Source code

001/**
002 * Copyright 2005-2018 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package org.kuali.rice.kns.kim.role;
017
018import org.apache.commons.lang.StringUtils;
019import org.kuali.rice.core.api.exception.RiceIllegalArgumentException;
020import org.kuali.rice.core.api.membership.MemberType;
021import org.kuali.rice.core.api.util.jaxb.MapStringStringAdapter;
022import org.kuali.rice.kim.api.role.Role;
023import org.kuali.rice.kim.api.role.RoleMember;
024import org.kuali.rice.kim.api.role.RoleMembership;
025import org.kuali.rice.kim.framework.common.delegate.DelegationTypeService;
026import org.kuali.rice.kim.framework.role.RoleTypeService;
027import org.kuali.rice.kns.kim.type.DataDictionaryTypeServiceBase;
028
029import javax.jws.WebParam;
030import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
031import java.util.ArrayList;
032import java.util.Collections;
033import java.util.HashMap;
034import java.util.List;
035import java.util.Map;
036
037/**
038 * @deprecated A krad integrated type service base class will be provided in the future.
039 */
040@Deprecated
041public class RoleTypeServiceBase extends DataDictionaryTypeServiceBase implements RoleTypeService, DelegationTypeService {
042        
043        /**
044         * Performs a simple check that the qualifier on the role matches the qualification.
045         * Extra qualification attributes are ignored.
046         */
047    @Override
048        public boolean doesRoleQualifierMatchQualification(Map<String, String> qualification, Map<String, String> roleQualifier) {
049                if (qualification == null) {
050            throw new RiceIllegalArgumentException("qualification was null or blank");
051        }
052
053        if (roleQualifier == null) {
054            throw new RiceIllegalArgumentException("roleQualifier was null or blank");
055        }
056
057        Map<String, String> translatedQualification = translateInputAttributes(qualification);
058                validateRequiredAttributesAgainstReceived(translatedQualification);
059                return performMatch(translatedQualification, roleQualifier);
060        }
061        
062    @Override
063        public List<RoleMembership> getMatchingRoleMemberships(Map<String, String> qualification,
064            List<RoleMembership> roleMemberList) {
065                if (qualification == null) {
066            throw new RiceIllegalArgumentException("qualification was null or blank");
067        }
068
069        if (roleMemberList == null) {
070            throw new RiceIllegalArgumentException("roleMemberList was null or blank");
071        }
072
073        Map<String, String> translatedQualification = translateInputAttributes(qualification);
074                validateRequiredAttributesAgainstReceived(translatedQualification);
075                List<RoleMembership> matchingMemberships = new ArrayList<RoleMembership>();
076                for ( RoleMembership roleMembership : roleMemberList ) {
077                        if ( performMatch( translatedQualification, roleMembership.getQualifier() ) ) {
078                                matchingMemberships.add( roleMembership );
079                        }
080                }
081                return Collections.unmodifiableList(matchingMemberships);
082        }
083
084        /**
085         * Return an empty list since this method should not be called by the role service for this service type.
086         * Subclasses which are application role types should override this method.
087         *
088         */
089    @Override
090        public List<RoleMembership> getRoleMembersFromDerivedRole(String namespaceCode, String roleName, Map<String, String> qualification) {
091
092        if (StringUtils.isBlank(namespaceCode)) {
093            throw new RiceIllegalArgumentException("namespaceCode was null or blank");
094        }
095
096        if (StringUtils.isBlank(roleName)) {
097            throw new RiceIllegalArgumentException("roleName was null or blank");
098        }
099
100        if (qualification == null) {
101            throw new RiceIllegalArgumentException("qualification was null or blank");
102        }
103
104        validateRequiredAttributesAgainstReceived(qualification);
105                if ( !isDerivedRoleType() ) {
106                        throw new UnsupportedOperationException( this.getClass().getName() + " is not an application role." );
107                } else {
108                        throw new UnsupportedOperationException( this.getClass().getName() + " is an application role type but has not overridden this method." );
109                }
110        }
111
112        /**
113         * This simple initial implementation just calls  
114         * {@link #getRoleMembersFromApplicationRole(String, String, Map<String, String>)} and checks the results.
115         *
116         */
117    @Override
118        public boolean hasDerivedRole(String principalId, List<String> groupIds, String namespaceCode, String roleName, Map<String, String> qualification) {
119            if (StringUtils.isBlank(principalId)) {
120            throw new RiceIllegalArgumentException("principalId was null or blank");
121        }
122
123        if (groupIds == null) {
124            throw new RiceIllegalArgumentException("groupIds was null or blank");
125        }
126
127        if (StringUtils.isBlank(namespaceCode)) {
128            throw new RiceIllegalArgumentException("namespaceCode was null or blank");
129        }
130
131        if (StringUtils.isBlank(roleName)) {
132            throw new RiceIllegalArgumentException("roleName was null or blank");
133        }
134
135        if (qualification == null) {
136            throw new RiceIllegalArgumentException("qualification was null or blank");
137        }
138
139        if ( !isDerivedRoleType() ) {
140                        throw new UnsupportedOperationException( this.getClass().getName() + " is not an application role." );
141                }
142                // if principal ID given, check if it is in the list generated from the getPrincipalIdsFromApplicationRole method
143                if ( StringUtils.isNotBlank( principalId ) ) {
144                    List<RoleMembership> members = getRoleMembersFromDerivedRole(namespaceCode, roleName, qualification);
145                    for ( RoleMembership rm : members ) {
146                        if ( StringUtils.isBlank( rm.getMemberId() ) ) {
147                                continue;
148                        }
149                        if ( MemberType.PRINCIPAL.equals(rm.getType()) ) {
150                            if ( rm.getMemberId().equals( principalId ) ) {
151                                return true;
152                            }
153                        } else { // groups
154                            if ( groupIds != null 
155                                    && groupIds.contains(rm.getMemberId())) {
156                                return true;
157                            }
158                        }
159                        }
160                }
161                return false;
162        }
163        
164        /**
165         * Default to not being a derived role type.  Always returns false.
166         * 
167         * @see org.kuali.rice.kim.framework.role.RoleTypeService#isDerivedRoleType()
168         */
169    @Override
170        public boolean isDerivedRoleType() {
171                return false;
172        }
173                
174        /**
175         * This base implementation simply returns the passed in Attributes.
176         * 
177         * @see org.kuali.rice.kim.framework.role.RoleTypeService#convertQualificationForMemberRoles(String, String, String, String, Map<String, String>)
178         */
179    @Override
180        public Map<String, String> convertQualificationForMemberRoles(String namespaceCode, String roleName, String memberRoleNamespaceCode, String memberRoleName, Map<String, String> qualification) {
181        if (StringUtils.isBlank(namespaceCode)) {
182            throw new RiceIllegalArgumentException("namespaceCode was null or blank");
183        }
184
185        if (StringUtils.isBlank(roleName)) {
186            throw new RiceIllegalArgumentException("roleName was null or blank");
187        }
188
189        if (StringUtils.isBlank(memberRoleNamespaceCode)) {
190            throw new RiceIllegalArgumentException("memberRoleNamespaceCode was null or blank");
191        }
192
193        if (StringUtils.isBlank(memberRoleName)) {
194            throw new RiceIllegalArgumentException("memberRoleName was null or blank");
195        }
196
197        if (qualification == null) {
198            throw new RiceIllegalArgumentException("qualification was null");
199        }
200
201        return Collections.unmodifiableMap(new HashMap<String, String>(qualification));
202        }
203
204    @Override
205    public Map<String, String> convertQualificationForMemberRolesAndMemberAttributes(
206            @WebParam(name = "namespaceCode") String namespaceCode, @WebParam(name = "roleName") String roleName,
207            @WebParam(name = "memberRoleNamespaceCode") String memberRoleNamespaceCode,
208            @WebParam(name = "memberRoleName") String memberRoleName, @WebParam(name = "qualification") @XmlJavaTypeAdapter(
209            value = MapStringStringAdapter.class) Map<String, String> qualification, @WebParam(name = "memberQualification") @XmlJavaTypeAdapter(
210            value = MapStringStringAdapter.class) Map<String, String> memberQualification) throws RiceIllegalArgumentException {
211
212        if (memberQualification == null) {
213            throw new RiceIllegalArgumentException("memberQualification was null");
214        }
215
216        return convertQualificationForMemberRoles(namespaceCode, roleName, memberRoleNamespaceCode, memberRoleName, qualification);
217    }
218
219    /**
220         * Performs a simple check that the qualifier on the delegation matches the qualification.
221         * Extra qualification attributes are ignored.
222         *
223         */
224    @Override
225        public boolean doesDelegationQualifierMatchQualification(Map<String, String> qualification, Map<String, String> roleQualifier) {
226                if (qualification == null) {
227            throw new RiceIllegalArgumentException("qualification was null or blank");
228        }
229
230        if (roleQualifier == null) {
231            throw new RiceIllegalArgumentException("roleQualifier was null or blank");
232        }
233
234        Map<String, String> translatedQualification = translateInputAttributes(qualification);
235                validateRequiredAttributesAgainstReceived(translatedQualification);
236                return performMatch(translatedQualification, roleQualifier);
237        }
238
239        /**
240         * Returns false as a default
241         * 
242         * @see org.kuali.rice.kim.framework.role.RoleTypeService#dynamicRoleMembership(java.lang.String, java.lang.String)
243         */
244    @Override
245        public boolean dynamicRoleMembership(String namespaceCode, String roleName) {
246                if (StringUtils.isBlank(namespaceCode)) {
247            throw new RiceIllegalArgumentException("namespaceCode was null or blank");
248        }
249
250        if (StringUtils.isBlank(roleName)) {
251            throw new RiceIllegalArgumentException("roleName was null or blank");
252        }
253
254        return false;
255        }
256
257    @Override
258        public List<String> getQualifiersForExactMatch() {    
259                return Collections.emptyList();
260        }
261
262    /**
263     * Base implementation: no sorting.  Just returns the input list.
264     */
265        @Override
266        public List<RoleMembership> sortRoleMembers(List<RoleMembership> roleMembers)
267                        throws RiceIllegalArgumentException {
268                return roleMembers;
269        }
270
271    @Override
272    public boolean shouldValidateQualifiersForMemberType(MemberType memberType) {
273        return false;
274    }
275
276    @Override
277    public void roleMemberRemoved(RoleMember member) {
278        // Default implementation does nothing when a member is removed from a role
279    }
280}