Add method to get user memberships. Allow the owner of the group to make updates
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/52dc070d Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/52dc070d Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/52dc070d Branch: refs/heads/develop Commit: 52dc070d7acc3d0d5cb8d80416884bacb5f0d04d Parents: 35466d4 Author: Vivek Sachdeva <[email protected]> Authored: Sun Jul 10 13:55:22 2016 -0700 Committer: Vivek Sachdeva <[email protected]> Committed: Sun Jul 10 13:55:22 2016 -0700 ---------------------------------------------------------------------- .../apache/airavata/grouper/group/Group.java | 69 ++-- .../airavata/grouper/group/GroupService.java | 37 +- .../grouper/group/GroupServiceImpl.java | 340 ++++++++++++++----- .../grouper/resource/ResourceServiceImpl.java | 116 +++---- .../airavata/grouper/role/RoleServiceImpl.java | 28 +- 5 files changed, 393 insertions(+), 197 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/52dc070d/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/Group.java ---------------------------------------------------------------------- diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/Group.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/Group.java index fdb64b4..769ecea 100755 --- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/Group.java +++ b/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/Group.java @@ -1,5 +1,5 @@ /** - * + * */ package org.apache.airavata.grouper.group; @@ -11,15 +11,26 @@ import java.util.List; * */ public class Group { - + private String id; - + private String name; - + + private String ownerId; + private String description; - - private List<String> users = new ArrayList<String>(); - + + private List<String> members = new ArrayList<String>(); + + public Group(String id, String ownerId) { + if (id == null || ownerId == null) { + throw new IllegalArgumentException("id or ownerId is null"); + } + this.id = id; + this.ownerId = ownerId; + } + + /** * @return the id */ @@ -27,15 +38,6 @@ public class Group { return id; } - - /** - * @param id the id to set - */ - public void setId(String id) { - this.id = id; - } - - /** * @return the name */ @@ -43,7 +45,7 @@ public class Group { return name; } - + /** * @param name the name to set */ @@ -51,7 +53,15 @@ public class Group { this.name = name; } - + + /** + * @return the ownerId + */ + public String getOwnerId() { + return ownerId; + } + + /** * @return the description */ @@ -59,7 +69,7 @@ public class Group { return description; } - + /** * @param description the description to set */ @@ -67,28 +77,25 @@ public class Group { this.description = description; } - /** - * @return the users + * @return the members */ - public List<String> getUsers() { - return users; + public List<String> getMembers() { + return members; } /** - * @param users the users to set + * @param members the members to set */ - public void setUsers(List<String> users) { - this.users = users; + public void setMembers(List<String> members) { + this.members = members; } - /** - * @see Object#toString() - */ @Override public String toString() { - return "Group [id=" + id + ", name=" + name + ", description=" + description + "]"; + return "Group [id=" + id + ", name=" + name + ", ownerId=" + ownerId + + ", description=" + description + "]"; } - + } http://git-wip-us.apache.org/repos/asf/airavata/blob/52dc070d/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupService.java ---------------------------------------------------------------------- diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupService.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupService.java index b80b1a1..cb4cccd 100755 --- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupService.java +++ b/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupService.java @@ -1,24 +1,39 @@ /** - * + * */ package org.apache.airavata.grouper.group; +import java.util.List; + +import edu.internet2.middleware.grouper.exception.GroupAddAlreadyExistsException; import edu.internet2.middleware.grouper.exception.GroupNotFoundException; +import edu.internet2.middleware.grouper.exception.InsufficientPrivilegeException; +import edu.internet2.middleware.subject.SubjectNotFoundException; /** * @author vsachdeva * */ public interface GroupService { - - public void createOrUpdateGroup(Group group); - - public void deleteGroup(String groupId) throws GroupNotFoundException; - - public Group getGroup(String groupId) throws GroupNotFoundException; - - public void addGroupToGroup(String parentGroupId, String childGroupId) throws GroupNotFoundException; - - public void removeGroupFromGroup(String parentGroupId, String childGroupId) throws GroupNotFoundException; + + void createGroup(Group group) throws SubjectNotFoundException, GroupAddAlreadyExistsException; + + void updateGroup(Group group) throws GroupNotFoundException, SubjectNotFoundException, InsufficientPrivilegeException; + + void deleteGroup(String groupId, String ownerId) throws GroupNotFoundException, SubjectNotFoundException, InsufficientPrivilegeException; + + Group getGroup(String groupId) throws GroupNotFoundException; + + void addGroupToGroup(String parentGroupId, String childGroupId, String ownerId) throws GroupNotFoundException, SubjectNotFoundException, InsufficientPrivilegeException; + + void removeGroupFromGroup(String parentGroupId, String childGroupId, String ownerId) throws GroupNotFoundException, SubjectNotFoundException, InsufficientPrivilegeException; + + void addUserToGroup(String userId, String groupId, String ownerId) throws SubjectNotFoundException, GroupNotFoundException, InsufficientPrivilegeException; + + void removeUserFromGroup(String userId, String groupId, String ownerId) throws SubjectNotFoundException, GroupNotFoundException, InsufficientPrivilegeException; + + List<GroupMembership> getAllMembersForGroup(String groupId) throws GroupNotFoundException; + + List<GroupMembership> getAllMembershipsForUser(String userId) throws SubjectNotFoundException; } http://git-wip-us.apache.org/repos/asf/airavata/blob/52dc070d/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupServiceImpl.java ---------------------------------------------------------------------- diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupServiceImpl.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupServiceImpl.java index b63f401..114bed9 100755 --- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupServiceImpl.java +++ b/modules/group-manager/src/main/java/org/apache/airavata/grouper/group/GroupServiceImpl.java @@ -1,80 +1,154 @@ /** - * + * */ package org.apache.airavata.grouper.group; -import edu.internet2.middleware.grouper.*; +import static edu.internet2.middleware.subject.provider.SubjectTypeEnum.PERSON; +import static org.apache.airavata.grouper.AiravataGrouperUtil.COLON; +import static org.apache.airavata.grouper.AiravataGrouperUtil.GROUPS_STEM_NAME; +import static org.apache.airavata.grouper.AiravataGrouperUtil.SUBJECT_SOURCE; +import static org.apache.airavata.grouper.group.GroupMembershipType.DIRECT; +import static org.apache.airavata.grouper.group.GroupMembershipType.INDIRECT; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + +import org.apache.airavata.grouper.SubjectType; + +import edu.internet2.middleware.grouper.GroupFinder; +import edu.internet2.middleware.grouper.GroupSave; +import edu.internet2.middleware.grouper.GrouperSession; +import edu.internet2.middleware.grouper.Member; +import edu.internet2.middleware.grouper.MemberFinder; +import edu.internet2.middleware.grouper.SubjectFinder; +import edu.internet2.middleware.grouper.exception.GroupAddAlreadyExistsException; import edu.internet2.middleware.grouper.exception.GroupNotFoundException; +import edu.internet2.middleware.grouper.exception.InsufficientPrivilegeException; import edu.internet2.middleware.grouper.group.TypeOfGroup; import edu.internet2.middleware.grouper.internal.dao.QueryOptions; +import edu.internet2.middleware.grouper.misc.SaveMode; +import edu.internet2.middleware.grouper.privs.AccessPrivilege; import edu.internet2.middleware.grouper.util.GrouperUtil; import edu.internet2.middleware.subject.Subject; import edu.internet2.middleware.subject.SubjectNotFoundException; -import org.apache.airavata.grouper.SubjectType; - -import java.util.ArrayList; -import java.util.List; - -import static edu.internet2.middleware.grouper.misc.SaveMode.INSERT_OR_UPDATE; -import static edu.internet2.middleware.subject.provider.SubjectTypeEnum.PERSON; -import static org.apache.airavata.grouper.AiravataGrouperUtil.*; -import static org.apache.airavata.grouper.group.GroupMembershipType.DIRECT; -import static org.apache.airavata.grouper.group.GroupMembershipType.INDIRECT; /** * @author vsachdeva * */ public class GroupServiceImpl implements GroupService { - - - public void createOrUpdateGroup(Group group) { - + + + public void createGroup(Group group) throws SubjectNotFoundException, GroupAddAlreadyExistsException { + GrouperSession grouperSession = null; try { grouperSession = GrouperSession.startRootSession(); + Subject subject = SubjectFinder.findByIdAndSource(group.getOwnerId(), SUBJECT_SOURCE, true); GroupSave groupSave = new GroupSave(grouperSession); groupSave.assignTypeOfGroup(TypeOfGroup.group); groupSave.assignGroupNameToEdit(GROUPS_STEM_NAME+COLON+group.getId()); groupSave.assignName(GROUPS_STEM_NAME+COLON+group.getId()); groupSave.assignDisplayExtension(group.getName()); groupSave.assignDescription(group.getDescription()); - groupSave.assignSaveMode(INSERT_OR_UPDATE); + groupSave.assignSaveMode(SaveMode.INSERT); groupSave.assignCreateParentStemsIfNotExist(true); edu.internet2.middleware.grouper.Group grp = groupSave.save(); - for (String userId: group.getUsers()) { - Subject subject = SubjectFinder.findByIdAndSource(userId, SUBJECT_SOURCE, false); - if (subject == null) { - throw new SubjectNotFoundException(userId+" airavata internal user id was not found."); - } - grp.addMember(subject, false); + grp.grantPriv(subject, AccessPrivilege.ADMIN, false); + for (String userId: group.getMembers()) { + Subject sub = SubjectFinder.findByIdAndSource(userId, SUBJECT_SOURCE, true); + grp.addMember(sub, false); } } finally { GrouperSession.stopQuietly(grouperSession); } } - - public void deleteGroup(String groupId) throws GroupNotFoundException { - + + public void updateGroup(Group group) throws GroupNotFoundException, SubjectNotFoundException, InsufficientPrivilegeException { + GrouperSession grouperSession = null; try { grouperSession = GrouperSession.startRootSession(); - edu.internet2.middleware.grouper.Group group = GroupFinder.findByName(grouperSession, GROUPS_STEM_NAME+COLON+groupId, + Subject subject = SubjectFinder.findByIdAndSource(group.getOwnerId(), SUBJECT_SOURCE, true); + + edu.internet2.middleware.grouper.Group grouperGroup = GroupFinder.findByName(grouperSession, GROUPS_STEM_NAME+COLON+group.getId(), true, new QueryOptions().secondLevelCache(false)); + + Subject admin = null; + // there will be one admin only. + if (grouperGroup.getAdmins().size() > 0) { + admin = grouperGroup.getAdmins().iterator().next(); + } + if (admin == null) { + throw new RuntimeException("There is no admin for the group "+group.getId()+". It should have never happened."); + } + if (!admin.getId().equals(subject.getId())) { + throw new InsufficientPrivilegeException("Only the owner of the group can update."); + } + GroupSave groupSave = new GroupSave(grouperSession); + groupSave.assignTypeOfGroup(TypeOfGroup.group); + groupSave.assignGroupNameToEdit(GROUPS_STEM_NAME+COLON+group.getId()); + groupSave.assignName(GROUPS_STEM_NAME+COLON+group.getId()); + groupSave.assignDisplayExtension(group.getName()); + groupSave.assignDescription(group.getDescription()); + groupSave.assignSaveMode(SaveMode.UPDATE); + groupSave.assignCreateParentStemsIfNotExist(true); + edu.internet2.middleware.grouper.Group grp = groupSave.save(); + for (Member member: grp.getMembers()) { + grp.deleteMember(member); + } + for (String userId: group.getMembers()) { + Subject sub = SubjectFinder.findByIdAndSource(userId, SUBJECT_SOURCE, true); + grp.addMember(sub, false); + } + } finally { + GrouperSession.stopQuietly(grouperSession); + } + + } + + public void deleteGroup(String groupId, String ownerId) throws GroupNotFoundException, SubjectNotFoundException, InsufficientPrivilegeException { + + GrouperSession grouperSession = null; + try { + grouperSession = GrouperSession.startRootSession(); + edu.internet2.middleware.grouper.Group group = GroupFinder.findByName(grouperSession, GROUPS_STEM_NAME+COLON+groupId, + true, new QueryOptions().secondLevelCache(false)); + Subject subject = SubjectFinder.findByIdAndSource(ownerId, SUBJECT_SOURCE, true); + Subject admin = null; + // there will be one admin only. + if (group.getAdmins().size() > 0) { + admin = group.getAdmins().iterator().next(); + } + if (admin == null) { + throw new RuntimeException("There is no admin for the group "+groupId+". It should have never happened."); + } + if (!admin.getId().equals(subject.getId())) { + throw new InsufficientPrivilegeException("Only the owner of the group can update."); + } group.delete(); } finally { GrouperSession.stopQuietly(grouperSession); } } - + public Group getGroup(String groupId) throws GroupNotFoundException { - + GrouperSession grouperSession = null; - Group group = new Group(); + Group group = null; try { grouperSession = GrouperSession.startRootSession(); edu.internet2.middleware.grouper.Group grouperGroup = GroupFinder.findByName(grouperSession, GROUPS_STEM_NAME+COLON+groupId, true); - group.setId(grouperGroup.getExtension()); + Subject admin = null; + // there will be one admin only. + if (grouperGroup.getAdmins().size() > 0) { + admin = grouperGroup.getAdmins().iterator().next(); + } + if (admin == null) { + throw new RuntimeException("There is no admin for the group "+groupId+". It should have never happened."); + } + group = new Group(grouperGroup.getExtension(), admin.getId()); group.setName(grouperGroup.getDisplayExtension()); group.setDescription(grouperGroup.getDescription()); List<String> users = new ArrayList<String>(); @@ -83,15 +157,15 @@ public class GroupServiceImpl implements GroupService { users.add(member.getSubjectId()); } } - group.setUsers(users); + group.setMembers(users); } finally { GrouperSession.stopQuietly(grouperSession); } return group; } - - public void addGroupToGroup(String parentGroupId, String childGroupId) throws GroupNotFoundException { - + + public void addGroupToGroup(String parentGroupId, String childGroupId, String ownerId) throws GroupNotFoundException, SubjectNotFoundException, InsufficientPrivilegeException { + GrouperSession grouperSession = null; try { grouperSession = GrouperSession.startRootSession(); @@ -101,14 +175,36 @@ public class GroupServiceImpl implements GroupService { if (subject == null) { throw new GroupNotFoundException(childGroupId+" was not found."); } + Subject maybeAdmin = SubjectFinder.findByIdAndSource(ownerId, SUBJECT_SOURCE, true); + Subject admin = null; + // there will be one admin only. + if (grouperParentGroup.getAdmins().size() > 0) { + admin = grouperParentGroup.getAdmins().iterator().next(); + } + if (admin == null) { + throw new RuntimeException("There is no admin for the group "+parentGroupId+". It should have never happened."); + } + if (!admin.getId().equals(maybeAdmin.getId())) { + throw new InsufficientPrivilegeException("Only the owner of the group "+parentGroupId+" can update."); + } + + if (grouperChildGroup.getAdmins().size() > 0) { + admin = grouperChildGroup.getAdmins().iterator().next(); + } + if (admin == null) { + throw new RuntimeException("There is no admin for the group "+childGroupId+". It should have never happened."); + } + if (!admin.getId().equals(maybeAdmin.getId())) { + throw new InsufficientPrivilegeException("Only the owner of the group "+childGroupId+" can update."); + } grouperParentGroup.addMember(subject, false); } finally { GrouperSession.stopQuietly(grouperSession); } } - - public void removeGroupFromGroup(String parentGroupId, String childGroupId) throws GroupNotFoundException { - + + public void removeGroupFromGroup(String parentGroupId, String childGroupId, String ownerId) throws GroupNotFoundException, SubjectNotFoundException, InsufficientPrivilegeException { + GrouperSession grouperSession = null; try { grouperSession = GrouperSession.startRootSession(); @@ -118,37 +214,87 @@ public class GroupServiceImpl implements GroupService { if (subject == null) { throw new SubjectNotFoundException(childGroupId+" was not found."); } + + Subject maybeAdmin = SubjectFinder.findByIdAndSource(ownerId, SUBJECT_SOURCE, true); + Subject admin = null; + // there will be one admin only. + if (grouperParentGroup.getAdmins().size() > 0) { + admin = grouperParentGroup.getAdmins().iterator().next(); + } + if (admin == null) { + throw new RuntimeException("There is no admin for the group "+parentGroupId+". It should have never happened."); + } + if (!admin.getId().equals(maybeAdmin.getId())) { + throw new InsufficientPrivilegeException("Only the owner of the group "+parentGroupId+" can update."); + } + + if (grouperChildGroup.getAdmins().size() > 0) { + admin = grouperChildGroup.getAdmins().iterator().next(); + } + if (admin == null) { + throw new RuntimeException("There is no admin for the group "+childGroupId+". It should have never happened."); + } + if (!admin.getId().equals(maybeAdmin.getId())) { + throw new InsufficientPrivilegeException("Only the owner of the group "+childGroupId+" can update."); + } grouperParentGroup.deleteMember(subject, false); } finally { GrouperSession.stopQuietly(grouperSession); } } - - public void addUserToGroup(String userId, String groupId) throws SubjectNotFoundException, GroupNotFoundException { + + public void addUserToGroup(String userId, String groupId, String ownerId) throws SubjectNotFoundException, GroupNotFoundException, InsufficientPrivilegeException { GrouperSession grouperSession = null; try { grouperSession = GrouperSession.startRootSession(); edu.internet2.middleware.grouper.Group group = GroupFinder.findByName(grouperSession, GROUPS_STEM_NAME+COLON+groupId, true); Subject subject = SubjectFinder.findByIdAndSource(userId, SUBJECT_SOURCE, true); + + Subject maybeAdmin = SubjectFinder.findByIdAndSource(ownerId, SUBJECT_SOURCE, true); + Subject admin = null; + // there will be one admin only. + if (group.getAdmins().size() > 0) { + admin = group.getAdmins().iterator().next(); + } + if (admin == null) { + throw new RuntimeException("There is no admin for the group "+groupId+". It should have never happened."); + } + if (!admin.getId().equals(maybeAdmin.getId())) { + throw new InsufficientPrivilegeException("Only the owner of the group can update."); + } group.addMember(subject, false); } finally { GrouperSession.stopQuietly(grouperSession); } } - - public void removeUserFromGroup(String userId, String groupId) throws SubjectNotFoundException, GroupNotFoundException { + + public void removeUserFromGroup(String userId, String groupId, String ownerId) throws SubjectNotFoundException, GroupNotFoundException, InsufficientPrivilegeException { GrouperSession grouperSession = null; try { grouperSession = GrouperSession.startRootSession(); edu.internet2.middleware.grouper.Group group = GroupFinder.findByName(grouperSession, GROUPS_STEM_NAME+COLON+groupId, true); Subject subject = SubjectFinder.findByIdAndSource(userId, SUBJECT_SOURCE, true); + + Subject maybeAdmin = SubjectFinder.findByIdAndSource(ownerId, SUBJECT_SOURCE, true); + Subject admin = null; + // there will be one admin only. + if (group.getAdmins().size() > 0) { + admin = group.getAdmins().iterator().next(); + } + if (admin == null) { + throw new RuntimeException("There is no admin for the group "+groupId+". It should have never happened."); + } + if (!admin.getId().equals(maybeAdmin.getId())) { + throw new InsufficientPrivilegeException("Only the owner of the group can update."); + } + group.deleteMember(subject, false); } finally { GrouperSession.stopQuietly(grouperSession); } } - - public List<GroupMembership> getAllMembersForTheGroup(String groupId) throws GroupNotFoundException { + + public List<GroupMembership> getAllMembersForGroup(String groupId) throws GroupNotFoundException { List<GroupMembership> groupMemberships = new ArrayList<GroupMembership>(); GrouperSession grouperSession = null; try { @@ -175,54 +321,92 @@ public class GroupServiceImpl implements GroupService { } return groupMemberships; } - + + public List<GroupMembership> getAllMembershipsForUser(String userId) throws SubjectNotFoundException { + List<GroupMembership> groupMemberships = new ArrayList<GroupMembership>(); + GrouperSession grouperSession = null; + try { + grouperSession = GrouperSession.startRootSession(); + Subject subject = SubjectFinder.findByIdAndSource(userId, SUBJECT_SOURCE, true); + Member member = MemberFinder.findBySubject(grouperSession, subject, false); + if (member != null) { + for (edu.internet2.middleware.grouper.Group group : member.getImmediateGroups()) { + GroupMembership groupMembership = new GroupMembership(); + groupMembership.setGroupId(group.getExtension()); + groupMembership.setGroupMembershipType(DIRECT); + groupMembership.setMemberId(userId); + groupMembership.setMemberType(SubjectType.PERSON); + groupMemberships.add(groupMembership); + } + for (edu.internet2.middleware.grouper.Group group : member.getNonImmediateGroups()) { + GroupMembership groupMembership = new GroupMembership(); + groupMembership.setGroupId(group.getExtension()); + groupMembership.setGroupMembershipType(INDIRECT); + groupMembership.setMemberId(userId); + groupMembership.setMemberType(SubjectType.PERSON); + groupMemberships.add(groupMembership); + } + } + } finally { + GrouperSession.stopQuietly(grouperSession); + } + return groupMemberships; + } + public static void main(String[] args) { - - GroupServiceImpl groupServiceImpl = new GroupServiceImpl(); - + + GroupService groupService = new GroupServiceImpl(); + // create a test group - Group parentGroup = new Group(); - parentGroup.setId("airavata parent group id"); + Group parentGroup = new Group("airavata parent group id", "airavata_id_1"); parentGroup.setName("airavata parent group name"); parentGroup.setDescription("airavata parent group description"); - groupServiceImpl.createOrUpdateGroup(parentGroup); - + parentGroup.setMembers(Arrays.asList("airavata_id_2", "airavata_id_3")); + groupService.createGroup(parentGroup); + // update the same group - Group updateGroup = new Group(); - updateGroup.setId("airavata parent group id"); + Group updateGroup = new Group("airavata parent group id", "airavata_id_1"); updateGroup.setName("airavata parent group name updated"); updateGroup.setDescription("airavata parent group description updated"); - groupServiceImpl.createOrUpdateGroup(updateGroup); - + updateGroup.setMembers(Arrays.asList("airavata_id_4", "airavata_id_5")); + groupService.updateGroup(updateGroup); + // create another group - Group childGroup = new Group(); - childGroup.setId("airavata child group id"); + Group childGroup = new Group("airavata child group id", "airavata_id_1"); childGroup.setName("airavata child group name"); childGroup.setDescription("airavata child group description"); - groupServiceImpl.createOrUpdateGroup(childGroup); - + childGroup.setMembers(Arrays.asList("airavata_id_6", "airavata_id_7")); + groupService.createGroup(childGroup); + // add child group to parent group - groupServiceImpl.addGroupToGroup("airavata parent group id", "airavata child group id"); - - // add a direct person to the group - groupServiceImpl.addUserToGroup("admin@seagrid", "airavata parent group id"); - + groupService.addGroupToGroup("airavata parent group id", "airavata child group id", "airavata_id_1"); + + // add two more direct persons to the group + groupService.addUserToGroup("airavata_id_2", "airavata parent group id", "airavata_id_1"); + groupService.addUserToGroup("airavata_id_3", "airavata parent group id", "airavata_id_1"); + // add a person to the child group which will be basically an indirect member of parent group - groupServiceImpl.addUserToGroup("scnakandala@seagrid", "airavata child group id"); - + groupService.addUserToGroup("airavata_id_8", "airavata child group id", "airavata_id_1"); + // get the parent group - groupServiceImpl.getGroup("airavata parent group id"); - + Group group = groupService.getGroup("airavata parent group id"); + System.out.println(group); + //get all the members of the group - groupServiceImpl.getAllMembersForTheGroup("airavata parent group id"); - + List<GroupMembership> allMembersForGroup = groupService.getAllMembersForGroup("airavata parent group id"); + System.out.println(allMembersForGroup); + + //get all the groups for user airavata_id_2 + List<GroupMembership> membershipsForUser = groupService.getAllMembershipsForUser("airavata_id_2"); + System.out.println(membershipsForUser); + // remove child from parent - groupServiceImpl.removeGroupFromGroup("airavata parent group id", "airavata child group id"); - - // delete the same group - groupServiceImpl.deleteGroup("airavata child group id"); - groupServiceImpl.deleteGroup("airavata parent group id"); - + groupService.removeGroupFromGroup("airavata parent group id", "airavata child group id", "airavata_id_1"); + + // delete the same group + groupService.deleteGroup("airavata child group id", "airavata_id_1"); + groupService.deleteGroup("airavata parent group id", "airavata_id_1"); + } - + } http://git-wip-us.apache.org/repos/asf/airavata/blob/52dc070d/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceServiceImpl.java ---------------------------------------------------------------------- diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceServiceImpl.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceServiceImpl.java index c3b40fe..0b0ec06 100755 --- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceServiceImpl.java +++ b/modules/group-manager/src/main/java/org/apache/airavata/grouper/resource/ResourceServiceImpl.java @@ -1,5 +1,5 @@ /** - * + * */ package org.apache.airavata.grouper.resource; @@ -37,18 +37,18 @@ import static org.apache.airavata.grouper.resource.ResourceType.*; * */ public class ResourceServiceImpl { - - + + //TODO: break this method into smaller methods public void createResource(Resource resource) throws ResourceNotFoundException { - + validateResource(resource); - + GrouperSession grouperSession = null; try { grouperSession = GrouperSession.startRootSession(); AttributeDefName parentAttributeDefName = null; - + // make sure that the parent resource exists in grouper if it is in the request if (resource.getParentResourceId() != null) { parentAttributeDefName = AttributeDefNameFinder.findByName(resource.getResourceType().getParentResoruceType() @@ -57,12 +57,12 @@ public class ResourceServiceImpl { throw new ResourceNotFoundException(resource.getParentResourceId() +" was not found."); } } - + Subject subject = SubjectFinder.findByIdAndSource(resource.getOwnerId(), SUBJECT_SOURCE, false); if (subject == null) { throw new IllegalArgumentException("Resource owner id "+resource.getOwnerId()+" could not be found."); } - + // create an attribute def if doesn't exist AttributeDef attributeDef = AttributeDefFinder.findByName(PERMISSIONS_ATTRIBUTE_DEF, false); if (attributeDef == null) { @@ -74,7 +74,7 @@ public class ResourceServiceImpl { AttributeAssignAction write = attributeDef.getAttributeDefActionDelegate().addAction(WRITE.name()); write.getAttributeAssignActionSetDelegate().addToAttributeAssignActionSet(read); } - + // create attribute def name AttributeDefNameSave attributeDefNameSave = new AttributeDefNameSave(grouperSession, attributeDef); attributeDefNameSave.assignCreateParentStemsIfNotExist(true); @@ -84,29 +84,29 @@ public class ResourceServiceImpl { attributeDefNameSave.assignDescription(resource.getDescription()); attributeDefNameSave.assignDisplayName(resource.getName()); AttributeDefName attributeDefName = attributeDefNameSave.save(); - + // set the inheritance if parent attribute def name is not null if (parentAttributeDefName != null) { parentAttributeDefName.getAttributeDefNameSetDelegate().addToAttributeDefNameSet(attributeDefName); } - + RoleServiceImpl roleService = new RoleServiceImpl(); //TODO remove the session being passed Group readRole = roleService.createRole(resource.getId()+"_"+READ.name(), grouperSession); Group writeRole = roleService.createRole(resource.getId()+"_"+WRITE.name(), grouperSession); - + readRole.getPermissionRoleDelegate().assignRolePermission(READ.name(), attributeDefName, PermissionAllowed.ALLOWED); writeRole.getPermissionRoleDelegate().assignRolePermission(WRITE.name(), attributeDefName, PermissionAllowed.ALLOWED); writeRole.getRoleInheritanceDelegate().addRoleToInheritFromThis(readRole); - + // give the write role to ownerId roleService.assignRoleToUser(resource.getOwnerId(), resource.getId()+"_"+WRITE.name(), grouperSession); - + } finally { GrouperSession.stopQuietly(grouperSession); } } - + public void deleteResource(String resourceId, ResourceType resourceType) throws ResourceNotFoundException { if (resourceId == null || resourceType == null) { throw new IllegalArgumentException("resouceId "+resourceId+" is null or resourceType"+resourceType+" is null."); @@ -134,7 +134,7 @@ public class ResourceServiceImpl { GrouperSession.stopQuietly(grouperSession); } } - + public Resource getResource(String resourceId, ResourceType resourceType) throws ResourceNotFoundException { if (resourceId == null || resourceType == null) { throw new IllegalArgumentException("resouceId "+resourceId+" is null or resourceType"+resourceType+" is null."); @@ -159,9 +159,9 @@ public class ResourceServiceImpl { } return resource; } - + /** - * + * * @param userId * @param resourceType * @param actions - write or read @@ -170,20 +170,20 @@ public class ResourceServiceImpl { * @return * @throws SubjectNotFoundException */ - public Set<Resource> getAccessibleResourcesForUser(String userId, ResourceType resourceType, + public Set<Resource> getAccessibleResourcesForUser(String userId, ResourceType resourceType, PermissionAction action, boolean pagination, Integer pageNumber, Integer pageSize) throws SubjectNotFoundException { - + if (userId == null || resourceType == null || action == null) { throw new IllegalArgumentException("Invalid input"); } if (pagination && (pageNumber < 0 || pageSize < 1)) { throw new IllegalArgumentException("Invalid pagination properties"); } - + GrouperSession grouperSession = null; try { grouperSession = GrouperSession.startRootSession(); - + PermissionFinder permissionFinder = new PermissionFinder(); permissionFinder.addPermissionDef(PERMISSIONS_ATTRIBUTE_DEF); permissionFinder.addAction(action.name()); @@ -192,7 +192,7 @@ public class ResourceServiceImpl { throw new SubjectNotFoundException("userId "+userId+" was not found."); } permissionFinder.addSubject(subject); - + Stem stem = StemFinder.findByName(grouperSession, resourceType.getStemFromResourceType(), true); permissionFinder.assignPermissionNameFolder(stem); permissionFinder.assignPermissionNameFolderScope(Scope.ONE); @@ -202,65 +202,56 @@ public class ResourceServiceImpl { permissionFinder.assignQueryOptions(queryOptions); } Set<PermissionEntry> permissions = permissionFinder.findPermissions(); - + Set<Resource> resources = new HashSet<Resource>(); for (PermissionEntry entry: permissions) { Resource resource = new Resource(entry.getAttributeDefName().getExtension(), resourceType); resource.setName(entry.getAttributeDefNameDispName()); - - //TODO: Discuss it with Suresh and Supun. It might cause some performance issues. We probably should not populate the parent id since caller will already have it. -// Set<AttributeDefName> parentAttributeDefNames = entry.getAttributeDefName().getAttributeDefNameSetDelegate().getAttributeDefNamesThatImplyThisImmediate(); -// if (parentAttributeDefNames != null && parentAttributeDefNames.size() > 0) { -// resource.setParentResourceId(parentAttributeDefNames.iterator().next().getExtension()); -// } - resources.add(resource); - } - return resources; - + } finally { GrouperSession.stopQuietly(grouperSession); } - + } - + // action can be read or write only public Set<String> getAllAccessibleUsers(String resourceId, ResourceType resourceType, PermissionAction action) { - + if (resourceId == null || resourceType == null || action == null) { throw new IllegalArgumentException("Invalid input"); } - + GrouperSession grouperSession = null; Set<String> userIds = new HashSet<String>(); try { grouperSession = GrouperSession.startRootSession(); - + PermissionFinder permissionFinder = new PermissionFinder(); permissionFinder.addPermissionDef(PERMISSIONS_ATTRIBUTE_DEF); permissionFinder.addAction(action.name()); - + Stem stem = StemFinder.findByName(grouperSession, resourceType.getStemFromResourceType(), true); permissionFinder.assignPermissionNameFolder(stem); permissionFinder.assignPermissionNameFolderScope(Scope.ONE); Set<PermissionEntry> permissions = permissionFinder.findPermissions(); - + for (PermissionEntry entry: permissions) { if (entry.getSubjectSourceId().equals(SUBJECT_SOURCE)) { userIds.add(entry.getSubjectId()); } } - + return userIds; - + } finally { GrouperSession.stopQuietly(grouperSession); } - + } - + private void validateResource(Resource resource) { if (resource.getResourceType() == null) { throw new IllegalArgumentException("Resource type is a required field"); @@ -272,17 +263,17 @@ public class ResourceServiceImpl { throw new IllegalArgumentException("Resource ownerId is a required field."); } } - + public static void main(String[] args) { ResourceServiceImpl resourceService = new ResourceServiceImpl(); - + // create a Project resource Resource projectResource = new Resource("project resource id", PROJECT); projectResource.setDescription("project resource description"); projectResource.setName("project resource name"); projectResource.setOwnerId("airavata_id_1"); resourceService.createResource(projectResource); - + // create an Experiment resource Resource experimentResource = new Resource("experiment resource id", EXPERIMENT); experimentResource.setDescription("experiment resource description"); @@ -290,7 +281,7 @@ public class ResourceServiceImpl { experimentResource.setParentResourceId("project resource id"); experimentResource.setOwnerId("airavata_id_1"); resourceService.createResource(experimentResource); - + //create another experiment resource within the same project resource Resource experimentResource1 = new Resource("experiment resource id1", ResourceType.EXPERIMENT); experimentResource1.setDescription("experiment resource description1"); @@ -298,7 +289,7 @@ public class ResourceServiceImpl { experimentResource1.setParentResourceId("project resource id"); experimentResource1.setOwnerId("airavata_id_1"); resourceService.createResource(experimentResource1); - + // create a data file resource Resource dataResource = new Resource("data resource id", ResourceType.DATA); dataResource.setDescription("data resource description"); @@ -306,41 +297,40 @@ public class ResourceServiceImpl { dataResource.setParentResourceId("experiment resource id1"); dataResource.setOwnerId("airavata_id_1"); resourceService.createResource(dataResource); - + // get the experiment resource and it should have parent set to project Resource resource = resourceService.getResource("experiment resource id1", EXPERIMENT); System.out.println(resource); - + Set<Resource> accessibleResourcesForUser = resourceService.getAccessibleResourcesForUser("airavata_id_1", EXPERIMENT, WRITE, true, 1, 2); System.out.println("accessible resources on page 1 are "+accessibleResourcesForUser.size()); - - + + //share the experiment with airavata_id_2 PermissionServiceImpl permissionService = new PermissionServiceImpl(); permissionService.grantPermission("airavata_id_2", SubjectType.PERSON, "experiment resource id1", EXPERIMENT, WRITE); - + // create a group of users GroupServiceImpl groupService = new GroupServiceImpl(); - org.apache.airavata.grouper.group.Group group = new org.apache.airavata.grouper.group.Group(); - group.setId("airavata test group id"); + org.apache.airavata.grouper.group.Group group = new org.apache.airavata.grouper.group.Group("airavata test group id", "airavata_id_1"); group.setName("airavata test group name"); group.setDescription("airavata test group description"); List<String> members = new ArrayList<String>(); members.add("airavata_id_3"); members.add("airavata_id_4"); - group.setUsers(members); - groupService.createOrUpdateGroup(group); - + group.setMembers(members); + groupService.createGroup(group); + // now share the same experiment with this group as well permissionService.grantPermission("airavata test group id", SubjectType.GROUP, "experiment resource id1", EXPERIMENT, READ); - + accessibleResourcesForUser = resourceService.getAccessibleResourcesForUser("airavata_id_3", EXPERIMENT, READ, true, 1, 2); System.out.println("accessible resources on page 1 are "+accessibleResourcesForUser.size()); - + // get all resources, or no pagination accessibleResourcesForUser = resourceService.getAccessibleResourcesForUser("airavata_id_1", EXPERIMENT, READ, false, 1, 2); System.out.println("accessible resources without pagination are "+accessibleResourcesForUser.size()); - + Set<String> allAccessibleUsers = resourceService.getAllAccessibleUsers("experiment resource id1", EXPERIMENT, READ); System.out.println("users who have read access on experiment resource id1 are "+allAccessibleUsers); http://git-wip-us.apache.org/repos/asf/airavata/blob/52dc070d/modules/group-manager/src/main/java/org/apache/airavata/grouper/role/RoleServiceImpl.java ---------------------------------------------------------------------- diff --git a/modules/group-manager/src/main/java/org/apache/airavata/grouper/role/RoleServiceImpl.java b/modules/group-manager/src/main/java/org/apache/airavata/grouper/role/RoleServiceImpl.java index 1a49634..558d68c 100755 --- a/modules/group-manager/src/main/java/org/apache/airavata/grouper/role/RoleServiceImpl.java +++ b/modules/group-manager/src/main/java/org/apache/airavata/grouper/role/RoleServiceImpl.java @@ -1,5 +1,5 @@ /** - * + * */ package org.apache.airavata.grouper.role; @@ -17,10 +17,10 @@ import static org.apache.airavata.grouper.AiravataGrouperUtil.*; * */ public class RoleServiceImpl { - - + + public Group createRole(String roleId, GrouperSession session) { - + GrouperSession grouperSession = null; Group role = null; try { @@ -41,7 +41,7 @@ public class RoleServiceImpl { } return role; } - + public void deleteRole(String roleId, GrouperSession session) { GrouperSession grouperSession = null; try { @@ -56,9 +56,9 @@ public class RoleServiceImpl { } } } - + public void assignRoleToUser(String userId, String roleId, GrouperSession session) throws GroupNotFoundException, SubjectNotFoundException { - + GrouperSession grouperSession = null; try { grouperSession = session != null? session : GrouperSession.startRootSession(); @@ -66,7 +66,7 @@ public class RoleServiceImpl { if (role == null) { throw new GroupNotFoundException("Role "+roleId+" was not found."); } - Subject subject = SubjectFinder.findByIdAndSource(userId, SUBJECT_SOURCE, false); + Subject subject = SubjectFinder.findById(userId, false); if (subject == null) { throw new SubjectNotFoundException("userId "+userId+" was not found."); } @@ -76,9 +76,9 @@ public class RoleServiceImpl { GrouperSession.stopQuietly(grouperSession); } } - + } - + public void removeRoleFromUser(String userId, String roleId, GrouperSession session) throws GroupNotFoundException, SubjectNotFoundException { GrouperSession grouperSession = null; try { @@ -98,14 +98,14 @@ public class RoleServiceImpl { } } } - + public static void main(String[] args) { RoleServiceImpl roleServiceImpl = new RoleServiceImpl(); - + roleServiceImpl.createRole("test_role", null); - + roleServiceImpl.assignRoleToUser("test.subject.3", "test_role", null); - + //roleServiceImpl.deleteRole("test_role", null); }
