RoleBean.java

/*
 * Copyright Codecrew Ry
 * 
 * All rights reserved.
 * 
 * This license applies to any software containing a notice placed by the 
 * copyright holder. Such software is herein referred to as the Software. 
 * This license covers modification, distribution and use of the Software. 
 * 
 * Any distribution and use in source and binary forms, with or without 
 * modification is not permitted without explicit written permission from the 
 * copyright owner. 
 * 
 * A non-exclusive royalty-free right is granted to the copyright owner of the 
 * Software to use, modify and distribute all modifications to the Software in 
 * future versions of the Software. 
 * 
 */
/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package fi.codecrew.moya.beans;

import java.util.HashSet;
import java.util.List;
import java.util.Set;

import javax.annotation.Resource;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB;
import javax.ejb.EJBAccessException;
import javax.ejb.LocalBean;
import javax.ejb.SessionContext;
import javax.ejb.Stateless;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import fi.codecrew.moya.enums.apps.IAppPermission;
import fi.codecrew.moya.enums.apps.SpecialPermission;
import fi.codecrew.moya.enums.apps.UserPermission;
import fi.codecrew.moya.facade.EventUserFacade;
import fi.codecrew.moya.facade.RoleFacade;
import fi.codecrew.moya.facade.UserFacade;
import fi.codecrew.moya.model.ApplicationPermission;
import fi.codecrew.moya.model.EventUser;
import fi.codecrew.moya.model.Role;
import fi.codecrew.moya.utilities.moyamessage.MoyaEventType;

/**
 * 
 * @author tuukka
 */
@Stateless
@LocalBean
@DeclareRoles({ UserPermission.S_READ_ROLES, UserPermission.S_WRITE_ROLES })
public class RoleBean implements RoleBeanLocal {

	// private static final String PUBLIC_ROLE_NAME =
	// BeanRole.ANONYMOUS.toString();

	@SuppressWarnings("unused")
	private static final Logger logger = LoggerFactory.getLogger(RoleBean.class);

	@Resource
	private SessionContext sc;
	@EJB
	private EventBeanLocal eventBean;
	@EJB
	private RoleFacade roleFacade;
	@EJB
	private UserFacade userFacade;

	@EJB
	private EventUserFacade eventuserfacade;

	@EJB
	private PermissionBeanLocal permbean;
	
	@EJB
	private LoggingBeanLocal loggerbean;

	@EJB
	private CardTemplateBean cardTemplateBean;

	// VIEW_ALL pitää olla että voidaan hakea roolien perusteella.
	@Override
	@RolesAllowed({ UserPermission.S_READ_ROLES, UserPermission.S_VIEW_ALL })
	public List<Role> listRoles() {
		return roleFacade.findAll();
	}

	@Override
	@RolesAllowed(UserPermission.S_WRITE_ROLES)
	public Role mergeChanges(Role role) {
		return roleFacade.merge(role);
	}

	@Override
	@RolesAllowed(UserPermission.S_WRITE_ROLES)
	public void create(Role role) {
		roleFacade.create(role);
	}

	@Override
	@RolesAllowed(UserPermission.S_READ_ROLES)
	public List<Role> getPossibleParents(Role role) {

		List<Role> roleList = listRoles();
		if (role == null) {
			return roleList;
		}

		HashSet<Role> childroles = new HashSet<Role>();
		getAllChildren(role, childroles);
		roleList.removeAll(childroles);

		return roleList;
	}

	public static final void getAllChildren(Role role, Set<Role> checkedRoles) {

		if (checkedRoles.contains(role) || role == null) {
			return;
		}
		for (Role unit : role.getChildren()) {
			getAllChildren(unit, checkedRoles);
		}
		checkedRoles.add(role);

	}

	// @Override
	// @RolesAllowed("ROLE_MANAGEMENT/READ")
	// public List<RoleRight> getRoleRights(Role r) {
	//
	// List<RoleRight> ret = new ArrayList<RoleRight>();
	// for (Permission perm : Permission.values()) {
	// ret.add(findRoleRight(r, perm));
	// }
	// return ret;
	// }

	// @Override
	// @RolesAllowed("ROLE_MANAGEMENT/WRITE")
	// public RoleRight mergeChanges(RoleRight row) {
	//
	// return rrfacade.merge(row);
	// }

	// @RolesAllowed("ROLE_MANAGEMENT/READ")
	// public RoleRight findRoleRight(Role role, Permission perm) {
	// RoleRight rr = rrfacade.find(perm, role);
	// if (rr == null) {
	// rr = new RoleRight(role, perm, false, false, false);
	// rrfacade.create(rr);
	// }
	// return rr;
	// }

	@Override
	public Role find(int id) {
		return roleFacade.find(id);
	}

	@Override
	@RolesAllowed(UserPermission.S_WRITE_ROLES)
	public Role setPermissions(Role role, List<IAppPermission> newPerms) {
		role = roleFacade.find(role.getId());
		List<ApplicationPermission> permissions = role.getPermissions();
		HashSet<ApplicationPermission> rmlist = new HashSet<ApplicationPermission>();

		for (ApplicationPermission appPerm : permissions) {
			// If role contains permission not in parameter newPerms remove
			// it.
			if (!newPerms.contains(appPerm.getPermission())) {
				rmlist.add(appPerm);
			}
			// remove handled permission from newPerms
			newPerms.remove(appPerm.getPermission());
		}

		// Concurrent modification prevention!!
		if (!rmlist.isEmpty()) {
			permissions.removeAll(rmlist);
		}

		// Add permissions not existing in role
		for (IAppPermission perm : newPerms) {
			permissions.add(new ApplicationPermission(role, perm));
		}
		roleFacade.flush();
		return role;
	}

	private void checkRoleLdap()
	{

	}

	@Override
	@RolesAllowed(UserPermission.S_WRITE_ROLES)
	public Role addRole(EventUser eventuser, Role role)
	{
		eventuser = eventuserfacade.reload(eventuser);
		role = roleFacade.reload(role);

		if (!eventuser.getRoles().contains(role)) {
			eventuser.getRoles().add(role);
		}
		if (!role.getUsers().contains(eventuser)) {
			role.getUsers().add(eventuser);
		}
		cardTemplateBean.checkPrintedCard(eventuser);
		return role;
	}

	@Override
	@RolesAllowed(UserPermission.S_WRITE_ROLES)
	public void saveRoles(EventUser usr, List<Role> usersRoles) {

		List<Role> allRoles = roleFacade.findAll();
		for (Role ur : allRoles)
		{
			if (usersRoles.contains(ur)) {
				if (!ur.getUsers().contains(usr)) {
					ur.getUsers().add(usr);
				}
			} else {
				ur.getUsers().remove(usr);
			}
		}

		cardTemplateBean.checkPrintedCard(usr);
	}
	
	

	@Override
	@RolesAllowed(SpecialPermission.S_USER)
	public List<Role> getRoles(EventUser selectedUser) {
		if (!permbean.isCurrentUser(selectedUser) && !permbean.hasPermission(UserPermission.READ_ROLES)) {
			loggerbean.sendMessage(MoyaEventType.USER_PERMISSION_VIOLATION, permbean.getCurrentUser(), "User tried to touch another user roles: " + selectedUser);
			throw new EJBAccessException("Not enough rights to read user permissions");
		}
		return roleFacade.findForUser(selectedUser);
	}
	

	@Override
	public void saveUserSelectableRoles(EventUser user, List<Role> roles) {
		List<Role> allRoles = roleFacade.findUserSelectableRoles();
		for (Role ur : allRoles)
		{
			if (roles.contains(ur)) {
				if (!ur.getUsers().contains(user)) {
					ur.getUsers().add(user);
				}
			} else {
				ur.getUsers().remove(user);
			}
		}

		cardTemplateBean.checkPrintedCard(user);
		
	}
	
	
	@Override
	public List<Role> listUserSelectableRoles() {
		return roleFacade.findUserSelectableRoles();
	}
}