UserBean.java

package fi.insomnia.bortal.beans;

import java.security.Principal;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

import javax.annotation.Resource;
import javax.ejb.EJB;
import javax.ejb.LocalBean;
import javax.ejb.SessionContext;
import javax.ejb.Stateless;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import fi.insomnia.bortal.enums.Permission;
import fi.insomnia.bortal.enums.RolePermission;
import fi.insomnia.bortal.exceptions.EjbPermissionDeniedException;
import fi.insomnia.bortal.facade.RoleFacade;
import fi.insomnia.bortal.facade.UserFacade;
import fi.insomnia.bortal.model.AccessRight;
import fi.insomnia.bortal.model.LanEvent;
import fi.insomnia.bortal.model.Role;
import fi.insomnia.bortal.model.RoleRight;
import fi.insomnia.bortal.model.User;

/**
 * Session Bean implementation class UserBean
 */
@LocalBean
@Stateless
public class UserBean implements UserBeanLocal {

    private static final Logger logger = LoggerFactory.getLogger(UserBean.class);
    /**
     * Java EE container injektoi tämän luokkamuuttujan luokan luonnin
     * yhteydessä.
     */
    @EJB
    private UserFacade userFacade;
    @Resource
    private SessionContext context;

    @EJB
    private RoleFacade roleFacade;
    @EJB
    private AccessRightBeanLocal accessRightBeanLocal;

    @EJB
    private SecurityBeanLocal secubean;

    @EJB
    private EventBeanLocal eventBean;

    /**
     * Default constructor.
     */
    public UserBean() {
        // TODO Auto-generated constructor stub
    }

    @Override
    public User createNewUser(String login, String password) {
        User returnUser = new User();
        returnUser.setLogin(login);
        returnUser.resetPassword(password);
        // Tallennetaan olio kantaan...
        userFacade.create(returnUser);
        return returnUser;
    }

    public List<User> getUsers() throws EjbPermissionDeniedException {
        User curruser = getCurrentUser();
        if (curruser == null || !hasPermission(Permission.USER_MANAGEMENT, curruser, RolePermission.READ)) {
            throw new EjbPermissionDeniedException(secubean, curruser, "User tried to execute getUsers function with insufficient permissions");
        }

        List<User> ret = userFacade.findAll();
        logger.info("Found {} users from database ", ret.size());
        return ret;
    }

    @Override
    public User mergeChanges(User user) throws EjbPermissionDeniedException {
        User curruser = getCurrentUser();
        if (curruser == null || !hasPermission(Permission.USER_MANAGEMENT, curruser, RolePermission.WRITE) || !user.equals(curruser)) {
            throw new EjbPermissionDeniedException(secubean, curruser, "User tried to merge someone others data with insufficient permissions");
        }
        return userFacade.merge(user);
    }

    public User getUser(String nick) {
        return userFacade.findByLogin(nick);
    }

    public boolean isCurrentUser(User user) {
        return (context.getCallerPrincipal() == null || user == null) ? false : context.getCallerPrincipal().getName().equals(user.getNick());
    }

  

    @Override
    public User getCurrentUser() {
        Principal principal = context.getCallerPrincipal();

        User ret = userFacade.findByLogin(principal.getName());
        if (ret == null) {
            ret = getDefaultUser();
        }
        return ret;
    }

    /**
     * Makes sure default user and public role exist and the user is member of
     * the role.
     */
    public User getDefaultUser() {
        Role publicRole = roleFacade.getOrCreatePublicRole(eventBean.getCurrentEvent());
        User defaultUser = userFacade.getOrCreateDefaultUser();
        if (!defaultUser.getRoles().contains(publicRole)) {
            ArrayList<Role> userRoles = new ArrayList<Role>();
            userRoles.add(publicRole);
            defaultUser.setRoles(userRoles);
        }
        return defaultUser;
    }

    public boolean hasPermission(Permission target, User user, RolePermission permission) {

        if (user == null) {
            return false;
        }

        // TODO: FIX THIS!! really bad idea....
        if (user.isSuperadmin()) {
            logger.debug("Returning true for superadmin for {} perm {}", target.name(), permission);
            return true;
        }

        AccessRight expectedRight = accessRightBeanLocal.findOrCreate(target);

        User dbusr = userFacade.find(user.getId());
        if (dbusr != null) {
            Set<Role> checkedRoles = new HashSet<Role>();
            for (Role r : dbusr.getRoles()) {
                if (getRights(r, expectedRight, permission, checkedRoles)) {
                    return true;
                }
            }
        }
        return false;
    }

    private static boolean getRights(Role role, AccessRight expectedRight, RolePermission permission, Set<Role> checkedRoles) {

        if (checkedRoles.contains(role)) {
            return false;
        }

        for (RoleRight rr : role.getRoleRights()) {
            if (rr.getAccessRight().equals(expectedRight)) {
                switch (permission) {
                case READ:
                    if (rr.isRead()) {
                        return true;
                    }
                    break;
                case WRITE:
                    if (rr.isWrite()) {
                        return true;
                    }
                    break;
                case EXECUTE:
                    if (rr.isExecute()) {
                        return true;
                    }
                }
            }
        }
        checkedRoles.add(role);

        for (Role r : role.getParents()) {
            if (getRights(r, expectedRight, permission, checkedRoles)) {
                return true;
            }

        }
        return false;

    }

}