1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 20 package org.apache.guacamole.auth.jdbc.usergroup; 21 22 import com.google.inject.Inject; 23 import com.google.inject.Provider; 24 import java.util.Arrays; 25 import java.util.Collection; 26 import java.util.Collections; 27 import java.util.HashSet; 28 import java.util.Map; 29 import java.util.Set; 30 import org.apache.guacamole.GuacamoleException; 31 import org.apache.guacamole.auth.jdbc.base.ModeledPermissions; 32 import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; 33 import org.apache.guacamole.form.BooleanField; 34 import org.apache.guacamole.form.Field; 35 import org.apache.guacamole.form.Form; 36 import org.apache.guacamole.net.auth.RelatedObjectSet; 37 import org.apache.guacamole.net.auth.UserGroup; 38 39 /** 40 * An implementation of the UserGroup object which is backed by a database model. 41 */ 42 public class ModeledUserGroup extends ModeledPermissions<UserGroupModel> 43 implements UserGroup { 44 45 /** 46 * The name of the attribute which controls whether a user group is 47 * disabled. 48 */ 49 public static final String DISABLED_ATTRIBUTE_NAME = "disabled"; 50 51 /** 52 * All attributes related to restricting user groups, within a logical 53 * form. 54 */ 55 public static final Form ACCOUNT_RESTRICTIONS = new Form("restrictions", Arrays.<Field>asList( 56 new BooleanField(DISABLED_ATTRIBUTE_NAME, "true") 57 )); 58 59 /** 60 * All possible attributes of user groups organized as individual, 61 * logical forms. 62 */ 63 public static final Collection<Form> ATTRIBUTES = Collections.unmodifiableCollection(Arrays.asList( 64 ACCOUNT_RESTRICTIONS 65 )); 66 67 /** 68 * The names of all attributes which are explicitly supported by this 69 * extension's UserGroup objects. 70 */ 71 public static final Set<String> ATTRIBUTE_NAMES = 72 Collections.unmodifiableSet(new HashSet<String>(Arrays.asList( 73 DISABLED_ATTRIBUTE_NAME 74 ))); 75 76 /** 77 * Provider for RelatedObjectSets containing the user groups of which this 78 * user group is a member. 79 */ 80 @Inject 81 private Provider<UserGroupParentUserGroupSet> parentUserGroupSetProvider; 82 83 /** 84 * Provider for RelatedObjectSets containing the users that are members of 85 * this user group. 86 */ 87 @Inject 88 private Provider<UserGroupMemberUserSet> memberUserSetProvider; 89 90 /** 91 * Provider for RelatedObjectSets containing the user groups that are 92 * members of this user group. 93 */ 94 @Inject 95 private Provider<UserGroupMemberUserGroupSet> memberUserGroupSetProvider; 96 97 /** 98 * Whether attributes which control access restrictions should be exposed 99 * via getAttributes() or allowed to be set via setAttributes(). 100 */ 101 private boolean exposeRestrictedAttributes = false; 102 103 /** 104 * Initializes this ModeledUserGroup, associating it with the current 105 * authenticated user and populating it with data from the given user group 106 * model. 107 * 108 * @param currentUser 109 * The user that created or retrieved this object. 110 * 111 * @param model 112 * The backing model object. 113 * 114 * @param exposeRestrictedAttributes 115 * Whether attributes which control access restrictions should be 116 * exposed via getAttributes() or allowed to be set via 117 * setAttributes(). 118 */ init(ModeledAuthenticatedUser currentUser, UserGroupModel model, boolean exposeRestrictedAttributes)119 public void init(ModeledAuthenticatedUser currentUser, UserGroupModel model, 120 boolean exposeRestrictedAttributes) { 121 super.init(currentUser, model); 122 this.exposeRestrictedAttributes = exposeRestrictedAttributes; 123 } 124 125 /** 126 * Stores all restricted (privileged) attributes within the given Map, 127 * pulling the values of those attributes from the underlying user group 128 * model. If no value is yet defined for an attribute, that attribute will 129 * be set to null. 130 * 131 * @param attributes 132 * The Map to store all restricted attributes within. 133 */ putRestrictedAttributes(Map<String, String> attributes)134 private void putRestrictedAttributes(Map<String, String> attributes) { 135 136 // Set disabled attribute 137 attributes.put(DISABLED_ATTRIBUTE_NAME, getModel().isDisabled() ? "true" : null); 138 139 } 140 141 /** 142 * Stores all restricted (privileged) attributes within the underlying user 143 * group model, pulling the values of those attributes from the given Map. 144 * 145 * @param attributes 146 * The Map to pull all restricted attributes from. 147 */ setRestrictedAttributes(Map<String, String> attributes)148 private void setRestrictedAttributes(Map<String, String> attributes) { 149 150 // Translate disabled attribute 151 getModel().setDisabled("true".equals(attributes.get(DISABLED_ATTRIBUTE_NAME))); 152 153 } 154 155 @Override getSupportedAttributeNames()156 public Set<String> getSupportedAttributeNames() { 157 return ATTRIBUTE_NAMES; 158 } 159 160 @Override getAttributes()161 public Map<String, String> getAttributes() { 162 163 // Include any defined arbitrary attributes 164 Map<String, String> attributes = super.getAttributes(); 165 166 // Include restricted attributes only if they should be exposed 167 if (exposeRestrictedAttributes) 168 putRestrictedAttributes(attributes); 169 170 return attributes; 171 } 172 173 @Override setAttributes(Map<String, String> attributes)174 public void setAttributes(Map<String, String> attributes) { 175 176 // Set arbitrary attributes 177 super.setAttributes(attributes); 178 179 // Assign restricted attributes only if they are exposed 180 if (exposeRestrictedAttributes) 181 setRestrictedAttributes(attributes); 182 183 } 184 185 @Override getUserGroups()186 public RelatedObjectSet getUserGroups() throws GuacamoleException { 187 UserGroupParentUserGroupSet parentUserGroupSet = parentUserGroupSetProvider.get(); 188 parentUserGroupSet.init(getCurrentUser(), this); 189 return parentUserGroupSet; 190 } 191 192 @Override getMemberUsers()193 public RelatedObjectSet getMemberUsers() throws GuacamoleException { 194 UserGroupMemberUserSet memberUserSet = memberUserSetProvider.get(); 195 memberUserSet.init(getCurrentUser(), this); 196 return memberUserSet; 197 } 198 199 @Override getMemberUserGroups()200 public RelatedObjectSet getMemberUserGroups() throws GuacamoleException { 201 UserGroupMemberUserGroupSet memberUserGroupSet = memberUserGroupSetProvider.get(); 202 memberUserGroupSet.init(getCurrentUser(), this); 203 return memberUserGroupSet; 204 } 205 206 } 207