View Javadoc
1   /*
2    * Copyright (c) 2002-2022, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.portal.business.rbac;
35  
36  import fr.paris.lutece.util.sql.DAOUtil;
37  
38  import java.sql.Statement;
39  import java.util.ArrayList;
40  import java.util.Collection;
41  import java.util.stream.Collectors;
42  
43  /**
44   * This class provides Data Access methods for RBAC objects
45   */
46  public final class RBACDAO implements IRBACDAO
47  {
48      // Constants
49      private static final String SQL_QUERY_SELECT = " SELECT rbac_id, role_key, resource_type, resource_id, permission FROM core_admin_role_resource WHERE rbac_id = ?  ";
50      private static final String SQL_QUERY_INSERT = " INSERT INTO core_admin_role_resource ( role_key, resource_type, resource_id, permission ) VALUES ( ?, ?, ?, ? ) ";
51      private static final String SQL_QUERY_DELETE = " DELETE FROM core_admin_role_resource WHERE rbac_id = ?  ";
52      private static final String SQL_QUERY_UPDATE = " UPDATE core_admin_role_resource SET rbac_id = ?, role_key = ?, resource_type = ?, resource_id = ?, permission = ? WHERE rbac_id = ?  ";
53      private static final String SQL_QUERY_SELECTALL = " SELECT rbac_id, role_key, resource_type, resource_id, permission FROM core_admin_role_resource ";
54      private static final String SQL_QUERY_SELECT_BY_ROLE = " SELECT rbac_id, role_key, resource_type, resource_id, permission FROM core_admin_role_resource WHERE role_key = ?  ORDER BY resource_type,resource_id,permission ";
55      private static final String SQL_QUERY_UPDATE_ROLES = " UPDATE core_admin_role_resource SET  role_key = ? WHERE role_key = ?  ";
56      private static final String SQL_QUERY_DELETE_FOR_ROLE_KEY = " DELETE FROM core_admin_role_resource WHERE role_key = ? ";
57      private static final String SQL_QUERY_DELETE_BY_RESOURCE_TYPE_AND_RESOURCE_ID = " DELETE FROM core_admin_role_resource WHERE resource_type = ? AND resource_id = ? ";
58  
59      // query used to retrieve the roles associeted with a resource
60      private static final String SQL_QUERY_SELECT_ROLE_KEYS = " SELECT DISTINCT role_key FROM core_admin_role_resource " + " WHERE resource_type = ? AND "
61              + "( resource_id = ? OR resource_id= ? ) AND" + "( permission = ? OR permission= ? )";
62      private static final String SQL_QUERY_SELECT_BY_PERMISSIONS_AND_ROLES_PART1 = " SELECT rbac_id, role_key, resource_type, resource_id, permission FROM core_admin_role_resource WHERE role_key IN (";
63      private static final String SQL_QUERY_SELECT_BY_PERMISSIONS_AND_ROLES_PART2 = ") AND ( permission IN (";
64      private static final String SQL_QUERY_SELECT_BY_PERMISSIONS_AND_ROLES_PART3 = ") OR permission = ? ) ";
65  
66      /**
67       * Insert a new record in the table.
68       *
69       * @param rBAC
70       *            The rBAC object
71       */
72      public void insert( RBAC rBAC )
73      {
74          try ( DAOUtil/DAOUtil.html#DAOUtil">DAOUtil daoUtil = new DAOUtil( SQL_QUERY_INSERT, Statement.RETURN_GENERATED_KEYS ) )
75          {
76              int nIndex = 1;
77              daoUtil.setString( nIndex++, rBAC.getRoleKey( ) );
78              daoUtil.setString( nIndex++, rBAC.getResourceTypeKey( ) );
79              daoUtil.setString( nIndex++, rBAC.getResourceId( ) );
80              daoUtil.setString( nIndex, rBAC.getPermissionKey( ) );
81  
82              daoUtil.executeUpdate( );
83  
84              if ( daoUtil.nextGeneratedKey( ) )
85              {
86                  rBAC.setRBACId( daoUtil.getGeneratedKeyInt( 1 ) );
87              }
88  
89          }
90      }
91  
92      /**
93       * Load the data of RBAC from the table
94       *
95       * @param nRBACId
96       *            The identifier of RBAC
97       * @return the instance of the RBAC
98       */
99      public RBAC load( int nRBACId )
100     {
101         RBAC rBAC = null;
102         try ( DAOUtil/DAOUtil.html#DAOUtil">DAOUtil daoUtil = new DAOUtil( SQL_QUERY_SELECT ) )
103         {
104             daoUtil.setInt( 1, nRBACId );
105             daoUtil.executeQuery( );
106 
107             if ( daoUtil.next( ) )
108             {
109                 rBAC = new RBAC( );
110                 rBAC.setRBACId( daoUtil.getInt( 1 ) );
111                 rBAC.setRoleKey( daoUtil.getString( 2 ) );
112                 rBAC.setResourceTypeKey( daoUtil.getString( 3 ) );
113                 rBAC.setResourceId( daoUtil.getString( 4 ) );
114                 rBAC.setPermissionKey( daoUtil.getString( 5 ) );
115             }
116 
117         }
118 
119         return rBAC;
120     }
121 
122     /**
123      * Delete a record from the table
124      * 
125      * @param nRBACId
126      *            The id of RBAC object to delete
127      */
128     public void delete( int nRBACId )
129     {
130         try ( DAOUtil/DAOUtil.html#DAOUtil">DAOUtil daoUtil = new DAOUtil( SQL_QUERY_DELETE ) )
131         {
132             daoUtil.setInt( 1, nRBACId );
133 
134             daoUtil.executeUpdate( );
135         }
136     }
137 
138     /**
139      * Update the record in the table
140      * 
141      * @param rBAC
142      *            The reference of rBAC
143      */
144     public void store( RBAC rBAC )
145     {
146         try ( DAOUtil/DAOUtil.html#DAOUtil">DAOUtil daoUtil = new DAOUtil( SQL_QUERY_UPDATE ) )
147         {
148             daoUtil.setInt( 1, rBAC.getRBACId( ) );
149             daoUtil.setString( 2, rBAC.getRoleKey( ) );
150             daoUtil.setString( 3, rBAC.getResourceTypeKey( ) );
151             daoUtil.setString( 4, rBAC.getResourceId( ) );
152             daoUtil.setString( 5, rBAC.getPermissionKey( ) );
153             daoUtil.setInt( 6, rBAC.getRBACId( ) );
154 
155             daoUtil.executeUpdate( );
156         }
157     }
158 
159     /**
160      * Load the list of rBACs
161      * 
162      * @return The Collection of the RBACs
163      */
164     public Collection<RBAC> selectRBACList( )
165     {
166         Collection<RBAC> listRBACs = new ArrayList<>( );
167         try ( DAOUtil/DAOUtil.html#DAOUtil">DAOUtil daoUtil = new DAOUtil( SQL_QUERY_SELECTALL ) )
168         {
169             daoUtil.executeQuery( );
170 
171             while ( daoUtil.next( ) )
172             {
173                 RBACrtal/business/rbac/RBAC.html#RBAC">RBAC rBAC = new RBAC( );
174                 rBAC.setRBACId( daoUtil.getInt( 1 ) );
175                 rBAC.setRoleKey( daoUtil.getString( 2 ) );
176                 rBAC.setResourceTypeKey( daoUtil.getString( 3 ) );
177                 rBAC.setResourceId( daoUtil.getString( 4 ) );
178                 rBAC.setPermissionKey( daoUtil.getString( 5 ) );
179 
180                 listRBACs.add( rBAC );
181             }
182 
183         }
184 
185         return listRBACs;
186     }
187 
188     /**
189      * Find all the entries for a given role key
190      * 
191      * @param strRoleKey
192      *            the role key to search for
193      * @return A collection of rBACs
194      */
195     public Collection<RBAC> selectRBACListByRoleKey( String strRoleKey )
196     {
197         Collection<RBAC> listRBACs = new ArrayList<>( );
198         try ( DAOUtil/DAOUtil.html#DAOUtil">DAOUtil daoUtil = new DAOUtil( SQL_QUERY_SELECT_BY_ROLE ) )
199         {
200             daoUtil.setString( 1, strRoleKey );
201             daoUtil.executeQuery( );
202 
203             while ( daoUtil.next( ) )
204             {
205                 RBACrtal/business/rbac/RBAC.html#RBAC">RBAC rBAC = new RBAC( );
206                 rBAC.setRBACId( daoUtil.getInt( 1 ) );
207                 rBAC.setRoleKey( daoUtil.getString( 2 ) );
208                 rBAC.setResourceTypeKey( daoUtil.getString( 3 ) );
209                 rBAC.setResourceId( daoUtil.getString( 4 ) );
210                 rBAC.setPermissionKey( daoUtil.getString( 5 ) );
211 
212                 listRBACs.add( rBAC );
213             }
214 
215         }
216 
217         return listRBACs;
218     }
219 
220     @Override
221     public Collection<RBAC> selectByPermissionsAndRoles( Collection<String> permissions, Collection<String> roles )
222     {
223         String query = new StringBuilder( SQL_QUERY_SELECT_BY_PERMISSIONS_AND_ROLES_PART1 )
224                 .append( roles.stream( ).map( r -> "?" ).collect( Collectors.joining( "," ) ) )
225                 .append( SQL_QUERY_SELECT_BY_PERMISSIONS_AND_ROLES_PART2 )
226                 .append( permissions.stream( ).map( r -> "?" ).collect( Collectors.joining( "," ) ) )
227                 .append( SQL_QUERY_SELECT_BY_PERMISSIONS_AND_ROLES_PART3 ).toString( );
228         Collection<RBAC> listRBACs = new ArrayList<>( );
229         try ( DAOUtil/DAOUtil.html#DAOUtil">DAOUtil daoUtil = new DAOUtil( query ) )
230         {
231             int nIndex = 1;
232             for ( String role : roles )
233             {
234                 daoUtil.setString( nIndex++, role );
235             }
236             for ( String permission : permissions )
237             {
238                 daoUtil.setString( nIndex++, permission );
239             }
240             daoUtil.setString( nIndex++, RBAC.WILDCARD_PERMISSIONS_KEY );
241             daoUtil.executeQuery( );
242 
243             while ( daoUtil.next( ) )
244             {
245                 RBACrtal/business/rbac/RBAC.html#RBAC">RBAC rBAC = new RBAC( );
246                 rBAC.setRBACId( daoUtil.getInt( 1 ) );
247                 rBAC.setRoleKey( daoUtil.getString( 2 ) );
248                 rBAC.setResourceTypeKey( daoUtil.getString( 3 ) );
249                 rBAC.setResourceId( daoUtil.getString( 4 ) );
250                 rBAC.setPermissionKey( daoUtil.getString( 5 ) );
251 
252                 listRBACs.add( rBAC );
253             }
254 
255         }
256         return listRBACs;
257     }
258 
259     /**
260      * Update the role key of all the entries of a given role key
261      * 
262      * @param strOldRoleKey
263      *            the role key to update
264      * @param strNewRoleKey
265      *            the new role key
266      */
267     public void updateRoleKey( String strOldRoleKey, String strNewRoleKey )
268     {
269         try ( DAOUtil/DAOUtil.html#DAOUtil">DAOUtil daoUtil = new DAOUtil( SQL_QUERY_UPDATE_ROLES ) )
270         {
271             daoUtil.setString( 1, strNewRoleKey );
272             daoUtil.setString( 2, strOldRoleKey );
273 
274             daoUtil.executeUpdate( );
275         }
276     }
277 
278     /**
279      * Remove all the entries of the given role key
280      * 
281      * @param strRoleKey
282      *            the role key of the entries to remove
283      */
284     public void deleteForRoleKey( String strRoleKey )
285     {
286         try ( DAOUtil/DAOUtil.html#DAOUtil">DAOUtil daoUtil = new DAOUtil( SQL_QUERY_DELETE_FOR_ROLE_KEY ) )
287         {
288             daoUtil.setString( 1, strRoleKey );
289 
290             daoUtil.executeUpdate( );
291         }
292     }
293 
294     /**
295      * @param strTypeCode
296      *            The type code
297      * @param strId
298      *            the id
299      * @param strPermission
300      *            th permission
301      * @return listRoleKeys
302      */
303     public Collection<String> selectRoleKeys( String strTypeCode, String strId, String strPermission )
304     {
305         Collection<String> listRoleKeys = new ArrayList<>( );
306         try ( DAOUtil/DAOUtil.html#DAOUtil">DAOUtil daoUtil = new DAOUtil( SQL_QUERY_SELECT_ROLE_KEYS ) )
307         {
308             daoUtil.setString( 1, strTypeCode );
309 
310             daoUtil.setString( 2, strId );
311             daoUtil.setString( 3, RBAC.WILDCARD_RESOURCES_ID );
312 
313             daoUtil.setString( 4, strPermission );
314             daoUtil.setString( 5, RBAC.WILDCARD_PERMISSIONS_KEY );
315 
316             daoUtil.executeQuery( );
317 
318             while ( daoUtil.next( ) )
319             {
320                 daoUtil.getString( 1 );
321                 listRoleKeys.add( daoUtil.getString( 1 ) );
322             }
323 
324         }
325 
326         return listRoleKeys;
327     }
328 
329     /**
330      * {@inheritDoc }
331      */
332     @Override
333     public void deleteForResourceTypeAndId( String strResourceType, String strResourceId )
334     {
335         try ( DAOUtil/DAOUtil.html#DAOUtil">DAOUtil daoUtil = new DAOUtil( SQL_QUERY_DELETE_BY_RESOURCE_TYPE_AND_RESOURCE_ID ) )
336         {
337             daoUtil.setString( 1, strResourceType );
338             daoUtil.setString( 2, strResourceId );
339 
340             daoUtil.executeUpdate( );
341         }
342     }
343 
344 }