Java tutorial
/** * This file is part of Graylog. * * Graylog is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * Graylog is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with Graylog. If not, see <http://www.gnu.org/licenses/>. */ package org.graylog2.users; import com.google.common.base.Function; import com.google.common.collect.Maps; import com.google.common.collect.Sets; import com.mongodb.BasicDBObject; import com.mongodb.DuplicateKeyException; import org.bson.types.ObjectId; import org.graylog2.bindings.providers.MongoJackObjectMapperProvider; import org.graylog2.database.MongoConnection; import org.graylog2.database.NotFoundException; import org.graylog2.plugin.database.ValidationException; import org.graylog2.shared.security.Permissions; import org.graylog2.shared.users.Role; import org.graylog2.shared.users.Roles; import org.mongojack.DBCursor; import org.mongojack.DBQuery; import org.mongojack.JacksonDBCollection; import org.mongojack.WriteResult; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import javax.annotation.Nullable; import javax.inject.Inject; import javax.validation.ConstraintViolation; import javax.validation.Validator; import java.util.Locale; import java.util.Map; import java.util.NoSuchElementException; import java.util.Set; import static com.google.common.base.Preconditions.checkNotNull; import static org.mongojack.DBQuery.and; import static org.mongojack.DBQuery.is; public class RoleServiceImpl implements RoleService { private static final Logger log = LoggerFactory.getLogger(RoleServiceImpl.class); private static final String ROLES = "roles"; private static final String NAME_LOWER = "name_lower"; private static final String READ_ONLY = "read_only"; private static final String ADMIN_ROLENAME = "Admin"; private static final String READER_ROLENAME = "Reader"; private final JacksonDBCollection<RoleImpl, ObjectId> dbCollection; private final Validator validator; private final String adminRoleObjectId; private final String readerRoleObjectId; @Inject protected RoleServiceImpl(MongoConnection mongoConnection, MongoJackObjectMapperProvider mapper, Permissions permissions, Validator validator) { this.validator = validator; dbCollection = JacksonDBCollection.wrap(mongoConnection.getDatabase().getCollection(ROLES), RoleImpl.class, ObjectId.class, mapper.get()); // lower case role names are unique, this allows arbitrary naming, but still uses an index dbCollection.createIndex(new BasicDBObject(NAME_LOWER, 1), new BasicDBObject("unique", true)); // make sure the two built-in roles actually exist adminRoleObjectId = checkNotNull(ensureBuiltinRole(ADMIN_ROLENAME, Sets.newHashSet("*"), "Admin", "Grants all permissions for Graylog administrators (built-in)")); readerRoleObjectId = checkNotNull(ensureBuiltinRole(READER_ROLENAME, permissions.readerBasePermissions(), "Reader", "Grants basic permissions for every Graylog user (built-in)")); } @Nullable private String ensureBuiltinRole(String roleName, Set<String> expectedPermissions, String name, String description) { RoleImpl previousRole = null; try { previousRole = load(roleName); if (!previousRole.isReadOnly() || !expectedPermissions.equals(previousRole.getPermissions())) { final String msg = "Invalid role '" + roleName + "', fixing it."; log.error(msg); throw new IllegalArgumentException(msg); // jump to fix code } } catch (NotFoundException | IllegalArgumentException | NoSuchElementException ignored) { log.info("{} role is missing or invalid, re-adding it as a built-in role.", roleName); final RoleImpl fixedAdmin = new RoleImpl(); // copy the mongodb id over, in order to update the role instead of readding it if (previousRole != null) { fixedAdmin._id = previousRole._id; } fixedAdmin.setReadOnly(true); fixedAdmin.setName(name); fixedAdmin.setDescription(description); fixedAdmin.setPermissions(expectedPermissions); try { final RoleImpl savedRole = save(fixedAdmin); return savedRole.getId(); } catch (DuplicateKeyException | ValidationException e) { log.error("Unable to save fixed " + roleName + " role, please restart Graylog to fix this.", e); } } if (previousRole == null) { log.error("Unable to access fixed " + roleName + " role, please restart Graylog to fix this."); return null; } return previousRole.getId(); } @Override public Role loadById(String roleId) throws NotFoundException { final Role role = dbCollection.findOneById(new ObjectId(roleId)); if (role == null) { throw new NotFoundException("No role found with id " + roleId); } return role; } @Override public RoleImpl load(String roleName) throws NotFoundException { final RoleImpl role = dbCollection.findOne(is(NAME_LOWER, roleName.toLowerCase(Locale.ENGLISH))); if (role == null) { throw new NotFoundException("No role found with name " + roleName); } return role; } @Override public boolean exists(String roleName) { return dbCollection.getCount(is(NAME_LOWER, roleName.toLowerCase(Locale.ENGLISH))) == 1; } @Override public Set<Role> loadAll() throws NotFoundException { final DBCursor<RoleImpl> rolesCursor = dbCollection.find(); return Sets.newHashSet((Iterable<? extends Role>) rolesCursor); } @Override public Map<String, Role> loadAllIdMap() throws NotFoundException { final Set<Role> roles = loadAll(); return Maps.uniqueIndex(roles, new Function<Role, String>() { @Nullable @Override public String apply(Role input) { return input.getId(); } }); } @Override public Map<String, Role> loadAllLowercaseNameMap() throws NotFoundException { final Set<Role> roles = loadAll(); return Maps.uniqueIndex(roles, Roles.roleToNameFunction(true)); } @Override public RoleImpl save(Role role1) throws ValidationException { // sucky but necessary because of graylog2-shared not knowing about mongodb :( if (!(role1 instanceof RoleImpl)) { throw new IllegalArgumentException("invalid Role implementation class"); } RoleImpl role = (RoleImpl) role1; final Set<ConstraintViolation<Role>> violations = validate(role); if (!violations.isEmpty()) { throw new ValidationException("Validation failed.", violations.toString()); } final WriteResult<RoleImpl, ObjectId> writeResult = dbCollection.save(role); return writeResult.getSavedObject(); } @Override public Set<ConstraintViolation<Role>> validate(Role role) { return validator.validate(role); } @Override public int delete(String roleName) { final DBQuery.Query nameMatchesAndNotReadonly = and(is(READ_ONLY, false), is(NAME_LOWER, roleName.toLowerCase(Locale.ENGLISH))); return dbCollection.remove(nameMatchesAndNotReadonly).getN(); } @Override public String getAdminRoleObjectId() { return adminRoleObjectId; } @Override public String getReaderRoleObjectId() { return readerRoleObjectId; } }