1 /*
2  * Licensed to the Apache Software Foundation (ASF) under one
3  * or more contributor license agreements.  See the NOTICE file
4  * distributed with this work for additional information
5  * regarding copyright ownership.  The ASF licenses this file
6  * to you under the Apache License, Version 2.0 (the
7  * "License"); you may not use this file except in compliance
8  * with the License.  You may obtain a copy of the License at
9  *
10  *   http://www.apache.org/licenses/LICENSE-2.0
11  *
12  * Unless required by applicable law or agreed to in writing,
13  * software distributed under the License is distributed on an
14  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15  * KIND, either express or implied.  See the License for the
16  * specific language governing permissions and limitations
17  * under the License.
18  */
19 
20 package org.apache.guacamole.auth.jdbc.usergroup;
21 
22 import com.google.inject.Inject;
23 import com.google.inject.Provider;
24 import java.util.Arrays;
25 import java.util.Collection;
26 import java.util.Collections;
27 import java.util.HashSet;
28 import java.util.Map;
29 import java.util.Set;
30 import org.apache.guacamole.GuacamoleException;
31 import org.apache.guacamole.auth.jdbc.base.ModeledPermissions;
32 import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
33 import org.apache.guacamole.form.BooleanField;
34 import org.apache.guacamole.form.Field;
35 import org.apache.guacamole.form.Form;
36 import org.apache.guacamole.net.auth.RelatedObjectSet;
37 import org.apache.guacamole.net.auth.UserGroup;
38 
39 /**
40  * An implementation of the UserGroup object which is backed by a database model.
41  */
42 public class ModeledUserGroup extends ModeledPermissions<UserGroupModel>
43         implements UserGroup {
44 
45     /**
46      * The name of the attribute which controls whether a user group is
47      * disabled.
48      */
49     public static final String DISABLED_ATTRIBUTE_NAME = "disabled";
50 
51     /**
52      * All attributes related to restricting user groups, within a logical
53      * form.
54      */
55     public static final Form ACCOUNT_RESTRICTIONS = new Form("restrictions", Arrays.<Field>asList(
56         new BooleanField(DISABLED_ATTRIBUTE_NAME, "true")
57     ));
58 
59     /**
60      * All possible attributes of user groups organized as individual,
61      * logical forms.
62      */
63     public static final Collection<Form> ATTRIBUTES = Collections.unmodifiableCollection(Arrays.asList(
64         ACCOUNT_RESTRICTIONS
65     ));
66 
67     /**
68      * The names of all attributes which are explicitly supported by this
69      * extension's UserGroup objects.
70      */
71     public static final Set<String> ATTRIBUTE_NAMES =
72             Collections.unmodifiableSet(new HashSet<String>(Arrays.asList(
73                 DISABLED_ATTRIBUTE_NAME
74             )));
75 
76     /**
77      * Provider for RelatedObjectSets containing the user groups of which this
78      * user group is a member.
79      */
80     @Inject
81     private Provider<UserGroupParentUserGroupSet> parentUserGroupSetProvider;
82 
83     /**
84      * Provider for RelatedObjectSets containing the users that are members of
85      * this user group.
86      */
87     @Inject
88     private Provider<UserGroupMemberUserSet> memberUserSetProvider;
89 
90     /**
91      * Provider for RelatedObjectSets containing the user groups that are
92      * members of this user group.
93      */
94     @Inject
95     private Provider<UserGroupMemberUserGroupSet> memberUserGroupSetProvider;
96 
97     /**
98      * Whether attributes which control access restrictions should be exposed
99      * via getAttributes() or allowed to be set via setAttributes().
100      */
101     private boolean exposeRestrictedAttributes = false;
102 
103     /**
104      * Initializes this ModeledUserGroup, associating it with the current
105      * authenticated user and populating it with data from the given user group
106      * model.
107      *
108      * @param currentUser
109      *     The user that created or retrieved this object.
110      *
111      * @param model
112      *     The backing model object.
113      *
114      * @param exposeRestrictedAttributes
115      *     Whether attributes which control access restrictions should be
116      *     exposed via getAttributes() or allowed to be set via
117      *     setAttributes().
118      */
init(ModeledAuthenticatedUser currentUser, UserGroupModel model, boolean exposeRestrictedAttributes)119     public void init(ModeledAuthenticatedUser currentUser, UserGroupModel model,
120             boolean exposeRestrictedAttributes) {
121         super.init(currentUser, model);
122         this.exposeRestrictedAttributes = exposeRestrictedAttributes;
123     }
124 
125     /**
126      * Stores all restricted (privileged) attributes within the given Map,
127      * pulling the values of those attributes from the underlying user group
128      * model. If no value is yet defined for an attribute, that attribute will
129      * be set to null.
130      *
131      * @param attributes
132      *     The Map to store all restricted attributes within.
133      */
putRestrictedAttributes(Map<String, String> attributes)134     private void putRestrictedAttributes(Map<String, String> attributes) {
135 
136         // Set disabled attribute
137         attributes.put(DISABLED_ATTRIBUTE_NAME, getModel().isDisabled() ? "true" : null);
138 
139     }
140 
141     /**
142      * Stores all restricted (privileged) attributes within the underlying user
143      * group model, pulling the values of those attributes from the given Map.
144      *
145      * @param attributes
146      *     The Map to pull all restricted attributes from.
147      */
setRestrictedAttributes(Map<String, String> attributes)148     private void setRestrictedAttributes(Map<String, String> attributes) {
149 
150         // Translate disabled attribute
151         getModel().setDisabled("true".equals(attributes.get(DISABLED_ATTRIBUTE_NAME)));
152 
153     }
154 
155     @Override
getSupportedAttributeNames()156     public Set<String> getSupportedAttributeNames() {
157         return ATTRIBUTE_NAMES;
158     }
159 
160     @Override
getAttributes()161     public Map<String, String> getAttributes() {
162 
163         // Include any defined arbitrary attributes
164         Map<String, String> attributes = super.getAttributes();
165 
166         // Include restricted attributes only if they should be exposed
167         if (exposeRestrictedAttributes)
168             putRestrictedAttributes(attributes);
169 
170         return attributes;
171     }
172 
173     @Override
setAttributes(Map<String, String> attributes)174     public void setAttributes(Map<String, String> attributes) {
175 
176         // Set arbitrary attributes
177         super.setAttributes(attributes);
178 
179         // Assign restricted attributes only if they are exposed
180         if (exposeRestrictedAttributes)
181             setRestrictedAttributes(attributes);
182 
183     }
184 
185     @Override
getUserGroups()186     public RelatedObjectSet getUserGroups() throws GuacamoleException {
187         UserGroupParentUserGroupSet parentUserGroupSet = parentUserGroupSetProvider.get();
188         parentUserGroupSet.init(getCurrentUser(), this);
189         return parentUserGroupSet;
190     }
191 
192     @Override
getMemberUsers()193     public RelatedObjectSet getMemberUsers() throws GuacamoleException {
194         UserGroupMemberUserSet memberUserSet = memberUserSetProvider.get();
195         memberUserSet.init(getCurrentUser(), this);
196         return memberUserSet;
197     }
198 
199     @Override
getMemberUserGroups()200     public RelatedObjectSet getMemberUserGroups() throws GuacamoleException {
201         UserGroupMemberUserGroupSet memberUserGroupSet = memberUserGroupSetProvider.get();
202         memberUserGroupSet.init(getCurrentUser(), this);
203         return memberUserGroupSet;
204     }
205 
206 }
207