001/*
002 * (C) Copyright 2010 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Arnaud Kervern
018 */
019
020package org.nuxeo.ecm.platform.shibboleth.computedgroups;
021
022import java.util.ArrayList;
023import java.util.List;
024
025import org.nuxeo.ecm.core.api.DocumentModel;
026import org.nuxeo.ecm.core.api.DocumentModelList;
027import org.nuxeo.ecm.directory.Session;
028import org.nuxeo.ecm.directory.api.DirectoryService;
029import org.nuxeo.ecm.platform.computedgroups.AbstractGroupComputer;
030import org.nuxeo.ecm.platform.shibboleth.ShibbolethConstants;
031import org.nuxeo.ecm.platform.shibboleth.ShibbolethGroupHelper;
032import org.nuxeo.ecm.platform.usermanager.NuxeoPrincipalImpl;
033import org.nuxeo.runtime.api.Framework;
034
035public class ShibbolethGroupComputer extends AbstractGroupComputer {
036
037    protected String getDirectoryName() {
038        return ShibbolethConstants.SHIBBOLETH_DIRECTORY;
039    }
040
041    @Override
042    public List<String> getAllGroupIds() {
043        List<String> groupsId = new ArrayList<>();
044        for (DocumentModel group : getAllGroups()) {
045            groupsId.add(group.getId());
046        }
047        return groupsId;
048    }
049
050    @Override
051    public List<String> getGroupMembers(String arg0) {
052        // Cannot retrieve group member for a specific group, cause it's
053        // assigned at user login.
054        return null;
055    }
056
057    @Override
058    public List<String> getGroupsForUser(NuxeoPrincipalImpl nxPrincipal) {
059        List<String> groupsId = new ArrayList<>();
060        for (DocumentModel group : getAllGroups()) {
061            String el = (String) group.getPropertyValue(ShibbolethConstants.SHIBBOLETH_SCHEMA + ":"
062                    + ShibbolethConstants.GROUP_EL_PROPERTY);
063            if (ELGroupComputerHelper.isUserInGroup(nxPrincipal.getModel(), el)) {
064                groupsId.add(group.getId());
065            }
066        }
067        return groupsId;
068    }
069
070    @Override
071    public List<String> getParentsGroupNames(String arg0) {
072        return ShibbolethGroupHelper.getParentsGroups(arg0);
073    }
074
075    @Override
076    public List<String> getSubGroupsNames(String arg0) {
077        return null;
078    }
079
080    /**
081     * Get current Directory Service
082     */
083    private DirectoryService getDS() {
084        return Framework.getService(DirectoryService.class);
085    }
086
087    /**
088     * List all Shibboleth Group in a DocumentModelList
089     */
090    private DocumentModelList getAllGroups() {
091        try (Session shibGroupDirectory = getDS().open(getDirectoryName())) {
092            return shibGroupDirectory.getEntries();
093        }
094    }
095}