Java tutorial
/* Copyright (C) since 2006 NTT DATA Corporation This program is free software; you can redistribute it and/or Modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 2. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. */ package com.clustercontrol.accesscontrol.factory; import java.util.ArrayList; import java.util.List; import javax.persistence.EntityExistsException; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import com.clustercontrol.accesscontrol.bean.PrivilegeConstant.ObjectPrivilegeMode; import com.clustercontrol.accesscontrol.bean.PrivilegeConstant.SystemPrivilegeMode; import com.clustercontrol.accesscontrol.bean.FunctionConstant; import com.clustercontrol.accesscontrol.bean.RoleIdConstant; import com.clustercontrol.accesscontrol.bean.RoleTypeConstant; import com.clustercontrol.accesscontrol.bean.UserTypeConstant; import com.clustercontrol.accesscontrol.model.ObjectPrivilegeInfoPK; import com.clustercontrol.accesscontrol.model.ObjectPrivilegeInfo; import com.clustercontrol.accesscontrol.model.ObjectPrivilegeTargetInfo; import com.clustercontrol.accesscontrol.model.RoleInfo; import com.clustercontrol.accesscontrol.model.SystemPrivilegeInfo; import com.clustercontrol.accesscontrol.model.SystemPrivilegeInfoPK; import com.clustercontrol.accesscontrol.model.UserInfo; import com.clustercontrol.accesscontrol.util.ObjectPrivilegeUtil; import com.clustercontrol.accesscontrol.util.QueryUtil; import com.clustercontrol.bean.HinemosModuleConstant; import com.clustercontrol.calendar.model.CalendarInfo; import com.clustercontrol.commons.util.HinemosEntityManager; import com.clustercontrol.commons.util.JpaTransactionManager; import com.clustercontrol.fault.HinemosUnknown; import com.clustercontrol.fault.PrivilegeDuplicate; import com.clustercontrol.fault.PrivilegeNotFound; import com.clustercontrol.fault.RoleDuplicate; import com.clustercontrol.fault.RoleNotFound; import com.clustercontrol.fault.UnEditableRole; import com.clustercontrol.fault.UsedObjectPrivilege; import com.clustercontrol.fault.UsedRole; import com.clustercontrol.fault.UserNotFound; import com.clustercontrol.jobmanagement.model.JobKickEntity; import com.clustercontrol.jobmanagement.model.JobMstEntity; import com.clustercontrol.monitor.run.model.MonitorInfo; import com.clustercontrol.notify.model.NotifyInfo; import com.clustercontrol.util.HinemosTime; /** * ?<BR> * * @version 1.0.0 * @since 3.2.0 */ public class RoleModifier { /** ? */ private static Log m_log = LogFactory.getLog(RoleModifier.class); /** * ??<BR> * * @param roleInfo ?? * @param modifyUserId ID * @param isNew true:??false: * @throws RoleDuplicate * @throws RoleNotFound * @throws UnEditableRole * @throws HinemosUnknown */ public static void modifyRoleInfo(RoleInfo roleInfo, String modifyUserId, boolean isNew) throws RoleDuplicate, RoleNotFound, UnEditableRole, HinemosUnknown { if (roleInfo == null || modifyUserId == null || modifyUserId.compareTo("") == 0) { return; } m_log.debug("modifyRoleInfo() start (roleId = " + roleInfo.getRoleId() + ", modifyUserId = " + modifyUserId + ", isNew = " + isNew + ")"); try { long currentTimeMillis = HinemosTime.currentTimeMillis(); JpaTransactionManager jtm = new JpaTransactionManager(); if (isNew) { // ? // ?? jtm.checkEntityExists(RoleInfo.class, roleInfo.getRoleId()); // roleInfo.setCreateUserId(modifyUserId); roleInfo.setCreateDate(currentTimeMillis); // ????? SystemPrivilegeInfo systemPrivilegeInfo = QueryUtil.getSystemPrivilegePK( new SystemPrivilegeInfoPK(FunctionConstant.REPOSITORY, SystemPrivilegeMode.READ.name())); roleInfo.setSystemPrivilegeList(new ArrayList<SystemPrivilegeInfo>()); roleInfo.getSystemPrivilegeList().add(systemPrivilegeInfo); if (systemPrivilegeInfo.getRoleList() == null) { systemPrivilegeInfo.setRoleList(new ArrayList<RoleInfo>()); } systemPrivilegeInfo.getRoleList().add(roleInfo); roleInfo.setRoleType(RoleTypeConstant.USER_ROLE); roleInfo.setModifyUserId(modifyUserId); roleInfo.setModifyDate(currentTimeMillis); jtm.getEntityManager().persist(roleInfo); } else { // // ?? RoleInfo roleInfoEntity = QueryUtil.getRolePK(roleInfo.getRoleId()); // ???? if (!roleInfoEntity.getRoleType().equals(RoleTypeConstant.USER_ROLE)) { throw new UnEditableRole(); } // roleInfoEntity.setRoleName(roleInfo.getRoleName()); roleInfoEntity.setDescription(roleInfo.getDescription()); roleInfoEntity.setModifyUserId(modifyUserId); roleInfoEntity.setModifyDate(currentTimeMillis); } m_log.info("successful in modifying a role. (roleId = " + roleInfo.getRoleId() + ")"); } catch (RoleNotFound | UnEditableRole e) { throw e; } catch (EntityExistsException e) { m_log.info("modifyRoleInfo() failure to add a role. a role'id is duplicated. (roleId = " + roleInfo.getRoleId() + ")"); throw new RoleDuplicate(e.getMessage(), e); } catch (Exception e) { m_log.warn("modifyRoleInfo() failure to modify a role. (roleId = " + roleInfo.getRoleId() + ")", e); throw new HinemosUnknown("failure to modify a role. (roleId = " + roleInfo.getRoleId() + ")", e); } } /** * ?<BR> * * @param roleId ?ID * @param modifyUserId ID * @throws RoleNotFound * @throws UnEditableRole * @throws UsedRole * @throws HinemosUnknown */ public static void deleteRoleInfo(String roleId, String modifyUserId) throws RoleNotFound, UnEditableRole, UsedRole, HinemosUnknown { if (roleId != null && roleId.compareTo("") != 0 && modifyUserId != null && modifyUserId.compareTo("") != 0) { HinemosEntityManager em = new JpaTransactionManager().getEntityManager(); try { // ???? RoleInfo role = QueryUtil.getRolePK(roleId); // ???? if (role != null && !role.getRoleType().equals(RoleTypeConstant.USER_ROLE)) { throw new UnEditableRole(); } if (role.getUserInfoList() != null && role.getUserInfoList().size() > 0) { throw new UsedRole(); } // ? role.unchainUserInfoList(); role.unchainSystemPrivilegeInfoList(); // ? em.remove(role); } catch (RoleNotFound | UnEditableRole | UsedRole e) { throw e; } catch (Exception e) { m_log.warn("deleteRoleInfo() failure to delete a role. (roleId = " + roleId + ")", e); throw new HinemosUnknown(e.getMessage(), e); } m_log.info("successful in deleting a role. (roleId = " + roleId + ")"); } } /** * ??<BR> * * @param roleId ID * @param userIds ID? * @throws UserNotFound * @throws RoleNotFound * @throws UnEditableRole * @throws HinemosUnknown */ public static void assignUserToRole(String roleId, String[] userIds) throws UserNotFound, RoleNotFound, UnEditableRole, HinemosUnknown { /** */ RoleInfo roleInfo = null; /** ? */ try { // ?? roleInfo = QueryUtil.getRolePK(roleId); // ????hinemos?????????? if (roleInfo.getRoleType().equals(RoleTypeConstant.SYSTEM_ROLE)) { boolean existsFlg = false; for (String userId : userIds) { UserInfo userInfo = QueryUtil.getUserPK(userId); if (userInfo.getUserType().equals(UserTypeConstant.SYSTEM_USER)) { existsFlg = true; break; } } // ????? if (!existsFlg) { throw new UnEditableRole(); } } // ? roleInfo.unchainUserInfoList(); ArrayList<UserInfo> userInfoList = new ArrayList<UserInfo>(); if (userIds != null) { for (String userId : userIds) { UserInfo userInfo = QueryUtil.getUserPK(userId); if (userInfo.getRoleList() == null) { userInfo.setRoleList(new ArrayList<RoleInfo>()); } if (!userInfo.getRoleList().contains(roleInfo)) { userInfo.getRoleList().add(roleInfo); } userInfoList.add(userInfo); } } roleInfo.setUserInfoList(userInfoList); } catch (UserNotFound | RoleNotFound | UnEditableRole e) { throw e; } catch (Exception e) { m_log.warn("modifyRoleInfo() failure to assign. (roleId = " + roleId + ")", e); throw new HinemosUnknown(e.getMessage(), e); } } /** * ???<BR> * * @param roleId ID * @param systemPrivileges ?? * @throws RoleNotFound * @throws UnEditableRole * @throws HinemosUnknown */ public static void replaceSystemPrivilegeToRole(String roleId, List<SystemPrivilegeInfo> systemPrivileges) throws RoleNotFound, UnEditableRole, HinemosUnknown { /** */ RoleInfo roleInfo = null; /** ? */ try { // ?? roleInfo = QueryUtil.getRolePK(roleId); // ADMINISTRATORS???? if (roleInfo.getRoleId().equals(RoleIdConstant.ADMINISTRATORS)) { throw new UnEditableRole(); } if (systemPrivileges != null) { SystemPrivilegeInfo systemPrivilegeInfoEntity = null; List<SystemPrivilegeInfoPK> systemPrivilegeInfoPKList = new ArrayList<>(); for (SystemPrivilegeInfo systemPrivilegeInfo : systemPrivileges) { systemPrivilegeInfoEntity = QueryUtil.getSystemPrivilegePK(systemPrivilegeInfo.getId()); boolean isExist = false; for (RoleInfo role : systemPrivilegeInfoEntity.getRoleList()) { if (role.getRoleId().equals(roleId)) { isExist = true; break; } } if (!isExist) { roleInfo.getSystemPrivilegeList().add(systemPrivilegeInfoEntity); systemPrivilegeInfoEntity.getRoleList().add(roleInfo); } systemPrivilegeInfoPKList.add(systemPrivilegeInfo.getId()); } // ???RoleInfo roleInfo.deleteSystemPrivilegeEntities(systemPrivilegeInfoPKList); } m_log.debug("replaceSystemPrivilegeToRole " + roleId); } catch (RoleNotFound e) { throw e; } catch (UnEditableRole e) { throw e; } catch (Exception e) { m_log.warn("replaceSystemPrivilegeToRole() failure to assign. (roleId = " + roleId + ")", e); throw new HinemosUnknown(e.getMessage(), e); } } /** * ?ID????????<BR> * * @param objectType * @param objectId ID * @param list ?? * @param modifyUserId ID * @throws PrivilegeDuplicate * @throws HinemosUnknown */ public static void replaceObjectPrivilegeInfo(String objectType, String objectId, List<ObjectPrivilegeInfo> list, String modifyUserId) throws PrivilegeDuplicate, UsedObjectPrivilege, HinemosUnknown { JpaTransactionManager jtm = new JpaTransactionManager(); HinemosEntityManager em = jtm.getEntityManager(); try { // ?ID??????? List<ObjectPrivilegeInfoPK> deleteList = new ArrayList<ObjectPrivilegeInfoPK>(); List<ObjectPrivilegeInfo> oldList = QueryUtil.getAllObjectPrivilegeByFilter(objectType, objectId, null, null); if (oldList != null && oldList.size() > 0) { for (ObjectPrivilegeInfo oldInfo : oldList) { deleteList.add(oldInfo.getId()); } } // ?ID?????? ObjectPrivilegeTargetInfo objectPrivilegeTargetInfo = (ObjectPrivilegeTargetInfo) ObjectPrivilegeUtil .getObjectPrivilegeObject(objectType, objectId, ObjectPrivilegeMode.READ); if (objectPrivilegeTargetInfo == null) { m_log.warn("unknown object : objectType=" + objectType + ", objectId=" + objectId); throw new HinemosUnknown("objectPrivilegeTargetEntity is null objectId: " + objectId); } String ownerRoleId = objectPrivilegeTargetInfo.getOwnerRoleId(); if (list != null && list.size() > 0 && modifyUserId != null && modifyUserId.compareTo("") != 0) { // ? for (ObjectPrivilegeInfo info : list) { // ID??????? if (ownerRoleId.equals(info.getRoleId())) { continue; } // ?? ObjectPrivilegeInfoPK infoPk = new ObjectPrivilegeInfoPK(objectType, objectId, info.getRoleId(), info.getObjectPrivilege()); ObjectPrivilegeInfo modifyInfo = null; try { modifyInfo = QueryUtil.getObjectPrivilegePK(infoPk); // ?????? deleteList.remove(infoPk); } catch (PrivilegeNotFound e) { // ?? modifyInfo = new ObjectPrivilegeInfo(infoPk); } modifyInfo.setCreateUserId(modifyUserId); modifyInfo.setCreateDate(HinemosTime.currentTimeMillis()); modifyInfo.setModifyUserId(modifyUserId); modifyInfo.setModifyDate(HinemosTime.currentTimeMillis()); } } // ? if (deleteList != null && deleteList.size() > 0) { List<? extends ObjectPrivilegeTargetInfo> referList = null; String referObjectType = null; for (ObjectPrivilegeInfoPK deletePk : deleteList) { // READ???????????? if (deletePk.getObjectPrivilege().equals(ObjectPrivilegeMode.READ.name())) { if (HinemosModuleConstant.PLATFORM_REPOSITORY.equals(objectType)) { /* * ???? * (?????????????????) */ // referList = em .createNamedQuery("MonitorInfo.findByFacilityIdOwnerRoleId", MonitorInfo.class) .setParameter("objectId", objectId) .setParameter("ownerRoleId", deletePk.getRoleId()).getResultList(); if (referList.size() > 0) { referObjectType = HinemosModuleConstant.MONITOR; break; } // referList = em .createNamedQuery("JobMstEntity.findByFacilityIdOwnerRoleId", JobMstEntity.class) .setParameter("objectId", objectId) .setParameter("ownerRoleId", deletePk.getRoleId()).getResultList(); if (referList.size() > 0) { referObjectType = HinemosModuleConstant.JOB; break; } // referList = em .createNamedQuery("JobKickEntity.findByFacilityIdOwnerRoleId", JobKickEntity.class) .setParameter("objectId", objectId) .setParameter("ownerRoleId", deletePk.getRoleId()).getResultList(); if (referList.size() > 0) { referObjectType = HinemosModuleConstant.JOB_KICK; break; } // referList = em .createNamedQuery("NotifyInfoEntity.findByEscalateFacilityIdOwnerRoleId", NotifyInfo.class) .setParameter("objectId", objectId) .setParameter("ownerRoleId", deletePk.getRoleId()).getResultList(); if (referList.size() > 0) { referObjectType = HinemosModuleConstant.PLATFORM_NOTIFY; break; } // referList = em .createNamedQuery("NotifyInfoEntity.findByExecFacilityIdOwnerRoleId", NotifyInfo.class) .setParameter("objectId", objectId) .setParameter("ownerRoleId", deletePk.getRoleId()).getResultList(); if (referList.size() > 0) { referObjectType = HinemosModuleConstant.PLATFORM_NOTIFY; break; } } else if (HinemosModuleConstant.JOB.equals(objectType)) { /* * ?? */ // referList = em .createNamedQuery("JobKickEntity.findByJobUnitIdOwnerRoleId", JobKickEntity.class) .setParameter("objectId", objectId) .setParameter("ownerRoleId", deletePk.getRoleId()).getResultList(); if (referList.size() > 0) { referObjectType = HinemosModuleConstant.JOB_KICK; break; } // referList = em .createNamedQuery("NotifyInfoEntity.findByJobUnitIdOwnerRoleId", NotifyInfo.class) .setParameter("objectId", objectId) .setParameter("ownerRoleId", deletePk.getRoleId()).getResultList(); if (referList.size() > 0) { referObjectType = HinemosModuleConstant.PLATFORM_NOTIFY; break; } // (?) referList = em .createNamedQuery("JobMstEntity.findByJobUnitIdApprovalReqRoleId", JobMstEntity.class) .setParameter("objectId", objectId).setParameter("roleId", deletePk.getRoleId()) .getResultList(); if (referList.size() > 0) { referObjectType = HinemosModuleConstant.JOB_MST; break; } } else if (HinemosModuleConstant.PLATFORM_CALENDAR.equals(objectType)) { /* * ?? */ // referList = em .createNamedQuery("MonitorInfo.findByCalendarIdOwnerRoleId", MonitorInfo.class) .setParameter("objectId", objectId) .setParameter("ownerRoleId", deletePk.getRoleId()).getResultList(); if (referList.size() > 0) { referObjectType = HinemosModuleConstant.MONITOR; break; } // referList = em .createNamedQuery("JobMstEntity.findByCalendarIdOwnerRoleId", JobMstEntity.class) .setParameter("objectId", objectId) .setParameter("ownerRoleId", deletePk.getRoleId()).getResultList(); if (referList.size() > 0) { referObjectType = HinemosModuleConstant.JOB; break; } // referList = em .createNamedQuery("JobKickEntity.findByCalendarIdOwnerRoleId", JobKickEntity.class) .setParameter("objectId", objectId) .setParameter("ownerRoleId", deletePk.getRoleId()).getResultList(); if (referList.size() > 0) { referObjectType = HinemosModuleConstant.JOB_KICK; break; } } else if (HinemosModuleConstant.PLATFORM_CALENDAR_PATTERN.equals(objectType)) { /* * ?? */ // referList = em .createNamedQuery("CalInfoEntity.findByCalendarPatternIdOwnerRoleId", CalendarInfo.class) .setParameter("objectId", objectId) .setParameter("ownerRoleId", deletePk.getRoleId()).getResultList(); if (referList.size() > 0) { referObjectType = HinemosModuleConstant.PLATFORM_CALENDAR; break; } } else if (HinemosModuleConstant.PLATFORM_NOTIFY.equals(objectType)) { /* * ?? */ // referList = em .createNamedQuery("MonitorInfo.findByNotifyIdOwnerRoleId", MonitorInfo.class) .setParameter("objectId", objectId) .setParameter("ownerRoleId", deletePk.getRoleId()).getResultList(); if (referList.size() > 0) { referObjectType = HinemosModuleConstant.MONITOR; break; } // referList = em .createNamedQuery("JobMstEntity.findByNotifyIdOwnerRoleId", JobMstEntity.class) .setParameter("objectId", objectId) .setParameter("ownerRoleId", deletePk.getRoleId()).getResultList(); if (referList.size() > 0) { referObjectType = HinemosModuleConstant.JOB; break; } } else if (HinemosModuleConstant.PLATFORM_MAIL_TEMPLATE.equals(objectType)) { /* * */ // referList = em .createNamedQuery("NotifyInfoEntity.findByMailTemplateIdOwnerRoleId", NotifyInfo.class) .setParameter("objectId", objectId) .setParameter("ownerRoleId", deletePk.getRoleId()).getResultList(); referObjectType = HinemosModuleConstant.PLATFORM_NOTIFY; } } ObjectPrivilegeInfo deleteInfo = null; try { deleteInfo = QueryUtil.getObjectPrivilegePK(deletePk); em.remove(deleteInfo); } catch (PrivilegeNotFound e) { // ??????????? m_log.debug("ObjectPrivilegeInfo is not found."); } } if (referList != null && referList.size() > 0) { UsedObjectPrivilege e = new UsedObjectPrivilege(referObjectType, referList.get(0).getObjectId()); m_log.warn("replaceObjectPrivilegeInfo() : " + "objectType = " + e.getObjectType() + ", objectId = " + e.getObjectId() + ", " + e.getClass().getSimpleName() + ", " + e.getMessage(), e); throw e; } } } catch (UsedObjectPrivilege | EntityExistsException e) { m_log.debug("replaceObjectPrivilegeInfo() failure to add a entity. " + e.getMessage()); throw new PrivilegeDuplicate(e.getMessage(), e); } catch (Exception e) { m_log.warn("replaceObjectPrivilegeInfo() failure to add a entity. " + e.getMessage(), e); throw new HinemosUnknown(e.getMessage(), e); } m_log.info("successful in modifing a entity."); } }