Source code

001/*
002 * (C) Copyright 2010 Nuxeo SA (http://nuxeo.com/) and contributors.
003 *
004 * All rights reserved. This program and the accompanying materials
005 * are made available under the terms of the GNU Lesser General Public License
006 * (LGPL) version 2.1 which accompanies this distribution, and is available at
007 * http://www.gnu.org/licenses/lgpl.html
008 *
009 * This library is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * Contributors:
015 *     Arnaud Kervern
016 */
017
018package org.nuxeo.ecm.platform.shibboleth;
019
020import java.io.Serializable;
021import java.util.HashMap;
022import java.util.HashSet;
023import java.util.List;
024import java.util.Map;
025
026import org.nuxeo.ecm.core.api.CoreSession;
027import org.nuxeo.ecm.core.api.DocumentModel;
028import org.nuxeo.ecm.core.api.DocumentModelComparator;
029import org.nuxeo.ecm.core.api.DocumentModelList;
030import org.nuxeo.ecm.core.api.model.InvalidPropertyValueException;
031import org.nuxeo.ecm.directory.Directory;
032import org.nuxeo.ecm.directory.DirectoryException;
033import org.nuxeo.ecm.directory.Reference;
034import org.nuxeo.ecm.directory.Session;
035import org.nuxeo.ecm.directory.api.DirectoryService;
036import org.nuxeo.ecm.platform.shibboleth.computedgroups.ELGroupComputerHelper;
037import org.nuxeo.ecm.platform.usermanager.UserManager;
038import org.nuxeo.ecm.platform.usermanager.exceptions.GroupAlreadyExistsException;
039import org.nuxeo.runtime.api.Framework;
040
041public class ShibbolethGroupHelper {
042
043    private ShibbolethGroupHelper() {
044        // Helper class
045    }
046
047    protected static DirectoryService getDirectoryService() {
048        return Framework.getService(DirectoryService.class);
049    }
050
051    protected static UserManager getUserManager() {
052        return Framework.getService(UserManager.class);
053    }
054
055    public static DocumentModel getBareGroupModel(CoreSession core) {
056        return core.createDocumentModel(ShibbolethConstants.SHIBBOLETH_DOCTYPE);
057    }
058
059    public static DocumentModel createGroup(DocumentModel group) {
060        try (Session session = getDirectoryService().open(ShibbolethConstants.SHIBBOLETH_DIRECTORY)) {
061            if (session.hasEntry(group.getPropertyValue(
062                    ShibbolethConstants.SHIBBOLETH_SCHEMA + ":" + ShibbolethConstants.GROUP_ID_PROPERTY).toString())) {
063                throw new GroupAlreadyExistsException();
064            }
065
066            checkExpressionLanguageValidity(group);
067
068            group = session.createEntry(group);
069            return group;
070        }
071    }
072
073    public static DocumentModel getGroup(String groupName) throws DirectoryException {
074        try (Session session = getDirectoryService().open(ShibbolethConstants.SHIBBOLETH_DIRECTORY)) {
075            return session.getEntry(groupName);
076        }
077    }
078
079    public static void updateGroup(DocumentModel group) {
080        try (Session session = getDirectoryService().open(ShibbolethConstants.SHIBBOLETH_DIRECTORY)) {
081            checkExpressionLanguageValidity(group);
082
083            session.updateEntry(group);
084        }
085    }
086
087    public static void deleteGroup(DocumentModel group) {
088        try (Session session = getDirectoryService().open(ShibbolethConstants.SHIBBOLETH_DIRECTORY)) {
089            session.deleteEntry(group);
090        }
091    }
092
093    /**
094     * Query the group directory to find if shibbGroupName is used in a subGroup field.
095     *
096     * @param shibbGroupName name of the desired groupe
097     * @return a DocumentList representing the groups matching the query
098     */
099    public static List<String> getParentsGroups(String shibbGroupName) {
100        Directory dir = getDirectoryService().getDirectory(getUserManager().getGroupDirectoryName());
101
102        Reference subGroups = dir.getReference(getUserManager().getGroupSubGroupsField());
103        List<String> ret = subGroups.getSourceIdsForTarget(shibbGroupName);
104        return ret;
105    }
106
107    public static DocumentModelList getGroups() {
108        try (Session session = getDirectoryService().open(ShibbolethConstants.SHIBBOLETH_DIRECTORY)) {
109            return session.getEntries();
110        }
111    }
112
113    public static DocumentModelList searchGroup(String fullText) {
114        try (Session session = getDirectoryService().open(ShibbolethConstants.SHIBBOLETH_DIRECTORY)) {
115            Map<String, Serializable> filters = new HashMap<String, Serializable>();
116            if (fullText != null && !"".equals(fullText)) {
117                filters.put(ShibbolethConstants.GROUP_ID_PROPERTY, fullText);
118            }
119
120            Map<String, String> orderBy = new HashMap<String, String>();
121            orderBy.put(ShibbolethConstants.GROUP_ID_PROPERTY, DocumentModelComparator.ORDER_ASC);
122            return session.query(filters, new HashSet<String>(filters.keySet()), orderBy);
123        }
124    }
125
126    protected static void checkExpressionLanguageValidity(DocumentModel group) {
127        String expressionLanguage = (String) group.getPropertyValue(ShibbolethConstants.SHIBBOLETH_SCHEMA + ":"
128                + ShibbolethConstants.GROUP_EL_PROPERTY);
129        if (!ELGroupComputerHelper.isValidEL(expressionLanguage)) {
130            throw new InvalidPropertyValueException(expressionLanguage + " : is not a valid expression language");
131        }
132    }
133
134}