org.pentaho.platform.web.http.api.resources.UserRoleDaoResource.java Source code

Java tutorial

Introduction

Here is the source code for org.pentaho.platform.web.http.api.resources.UserRoleDaoResource.java

Source

/*!
 * This program is free software; you can redistribute it and/or modify it under the
 * terms of the GNU Lesser General Public License, version 2.1 as published by the Free Software
 * Foundation.
 *
 * You should have received a copy of the GNU Lesser General Public License along with this
 * program; if not, you can obtain a copy at http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
 * or from the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 * See the GNU Lesser General Public License for more details.
 *
 * Copyright (c) 2002-2013 Pentaho Corporation..  All rights reserved.
 */

package org.pentaho.platform.web.http.api.resources;

import com.sun.jersey.api.NotFoundException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.codehaus.enunciate.Facet;
import org.pentaho.platform.api.engine.IAuthorizationPolicy;
import org.pentaho.platform.api.engine.IPentahoSession;
import org.pentaho.platform.api.engine.security.userroledao.IPentahoRole;
import org.pentaho.platform.api.engine.security.userroledao.IPentahoUser;
import org.pentaho.platform.api.engine.security.userroledao.IUserRoleDao;
import org.pentaho.platform.api.mt.ITenant;
import org.pentaho.platform.api.mt.ITenantManager;
import org.pentaho.platform.core.mt.Tenant;
import org.pentaho.platform.engine.core.system.PentahoSessionHolder;
import org.pentaho.platform.engine.core.system.PentahoSystem;
import org.pentaho.platform.security.policy.rolebased.IRoleAuthorizationPolicyRoleBindingDao;
import org.pentaho.platform.security.policy.rolebased.RoleBindingStruct;
import org.pentaho.platform.security.policy.rolebased.actions.AdministerSecurityAction;
import org.pentaho.platform.security.policy.rolebased.actions.RepositoryCreateAction;
import org.pentaho.platform.security.policy.rolebased.actions.RepositoryReadAction;

import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.QueryParam;
import javax.ws.rs.Consumes;
import javax.ws.rs.PUT;

import javax.ws.rs.core.Response;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;

import static javax.ws.rs.core.MediaType.*;
import static javax.ws.rs.core.Response.Status.UNAUTHORIZED;

/**
 * UserRoleDao manage pentaho security user and roles in the platform.
 */
@Path("/userroledao/")
public class UserRoleDaoResource extends AbstractJaxRSResource {

    private IRoleAuthorizationPolicyRoleBindingDao roleBindingDao = null;
    private ITenantManager tenantManager = null;
    private ArrayList<String> systemRoles;
    private String adminRole;

    private static final Log logger = LogFactory.getLog(UserRoleDaoResource.class);

    public UserRoleDaoResource() {
        this(PentahoSystem.get(IRoleAuthorizationPolicyRoleBindingDao.class),
                PentahoSystem.get(ITenantManager.class),
                PentahoSystem.get(ArrayList.class, "singleTenantSystemAuthorities",
                        PentahoSessionHolder.getSession()),
                PentahoSystem.get(String.class, "singleTenantAdminAuthorityName",
                        PentahoSessionHolder.getSession()));
    }

    public UserRoleDaoResource(final IRoleAuthorizationPolicyRoleBindingDao roleBindingDao,
            final ITenantManager tenantMgr, final ArrayList<String> systemRoles, final String adminRole) {

        if (roleBindingDao == null) {
            throw new IllegalArgumentException();
        }

        this.roleBindingDao = roleBindingDao;
        this.tenantManager = tenantMgr;
        this.systemRoles = systemRoles;
        this.adminRole = adminRole;

    }

    /**
     * Returns the list of users in the platform's repository
     *
     * @return list of users in the platform
     * @throws Exception
     */
    @GET
    @Path("/users")
    @Produces({ APPLICATION_XML, APPLICATION_JSON })
    @Facet(name = "Unsupported")
    public UserListWrapper getUsers() throws Exception {
        if (canAdminister()) {
            try {
                IUserRoleDao roleDao = PentahoSystem.get(IUserRoleDao.class, "userRoleDaoProxy",
                        PentahoSessionHolder.getSession());
                return new UserListWrapper(roleDao.getUsers());
            } catch (Throwable t) {
                throw new WebApplicationException(t);
            }
        } else {
            throw new WebApplicationException(new Throwable());
        }
    }

    /**
     * Returns the list of roles in the platform's repository
     *
     * @return list of roles in the platform
     * @throws Exception
     */
    @GET
    @Path("/roles")
    @Produces({ APPLICATION_XML, APPLICATION_JSON })
    @Facet(name = "Unsupported")
    public RoleListWrapper getRoles() throws Exception {
        if (canAdminister()) {
            try {
                IUserRoleDao roleDao = PentahoSystem.get(IUserRoleDao.class, "userRoleDaoProxy",
                        PentahoSessionHolder.getSession());
                return new RoleListWrapper(roleDao.getRoles());
            } catch (Throwable t) {
                throw new WebApplicationException(t);
            }
        } else {
            throw new WebApplicationException(new Throwable());
        }
    }

    /**
     * Retrieves a selected user's roles
     *
     * @param tenantPath (tenant path where the user exist, null of empty string assumes default tenant)
     * @param userName   (user name)
     * @return list of roles fir the selected user
     * @throws Exception
     */
    @GET
    @Path("/userRoles")
    @Produces({ APPLICATION_XML, APPLICATION_JSON })
    @Facet(name = "Unsupported")
    public RoleListWrapper getUserRoles(@QueryParam("tenant") String tenantPath,
            @QueryParam("userName") String userName) throws Exception {
        if (canAdminister()) {
            try {
                IUserRoleDao roleDao = PentahoSystem.get(IUserRoleDao.class, "userRoleDaoProxy",
                        PentahoSessionHolder.getSession());
                return new RoleListWrapper(roleDao.getUserRoles(getTenant(tenantPath), userName));
            } catch (Throwable t) {
                throw new WebApplicationException(t);
            }
        } else {
            throw new WebApplicationException(new Throwable());
        }
    }

    /**
     * Retrieves list of users for the selected role
     *
     * @param tenantPath (tenant path where the user exist, null of empty string assumes default tenant)
     * @param roleName   (role name)
     * @return list of users for the selected role
     * @throws Exception
     */
    @GET
    @Path("/roleMembers")
    @Produces({ APPLICATION_XML, APPLICATION_JSON })
    @Facet(name = "Unsupported")
    public UserListWrapper getRoleMembers(@QueryParam("tenant") String tenantPath,
            @QueryParam("roleName") String roleName) throws Exception {
        IUserRoleDao roleDao = PentahoSystem.get(IUserRoleDao.class, "userRoleDaoProxy",
                PentahoSessionHolder.getSession());
        return new UserListWrapper(roleDao.getRoleMembers(getTenant(tenantPath), roleName));
    }

    /**
     * Associates selected role(s) to a user
     *
     * @param tenantPath (tenant path where the user exist, null of empty string assumes default tenant)
     * @param userName   (username)
     * @param roleNames  (tab (\t) separated list of role names)
     * @return
     */
    @PUT
    @Path("/assignRoleToUser")
    @Consumes({ WILDCARD })
    @Facet(name = "Unsupported")
    public Response assignRoleToUser(@QueryParam("tenant") String tenantPath,
            @QueryParam("userName") String userName, @QueryParam("roleNames") String roleNames) {
        if (canAdminister()) {
            IUserRoleDao roleDao = PentahoSystem.get(IUserRoleDao.class, "userRoleDaoProxy",
                    PentahoSessionHolder.getSession());
            StringTokenizer tokenizer = new StringTokenizer(roleNames, "\t");
            Set<String> assignedRoles = new HashSet<String>();
            for (IPentahoRole pentahoRole : roleDao.getUserRoles(getTenant(tenantPath), userName)) {
                assignedRoles.add(pentahoRole.getName());
            }
            while (tokenizer.hasMoreTokens()) {
                assignedRoles.add(tokenizer.nextToken());
            }
            try {
                roleDao.setUserRoles(getTenant(tenantPath), userName, assignedRoles.toArray(new String[0]));
            } catch (Throwable th) {
                return processErrorResponse(th.getLocalizedMessage());
            }
            return Response.ok().build();
        } else {
            return Response.status(UNAUTHORIZED).build();
        }
    }

    /**
     * Remove selected roles(s) from a selected user
     *
     * @param tenantPath (tenant path where the user exist, null of empty string assumes default tenant)
     * @param userName   (username)
     * @param roleNames  (tab (\t) separated list of role names)
     * @return
     */
    @PUT
    @Path("/removeRoleFromUser")
    @Consumes({ WILDCARD })
    @Facet(name = "Unsupported")
    public Response removeRoleFromUser(@QueryParam("tenant") String tenantPath,
            @QueryParam("userName") String userName, @QueryParam("roleNames") String roleNames) {
        if (canAdminister()) {
            try {
                IUserRoleDao roleDao = PentahoSystem.get(IUserRoleDao.class, "userRoleDaoProxy",
                        PentahoSessionHolder.getSession());
                StringTokenizer tokenizer = new StringTokenizer(roleNames, "\t");
                Set<String> assignedRoles = new HashSet<String>();
                for (IPentahoRole pentahoRole : roleDao.getUserRoles(getTenant(tenantPath), userName)) {
                    assignedRoles.add(pentahoRole.getName());
                }
                while (tokenizer.hasMoreTokens()) {
                    assignedRoles.remove(tokenizer.nextToken());
                }
                roleDao.setUserRoles(getTenant(tenantPath), userName, assignedRoles.toArray(new String[0]));
                return Response.ok().build();
            } catch (Throwable th) {
                return processErrorResponse(th.getLocalizedMessage());
            }
        } else {
            return Response.status(UNAUTHORIZED).build();
        }
    }

    /**
     * Associate all roles to the selected user
     *
     * @param tenantPath (tenant path where the user exist, null of empty string assumes default tenant)
     * @param userName   (username)
     * @return
     */
    @PUT
    @Path("/assignAllRolesToUser")
    @Consumes({ WILDCARD })
    @Facet(name = "Unsupported")
    public Response assignAllRolesToUser(@QueryParam("tenant") String tenantPath,
            @QueryParam("userName") String userName) {
        IUserRoleDao roleDao = PentahoSystem.get(IUserRoleDao.class, "userRoleDaoProxy",
                PentahoSessionHolder.getSession());
        Set<String> assignedRoles = new HashSet<String>();
        for (IPentahoRole pentahoRole : roleDao.getRoles(getTenant(tenantPath))) {
            assignedRoles.add(pentahoRole.getName());
        }
        roleDao.setUserRoles(getTenant(tenantPath), userName, assignedRoles.toArray(new String[0]));
        return Response.ok().build();
    }

    /**
     * Remove all roles from the selected user
     *
     * @param tenantPath (tenant path where the user exist, null of empty string assumes default tenant)
     * @param userName   (username)
     * @return
     */
    @PUT
    @Path("/removeAllRolesFromUser")
    @Consumes({ WILDCARD })
    @Facet(name = "Unsupported")
    public Response removeAllRolesFromUser(@QueryParam("tenant") String tenantPath,
            @QueryParam("userName") String userName) {
        if (canAdminister()) {
            try {
                IUserRoleDao roleDao = PentahoSystem.get(IUserRoleDao.class, "userRoleDaoProxy",
                        PentahoSessionHolder.getSession());
                roleDao.setUserRoles(getTenant(tenantPath), userName, new String[0]);
                return Response.ok().build();
            } catch (Throwable th) {
                return processErrorResponse(th.getLocalizedMessage());
            }
        } else {
            return Response.status(UNAUTHORIZED).build();
        }
    }

    /**
     * Associate list of users to the selected role
     *
     * @param tenantPath (tenant path where the user exist, null of empty string assumes default tenant)
     * @param userNames  (list of tab (\t) separated user names
     * @param roleName   (role name)
     * @return
     */
    @PUT
    @Path("/assignUserToRole")
    @Consumes({ WILDCARD })
    @Facet(name = "Unsupported")
    public Response assignUserToRole(@QueryParam("tenant") String tenantPath,
            @QueryParam("userNames") String userNames, @QueryParam("roleName") String roleName) {
        if (canAdminister()) {
            IUserRoleDao roleDao = PentahoSystem.get(IUserRoleDao.class, "userRoleDaoProxy",
                    PentahoSessionHolder.getSession());
            StringTokenizer tokenizer = new StringTokenizer(userNames, "\t");
            Set<String> assignedUserNames = new HashSet<String>();
            for (IPentahoUser pentahoUser : roleDao.getRoleMembers(getTenant(tenantPath), roleName)) {
                assignedUserNames.add(pentahoUser.getUsername());
            }
            while (tokenizer.hasMoreTokens()) {
                assignedUserNames.add(tokenizer.nextToken());
            }
            try {
                roleDao.setRoleMembers(getTenant(tenantPath), roleName, assignedUserNames.toArray(new String[0]));
                return Response.ok().build();
            } catch (Throwable th) {
                return processErrorResponse(th.getLocalizedMessage());
            }
        } else {
            return Response.status(UNAUTHORIZED).build();
        }
    }

    /**
     * Remove user(s) from a particular role
     *
     * @param tenantPath (tenant path where the user exist, null of empty string assumes default tenant)
     * @param userNames  (list of tab (\t) separated user names
     * @param roleName   (role name)
     * @return
     */
    @PUT
    @Path("/removeUserFromRole")
    @Consumes({ WILDCARD })
    @Facet(name = "Unsupported")
    public Response removeUserFromRole(@QueryParam("tenant") String tenantPath,
            @QueryParam("userNames") String userNames, @QueryParam("roleName") String roleName) {
        if (canAdminister()) {
            try {
                IUserRoleDao roleDao = PentahoSystem.get(IUserRoleDao.class, "userRoleDaoProxy",
                        PentahoSessionHolder.getSession());
                StringTokenizer tokenizer = new StringTokenizer(userNames, "\t");
                Set<String> assignedUserNames = new HashSet<String>();
                for (IPentahoUser pentahoUser : roleDao.getRoleMembers(getTenant(tenantPath), roleName)) {
                    assignedUserNames.add(pentahoUser.getUsername());
                }
                while (tokenizer.hasMoreTokens()) {
                    assignedUserNames.remove(tokenizer.nextToken());
                }
                roleDao.setRoleMembers(getTenant(tenantPath), roleName, assignedUserNames.toArray(new String[0]));
                return Response.ok().build();
            } catch (Throwable th) {
                return processErrorResponse(th.getLocalizedMessage());
            }
        } else {
            return Response.status(UNAUTHORIZED).build();
        }
    }

    /**
     * Associates all user to a particular role
     *
     * @param tenantPath (tenant path where the user exist, null of empty string assumes default tenant)
     * @param roleName   (role name)
     * @return
     */
    @PUT
    @Path("/assignAllUsersToRole")
    @Consumes({ WILDCARD })
    @Facet(name = "Unsupported")
    public Response assignAllUsersToRole(@QueryParam("tenant") String tenantPath,
            @QueryParam("roleName") String roleName) {
        IUserRoleDao roleDao = PentahoSystem.get(IUserRoleDao.class, "userRoleDaoProxy",
                PentahoSessionHolder.getSession());
        Set<String> assignedUserNames = new HashSet<String>();
        for (IPentahoUser pentahoUser : roleDao.getUsers(getTenant(tenantPath))) {
            assignedUserNames.add(pentahoUser.getUsername());
        }
        roleDao.setRoleMembers(getTenant(tenantPath), roleName, assignedUserNames.toArray(new String[0]));
        return Response.ok().build();
    }

    /**
     * Removes all users from a particular role
     *
     * @param tenantPath (tenant path where the user exist, null of empty string assumes default tenant)
     * @param roleName   (role name)
     * @return
     */
    @PUT
    @Path("/removeAllUsersFromRole")
    @Consumes({ WILDCARD })
    @Facet(name = "Unsupported")
    public Response removeAllUsersFromRole(@QueryParam("tenant") String tenantPath,
            @QueryParam("roleName") String roleName) {
        if (canAdminister()) {
            try {
                IUserRoleDao roleDao = PentahoSystem.get(IUserRoleDao.class, "userRoleDaoProxy",
                        PentahoSessionHolder.getSession());
                roleDao.setRoleMembers(getTenant(tenantPath), roleName, new String[0]);
                return Response.ok().build();
            } catch (Throwable th) {
                return processErrorResponse(th.getLocalizedMessage());
            }
        } else {
            return Response.status(UNAUTHORIZED).build();
        }
    }

    /**
     * Create a new user with provided information.
     *
     * @param tenantPath (tenant path where the user exist, null of empty string assumes default tenant)
     * @param user       (user information <code> User </code>)
     * @return
     */
    @PUT
    @Path("/createUser")
    @Consumes({ WILDCARD })
    @Facet(name = "Unsupported")
    public Response createUser(@QueryParam("tenant") String tenantPath, User user) {
        IUserRoleDao roleDao = PentahoSystem.get(IUserRoleDao.class, "userRoleDaoProxy",
                PentahoSessionHolder.getSession());
        String userName = user.getUserName();
        String password = user.getPassword();
        try {
            userName = URLDecoder.decode(userName.replace("+", "%2B"), "UTF-8");
        } catch (UnsupportedEncodingException e) {
            userName = user.getUserName();
            logger.warn(e.getMessage(), e);
        }
        try {
            password = URLDecoder.decode(password.replace("+", "%2B"), "UTF-8");
        } catch (UnsupportedEncodingException e) {
            password = user.getPassword();
            logger.warn(e.getMessage(), e);
        }
        roleDao.createUser(getTenant(tenantPath), userName, password, "", new String[0]);
        return Response.ok().build();
    }

    /**
     * Create a new role with the provided information
     *
     * @param tenantPath (tenant path where the user exist, null of empty string assumes default tenant)
     * @param roleName   (name of the new role)
     * @return
     */
    @PUT
    @Path("/createRole")
    @Consumes({ WILDCARD })
    @Facet(name = "Unsupported")
    public Response createRole(@QueryParam("tenant") String tenantPath, @QueryParam("roleName") String roleName) {
        IUserRoleDao roleDao = PentahoSystem.get(IUserRoleDao.class, "userRoleDaoProxy",
                PentahoSessionHolder.getSession());
        roleDao.createRole(getTenant(tenantPath), roleName, "", new String[0]);
        return Response.ok().build();
    }

    /**
     * Delete role(s) from the platform
     *
     * @param roleNames (list of tab (\t) separated role names)
     * @return
     */
    @PUT
    @Path("/deleteRoles")
    @Consumes({ WILDCARD })
    @Facet(name = "Unsupported")
    public Response deleteRole(@QueryParam("roleNames") String roleNames) {
        if (canAdminister()) {
            try {
                IUserRoleDao roleDao = PentahoSystem.get(IUserRoleDao.class, "userRoleDaoProxy",
                        PentahoSessionHolder.getSession());
                StringTokenizer tokenizer = new StringTokenizer(roleNames, "\t");
                while (tokenizer.hasMoreTokens()) {
                    IPentahoRole role = roleDao.getRole(null, tokenizer.nextToken());
                    if (role != null) {
                        roleDao.deleteRole(role);
                    }
                }
            } catch (Throwable th) {
                return processErrorResponse(th.getLocalizedMessage());
            }
            return Response.ok().build();
        } else {
            return Response.status(UNAUTHORIZED).build();
        }
    }

    /**
     * Delete user(s) from the platform
     *
     * @param userNames (list of tab (\t) separated user names)
     * @return
     */
    @PUT
    @Path("/deleteUsers")
    @Consumes({ WILDCARD })
    @Facet(name = "Unsupported")
    public Response deleteUser(@QueryParam("userNames") String userNames) {
        if (canAdminister()) {
            try {
                IUserRoleDao roleDao = PentahoSystem.get(IUserRoleDao.class, "userRoleDaoProxy",
                        PentahoSessionHolder.getSession());
                StringTokenizer tokenizer = new StringTokenizer(userNames, "\t");
                while (tokenizer.hasMoreTokens()) {
                    IPentahoUser user = roleDao.getUser(null, tokenizer.nextToken());
                    if (user != null) {
                        roleDao.deleteUser(user);
                    }
                }
            } catch (Throwable th) {
                return processErrorResponse(th.getLocalizedMessage());
            }
            return Response.ok().build();
        } else {
            return Response.status(UNAUTHORIZED).build();
        }
    }

    /**
     * Update the password of a selected user
     *
     * @param user (user information <code> User </code>)
     * @return
     */
    @PUT
    @Path("/updatePassword")
    @Consumes({ WILDCARD })
    @Facet(name = "Unsupported")
    public Response updatePassword(User user) {
        if (canAdminister()) {
            try {
                IUserRoleDao roleDao = PentahoSystem.get(IUserRoleDao.class, "userRoleDaoProxy",
                        PentahoSessionHolder.getSession());
                String userName = user.getUserName();
                String password = user.getPassword();
                try {
                    userName = URLDecoder.decode(userName.replace("+", "%2B"), "UTF-8");
                } catch (UnsupportedEncodingException e) {
                    userName = user.getUserName();
                    logger.warn(e.getMessage(), e);
                }
                try {
                    password = URLDecoder.decode(password.replace("+", "%2B"), "UTF-8");
                } catch (UnsupportedEncodingException e) {
                    password = user.getPassword();
                    logger.warn(e.getMessage(), e);
                }
                IPentahoUser puser = roleDao.getUser(null, userName);
                if (puser != null) {
                    roleDao.setPassword(null, userName, password);
                }
                return Response.ok().build();
            } catch (Throwable t) {
                throw new WebApplicationException(t);
            }
        } else {
            return Response.status(UNAUTHORIZED).build();
        }
    }

    /**
     * Retrieve the list of logical roles in the platform
     *
     * @param locale (locale)
     * @return
     */
    @GET
    @Path("/logicalRoleMap")
    @Produces({ APPLICATION_XML, APPLICATION_JSON })
    @Facet(name = "Unsupported")
    public SystemRolesMap getRoleBindingStruct(@QueryParam("locale") String locale) {
        if (canAdminister()) {
            try {
                RoleBindingStruct roleBindingStruct = roleBindingDao.getRoleBindingStruct(locale);
                SystemRolesMap systemRolesMap = new SystemRolesMap();
                for (Map.Entry<String, String> localalizeNameEntry : roleBindingStruct.logicalRoleNameMap
                        .entrySet()) {
                    systemRolesMap.getLocalizedRoleNames().add(new LocalizedLogicalRoleName(
                            localalizeNameEntry.getKey(), localalizeNameEntry.getValue()));
                }
                for (Map.Entry<String, List<String>> logicalRoleAssignments : roleBindingStruct.bindingMap
                        .entrySet()) {
                    systemRolesMap.getAssignments()
                            .add(new LogicalRoleAssignment(logicalRoleAssignments.getKey(),
                                    logicalRoleAssignments.getValue(),
                                    roleBindingStruct.immutableRoles.contains(logicalRoleAssignments.getKey())));
                }
                return systemRolesMap;
            } catch (Throwable t) {
                throw new WebApplicationException(t);
            }
        } else {
            throw new WebApplicationException(new Throwable());
        }
    }

    /**
     * Associate a particular runtime role to list of logical role in the repository
     *
     * @param roleAssignments (logical to runtime role assignments)
     * @return
     */
    @PUT
    @Consumes({ APPLICATION_XML, APPLICATION_JSON })
    @Path("/roleAssignments")
    @Facet(name = "Unsupported")
    public Response setLogicalRoles(LogicalRoleAssignments roleAssignments) {
        for (LogicalRoleAssignment roleAssignment : roleAssignments.getAssignments()) {
            roleBindingDao.setRoleBindings(roleAssignment.getRoleName(), roleAssignment.getLogicalRoles());
        }
        return Response.ok().build();
    }

    private ITenant getTenant(String tenantId) throws NotFoundException {
        ITenant tenant = null;
        if (tenantId != null) {
            tenant = tenantManager.getTenant(tenantId);
            if (tenant == null) {
                throw new NotFoundException("Tenant not found.");
            }
        } else {
            IPentahoSession session = PentahoSessionHolder.getSession();
            String tenantPath = (String) session.getAttribute(IPentahoSession.TENANT_ID_KEY);
            if (tenantPath != null) {
                tenant = new Tenant(tenantPath, true);
            }
        }
        return tenant;
    }

    private HashSet<String> tokenToString(String tokenString) {
        StringTokenizer tokenizer = new StringTokenizer(tokenString, "\t");
        HashSet<String> result = new HashSet<String>();
        while (tokenizer.hasMoreTokens()) {
            result.add(tokenizer.nextToken());
        }
        return result;
    }

    private Response processErrorResponse(String errMessage) {
        return Response.ok(errMessage).build();
    }

    private boolean canAdminister() {
        IAuthorizationPolicy policy = PentahoSystem.get(IAuthorizationPolicy.class);
        return policy.isAllowed(RepositoryReadAction.NAME) && policy.isAllowed(RepositoryCreateAction.NAME)
                && (policy.isAllowed(AdministerSecurityAction.NAME));
    }

}