001: /*
002: * Copyright (c) 2001 - 2005 ivata limited.
003: * All rights reserved.
004: * -----------------------------------------------------------------------------
005: * ivata groupware may be redistributed under the GNU General Public
006: * License as published by the Free Software Foundation;
007: * version 2 of the License.
008: *
009: * These programs are free software; you can redistribute them and/or
010: * modify them under the terms of the GNU General Public License
011: * as published by the Free Software Foundation; version 2 of the License.
012: *
013: * These programs are distributed in the hope that they will be useful,
014: * but WITHOUT ANY WARRANTY; without even the implied warranty of
015: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
016: *
017: * See the GNU General Public License in the file LICENSE.txt for more
018: * details.
019: *
020: * If you would like a copy of the GNU General Public License write to
021: *
022: * Free Software Foundation, Inc.
023: * 59 Temple Place - Suite 330
024: * Boston, MA 02111-1307, USA.
025: *
026: *
027: * To arrange commercial support and licensing, contact ivata at
028: * http://www.ivata.com/contact.jsp
029: * -----------------------------------------------------------------------------
030: * $Log: UserGroupDOListener.java,v $
031: * Revision 1.4 2005/10/14 14:34:19 colinmacleod
032: * Added AmendPersistenceListener implementation, to check group
033: * membership for the standard groups.
034: *
035: * Revision 1.3 2005/10/03 10:21:15 colinmacleod
036: * Fixed some style and javadoc issues.
037: *
038: * Revision 1.2 2005/10/02 14:08:58 colinmacleod
039: * Added/improved log4j logging.
040: *
041: * Revision 1.1 2005/09/29 14:17:04 colinmacleod
042: * Split UserGroupDO off from GroupDO.
043: * Moved UserGroupDO, Right classes to security subproject (from
044: * addressbook).
045: * Centralized user right handling into Rights and RightsImpl.
046: *
047: * Revision 1.2 2005/04/09 17:19:58 colinmacleod
048: * Changed copyright text to GPL v2 explicitly.
049: *
050: * Revision 1.1.1.1 2005/03/10 17:51:32 colinmacleod
051: * Restructured ivata op around Hibernate/PicoContainer.
052: * Renamed ivata groupware.
053: *
054: * -----------------------------------------------------------------------------
055: */
056: package com.ivata.groupware.admin.security.user.group;
057:
058: import java.util.Iterator;
059: import java.util.List;
060: import java.util.Set;
061:
062: import org.apache.log4j.Logger;
063:
064: import com.ivata.groupware.admin.security.user.UserConstants;
065: import com.ivata.groupware.admin.security.user.UserDO;
066: import com.ivata.mask.persistence.PersistenceException;
067: import com.ivata.mask.persistence.PersistenceManager;
068: import com.ivata.mask.persistence.PersistenceSession;
069: import com.ivata.mask.persistence.QueryPersistenceManager;
070: import com.ivata.mask.persistence.RightViolationException;
071: import com.ivata.mask.persistence.listener.AmendPersistenceListener;
072: import com.ivata.mask.persistence.listener.RemovePersistenceListener;
073: import com.ivata.mask.valueobject.ValueObject;
074:
075: /**
076: * This class ensures that the system user groups are not deleted. When
077: * amending, this class ensures that all users are in the user group, that
078: * everyone is in the everyone group and that the default administrator is in
079: * the administrator group.
080: *
081: * @since ivata groupware 1.0 (2005-01-17)
082: * @author Colin MacLeod
083: * <a href="mailto:colin.macleod@ivata.com">colin.macleod@ivata.com</a>
084: * @version $Revision: 1.4 $
085: */
086: public class UserGroupDOListener implements AmendPersistenceListener,
087: RemovePersistenceListener {
088: /**
089: * Logger for this class.
090: */
091: private static final Logger logger = Logger
092: .getLogger(UserGroupDOListener.class);
093:
094: /**
095: * <copyDoc>Refer to {@link #UserGroupDOListener}.</copyDoc>
096: */
097: private PersistenceManager persistenceManager;
098:
099: /**
100: * Constructor. Registers this listener with the persistence manager.
101: *
102: * @param persistenceManagerParam used to register this listener against
103: * subclasses of <code>UserDO</code>, and search for users who should be
104: * in a given group.
105: */
106: public UserGroupDOListener(
107: final QueryPersistenceManager persistenceManagerParam) {
108: persistenceManagerParam.addAmendListener(UserGroupDO.class,
109: this );
110: persistenceManagerParam.addRemoveListener(UserGroupDO.class,
111: this );
112: this .persistenceManager = persistenceManagerParam;
113: }
114:
115: /**
116: * <p>
117: * Implemented to check that all users are in the user group, that everyone
118: * is in the everyone group and that the default administrator is in the
119: * administrator group.
120: * </p>
121: * {@inheritDoc}
122: *
123: * @param sessionParam {@inheritDoc}
124: * @param valueObjectParam Instance of <code>UserGroupDO</code> to check.
125: * @throws PersistenceException {@inheritDoc}
126: */
127: public void onAmend(final PersistenceSession sessionParam,
128: final ValueObject valueObjectParam)
129: throws PersistenceException {
130: if (logger.isDebugEnabled()) {
131: logger.debug("onAmend(PersistenceSession sessionParam = "
132: + sessionParam
133: + ", ValueObject valueObjectParam = "
134: + valueObjectParam + ") - start");
135: }
136:
137: assert (valueObjectParam instanceof UserGroupDO);
138: UserGroupDO group = (UserGroupDO) valueObjectParam;
139:
140: // is this the administrator group? if so, the default administrator
141: // must be a member
142: if (UserGroupConstants.ADMINISTRATOR_GROUP
143: .equals(group.getId())
144: && !group.isMember(UserConstants.ADMINISTRATOR)) {
145: if (logger.isDebugEnabled()) {
146: logger
147: .debug("onAmend - adding administrator user (id: "
148: + UserConstants.ADMINISTRATOR
149: + ") to administrator group.");
150: }
151: UserDO administrator = (UserDO) persistenceManager
152: .findByPrimaryKey(sessionParam, UserDO.class,
153: UserConstants.ADMINISTRATOR);
154: group.getUsers().add(administrator);
155:
156: // all users apart from guest need to be in the users' group
157: // likewise all users (including guest) need to be in the everyone
158: // group
159: } else if (UserGroupConstants.EVERYONE_GROUP.equals(group
160: .getId())
161: || UserGroupConstants.REGISTERED_USER_GROUP
162: .equals(group.getId())) {
163: boolean isRegistered = UserGroupConstants.REGISTERED_USER_GROUP
164: .equals(group.getId());
165: Set groupUsers = group.getUsers();
166:
167: // if this is the registered user group, check that the guest user
168: // is _not_ present
169: if (isRegistered && group.isMember(UserConstants.GUEST)) {
170: if (logger.isDebugEnabled()) {
171: logger.debug("onAmend - removing guest user from "
172: + "registered user group.");
173: }
174: Iterator memberIterator = group.getUsers().iterator();
175: while (memberIterator.hasNext()) {
176: UserDO member = (UserDO) memberIterator.next();
177: if (UserConstants.GUEST.equals(member.getId())) {
178: groupUsers.remove(member);
179: break;
180: }
181: }
182: }
183:
184: // get all the users and check each one in turn
185: List allUsers = persistenceManager.findAll(sessionParam,
186: UserDO.class);
187: Iterator iterator = allUsers.iterator();
188: while (iterator.hasNext()) {
189: UserDO user = (UserDO) iterator.next();
190:
191: // only guest is the exception - not included in registered user
192: // group
193: if (!(UserConstants.GUEST.equals(user.getId()) && isRegistered)
194: && !group.isMember(user.getId())) {
195: if (logger.isDebugEnabled()) {
196: logger.debug("onAmend - adding missing user '"
197: + user + "' to group '" + group + "'");
198: }
199: groupUsers.add(user);
200: }
201: }
202:
203: }
204:
205: if (logger.isDebugEnabled()) {
206: logger.debug("onAmend() - end");
207: }
208: }
209:
210: /**
211: * Implemented to check you are not deleting a required system group. If you
212: * are, a <code>RightViolationException</code> is thrown.
213: *
214: * @param sessionParam
215: * <copyDoc>Refer to {@link RemovePersistenceListener#onRemove}.</copyDoc>
216: * @param valueObjectParam
217: * <copyDoc>Refer to {@link RemovePersistenceListener#onRemove}.</copyDoc>
218: * @throws PersistenceException
219: * If the guest or administrator system user is being deleted.
220: */
221: public void onRemove(final PersistenceSession sessionParam,
222: final ValueObject valueObjectParam)
223: throws PersistenceException {
224: if (logger.isDebugEnabled()) {
225: logger.debug("onRemove(PersistenceSession sessionParam = "
226: + sessionParam
227: + ", ValueObject valueObjectParam = "
228: + valueObjectParam + ") - start");
229: }
230:
231: assert (valueObjectParam instanceof UserGroupDO);
232: UserGroupDO group = (UserGroupDO) valueObjectParam;
233: if (UserGroupConstants.ADMINISTRATOR_GROUP
234: .equals(group.getId())) {
235: throw new RightViolationException(UserGroupDO.class,
236: "You cannot remove the default "
237: + "administrator group!");
238: } else if (UserGroupConstants.EVERYONE_GROUP.equals(group
239: .getId())) {
240: throw new RightViolationException(UserGroupDO.class,
241: "You cannot remove the default "
242: + "everyone group!");
243: } else if (UserGroupConstants.REGISTERED_USER_GROUP
244: .equals(group.getId())) {
245: throw new RightViolationException(UserGroupDO.class,
246: "You cannot remove the default "
247: + "registered user group!");
248: }
249:
250: if (logger.isDebugEnabled()) {
251: logger
252: .debug("onRemove(PersistenceSession, ValueObject) - end");
253: }
254: }
255: }
|