RBACDAO.java

  1. /*
  2.  * Copyright (c) 2002-2022, City of Paris
  3.  * All rights reserved.
  4.  *
  5.  * Redistribution and use in source and binary forms, with or without
  6.  * modification, are permitted provided that the following conditions
  7.  * are met:
  8.  *
  9.  *  1. Redistributions of source code must retain the above copyright notice
  10.  *     and the following disclaimer.
  11.  *
  12.  *  2. Redistributions in binary form must reproduce the above copyright notice
  13.  *     and the following disclaimer in the documentation and/or other materials
  14.  *     provided with the distribution.
  15.  *
  16.  *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
  17.  *     contributors may be used to endorse or promote products derived from
  18.  *     this software without specific prior written permission.
  19.  *
  20.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  21.  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23.  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
  24.  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  25.  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  26.  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  27.  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  28.  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  29.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  30.  * POSSIBILITY OF SUCH DAMAGE.
  31.  *
  32.  * License 1.0
  33.  */
  34. package fr.paris.lutece.portal.business.rbac;

  36. import fr.paris.lutece.util.sql.DAOUtil;

  38. import java.sql.Statement;
  39. import java.util.ArrayList;
  40. import java.util.Collection;
  41. import java.util.stream.Collectors;

  43. /**
  44.  * This class provides Data Access methods for RBAC objects
  45.  */
  46. public final class RBACDAO implements IRBACDAO
  47. {
  48.     // Constants
  49.     private static final String SQL_QUERY_SELECT = " SELECT rbac_id, role_key, resource_type, resource_id, permission FROM core_admin_role_resource WHERE rbac_id = ?  ";
  50.     private static final String SQL_QUERY_INSERT = " INSERT INTO core_admin_role_resource ( role_key, resource_type, resource_id, permission ) VALUES ( ?, ?, ?, ? ) ";
  51.     private static final String SQL_QUERY_DELETE = " DELETE FROM core_admin_role_resource WHERE rbac_id = ?  ";
  52.     private static final String SQL_QUERY_UPDATE = " UPDATE core_admin_role_resource SET rbac_id = ?, role_key = ?, resource_type = ?, resource_id = ?, permission = ? WHERE rbac_id = ?  ";
  53.     private static final String SQL_QUERY_SELECTALL = " SELECT rbac_id, role_key, resource_type, resource_id, permission FROM core_admin_role_resource ";
  54.     private static final String SQL_QUERY_SELECT_BY_ROLE = " SELECT rbac_id, role_key, resource_type, resource_id, permission FROM core_admin_role_resource WHERE role_key = ?  ORDER BY resource_type,resource_id,permission ";
  55.     private static final String SQL_QUERY_UPDATE_ROLES = " UPDATE core_admin_role_resource SET  role_key = ? WHERE role_key = ?  ";
  56.     private static final String SQL_QUERY_DELETE_FOR_ROLE_KEY = " DELETE FROM core_admin_role_resource WHERE role_key = ? ";
  57.     private static final String SQL_QUERY_DELETE_BY_RESOURCE_TYPE_AND_RESOURCE_ID = " DELETE FROM core_admin_role_resource WHERE resource_type = ? AND resource_id = ? ";

  59.     // query used to retrieve the roles associeted with a resource
  60.     private static final String SQL_QUERY_SELECT_ROLE_KEYS = " SELECT DISTINCT role_key FROM core_admin_role_resource " + " WHERE resource_type = ? AND "
  61.             + "( resource_id = ? OR resource_id= ? ) AND" + "( permission = ? OR permission= ? )";
  62.     private static final String SQL_QUERY_SELECT_BY_PERMISSIONS_AND_ROLES_PART1 = " SELECT rbac_id, role_key, resource_type, resource_id, permission FROM core_admin_role_resource WHERE role_key IN (";
  63.     private static final String SQL_QUERY_SELECT_BY_PERMISSIONS_AND_ROLES_PART2 = ") AND ( permission IN (";
  64.     private static final String SQL_QUERY_SELECT_BY_PERMISSIONS_AND_ROLES_PART3 = ") OR permission = ? ) ";

  66.     /**
  67.      * Insert a new record in the table.
  68.      *
  69.      * @param rBAC
  70.      *            The rBAC object
  71.      */
  72.     public void insert( RBAC rBAC )
  73.     {
  74.         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_INSERT, Statement.RETURN_GENERATED_KEYS ) )
  75.         {
  76.             int nIndex = 1;
  77.             daoUtil.setString( nIndex++, rBAC.getRoleKey( ) );
  78.             daoUtil.setString( nIndex++, rBAC.getResourceTypeKey( ) );
  79.             daoUtil.setString( nIndex++, rBAC.getResourceId( ) );
  80.             daoUtil.setString( nIndex, rBAC.getPermissionKey( ) );

  82.             daoUtil.executeUpdate( );

  84.             if ( daoUtil.nextGeneratedKey( ) )
  85.             {
  86.                 rBAC.setRBACId( daoUtil.getGeneratedKeyInt( 1 ) );
  87.             }

  89.         }
  90.     }

  92.     /**
  93.      * Load the data of RBAC from the table
  94.      *
  95.      * @param nRBACId
  96.      *            The identifier of RBAC
  97.      * @return the instance of the RBAC
  98.      */
  99.     public RBAC load( int nRBACId )
  100.     {
  101.         RBAC rBAC = null;
  102.         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_SELECT ) )
  103.         {
  104.             daoUtil.setInt( 1, nRBACId );
  105.             daoUtil.executeQuery( );

  107.             if ( daoUtil.next( ) )
  108.             {
  109.                 rBAC = new RBAC( );
  110.                 rBAC.setRBACId( daoUtil.getInt( 1 ) );
  111.                 rBAC.setRoleKey( daoUtil.getString( 2 ) );
  112.                 rBAC.setResourceTypeKey( daoUtil.getString( 3 ) );
  113.                 rBAC.setResourceId( daoUtil.getString( 4 ) );
  114.                 rBAC.setPermissionKey( daoUtil.getString( 5 ) );
  115.             }

  117.         }

  119.         return rBAC;
  120.     }

  122.     /**
  123.      * Delete a record from the table
  124.      * 
  125.      * @param nRBACId
  126.      *            The id of RBAC object to delete
  127.      */
  128.     public void delete( int nRBACId )
  129.     {
  130.         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_DELETE ) )
  131.         {
  132.             daoUtil.setInt( 1, nRBACId );

  134.             daoUtil.executeUpdate( );
  135.         }
  136.     }

  138.     /**
  139.      * Update the record in the table
  140.      * 
  141.      * @param rBAC
  142.      *            The reference of rBAC
  143.      */
  144.     public void store( RBAC rBAC )
  145.     {
  146.         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_UPDATE ) )
  147.         {
  148.             daoUtil.setInt( 1, rBAC.getRBACId( ) );
  149.             daoUtil.setString( 2, rBAC.getRoleKey( ) );
  150.             daoUtil.setString( 3, rBAC.getResourceTypeKey( ) );
  151.             daoUtil.setString( 4, rBAC.getResourceId( ) );
  152.             daoUtil.setString( 5, rBAC.getPermissionKey( ) );
  153.             daoUtil.setInt( 6, rBAC.getRBACId( ) );

  155.             daoUtil.executeUpdate( );
  156.         }
  157.     }

  159.     /**
  160.      * Load the list of rBACs
  161.      * 
  162.      * @return The Collection of the RBACs
  163.      */
  164.     public Collection<RBAC> selectRBACList( )
  165.     {
  166.         Collection<RBAC> listRBACs = new ArrayList<>( );
  167.         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_SELECTALL ) )
  168.         {
  169.             daoUtil.executeQuery( );

  171.             while ( daoUtil.next( ) )
  172.             {
  173.                 RBAC rBAC = new RBAC( );
  174.                 rBAC.setRBACId( daoUtil.getInt( 1 ) );
  175.                 rBAC.setRoleKey( daoUtil.getString( 2 ) );
  176.                 rBAC.setResourceTypeKey( daoUtil.getString( 3 ) );
  177.                 rBAC.setResourceId( daoUtil.getString( 4 ) );
  178.                 rBAC.setPermissionKey( daoUtil.getString( 5 ) );

  180.                 listRBACs.add( rBAC );
  181.             }

  183.         }

  185.         return listRBACs;
  186.     }

  188.     /**
  189.      * Find all the entries for a given role key
  190.      * 
  191.      * @param strRoleKey
  192.      *            the role key to search for
  193.      * @return A collection of rBACs
  194.      */
  195.     public Collection<RBAC> selectRBACListByRoleKey( String strRoleKey )
  196.     {
  197.         Collection<RBAC> listRBACs = new ArrayList<>( );
  198.         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_SELECT_BY_ROLE ) )
  199.         {
  200.             daoUtil.setString( 1, strRoleKey );
  201.             daoUtil.executeQuery( );

  203.             while ( daoUtil.next( ) )
  204.             {
  205.                 RBAC rBAC = new RBAC( );
  206.                 rBAC.setRBACId( daoUtil.getInt( 1 ) );
  207.                 rBAC.setRoleKey( daoUtil.getString( 2 ) );
  208.                 rBAC.setResourceTypeKey( daoUtil.getString( 3 ) );
  209.                 rBAC.setResourceId( daoUtil.getString( 4 ) );
  210.                 rBAC.setPermissionKey( daoUtil.getString( 5 ) );

  212.                 listRBACs.add( rBAC );
  213.             }

  215.         }

  217.         return listRBACs;
  218.     }

  220.     @Override
  221.     public Collection<RBAC> selectByPermissionsAndRoles( Collection<String> permissions, Collection<String> roles )
  222.     {
  223.         String query = new StringBuilder( SQL_QUERY_SELECT_BY_PERMISSIONS_AND_ROLES_PART1 )
  224.                 .append( roles.stream( ).map( r -> "?" ).collect( Collectors.joining( "," ) ) )
  225.                 .append( SQL_QUERY_SELECT_BY_PERMISSIONS_AND_ROLES_PART2 )
  226.                 .append( permissions.stream( ).map( r -> "?" ).collect( Collectors.joining( "," ) ) )
  227.                 .append( SQL_QUERY_SELECT_BY_PERMISSIONS_AND_ROLES_PART3 ).toString( );
  228.         Collection<RBAC> listRBACs = new ArrayList<>( );
  229.         try ( DAOUtil daoUtil = new DAOUtil( query ) )
  230.         {
  231.             int nIndex = 1;
  232.             for ( String role : roles )
  233.             {
  234.                 daoUtil.setString( nIndex++, role );
  235.             }
  236.             for ( String permission : permissions )
  237.             {
  238.                 daoUtil.setString( nIndex++, permission );
  239.             }
  240.             daoUtil.setString( nIndex++, RBAC.WILDCARD_PERMISSIONS_KEY );
  241.             daoUtil.executeQuery( );

  243.             while ( daoUtil.next( ) )
  244.             {
  245.                 RBAC rBAC = new RBAC( );
  246.                 rBAC.setRBACId( daoUtil.getInt( 1 ) );
  247.                 rBAC.setRoleKey( daoUtil.getString( 2 ) );
  248.                 rBAC.setResourceTypeKey( daoUtil.getString( 3 ) );
  249.                 rBAC.setResourceId( daoUtil.getString( 4 ) );
  250.                 rBAC.setPermissionKey( daoUtil.getString( 5 ) );

  252.                 listRBACs.add( rBAC );
  253.             }

  255.         }
  256.         return listRBACs;
  257.     }

  259.     /**
  260.      * Update the role key of all the entries of a given role key
  261.      * 
  262.      * @param strOldRoleKey
  263.      *            the role key to update
  264.      * @param strNewRoleKey
  265.      *            the new role key
  266.      */
  267.     public void updateRoleKey( String strOldRoleKey, String strNewRoleKey )
  268.     {
  269.         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_UPDATE_ROLES ) )
  270.         {
  271.             daoUtil.setString( 1, strNewRoleKey );
  272.             daoUtil.setString( 2, strOldRoleKey );

  274.             daoUtil.executeUpdate( );
  275.         }
  276.     }

  278.     /**
  279.      * Remove all the entries of the given role key
  280.      * 
  281.      * @param strRoleKey
  282.      *            the role key of the entries to remove
  283.      */
  284.     public void deleteForRoleKey( String strRoleKey )
  285.     {
  286.         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_DELETE_FOR_ROLE_KEY ) )
  287.         {
  288.             daoUtil.setString( 1, strRoleKey );

  290.             daoUtil.executeUpdate( );
  291.         }
  292.     }

  294.     /**
  295.      * @param strTypeCode
  296.      *            The type code
  297.      * @param strId
  298.      *            the id
  299.      * @param strPermission
  300.      *            th permission
  301.      * @return listRoleKeys
  302.      */
  303.     public Collection<String> selectRoleKeys( String strTypeCode, String strId, String strPermission )
  304.     {
  305.         Collection<String> listRoleKeys = new ArrayList<>( );
  306.         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_SELECT_ROLE_KEYS ) )
  307.         {
  308.             daoUtil.setString( 1, strTypeCode );

  310.             daoUtil.setString( 2, strId );
  311.             daoUtil.setString( 3, RBAC.WILDCARD_RESOURCES_ID );

  313.             daoUtil.setString( 4, strPermission );
  314.             daoUtil.setString( 5, RBAC.WILDCARD_PERMISSIONS_KEY );

  316.             daoUtil.executeQuery( );

  318.             while ( daoUtil.next( ) )
  319.             {
  320.                 daoUtil.getString( 1 );
  321.                 listRoleKeys.add( daoUtil.getString( 1 ) );
  322.             }

  324.         }

  326.         return listRoleKeys;
  327.     }

  329.     /**
  330.      * {@inheritDoc }
  331.      */
  332.     @Override
  333.     public void deleteForResourceTypeAndId( String strResourceType, String strResourceId )
  334.     {
  335.         try ( DAOUtil daoUtil = new DAOUtil( SQL_QUERY_DELETE_BY_RESOURCE_TYPE_AND_RESOURCE_ID ) )
  336.         {
  337.             daoUtil.setString( 1, strResourceType );
  338.             daoUtil.setString( 2, strResourceId );

  340.             daoUtil.executeUpdate( );
  341.         }
  342.     }

  344. }
Created with JaCoCo 0.8.4.201905082037