001/*
002 * (C) Copyright 2010 Nuxeo SA (http://nuxeo.com/) and contributors.
003 *
004 * All rights reserved. This program and the accompanying materials
005 * are made available under the terms of the GNU Lesser General Public License
006 * (LGPL) version 2.1 which accompanies this distribution, and is available at
007 * http://www.gnu.org/licenses/lgpl.html
008 *
009 * This library is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * Contributors:
015 *     Arnaud Kervern
016 */
017
018package org.nuxeo.ecm.platform.shibboleth.computedgroups;
019
020import java.util.ArrayList;
021import java.util.List;
022
023import org.nuxeo.ecm.core.api.DocumentModel;
024import org.nuxeo.ecm.core.api.DocumentModelList;
025import org.nuxeo.ecm.directory.Session;
026import org.nuxeo.ecm.directory.api.DirectoryService;
027import org.nuxeo.ecm.platform.computedgroups.AbstractGroupComputer;
028import org.nuxeo.ecm.platform.shibboleth.ShibbolethConstants;
029import org.nuxeo.ecm.platform.shibboleth.ShibbolethGroupHelper;
030import org.nuxeo.ecm.platform.usermanager.NuxeoPrincipalImpl;
031import org.nuxeo.runtime.api.Framework;
032
033public class ShibbolethGroupComputer extends AbstractGroupComputer {
034
035    protected String getDirectoryName() {
036        return ShibbolethConstants.SHIBBOLETH_DIRECTORY;
037    }
038
039    @Override
040    public List<String> getAllGroupIds() {
041        List<String> groupsId = new ArrayList<String>();
042        for (DocumentModel group : getAllGroups()) {
043            groupsId.add(group.getId());
044        }
045        return groupsId;
046    }
047
048    @Override
049    public List<String> getGroupMembers(String arg0) {
050        // Cannot retrieve group member for a specific group, cause it's
051        // assigned at user login.
052        return null;
053    }
054
055    @Override
056    public List<String> getGroupsForUser(NuxeoPrincipalImpl nxPrincipal) {
057        List<String> groupsId = new ArrayList<String>();
058        for (DocumentModel group : getAllGroups()) {
059            String el = (String) group.getPropertyValue(ShibbolethConstants.SHIBBOLETH_SCHEMA + ":"
060                    + ShibbolethConstants.GROUP_EL_PROPERTY);
061            if (ELGroupComputerHelper.isUserInGroup(nxPrincipal.getModel(), el)) {
062                groupsId.add(group.getId());
063            }
064        }
065        return groupsId;
066    }
067
068    @Override
069    public List<String> getParentsGroupNames(String arg0) {
070        return ShibbolethGroupHelper.getParentsGroups(arg0);
071    }
072
073    @Override
074    public List<String> getSubGroupsNames(String arg0) {
075        return null;
076    }
077
078    /**
079     * Get current Directory Service
080     *
081     * @return
082     */
083    private DirectoryService getDS() {
084        return Framework.getService(DirectoryService.class);
085    }
086
087    /**
088     * List all Shibbolet Group in a DocumentModelList
089     *
090     * @return
091     */
092    private DocumentModelList getAllGroups() {
093        try (Session shibGroupDirectory = getDS().open(getDirectoryName())) {
094            return shibGroupDirectory.getEntries();
095        }
096    }
097}