
2085
2086 } else {
2087 auditEntry = new AuditEntry(AuditTypeBuiltin.GROUP_DELETE, "id",
2088 Group.this.getUuid(), "name", Group.this.getName(), "parentStemId", Group.this.getParentUuid(),
2089 "displayName", Group.this.getDisplayName(), "description", Group.this.getDescription());
2090 auditEntry.setDescription("Deleted group: " + Group.this.getName());
2091
2092 }
2093 auditEntry.saveOrUpdate(true);
2094 }
2095
2096 sw.stop();
2097 EventLog.info(GrouperSession.staticGrouperSession(), M.GROUP_DEL + Quote.single(theName), sw);
2098 } catch (InsufficientPrivilegeException eDAO) {
2099 throw new GrouperException( eDAO );
2100 } catch (GrouperDAOException eDAO) {
2101 throw new GroupDeleteException( eDAO.getMessage() + errorMessageSuffix, eDAO );
2102 } catch (RevokePrivilegeException eRP) {
2103 throw new GroupDeleteException(eRP.getMessage() + errorMessageSuffix, eRP);
2104 } catch (SchemaException eS) {
2105 throw new GroupDeleteException(eS.getMessage() + errorMessageSuffix, eS);
2106 } finally {
2107 threadLocalInGroupDelete.remove();
2108 }
2109 return null;
2110 }
2111 });
2112 }
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133 public void deleteAttribute(final String attrName)
2134 throws AttributeNotFoundException,
2135 GroupModifyException,
2136 InsufficientPrivilegeException {
2137 this.deleteAttribute(attrName, false);
2138 }
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160 public void deleteAttribute(final String attrName, final boolean failOnRequiredAttribute)
2161 throws AttributeNotFoundException,
2162 GroupModifyException,
2163 InsufficientPrivilegeException {
2164
2165 if (failOnRequiredAttribute) {
2166 throw new RuntimeException("Parameter failOnRequiredAttribute must be false.");
2167 }
2168
2169 HibernateSession.callbackHibernateSession(
2170 GrouperTransactionType.READ_WRITE_OR_USE_EXISTING, AuditControl.WILL_AUDIT,
2171 new HibernateHandler() {
2172
2173 public Object callback(HibernateHandlerBean hibernateHandlerBean)
2174 throws GrouperDAOException {
2175 try {
2176
2177 hibernateHandlerBean.getHibernateSession().setCachingEnabled(false);
2178
2179 StopWatch sw = new StopWatch();
2180 sw.start();
2181 NotNullOrEmptyValidator v = NotNullOrEmptyValidator.validate(attrName);
2182 if (v.isInvalid()) {
2183 throw new AttributeNotFoundException(E.INVALID_ATTR_NAME + attrName);
2184 }
2185
2186 Group.this.getAttributesMap(false);
2187 if (Group.this.attributes.containsKey(attrName)) {
2188 AttributeAssignValue attribute = Group.this.attributes.get(attrName);
2189 String val = attribute.getValueString();
2190
2191 attribute.getAttributeAssign().getOwnerAttributeAssign().getAttributeDelegate().assertCanUpdateAttributeDefName(attribute.getAttributeAssign().getAttributeDefName());
2192
2193
2194 attribute.getAttributeAssign().delete();
2195
2196 Group.this.attributes.remove(attrName);
2197
2198 sw.stop();
2199 EVENT_LOG.groupDelAttr(GrouperSession.staticGrouperSession(), Group.this.getName(), attrName, val, sw);
2200
2201 if (!hibernateHandlerBean.isCallerWillCreateAudit()) {
2202
2203 AuditEntryit/AuditEntry.html#AuditEntry">AuditEntry auditEntry = new AuditEntry(AuditTypeBuiltin.GROUP_ATTRIBUTE_DELETE, "id",
2204 Group.this.getUuid(), "groupId", Group.this.getUuid(),
2205 "groupName", Group.this.getName(), "fieldId", Group.this.getDescription(),
2206 "fieldName", attrName, "value", val);
2207
2208 auditEntry.setDescription("Deleted group attribute: " + attrName + " on group: "
2209 + Group.this.getName() + " value: " + val);
2210 auditEntry.saveOrUpdate(true);
2211 }
2212
2213
2214 }
2215 else {
2216 throw new AttributeNotFoundException("Attribute not exist: " + attrName);
2217 }
2218 }
2219 catch (GrouperDAOException eDAO) {
2220 throw new GroupModifyException( eDAO.getMessage(), eDAO );
2221 }
2222 catch (InsufficientPrivilegeException eIP) {
2223 throw eIP;
2224 }
2225 catch (SchemaException eS) {
2226 throw new AttributeNotFoundException(eS.getMessage(), eS);
2227 }
2228 return null;
2229 }
2230 });
2231
2232 }
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257 public void deleteCompositeMember()
2258 throws InsufficientPrivilegeException,
2259 MemberDeleteException {
2260
2261
2262 final StringBuilder errorMessageSuffix = new StringBuilder("group name: " + Group.this.name);
2263
2264 HibernateSession.callbackHibernateSession(
2265 GrouperTransactionType.READ_WRITE_OR_USE_EXISTING, AuditControl.WILL_AUDIT,
2266 new HibernateHandler() {
2267
2268 public Object callback(HibernateHandlerBean hibernateHandlerBean)
2269 throws GrouperDAOException {
2270 try {
2271
2272 hibernateHandlerBean.getHibernateSession().setCachingEnabled(false);
2273
2274 StopWatch sw = new StopWatch();
2275 sw.start();
2276
2277 String leftGroupName = null;
2278 Composite composite = null;
2279 try {
2280 composite = Group.this.getComposite(true);
2281 } catch (CompositeNotFoundException cnfe) {
2282 GrouperUtil.injectInException(cnfe, errorMessageSuffix.toString());
2283 throw new MemberDeleteException(E.GROUP_DCFC + ", " + cnfe.getMessage(), cnfe);
2284 }
2285
2286 try {
2287 leftGroupName = composite.getLeftGroup().getName();
2288 } catch (GroupNotFoundException gnfe) {
2289 leftGroupName = composite.getLeftFactorUuid();
2290 }
2291
2292 String rightGroupName = null;
2293
2294 try {
2295 rightGroupName = composite.getRightGroup().getName();
2296 } catch (GroupNotFoundException gnfe) {
2297 rightGroupName = composite.getRightFactorUuid();
2298 }
2299 errorMessageSuffix.append(", compositeType: " + composite.getTypeDb()
2300 + ", left group name: " + leftGroupName
2301 + ", right group name: " + rightGroupName);
2302
2303 if ( !Group.this.canWriteField( GrouperSession.staticGrouperSession().getSubject(), Group.getDefaultList() ) ) {
2304 throw new InsufficientPrivilegeException();
2305 }
2306
2307 GrouperDAOFactory.getFactory().getComposite().delete(composite);
2308
2309 EVENT_LOG.groupDelComposite( GrouperSession.staticGrouperSession(), composite, sw );
2310 if (!hibernateHandlerBean.isCallerWillCreateAudit()) {
2311
2312 AuditEntryit/AuditEntry.html#AuditEntry">AuditEntry auditEntry = new AuditEntry(AuditTypeBuiltin.GROUP_COMPOSITE_DELETE, "id",
2313 composite.getUuid(), "ownerId", Group.this.getUuid(), "ownerName", Group.this.getName(), "leftFactorId",
2314 composite.getLeftFactorUuid(), "leftFactorName", leftGroupName, "rightFactorId", composite.getRightFactorUuid(),
2315 "rightFactorName", rightGroupName, "type", composite.getTypeDb());
2316 auditEntry.setDescription("Deleted composite: " + Group.this.getName() + " was "
2317 + leftGroupName + " " + composite.getTypeDb() + " " + rightGroupName);
2318 auditEntry.saveOrUpdate(true);
2319 }
2320 sw.stop();
2321 return null;
2322 } catch (GrouperDAOException eDAO) {
2323 GrouperUtil.injectInException(eDAO, errorMessageSuffix.toString());
2324 throw new MemberDeleteException(eDAO.getMessage(), eDAO);
2325 } catch (RuntimeException re) {
2326 GrouperUtil.injectInException(re, errorMessageSuffix.toString());
2327 throw re;
2328 }
2329 }
2330 });
2331 }
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361 public boolean deleteMember(Member member, boolean exceptionIfAlreadyDeleted)
2362 throws InsufficientPrivilegeException, MemberDeleteException {
2363 try {
2364 return this.deleteMember(member, getDefaultList(), exceptionIfAlreadyDeleted);
2365 }
2366 catch (SchemaException eS) {
2367 throw new MemberDeleteException(eS.getMessage(), eS);
2368 }
2369
2370 }
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398 public void deleteMember(Member member)
2399 throws InsufficientPrivilegeException, MemberDeleteException {
2400 deleteMember(member, true);
2401 }
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433 public boolean deleteMember(Member member, Field f, boolean exceptionIfAlreadyDeleted)
2434 throws InsufficientPrivilegeException, MemberDeleteException, SchemaException {
2435
2436 Subject lazySubject = new LazySubject(member);
2437
2438 return deleteMember(lazySubject, f, exceptionIfAlreadyDeleted);
2439
2440 }
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470 public void deleteMember(Member member, Field f)
2471 throws InsufficientPrivilegeException, MemberDeleteException, SchemaException {
2472 deleteMember(member, f, true);
2473 }
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503 public void deleteMember(Subject subj)
2504 throws InsufficientPrivilegeException,
2505 MemberDeleteException {
2506 deleteMember(subj, true);
2507 }
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537 public boolean deleteMember(Subject subj, boolean exceptionIfAlreadyDeleted)
2538 throws InsufficientPrivilegeException,
2539 MemberDeleteException
2540 {
2541 try {
2542 return this.deleteMember(subj, getDefaultList(), exceptionIfAlreadyDeleted);
2543 }
2544 catch (SchemaException eS) {
2545 throw new MemberDeleteException(eS.getMessage(), eS);
2546 }
2547 }
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577 public void deleteMember(Subject subj, Field f)
2578 throws InsufficientPrivilegeException,
2579 MemberDeleteException,
2580 SchemaException {
2581 deleteMember(subj, f, true);
2582 }
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615 public boolean deleteMember(final Subject subj, final Field f, final boolean exceptionIfAlreadyDeleted)
2616 throws InsufficientPrivilegeException,
2617 MemberDeleteException,
2618 SchemaException {
2619 return this.internal_deleteMember(subj, f, exceptionIfAlreadyDeleted, true);
2620 }
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654 public boolean internal_deleteMember(final Subject subj, final Field f, final boolean exceptionIfAlreadyDeleted, final boolean checkSecurity) {
2655
2656 final StopWatch sw = new StopWatch();
2657 sw.start();
2658
2659 final String errorMessageSuffix = ", group name: " + this.name
2660 + ", subject: " + GrouperUtil.subjectToString(subj) + ", field: " + (f == null ? null : f.getName());
2661
2662 return (Boolean)HibernateSession.callbackHibernateSession(
2663 GrouperTransactionType.READ_WRITE_OR_USE_EXISTING, AuditControl.WILL_AUDIT,
2664 new HibernateHandler() {
2665
2666 public Object callback(HibernateHandlerBean hibernateHandlerBean)
2667 throws GrouperDAOException {
2668
2669 boolean notAlreadyDeleted = true;
2670 try {
2671
2672 hibernateHandlerBean.getHibernateSession().setCachingEnabled(false);
2673
2674 if ( !FieldType.LIST.equals( f.getType() ) ) {
2675 throw new SchemaException( E.FIELD_INVALID_TYPE + f.getType() );
2676 }
2677 if (checkSecurity && !Group.this.canWriteField(f) ) {
2678 GrouperValidator v = CanOptoutValidator.validate(Group.this, subj, f);
2679 if (v.isInvalid()) {
2680 throw new InsufficientPrivilegeException(errorMessageSuffix);
2681 }
2682 }
2683 if ( (f.equals( Group.getDefaultList() ) ) && ( Group.this.hasComposite() ) ) {
2684 throw new MemberDeleteException(E.GROUP_DMFC);
2685 }
2686
2687 Membership membership = Membership.internal_delImmediateMembership(
2688 GrouperSession.staticGrouperSession(), Group.this, subj, f );
2689
2690 sw.stop();
2691 if (notAlreadyDeleted) {
2692
2693
2694 PrivilegeHelper.flushCache();
2695
2696 EVENT_LOG.groupDelMember(GrouperSession.staticGrouperSession(),
2697 Group.this.getName(), subj, f, sw);
2698
2699
2700 if (StringUtils.equals(f.getUuid(), Group.getDefaultList().getUuid())) {
2701 RulesMembershipBeanershipBean.html#RulesMembershipBean">RulesMembershipBean rulesMembershipBean = new RulesMembershipBean(membership, Group.this, subj);
2702
2703 RuleEngine.fireRule(RuleCheckType.membershipRemove, rulesMembershipBean);
2704
2705 RuleEngine.fireRule(RuleCheckType.membershipRemoveInFolder, rulesMembershipBean);
2706
2707 }
2708
2709 if (!hibernateHandlerBean.isCallerWillCreateAudit()) {
2710
2711 AuditEntryit/AuditEntry.html#AuditEntry">AuditEntry auditEntry = new AuditEntry(AuditTypeBuiltin.MEMBERSHIP_GROUP_DELETE, "id",
2712 membership == null ? null : membership.getUuid(), "fieldId", f.getUuid(),
2713 "fieldName", f.getName(), "memberId", membership.getMemberUuid(),
2714 "membershipType", membership.getType(),
2715 "groupId", Group.this.getUuid(), "groupName", Group.this.getName());
2716
2717 auditEntry.setDescription("Deleted membership: group: " + Group.this.getName()
2718 + ", subject: " + subj.getSource().getId() + "." + subj.getId() + ", field: "
2719 + f.getName());
2720 auditEntry.saveOrUpdate(true);
2721 }
2722
2723
2724 }
2725 } catch (GrouperDAOException eDAO) {
2726 throw new MemberDeleteException( eDAO.getMessage() + ", " + errorMessageSuffix, eDAO );
2727 } catch (MemberDeleteAlreadyDeletedException mdade) {
2728 if (exceptionIfAlreadyDeleted) {
2729 GrouperUtil.injectInException(mdade, errorMessageSuffix);
2730 throw mdade;
2731 }
2732 notAlreadyDeleted = false;
2733 }
2734 return notAlreadyDeleted;
2735 }
2736 });
2737 }
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762 public void deleteType(final GroupType type)
2763 throws GroupModifyException,
2764 InsufficientPrivilegeException,
2765 SchemaException {
2766
2767 final String typeString = type == null ? null : type.getName();
2768 HibernateSession.callbackHibernateSession(
2769 GrouperTransactionType.READ_WRITE_OR_USE_EXISTING, AuditControl.WILL_AUDIT, new HibernateHandler() {
2770
2771 public Object callback(HibernateHandlerBean hibernateHandlerBean)
2772 throws GrouperDAOException {
2773
2774 try {
2775
2776 hibernateHandlerBean.getHibernateSession().setCachingEnabled(false);
2777
2778 StopWatch sw = new StopWatch();
2779 sw.start();
2780 if ( !Group.this.hasType(type, false) ) {
2781 throw new GroupModifyException("does not have type: " + typeString);
2782 }
2783 if ( type.isSystemType() ) {
2784 throw new SchemaException("cannot edit system group types: " + typeString);
2785 }
2786 if ( !PrivilegeHelper.canAdmin( GrouperSession.staticGrouperSession(), Group.this, GrouperSession.staticGrouperSession().getSubject() ) ) {
2787 throw new InsufficientPrivilegeException(E.CANNOT_ADMIN);
2788 }
2789
2790 Group.this.internal_getGroupTypeAssignments();
2791 Group.this.getTypesDb();
2792
2793 AttributeAssign oldAssign = Group.this.typeAssignments.get(type.getName());
2794
2795 Group.this.types.remove(type.getName());
2796 Group.this.typeAssignments.remove(type.getName());
2797
2798 Group.this.getAttributeDelegate().removeAttribute(type.getAttributeDefName());
2799
2800
2801 Group.this.attributes = null;
2802 Group.this.getAttributesDb();
2803
2804 if (!hibernateHandlerBean.isCallerWillCreateAudit()) {
2805 AuditEntryit/AuditEntry.html#AuditEntry">AuditEntry auditEntry = new AuditEntry(AuditTypeBuiltin.GROUP_TYPE_UNASSIGN, "id",
2806 oldAssign.getId(), "groupId", Group.this.getUuid(),
2807 "groupName", Group.this.getName(), "typeId", type.getUuid(), "typeName", type.getName());
2808 auditEntry.setDescription("Unasssigned group type: " + name + ", typeId: " + type.getUuid()
2809 + ", to group: " + Group.this.getName() + ", groupId: " + Group.this.getUuid());
2810 auditEntry.saveOrUpdate(true);
2811 }
2812
2813 sw.stop();
2814 EventLog.info(
2815 GrouperSession.staticGrouperSession(),
2816 M.GROUP_DELTYPE + Quote.single(Group.this.getName()) + " type=" + Quote.single( type.getName() ),
2817 sw
2818 );
2819 return null;
2820 } catch (GrouperDAOException eDAO) {
2821 String msg = E.GROUP_TYPEDEL + type + ": ";
2822 msg += eDAO.getMessage();
2823 LOG.error(msg);
2824 throw new GroupModifyException(msg, eDAO);
2825 } catch (RuntimeException re) {
2826 GrouperUtil.injectInException(re, "Problem with type: " + typeString);
2827 throw re;
2828 }
2829 }
2830 });
2831 }
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841 public Set<Subject> getAdmins()
2842 throws GrouperException
2843 {
2844 return GrouperSession.staticGrouperSession().getAccessResolver().getSubjectsWithPrivilege(this, AccessPrivilege.ADMIN);
2845 }
2846
2847
2848
2849
2850
2851
2852
2853 @Deprecated
2854 public String getAttributeOrNull(String attributeName) {
2855 try {
2856 return this.getAttribute(attributeName);
2857 } catch (AttributeNotFoundException anfe) {
2858 return null;
2859 }
2860 }
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871 public String getAttributeOrFieldValue(String attributeOrFieldName, boolean checkSecurity, boolean exceptionIfAttributeNotFound) {
2872
2873 if (INTERNAL_FIELD_ATTRIBUTES.contains(attributeOrFieldName)) {
2874 return (String)GrouperUtil.fieldValue(this, attributeOrFieldName);
2875 }
2876 return this.getAttributeValue(attributeOrFieldName, checkSecurity, exceptionIfAttributeNotFound);
2877
2878 }
2879
2880
2881
2882
2883
2884
2885
2886
2887
2888
2889
2890 public String getAttributeValue(String attributeName,
2891 boolean checkSecurity, boolean exceptionIfNotFound) {
2892
2893 NotNullOrEmptyValidator v = NotNullOrEmptyValidator.validate(attributeName);
2894 if (v.isInvalid()) {
2895 throw new AttributeNotFoundException(E.INVALID_ATTR_NAME + attributeName);
2896 }
2897
2898
2899 this.getAttributesMap(false);
2900
2901 AttributeAssignValue value = this.attributes.get(attributeName);
2902
2903 if (value == null) {
2904
2905
2906
2907
2908 String attributeDefPrefix = GrouperConfig.retrieveConfig().propertyValueStringRequired("legacyAttribute.attributeDef.prefix");
2909 AttributeDefName legacyAttribute = GrouperDAOFactory.getFactory().getAttributeDefName().findLegacyAttributeByName(attributeName, false);
2910
2911 if (legacyAttribute == null) {
2912 throw new AttributeNotFoundException("Cant find attribute: " + attributeName);
2913 }
2914
2915 AttributeDef legacyAttributeDef = legacyAttribute.getAttributeDef();
2916 String groupTypeName = legacyAttributeDef.getExtension().substring(attributeDefPrefix.length());
2917
2918 AttributeAssign groupTypeAssignment = Group.this.internal_getGroupTypeAssignments().get(groupTypeName);
2919 if (groupTypeAssignment == null) {
2920 throw new AttributeNotFoundException("Group " + Group.this.getName() + " doesn't have attribute: " + attributeName);
2921 }
2922
2923 if (exceptionIfNotFound) {
2924 throw new AttributeNotFoundException("Cant find attribute value: " + attributeName);
2925 }
2926 return "";
2927 }
2928
2929 if (checkSecurity) {
2930 try {
2931 value.getAttributeAssign().getOwnerAttributeAssign().getAttributeDelegate().assertCanReadAttributeDef(value.getAttributeAssign().getAttributeDef());
2932 } catch (InsufficientPrivilegeException e) {
2933 if (exceptionIfNotFound) {
2934 throw new AttributeNotFoundException("Cant read attribute: " + attributeName);
2935 }
2936
2937 return "";
2938 } catch (AttributeDefNotFoundException e) {
2939 if (exceptionIfNotFound) {
2940 throw new AttributeNotFoundException("Cant read attribute: " + attributeName);
2941 }
2942
2943 return "";
2944 }
2945 }
2946
2947 return StringUtils.defaultString(value.getValueString());
2948 }
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966 @Deprecated
2967 public String getAttribute(String attr)
2968 throws AttributeNotFoundException {
2969
2970 return getAttributeValue(attr, false, false);
2971 }
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988 public Set<Member> getCompositeMembers(QueryOptions queryOptions) {
2989 return getCompositeMembers(Group.getDefaultList(), null, queryOptions);
2990 }
2991
2992
2993
2994
2995
2996 @SuppressWarnings("unused")
2997 private String _internal_getAttributeBuiltIn(String attr) {
2998 if (GrouperConfig.retrieveConfig().propertyValueBoolean("groups.allow.attribute.access.1.4", false)) {
2999
3000 if (StringUtils.equals(FIELD_NAME, attr)) {
3001 return this.getName();
3002 }
3003 if (StringUtils.equals(FIELD_EXTENSION, attr)) {
3004 return this.getExtension();
3005 }
3006 if (StringUtils.equals(FIELD_DISPLAY_NAME, attr)) {
3007 return this.getDisplayName();
3008 }
3009 if (StringUtils.equals(FIELD_DISPLAY_EXTENSION, attr)) {
3010 return this.getDisplayExtension();
3011 }
3012 if (StringUtils.equals(FIELD_DESCRIPTION, attr)) {
3013 return this.getDescription();
3014 }
3015 throw new RuntimeException("Not expecting attribute: " + attr);
3016
3017 }
3018 throw new RuntimeException("Cannot access built in attribute: " + attr + " from getAttributes anymore, " +
3019 "use getter directly (e.g. getName(), getDisplayName()). Or you can enable this (deprecated) with " +
3020 "grouper.properties setting groups.allow.attribute.access.1.4=true");
3021 }
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031 @Deprecated
3032 public Map<String, String> getAttributes() {
3033
3034 Map<String, Attribute> results = this.getAttributesMap(true);
3035
3036 Map<String, String> map = new HashMap<String, String>();
3037 for (String key : results.keySet()) {
3038 map.put(key, results.get(key).getValue());
3039 }
3040 return map;
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
3071
3072
3073
3074
3075
3076
3077
3078
3079
3080
3081
3082
3083 }
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094
3095
3096
3097
3098
3099 public Set<Member> getCompositeMembers() {
3100 return this.getCompositeMembers(null);
3101 }
3102
3103
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121 public Set<Membership> getCompositeMemberships() {
3122 return MembershipFinder.internal_findAllByGroupOwnerAndFieldAndType(
3123 GrouperSession.staticGrouperSession(), this, Group.getDefaultList(), MembershipType.COMPOSITE.getTypeString()
3124 );
3125 }
3126
3127
3128
3129
3130
3131
3132
3133
3134
3135
3136
3137
3138
3139
3140
3141 public Subject getCreateSubject()
3142 throws SubjectNotFoundException
3143 {
3144 if ( this.subjectCache.containsKey(KEY_CREATOR) ) {
3145 return this.subjectCache.get(KEY_CREATOR);
3146 }
3147 try {
3148
3149 Member _m = GrouperDAOFactory.getFactory().getMember().findByUuid( this.getCreatorUuid(), true );
3150 this.subjectCache.put(
3151 KEY_CREATOR, SubjectFinder.findByIdAndSource( _m.getSubjectId(), _m.getSubjectSourceId() , true)
3152 );
3153 return this.subjectCache.get(KEY_CREATOR);
3154 }
3155 catch (MemberNotFoundException eMNF) {
3156 throw new SubjectNotFoundException( eMNF.getMessage(), eMNF );
3157 }
3158 catch (SourceUnavailableException eSU) {
3159 throw new SubjectNotFoundException( eSU.getMessage(), eSU );
3160 }
3161 catch (SubjectNotUniqueException eSNU) {
3162 throw new SubjectNotFoundException( eSNU.getMessage(), eSNU );
3163 }
3164 }
3165
3166
3167
3168
3169
3170
3171
3172
3173
3174 public Date getCreateTime() {
3175 return new Date(this.getCreateTimeLong());
3176 }
3177
3178
3179
3180
3181
3182
3183
3184
3185 public String getDescription() {
3186 return GrouperUtil.defaultString(this.description);
3187 }
3188
3189
3190
3191
3192
3193 public String getDescriptionDb() {
3194 return this.description;
3195 }
3196
3197
3198
3199
3200 public static final Set<String> INTERNAL_FIELD_ATTRIBUTES = Collections.unmodifiableSet(
3201 GrouperUtil.toSet(FIELD_DESCRIPTION, FIELD_NAME, FIELD_EXTENSION,
3202 FIELD_DISPLAY_EXTENSION, FIELD_DISPLAY_NAME));
3203
3204
3205
3206
3207
3208
3209 public static boolean _internal_fieldAttribute(String attributeName) {
3210 return INTERNAL_FIELD_ATTRIBUTES.contains(attributeName);
3211 }
3212
3213
3214
3215
3216
3217
3218
3219
3220
3221 public String getDisplayExtension() {
3222
3223
3224 String val = this.displayExtension;
3225 if ( val == null || GrouperConfig.EMPTY_STRING.equals(val) ) {
3226
3227 LOG.fatal(E.GROUP_NODE);
3228 throw new GrouperException(E.GROUP_NODE);
3229 }
3230 return val;
3231 }
3232
3233
3234
3235
3236
3237
3238
3239
3240
3241 public String getDisplayName()
3242 throws GrouperException
3243 {
3244
3245
3246 String val = this.displayName;
3247 if ( val == null || GrouperConfig.EMPTY_STRING.equals(val) ) {
3248
3249 LOG.fatal(E.GROUP_NODN);
3250 throw new GrouperException(E.GROUP_NODN);
3251 }
3252 return val;
3253 }
3254
3255
3256
3257
3258
3259
3260
3261
3262
3263
3264
3265
3266
3267
3268
3269
3270
3271
3272
3273
3274 public Set<Member> getEffectiveMembers()
3275 throws GrouperException
3276 {
3277 try {
3278 return this.getEffectiveMembers(getDefaultList());
3279 }
3280 catch (SchemaException eS) {
3281
3282 String msg = E.GROUP_NODEFAULTLIST + eS.getMessage();
3283 LOG.fatal(msg);
3284 throw new GrouperException(msg, eS);
3285 }
3286 }
3287
3288
3289
3290
3291
3292
3293
3294
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304
3305
3306
3307
3308
3309 public Set<Member> getEffectiveMembers(Field f)
3310 throws SchemaException
3311 {
3312 return this.getEffectiveMembers(f, null);
3313 }
3314
3315
3316
3317
3318
3319
3320
3321
3322
3323
3324
3325
3326
3327
3328
3329
3330
3331
3332
3333
3334
3335
3336 public Set<Member> getEffectiveMembers(Field f, QueryOptions queryOptions)
3337 throws SchemaException
3338 {
3339 return getEffectiveMembers(f, null, queryOptions);
3340 }
3341
3342
3343
3344
3345
3346
3347
3348
3349
3350
3351
3352
3353
3354
3355
3356
3357
3358
3359
3360
3361
3362
3363
3364 public Set<Member> getEffectiveMembers(Field f, Set<Source> sources, QueryOptions queryOptions)
3365 throws SchemaException
3366 {
3367 return MemberFinder.internal_findMembersByType(
3368 GrouperSession.staticGrouperSession(), this, f, MembershipType.EFFECTIVE.getTypeString(), sources, queryOptions,
3369 null, null, null);
3370 }
3371
3372
3373
3374
3375
3376
3377
3378
3379
3380
3381
3382
3383
3384
3385
3386
3387
3388
3389
3390
3391 public Set<Membership> getEffectiveMemberships()
3392 throws GrouperException
3393 {
3394 try {
3395 return this.getEffectiveMemberships(getDefaultList());
3396 }
3397 catch (SchemaException eS) {
3398
3399 String msg = E.GROUP_NODEFAULTLIST + eS.getMessage();
3400 LOG.fatal(msg);
3401 throw new GrouperException(msg, eS);
3402 }
3403 }
3404
3405
3406
3407
3408
3409
3410
3411
3412
3413
3414
3415
3416
3417
3418
3419
3420
3421
3422
3423
3424
3425 public Set<Membership> getEffectiveMemberships(Field f)
3426 throws SchemaException
3427 {
3428 return MembershipFinder.internal_findAllByGroupOwnerAndFieldAndType(
3429 GrouperSession.staticGrouperSession(), this, f, MembershipType.EFFECTIVE.getTypeString()
3430 );
3431 }
3432
3433
3434
3435
3436
3437
3438
3439
3440
3441 public String getExtension() {
3442
3443
3444 String val = this.extension;
3445 if ( val == null || GrouperConfig.EMPTY_STRING.equals(val) ) {
3446
3447 LOG.error( E.GROUP_NOE);
3448 throw new GrouperException(E.GROUP_NOE);
3449 }
3450 return val;
3451 }
3452
3453
3454
3455
3456
3457
3458
3459
3460
3461
3462
3463
3464
3465
3466
3467
3468
3469 public Set<Member> getImmediateMembers()
3470 throws GrouperException
3471 {
3472 try {
3473 return this.getImmediateMembers(getDefaultList());
3474 }
3475 catch (SchemaException eS) {
3476
3477 String msg = E.GROUP_NODEFAULTLIST + eS.getMessage();
3478 LOG.fatal(msg);
3479 throw new GrouperException(msg, eS);
3480 }
3481 }
3482
3483
3484
3485
3486
3487
3488
3489
3490
3491
3492
3493
3494
3495
3496
3497
3498
3499
3500 public Set<Member> getImmediateMembers(Field f)
3501 throws SchemaException {
3502 return getImmediateMembers(f, null);
3503 }
3504
3505
3506
3507
3508
3509
3510
3511
3512
3513
3514
3515
3516
3517
3518
3519
3520
3521
3522
3523 public Set<Member> getImmediateMembers(Field f, QueryOptions queryOptions)
3524 throws SchemaException {
3525 return getImmediateMembers(f, null, queryOptions);
3526 }
3527
3528
3529
3530
3531
3532
3533
3534
3535
3536
3537
3538
3539
3540
3541
3542
3543
3544
3545
3546
3547
3548
3549 public Set<Member> getImmediateMembers(Field f, Set<Source> sources, QueryOptions queryOptions)
3550 throws SchemaException {
3551 return MemberFinder.internal_findMembersByType(
3552 GrouperSession.staticGrouperSession(), this, f, MembershipType.IMMEDIATE.getTypeString(), sources, queryOptions,
3553 null, null, null
3554 );
3555 }
3556
3557
3558
3559
3560
3561
3562 public boolean isHasMembers() {
3563
3564
3565 Set<Member> members = this.getImmediateMembers(Group.getDefaultList(), null,
3566 QueryOptions.create(null, null, 1, 1));
3567
3568 return GrouperUtil.length(members) > 0;
3569
3570 }
3571
3572
3573
3574
3575
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587
3588
3589
3590
3591
3592
3593
3594 public Set<Member> getImmediateMembers(Field f, Set<Source> sources, QueryOptions queryOptions,
3595 SortStringEnum memberSortStringEnum, SearchStringEnum memberSearchStringEnum,
3596 String memberSearchStringValue)
3597 throws SchemaException {
3598 return MemberFinder.internal_findMembersByType(
3599 GrouperSession.staticGrouperSession(), this, f, MembershipType.IMMEDIATE.getTypeString(), sources, queryOptions,
3600 memberSortStringEnum, memberSearchStringEnum, memberSearchStringValue
3601 );
3602 }
3603
3604
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616
3617
3618
3619
3620
3621
3622
3623
3624 public Set<Membership> getImmediateMemberships()
3625 throws GrouperException
3626 {
3627 try {
3628 return this.getImmediateMemberships(getDefaultList());
3629 }
3630 catch (SchemaException eS) {
3631
3632 String msg = E.GROUP_NODEFAULTLIST + eS.getMessage();
3633 LOG.fatal(msg);
3634 throw new GrouperException(msg, eS);
3635 }
3636 }
3637
3638
3639
3640
3641
3642
3643
3644
3645
3646
3647
3648
3649
3650
3651
3652
3653
3654
3655
3656
3657 public Set<Membership> getImmediateMemberships(Field f)
3658 throws SchemaException
3659 {
3660 GrouperSession.validate(GrouperSession.staticGrouperSession());
3661 return MembershipFinder.internal_findAllByGroupOwnerAndFieldAndType(
3662 GrouperSession.staticGrouperSession(), this, f, MembershipType.IMMEDIATE.getTypeString()
3663 );
3664 }
3665
3666
3667
3668
3669
3670
3671
3672
3673
3674 public Set<Member> getMembers()
3675 throws GrouperException
3676 {
3677 try {
3678 return this.getMembers(getDefaultList());
3679 }
3680 catch (SchemaException eS) {
3681
3682 String msg = E.GROUP_NODEFAULTLIST + eS.getMessage();
3683 LOG.fatal(msg);
3684 throw new GrouperException(msg, eS);
3685 }
3686 }
3687
3688
3689
3690
3691
3692
3693
3694
3695
3696
3697 public Set<Member> getMembers(Field f)
3698 throws SchemaException {
3699 return this.getMembers(f, null);
3700 }
3701
3702
3703
3704
3705
3706
3707
3708
3709
3710
3711
3712 public Set<Member> getMembers(Field f, QueryOptions queryOptions)
3713 throws SchemaException {
3714 return getMembers(f, null, queryOptions);
3715 }
3716
3717
3718
3719
3720
3721
3722
3723
3724
3725
3726
3727
3728 public Set<Member> getMembers(Field f, Set<Source> sources, QueryOptions queryOptions)
3729 throws SchemaException {
3730 return MembershipFinder.findMembers(this, f, sources, queryOptions);
3731 }
3732
3733
3734
3735
3736
3737
3738
3739
3740
3741
3742
3743
3744
3745
3746 public Set<Membership> getMemberships()
3747 throws GrouperException
3748 {
3749 try {
3750 return this.getMemberships(getDefaultList());
3751 }
3752 catch (SchemaException eS) {
3753
3754 String msg = E.GROUP_NODEFAULTLIST + eS.getMessage();
3755 LOG.fatal(msg);
3756 throw new GrouperException(msg, eS);
3757 }
3758 }
3759
3760
3761
3762
3763
3764
3765
3766
3767
3768
3769
3770
3771
3772
3773
3774 public Set<Membership> getMemberships(Field f)
3775 throws SchemaException
3776 {
3777 return new LinkedHashSet<Membership>(
3778 PrivilegeHelper.canViewMemberships(
3779 GrouperSession.staticGrouperSession(), GrouperDAOFactory.getFactory()
3780 .getMembership().findAllByGroupOwnerAndField(this.getUuid(), f, true)
3781 )
3782 );
3783 }
3784
3785
3786
3787
3788
3789
3790
3791
3792
3793
3794
3795
3796
3797
3798
3799
3800 public Set<Membership> getMemberships(Field f, Collection<Member> members)
3801 throws SchemaException {
3802 return PrivilegeHelper.canViewMemberships(
3803 GrouperSession.staticGrouperSession(), GrouperDAOFactory.getFactory().getMembership()
3804 .findAllByGroupOwnerAndFieldAndMembers(this.getUuid(), f, members, true)
3805 );
3806 }
3807
3808
3809
3810
3811
3812
3813
3814
3815
3816
3817
3818
3819
3820
3821
3822
3823 public Set<Membership> getImmediateMemberships(Field f, Collection<Member> members)
3824 throws SchemaException {
3825 return getImmediateMemberships(f, members, true);
3826 }
3827
3828
3829
3830
3831
3832
3833
3834
3835
3836
3837
3838
3839
3840
3841
3842
3843
3844 public Set<Membership> getImmediateMemberships(Field f, Collection<Member> members, boolean enabledOnly)
3845 throws SchemaException {
3846 return PrivilegeHelper.canViewMemberships(
3847 GrouperSession.staticGrouperSession(), GrouperDAOFactory.getFactory().getMembership()
3848 .findAllByGroupOwnerAndFieldAndMembersAndType(this.getUuid(), f, members,
3849 MembershipType.IMMEDIATE.getTypeString(), enabledOnly)
3850 );
3851 }
3852
3853
3854
3855
3856
3857
3858
3859
3860
3861
3862
3863
3864
3865
3866
3867
3868
3869
3870
3871 public Membership getImmediateMembership(Field f, Subject subject, boolean enabledOnly, boolean exceptionIfNotFound)
3872 throws SchemaException, MembershipNotFoundException {
3873 Member member = MemberFinder.findBySubject(GrouperSession.staticGrouperSession(), subject, true);
3874 return getImmediateMembership(f, member, enabledOnly, exceptionIfNotFound);
3875 }
3876
3877
3878
3879
3880
3881
3882
3883
3884
3885
3886
3887
3888
3889
3890
3891
3892
3893
3894
3895 public Membership getImmediateMembership(Field f, Member member, boolean enabledOnly, boolean exceptionIfNotFound)
3896 throws SchemaException, MembershipNotFoundException {
3897
3898 if (member == null) {
3899 throw new RuntimeException("You need to pass a member here");
3900 }
3901
3902 Set<Membership> memberships = this.getImmediateMemberships(f, GrouperUtil.toSet(member), enabledOnly);
3903 if (memberships.size() == 0) {
3904 if (exceptionIfNotFound) {
3905 throw new MembershipNotFoundException("Cant find memberships for group: " + this + ", and member: " + member
3906 + ", and field: " + f);
3907 }
3908 return null;
3909 }
3910 if (memberships.size() > 1) {
3911 throw new RuntimeException("There are more than one memberships: " + memberships.size()
3912 + " for group: " + this + ", and member: " + member
3913 + ", and field: " + f);
3914 }
3915 return memberships.iterator().next();
3916 }
3917
3918
3919
3920
3921
3922
3923
3924
3925
3926
3927
3928
3929
3930
3931
3932
3933 public Set<Membership> getEffectiveMemberships(Field f, Collection<Member> members)
3934 throws SchemaException {
3935 return PrivilegeHelper.canViewMemberships(
3936 GrouperSession.staticGrouperSession(), GrouperDAOFactory.getFactory().getMembership()
3937 .findAllByGroupOwnerAndFieldAndMembersAndType(this.getUuid(), f, members, "effective", true)
3938 );
3939 }
3940
3941
3942
3943
3944
3945
3946
3947
3948
3949
3950
3951
3952
3953
3954
3955 public Set<Membership> getCompositeMemberships(Collection<Member> members)
3956 throws SchemaException {
3957 return PrivilegeHelper.canViewMemberships(
3958 GrouperSession.staticGrouperSession(), GrouperDAOFactory.getFactory().getMembership()
3959 .findAllByGroupOwnerAndCompositeAndMembers(this.getUuid(), members, true)
3960 );
3961 }
3962
3963
3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
3974
3975
3976 public Subject getModifySubject()
3977 throws SubjectNotFoundException
3978 {
3979 if ( this.subjectCache.containsKey(KEY_MODIFIER) ) {
3980 return this.subjectCache.get(KEY_MODIFIER);
3981 }
3982 if ( this.getModifierUuid() == null ) {
3983 throw new SubjectNotFoundException("group has not been modified");
3984 }
3985 try {
3986
3987 Member _m = GrouperDAOFactory.getFactory().getMember().findByUuid( this.getModifierUuid(), true );
3988 this.subjectCache.put(
3989 KEY_MODIFIER, SubjectFinder.findByIdAndSource( _m.getSubjectId(), _m.getSubjectSourceId(), true )
3990 );
3991 return this.subjectCache.get(KEY_MODIFIER);
3992 }
3993 catch (MemberNotFoundException eMNF) {
3994 throw new SubjectNotFoundException( eMNF.getMessage(), eMNF );
3995 }
3996 catch (SourceUnavailableException eSU) {
3997 throw new SubjectNotFoundException( eSU.getMessage(), eSU );
3998 }
3999 catch (SubjectNotUniqueException eSNU) {
4000 throw new SubjectNotFoundException( eSNU.getMessage(), eSNU );
4001 }
4002 }
4003
4004
4005
4006
4007
4008
4009
4010
4011 public Date getModifyTime() {
4012 return new Date( this.getModifyTimeLong() );
4013 }
4014
4015
4016
4017
4018
4019
4020
4021
4022
4023 public String getName()
4024 throws GrouperException
4025 {
4026
4027
4028 String val = this.name;
4029 if ( val == null || GrouperConfig.EMPTY_STRING.equals(val) ) {
4030
4031 LOG.error( E.GROUP_NON);
4032 throw new GrouperException(E.GROUP_NON);
4033 }
4034 return val;
4035 }
4036
4037
4038
4039
4040
4041
4042
4043
4044
4045 public Set<Subject> getOptins()
4046 throws GrouperException
4047 {
4048 return GrouperSession.staticGrouperSession().getAccessResolver().getSubjectsWithPrivilege(this, AccessPrivilege.OPTIN);
4049 }
4050
4051
4052
4053
4054
4055
4056
4057
4058
4059 public Set<Subject> getOptouts()
4060 throws GrouperException
4061 {
4062 return GrouperSession.staticGrouperSession().getAccessResolver().getSubjectsWithPrivilege(this, AccessPrivilege.OPTOUT);
4063 }
4064
4065
4066
4067
4068
4069
4070
4071
4072
4073 public Set<Subject> getGroupAttrReaders()
4074 throws GrouperException
4075 {
4076 return GrouperSession.staticGrouperSession().getAccessResolver().getSubjectsWithPrivilege(this, AccessPrivilege.GROUP_ATTR_READ);
4077 }
4078
4079
4080
4081
4082
4083
4084
4085
4086
4087 public Set<Subject> getGroupAttrUpdaters()
4088 throws GrouperException
4089 {
4090 return GrouperSession.staticGrouperSession().getAccessResolver().getSubjectsWithPrivilege(this, AccessPrivilege.GROUP_ATTR_UPDATE);
4091 }
4092
4093
4094
4095
4096
4097 public String getParentStemName() {
4098 return GrouperUtil.parentStemNameFromName(this.getName(), false);
4099 }
4100
4101
4102
4103
4104
4105
4106
4107
4108
4109 public Stem getParentStem()
4110 throws IllegalStateException
4111 {
4112 final String uuid = this.getParentUuid();
4113 if (uuid == null) {
4114 throw new IllegalStateException("group has no parent stem");
4115 }
4116 try {
4117
4118 Stem parent = GrouperDAOFactory.getFactory().getStem().findByUuid(uuid, false) ;
4119
4120 if (parent == null) {
4121
4122 parent = (Stem)GrouperTransaction.callbackGrouperTransaction(GrouperTransactionType.NONE, new GrouperTransactionHandler() {
4123
4124 public Object callback(GrouperTransaction grouperTransaction)
4125 throws GrouperDAOException {
4126 return GrouperDAOFactory.getFactory().getStem().findByUuid(uuid, true);
4127 }
4128 });
4129
4130 if (parent != null) {
4131
4132
4133 GrouperUtil.sleep(2000);
4134
4135 }
4136 }
4137 return parent;
4138 }
4139 catch (StemNotFoundException eShouldNeverHappen) {
4140 throw new IllegalStateException(
4141 "this should never happen: group has no parent stem: " + eShouldNeverHappen.getMessage(),
4142 eShouldNeverHappen
4143 );
4144 }
4145 }
4146
4147
4148
4149
4150
4151
4152
4153
4154
4155 public Set<AccessPrivilege> getPrivs(Subject subj) {
4156 return GrouperSession.staticGrouperSession().getAccessResolver().getPrivileges(this, subj);
4157 }
4158
4159
4160
4161
4162
4163
4164
4165
4166
4167
4168 public Set<Subject> getReaders()
4169 throws GrouperException
4170 {
4171 return GrouperSession.staticGrouperSession().getAccessResolver().getSubjectsWithPrivilege(this, AccessPrivilege.READ);
4172 }
4173
4174
4175
4176
4177
4178
4179
4180
4181
4182
4183 public Set<GroupType> getRemovableTypes() {
4184 Set<GroupType> types = new LinkedHashSet<GroupType>();
4185
4186 if (PrivilegeHelper.canAdmin(GrouperSession.staticGrouperSession(), this, GrouperSession.staticGrouperSession().getSubject())) {
4187 GroupType t;
4188 Iterator iter = this.getTypes().iterator();
4189 while (iter.hasNext()) {
4190 t = (GroupType) iter.next();
4191 types.add(t);
4192 }
4193 }
4194 return types;
4195 }
4196
4197
4198
4199
4200
4201
4202
4203
4204
4205 public Set<GroupType> getTypes() {
4206 return getTypes(true);
4207 }
4208
4209
4210
4211
4212
4213
4214
4215
4216
4217
4218
4219 public Set<GroupType> getTypes(boolean checkSecurity) {
4220 this.internal_getGroupTypeAssignments();
4221
4222 Set<GroupType> results = new LinkedHashSet<GroupType>();
4223
4224 for (String groupTypeName : this.typeAssignments.keySet()) {
4225 AttributeAssign legacyGroupTypeAssignment = this.typeAssignments.get(groupTypeName);
4226 if (!checkSecurity || PrivilegeHelper.canViewAttributeAssign(GrouperSession.staticGrouperSession(), legacyGroupTypeAssignment, true)) {
4227 GroupType groupType = GroupType.internal_getGroupType(legacyGroupTypeAssignment.getAttributeDefName(), true);
4228 results.add(groupType);
4229 }
4230 }
4231
4232 return results;
4233 }
4234
4235
4236
4237
4238
4239
4240 public Set<GroupType> getTypesDb() {
4241 if (this.types == null) {
4242 this.typeAssignments = GrouperDAOFactory.getFactory().getAttributeAssign().findLegacyGroupTypeAssignmentsByGroupId(this.getUuid());
4243 Map<String, AttributeDefName> results = new LinkedHashMap<String, AttributeDefName>();
4244 for (String groupTypeName : this.typeAssignments.keySet()) {
4245 AttributeAssign legacyGroupTypeAssignment = this.typeAssignments.get(groupTypeName);
4246 results.put(groupTypeName, legacyGroupTypeAssignment.getAttributeDefName());
4247 }
4248
4249 this.types = new LinkedHashMap<String, AttributeDefName>(results);
4250 }
4251
4252 Set<GroupType> results = new LinkedHashSet<GroupType>();
4253
4254 for (AttributeDefName legacyGroupType : this.types.values()) {
4255 GroupType groupType = GroupType.internal_getGroupType(legacyGroupType, true);
4256 results.add(groupType);
4257 }
4258
4259 return results;
4260 }
4261
4262
4263
4264
4265
4266
4267
4268
4269
4270 public Set<Subject> getUpdaters()
4271 throws GrouperException
4272 {
4273 return GrouperSession.staticGrouperSession().getAccessResolver().getSubjectsWithPrivilege(this, AccessPrivilege.UPDATE);
4274 }
4275
4276
4277
4278
4279
4280
4281
4282
4283
4284 public Set<Subject> getViewers()
4285 throws GrouperException
4286 {
4287 return GrouperSession.staticGrouperSession().getAccessResolver().getSubjectsWithPrivilege(this, AccessPrivilege.VIEW);
4288 }
4289
4290
4291
4292
4293
4294
4295
4296
4297
4298
4299
4300
4301
4302
4303
4304
4305
4306
4307
4308
4309
4310 public void grantPriv(Subject subj, Privilege priv)
4311 throws GrantPrivilegeException,
4312 InsufficientPrivilegeException,
4313 SchemaException {
4314
4315 grantPriv(subj, priv, true);
4316
4317 }
4318
4319
4320
4321
4322
4323
4324
4325
4326
4327
4328
4329
4330
4331
4332
4333
4334
4335
4336
4337
4338
4339
4340
4341 public boolean grantPriv(final Subject subj, final Privilege priv, final boolean exceptionIfAlreadyMember)
4342 throws GrantPrivilegeException,
4343 InsufficientPrivilegeException,
4344 SchemaException {
4345 return internal_grantPriv(subj, priv, exceptionIfAlreadyMember, null);
4346 }
4347
4348
4349
4350
4351
4352
4353
4354
4355
4356
4357
4358
4359
4360
4361
4362
4363
4364
4365
4366
4367
4368
4369
4370
4371 public boolean internal_grantPriv(final Subject subj, final Privilege priv, final boolean exceptionIfAlreadyMember, final String uuid)
4372 throws GrantPrivilegeException,
4373 InsufficientPrivilegeException,
4374 SchemaException {
4375 final StopWatch sw = new StopWatch();
4376 sw.start();
4377
4378 final String errorMessageSuffix = ", group name: " + this.name
4379 + ", subject: " + GrouperUtil.subjectToString(subj) + ", privilege: " + (priv == null ? null : priv.getName());
4380
4381 return (Boolean)HibernateSession.callbackHibernateSession(
4382 GrouperTransactionType.READ_WRITE_OR_USE_EXISTING, AuditControl.WILL_AUDIT,
4383 new HibernateHandler() {
4384
4385 public Object callback(HibernateHandlerBean hibernateHandlerBean)
4386 throws GrouperDAOException {
4387
4388 boolean assignedPrivilege = false;
4389 try {
4390
4391 hibernateHandlerBean.getHibernateSession().setCachingEnabled(false);
4392
4393 GrouperSession.staticGrouperSession().getAccessResolver().grantPrivilege(Group.this, subj, priv, uuid);
4394 assignedPrivilege = true;
4395
4396 RulesPrivilegeBeanivilegeBean.html#RulesPrivilegeBean">RulesPrivilegeBean rulesPrivilegeBean = new RulesPrivilegeBean(Group.this, subj, priv);
4397
4398
4399 RuleEngine.fireRule(RuleCheckType.subjectAssignInStem, rulesPrivilegeBean);
4400
4401 if (!hibernateHandlerBean.isCallerWillCreateAudit()) {
4402
4403 Member member = MemberFinder.findBySubject(GrouperSession.staticGrouperSession(), subj, false);
4404
4405 AuditEntryit/AuditEntry.html#AuditEntry">AuditEntry auditEntry = new AuditEntry(AuditTypeBuiltin.PRIVILEGE_GROUP_ADD, "privilegeName",
4406 priv.getName(), "memberId", member.getUuid(),
4407 "privilegeType", "access",
4408 "groupId", Group.this.getUuid(), "groupName", Group.this.getName());
4409
4410 auditEntry.setDescription("Added privilege: group: " + Group.this.getName()
4411 + ", subject: " + subj.getSource().getId() + "." + subj.getId() + ", privilege: "
4412 + priv.getName());
4413 auditEntry.saveOrUpdate(true);
4414 }
4415
4416 } catch (UnableToPerformAlreadyExistsException eUTP) {
4417 if (exceptionIfAlreadyMember) {
4418 throw new GrantPrivilegeAlreadyExistsException(eUTP.getMessage() + errorMessageSuffix, eUTP);
4419 }
4420 } catch (UnableToPerformException eUTP) {
4421 throw new GrantPrivilegeException( eUTP.getMessage() + errorMessageSuffix, eUTP );
4422 }
4423 sw.stop();
4424 if (assignedPrivilege) {
4425 EVENT_LOG.groupGrantPriv(GrouperSession.staticGrouperSession(), Group.this.getName(), subj, priv, sw);
4426 }
4427 return assignedPrivilege;
4428 }
4429 });
4430 }
4431
4432
4433
4434
4435
4436
4437
4438 public boolean hasPrivilege(Subject subject, String privilegeOrListName) {
4439 if (StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.ADMIN.getName())
4440 || StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.ADMIN.getListName())) {
4441 return this.hasAdmin(subject);
4442 }
4443 if (StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.READ.getName())
4444 || StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.READ.getListName())) {
4445 return this.hasRead(subject);
4446 }
4447 if (StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.VIEW.getName())
4448 || StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.VIEW.getListName())) {
4449 return this.hasView(subject);
4450 }
4451 if (StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.UPDATE.getName())
4452 || StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.UPDATE.getListName())) {
4453 return this.hasUpdate(subject);
4454 }
4455 if (StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.GROUP_ATTR_READ.getName())
4456 || StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.GROUP_ATTR_READ.getListName())) {
4457 return this.hasGroupAttrRead(subject);
4458 }
4459 if (StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.GROUP_ATTR_UPDATE.getName())
4460 || StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.GROUP_ATTR_UPDATE.getListName())) {
4461 return this.hasGroupAttrUpdate(subject);
4462 }
4463 if (StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.OPTIN.getName())
4464 || StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.OPTIN.getListName())) {
4465 return this.hasOptin(subject);
4466 }
4467 if (StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.OPTOUT.getName())
4468 || StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.OPTOUT.getListName())) {
4469 return this.hasOptout(subject);
4470 }
4471 throw new RuntimeException("Cant find privilege: '" + privilegeOrListName + "'");
4472
4473 }
4474
4475
4476
4477
4478
4479
4480
4481
4482
4483
4484
4485
4486
4487
4488 public boolean hasAdmin(Subject subj) {
4489 AccessResolver accessResolver = GrouperSession.staticGrouperSession().getAccessResolver();
4490 return accessResolver.hasPrivilege(this, subj, AccessPrivilege.ADMIN);
4491 }
4492
4493
4494
4495
4496
4497
4498
4499
4500
4501
4502
4503
4504
4505
4506 public boolean hasGroupAttrRead(Subject subj) {
4507 AccessResolver accessResolver = GrouperSession.staticGrouperSession().getAccessResolver();
4508 return accessResolver.hasPrivilege(this, subj, AccessPrivilege.GROUP_ATTR_READ);
4509 }
4510
4511
4512
4513
4514
4515
4516
4517
4518
4519
4520
4521
4522
4523
4524 public boolean hasGroupAttrUpdate(Subject subj) {
4525 AccessResolver accessResolver = GrouperSession.staticGrouperSession().getAccessResolver();
4526 return accessResolver.hasPrivilege(this, subj, AccessPrivilege.GROUP_ATTR_UPDATE);
4527 }
4528
4529
4530
4531
4532
4533
4534
4535
4536
4537
4538 public boolean hasComposite() {
4539 return null != GrouperDAOFactory.getFactory().getComposite().findAsOwner( this , false);
4540 }
4541
4542
4543
4544
4545
4546
4547 public boolean isHasComposite() {
4548 return this.hasComposite();
4549 }
4550
4551
4552
4553
4554
4555
4556
4557
4558
4559
4560
4561
4562
4563
4564
4565
4566
4567
4568
4569
4570
4571
4572
4573
4574
4575
4576 public boolean hasEffectiveMember(Subject subj)
4577 throws GrouperException
4578 {
4579 try {
4580 return this.hasEffectiveMember(subj, getDefaultList());
4581 }
4582 catch (SchemaException eS) {
4583
4584 String msg = E.GROUP_NODEFAULTLIST + eS.getMessage();
4585 LOG.fatal(msg);
4586 throw new GrouperException(msg, eS);
4587 }
4588 }
4589
4590
4591
4592
4593
4594
4595
4596
4597
4598
4599
4600
4601
4602
4603
4604
4605
4606
4607
4608
4609
4610
4611
4612
4613
4614
4615
4616 public boolean hasEffectiveMember(Subject subj, Field f)
4617 throws SchemaException
4618 {
4619 boolean rv = false;
4620 Member m = MemberFinder.findBySubject(GrouperSession.staticGrouperSession(), subj, true);
4621 rv = m.isEffectiveMember(this, f);
4622 return rv;
4623 }
4624
4625
4626
4627
4628
4629
4630
4631
4632
4633
4634
4635
4636
4637
4638
4639
4640
4641
4642
4643
4644
4645
4646
4647 public boolean hasImmediateMember(Subject subj)
4648 throws GrouperException
4649 {
4650 try {
4651 return this.hasImmediateMember(subj, getDefaultList());
4652 }
4653 catch (SchemaException eS) {
4654
4655 String msg = E.GROUP_NODEFAULTLIST + eS.getMessage();
4656 LOG.fatal(msg);
4657 throw new GrouperException(msg, eS);
4658 }
4659 }
4660
4661
4662
4663
4664
4665
4666
4667
4668
4669
4670
4671
4672
4673
4674
4675
4676
4677
4678
4679
4680
4681
4682
4683
4684 public boolean hasImmediateMember(Subject subj, Field f)
4685 throws SchemaException
4686 {
4687 boolean rv = false;
4688 Member m = MemberFinder.findBySubject(GrouperSession.staticGrouperSession(), subj, true);
4689 rv = m.isImmediateMember(this, f);
4690 return rv;
4691 }
4692
4693
4694
4695
4696
4697
4698
4699
4700
4701
4702
4703
4704
4705
4706
4707
4708
4709
4710
4711 public boolean hasMember(Subject subj)
4712 throws GrouperException
4713 {
4714 try {
4715 return this.hasMember(subj, getDefaultList());
4716 }
4717 catch (SchemaException eShouldNeverHappen) {
4718
4719 String msg = "this should never happen: default group list not found: " + eShouldNeverHappen.getMessage();
4720 LOG.fatal(msg);
4721 throw new GrouperException(msg, eShouldNeverHappen);
4722 }
4723 }
4724
4725
4726
4727
4728
4729
4730
4731
4732
4733
4734
4735
4736
4737
4738
4739
4740
4741
4742
4743
4744 public boolean hasMember(Subject subj, Field f)
4745 throws SchemaException
4746 {
4747 boolean rv = false;
4748 Member m = MemberFinder.findBySubject(GrouperSession.staticGrouperSession(), subj, true);
4749 rv = m.isMember(this, f);
4750 return rv;
4751 }
4752
4753
4754
4755
4756
4757
4758
4759
4760
4761
4762
4763
4764
4765
4766 public boolean hasOptin(Subject subj) {
4767 return GrouperSession.staticGrouperSession().getAccessResolver().hasPrivilege(this, subj, AccessPrivilege.OPTIN);
4768 }
4769
4770
4771
4772
4773
4774
4775
4776
4777
4778
4779
4780
4781
4782
4783 public boolean hasOptout(Subject subj) {
4784 return GrouperSession.staticGrouperSession().getAccessResolver().hasPrivilege(this, subj, AccessPrivilege.OPTOUT);
4785 }
4786
4787
4788
4789
4790
4791
4792
4793
4794
4795
4796
4797
4798
4799
4800 public boolean hasRead(Subject subj) {
4801 return GrouperSession.staticGrouperSession().getAccessResolver().hasPrivilege(this, subj, AccessPrivilege.READ);
4802 }
4803
4804
4805
4806
4807
4808
4809
4810
4811
4812
4813
4814
4815
4816 public boolean hasType(GroupType type, boolean checkSecurity) {
4817 return this.getTypes(checkSecurity).contains(type);
4818 }
4819
4820
4821
4822
4823
4824
4825
4826
4827
4828
4829
4830
4831 public boolean hasType(GroupType type) {
4832 return this.hasType(type, true);
4833 }
4834
4835
4836
4837
4838
4839
4840
4841
4842
4843
4844
4845
4846
4847
4848 public boolean hasUpdate(Subject subj) {
4849 return GrouperSession.staticGrouperSession().getAccessResolver().hasPrivilege(this, subj, AccessPrivilege.UPDATE);
4850 }
4851
4852
4853
4854
4855
4856
4857
4858
4859
4860
4861
4862
4863
4864
4865 public boolean hasView(Subject subj) {
4866 return GrouperSession.staticGrouperSession().getAccessResolver().hasPrivilege(this, subj, AccessPrivilege.VIEW);
4867 }
4868
4869
4870
4871
4872
4873
4874
4875
4876
4877
4878 public boolean isComposite() {
4879 if ( GrouperDAOFactory.getFactory().getComposite().findAsFactor( this ).size() > 0 ) {
4880 return true;
4881 }
4882 return false;
4883 }
4884
4885
4886
4887
4888
4889
4890
4891
4892
4893
4894
4895
4896
4897
4898
4899
4900
4901
4902
4903 public void revokePriv(Privilege priv)
4904 throws InsufficientPrivilegeException,
4905 RevokePrivilegeException,
4906 SchemaException
4907 {
4908 StopWatch sw = new StopWatch();
4909 sw.start();
4910 if ( !Privilege.isAccess(priv) ) {
4911 throw new SchemaException("attempt to use not access privilege: " + priv);
4912 }
4913 try {
4914 GrouperSession.staticGrouperSession().getAccessResolver().revokePrivilege(this, priv);
4915 }
4916 catch (UnableToPerformException eUTP) {
4917 throw new RevokePrivilegeException( eUTP.getMessage(), eUTP );
4918 }
4919 sw.stop();
4920 EVENT_LOG.groupRevokePriv(GrouperSession.staticGrouperSession(), this.getName(), priv, sw);
4921 }
4922
4923
4924
4925
4926
4927
4928
4929
4930
4931
4932
4933
4934
4935
4936
4937
4938
4939
4940
4941
4942 public void revokePriv(Subject subj, Privilege priv)
4943 throws InsufficientPrivilegeException,
4944 RevokePrivilegeException,
4945 SchemaException
4946 {
4947 revokePriv(subj, priv, true);
4948 }
4949
4950
4951
4952
4953
4954
4955
4956
4957
4958
4959
4960
4961
4962
4963
4964
4965
4966
4967
4968
4969
4970
4971
4972 public boolean revokePriv(final Subject subj, final Privilege priv,
4973 final boolean exceptionIfAlreadyRevoked)
4974 throws InsufficientPrivilegeException,
4975 RevokePrivilegeException, SchemaException {
4976
4977 final StopWatch sw = new StopWatch();
4978 sw.start();
4979
4980 final String errorMessageSuffix = ", group name: " + this.name
4981 + ", subject: " + GrouperUtil.subjectToString(subj) + ", privilege: " + (priv == null ? null : priv.getName());
4982
4983 return (Boolean)HibernateSession.callbackHibernateSession(
4984 GrouperTransactionType.READ_WRITE_OR_USE_EXISTING, AuditControl.WILL_AUDIT,
4985 new HibernateHandler() {
4986
4987 public Object callback(HibernateHandlerBean hibernateHandlerBean)
4988 throws GrouperDAOException {
4989
4990 hibernateHandlerBean.getHibernateSession().setCachingEnabled(false);
4991
4992 boolean wasntAlreadyRevoked = true;
4993 try {
4994 if ( !Privilege.isAccess(priv) ) {
4995 throw new SchemaException("attempt to use not access privilege: " + priv);
4996 }
4997 GrouperSession.staticGrouperSession().getAccessResolver().revokePrivilege(Group.this, subj, priv);
4998
4999 if (!hibernateHandlerBean.isCallerWillCreateAudit()) {
5000
5001 Member member = MemberFinder.findBySubject(GrouperSession.staticGrouperSession(), subj, false);
5002
5003 AuditEntryit/AuditEntry.html#AuditEntry">AuditEntry auditEntry = new AuditEntry(AuditTypeBuiltin.PRIVILEGE_GROUP_DELETE, "privilegeName",
5004 priv.getName(), "memberId", member.getUuid(),
5005 "privilegeType", "access",
5006 "groupId", Group.this.getUuid(), "groupName", Group.this.getName());
5007
5008 auditEntry.setDescription("Deleted privilege: group: " + Group.this.getName()
5009 + ", subject: " + subj.getSource().getId() + "." + subj.getId() + ", privilege: "
5010 + priv.getName());
5011 auditEntry.saveOrUpdate(true);
5012 }
5013
5014 } catch (UnableToPerformAlreadyExistsException eUTP) {
5015 if (exceptionIfAlreadyRevoked) {
5016 throw new RevokePrivilegeAlreadyRevokedException( eUTP.getMessage() + errorMessageSuffix, eUTP );
5017 }
5018 wasntAlreadyRevoked = false;
5019 } catch (UnableToPerformException eUTP) {
5020 throw new RevokePrivilegeException( eUTP.getMessage() + errorMessageSuffix, eUTP );
5021 }
5022 sw.stop();
5023 if (wasntAlreadyRevoked) {
5024 EVENT_LOG.groupRevokePriv(GrouperSession.staticGrouperSession(), Group.this.getName(), subj, priv, sw);
5025 }
5026 return wasntAlreadyRevoked;
5027 }
5028 });
5029 }
5030
5031
5032
5033
5034
5035
5036
5037
5038
5039
5040
5041
5042
5043
5044
5045
5046
5047
5048
5049
5050
5051
5052
5053
5054 public void setAttribute(final String attributeName, final String value)
5055 throws AttributeNotFoundException,
5056 GroupModifyException,
5057 InsufficientPrivilegeException {
5058 setAttribute(attributeName, value, true);
5059 }
5060
5061
5062
5063
5064
5065
5066
5067
5068
5069
5070
5071
5072
5073
5074
5075
5076
5077
5078
5079
5080
5081
5082
5083
5084
5085 public void setAttribute(final String attributeName, final String value, final boolean checkPrivileges)
5086 throws AttributeNotFoundException,
5087 GroupModifyException,
5088 InsufficientPrivilegeException {
5089 this.internal_setAttribute(attributeName, value, checkPrivileges, null);
5090 }
5091
5092
5093
5094
5095
5096
5097
5098
5099
5100
5101
5102
5103
5104
5105
5106
5107
5108
5109
5110
5111
5112
5113
5114
5115
5116
5117 public Attribute internal_setAttribute(final String attributeName, final String value, final boolean checkPrivileges, final String uuid)
5118 throws AttributeNotFoundException,
5119 GroupModifyException,
5120 InsufficientPrivilegeException {
5121
5122 return (Attribute)HibernateSession.callbackHibernateSession(
5123 GrouperTransactionType.READ_WRITE_OR_USE_EXISTING, AuditControl.WILL_AUDIT,
5124 new HibernateHandler() {
5125
5126 public Object callback(HibernateHandlerBean hibernateHandlerBean)
5127 throws GrouperDAOException {
5128 try {
5129
5130 hibernateHandlerBean.getHibernateSession().setCachingEnabled(false);
5131
5132 StopWatch sw = new StopWatch();
5133 sw.start();
5134
5135
5136 GrouperValidator v = NotNullOrEmptyValidator.validate(attributeName);
5137 if (v.isInvalid()) {
5138 throw new AttributeNotFoundException(E.INVALID_ATTR_NAME + attributeName);
5139 }
5140 v = NotNullOrEmptyValidator.validate(value);
5141 if (v.isInvalid()) {
5142 throw new GroupModifyException(E.INVALID_ATTR_VALUE + value);
5143 }
5144
5145 String attributeDefPrefix = GrouperConfig.retrieveConfig().propertyValueStringRequired("legacyAttribute.attributeDef.prefix");
5146 AttributeDefName legacyAttribute = GrouperDAOFactory.getFactory().getAttributeDefName().findLegacyAttributeByName(attributeName, true);
5147 AttributeDef legacyAttributeDef = legacyAttribute.getAttributeDef();
5148 String groupTypeName = legacyAttributeDef.getExtension().substring(attributeDefPrefix.length());
5149
5150 AttributeAssign groupTypeAssignment = Group.this.internal_getGroupTypeAssignments().get(groupTypeName);
5151 if (groupTypeAssignment == null) {
5152 throw new AttributeNotFoundException("Group " + Group.this.getName() + " is not assigned the group type: " + groupTypeName);
5153 }
5154
5155 if (checkPrivileges) {
5156 groupTypeAssignment.getAttributeDelegate().assertCanUpdateAttributeDefName(legacyAttribute);
5157 }
5158
5159
5160
5161
5162
5163
5164
5165
5166
5167
5168
5169
5170
5171
5172
5173
5174
5175
5176
5177
5178
5179
5180
5181
5182
5183
5184
5185 if (HibUtilsMapping.isInsert(Group.this)) {
5186 Group.this.store();
5187 }
5188
5189 Attribute attribute = Group.this.getAttributesMap(false).get(attributeName);
5190 if (attribute != null && StringUtils.equals(attribute.getValue(), value)) {
5191 return null;
5192 }
5193
5194 AuditTypeBuiltin auditTypeBuiltin = AuditTypeBuiltin.GROUP_ATTRIBUTE_UPDATE;
5195 String oldValue = null;
5196 String oldValueName = null;
5197 String verb = "Updated";
5198 if (attribute == null) {
5199 auditTypeBuiltin = AuditTypeBuiltin.GROUP_ATTRIBUTE_ADD;
5200 verb = "inserted";
5201 } else {
5202
5203 oldValue = attribute.getValue();
5204 oldValueName = "oldValue";
5205 }
5206
5207 AttributeAssign newOrExistingAssignment = groupTypeAssignment.getAttributeDelegate().internal_assignAttributeHelper(null, legacyAttribute, false, uuid, null).getAttributeAssign();
5208 AttributeAssignValueValue.html#AttributeAssignValue">AttributeAssignValue newAttributeAssignValue = new AttributeAssignValue();
5209 newAttributeAssignValue.setAttributeAssignId(newOrExistingAssignment.getId());
5210 newAttributeAssignValue.assignValue(value);
5211 AttributeAssignValueResult result = newOrExistingAssignment.getValueDelegate().internal_assignValue(newAttributeAssignValue, false);
5212
5213 Group.this.attributes.put(attributeName, result.getAttributeAssignValue());
5214 attribute = Group.this.getAttributesMap(false).get(attributeName);
5215
5216 sw.stop();
5217 EVENT_LOG.groupSetAttr(GrouperSession.staticGrouperSession(),
5218 Group.this.getName(), attributeName, value, sw);
5219
5220 if (!hibernateHandlerBean.isCallerWillCreateAudit()) {
5221
5222 AuditEntryit/AuditEntry.html#AuditEntry">AuditEntry auditEntry = new AuditEntry(auditTypeBuiltin, "id",
5223 attribute.getId(), "groupId", Group.this.getUuid(),
5224 "groupName", Group.this.getName(), "fieldId", null,
5225 "fieldName", attributeName, "value", attribute.getValue(), oldValueName, oldValue);
5226
5227 auditEntry.setDescription(verb + " group attribute: " + attributeName + " on group: "
5228 + Group.this.getName() + " value: " + attribute.getValue()
5229 + (auditTypeBuiltin == AuditTypeBuiltin.GROUP_ATTRIBUTE_UPDATE ? (", oldValue: " + oldValue) : ""));
5230 auditEntry.saveOrUpdate(true);
5231 }
5232
5233 return attribute;
5234 }
5235 catch (GrouperDAOException eDAO) {
5236 throw new GroupModifyException( eDAO.getMessage(), eDAO );
5237 }
5238 catch (InsufficientPrivilegeException eIP) {
5239 throw eIP;
5240 }
5241 }
5242 });
5243 }
5244
5245
5246
5247
5248 public void store() {
5249
5250 GroupFinder.groupCacheRemove(this);
5251
5252 validate();
5253
5254 if (GrouperLoader.isDryRun()) {
5255 return;
5256 }
5257
5258 HibernateSession.callbackHibernateSession(
5259 GrouperTransactionType.READ_WRITE_OR_USE_EXISTING, AuditControl.WILL_AUDIT,
5260 new HibernateHandler() {
5261
5262 public Object callback(HibernateHandlerBean hibernateHandlerBean)
5263 throws GrouperDAOException {
5264
5265 hibernateHandlerBean.getHibernateSession().setCachingEnabled(false);
5266
5267 Subject subject = GrouperSession.staticGrouperSession().getSubject();
5268 if (!Group.this.hasAdmin(subject)) {
5269 throw new InsufficientPrivilegeException(GrouperUtil
5270 .subjectToString(subject)
5271 + " is not admin on group: " + Group.this.getName());
5272 }
5273
5274 if (Group.this.dbVersionDifferentFields().contains(FIELD_ALTERNATE_NAME_DB) &&
5275 Group.this.getAlternateNameDb() != null) {
5276
5277
5278
5279
5280 String parentStemName = GrouperUtil.parentStemNameFromName(Group.this.getAlternateNameDb());
5281 if (parentStemName == null || !parentStemName.equals(Group.this.getParentStem().getName())) {
5282 Stem stem = GrouperUtil.getFirstParentStemOfName(Group.this.getAlternateNameDb());
5283
5284 if (!stem.hasCreate(subject) && !stem.hasStemAdmin(subject)) {
5285 throw new InsufficientPrivilegeException(GrouperUtil.subjectToString(subject)
5286 + " cannot create in stem: " + stem.getName());
5287 }
5288 }
5289 }
5290
5291
5292 if (GrouperConfig.retrieveConfig().propertyValueBoolean("grouper.rename.includeExcludeRequireEtc.when.name.changes", true)) {
5293 Group.this.changeDisplayProperties();
5294 }
5295
5296 if (Group.this.dbVersionDifferentFields().contains(FIELD_TYPE_OF_GROUP)) {
5297 TypeOfGroup oldTypeOfGroup = Group.this.dbVersion().getTypeOfGroup();
5298 TypeOfGroup newTypeOfGroup = Group.this.getTypeOfGroup();
5299
5300 if (oldTypeOfGroup.equals(TypeOfGroup.group) && newTypeOfGroup.equals(TypeOfGroup.role)) {
5301
5302 RoleSet existingRoleSet = GrouperDAOFactory.getFactory().getRoleSet().findSelfRoleSet(Group.this.getUuid(), false);
5303 if (existingRoleSet == null) {
5304 RoleSeter/permissions/role/RoleSet.html#RoleSet">RoleSet roleSet = new RoleSet();
5305 roleSet.setId(GrouperUuid.getUuid());
5306 roleSet.setDepth(0);
5307 roleSet.setIfHasRoleId(Group.this.getId());
5308 roleSet.setThenHasRoleId(Group.this.getId());
5309 roleSet.setType(RoleHierarchyType.self);
5310 roleSet.setParentRoleSetId(roleSet.getId());
5311 roleSet.saveOrUpdate();
5312 }
5313 } else if (oldTypeOfGroup.equals(TypeOfGroup.role) && newTypeOfGroup.equals(TypeOfGroup.group)) {
5314
5315 Set<RoleSet> roleSets = GrouperDAOFactory.getFactory().getRoleSet().findByIfHasRoleIdImmediate(Group.this.getUuid());
5316 Iterator<RoleSet> iter = roleSets.iterator();
5317 while (iter.hasNext()) {
5318 RoleSet roleSet = iter.next();
5319 roleSet.getIfHasRole().getRoleInheritanceDelegate().removeRoleFromInheritFromThis(roleSet.getThenHasRole());
5320 }
5321
5322 roleSets = GrouperDAOFactory.getFactory().getRoleSet().findByThenHasRoleIdImmediate(Group.this.getUuid());
5323 iter = roleSets.iterator();
5324 while (iter.hasNext()) {
5325 RoleSet roleSet = iter.next();
5326 roleSet.getIfHasRole().getRoleInheritanceDelegate().removeRoleFromInheritFromThis(roleSet.getThenHasRole());
5327 }
5328
5329 RoleSet selfRoleSet = GrouperDAOFactory.getFactory().getRoleSet().findSelfRoleSet(Group.this.getUuid(), false);
5330 if (selfRoleSet != null) {
5331 selfRoleSet.delete();
5332 }
5333
5334
5335 GrouperSession.internal_callbackRootGrouperSession(new GrouperSessionHandler() {
5336
5337 public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
5338 Set<AttributeAssign> attributeAssigns = GrouperDAOFactory.getFactory().getAttributeAssign().findByOwnerGroupId(Group.this.getUuid());
5339 Iterator<AttributeAssign> attributeAssignsIter = attributeAssigns.iterator();
5340 while (attributeAssignsIter.hasNext()) {
5341 AttributeAssign attributeAssign = attributeAssignsIter.next();
5342 if (attributeAssign.getAttributeDef().getAttributeDefType().equals(AttributeDefType.perm)) {
5343 attributeAssign.delete();
5344 }
5345 }
5346 return null;
5347 }
5348 });
5349
5350 }
5351
5352 }
5353
5354
5355 String differences = GrouperUtil.dbVersionDescribeDifferences(Group.this.dbVersion(),
5356 Group.this, Group.this.dbVersion() != null ? Group.this.dbVersionDifferentFields() : Group.CLONE_FIELDS);
5357
5358 boolean enabling = Group.this.dbVersion() != null && Group.this.isEnabled() && !Group.this.dbVersion().isEnabled();
5359 boolean disabling = Group.this.dbVersion() != null && !Group.this.isEnabled() && Group.this.dbVersion().isEnabled();
5360
5361 GrouperDAOFactory.getFactory().getGroup().update( Group.this );
5362
5363 if (!hibernateHandlerBean.isCallerWillCreateAudit()) {
5364 AuditEntry auditEntry = null;
5365
5366 if (enabling) {
5367 auditEntry = new AuditEntry(AuditTypeBuiltin.GROUP_ENABLE, "id",
5368 Group.this.getUuid(), "name", Group.this.getName(), "parentStemId", Group.this.getParentUuid(),
5369 "displayName", Group.this.getDisplayName(), "description", Group.this.getDescription());
5370 auditEntry.setDescription("Enabled group: " + Group.this.getName() + ", " + differences);
5371 } else if (disabling) {
5372 auditEntry = new AuditEntry(AuditTypeBuiltin.GROUP_DISABLE, "id",
5373 Group.this.getUuid(), "name", Group.this.getName(), "parentStemId", Group.this.getParentUuid(),
5374 "displayName", Group.this.getDisplayName(), "description", Group.this.getDescription());
5375 auditEntry.setDescription("Disabled group: " + Group.this.getName() + ", " + differences);
5376 } else if (Group.this.typeOfGroup == TypeOfGroup.entity) {
5377
5378 auditEntry = new AuditEntry(AuditTypeBuiltin.ENTITY_UPDATE, "id",
5379 Group.this.getUuid(), "name", Group.this.getName(), "parentStemId", Group.this.getParentUuid(),
5380 "displayName", Group.this.getDisplayName(), "description", Group.this.getDescription());
5381 auditEntry.setDescription("Updated entity: " + Group.this.getName() + ", " + differences);
5382
5383 } else {
5384 auditEntry = new AuditEntry(AuditTypeBuiltin.GROUP_UPDATE, "id",
5385 Group.this.getUuid(), "name", Group.this.getName(), "parentStemId", Group.this.getParentUuid(),
5386 "displayName", Group.this.getDisplayName(), "description", Group.this.getDescription());
5387 auditEntry.setDescription("Updated group: " + Group.this.getName() + ", " + differences);
5388
5389 }
5390
5391 auditEntry.saveOrUpdate(true);
5392 }
5393
5394 return null;
5395 }
5396 });
5397
5398 }
5399
5400
5401
5402
5403 public void validate() {
5404
5405
5406
5407 boolean sqlServer = GrouperDdlUtils.isSQLServer();
5408 int maxNameLength = sqlServer ? 900 : 1024;
5409 maxNameLength = GrouperConfig.retrieveConfig().propertyValueInt("grouper.groupName.maxSize", maxNameLength);
5410
5411
5412
5413 if (GrouperUtil.lengthAscii(this.getExtension()) > 255 ) {
5414 throw new GrouperValidationException("Group extension too long: " + GrouperUtil.lengthAscii(this.getExtension()),
5415 VALIDATION_GROUP_EXTENSION_TOO_LONG_KEY, 255, GrouperUtil.lengthAscii(this.getExtension()));
5416 }
5417
5418
5419
5420 if (GrouperUtil.lengthAscii(this.getDisplayExtension()) > 255 ) {
5421 throw new GrouperValidationException("Group display extension too long: " + GrouperUtil.lengthAscii(this.getDisplayExtension()),
5422 VALIDATION_GROUP_DISPLAY_EXTENSION_TOO_LONG_KEY, 255, GrouperUtil.lengthAscii(this.getDisplayExtension()));
5423 }
5424
5425
5426 if (GrouperUtil.lengthAscii(this.getName()) > maxNameLength) {
5427 throw new GrouperValidationException("Group name too long: " + GrouperUtil.lengthAscii(this.getName()),
5428 VALIDATION_GROUP_NAME_TOO_LONG_KEY, maxNameLength, GrouperUtil.lengthAscii(this.getName()));
5429 }
5430
5431
5432
5433 if (GrouperUtil.lengthAscii(this.getDisplayName()) > maxNameLength) {
5434 throw new GrouperValidationException("Group display name too long: " + GrouperUtil.lengthAscii(this.getDisplayName()),
5435 VALIDATION_GROUP_DISPLAY_NAME_TOO_LONG_KEY, maxNameLength, GrouperUtil.lengthAscii(this.getDisplayName()));
5436 }
5437
5438
5439
5440 if (GrouperUtil.lengthAscii(this.getDescription()) > 1024 ) {
5441 throw new GrouperValidationException("Group description too long: " + GrouperUtil.lengthAscii(this.getDescription()),
5442 VALIDATION_GROUP_DESCRIPTION_TOO_LONG_KEY, 1024, GrouperUtil.lengthAscii(this.getDescription()));
5443 }
5444 }
5445
5446
5447
5448
5449
5450
5451
5452
5453
5454
5455
5456
5457
5458
5459
5460
5461
5462
5463 public void setDescription(String value) {
5464 this.description = value;
5465 }
5466
5467
5468
5469
5470
5471 public void setDescriptionDb(String value) {
5472 this.description = value;
5473 }
5474
5475
5476
5477
5478
5479
5480
5481
5482
5483
5484 public void setExtension(String value) {
5485 setExtension(value, true);
5486 }
5487
5488
5489
5490
5491
5492
5493
5494
5495
5496
5497
5498
5499 public void setExtension(String value, boolean assignAlternateName) {
5500 NamingValidator v = NamingValidator.validate(value);
5501 if (v.isInvalid()) {
5502 throw new GroupModifyException( v.getErrorMessage() );
5503 }
5504
5505 String oldExtension = null;
5506 if (this.dbVersion() != null) {
5507 oldExtension = this.dbVersion().getExtensionDb();
5508 }
5509
5510 if (assignAlternateName && oldExtension != null && !oldExtension.equals(value)) {
5511 internal_addAlternateName(this.dbVersion().getNameDb(), false);
5512 }
5513 this.extension = value;
5514 this.setNameDb(U.constructName( this.getParentStem().getName(), value ) );
5515
5516 }
5517
5518
5519
5520
5521
5522 public void setName(String value) {
5523 throw new InsufficientPrivilegeException("group name is system maintained: " + this.name + ", " + value);
5524 }
5525
5526
5527
5528
5529
5530
5531
5532
5533
5534
5535 public void setDisplayExtension(String value) {
5536 NamingValidator v = NamingValidator.validate(value);
5537 if (v.isInvalid()) {
5538 throw new GroupModifyException( v.getErrorMessage() );
5539 }
5540
5541 this.displayExtension = value;
5542 this.setDisplayNameDb(U.constructName( this.getParentStem().getDisplayName(), value ) );
5543
5544 }
5545
5546
5547
5548
5549
5550 public void setDisplayExtensionDb(String value) {
5551 this.displayExtension = value;
5552 }
5553
5554
5555
5556
5557
5558 public void setExtensionDb(String value) {
5559 this.extension = value;
5560 }
5561
5562
5563
5564
5565
5566 public String getDisplayExtensionDb() {
5567 return this.displayExtension;
5568 }
5569
5570
5571
5572
5573
5574 public String getExtensionDb() {
5575 return this.extension;
5576 }
5577
5578
5579
5580
5581
5582 public void setDisplayName(String value) {
5583 throw new InsufficientPrivilegeException("group display name is system maintained: " + this.name + ", " + value);
5584 }
5585
5586
5587
5588
5589
5590
5591
5592
5593
5594
5595 public Member toMember()
5596 throws GrouperException
5597 {
5598 if ( this.cachedMember != null ) {
5599 return this.cachedMember;
5600 }
5601 try {
5602 GrouperSession.validate( GrouperSession.staticGrouperSession() );
5603 Member m = GrouperDAOFactory.getFactory().getMember().findBySubject( this.toSubject(), true );
5604 GrouperSession.staticGrouperSession();
5605 this.cachedMember = m;
5606 return this.cachedMember;
5607 }
5608 catch (MemberNotFoundException eMNF) {
5609
5610
5611 String msg = E.GROUP_G2M + eMNF.getMessage();
5612 LOG.fatal(msg);
5613 throw new GrouperException(msg, eMNF);
5614 }
5615 }
5616
5617
5618
5619
5620
5621
5622
5623
5624
5625
5626 public Subject toSubject()
5627 throws GrouperException
5628 {
5629 if ( this.subjectCache.containsKey(KEY_SUBJECT) ) {
5630 return this.subjectCache.get(KEY_SUBJECT);
5631 }
5632 try {
5633
5634 GrouperSession.internal_callbackRootGrouperSession(new GrouperSessionHandler() {
5635
5636 public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
5637
5638 if (Group.this.getTypeOfGroup() == TypeOfGroup.entity) {
5639 Group.this.subjectCache.put(
5640 KEY_SUBJECT, SubjectFinder.findByIdAndSource( Group.this.getUuid(), SubjectFinder.internal_getEntitySourceAdapter(true).getId(), true )
5641 );
5642
5643 } else {
5644 Group.this.subjectCache.put(
5645 KEY_SUBJECT, SubjectFinder.findByIdAndSource( Group.this.getUuid(), SubjectFinder.internal_getGSA().getId(), true )
5646 );
5647 }
5648 return null;
5649 }
5650 });
5651
5652 return this.subjectCache.get(KEY_SUBJECT);
5653 }
5654 catch (SourceUnavailableException eShouldNeverHappen0) {
5655 String msg = E.GROUP_G2S + eShouldNeverHappen0.getMessage();
5656 LOG.fatal(msg, eShouldNeverHappen0);
5657 throw new GrouperException(msg, eShouldNeverHappen0);
5658 }
5659 catch (SubjectNotFoundException eShouldNeverHappen1) {
5660 String msg = E.GROUP_G2S + eShouldNeverHappen1.getMessage();
5661 LOG.fatal(msg, eShouldNeverHappen1);
5662 throw new GrouperException(msg, eShouldNeverHappen1);
5663 }
5664 catch (SubjectNotUniqueException eShouldNeverHappen2) {
5665 String msg = E.GROUP_G2S + eShouldNeverHappen2.getMessage();
5666 LOG.fatal(msg);
5667 throw new GrouperException(msg, eShouldNeverHappen2);
5668 }
5669 }
5670
5671
5672
5673
5674 public String toString() {
5675
5676 return new ToStringBuilder(this)
5677 .append( "name", this.name)
5678 .append( "uuid", this.getUuid() )
5679 .toString();
5680 }
5681
5682
5683
5684
5685
5686
5687
5688
5689
5690
5691
5692 public boolean internal_canWriteField(Subject subj, Field f)
5693 throws IllegalArgumentException,
5694 SchemaException
5695 {
5696 GrouperValidator v = NotNullValidator.validate(subj);
5697 if (v.isInvalid()) {
5698 throw new IllegalArgumentException( "subject: " + v.getErrorMessage() );
5699 }
5700 v = NotNullValidator.validate(f);
5701 if (v.isInvalid()) {
5702 throw new IllegalArgumentException( "field: " + v.getErrorMessage() );
5703 }
5704 v = FieldTypeValidator.validate(f);
5705 if (v.isInvalid()) {
5706 throw new SchemaException( v.getErrorMessage() );
5707 }
5708 GroupType groupType = f.getGroupType(false);
5709 if (groupType != null && !this.hasType(groupType)) {
5710 throw new SchemaException( E.INVALID_GROUP_TYPE + " for group name: " + this.getName() + ", " + groupType.toString() + ":" + f.getName() );
5711 }
5712 try {
5713 PrivilegeHelper.dispatch( GrouperSession.staticGrouperSession(), this, subj, f.getWritePriv() );
5714 return true;
5715 }
5716 catch (InsufficientPrivilegeException eIP) {
5717 return false;
5718 }
5719 }
5720
5721
5722 @GrouperIgnoreClone @GrouperIgnoreFieldConstant @GrouperIgnoreDbVersion
5723 private boolean dontSetModified = false;
5724
5725
5726
5727
5728
5729 public void setDontSetModified(boolean theDontSetModified) {
5730 this.dontSetModified = theDontSetModified;
5731 }
5732
5733
5734
5735
5736 private void internal_setModifiedIfNeeded() {
5737 if (!dontSetModified) {
5738 this.setModifierUuid( GrouperSession.staticGrouperSession().getMember().getUuid() );
5739 this.setModifyTimeLong( System.currentTimeMillis() );
5740 }
5741 }
5742
5743
5744
5745
5746
5747
5748
5749
5750
5751
5752
5753
5754 public Composite internal_addCompositeMember(final GrouperSession session, final CompositeType type,
5755 final Grouprouper/Group.html#Group">Group left, final Group right, final String uuid) throws InsufficientPrivilegeException, MemberAddException {
5756
5757
5758 if (this.getTypeOfGroup() == TypeOfGroup.entity || left.getTypeOfGroup() == TypeOfGroup.entity
5759 || right.getTypeOfGroup() == TypeOfGroup.entity) {
5760 throw new RuntimeException("Cannot add composite to an entity");
5761 }
5762
5763 final String errorMessageSuffix = ", group name: " + this.name + ", compositeType: " + type
5764 + ", left group name: " + (left == null ? "null" : left.getName())
5765 + ", right group name: " + (right == null ? "null" : right.getName());
5766
5767 return (Composite)HibernateSession.callbackHibernateSession(
5768 GrouperTransactionType.READ_WRITE_OR_USE_EXISTING, AuditControl.WILL_AUDIT,
5769 new HibernateHandler() {
5770
5771 public Object callback(HibernateHandlerBean hibernateHandlerBean)
5772 throws GrouperDAOException {
5773 try {
5774
5775 hibernateHandlerBean.getHibernateSession().setCachingEnabled(false);
5776
5777 StopWatch sw = new StopWatch();
5778 sw.start();
5779
5780 PrivilegeHelper.dispatch(session, Group.this, session.getSubject(), Group
5781 .getDefaultList().getWritePriv());
5782 PrivilegeHelper.dispatch(session, left, session.getSubject(), Group
5783 .getDefaultList().getReadPriv());
5784 PrivilegeHelper.dispatch(session, right, session.getSubject(), Group
5785 .getDefaultList().getReadPriv());
5786
5787 Compositerouper/Composite.html#Composite">Composite c = new Composite();
5788 c.setCreateTime(new Date().getTime());
5789 c.setCreatorUuid(session.getMember().getUuid());
5790 c.setFactorOwnerUuid(Group.this.getUuid());
5791 c.setLeftFactorUuid(left.getUuid());
5792 c.setRightFactorUuid(right.getUuid());
5793 c.setTypeDb(type.toString());
5794 c.setUuid(StringUtils.isBlank(uuid) ? GrouperUuid.getUuid() : uuid);
5795 CompositeValidator vComp = CompositeValidator.validate(c);
5796 if (vComp.isInvalid()) {
5797 throw new MemberAddException(vComp.getErrorMessage() + ", " + errorMessageSuffix);
5798 }
5799
5800 AddCompositeMemberValidator vAdd = AddCompositeMemberValidator.validate(Group.this);
5801 if (vAdd.isInvalid()) {
5802 throw new MemberAddException(vAdd.getErrorMessage() + ", " + errorMessageSuffix);
5803 }
5804
5805 GrouperDAOFactory.getFactory().getComposite().save(c);
5806 EVENT_LOG.groupAddComposite(session, c, sw);
5807
5808 if (!hibernateHandlerBean.isCallerWillCreateAudit()) {
5809
5810 AuditEntryit/AuditEntry.html#AuditEntry">AuditEntry auditEntry = new AuditEntry(AuditTypeBuiltin.GROUP_COMPOSITE_ADD, "id",
5811 c.getUuid(), "ownerId", Group.this.getUuid(), "ownerName", Group.this.getName(), "leftFactorId",
5812 left.getUuid(), "leftFactorName", left.getName(), "rightFactorId", right.getUuid(),
5813 "rightFactorName", right.getName(), "type", type.toString());
5814 auditEntry.setDescription("Added composite: " + Group.this.getName() + " is "
5815 + left.getName() + " " + type.toString() + " " + right.getName());
5816 auditEntry.saveOrUpdate(true);
5817 }
5818
5819
5820
5821
5822
5823 Set<Membership> immediateMemberships = GrouperDAOFactory.getFactory().getMembership().findAllMembershipEntriesByGroupOwnerAndFieldAndType(Group.this.getUuid(), Group.getDefaultList(), "immediate", false);
5824 if (immediateMemberships.size() > 0) {
5825 throw new IllegalStateException("Immediate memberships were added to this group (name=" + Group.this.getName() + ") while making it a composite group");
5826 }
5827
5828 sw.stop();
5829 return c;
5830 } catch (SchemaException eS) {
5831 GrouperUtil.injectInException(eS, errorMessageSuffix);
5832 throw new MemberAddException(eS);
5833 } catch (RuntimeException re) {
5834 GrouperUtil.injectInException(re, errorMessageSuffix);
5835 throw re;
5836 }
5837 }
5838 });
5839 }
5840
5841
5842
5843
5844
5845
5846
5847 private void _revokeAllAccessPrivs()
5848 throws InsufficientPrivilegeException,
5849 RevokePrivilegeException,
5850 SchemaException {
5851
5852 try {
5853 GrouperSession.callbackGrouperSession(GrouperSession.staticGrouperSession().internal_getRootSession(), new GrouperSessionHandler() {
5854
5855 public Object callback(GrouperSession grouperSession)
5856 throws GrouperSessionException {
5857 try {
5858 Group.this.revokePriv(AccessPrivilege.ADMIN);
5859 Group.this.revokePriv(AccessPrivilege.OPTIN);
5860 Group.this.revokePriv(AccessPrivilege.OPTOUT);
5861 Group.this.revokePriv(AccessPrivilege.READ);
5862 Group.this.revokePriv(AccessPrivilege.UPDATE);
5863 Group.this.revokePriv(AccessPrivilege.VIEW);
5864 Group.this.revokePriv(AccessPrivilege.GROUP_ATTR_READ);
5865 Group.this.revokePriv(AccessPrivilege.GROUP_ATTR_UPDATE);
5866 } catch (InsufficientPrivilegeException ipe) {
5867 throw new GrouperSessionException(ipe);
5868 } catch (SchemaException ipe) {
5869 throw new GrouperSessionException(ipe);
5870 } catch (RevokePrivilegeException ipe) {
5871 throw new GrouperSessionException(ipe);
5872 }
5873 return null;
5874 }
5875
5876 });
5877 } catch (GrouperSessionException gse) {
5878 if (gse.getCause() instanceof InsufficientPrivilegeException) {
5879 throw (InsufficientPrivilegeException)gse.getCause();
5880 }
5881 if (gse.getCause() instanceof SchemaException) {
5882 throw (SchemaException)gse.getCause();
5883 }
5884 if (gse.getCause() instanceof RevokePrivilegeException) {
5885 throw (RevokePrivilegeException)gse.getCause();
5886 }
5887 throw gse;
5888 }
5889
5890
5891 }
5892
5893
5894
5895
5896
5897
5898 public Set<String> dbVersionDifferentFields() {
5899 return dbVersionDifferentFields(true);
5900
5901 }
5902
5903
5904
5905
5906
5907
5908
5909
5910 public Set<String> dbVersionDifferentFields(boolean failIfNull) {
5911 if (this.dbVersion == null) {
5912 if (failIfNull) {
5913 throw new RuntimeException("State was never stored from db");
5914 }
5915 return null;
5916 }
5917
5918 Set<String> result = GrouperUtil.compareObjectFields(this, this.dbVersion,
5919 DB_VERSION_FIELDS, null);
5920
5921 return result;
5922 }
5923
5924
5925
5926
5927 @Override
5928 public void dbVersionReset() {
5929
5930 this.dbVersion = GrouperUtil.clone(this, DB_VERSION_FIELDS);
5931 }
5932
5933
5934
5935
5936 @Override
5937 public Group clone() {
5938 return GrouperUtil.clone(this, CLONE_FIELDS);
5939 }
5940
5941
5942
5943
5944
5945 public boolean equals(Object other) {
5946 if (this == other) {
5947 return true;
5948 }
5949 if (!(other instanceof Group)) {
5950 return false;
5951 }
5952 return new EqualsBuilder()
5953 .append( this.getName(), ( (Group) other ).getName() )
5954 .isEquals();
5955 }
5956
5957
5958
5959
5960
5961 public static void initData(Collection<Group> groups) {
5962
5963 Collection<String> groupIds = new HashSet<String>();
5964
5965 for (Group group : GrouperUtil.nonNull(groups)) {
5966 if (group.attributes == null) {
5967 groupIds.add(group.getId());
5968 }
5969 }
5970
5971 if (GrouperUtil.length(groupIds) == 0) {
5972 return;
5973 }
5974
5975 Map<String, Map<String, AttributeAssignValue>> results = GrouperDAOFactory
5976 .getFactory().getAttributeAssignValue().findLegacyAttributesByGroupIds(groupIds);
5977
5978 for (Group group : GrouperUtil.nonNull(groups)) {
5979 if (group.attributes == null) {
5980 Map<String, AttributeAssignValue> theAttributes = results.get(group.getId());
5981 group.attributes = theAttributes;
5982 }
5983 }
5984
5985 }
5986
5987
5988
5989
5990
5991
5992
5993
5994
5995
5996 public Map<String, Attribute> getAttributesMap(boolean checkSecurity) {
5997
5998 if (this.attributes == null) {
5999 this.attributes = GrouperDAOFactory.getFactory().getAttributeAssignValue().findLegacyAttributesByGroupId(this.getUuid());
6000 }
6001
6002 Map<String, Attribute> results = new HashMap<String, Attribute>();
6003 for (String name : this.attributes.keySet()) {
6004 AttributeAssignValue value = this.attributes.get(name);
6005
6006 try {
6007 if (checkSecurity) {
6008 value.getAttributeAssign().getOwnerAttributeAssign().getAttributeDelegate().assertCanReadAttributeDef(value.getAttributeAssign().getAttributeDef());
6009 }
6010
6011 results.put(name, Attribute.internal_getAttribute(value, this, true));
6012 } catch (InsufficientPrivilegeException e) {
6013
6014 } catch (AttributeDefNotFoundException e) {
6015
6016 }
6017 }
6018
6019 return results;
6020 }
6021
6022
6023
6024
6025
6026
6027
6028
6029 @Deprecated
6030 public Map<String, String> getAttributesDb() {
6031
6032
6033
6034
6035
6036
6037
6038
6039
6040
6041
6042
6043
6044
6045
6046
6047
6048
6049
6050
6051
6052
6053
6054
6055
6056
6057 Map<String, Attribute> results = this.getAttributesMap(false);
6058
6059 Map<String, String> map = new HashMap<String, String>();
6060 for (String key : results.keySet()) {
6061 map.put(key, results.get(key).getValue());
6062 }
6063 return map;
6064 }
6065
6066
6067
6068
6069
6070 public long getCreateTimeLong() {
6071 return this.createTime;
6072 }
6073
6074
6075
6076
6077
6078 public String getCreatorUuid() {
6079 return this.creatorUUID;
6080 }
6081
6082
6083
6084
6085
6086 @Override
6087 public Group dbVersion() {
6088 return (Group)this.dbVersion;
6089 }
6090
6091
6092
6093
6094
6095 public String getModifierUuid() {
6096 return this.modifierUUID;
6097 }
6098
6099
6100
6101
6102
6103 public long getModifyTimeLong() {
6104 return this.modifyTime;
6105 }
6106
6107
6108
6109
6110
6111 public String getParentUuid() {
6112 return this.parentUuid;
6113 }
6114
6115
6116
6117
6118
6119 public String getUuid() {
6120 return this.uuid;
6121 }
6122
6123
6124
6125
6126
6127 public int hashCode() {
6128 return new HashCodeBuilder()
6129 .append( this.getName() )
6130 .toHashCode();
6131 }
6132
6133
6134
6135
6136
6137 @Override
6138 public boolean onDelete(Session hs)
6139 throws CallbackException {
6140 GrouperDAOFactory.getFactory().getGroup().putInExistsCache( this.getUuid(), false );
6141 GroupFinder.groupCacheRemove(this);
6142 return Lifecycle.NO_VETO;
6143 }
6144
6145
6146
6147
6148
6149
6150
6151
6152
6153
6154
6155
6156
6157
6158
6159
6160
6161
6162
6163
6164
6165
6166
6167
6168
6169
6170
6171
6172
6173
6174
6175
6176
6177
6178
6179
6180
6181
6182
6183
6184
6185
6186
6187
6188
6189
6190
6191
6192
6193 @Override
6194 public void onPostSave(HibernateSession hibernateSession) {
6195 super.onPostSave(hibernateSession);
6196
6197 if (this.isEnabled()) {
6198 GrouperHooksUtils.callHooksIfRegistered(this, GrouperHookType.GROUP,
6199 GroupHooks.METHOD_GROUP_POST_INSERT, HooksGroupBean.class,
6200 this, Group.class, VetoTypeGrouper.GROUP_POST_INSERT, true, false);
6201
6202
6203 GrouperHooksUtils.schedulePostCommitHooksIfRegistered(GrouperHookType.GROUP,
6204 GroupHooks.METHOD_GROUP_POST_COMMIT_INSERT, HooksGroupBean.class,
6205 this, Group.class);
6206
6207 InstrumentationThread.addCount(InstrumentationDataBuiltinTypes.API_GROUP_ADD.name());
6208
6209 PerformanceLogger.performanceTimingGate(GroupSave.PERFORMANCE_LOG_LABEL, "postSaveHook");
6210
6211 }
6212 }
6213
6214
6215
6216
6217 public void onPostUpdate(HibernateSession hibernateSession) {
6218
6219 if (this.dbVersionDifferentFields().contains(FIELD_NAME)) {
6220 GrouperSession.callbackGrouperSession(GrouperSession.staticGrouperSession().internal_getRootSession(), new GrouperSessionHandler() {
6221
6222
6223
6224
6225 public Object callback(GrouperSession rootSession) throws GrouperSessionException {
6226
6227
6228 if (Group.this.getTypeOfGroup() == TypeOfGroup.entity) {
6229 String oldPrefix = GrouperUtil.parentStemNameFromName(Group.this.dbVersion().getName()) + ":";
6230 String newPrefix = GrouperUtil.parentStemNameFromName(Group.this.getName()) + ":";
6231
6232 if (!oldPrefix.equals(newPrefix)) {
6233 String subjectIdentifier = Group.this.getAttributeValueDelegate().retrieveValueString(EntityUtils.entitySubjectIdentifierName());
6234 if (subjectIdentifier != null && subjectIdentifier.startsWith(oldPrefix)) {
6235 subjectIdentifier = newPrefix + subjectIdentifier.substring(oldPrefix.length());
6236 Group.this.getAttributeValueDelegate().assignValue(EntityUtils.entitySubjectIdentifierName(), subjectIdentifier);
6237 }
6238 }
6239 }
6240
6241
6242 Set<RuleDefinition> definitions = RuleEngine.ruleEngine().getRuleDefinitions();
6243 for (RuleDefinition definition : definitions) {
6244 if (definition.getCheck() != null && definition.getCheck().checkTypeEnum() != null &&
6245 definition.getCheck().checkTypeEnum().isCheckOwnerTypeGroup(definition) && Group.this.dbVersion().getName().equals(definition.getCheck().getCheckOwnerName())) {
6246 definition.getAttributeAssignType().getAttributeValueDelegate().assignValue(RuleUtils.ruleCheckOwnerNameName(), Group.this.getName());
6247 }
6248
6249 if (definition.getIfCondition() != null && definition.getIfCondition().ifConditionEnum() != null &&
6250 definition.getIfCondition().ifConditionEnum().isIfOwnerTypeGroup(definition) && Group.this.dbVersion().getName().equals(definition.getIfCondition().getIfOwnerName())) {
6251 definition.getAttributeAssignType().getAttributeValueDelegate().assignValue(RuleUtils.ruleIfOwnerNameName(), Group.this.getName());
6252 }
6253
6254
6255 RuleThenEnum ruleThenEnum = definition.getThen().thenEnum();
6256 if ((ruleThenEnum == RuleThenEnum.assignGroupPrivilegeToGroupId ||
6257 ruleThenEnum == RuleThenEnum.assignStemPrivilegeToStemId ||
6258 ruleThenEnum == RuleThenEnum.assignAttributeDefPrivilegeToAttributeDefId) &&
6259 definition.getThen().getThenEnumArg0().endsWith(Group.this.dbVersion().getName())) {
6260
6261 String prefix = definition.getThen().getThenEnumArg0().substring(0, definition.getThen().getThenEnumArg0().length() - Group.this.dbVersion().getName().length());
6262 if (prefix.trim().isEmpty() || prefix.trim().endsWith("::")) {
6263 definition.getAttributeAssignType().getAttributeValueDelegate().assignValue(RuleUtils.ruleThenEnumArg0Name(), prefix + Group.this.getName());
6264 }
6265 }
6266 }
6267
6268 return null;
6269 }
6270 });
6271 }
6272
6273 boolean enabling = Group.this.dbVersion() != null && Group.this.isEnabled() && !Group.this.dbVersion().isEnabled();
6274 boolean disabling = Group.this.dbVersion() != null && !Group.this.isEnabled() && Group.this.dbVersion().isEnabled();
6275
6276 Group oldDbVersion = Group.this.dbVersion();
6277
6278 super.onPostUpdate(hibernateSession);
6279
6280 if (disabling) {
6281 GrouperHooksUtils.schedulePostCommitHooksIfRegistered(GrouperHookType.GROUP,
6282 GroupHooks.METHOD_GROUP_POST_COMMIT_DELETE, HooksGroupBean.class,
6283 this, Group.class);
6284
6285 GrouperHooksUtils.callHooksIfRegistered(this, GrouperHookType.GROUP,
6286 GroupHooks.METHOD_GROUP_POST_DELETE, HooksGroupBean.class,
6287 this, Group.class, VetoTypeGrouper.GROUP_POST_DELETE, true, false);
6288
6289 InstrumentationThread.addCount(InstrumentationDataBuiltinTypes.API_GROUP_DELETE.name());
6290
6291 if (this.getTypeOfGroup() == TypeOfGroup.entity) {
6292
6293
6294 new ChangeLogEntry(true, ChangeLogTypeBuiltin.ENTITY_DISABLE,
6295 ChangeLogLabels.ENTITY_DISABLE.id.name(),
6296 this.getUuid(), ChangeLogLabels.ENTITY_DISABLE.name.name(),
6297 this.getName(), ChangeLogLabels.ENTITY_DISABLE.parentStemId.name(), this.getParentUuid(),
6298 ChangeLogLabels.ENTITY_DISABLE.displayName.name(), this.getDisplayName(),
6299 ChangeLogLabels.ENTITY_DISABLE.description.name(), this.getDescription()).save();
6300 } else {
6301
6302
6303 new ChangeLogEntry(true, ChangeLogTypeBuiltin.GROUP_DISABLE,
6304 ChangeLogLabels.GROUP_DISABLE.id.name(),
6305 this.getUuid(), ChangeLogLabels.GROUP_DISABLE.name.name(),
6306 this.getName(), ChangeLogLabels.GROUP_DISABLE.parentStemId.name(), this.getParentUuid(),
6307 ChangeLogLabels.GROUP_DISABLE.displayName.name(), this.getDisplayName(),
6308 ChangeLogLabels.GROUP_DISABLE.description.name(), this.getDescription(),
6309 ChangeLogLabels.GROUP_DISABLE.idIndex.name(), "" + this.getIdIndex()).save();
6310 }
6311
6312
6313 Set<Membership> membershipsToDisable = GrouperDAOFactory.getFactory().getMembership().findAllByGroupOwnerAndDepth(this.uuid, 0, true);
6314 membershipsToDisable.addAll(GrouperDAOFactory.getFactory().getMembership().findAllByMemberAndDepth(this.toMember().getUuid(), 0, true));
6315 for (Membership membershipToDisable : membershipsToDisable) {
6316 if (this.uuid.equals(membershipToDisable.getOwnerGroupId())) {
6317
6318 if (membershipToDisable.getField().equals(AccessPrivilege.ADMIN.getField())) {
6319 continue;
6320 }
6321
6322 membershipToDisable.setOwnerGroup(this);
6323 }
6324 membershipToDisable.setEnabled(false);
6325 GrouperDAOFactory.getFactory().getMembership().update(membershipToDisable);
6326 }
6327
6328
6329 Set<AttributeAssign> assignmentsToDisable = new LinkedHashSet<AttributeAssign>();
6330 assignmentsToDisable.addAll(GrouperDAOFactory.getFactory().getAttributeAssign().findByOwnerGroupId(this.uuid));
6331 assignmentsToDisable.addAll(GrouperDAOFactory.getFactory().getAttributeAssign().findByOwnerMemberId(this.toMember().getUuid()));
6332
6333 for (AttributeAssign assignmentToDisable : assignmentsToDisable) {
6334 assignmentToDisable.setEnabled(false);
6335 assignmentToDisable.saveOrUpdate(false);
6336 }
6337
6338 if (this.getTypeOfGroup() == TypeOfGroup.entity) {
6339 new ChangeLogEntry(true, ChangeLogTypeBuiltin.ENTITY_DELETE,
6340 ChangeLogLabels.ENTITY_DELETE.id.name(),
6341 this.getUuid(), ChangeLogLabels.ENTITY_DELETE.name.name(),
6342 this.getName(), ChangeLogLabels.ENTITY_DELETE.parentStemId.name(), this.getParentUuid(),
6343 ChangeLogLabels.ENTITY_DELETE.displayName.name(), this.getDisplayName(),
6344 ChangeLogLabels.ENTITY_DELETE.description.name(), this.getDescription()).save();
6345 } else {
6346 new ChangeLogEntry(true, ChangeLogTypeBuiltin.GROUP_DELETE,
6347 ChangeLogLabels.GROUP_DELETE.id.name(),
6348 this.getUuid(), ChangeLogLabels.GROUP_DELETE.name.name(),
6349 this.getName(), ChangeLogLabels.GROUP_DELETE.parentStemId.name(), this.getParentUuid(),
6350 ChangeLogLabels.GROUP_DELETE.displayName.name(), this.getDisplayName(),
6351 ChangeLogLabels.GROUP_DELETE.description.name(), this.getDescription(),
6352 ChangeLogLabels.GROUP_DELETE.idIndex.name(), "" + this.getIdIndex()).save();
6353 }
6354 } else if (enabling) {
6355 GrouperHooksUtils.callHooksIfRegistered(this, GrouperHookType.GROUP,
6356 GroupHooks.METHOD_GROUP_POST_INSERT, HooksGroupBean.class,
6357 this, Group.class, VetoTypeGrouper.GROUP_POST_INSERT, true, false);
6358
6359
6360 GrouperHooksUtils.schedulePostCommitHooksIfRegistered(GrouperHookType.GROUP,
6361 GroupHooks.METHOD_GROUP_POST_COMMIT_INSERT, HooksGroupBean.class,
6362 this, Group.class);
6363
6364 InstrumentationThread.addCount(InstrumentationDataBuiltinTypes.API_GROUP_ADD.name());
6365
6366 if (this.getTypeOfGroup() == TypeOfGroup.entity) {
6367
6368
6369 new ChangeLogEntry(true, ChangeLogTypeBuiltin.ENTITY_ENABLE,
6370 ChangeLogLabels.ENTITY_ENABLE.id.name(),
6371 this.getUuid(), ChangeLogLabels.ENTITY_ENABLE.name.name(),
6372 this.getName(), ChangeLogLabels.ENTITY_ENABLE.parentStemId.name(), this.getParentUuid(),
6373 ChangeLogLabels.ENTITY_ENABLE.displayName.name(), this.getDisplayName(),
6374 ChangeLogLabels.ENTITY_ENABLE.description.name(), this.getDescription()).save();
6375
6376 new ChangeLogEntry(true, ChangeLogTypeBuiltin.ENTITY_ADD,
6377 ChangeLogLabels.ENTITY_ADD.id.name(),
6378 this.getUuid(), ChangeLogLabels.ENTITY_ADD.name.name(),
6379 this.getName(), ChangeLogLabels.ENTITY_ADD.parentStemId.name(), this.getParentUuid(),
6380 ChangeLogLabels.ENTITY_ADD.displayName.name(), this.getDisplayName(),
6381 ChangeLogLabels.ENTITY_ADD.description.name(), this.getDescription()).save();
6382
6383 } else {
6384
6385
6386 new ChangeLogEntry(true, ChangeLogTypeBuiltin.GROUP_ENABLE,
6387 ChangeLogLabels.GROUP_ENABLE.id.name(),
6388 this.getUuid(), ChangeLogLabels.GROUP_ENABLE.name.name(),
6389 this.getName(), ChangeLogLabels.GROUP_ENABLE.parentStemId.name(), this.getParentUuid(),
6390 ChangeLogLabels.GROUP_ENABLE.displayName.name(), this.getDisplayName(),
6391 ChangeLogLabels.GROUP_ENABLE.description.name(), this.getDescription(),
6392 ChangeLogLabels.GROUP_ENABLE.idIndex.name(), "" + this.getIdIndex()).save();
6393
6394 new ChangeLogEntry(true, ChangeLogTypeBuiltin.GROUP_ADD,
6395 ChangeLogLabels.GROUP_ADD.id.name(),
6396 this.getUuid(), ChangeLogLabels.GROUP_ADD.name.name(),
6397 this.getName(), ChangeLogLabels.GROUP_ADD.parentStemId.name(), this.getParentUuid(),
6398 ChangeLogLabels.GROUP_ADD.displayName.name(), this.getDisplayName(),
6399 ChangeLogLabels.GROUP_ADD.description.name(), this.getDescription(),
6400 ChangeLogLabels.GROUP_ADD.idIndex.name(), "" + this.getIdIndex()).save();
6401
6402 }
6403
6404
6405 Set<Membership> membershipsToEnable = GrouperDAOFactory.getFactory().getMembership().findAllByGroupOwnerAndDepth(this.uuid, 0, false);
6406 membershipsToEnable.addAll(GrouperDAOFactory.getFactory().getMembership().findAllByMemberAndDepth(this.toMember().getUuid(), 0, false));
6407 for (Membership membershipToEnable : membershipsToEnable) {
6408 if (this.uuid.equals(membershipToEnable.getOwnerGroupId())) {
6409
6410 if (membershipToEnable.getField().equals(AccessPrivilege.ADMIN.getField())) {
6411 continue;
6412 }
6413
6414 membershipToEnable.setOwnerGroup(this);
6415 }
6416
6417 membershipToEnable.setEnabled(membershipToEnable.internal_isEnabledUsingTimestamps());
6418
6419 if (membershipToEnable.isEnabled()) {
6420 GrouperDAOFactory.getFactory().getMembership().update(membershipToEnable);
6421 }
6422 }
6423
6424
6425 Set<AttributeAssign> assignmentsToEnable = new LinkedHashSet<AttributeAssign>();
6426 assignmentsToEnable.addAll(GrouperDAOFactory.getFactory().getAttributeAssign().findByOwnerGroupId(this.uuid));
6427 assignmentsToEnable.addAll(GrouperDAOFactory.getFactory().getAttributeAssign().findByOwnerMemberId(this.toMember().getUuid()));
6428
6429 for (AttributeAssign assignmentToEnable : assignmentsToEnable) {
6430 assignmentToEnable.setEnabled(assignmentToEnable.internal_isEnabledUsingTimestamps());
6431
6432 if (assignmentToEnable.isEnabled()) {
6433 assignmentToEnable.saveOrUpdate(false);
6434 }
6435 }
6436 } else {
6437 GrouperHooksUtils.schedulePostCommitHooksIfRegistered(GrouperHookType.GROUP,
6438 GroupHooks.METHOD_GROUP_POST_COMMIT_UPDATE, HooksGroupBean.class,
6439 this, Group.class);
6440
6441 GrouperHooksUtils.callHooksIfRegistered(this, GrouperHookType.GROUP,
6442 GroupHooks.METHOD_GROUP_POST_UPDATE, HooksGroupBean.class,
6443 this, Group.class, VetoTypeGrouper.GROUP_POST_UPDATE, true, false);
6444
6445 if (this.getTypeOfGroup() == TypeOfGroup.entity) {
6446
6447 ChangeLogEntry.saveTempUpdates(ChangeLogTypeBuiltin.ENTITY_UPDATE,
6448 this, oldDbVersion,
6449 GrouperUtil.toList(ChangeLogLabels.ENTITY_UPDATE.id.name(),this.getUuid(),
6450 ChangeLogLabels.ENTITY_UPDATE.name.name(), this.getName(),
6451 ChangeLogLabels.ENTITY_UPDATE.parentStemId.name(), this.getParentUuid(),
6452 ChangeLogLabels.ENTITY_UPDATE.displayName.name(), this.getDisplayName(),
6453 ChangeLogLabels.ENTITY_UPDATE.description.name(), this.getDescription()),
6454 GrouperUtil.toList(FIELD_NAME, FIELD_PARENT_UUID, FIELD_DESCRIPTION, FIELD_DISPLAY_EXTENSION),
6455 GrouperUtil.toList(ChangeLogLabels.GROUP_UPDATE.name.name(),
6456 ChangeLogLabels.ENTITY_UPDATE.parentStemId.name(),
6457 ChangeLogLabels.ENTITY_UPDATE.description.name(),
6458 ChangeLogLabels.ENTITY_UPDATE.displayExtension.name()));
6459 } else {
6460
6461 ChangeLogEntry.saveTempUpdates(ChangeLogTypeBuiltin.GROUP_UPDATE,
6462 this, oldDbVersion,
6463 GrouperUtil.toList(ChangeLogLabels.GROUP_UPDATE.id.name(),this.getUuid(),
6464 ChangeLogLabels.GROUP_UPDATE.name.name(), this.getName(),
6465 ChangeLogLabels.GROUP_UPDATE.parentStemId.name(), this.getParentUuid(),
6466 ChangeLogLabels.GROUP_UPDATE.displayName.name(), this.getDisplayName(),
6467 ChangeLogLabels.GROUP_UPDATE.description.name(), this.getDescription()),
6468 GrouperUtil.toList(FIELD_NAME, FIELD_PARENT_UUID, FIELD_DESCRIPTION, FIELD_DISPLAY_EXTENSION, FIELD_DISPLAY_NAME),
6469 GrouperUtil.toList(ChangeLogLabels.GROUP_UPDATE.name.name(),
6470 ChangeLogLabels.GROUP_UPDATE.parentStemId.name(),
6471 ChangeLogLabels.GROUP_UPDATE.description.name(),
6472 ChangeLogLabels.GROUP_UPDATE.displayExtension.name(),
6473 ChangeLogLabels.GROUP_UPDATE.displayName.name()
6474 ));
6475
6476 }
6477 }
6478
6479
6480 this.toMember().updateMemberAttributes(new GrouperSubject(this), true);
6481 }
6482
6483
6484
6485
6486 private Long lastMembershipChangeDb;
6487
6488
6489
6490
6491
6492 public Long getLastMembershipChangeDb() {
6493 return this.lastMembershipChangeDb;
6494 }
6495
6496
6497
6498
6499
6500 public void setLastMembershipChangeDb(Long theMembershipLastChange) {
6501 this.lastMembershipChangeDb = theMembershipLastChange;
6502 }
6503
6504
6505
6506
6507
6508 public Timestamp getLastMembershipChange() {
6509 return this.lastMembershipChangeDb == null ? null : new Timestamp(this.lastMembershipChangeDb);
6510 }
6511
6512
6513
6514
6515 private Long lastImmediateMembershipChangeDb;
6516
6517
6518
6519
6520
6521 public Long getLastImmediateMembershipChangeDb() {
6522 return this.lastImmediateMembershipChangeDb;
6523 }
6524
6525
6526
6527
6528
6529 public void setLastImmediateMembershipChangeDb(Long theImmediateMembershipLastChange) {
6530 this.lastImmediateMembershipChangeDb = theImmediateMembershipLastChange;
6531 }
6532
6533
6534
6535
6536
6537 public Timestamp getLastImmediateMembershipChange() {
6538 return this.lastImmediateMembershipChangeDb == null ? null : new Timestamp(this.lastImmediateMembershipChangeDb);
6539 }
6540
6541
6542
6543
6544
6545
6546 public String getAlternateNameDb() {
6547 return this.alternateNameDb;
6548 }
6549
6550
6551
6552
6553
6554 public String getAlternateName() {
6555 return this.alternateNameDb;
6556 }
6557
6558
6559
6560
6561
6562 public void setAlternateNameDb(String alternateName) {
6563 this.alternateNameDb = alternateName;
6564 this.alternateNames = null;
6565 }
6566
6567
6568 private Set<String> alternateNames = null;
6569
6570
6571
6572
6573
6574
6575 public Set<String> getAlternateNames() {
6576
6577
6578 if (this.alternateNames == null) {
6579 this.alternateNames = new LinkedHashSet<String>();
6580 if (!StringUtils.isBlank(this.alternateNameDb)) {
6581 this.alternateNames.add(this.alternateNameDb);
6582 }
6583 this.alternateNames = Collections.unmodifiableSet(this.alternateNames);
6584 }
6585 return this.alternateNames;
6586 }
6587
6588
6589
6590
6591
6592
6593
6594 public void addAlternateName(String alternateName) {
6595 internal_addAlternateName(alternateName, true);
6596 }
6597
6598
6599
6600
6601
6602
6603
6604
6605 protected void internal_addAlternateName(String alternateName, boolean validateName) {
6606
6607 if (validateName) {
6608 GrouperValidator v = AddAlternateGroupNameValidator.validate(alternateName);
6609
6610 if (v.isInvalid()) {
6611 throw new GroupModifyException(v.getErrorMessage() + ": " + alternateName);
6612 }
6613 }
6614
6615 this.alternateNameDb = alternateName;
6616 }
6617
6618
6619
6620
6621
6622
6623 public boolean deleteAlternateName(String alternateName) {
6624 if (alternateName.equals(this.alternateNameDb)) {
6625 this.alternateNameDb = null;
6626 return true;
6627 }
6628
6629 return false;
6630 }
6631
6632
6633
6634
6635
6636 @Override
6637 public void onPostDelete(HibernateSession hibernateSession) {
6638 super.onPostDelete(hibernateSession);
6639
6640 GrouperHooksUtils.schedulePostCommitHooksIfRegistered(GrouperHookType.GROUP,
6641 GroupHooks.METHOD_GROUP_POST_COMMIT_DELETE, HooksGroupBean.class,
6642 this, Group.class);
6643
6644 GrouperHooksUtils.callHooksIfRegistered(this, GrouperHookType.GROUP,
6645 GroupHooks.METHOD_GROUP_POST_DELETE, HooksGroupBean.class,
6646 this, Group.class, VetoTypeGrouper.GROUP_POST_DELETE, false, true);
6647
6648 InstrumentationThread.addCount(InstrumentationDataBuiltinTypes.API_GROUP_DELETE.name());
6649 }
6650
6651
6652
6653
6654
6655 @Override
6656 public void onPreSave(HibernateSession hibernateSession) {
6657 super.onPreSave(hibernateSession);
6658
6659 this.internal_setModifiedIfNeeded();
6660
6661 if (this.idIndex == null) {
6662 this.idIndex = TableIndex.reserveId(TableIndexType.group);
6663 }
6664
6665 if (!this.isEnabled()) {
6666
6667 throw new RuntimeException("Group must be enabled on creation for now");
6668 }
6669
6670 GrouperHooksUtils.callHooksIfRegistered(this, GrouperHookType.GROUP,
6671 GroupHooks.METHOD_GROUP_PRE_INSERT, HooksGroupBean.class,
6672 this, Group.class, VetoTypeGrouper.GROUP_PRE_INSERT, false, false);
6673
6674 PerformanceLogger.performanceTimingGate(GroupSave.PERFORMANCE_LOG_LABEL, "preSaveHook");
6675
6676 if (this.getTypeOfGroup() == TypeOfGroup.entity) {
6677
6678
6679 new ChangeLogEntry(true, ChangeLogTypeBuiltin.ENTITY_ADD,
6680 ChangeLogLabels.ENTITY_ADD.id.name(),
6681 this.getUuid(), ChangeLogLabels.ENTITY_ADD.name.name(),
6682 this.getName(), ChangeLogLabels.ENTITY_ADD.parentStemId.name(), this.getParentUuid(),
6683 ChangeLogLabels.ENTITY_ADD.displayName.name(), this.getDisplayName(),
6684 ChangeLogLabels.ENTITY_ADD.description.name(), this.getDescription()).save();
6685
6686 } else {
6687
6688
6689 new ChangeLogEntry(true, ChangeLogTypeBuiltin.GROUP_ADD,
6690 ChangeLogLabels.GROUP_ADD.id.name(),
6691 this.getUuid(), ChangeLogLabels.GROUP_ADD.name.name(),
6692 this.getName(), ChangeLogLabels.GROUP_ADD.parentStemId.name(), this.getParentUuid(),
6693 ChangeLogLabels.GROUP_ADD.displayName.name(), this.getDisplayName(),
6694 ChangeLogLabels.GROUP_ADD.description.name(), this.getDescription(),
6695 ChangeLogLabels.GROUP_ADD.idIndex.name(), "" + this.getIdIndex()).save();
6696
6697 }
6698 PerformanceLogger.performanceTimingGate(GroupSave.PERFORMANCE_LOG_LABEL, "changeLog");
6699
6700 }
6701
6702
6703
6704
6705
6706 public boolean onSave(Session hs) throws CallbackException {
6707 GrouperDAOFactory.getFactory().getGroup().putInExistsCache( this.getUuid(), true );
6708 return Lifecycle.NO_VETO;
6709 }
6710
6711
6712
6713
6714 @Override
6715 public boolean onUpdate(Session s) throws CallbackException {
6716 GroupFinder.groupCacheRemove(this);
6717 return super.onUpdate(s);
6718 }
6719
6720
6721
6722
6723
6724
6725 public void setAttributes(Map<String, String> attributes) {
6726
6727 attributes = GrouperUtil.nonNull(attributes);
6728
6729
6730 Set<String> existingAttributeNames =
6731 new HashSet<String>(this.getAttributesMap(false).keySet());
6732
6733
6734 for (String key : attributes.keySet()) {
6735 this.setAttribute(key, attributes.get(key));
6736 existingAttributeNames.remove(key);
6737 }
6738
6739
6740 for (String key : existingAttributeNames) {
6741 this.deleteAttribute(key);
6742 }
6743 }
6744
6745
6746
6747
6748
6749 public void setCreateTimeLong(long createTime) {
6750 this.createTime = createTime;
6751
6752 }
6753
6754
6755
6756
6757
6758 public void setCreatorUuid(String creatorUUID) {
6759 this.creatorUUID = creatorUUID;
6760
6761 }
6762
6763
6764
6765
6766
6767 public void setModifierUuid(String modifierUUID) {
6768 this.modifierUUID = modifierUUID;
6769
6770 }
6771
6772
6773
6774
6775
6776 public void setModifyTimeLong(long modifyTime) {
6777 this.modifyTime = modifyTime;
6778
6779 }
6780
6781
6782
6783
6784
6785 public void setParentUuid(String parentUUID) {
6786 this.parentUuid = parentUUID;
6787
6788 }
6789
6790
6791
6792
6793
6794 public void setTypes(Set<GroupType> types) {
6795 Map<String, AttributeDefName> results = new LinkedHashMap<String, AttributeDefName>();
6796
6797 if (types != null) {
6798 for (GroupType groupType : types) {
6799 results.put(groupType.getName(), groupType.getAttributeDefName());
6800 }
6801 }
6802
6803 this.types = new LinkedHashMap<String, AttributeDefName>(results);
6804 this.typeAssignments = null;
6805 }
6806
6807
6808
6809
6810 public Map<String, AttributeAssign> internal_getGroupTypeAssignments() {
6811 if (this.typeAssignments == null) {
6812 this.types = null;
6813 this.getTypesDb();
6814 }
6815
6816 return this.typeAssignments;
6817 }
6818
6819
6820
6821
6822
6823 public void setUuid(String uuid) {
6824 this.uuid = uuid;
6825
6826 }
6827
6828
6829
6830
6831
6832 public String toStringDb() {
6833 return new ToStringBuilder(this)
6834 .append( "attributes", this.getAttributesDb() )
6835 .append( "createTime", this.getCreateTimeLong() )
6836 .append( "creatorUuid", this.getCreatorUuid() )
6837 .append( "modifierUuid", this.getModifierUuid() )
6838 .append( "modifyTime", this.getModifyTime() )
6839 .append( "uuid", this.getUuid() )
6840 .append( "parentUuid", this.getParentUuid() )
6841 .append( "types", this.getTypesDb() )
6842 .toString();
6843 }
6844
6845
6846
6847
6848 @Override
6849 public void onPreDelete(HibernateSession hibernateSession) {
6850 super.onPreDelete(hibernateSession);
6851
6852
6853
6854 GrouperHooksUtils.callHooksIfRegistered(this, GrouperHookType.GROUP,
6855 GroupHooks.METHOD_GROUP_PRE_DELETE, HooksGroupBean.class,
6856 this, Group.class, VetoTypeGrouper.GROUP_PRE_DELETE, false, false);
6857
6858 if (this.getTypeOfGroup() == TypeOfGroup.entity) {
6859
6860
6861 new ChangeLogEntry(true, ChangeLogTypeBuiltin.ENTITY_DELETE,
6862 ChangeLogLabels.ENTITY_DELETE.id.name(),
6863 this.getUuid(), ChangeLogLabels.ENTITY_DELETE.name.name(),
6864 this.getName(), ChangeLogLabels.ENTITY_DELETE.parentStemId.name(), this.getParentUuid(),
6865 ChangeLogLabels.ENTITY_DELETE.displayName.name(), this.getDisplayName(),
6866 ChangeLogLabels.ENTITY_DELETE.description.name(), this.getDescription()).save();
6867
6868 } else {
6869
6870
6871 new ChangeLogEntry(true, ChangeLogTypeBuiltin.GROUP_DELETE,
6872 ChangeLogLabels.GROUP_DELETE.id.name(),
6873 this.getUuid(), ChangeLogLabels.GROUP_DELETE.name.name(),
6874 this.getName(), ChangeLogLabels.GROUP_DELETE.parentStemId.name(), this.getParentUuid(),
6875 ChangeLogLabels.GROUP_DELETE.displayName.name(), this.getDisplayName(),
6876 ChangeLogLabels.GROUP_DELETE.description.name(), this.getDescription(),
6877 ChangeLogLabels.GROUP_DELETE.idIndex.name(), "" + this.getIdIndex()).save();
6878
6879 }
6880 }
6881
6882
6883
6884
6885
6886
6887 public Object fieldValue(String fieldName) {
6888
6889 return super.fieldValue(fieldName);
6890 }
6891
6892
6893
6894
6895 @Override
6896 public void onPreUpdate(HibernateSession hibernateSession) {
6897
6898 super.onPreUpdate(hibernateSession);
6899
6900
6901 if (this.dbVersionDifferentFields().contains(FIELD_TYPE_OF_GROUP)
6902 && this.dbVersion != null && (this.typeOfGroup == TypeOfGroup.entity || ((Group)this.dbVersion).getTypeOfGroup() == TypeOfGroup.entity)) {
6903 throw new RuntimeException("Cannot change typeOfGroup, you need to delete and create the object");
6904 }
6905
6906
6907
6908 if (this.dbVersionDifferentFields().contains(FIELD_NAME)) {
6909 Group check = GrouperDAOFactory.getFactory().getGroup().findByName(this.getNameDb(), false);
6910 if (check != null &&
6911 (!check.getUuid().equals(this.getUuid()) ||
6912 (this.getAlternateNameDb() != null &&
6913 this.getAlternateNameDb().equals(this.getNameDb())))) {
6914 throw new GroupModifyAlreadyExistsException("Group with name " + this.getNameDb() + " already exists.");
6915 }
6916 }
6917
6918
6919
6920
6921
6922 if (this.dbVersionDifferentFields().contains(FIELD_ALTERNATE_NAME_DB) &&
6923 this.getAlternateNameDb() != null) {
6924
6925 String oldName = this.dbVersion().getNameDb();
6926 if (!this.dbVersionDifferentFields().contains(FIELD_NAME) ||
6927 (this.dbVersionDifferentFields().contains(FIELD_NAME) &&
6928 !oldName.equals(this.getAlternateNameDb()))) {
6929 Group check = GrouperDAOFactory.getFactory().getGroup().findByName(this.getAlternateNameDb(), false);
6930 if (check != null) {
6931 throw new GroupModifyAlreadyExistsException("Group with name " + this.getAlternateNameDb() + " already exists.");
6932 }
6933 }
6934 }
6935
6936 this.internal_setModifiedIfNeeded();
6937
6938 boolean enabling = Group.this.dbVersion() != null && Group.this.isEnabled() && !Group.this.dbVersion().isEnabled();
6939 boolean disabling = Group.this.dbVersion() != null && !Group.this.isEnabled() && Group.this.dbVersion().isEnabled();
6940
6941 if (enabling) {
6942 GrouperHooksUtils.callHooksIfRegistered(this, GrouperHookType.GROUP,
6943 GroupHooks.METHOD_GROUP_PRE_INSERT, HooksGroupBean.class,
6944 this, Group.class, VetoTypeGrouper.GROUP_PRE_INSERT, false, false);
6945 } else if (disabling) {
6946 GrouperHooksUtils.callHooksIfRegistered(this, GrouperHookType.GROUP,
6947 GroupHooks.METHOD_GROUP_PRE_DELETE, HooksGroupBean.class,
6948 this, Group.class, VetoTypeGrouper.GROUP_PRE_DELETE, false, false);
6949 } else {
6950 GrouperHooksUtils.callHooksIfRegistered(this, GrouperHookType.GROUP,
6951 GroupHooks.METHOD_GROUP_PRE_UPDATE, HooksGroupBean.class,
6952 this, Group.class, VetoTypeGrouper.GROUP_PRE_UPDATE, false, false);
6953 }
6954 }
6955
6956
6957
6958
6959 public int compareTo(Object that) {
6960 if (that==null) {
6961 return 1;
6962 }
6963 if (!(that instanceof GrouperObject)) {
6964 return 1;
6965 }
6966 String thisName = StringUtils.defaultString(this.getName());
6967 String thatName = StringUtils.defaultString(((GrouperObject)that).getName());
6968 return thisName.compareTo(thatName);
6969 }
6970
6971
6972
6973
6974
6975
6976
6977 public void manageIncludesExcludesRequiredGroups(GrouperSession grouperSession, boolean isIncludeExcludes) {
6978 this.manageIncludesExcludesRequiredGroups(grouperSession, isIncludeExcludes, new LinkedHashSet<Group>());
6979 }
6980
6981
6982
6983
6984
6985
6986
6987
6988 public void manageIncludesExcludesRequiredGroups(GrouperSession grouperSession, boolean isIncludeExcludes, Group andGroup) {
6989
6990 this.manageIncludesExcludesRequiredGroups(grouperSession, isIncludeExcludes,
6991 andGroup == null ? new HashSet<Group>() : GrouperUtil.toSet(andGroup));
6992 }
6993
6994
6995
6996
6997
6998
6999
7000
7001 public void manageIncludesExcludesRequiredGroups(GrouperSession grouperSession, boolean isIncludeExcludes, Set<Group> andGroups) {
7002
7003 GroupTypeTupleIncludeExcludeHook.manageIncludesExcludesAndGroups(this, isIncludeExcludes, andGroups,
7004 "from manageIncludesExclude() method in Group class: " + this.getExtension());
7005 }
7006
7007
7008
7009
7010
7011
7012
7013
7014
7015 public String getDisplayNameDb()
7016 throws GrouperException
7017 {
7018 return this.displayName;
7019 }
7020
7021
7022
7023
7024
7025
7026 public String getNameDb() {
7027 return this.name;
7028 }
7029
7030
7031
7032
7033
7034 public void setDisplayNameDb(String value) {
7035 this.displayName = value;
7036 }
7037
7038
7039
7040
7041
7042 public void setNameDb(String value) {
7043 this.name = value;
7044 }
7045
7046
7047
7048
7049
7050
7051
7052
7053 public void move(Stem stem) throws GroupModifyException,
7054 InsufficientPrivilegeException {
7055
7056 new GroupMove(this, stem).save();
7057 }
7058
7059
7060
7061
7062
7063
7064 protected void internal_move(final Stem stem, final boolean assignAlternateName) {
7065
7066 HibernateSession.callbackHibernateSession(
7067 GrouperTransactionType.READ_WRITE_OR_USE_EXISTING, AuditControl.WILL_AUDIT,
7068 new HibernateHandler() {
7069
7070 public Object callback(HibernateHandlerBean hibernateHandlerBean)
7071 throws GrouperDAOException {
7072
7073 hibernateHandlerBean.getHibernateSession().setCachingEnabled(false);
7074
7075 GrouperSession.validate(GrouperSession.staticGrouperSession());
7076
7077
7078 if (stem.isRootStem()) {
7079 throw new GroupModifyException("Cannot move group to the root stem.");
7080 }
7081
7082
7083 if (!PrivilegeHelper.canAdmin(GrouperSession.staticGrouperSession(), Group.this,
7084 GrouperSession.staticGrouperSession().getSubject())) {
7085 throw new InsufficientPrivilegeException(E.CANNOT_ADMIN);
7086 }
7087
7088
7089 if (!PrivilegeHelper.canCreate(GrouperSession.staticGrouperSession(), stem,
7090 GrouperSession.staticGrouperSession().getSubject())) {
7091 throw new InsufficientPrivilegeException(E.CANNOT_CREATE);
7092 }
7093
7094
7095 if (stem.getUuid().equals(Group.this.getParentUuid())) {
7096 return null;
7097 }
7098
7099 String oldName = Group.this.dbVersion().getNameDb();
7100
7101 Group.this.setParentUuid(stem.getUuid());
7102 Group.this.setNameDb(stem.getName() + Stem.DELIM + Group.this.getExtension());
7103 Group.this.setDisplayNameDb(stem.getDisplayName() + Stem.DELIM
7104 + Group.this.getDisplayExtension());
7105
7106 if (assignAlternateName) {
7107 Group.this.internal_addAlternateName(oldName, false);
7108 }
7109
7110 GrouperDAOFactory.getFactory().getGroup().update(Group.this);
7111
7112
7113 if (!hibernateHandlerBean.isCallerWillCreateAudit()) {
7114
7115 AuditEntryit/AuditEntry.html#AuditEntry">AuditEntry auditEntry = new AuditEntry(AuditTypeBuiltin.GROUP_MOVE,
7116 "groupId", Group.this.getUuid(), "oldGroupName",
7117 oldName, "newGroupName", Group.this.getName(), "newStemId",
7118 stem.getUuid(),
7119 "assignAlternateName", assignAlternateName ? "T" : "F");
7120 auditEntry.setDescription("Move group " + oldName + " to name: " + Group.this.getName()
7121 + ", assignAlternateName? " + (assignAlternateName ? "T" : "F"));
7122 auditEntry.saveOrUpdate(true);
7123 }
7124
7125
7126 return null;
7127 }
7128 });
7129 }
7130
7131
7132
7133
7134
7135
7136
7137
7138
7139
7140
7141
7142
7143
7144
7145
7146
7147
7148 protected Group internal_copy(final Stem stem, final boolean privilegesOfGroup,
7149 final boolean groupAsPrivilege, final boolean listMembersOfGroup,
7150 final boolean listGroupAsMember, final boolean attributes, final boolean composite,
7151 final boolean addDefaultGroupPrivileges, final boolean checkSecurity,
7152 final String extension, final String displayExtension)
7153 throws GroupAddException, InsufficientPrivilegeException {
7154
7155 return (Group)HibernateSession.callbackHibernateSession(
7156 GrouperTransactionType.READ_WRITE_OR_USE_EXISTING, AuditControl.WILL_AUDIT,
7157 new HibernateHandler() {
7158
7159 public Object callback(HibernateHandlerBean hibernateHandlerBean)
7160 throws GrouperDAOException {
7161
7162 hibernateHandlerBean.getHibernateSession().setCachingEnabled(false);
7163
7164 if (checkSecurity) {
7165
7166 if (!PrivilegeHelper.canRead(GrouperSession.staticGrouperSession(), Group.this,
7167 GrouperSession.staticGrouperSession().getSubject())) {
7168 throw new InsufficientPrivilegeException(E.CANNOT_READ);
7169 }
7170
7171
7172 for (AttributeAssign assign : Group.this.internal_getGroupTypeAssignments().values()) {
7173 if (!PrivilegeHelper.canViewAttributeAssign(GrouperSession.staticGrouperSession(), assign, true)) {
7174 throw new InsufficientPrivilegeException("Unable to read attribute assignment: " + assign.getId());
7175 }
7176 }
7177 }
7178
7179 GrouperSession actAs = null;
7180 if (addDefaultGroupPrivileges == true) {
7181 actAs = GrouperSession.staticGrouperSession();
7182 } else {
7183 actAs = GrouperSession.staticGrouperSession().internal_getRootSession();
7184 }
7185
7186 Map<String, String> attributesMap = new HashMap<String, String>();
7187 if (attributes == true) {
7188 Map filtered = new HashMap();
7189 Map.Entry<String, Attribute> kv;
7190 Iterator<Map.Entry<String, Attribute>> it = Group.this.getAttributesMap(false).entrySet().iterator();
7191 while (it.hasNext()) {
7192 kv = it.next();
7193
7194 if (checkSecurity) {
7195
7196 AttributeAssignFinder.findById(kv.getValue().getId(), true);
7197 }
7198
7199 filtered.put((String)kv.getKey(), (String) kv.getValue().getValue());
7200 }
7201 attributesMap = filtered;
7202 }
7203
7204 Group newGroup = null;
7205 String theExtension = extension == null ? Group.this.getExtension() : extension;
7206 String theDisplayExtension = displayExtension == null ? Group.this.getDisplayExtensionDb() : displayExtension;
7207
7208 try {
7209 newGroup = stem.internal_addChildGroup(theExtension,
7210 theDisplayExtension, null, Group.this
7211 .description, Group.this.getTypesDb(), attributesMap,
7212 addDefaultGroupPrivileges, Group.this.typeOfGroup, checkSecurity);
7213 } catch (GroupAddException e) {
7214 Group test = GroupFinder.findByName(GrouperSession
7215 .staticGrouperSession().internal_getRootSession(), stem.getName()
7216 + Stem.DELIM + theExtension, false);
7217 if (test == null) {
7218 throw e;
7219 }
7220
7221
7222 String newGroupExtension = theExtension + "_2";
7223 int extensionCount = 2;
7224 boolean notFound = false;
7225 while (notFound == false) {
7226 Group foundGroup = GroupFinder.findByName(GrouperSession
7227 .staticGrouperSession().internal_getRootSession(), stem.getName()
7228 + Stem.DELIM + newGroupExtension, false);
7229 if (foundGroup != null) {
7230 extensionCount++;
7231 newGroupExtension = theExtension + "_"
7232 + extensionCount;
7233 } else {
7234 notFound = true;
7235 }
7236 }
7237
7238 newGroup = stem.internal_addChildGroup(newGroupExtension,
7239 theDisplayExtension, null, Group.this
7240 .description, Group.this.getTypesDb(), attributesMap,
7241 addDefaultGroupPrivileges, Group.this.typeOfGroup, checkSecurity);
7242 }
7243
7244 if (composite) {
7245 Composite oldComposite = GrouperDAOFactory.getFactory()
7246 .getComposite().findAsOwner(Group.this, false);
7247 if (oldComposite != null) {
7248 String leftFactorUuid = oldComposite.getLeftFactorUuid();
7249 String rightFactorUuid = oldComposite.getRightFactorUuid();
7250
7251 Group leftFactorGroup = GroupFinder
7252 .findByUuid(GrouperSession.staticGrouperSession()
7253 .internal_getRootSession(), leftFactorUuid, true);
7254 Group rightFactorGroup = GroupFinder.findByUuid(GrouperSession
7255 .staticGrouperSession().internal_getRootSession(),
7256 rightFactorUuid, true);
7257
7258 newGroup.internal_addCompositeMember(actAs, oldComposite.getType(),
7259 leftFactorGroup, rightFactorGroup, null);
7260 }
7261 }
7262
7263 if (privilegesOfGroup == true) {
7264 newGroup.internal_copyPrivilegesOfGroup(actAs, Group.this);
7265 }
7266
7267 if (groupAsPrivilege == true) {
7268 newGroup.internal_copyGroupAsPrivilege(GrouperSession.staticGrouperSession(), Group.this);
7269 }
7270
7271 if (listMembersOfGroup == true) {
7272 newGroup.internal_copyListMembersOfGroup(actAs, Group.this);
7273 }
7274
7275 if (listGroupAsMember == true) {
7276 newGroup.internal_copyGroupAsMember(GrouperSession.staticGrouperSession(), Group.this);
7277 }
7278
7279 final Group NEW_GROUP = newGroup;
7280
7281 GrouperSession.callbackGrouperSession(GrouperSession.staticGrouperSession().internal_getRootSession(), new GrouperSessionHandler() {
7282
7283
7284
7285
7286 public Object callback(GrouperSession rootSession) throws GrouperSessionException {
7287
7288
7289 if (TypeOfGroup.entity == NEW_GROUP.getTypeOfGroup()) {
7290 String oldPrefix = GrouperUtil.parentStemNameFromName(Group.this.getName()) + ":";
7291 String newPrefix = GrouperUtil.parentStemNameFromName(NEW_GROUP.getName()) + ":";
7292
7293 if (!oldPrefix.equals(newPrefix)) {
7294 String subjectIdentifier = Group.this.getAttributeValueDelegate().retrieveValueString(EntityUtils.entitySubjectIdentifierName());
7295 if (subjectIdentifier != null && subjectIdentifier.startsWith(oldPrefix)) {
7296 subjectIdentifier = newPrefix + subjectIdentifier.substring(oldPrefix.length());
7297 NEW_GROUP.getAttributeValueDelegate().assignValue(EntityUtils.entitySubjectIdentifierName(), subjectIdentifier);
7298 }
7299 }
7300 }
7301
7302 return null;
7303 }
7304 });
7305
7306
7307 if (!hibernateHandlerBean.isCallerWillCreateAudit()) {
7308
7309 AuditEntryit/AuditEntry.html#AuditEntry">AuditEntry auditEntry = new AuditEntry(AuditTypeBuiltin.GROUP_COPY,
7310 "oldGroupId", Group.this.getUuid(), "oldGroupName",
7311 Group.this.getName(), "newGroupId", newGroup.getUuid(), "newGroupName",
7312 newGroup.getName(),
7313 "privilegesOfGroup", privilegesOfGroup ? "T" : "F", "groupAsPrivilege",
7314 groupAsPrivilege ? "T" : "F", "listMembersOfGroup",
7315 listMembersOfGroup ? "T" : "F", "listGroupAsMember",
7316 listGroupAsMember ? "T" : "F");
7317 auditEntry.setInt01(attributes ? 1L : 0L);
7318 auditEntry.setDescription("Copy group " + Group.this.getName() + " to name: " + newGroup.getName()
7319 + ", privilegesOfGroup? " + (privilegesOfGroup ? "T" : "F")
7320 + ", groupAsPrivilege? " + (groupAsPrivilege ? "T" : "F")
7321 + ", listMembersOfGroup? " + (listMembersOfGroup ? "T" : "F")
7322 + ", listGroupAsMember? " + (listGroupAsMember ? "T" : "F")
7323 + ", attributes? " + (attributes ? "T" : "F"));
7324 auditEntry.saveOrUpdate(true);
7325 }
7326
7327 return newGroup;
7328 }
7329 });
7330 }
7331
7332
7333
7334
7335
7336
7337
7338
7339
7340
7341 private void internal_copyGroupAsMember(GrouperSession session, Group group)
7342 throws SchemaException, MemberAddException, GrouperException,
7343 InsufficientPrivilegeException {
7344
7345 Set<Membership> memberships = GrouperDAOFactory.getFactory().getMembership()
7346 .findAllImmediateByMemberAndFieldType(group.toMember().getUuid(),
7347 FieldType.LIST.toString(), false);
7348
7349 if (memberships.size() == 0) {
7350 return;
7351 }
7352
7353 Member member = MemberFinder.findBySubject(session, this.toSubject(), true);
7354
7355 Iterator<Membership> membershipsIter = memberships.iterator();
7356 while (membershipsIter.hasNext()) {
7357 Membership existingMembership = membershipsIter.next();
7358 Field f = FieldFinder.findById(existingMembership.getFieldId(), true);
7359 Group g = existingMembership.getOwnerGroup();
7360 PrivilegeHelper.dispatch(session, g, session.getSubject(), f.getWritePriv());
7361 Membership copiedMembership = existingMembership.clone();
7362 copiedMembership.setMemberUuid(member.getUuid());
7363 copiedMembership.setMember(member);
7364 copiedMembership.setCreatorUuid(session.getMemberUuid());
7365 copiedMembership.setCreateTimeLong(new Date().getTime());
7366 copiedMembership.setImmediateMembershipId(GrouperUuid.getUuid());
7367 copiedMembership.setHibernateVersionNumber(-1L);
7368 GrouperDAOFactory.getFactory().getMembership().save(copiedMembership);
7369 }
7370 }
7371
7372
7373
7374
7375
7376
7377
7378
7379
7380 private void internal_copyListMembersOfGroup(GrouperSession session, Group group)
7381 throws SchemaException, MemberAddException, InsufficientPrivilegeException {
7382 Set<Field> fields = FieldFinder.findAllByType(FieldType.LIST);
7383 Iterator<Field> iter = fields.iterator();
7384 while (iter.hasNext()) {
7385 Field f = iter.next();
7386
7387 if (f.getUuid().equals(Group.getDefaultList().getUuid()) || group.hasType(f.getGroupType(true))) {
7388 PrivilegeHelper.dispatch(session, group, session.getSubject(), f.getReadPriv());
7389 Iterator<Membership> membershipsIter = GrouperDAOFactory.getFactory().getMembership()
7390 .findAllByGroupOwnerAndFieldAndType(group.getUuid(), f,
7391 MembershipType.IMMEDIATE.getTypeString(), false).iterator();
7392
7393 while (membershipsIter.hasNext()) {
7394 Membership existingMembership = membershipsIter.next();
7395 Membership copiedMembership = existingMembership.clone();
7396 copiedMembership.setOwnerGroupId(this.getUuid());
7397 copiedMembership.setCreatorUuid(session.getMemberUuid());
7398 copiedMembership.setCreateTimeLong(new Date().getTime());
7399 copiedMembership.setImmediateMembershipId(GrouperUuid.getUuid());
7400 copiedMembership.setHibernateVersionNumber(-1L);
7401 GrouperDAOFactory.getFactory().getMembership().save(copiedMembership);
7402 }
7403 }
7404 }
7405 }
7406
7407
7408
7409
7410
7411
7412
7413 private void internal_copyGroupAsPrivilege(GrouperSession session, Group group)
7414 throws UnableToPerformException {
7415 Set<Privilege> privileges = Privilege.getAccessPrivs();
7416
7417 Iterator<Privilege> iter = privileges.iterator();
7418 while (iter.hasNext()) {
7419 Privilege priv = iter.next();
7420 session.getAccessResolver().privilegeCopy(group.toSubject(), this.toSubject(), priv);
7421 }
7422
7423 privileges = Privilege.getNamingPrivs();
7424 iter = privileges.iterator();
7425 while (iter.hasNext()) {
7426 Privilege priv = iter.next();
7427 session.getNamingResolver().privilegeCopy(group.toSubject(), this.toSubject(), priv);
7428 }
7429 }
7430
7431
7432
7433
7434
7435
7436
7437 private void internal_copyPrivilegesOfGroup(GrouperSession session, Group group)
7438 throws UnableToPerformException {
7439 Set<Privilege> privileges = Privilege.getAccessPrivs();
7440
7441 Iterator<Privilege> iter = privileges.iterator();
7442 while (iter.hasNext()) {
7443 Privilege priv = iter.next();
7444 session.getAccessResolver().privilegeCopy(group, this, priv);
7445 }
7446 }
7447
7448
7449
7450
7451
7452
7453
7454
7455
7456 public Group copy(Stem stem) throws GroupAddException, InsufficientPrivilegeException {
7457 GroupCopyroupCopy.html#GroupCopy">GroupCopy groupCopy = new GroupCopy(this, stem);
7458 return groupCopy.save();
7459 }
7460
7461
7462
7463
7464
7465 public TypeOfGroup getTypeOfGroup() {
7466 return this.typeOfGroup;
7467 }
7468
7469
7470
7471
7472
7473 public void setTypeOfGroup(TypeOfGroup typeOfGroup1) {
7474 this.typeOfGroup = typeOfGroup1;
7475 }
7476
7477
7478
7479
7480
7481 public String getTypeOfGroupDb() {
7482 return this.typeOfGroup == null ? TypeOfGroup.group.name() : this.typeOfGroup.name();
7483 }
7484
7485
7486
7487
7488
7489 public void setTypeOfGroupDb(String typeOfGroup1) {
7490 this.typeOfGroup = TypeOfGroup.valueOfIgnoreCase(typeOfGroup1, false);
7491 }
7492
7493
7494
7495
7496 public String __getId() {
7497 return this.getUuid();
7498 }
7499
7500
7501
7502
7503 public String __getName() {
7504 return this.getName();
7505 }
7506
7507
7508
7509
7510 public String getId() {
7511 return this.getUuid();
7512 }
7513
7514
7515
7516
7517
7518 public Long getIdIndex() {
7519 return this.idIndex;
7520 }
7521
7522
7523
7524
7525
7526 public void setIdIndex(Long idIndex1) {
7527 this.idIndex = idIndex1;
7528 }
7529
7530
7531
7532
7533 public String getStemId() {
7534 return this.getParentUuid();
7535 }
7536
7537
7538
7539
7540 public void setId(String id1) {
7541 this.setUuid(id1);
7542 }
7543
7544
7545
7546
7547 public void setStemId(String stemId1) {
7548 this.setParentUuid(stemId1);
7549 }
7550
7551
7552
7553
7554 @GrouperIgnoreClone @GrouperIgnoreDbVersion @GrouperIgnoreFieldConstant
7555 private RoleInheritanceDelegate roleInheritanceDelegate = null;
7556
7557
7558
7559
7560
7561 public RoleInheritanceDelegate getRoleInheritanceDelegate() {
7562 if (this.roleInheritanceDelegate == null) {
7563 this.roleInheritanceDelegate = new RoleInheritanceDelegate(this);
7564 }
7565 return this.roleInheritanceDelegate;
7566 }
7567
7568
7569
7570
7571 @GrouperIgnoreClone @GrouperIgnoreDbVersion @GrouperIgnoreFieldConstant
7572 private PermissionRoleDelegate permissionRoleDelegate = null;
7573
7574
7575
7576
7577 public PermissionRoleDelegate getPermissionRoleDelegate() {
7578 if (this.permissionRoleDelegate == null) {
7579 this.permissionRoleDelegate = new PermissionRoleDelegate(this);
7580 }
7581 return this.permissionRoleDelegate;
7582 }
7583
7584
7585
7586
7587
7588
7589
7590
7591
7592
7593
7594
7595
7596
7597
7598
7599 public Set<Membership> getNonImmediateMemberships(Field f, Collection<Member> members)
7600 throws SchemaException {
7601 return getNonImmediateMemberships(f, members, true);
7602 }
7603
7604
7605
7606
7607
7608
7609
7610
7611
7612
7613
7614
7615
7616
7617
7618
7619
7620 public Set<Membership> getNonImmediateMemberships(Field f, Collection<Member> members, boolean enabledOnly)
7621 throws SchemaException {
7622 return PrivilegeHelper.canViewMemberships(
7623 GrouperSession.staticGrouperSession(), GrouperDAOFactory.getFactory().getMembership()
7624 .findAllByGroupOwnerAndFieldAndMembersAndType(this.getUuid(), f, members,
7625 MembershipType.NONIMMEDIATE.getTypeString(), enabledOnly)
7626 );
7627 }
7628
7629
7630
7631
7632
7633
7634
7635
7636
7637
7638
7639
7640
7641
7642
7643
7644
7645 public Set<Member> getNonImmediateMembers()
7646 throws GrouperException
7647 {
7648 try {
7649 return this.getNonImmediateMembers(getDefaultList());
7650 }
7651 catch (SchemaException eS) {
7652
7653 String msg = E.GROUP_NODEFAULTLIST + eS.getMessage();
7654 LOG.fatal(msg);
7655 throw new GrouperException(msg, eS);
7656 }
7657 }
7658
7659
7660
7661
7662
7663
7664
7665
7666
7667
7668
7669
7670
7671
7672
7673
7674
7675
7676 public Set<Member> getNonImmediateMembers(Field f)
7677 throws SchemaException {
7678 return getNonImmediateMembers(f, null);
7679 }
7680
7681
7682
7683
7684
7685
7686
7687
7688
7689
7690
7691
7692
7693
7694
7695
7696
7697
7698
7699 public Set<Member> getNonImmediateMembers(Field f, QueryOptions queryOptions)
7700 throws SchemaException {
7701 return getNonImmediateMembers(f, null, queryOptions);
7702 }
7703
7704
7705
7706
7707
7708
7709
7710
7711
7712
7713
7714
7715
7716
7717
7718
7719
7720
7721
7722
7723 public Set<Member> getNonImmediateMembers(Field f, Set<Source> sources, QueryOptions queryOptions)
7724 throws SchemaException {
7725 return MemberFinder.internal_findMembersByType(
7726 GrouperSession.staticGrouperSession(), this, f, MembershipType.NONIMMEDIATE.getTypeString(), sources, queryOptions,
7727 null, null, null
7728 );
7729 }
7730
7731
7732
7733
7734
7735
7736
7737
7738
7739
7740
7741
7742
7743
7744
7745
7746
7747
7748
7749
7750
7751 public Set<Membership> getNonImmediateMemberships()
7752 throws GrouperException
7753 {
7754 try {
7755 return this.getNonImmediateMemberships(getDefaultList());
7756 }
7757 catch (SchemaException eS) {
7758
7759 String msg = E.GROUP_NODEFAULTLIST + eS.getMessage();
7760 LOG.fatal(msg);
7761 throw new GrouperException(msg, eS);
7762 }
7763 }
7764
7765
7766
7767
7768
7769
7770
7771
7772
7773
7774
7775
7776
7777
7778
7779
7780
7781
7782
7783
7784 public Set<Membership> getNonImmediateMemberships(Field f)
7785 throws SchemaException
7786 {
7787 GrouperSession.validate(GrouperSession.staticGrouperSession());
7788 return MembershipFinder.internal_findAllByGroupOwnerAndFieldAndType(
7789 GrouperSession.staticGrouperSession(), this, f, MembershipType.NONIMMEDIATE.getTypeString()
7790 );
7791 }
7792
7793
7794
7795
7796
7797
7798
7799
7800
7801
7802
7803
7804
7805
7806
7807
7808
7809
7810
7811
7812
7813
7814
7815 public boolean hasNonImmediateMember(Subject subj)
7816 throws GrouperException
7817 {
7818 try {
7819 return this.hasNonImmediateMember(subj, getDefaultList());
7820 }
7821 catch (SchemaException eS) {
7822
7823 String msg = E.GROUP_NODEFAULTLIST + eS.getMessage();
7824 LOG.fatal(msg);
7825 throw new GrouperException(msg, eS);
7826 }
7827 }
7828
7829
7830
7831
7832
7833
7834
7835
7836
7837
7838
7839
7840
7841
7842
7843
7844
7845
7846
7847
7848
7849
7850
7851
7852 public boolean hasNonImmediateMember(Subject subj, Field f)
7853 throws SchemaException
7854 {
7855 boolean rv = false;
7856 Member m = MemberFinder.findBySubject(GrouperSession.staticGrouperSession(), subj, true);
7857 rv = m.isNonImmediateMember(this, f);
7858 return rv;
7859 }
7860
7861
7862
7863
7864
7865
7866
7867
7868
7869
7870
7871
7872
7873
7874
7875
7876
7877
7878 public Set<Member> getCompositeMembers(Field field, Set<Source> sources, QueryOptions queryOptions) {
7879
7880 return MemberFinder.internal_findMembersByType(
7881 GrouperSession.staticGrouperSession(), this, field,
7882 MembershipType.COMPOSITE.getTypeString(), sources, queryOptions, null, null, null
7883 );
7884 }
7885
7886
7887
7888
7889 public void xmlCopyBusinessPropertiesToExisting(Group existingRecord) {
7890 existingRecord.setAlternateNameDb(this.alternateNameDb);
7891 existingRecord.setDescriptionDb(this.getDescriptionDb());
7892 existingRecord.setDisplayExtensionDb(this.getDisplayExtensionDb());
7893 existingRecord.setDisplayNameDb(this.getDisplayNameDb());
7894 existingRecord.setExtensionDb(this.getExtensionDb());
7895 existingRecord.setNameDb(this.getNameDb());
7896 existingRecord.setParentUuid(this.getParentUuid());
7897 existingRecord.setTypeOfGroup(this.typeOfGroup);
7898 existingRecord.setUuid(this.getUuid());
7899 existingRecord.setDisabledTimeDb(this.getDisabledTimeDb());
7900 existingRecord.setEnabledDb(this.getEnabledDb());
7901 existingRecord.setEnabledTimeDb(this.getEnabledTimeDb());
7902 }
7903
7904
7905
7906
7907 public boolean xmlDifferentBusinessProperties(Group other) {
7908 if (!GrouperUtil.equals(this.disabledTimeDb, other.disabledTimeDb)) {
7909 return true;
7910 }
7911 if (!GrouperUtil.equals(this.enabledTimeDb, other.enabledTimeDb)) {
7912 return true;
7913 }
7914 if (this.enabled != other.enabled) {
7915 return true;
7916 }
7917 if (!StringUtils.equals(this.alternateNameDb, other.alternateNameDb)) {
7918 return true;
7919 }
7920 if (!StringUtils.equals(StringUtils.trimToNull(this.description), StringUtils.trimToNull(other.description))) {
7921 return true;
7922 }
7923 if (!StringUtils.equals(this.displayExtension, other.displayExtension)) {
7924 return true;
7925 }
7926 if (!StringUtils.equals(this.displayName, other.displayName)) {
7927 return true;
7928 }
7929 if (!StringUtils.equals(this.extension, other.extension)) {
7930 return true;
7931 }
7932 if (!StringUtils.equals(this.name, other.name)) {
7933 return true;
7934 }
7935 if (!StringUtils.equals(this.parentUuid, other.parentUuid)) {
7936 return true;
7937 }
7938 if (!GrouperUtil.equals(this.typeOfGroup, other.typeOfGroup)) {
7939 return true;
7940 }
7941 if (!StringUtils.equals(this.uuid, other.uuid)) {
7942 return true;
7943 }
7944
7945 return false;
7946 }
7947
7948
7949
7950
7951 public boolean xmlDifferentUpdateProperties(Group other) {
7952 if (!StringUtils.equals(this.contextId, other.contextId)) {
7953 return true;
7954 }
7955 if (this.createTime != other.createTime) {
7956 return true;
7957 }
7958 if (!StringUtils.equals(this.creatorUUID, other.creatorUUID)) {
7959 return true;
7960 }
7961 if (!GrouperUtil.equals(this.getHibernateVersionNumber(), other.getHibernateVersionNumber())) {
7962 return true;
7963 }
7964
7965
7966
7967
7968 if (!StringUtils.equals(this.modifierUUID, other.modifierUUID)) {
7969 return true;
7970 }
7971 if (this.modifyTime != other.modifyTime) {
7972 return true;
7973 }
7974 return false;
7975 }
7976
7977
7978
7979
7980 public Group xmlRetrieveByIdOrKey() {
7981 return GrouperDAOFactory.getFactory().getGroup().findByUuidOrName(this.uuid, this.name, false,
7982 new QueryOptions().secondLevelCache(false));
7983 }
7984
7985
7986
7987
7988
7989
7990 public boolean assignIdIndex(final long theIdIndex) {
7991
7992 TableIndex.assertCanAssignIdIndex();
7993
7994 boolean needsSave = false;
7995
7996 synchronized (TableIndexType.group) {
7997
7998
7999 Group tempGroup = GrouperDAOFactory.getFactory().getGroup().findByIdIndex(theIdIndex, false);
8000 if (tempGroup == null) {
8001
8002 this.setIdIndex(theIdIndex);
8003 TableIndex.clearReservedId(TableIndexType.group, theIdIndex);
8004 needsSave = true;
8005
8006
8007 HibernateSession.callbackHibernateSession(GrouperTransactionType.READ_WRITE_NEW, AuditControl.WILL_NOT_AUDIT, new HibernateHandler() {
8008
8009 @Override
8010 public Object callback(HibernateHandlerBean hibernateHandlerBean)
8011 throws GrouperDAOException {
8012
8013 TableIndex tableIndex = GrouperDAOFactory.getFactory().getTableIndex().findByType(TableIndexType.group);
8014 if (tableIndex != null && tableIndex.getLastIndexReserved() < theIdIndex) {
8015 tableIndex.setLastIndexReserved(theIdIndex);
8016 tableIndex.saveOrUpdate();
8017 }
8018 return null;
8019 }
8020 });
8021 }
8022
8023
8024 }
8025 return needsSave;
8026 }
8027
8028
8029
8030
8031 public Group/internet2/middleware/grouper/Group.html#Group">Group xmlSaveBusinessProperties(Group existingRecord) {
8032
8033 if (existingRecord == null) {
8034 Stem parent = this.getParentStem();
8035 if (this.getTypeOfGroup() == null || this.getTypeOfGroup().equals(TypeOfGroup.group)) {
8036 existingRecord = parent.internal_addChildGroup(
8037 this.extension, this.displayExtension, this.uuid, this.description, null, null, false, this.typeOfGroup, true);
8038 } else if (this.getTypeOfGroup().equals(TypeOfGroup.role)) {
8039 existingRecord = (Group)parent.internal_addChildRole(this.extension, this.displayExtension, this.uuid);
8040 } else {
8041 throw new RuntimeException("Not expecting type of group: " + this.getTypeOfGroup());
8042 }
8043 if (this.idIndex != null) {
8044 existingRecord.assignIdIndex(this.idIndex);
8045 }
8046 }
8047 this.xmlCopyBusinessPropertiesToExisting(existingRecord);
8048
8049 existingRecord.store();
8050 return existingRecord;
8051 }
8052
8053
8054
8055
8056 public void xmlSaveUpdateProperties() {
8057 GrouperDAOFactory.getFactory().getGroup().saveUpdateProperties(this);
8058 }
8059
8060
8061
8062
8063
8064
8065 public XmlExportGroup xmlToExportGroup(GrouperVersion grouperVersion) {
8066 if (grouperVersion == null) {
8067 throw new RuntimeException();
8068 }
8069
8070 XmlExportGroupXmlExportGroup.html#XmlExportGroup">XmlExportGroup xmlExportGroup = new XmlExportGroup();
8071 xmlExportGroup.setAlternateName(this.getAlternateNameDb());
8072 xmlExportGroup.setContextId(this.getContextId());
8073 xmlExportGroup.setCreateTime(GrouperUtil.dateStringValue(this.getCreateTime()));
8074 xmlExportGroup.setCreatorId(this.getCreatorUuid());
8075 xmlExportGroup.setDescription(this.getDescription());
8076 xmlExportGroup.setDisplayExtension(this.getDisplayExtension());
8077 xmlExportGroup.setDisplayName(this.getDisplayName());
8078 xmlExportGroup.setExtension(this.getExtension());
8079 xmlExportGroup.setHibernateVersionNumber(this.getHibernateVersionNumber());
8080 xmlExportGroup.setIdIndex(this.getIdIndex());
8081
8082 xmlExportGroup.setModifierId(this.getModifierUuid());
8083 xmlExportGroup.setModifierTime(GrouperUtil.dateStringValue(this.getModifyTime()));
8084 xmlExportGroup.setName(this.getName());
8085 xmlExportGroup.setParentStem(this.getParentUuid());
8086 xmlExportGroup.setTypeOfGroup(this.getTypeOfGroupDb());
8087 xmlExportGroup.setUuid(this.getUuid());
8088
8089 xmlExportGroup.setDisableTimestamp(GrouperUtil.dateStringValue(this.getDisabledTimeDb()));
8090 xmlExportGroup.setEnabled(GrouperUtil.booleanValue(this.getEnabledDb(), true) ? "T" : "F");
8091 xmlExportGroup.setEnabledTimestamp(GrouperUtil.dateStringValue(this.getEnabledTimeDb()));
8092
8093 return xmlExportGroup;
8094 }
8095
8096
8097
8098
8099 public String xmlGetId() {
8100 return this.getId();
8101 }
8102
8103
8104
8105
8106 public void xmlSetId(String theId) {
8107 this.setId(theId);
8108 }
8109
8110
8111
8112
8113 public String xmlToString() {
8114 return "Group: " + this.uuid + ", " + this.name;
8115 }
8116
8117
8118
8119
8120 @Override
8121 public boolean matchesLowerSearchStrings(Set<String> filterStrings) {
8122
8123 if (GrouperUtil.length(filterStrings) == 0) {
8124 return true;
8125 }
8126
8127 String lowerId = this.getId().toLowerCase();
8128 String lowerName = StringUtils.defaultString(this.getName()).toLowerCase();
8129 String lowerDisplayName = StringUtils.defaultString(this.getDisplayName()).toLowerCase();
8130 String lowerDescription = StringUtils.defaultString(this.getDescription()).toLowerCase();
8131 String lowerAlternateName = StringUtils.defaultString(this.getAlternateName()).toLowerCase();
8132
8133 for (String filterString : GrouperUtil.nonNull(filterStrings)) {
8134
8135
8136 if (!lowerId.contains(filterString)
8137 && !lowerName.contains(filterString)
8138 && !lowerDisplayName.contains(filterString)
8139 && !lowerDescription.contains(filterString)
8140 && !lowerAlternateName.contains(filterString)) {
8141 return false;
8142 }
8143
8144 }
8145 return true;
8146 }
8147
8148
8149
8150
8151
8152
8153
8154
8155 public boolean canHavePrivilege(Subject subject, String privilegeOrListName, boolean secure) {
8156
8157 GrouperSession grouperSession = GrouperSession.staticGrouperSession();
8158
8159 if (secure) {
8160 PrivilegeHelper.dispatch(grouperSession, this, grouperSession.getSubject(), AccessPrivilege.ADMIN);
8161 }
8162
8163 if (StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.ADMIN.getName())
8164 || StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.ADMIN.getListName())) {
8165 return PrivilegeHelper.canAdmin(grouperSession, this, subject);
8166 }
8167 if (StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.READ.getName())
8168 || StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.READ.getListName())) {
8169 return PrivilegeHelper.canRead(grouperSession, this, subject);
8170 }
8171 if (StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.VIEW.getName())
8172 || StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.VIEW.getListName())) {
8173 return PrivilegeHelper.canView(grouperSession, this, subject);
8174 }
8175 if (StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.UPDATE.getName())
8176 || StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.UPDATE.getListName())) {
8177 return PrivilegeHelper.canUpdate(grouperSession, this, subject);
8178 }
8179 if (StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.GROUP_ATTR_READ.getName())
8180 || StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.GROUP_ATTR_READ.getListName())) {
8181 return PrivilegeHelper.canGroupAttrRead(grouperSession, this, subject);
8182 }
8183 if (StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.GROUP_ATTR_UPDATE.getName())
8184 || StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.GROUP_ATTR_UPDATE.getListName())) {
8185 return PrivilegeHelper.canGroupAttrUpdate(grouperSession, this, subject);
8186 }
8187 if (StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.OPTIN.getName())
8188 || StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.OPTIN.getListName())) {
8189 return PrivilegeHelper.canOptin(grouperSession, this, subject);
8190 }
8191 if (StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.OPTOUT.getName())
8192 || StringUtils.equalsIgnoreCase(privilegeOrListName, AccessPrivilege.OPTOUT.getListName())) {
8193 return PrivilegeHelper.canOptout(grouperSession, this, subject);
8194 }
8195 throw new RuntimeException("Cant find privilege: '" + privilegeOrListName + "'");
8196
8197 }
8198
8199
8200
8201
8202 private void changeDisplayProperties() {
8203
8204 boolean alreadyChanged = false;
8205
8206 String includeExcludeTypeName = GrouperConfig.retrieveConfig().propertyValueString("grouperIncludeExclude.type.name");
8207 String requireGroupsTypeName = GrouperConfig.retrieveConfig().propertyValueString("grouperIncludeExclude.requireGroups.type.name");
8208
8209
8210 Group groupBeforeChange = GroupFinder.findByUuid(GrouperSession.staticGrouperSession(), this.getUuid(), false,
8211 new QueryOptions().secondLevelCache(false));
8212 DisplayProperties oldDisplayProperties = new DisplayProperties(groupBeforeChange);
8213 DisplayProperties newDisplayProperties = new DisplayProperties(this);
8214
8215 for (GroupType groupType: this.getTypes(false)) {
8216
8217 if (groupType.getName().equals(includeExcludeTypeName)) {
8218 changeDisplayPropertiesForIncludeExcludeType(oldDisplayProperties, newDisplayProperties);
8219 alreadyChanged = true;
8220 } else if (groupType.getName().equals(requireGroupsTypeName)) {
8221 changeDisplayPropertiesForRequireInGroupsType(oldDisplayProperties, newDisplayProperties);
8222 alreadyChanged = true;
8223 }
8224
8225 }
8226
8227
8228 if (!alreadyChanged && groupBeforeChange.getName().endsWith(systemOfRecordExtensionSuffix())
8229 && groupExistsAsCompositeInOverallGroup(groupBeforeChange.getName())) {
8230 changeDisplayPropertiesForIncludeExcludeType(oldDisplayProperties, newDisplayProperties);
8231 alreadyChanged = true;
8232 }
8233
8234
8235 if (!alreadyChanged && groupBeforeChange.getName().endsWith(systemOfRecordExtensionSuffix())
8236 && groupExistsAsMemberInOverallGroup(groupBeforeChange.getName())) {
8237 changeDisplayPropertiesForRequireInGroupsType(oldDisplayProperties, newDisplayProperties);
8238 }
8239
8240 }
8241
8242
8243
8244
8245
8246
8247 private boolean groupExistsAsMemberInOverallGroup(String groupName) {
8248
8249
8250 if (!groupName.endsWith(systemOfRecordExtensionSuffix())) {
8251 return false;
8252 }
8253 String overallGroupName = groupName.substring(0, groupName.length() - systemOfRecordExtensionSuffix().length());
8254 Group overallGroup = GroupFinder.findByName(GrouperSession.staticGrouperSession(), overallGroupName, false,
8255 new QueryOptions().secondLevelCache(false));
8256
8257 boolean found = false;
8258 if (overallGroup != null) {
8259
8260 return overallGroup.hasImmediateMember(this.toSubject());
8261 }
8262
8263 return found;
8264 }
8265
8266
8267
8268
8269
8270 private boolean groupExistsAsCompositeInOverallGroup(String groupName) {
8271
8272 if (!groupName.endsWith(systemOfRecordExtensionSuffix())) {
8273 return false;
8274 }
8275
8276
8277 String overallGroupName = groupName.substring(0, groupName.length() - systemOfRecordExtensionSuffix().length());
8278 Group overallGroup = GroupFinder.findByName(GrouperSession.staticGrouperSession(), overallGroupName, false,
8279 new QueryOptions().secondLevelCache(false));
8280
8281 boolean found = false;
8282
8283 Composite composite = overallGroup != null ? overallGroup.getComposite(false) : null;
8284 if (composite != null) {
8285 return composite.getLeftGroup().hasMember(this.toSubject());
8286
8287 }
8288
8289 return found;
8290 }
8291
8292
8293
8294
8295
8296
8297 private void changeDisplayPropertiesForIncludeExcludeType(DisplayProperties oldDisplayProperties, DisplayProperties newDisplayProperties) {
8298
8299 changeDisplayPropertiesForOverallGroup(oldDisplayProperties, newDisplayProperties);
8300 changeDisplayPropertiesForSystemForRecordGroup(oldDisplayProperties, newDisplayProperties);
8301 changeDisplayPropertiesForIncludeGroup(oldDisplayProperties, newDisplayProperties);
8302 changeDisplayPropertiesForExcludeGroup(oldDisplayProperties, newDisplayProperties);
8303 changeDisplayPropertiesForSystemOfRecordIncludesGroup(oldDisplayProperties, newDisplayProperties);
8304
8305 }
8306
8307
8308
8309
8310
8311
8312 private void changeDisplayPropertiesForRequireInGroupsType(DisplayProperties oldDisplayProperties, DisplayProperties newDisplayProperties) {
8313
8314 changeDisplayPropertiesForOverallGroup(oldDisplayProperties, newDisplayProperties);
8315 changeDisplayPropertiesForSystemForRecordGroup(oldDisplayProperties, newDisplayProperties);
8316
8317 }
8318
8319
8320
8321
8322
8323
8324 private void changeDisplayPropertiesForOverallGroup(DisplayProperties oldDisplayProperties, DisplayProperties newDisplayProperties) {
8325
8326 Group overallGroup = GroupFinder.findByName(GrouperSession.staticGrouperSession(), oldDisplayProperties.name, false,
8327 new QueryOptions().secondLevelCache(false));
8328
8329 if (overallGroup != null && !overallGroup.getUuid().equals(this.getUuid())) {
8330
8331 boolean changed = false;
8332
8333 if (!overallGroup.getDisplayExtension().equals(newDisplayProperties.displayExtension)) {
8334 overallGroup.setDisplayExtension(newDisplayProperties.displayExtension);
8335 changed = true;
8336
8337
8338 String previousDescription = overallDescription(oldDisplayProperties.extension, oldDisplayProperties.displayExtension);
8339 if (StringUtils.equals(previousDescription, overallGroup.getDescription())) {
8340 String overallDescription = overallDescription(newDisplayProperties.extension, newDisplayProperties.displayExtension);
8341 overallGroup.setDescription(overallDescription);
8342 }
8343 }
8344
8345 if (!overallGroup.getName().equals(newDisplayProperties.name)) {
8346 overallGroup.setExtension(newDisplayProperties.extension);
8347 changed = true;
8348 }
8349
8350 if (changed) {
8351 GrouperDAOFactory.getFactory().getGroup().update(overallGroup);
8352 }
8353
8354 }
8355
8356 }
8357
8358
8359
8360
8361
8362
8363 private void changeDisplayPropertiesForSystemForRecordGroup(DisplayProperties oldDisplayProperties, DisplayProperties newDisplayProperties) {
8364
8365 Group systemOfRecordGroup = GroupFinder.findByName(GrouperSession.staticGrouperSession(),
8366 oldDisplayProperties.name+systemOfRecordExtensionSuffix(), false,
8367 new QueryOptions().secondLevelCache(false));
8368
8369 if (systemOfRecordGroup != null && !systemOfRecordGroup.getUuid().equals(this.getUuid()) &&
8370 systemOfRecordGroup.getDisplayExtension().endsWith(systemOfRecordDisplayExtensionSuffix())) {
8371
8372 String displayExtensionWithoutSystemOfRecord = systemOfRecordGroup.getDisplayExtension().
8373 substring(0, systemOfRecordGroup.getDisplayExtension().length() - systemOfRecordDisplayExtensionSuffix().length());
8374
8375 boolean changed = false;
8376
8377 if (!displayExtensionWithoutSystemOfRecord.equals(newDisplayProperties.displayExtension)) {
8378 systemOfRecordGroup.setDisplayExtension(newDisplayProperties.displayExtension+systemOfRecordDisplayExtensionSuffix());
8379 changed = true;
8380
8381
8382 String previousSystemOrRecordDescription = systemOfRecordDescription(oldDisplayProperties.extension, oldDisplayProperties.displayExtension);
8383 if (StringUtils.equals(previousSystemOrRecordDescription, systemOfRecordGroup.getDescription())) {
8384 String systemOfRecordDescription = systemOfRecordDescription(newDisplayProperties.extension, newDisplayProperties.displayExtension);
8385 systemOfRecordGroup.setDescription(systemOfRecordDescription);
8386 }
8387 }
8388 if (!newDisplayProperties.name.equals(oldDisplayProperties.name)) {
8389 systemOfRecordGroup.setExtension(newDisplayProperties.extension+systemOfRecordExtensionSuffix());
8390 changed = true;
8391 }
8392
8393 if(changed) {
8394 GrouperDAOFactory.getFactory().getGroup().update(systemOfRecordGroup);
8395 }
8396
8397 }
8398
8399 }
8400
8401
8402
8403
8404
8405
8406 private void changeDisplayPropertiesForIncludeGroup(DisplayProperties oldDisplayProperties, DisplayProperties newDisplayProperties) {
8407
8408 Group includeGroup = GroupFinder.findByName(GrouperSession.staticGrouperSession(),
8409 oldDisplayProperties.name+includeExtensionSuffix(), false,
8410 new QueryOptions().secondLevelCache(false));
8411 if (includeGroup != null && !includeGroup.getUuid().equals(this.getUuid()) &&
8412 includeGroup.getDisplayExtension().endsWith(includeDisplayExtensionSuffix())) {
8413
8414 String displayExtensionWithoutInclude = includeGroup.getDisplayExtension().
8415 substring(0, includeGroup.getDisplayExtension().length() - includeDisplayExtensionSuffix().length());
8416
8417 boolean changed = false;
8418
8419 if (!displayExtensionWithoutInclude.equals(newDisplayProperties.displayExtension)) {
8420 includeGroup.setDisplayExtension(newDisplayProperties.displayExtension+includeDisplayExtensionSuffix());
8421 changed = true;
8422
8423 String previousIncludesDescription = includeDescription(oldDisplayProperties.extension, oldDisplayProperties.displayExtension);
8424 if (StringUtils.equals(previousIncludesDescription, includeGroup.getDescription())) {
8425 String includesDescription = includeDescription(newDisplayProperties.extension, newDisplayProperties.displayExtension);
8426 includeGroup.setDescription(includesDescription);
8427 }
8428 }
8429 if (!oldDisplayProperties.name.equals(newDisplayProperties.name)) {
8430 includeGroup.setExtension(newDisplayProperties.extension+includeExtensionSuffix());
8431 changed = true;
8432 }
8433
8434 if (changed) {
8435 GrouperDAOFactory.getFactory().getGroup().update(includeGroup);
8436 }
8437
8438 }
8439
8440 }
8441
8442
8443
8444
8445
8446
8447 private void changeDisplayPropertiesForExcludeGroup(DisplayProperties oldDisplayProperties, DisplayProperties newDisplayProperties) {
8448
8449 Group excludeGroup = GroupFinder.findByName(GrouperSession.staticGrouperSession(),
8450 oldDisplayProperties.name+excludeExtensionSuffix(), false,
8451 new QueryOptions().secondLevelCache(false));
8452 if (excludeGroup != null && !excludeGroup.getUuid().equals(this.getUuid()) &&
8453 excludeGroup.getDisplayExtension().endsWith(excludeDisplayExtensionSuffix())) {
8454
8455 String displayExtensionWithoutExclude = excludeGroup.getDisplayExtension().
8456 substring(0, excludeGroup.getDisplayExtension().length() - excludeDisplayExtensionSuffix().length());
8457
8458 boolean changed = false;
8459
8460 if (!displayExtensionWithoutExclude.equals(newDisplayProperties.displayExtension)) {
8461 excludeGroup.setDisplayExtension(newDisplayProperties.displayExtension+excludeDisplayExtensionSuffix());
8462 changed = true;
8463
8464 String previousExcludesDescription = excludeDescription(oldDisplayProperties.extension, oldDisplayProperties.displayExtension);
8465 if (StringUtils.equals(previousExcludesDescription, excludeGroup.getDescription())) {
8466 String excludesDescription = excludeDescription(newDisplayProperties.extension, newDisplayProperties.displayExtension);
8467 excludeGroup.setDescription(excludesDescription);
8468 }
8469 }
8470 if (!newDisplayProperties.name.equals(oldDisplayProperties.name)) {
8471 excludeGroup.setExtension(newDisplayProperties.extension+excludeExtensionSuffix());
8472 changed = true;
8473 }
8474
8475 if (changed) {
8476 GrouperDAOFactory.getFactory().getGroup().update(excludeGroup);
8477 }
8478
8479 }
8480
8481 }
8482
8483
8484
8485
8486
8487
8488 private void changeDisplayPropertiesForSystemOfRecordIncludesGroup(DisplayProperties oldDisplayProperties, DisplayProperties newDisplayProperties) {
8489
8490 Group systemOfRecordAndIncludes = GroupFinder.findByName(GrouperSession.staticGrouperSession(),
8491 oldDisplayProperties.name+systemOfRecordAndIncludesExtensionSuffix(), false,
8492 new QueryOptions().secondLevelCache(false));
8493 if (systemOfRecordAndIncludes != null && !systemOfRecordAndIncludes.getUuid().equals(this.getUuid()) &&
8494 systemOfRecordAndIncludes.getDisplayExtension().endsWith(systemOfRecordAndIncludesDisplayExtensionSuffix())) {
8495
8496 String displayExtensionWithoutSystemOfRecordInclude = systemOfRecordAndIncludes.getDisplayExtension().
8497 substring(0, systemOfRecordAndIncludes.getDisplayExtension().length() - systemOfRecordAndIncludesDisplayExtensionSuffix().length());
8498
8499 boolean changed = false;
8500
8501 if (!displayExtensionWithoutSystemOfRecordInclude.equals(newDisplayProperties.displayExtension)) {
8502 systemOfRecordAndIncludes.setDisplayExtension(newDisplayProperties.displayExtension+systemOfRecordAndIncludesDisplayExtensionSuffix());
8503 changed = true;
8504
8505 String previousSystemOrRecordAndIncludesDescription = systemOfRecordAndIncludesDescription(oldDisplayProperties.extension, oldDisplayProperties.displayExtension);
8506 if (StringUtils.equals(previousSystemOrRecordAndIncludesDescription, systemOfRecordAndIncludes.getDescription())) {
8507 String systemOfRecordAndIncludesDescription = systemOfRecordAndIncludesDescription(newDisplayProperties.extension, newDisplayProperties.displayExtension);
8508 systemOfRecordAndIncludes.setDescription(systemOfRecordAndIncludesDescription);
8509 }
8510 }
8511 if (!newDisplayProperties.name.equals(oldDisplayProperties.name)) {
8512 systemOfRecordAndIncludes.setExtension(newDisplayProperties.extension+systemOfRecordAndIncludesExtensionSuffix());
8513 changed = true;
8514 }
8515
8516 if (changed) {
8517 GrouperDAOFactory.getFactory().getGroup().update(systemOfRecordAndIncludes);
8518 }
8519
8520 }
8521
8522 }
8523
8524
8525
8526
8527
8528
8529
8530
8531
8532
8533
8534
8535
8536
8537
8538
8539
8540 public void deleteAllMemberships() throws GroupDeleteException, InsufficientPrivilegeException {
8541 final String errorMessageSuffix = ", stem name: " + this.name + ", group extension: " + this.extension
8542 + ", group dExtension: " + this.displayExtension + ", uuid: " + this.uuid + ", ";
8543
8544 HibernateSession.callbackHibernateSession(
8545 GrouperTransactionType.READ_WRITE_OR_USE_EXISTING, AuditControl.WILL_AUDIT,
8546 new HibernateHandler() {
8547
8548 public Object callback(HibernateHandlerBean hibernateHandlerBean)
8549 throws GrouperDAOException {
8550
8551 hibernateHandlerBean.getHibernateSession().setCachingEnabled(false);
8552
8553 StopWatch sw = new StopWatch();
8554 sw.start();
8555 GrouperSession.validate( GrouperSession.staticGrouperSession() );
8556
8557 if ( !PrivilegeHelper.canUpdate( GrouperSession.staticGrouperSession(), Group.this,
8558 GrouperSession.staticGrouperSession().getSubject() ) ) {
8559 throw new InsufficientPrivilegeException(
8560 E.CANNOT_UPDATE + errorMessageSuffix);
8561 }
8562
8563 if (Group.this.getTypeOfGroup() == TypeOfGroup.entity) {
8564 throw new RuntimeException("Cant delete memberships from entity, must be a group or role");
8565 }
8566
8567
8568 if (Group.this.hasComposite()) {
8569 Group.this.deleteCompositeMember();
8570 }
8571
8572
8573
8574 GrouperSession.internal_callbackRootGrouperSession(new GrouperSessionHandler() {
8575
8576 public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
8577
8578 Membership.internal_deleteAllFieldType(
8579 GrouperSession.staticGrouperSession().internal_getRootSession(), Group.this, FieldType.LIST );
8580
8581 return null;
8582 }
8583 });
8584
8585 if (!hibernateHandlerBean.isCallerWillCreateAudit()) {
8586 AuditEntry auditEntry = null;
8587 auditEntry = new AuditEntry(AuditTypeBuiltin.GROUP_DELETE_ALL_MEMBERSHIPS, "id",
8588 Group.this.getUuid(), "name", Group.this.getName(), "parentStemId", Group.this.getParentUuid(),
8589 "displayName", Group.this.getDisplayName(), "description", Group.this.getDescription());
8590 auditEntry.setDescription("Deleted all group memberships: " + Group.this.getName());
8591
8592 auditEntry.saveOrUpdate(true);
8593 }
8594
8595 sw.stop();
8596 EventLog.info(GrouperSession.staticGrouperSession(), M.GROUP_ALL_MEMBERSHIPS_DEL + Quote.single(Group.this.getName()), sw);
8597 return null;
8598 }
8599 });
8600 }
8601
8602
8603
8604
8605
8606 public static int internal_fixEnabledDisabled() {
8607 Set<Group> groups = GrouperDAOFactory.getFactory().getGroup().findAllEnabledDisabledMismatch();
8608 for (Group group : groups) {
8609 group.setEnabled(group.internal_isEnabledUsingTimestamps());
8610 group.store();
8611 }
8612
8613 return groups.size();
8614 }
8615
8616
8617
8618
8619 private class DisplayProperties {
8620
8621
8622
8623
8624 private String name;
8625
8626
8627
8628
8629 private String displayExtension;
8630
8631
8632
8633
8634 private String extension;
8635
8636
8637
8638
8639
8640 private DisplayProperties(Group group) {
8641 this.name = group.getName();
8642 this.displayExtension = group.getDisplayExtension();
8643 this.extension = group.getExtension();
8644
8645
8646
8647 if (this.name.endsWith(systemOfRecordExtensionSuffix())) {
8648 this.name = this.name.substring(0, this.name.length() - systemOfRecordExtensionSuffix().length());
8649 }
8650
8651 if (this.displayExtension.endsWith(systemOfRecordDisplayExtensionSuffix())) {
8652 this.displayExtension = this.displayExtension.substring(0, this.displayExtension.length() - systemOfRecordDisplayExtensionSuffix().length());
8653 }
8654
8655 if (this.extension.endsWith(systemOfRecordExtensionSuffix())) {
8656 this.extension = this.extension.substring(0, this.extension.length() - systemOfRecordExtensionSuffix().length());
8657 }
8658 }
8659
8660 }
8661
8662 }