1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33 package edu.internet2.middleware.grouper.privs;
34 import java.io.Serializable;
35 import java.util.Collection;
36 import java.util.HashMap;
37 import java.util.HashSet;
38 import java.util.LinkedHashSet;
39 import java.util.Map;
40 import java.util.Set;
41
42 import org.apache.commons.lang.StringUtils;
43
44 import edu.internet2.middleware.grouper.Field;
45 import edu.internet2.middleware.grouper.FieldFinder;
46 import edu.internet2.middleware.grouper.exception.SchemaException;
47 import edu.internet2.middleware.grouper.util.GrouperUtil;
48
49
50
51
52
53
54
55
56
57 public class Privilege implements Serializable {
58
59
60
61
62
63 public boolean isAccess() {
64 return Privilege.isAccess(this);
65 }
66
67
68
69
70
71 public boolean isNaming() {
72 return Privilege.isNaming(this);
73 }
74
75
76
77
78
79 public boolean isAttributeDef() {
80 return Privilege.isAttributeDef(this);
81 }
82
83
84
85
86
87
88
89 public static Privilege listToPriv(String list, boolean exceptionOnNotFound) {
90
91 Privilege privilege = AccessPrivilege.listToPriv(list);
92
93 if (privilege != null) {
94 return privilege;
95 }
96
97 privilege = NamingPrivilege.listToPriv(list);
98
99 if (privilege != null) {
100 return privilege;
101 }
102
103 privilege = AttributeDefPrivilege.listToPriv(list);
104
105 if (privilege != null) {
106 return privilege;
107 }
108
109 if (exceptionOnNotFound) {
110 throw new RuntimeException("Cant find privilege from field: " + list);
111 }
112
113 return null;
114
115
116 }
117
118
119
120
121
122
123 public static Set<Privilege> convertFieldsToPrivileges(Collection<Field> fields) {
124
125 if (fields == null) {
126 return null;
127 }
128
129 Set<Privilege> privileges = new LinkedHashSet<Privilege>();
130
131 for (Field field : fields) {
132 Privilege privilege = listToPriv(field.getName(), true);
133 privileges.add(privilege);
134 }
135 return privileges;
136
137 }
138
139
140
141
142
143
144 public static Set<Privilege> convertNamesToPrivileges(Collection<String> privilegeNames) {
145
146 if (privilegeNames == null) {
147 return null;
148 }
149
150 Set<Privilege> privileges = new LinkedHashSet<Privilege>();
151
152 for (String privilegeName : privilegeNames) {
153 Privilege privilege = getInstance(privilegeName, true);
154 privileges.add(privilege);
155 }
156 return privileges;
157
158 }
159
160
161
162
163
164
165 public static Collection<Field> convertPrivilegesToFields(Collection<Privilege> privileges) {
166
167 Set<Field> result = new HashSet<Field>();
168
169 for (Privilege privilege : GrouperUtil.nonNull(privileges)) {
170
171 Field field = privilege.getField();
172 result.add(field);
173
174 }
175
176 return result;
177
178 }
179
180
181
182 public static final long serialVersionUID = 931658631999330719L;
183
184
185
186
187 @Override
188 public int hashCode() {
189 final int prime = 31;
190 int result = 1;
191 result = prime * result + ((name == null) ? 0 : name.hashCode());
192 return result;
193 }
194
195
196
197
198
199 @Override
200 public boolean equals(Object obj) {
201 if (this == obj)
202 return true;
203 if (obj == null)
204 return false;
205 if (getClass() != obj.getClass())
206 return false;
207 final Privilege/../../../../edu/internet2/middleware/grouper/privs/Privilege.html#Privilege">Privilege other = (Privilege) obj;
208 if (name == null) {
209 if (other.name != null)
210 return false;
211 } else if (!name.equals(other.name))
212 return false;
213 return true;
214 }
215
216
217
218
219
220
221 private static final Set<Privilege> ATTRIBUTE_DEF = new LinkedHashSet<Privilege>();
222
223 private static final Set<Privilege> ACCESS = new LinkedHashSet<Privilege>();
224
225 private static final Set<Privilege> ENTITY = new LinkedHashSet<Privilege>();
226
227 private static final Privilegevilege.html#Privilege">Privilege CREATE = new Privilege("create");
228
229 private static final Privilegevilege.html#Privilege">Privilege STEM = new Privilege("stem" );
230
231 private static final Privilegel#Privilege">Privilege STEM_ATTR_READ = new Privilege("stemAttrRead" );
232
233 private static final Privilege.html#Privilege">Privilege STEM_ADMIN = new Privilege("stemAdmin" );
234
235 private static final PrivilegePrivilege">Privilege STEM_ATTR_UPDATE = new Privilege("stemAttrUpdate" );
236
237 private static final Set<Privilege> NAMING = new LinkedHashSet<Privilege>();
238
239 private static final Privilegevilege.html#Privilege">Privilege OPTIN = new Privilege("optin" );
240
241 private static final Privilegevilege.html#Privilege">Privilege OPTOUT = new Privilege("optout");
242
243 private static final Privilegevilege.html#Privilege">Privilege READ = new Privilege("read" );
244
245 private static final Privilegevilege.html#Privilege">Privilege ADMIN = new Privilege("admin" );
246
247 private static final Privilegevilege.html#Privilege">Privilege UPDATE = new Privilege("update");
248
249 private static final Privilegevilege.html#Privilege">Privilege VIEW = new Privilege("view" );
250
251 private static final Privilege#Privilege">Privilege GROUP_ATTR_READ = new Privilege("groupAttrRead" );
252
253 private static final Privilegerivilege">Privilege GROUP_ATTR_UPDATE = new Privilege("groupAttrUpdate" );
254
255 private static final Map<String,Privilege> PRIVS = new HashMap<String,Privilege>();
256
257
258 private static final Privilegee.html#Privilege">Privilege ATTR_OPTIN = new Privilege("attrOptin" );
259
260 private static final Privilegee.html#Privilege">Privilege ATTR_OPTOUT = new Privilege("attrOptout");
261
262 private static final Privilegee.html#Privilege">Privilege ATTR_READ = new Privilege("attrRead" );
263
264 private static final Privilegee.html#Privilege">Privilege ATTR_ADMIN = new Privilege("attrAdmin" );
265
266 private static final Privilegee.html#Privilege">Privilege ATTR_UPDATE = new Privilege("attrUpdate");
267
268 private static final Privilegee.html#Privilege">Privilege ATTR_VIEW = new Privilege("attrView" );
269
270 private static final PrivilegePrivilege">Privilege ATTR_DEF_ATTR_READ = new Privilege("attrDefAttrRead");
271
272 private static final Privilegeilege">Privilege ATTR_DEF_ATTR_UPDATE = new Privilege("attrDefAttrUpdate" );
273
274 private static final Privilegevilege.html#Privilege">Privilege SYSTEM = new Privilege("system");
275
276
277 private String name;
278
279
280
281
282
283
284
285 public Collection<Privilege> getInheritedPrivileges() {
286
287 if (this.equals(ADMIN)) {
288 return AccessPrivilege.ADMIN_PRIVILEGES;
289 }
290
291 if (this.equals(VIEW)) {
292 return AccessPrivilege.VIEW_PRIVILEGES;
293 }
294
295 if (this.equals(READ)) {
296 return AccessPrivilege.READ_PRIVILEGES;
297 }
298
299 if (this.equals(UPDATE)) {
300 return AccessPrivilege.UPDATE_PRIVILEGES;
301 }
302
303 if (this.equals(OPTIN)) {
304 return AccessPrivilege.OPTIN_PRIVILEGES;
305 }
306
307 if (this.equals(OPTOUT)) {
308 return AccessPrivilege.OPTOUT_PRIVILEGES;
309 }
310
311 if (this.equals(GROUP_ATTR_READ)) {
312 return AccessPrivilege.GROUP_ATTR_READ_PRIVILEGES;
313 }
314
315 if (this.equals(GROUP_ATTR_UPDATE)) {
316 return AccessPrivilege.GROUP_ATTR_UPDATE_PRIVILEGES;
317 }
318
319 if (this.equals(STEM)) {
320 return NamingPrivilege.STEM_PRIVILEGES;
321 }
322
323 if (this.equals(STEM_ADMIN)) {
324 return NamingPrivilege.ADMIN_PRIVILEGES;
325 }
326
327 if (this.equals(CREATE)) {
328 return NamingPrivilege.CREATE_PRIVILEGES;
329 }
330
331 if (this.equals(STEM_ATTR_READ)) {
332 return NamingPrivilege.STEM_ATTR_READ_PRIVILEGES;
333 }
334
335 if (this.equals(STEM_ATTR_UPDATE)) {
336 return NamingPrivilege.STEM_ATTR_UPDATE_PRIVILEGES;
337 }
338
339 if (this.equals(ATTR_ADMIN)) {
340 return AttributeDefPrivilege.ATTR_ADMIN_PRIVILEGES;
341 }
342
343 if (this.equals(ATTR_DEF_ATTR_READ)) {
344 return AttributeDefPrivilege.ATTR_DEF_ATTR_READ_PRIVILEGES;
345 }
346
347 if (this.equals(ATTR_DEF_ATTR_UPDATE)) {
348 return AttributeDefPrivilege.ATTR_DEF_ATTR_UPDATE_PRIVILEGES;
349 }
350
351 if (this.equals(ATTR_OPTIN)) {
352 return AttributeDefPrivilege.ATTR_OPTIN_PRIVILEGES;
353 }
354
355 if (this.equals(ATTR_OPTOUT)) {
356 return AttributeDefPrivilege.ATTR_OPTOUT_PRIVILEGES;
357 }
358
359 if (this.equals(ATTR_READ)) {
360 return AttributeDefPrivilege.ATTR_READ_PRIVILEGES;
361 }
362
363 if (this.equals(ATTR_UPDATE)) {
364 return AttributeDefPrivilege.ATTR_UPDATE_PRIVILEGES;
365 }
366
367 if (this.equals(ATTR_VIEW)) {
368 return AttributeDefPrivilege.ATTR_VIEW_PRIVILEGES;
369 }
370
371 throw new RuntimeException("Cant find privilege: " + this.getName());
372
373 }
374
375
376
377
378
379
380
381 public Collection<Privilege> getImpliedPrivileges() {
382
383 if (this.equals(ADMIN)) {
384 return AccessPrivilege.ADMIN_IMPLIED_PRIVILEGES;
385 }
386
387 if (this.equals(VIEW)) {
388 return AccessPrivilege.VIEW_IMPLIED_PRIVILEGES;
389 }
390
391 if (this.equals(READ)) {
392 return AccessPrivilege.READ_IMPLIED_PRIVILEGES;
393 }
394
395 if (this.equals(UPDATE)) {
396 return AccessPrivilege.UPDATE_IMPLIED_PRIVILEGES;
397 }
398
399 if (this.equals(OPTIN)) {
400 return AccessPrivilege.OPTIN_IMPLIED_PRIVILEGES;
401 }
402
403 if (this.equals(OPTOUT)) {
404 return AccessPrivilege.OPTOUT_IMPLIED_PRIVILEGES;
405 }
406
407 if (this.equals(GROUP_ATTR_READ)) {
408 return AccessPrivilege.GROUP_ATTR_READ_IMPLIED_PRIVILEGES;
409 }
410
411 if (this.equals(GROUP_ATTR_UPDATE)) {
412 return AccessPrivilege.GROUP_ATTR_UPDATE_IMPLIED_PRIVILEGES;
413 }
414
415 if (this.equals(STEM)) {
416 return NamingPrivilege.STEM_IMPLIED_PRIVILEGES;
417 }
418
419 if (this.equals(STEM_ADMIN)) {
420 return NamingPrivilege.STEM_ADMIN_IMPLIED_PRIVILEGES;
421 }
422
423 if (this.equals(CREATE)) {
424 return NamingPrivilege.CREATE_IMPLIED_PRIVILEGES;
425 }
426
427 if (this.equals(STEM_ATTR_READ)) {
428 return NamingPrivilege.STEM_ATTR_READ_IMPLIED_PRIVILEGES;
429 }
430
431 if (this.equals(STEM_ATTR_UPDATE)) {
432 return NamingPrivilege.STEM_ATTR_UPDATE_IMPLIED_PRIVILEGES;
433 }
434
435 if (this.equals(ATTR_ADMIN)) {
436 return AttributeDefPrivilege.ATTR_ADMIN_IMPLIED_PRIVILEGES;
437 }
438
439 if (this.equals(ATTR_DEF_ATTR_READ)) {
440 return AttributeDefPrivilege.ATTR_DEF_ATTR_READ_IMPLIED_PRIVILEGES;
441 }
442
443 if (this.equals(ATTR_DEF_ATTR_UPDATE)) {
444 return AttributeDefPrivilege.ATTR_DEF_ATTR_UPDATE_IMPLIED_PRIVILEGES;
445 }
446
447 if (this.equals(ATTR_OPTIN)) {
448 return AttributeDefPrivilege.ATTR_OPTIN_IMPLIED_PRIVILEGES;
449 }
450
451 if (this.equals(ATTR_OPTOUT)) {
452 return AttributeDefPrivilege.ATTR_OPTOUT_IMPLIED_PRIVILEGES;
453 }
454
455 if (this.equals(ATTR_READ)) {
456 return AttributeDefPrivilege.ATTR_READ_IMPLIED_PRIVILEGES;
457 }
458
459 if (this.equals(ATTR_UPDATE)) {
460 return AttributeDefPrivilege.ATTR_UPDATE_IMPLIED_PRIVILEGES;
461 }
462
463 if (this.equals(ATTR_VIEW)) {
464 return AttributeDefPrivilege.ATTR_VIEW_IMPLIED_PRIVILEGES;
465 }
466
467 throw new RuntimeException("Cant find privilege: " + this.getName());
468
469 }
470
471
472
473
474 static {
475 PRIVS.put( ADMIN.toString().toLowerCase() , ADMIN );
476 ACCESS.add( ADMIN );
477 ENTITY.add( ADMIN );
478 PRIVS.put( CREATE.toString().toLowerCase() , CREATE );
479 NAMING.add( CREATE );
480 PRIVS.put( OPTIN.toString().toLowerCase() , OPTIN );
481 ACCESS.add( OPTIN );
482 PRIVS.put( OPTOUT.toString().toLowerCase() , OPTOUT );
483 ACCESS.add( OPTOUT );
484 PRIVS.put( READ.toString().toLowerCase() , READ );
485 ACCESS.add( READ );
486 PRIVS.put( STEM.toString().toLowerCase() , STEM );
487
488 PRIVS.put(STEM_ADMIN.toString().toLowerCase(), STEM_ADMIN);
489 NAMING.add(STEM_ADMIN);
490 PRIVS.put( SYSTEM.toString().toLowerCase() , SYSTEM );
491 PRIVS.put( UPDATE.toString().toLowerCase() , UPDATE );
492 ACCESS.add( UPDATE );
493 PRIVS.put( VIEW.toString().toLowerCase() , VIEW );
494 ACCESS.add( VIEW );
495 ENTITY.add( VIEW );
496 PRIVS.put(GROUP_ATTR_READ.toString().toLowerCase(), GROUP_ATTR_READ);
497 ACCESS.add(GROUP_ATTR_READ);
498 ENTITY.add(GROUP_ATTR_READ);
499 PRIVS.put(GROUP_ATTR_UPDATE.toString().toLowerCase(), GROUP_ATTR_UPDATE);
500 ACCESS.add(GROUP_ATTR_UPDATE);
501 ENTITY.add(GROUP_ATTR_UPDATE);
502 PRIVS.put(STEM_ATTR_READ.toString().toLowerCase(), STEM_ATTR_READ);
503 NAMING.add(STEM_ATTR_READ);
504 PRIVS.put(STEM_ATTR_UPDATE.toString().toLowerCase(), STEM_ATTR_UPDATE);
505 NAMING.add(STEM_ATTR_UPDATE);
506
507 PRIVS.put( ATTR_OPTIN.toString().toLowerCase() , ATTR_OPTIN );
508 ATTRIBUTE_DEF.add( ATTR_OPTIN );
509 PRIVS.put( ATTR_OPTOUT.toString().toLowerCase() , ATTR_OPTOUT );
510 ATTRIBUTE_DEF.add( ATTR_OPTOUT );
511 PRIVS.put( ATTR_READ.toString().toLowerCase() , ATTR_READ );
512 ATTRIBUTE_DEF.add( ATTR_READ );
513 PRIVS.put( ATTR_UPDATE.toString().toLowerCase() , ATTR_UPDATE );
514 ATTRIBUTE_DEF.add( ATTR_UPDATE );
515 PRIVS.put( ATTR_VIEW.toString().toLowerCase() , ATTR_VIEW );
516 ATTRIBUTE_DEF.add( ATTR_VIEW );
517 PRIVS.put( ATTR_ADMIN.toString().toLowerCase() , ATTR_ADMIN );
518 ATTRIBUTE_DEF.add( ATTR_ADMIN );
519 PRIVS.put(ATTR_DEF_ATTR_READ.toString().toLowerCase(), ATTR_DEF_ATTR_READ);
520 ATTRIBUTE_DEF.add(ATTR_DEF_ATTR_READ);
521 PRIVS.put(ATTR_DEF_ATTR_UPDATE.toString().toLowerCase(), ATTR_DEF_ATTR_UPDATE);
522 ATTRIBUTE_DEF.add(ATTR_DEF_ATTR_UPDATE);
523
524
525 }
526
527
528
529
530
531
532 public String getListName() {
533 if (isAccess(this)) {
534 return AccessPrivilege.privToList(this);
535 }
536 if (isNaming(this)) {
537 return NamingPrivilege.privToList(this);
538 }
539 if (isAttributeDef(this)) {
540 return AttributeDefPrivilege.privToList(this);
541 }
542 throw new RuntimeException("Invalid list: " + this);
543 }
544
545
546
547
548
549
550 public Field getField() throws SchemaException {
551 String listName = this.getListName();
552 if (!StringUtils.isBlank(listName)) {
553 return FieldFinder.find(listName, true, false);
554 }
555 throw new SchemaException("invalid privilege: " + this);
556 }
557
558
559
560
561
562 private Privilege(String name) {
563 this.name = name;
564 }
565
566
567
568
569
570
571 public static Set<Privilege> getAccessPrivs() {
572 return ACCESS;
573 }
574
575
576
577
578
579 public static Set<Privilege> getEntityPrivs() {
580 return ENTITY;
581 }
582
583
584
585
586
587
588 public static Set<Privilege> getInstances(String namesCommaSeparated) {
589 String[] privilegesArray = GrouperUtil.splitTrim(namesCommaSeparated, ",");
590 Set<Privilege> privileges = new LinkedHashSet<Privilege>();
591 for (String privilegeString : privilegesArray) {
592 Privilege privilege = getInstance(privilegeString);
593 privileges.add(privilege);
594 }
595 return privileges;
596 }
597
598
599
600
601
602
603 public static String stringValue(Set<Privilege> privileges) {
604 StringBuilder result = new StringBuilder();
605 int i=0;
606 for (Privilege privilege : privileges) {
607 result.append(privilege.getName());
608 if (i < privileges.size()-1) {
609 result.append(", ");
610 }
611 i++;
612 }
613 return result.toString();
614 }
615
616
617
618
619
620
621 public static Privilege getInstance(String name) {
622 return getInstance(name, false);
623 }
624
625
626
627
628
629
630 public static Privilege getInstance(String name, boolean exceptionIfNotFound) {
631
632
633 if (name != null) {
634 name = name.toLowerCase();
635 }
636 Privilege privilege = PRIVS.get(name);
637
638
639 if (privilege == null) {
640 privilege = listToPriv(name, false);
641 }
642
643 if (privilege == null && exceptionIfNotFound) {
644 throw new RuntimeException("Cant find privilege: " + name);
645 }
646 return privilege;
647 }
648
649
650
651
652
653 public static Set<Privilege> getNamingPrivs() {
654 return NAMING;
655 }
656
657
658
659
660
661 public static Set<Privilege> getAttributeDefPrivs() {
662 return ATTRIBUTE_DEF;
663 }
664
665
666
667
668
669
670 public static boolean isAccess(Privilege p) {
671 if (ACCESS.contains(p)) {
672 return true;
673 }
674 return false;
675 }
676
677
678
679
680
681
682 public static boolean isEntity(Privilege p) {
683 if (ENTITY.contains(p)) {
684 return true;
685 }
686 return false;
687 }
688
689
690
691
692
693
694 public static boolean isNaming(Privilege p) {
695 if (NAMING.contains(p) || p == Privilege.STEM) {
696 return true;
697 }
698 return false;
699 }
700
701
702
703
704
705
706 public static boolean isAttributeDef(Privilege p) {
707 return ATTRIBUTE_DEF.contains(p);
708 }
709
710
711
712
713
714
715 public String getName() {
716 return this.name;
717 }
718
719
720
721
722
723 @Override
724 public String toString() {
725 return this.getName();
726 }
727
728
729
730
731
732
733 Object readResolve() {
734 return getInstance(name);
735 }
736
737 }
738