Source code

001/**
002 * Copyright 2005-2016 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package org.kuali.rice.kns.kim.role;
017
018import org.apache.commons.lang.StringUtils;
019import org.kuali.rice.core.api.exception.RiceIllegalArgumentException;
020import org.kuali.rice.core.api.membership.MemberType;
021import org.kuali.rice.core.api.util.jaxb.MapStringStringAdapter;
022import org.kuali.rice.kim.api.role.Role;
023import org.kuali.rice.kim.api.role.RoleMembership;
024import org.kuali.rice.kim.framework.common.delegate.DelegationTypeService;
025import org.kuali.rice.kim.framework.role.RoleTypeService;
026import org.kuali.rice.kns.kim.type.DataDictionaryTypeServiceBase;
027
028import javax.jws.WebParam;
029import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
030import java.util.ArrayList;
031import java.util.Collections;
032import java.util.HashMap;
033import java.util.List;
034import java.util.Map;
035
036/**
037 * @deprecated A krad integrated type service base class will be provided in the future.
038 */
039@Deprecated
040public class RoleTypeServiceBase extends DataDictionaryTypeServiceBase implements RoleTypeService, DelegationTypeService {
041        
042        /**
043         * Performs a simple check that the qualifier on the role matches the qualification.
044         * Extra qualification attributes are ignored.
045         */
046    @Override
047        public boolean doesRoleQualifierMatchQualification(Map<String, String> qualification, Map<String, String> roleQualifier) {
048                if (qualification == null) {
049            throw new RiceIllegalArgumentException("qualification was null or blank");
050        }
051
052        if (roleQualifier == null) {
053            throw new RiceIllegalArgumentException("roleQualifier was null or blank");
054        }
055
056        Map<String, String> translatedQualification = translateInputAttributes(qualification);
057                validateRequiredAttributesAgainstReceived(translatedQualification);
058                return performMatch(translatedQualification, roleQualifier);
059        }
060        
061    @Override
062        public List<RoleMembership> getMatchingRoleMemberships(Map<String, String> qualification,
063            List<RoleMembership> roleMemberList) {
064                if (qualification == null) {
065            throw new RiceIllegalArgumentException("qualification was null or blank");
066        }
067
068        if (roleMemberList == null) {
069            throw new RiceIllegalArgumentException("roleMemberList was null or blank");
070        }
071
072        Map<String, String> translatedQualification = translateInputAttributes(qualification);
073                validateRequiredAttributesAgainstReceived(translatedQualification);
074                List<RoleMembership> matchingMemberships = new ArrayList<RoleMembership>();
075                for ( RoleMembership roleMembership : roleMemberList ) {
076                        if ( performMatch( translatedQualification, roleMembership.getQualifier() ) ) {
077                                matchingMemberships.add( roleMembership );
078                        }
079                }
080                return Collections.unmodifiableList(matchingMemberships);
081        }
082
083        /**
084         * Return an empty list since this method should not be called by the role service for this service type.
085         * Subclasses which are application role types should override this method.
086         *
087         */
088    @Override
089        public List<RoleMembership> getRoleMembersFromDerivedRole(String namespaceCode, String roleName, Map<String, String> qualification) {
090
091        if (StringUtils.isBlank(namespaceCode)) {
092            throw new RiceIllegalArgumentException("namespaceCode was null or blank");
093        }
094
095        if (StringUtils.isBlank(roleName)) {
096            throw new RiceIllegalArgumentException("roleName was null or blank");
097        }
098
099        if (qualification == null) {
100            throw new RiceIllegalArgumentException("qualification was null or blank");
101        }
102
103        validateRequiredAttributesAgainstReceived(qualification);
104                if ( !isDerivedRoleType() ) {
105                        throw new UnsupportedOperationException( this.getClass().getName() + " is not an application role." );
106                } else {
107                        throw new UnsupportedOperationException( this.getClass().getName() + " is an application role type but has not overridden this method." );
108                }
109        }
110
111        /**
112         * This simple initial implementation just calls  
113         * {@link #getRoleMembersFromApplicationRole(String, String, Map<String, String>)} and checks the results.
114         *
115         */
116    @Override
117        public boolean hasDerivedRole(String principalId, List<String> groupIds, String namespaceCode, String roleName, Map<String, String> qualification) {
118            if (StringUtils.isBlank(principalId)) {
119            throw new RiceIllegalArgumentException("principalId was null or blank");
120        }
121
122        if (groupIds == null) {
123            throw new RiceIllegalArgumentException("groupIds was null or blank");
124        }
125
126        if (StringUtils.isBlank(namespaceCode)) {
127            throw new RiceIllegalArgumentException("namespaceCode was null or blank");
128        }
129
130        if (StringUtils.isBlank(roleName)) {
131            throw new RiceIllegalArgumentException("roleName was null or blank");
132        }
133
134        if (qualification == null) {
135            throw new RiceIllegalArgumentException("qualification was null or blank");
136        }
137
138        if ( !isDerivedRoleType() ) {
139                        throw new UnsupportedOperationException( this.getClass().getName() + " is not an application role." );
140                }
141                // if principal ID given, check if it is in the list generated from the getPrincipalIdsFromApplicationRole method
142                if ( StringUtils.isNotBlank( principalId ) ) {
143                    List<RoleMembership> members = getRoleMembersFromDerivedRole(namespaceCode, roleName, qualification);
144                    for ( RoleMembership rm : members ) {
145                        if ( StringUtils.isBlank( rm.getMemberId() ) ) {
146                                continue;
147                        }
148                        if ( MemberType.PRINCIPAL.equals(rm.getType()) ) {
149                            if ( rm.getMemberId().equals( principalId ) ) {
150                                return true;
151                            }
152                        } else { // groups
153                            if ( groupIds != null 
154                                    && groupIds.contains(rm.getMemberId())) {
155                                return true;
156                            }
157                        }
158                        }
159                }
160                return false;
161        }
162        
163        /**
164         * Default to not being a derived role type.  Always returns false.
165         * 
166         * @see org.kuali.rice.kim.framework.role.RoleTypeService#isDerivedRoleType()
167         */
168    @Override
169        public boolean isDerivedRoleType() {
170                return false;
171        }
172                
173        /**
174         * This base implementation simply returns the passed in Attributes.
175         * 
176         * @see org.kuali.rice.kim.framework.role.RoleTypeService#convertQualificationForMemberRoles(String, String, String, String, Map<String, String>)
177         */
178    @Override
179        public Map<String, String> convertQualificationForMemberRoles(String namespaceCode, String roleName, String memberRoleNamespaceCode, String memberRoleName, Map<String, String> qualification) {
180        if (StringUtils.isBlank(namespaceCode)) {
181            throw new RiceIllegalArgumentException("namespaceCode was null or blank");
182        }
183
184        if (StringUtils.isBlank(roleName)) {
185            throw new RiceIllegalArgumentException("roleName was null or blank");
186        }
187
188        if (StringUtils.isBlank(memberRoleNamespaceCode)) {
189            throw new RiceIllegalArgumentException("memberRoleNamespaceCode was null or blank");
190        }
191
192        if (StringUtils.isBlank(memberRoleName)) {
193            throw new RiceIllegalArgumentException("memberRoleName was null or blank");
194        }
195
196        if (qualification == null) {
197            throw new RiceIllegalArgumentException("qualification was null");
198        }
199
200        return Collections.unmodifiableMap(new HashMap<String, String>(qualification));
201        }
202
203    @Override
204    public Map<String, String> convertQualificationForMemberRolesAndMemberAttributes(
205            @WebParam(name = "namespaceCode") String namespaceCode, @WebParam(name = "roleName") String roleName,
206            @WebParam(name = "memberRoleNamespaceCode") String memberRoleNamespaceCode,
207            @WebParam(name = "memberRoleName") String memberRoleName, @WebParam(name = "qualification") @XmlJavaTypeAdapter(
208            value = MapStringStringAdapter.class) Map<String, String> qualification, @WebParam(name = "memberQualification") @XmlJavaTypeAdapter(
209            value = MapStringStringAdapter.class) Map<String, String> memberQualification) throws RiceIllegalArgumentException {
210
211        if (memberQualification == null) {
212            throw new RiceIllegalArgumentException("memberQualification was null");
213        }
214
215        return convertQualificationForMemberRoles(namespaceCode, roleName, memberRoleNamespaceCode, memberRoleName, qualification);
216    }
217
218    /**
219         * Performs a simple check that the qualifier on the delegation matches the qualification.
220         * Extra qualification attributes are ignored.
221         *
222         */
223    @Override
224        public boolean doesDelegationQualifierMatchQualification(Map<String, String> qualification, Map<String, String> roleQualifier) {
225                if (qualification == null) {
226            throw new RiceIllegalArgumentException("qualification was null or blank");
227        }
228
229        if (roleQualifier == null) {
230            throw new RiceIllegalArgumentException("roleQualifier was null or blank");
231        }
232
233        Map<String, String> translatedQualification = translateInputAttributes(qualification);
234                validateRequiredAttributesAgainstReceived(translatedQualification);
235                return performMatch(translatedQualification, roleQualifier);
236        }
237
238        /**
239         * Returns false as a default
240         * 
241         * @see org.kuali.rice.kim.framework.role.RoleTypeService#dynamicRoleMembership(java.lang.String, java.lang.String)
242         */
243    @Override
244        public boolean dynamicRoleMembership(String namespaceCode, String roleName) {
245                if (StringUtils.isBlank(namespaceCode)) {
246            throw new RiceIllegalArgumentException("namespaceCode was null or blank");
247        }
248
249        if (StringUtils.isBlank(roleName)) {
250            throw new RiceIllegalArgumentException("roleName was null or blank");
251        }
252
253        return false;
254        }
255
256    @Override
257        public List<String> getQualifiersForExactMatch() {    
258                return Collections.emptyList();
259        }
260
261    /**
262     * Base implementation: no sorting.  Just returns the input list.
263     */
264        @Override
265        public List<RoleMembership> sortRoleMembers(List<RoleMembership> roleMembers)
266                        throws RiceIllegalArgumentException {
267                return roleMembers;
268        }
269
270    @Override
271    public boolean shouldValidateQualifiersForMemberType(MemberType memberType) {
272        return false;
273    }
274}