View Javadoc
1   /*
2    * Copyright (c) 2002-2014, Mairie de Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.portal.business.rbac;
35  
36  import fr.paris.lutece.util.sql.DAOUtil;
37  
38  import java.util.ArrayList;
39  import java.util.Collection;
40  
41  
42  /**
43   * This class provides Data Access methods for RBAC objects
44   */
45  public final class RBACDAO implements IRBACDAO
46  {
47      // Constants
48      private static final String SQL_QUERY_NEW_PK = " SELECT max( rbac_id ) FROM core_admin_role_resource ";
49      private static final String SQL_QUERY_SELECT = " SELECT rbac_id, role_key, resource_type, resource_id, permission FROM core_admin_role_resource WHERE rbac_id = ?  ";
50      private static final String SQL_QUERY_INSERT = " INSERT INTO core_admin_role_resource ( rbac_id, role_key, resource_type, resource_id, permission ) VALUES ( ?, ?, ?, ?, ? ) ";
51      private static final String SQL_QUERY_DELETE = " DELETE FROM core_admin_role_resource WHERE rbac_id = ?  ";
52      private static final String SQL_QUERY_UPDATE = " UPDATE core_admin_role_resource SET rbac_id = ?, role_key = ?, resource_type = ?, resource_id = ?, permission = ? WHERE rbac_id = ?  ";
53      private static final String SQL_QUERY_SELECTALL = " SELECT rbac_id, role_key, resource_type, resource_id, permission FROM core_admin_role_resource ";
54      private static final String SQL_QUERY_SELECT_BY_ROLE = " SELECT rbac_id, role_key, resource_type, resource_id, permission FROM core_admin_role_resource WHERE role_key = ?  ORDER BY resource_type,resource_id,permission ";
55      private static final String SQL_QUERY_UPDATE_ROLES = " UPDATE core_admin_role_resource SET  role_key = ? WHERE role_key = ?  ";
56      private static final String SQL_QUERY_DELETE_FOR_ROLE_KEY = " DELETE FROM core_admin_role_resource WHERE role_key = ? ";
57  
58      // query used to retrieve the roles associeted with a resource
59      private static final String SQL_QUERY_SELECT_ROLE_KEYS = " SELECT DISTINCT role_key FROM core_admin_role_resource " +
60          " WHERE resource_type = ? AND " + "( resource_id = ? OR resource_id= ? ) AND" +
61          "( permission = ? OR permission= ? )";
62  
63      /**
64       * Generates a new primary key
65       * @return The new primary key
66       */
67      int newPrimaryKey(  )
68      {
69          DAOUtil daoUtil = new DAOUtil( SQL_QUERY_NEW_PK );
70          daoUtil.executeQuery(  );
71  
72          int nKey;
73  
74          if ( !daoUtil.next(  ) )
75          {
76              // if the table is empty
77              nKey = 1;
78          }
79  
80          nKey = daoUtil.getInt( 1 ) + 1;
81  
82          daoUtil.free(  );
83  
84          return nKey;
85      }
86  
87      /**
88       * Insert a new record in the table.
89       *
90       * @param rBAC The rBAC object
91       */
92      public synchronized void insert( RBAC rBAC )
93      {
94          rBAC.setRBACId( newPrimaryKey(  ) );
95  
96          DAOUtil daoUtil = new DAOUtil( SQL_QUERY_INSERT );
97          daoUtil.setInt( 1, rBAC.getRBACId(  ) );
98          daoUtil.setString( 2, rBAC.getRoleKey(  ) );
99          daoUtil.setString( 3, rBAC.getResourceTypeKey(  ) );
100         daoUtil.setString( 4, rBAC.getResourceId(  ) );
101         daoUtil.setString( 5, rBAC.getPermissionKey(  ) );
102 
103         daoUtil.executeUpdate(  );
104         daoUtil.free(  );
105     }
106 
107     /**
108      * Load the data of RBAC from the table
109      *
110      * @param nRBACId The identifier of RBAC
111      * @return the instance of the RBAC
112      */
113     public RBAC load( int nRBACId )
114     {
115         DAOUtil daoUtil = new DAOUtil( SQL_QUERY_SELECT );
116         daoUtil.setInt( 1, nRBACId );
117         daoUtil.executeQuery(  );
118 
119         RBAC rBAC = null;
120 
121         if ( daoUtil.next(  ) )
122         {
123             rBAC = new RBAC(  );
124             rBAC.setRBACId( daoUtil.getInt( 1 ) );
125             rBAC.setRoleKey( daoUtil.getString( 2 ) );
126             rBAC.setResourceTypeKey( daoUtil.getString( 3 ) );
127             rBAC.setResourceId( daoUtil.getString( 4 ) );
128             rBAC.setPermissionKey( daoUtil.getString( 5 ) );
129         }
130 
131         daoUtil.free(  );
132 
133         return rBAC;
134     }
135 
136     /**
137      * Delete a record from the table
138      * @param nRBACId The id of RBAC object to delete
139      */
140     public void delete( int nRBACId )
141     {
142         DAOUtil daoUtil = new DAOUtil( SQL_QUERY_DELETE );
143         daoUtil.setInt( 1, nRBACId );
144 
145         daoUtil.executeUpdate(  );
146         daoUtil.free(  );
147     }
148 
149     /**
150      * Update the record in the table
151      * @param rBAC The reference of rBAC
152      */
153     public void store( RBAC rBAC )
154     {
155         DAOUtil daoUtil = new DAOUtil( SQL_QUERY_UPDATE );
156         daoUtil.setInt( 1, rBAC.getRBACId(  ) );
157         daoUtil.setString( 2, rBAC.getRoleKey(  ) );
158         daoUtil.setString( 3, rBAC.getResourceTypeKey(  ) );
159         daoUtil.setString( 4, rBAC.getResourceId(  ) );
160         daoUtil.setString( 5, rBAC.getPermissionKey(  ) );
161         daoUtil.setInt( 6, rBAC.getRBACId(  ) );
162 
163         daoUtil.executeUpdate(  );
164         daoUtil.free(  );
165     }
166 
167     /**
168      * Load the list of rBACs
169      * @return The Collection of the RBACs
170      */
171     public Collection<RBAC> selectRBACList(  )
172     {
173         Collection<RBAC> listRBACs = new ArrayList<RBAC>(  );
174         DAOUtil daoUtil = new DAOUtil( SQL_QUERY_SELECTALL );
175         daoUtil.executeQuery(  );
176 
177         while ( daoUtil.next(  ) )
178         {
179             RBAC rBAC = new RBAC(  );
180             rBAC.setRBACId( daoUtil.getInt( 1 ) );
181             rBAC.setRoleKey( daoUtil.getString( 2 ) );
182             rBAC.setResourceTypeKey( daoUtil.getString( 3 ) );
183             rBAC.setResourceId( daoUtil.getString( 4 ) );
184             rBAC.setPermissionKey( daoUtil.getString( 5 ) );
185 
186             listRBACs.add( rBAC );
187         }
188 
189         daoUtil.free(  );
190 
191         return listRBACs;
192     }
193 
194     /**
195      * Find all the entries for a given role key
196      * @param strRoleKey the role key to search for
197      * @return A collection of rBACs
198      */
199     public Collection<RBAC> selectRBACListByRoleKey( String strRoleKey )
200     {
201         Collection<RBAC> listRBACs = new ArrayList<RBAC>(  );
202         DAOUtil daoUtil = new DAOUtil( SQL_QUERY_SELECT_BY_ROLE );
203         daoUtil.setString( 1, strRoleKey );
204         daoUtil.executeQuery(  );
205 
206         while ( daoUtil.next(  ) )
207         {
208             RBAC rBAC = new RBAC(  );
209             rBAC.setRBACId( daoUtil.getInt( 1 ) );
210             rBAC.setRoleKey( daoUtil.getString( 2 ) );
211             rBAC.setResourceTypeKey( daoUtil.getString( 3 ) );
212             rBAC.setResourceId( daoUtil.getString( 4 ) );
213             rBAC.setPermissionKey( daoUtil.getString( 5 ) );
214 
215             listRBACs.add( rBAC );
216         }
217 
218         daoUtil.free(  );
219 
220         return listRBACs;
221     }
222 
223     /**
224      * Update the role key of all the entries of a given role key
225      * @param strOldRoleKey the role key to update
226      * @param strNewRoleKey the new role key
227      */
228     public void updateRoleKey( String strOldRoleKey, String strNewRoleKey )
229     {
230         DAOUtil daoUtil = new DAOUtil( SQL_QUERY_UPDATE_ROLES );
231         daoUtil.setString( 1, strNewRoleKey );
232         daoUtil.setString( 2, strOldRoleKey );
233 
234         daoUtil.executeUpdate(  );
235         daoUtil.free(  );
236     }
237 
238     /**
239      * Remove all the entries of the given role key
240      * @param strRoleKey the role key of the entries to remove
241      */
242     public void deleteForRoleKey( String strRoleKey )
243     {
244         DAOUtil daoUtil = new DAOUtil( SQL_QUERY_DELETE_FOR_ROLE_KEY );
245         daoUtil.setString( 1, strRoleKey );
246 
247         daoUtil.executeUpdate(  );
248         daoUtil.free(  );
249     }
250 
251     /**
252      * @param strTypeCode The type code
253      * @param strId the id
254      * @param strPermission th permission
255      * @return listRoleKeys
256      */
257     public Collection<String> selectRoleKeys( String strTypeCode, String strId, String strPermission )
258     {
259         Collection<String> listRoleKeys = new ArrayList<String>(  );
260         DAOUtil daoUtil = new DAOUtil( SQL_QUERY_SELECT_ROLE_KEYS );
261         daoUtil.setString( 1, strTypeCode );
262 
263         daoUtil.setString( 2, strId );
264         daoUtil.setString( 3, RBAC.WILDCARD_RESOURCES_ID );
265 
266         daoUtil.setString( 4, strPermission );
267         daoUtil.setString( 5, RBAC.WILDCARD_PERMISSIONS_KEY );
268 
269         daoUtil.executeQuery(  );
270 
271         while ( daoUtil.next(  ) )
272         {
273             daoUtil.getString( 1 );
274             listRoleKeys.add( daoUtil.getString( 1 ) );
275         }
276 
277         daoUtil.free(  );
278 
279         return listRoleKeys;
280     }
281 }