de/dbe/Permissions_8java_source.html

 /*

  * Turró i Cutiller Foundation. License notice.

  * Copyright (C) 2022 Lluis Turró Cutiller <http://www.turro.org/>

  *

  * This program is free software: you can redistribute it and/or modify

  * it under the terms of the GNU Affero General Public License as published by

  * the Free Software Foundation, either version 3 of the License, or

  * (at your option) any later version.

  *

  * This program is distributed in the hope that it will be useful,

  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  * GNU Affero General Public License for more details.

  *

  * You should have received a copy of the GNU Affero General Public License

  * along with this program.  If not, see <http://www.gnu.org/licenses/>.

  */


 package org.turro.security;


 import java.io.File;

 import java.util.HashSet;

 import java.util.Set;

 import java.util.SortedMap;

 import java.util.SortedSet;

 import java.util.TreeMap;

 import java.util.TreeSet;

 import java.util.stream.Collectors;

 import org.turro.elephant.context.ElephantContext;

 import org.turro.lock.Initializer;


 public class Permissions {


   protected final TreeMap<String, RoleMap> roleMaps;


   public static FlatPermissions from(Set<String> securityGroups) {

     FlatPermissions permissions = new FlatPermissions();

     securityGroups.forEach(sg -> {

       SecurityGroup securityGroup = SecurityGroups.get(sg);

       flatten(securityGroup, permissions);

       // Nested are done when SocialGroups.syndicate()

 //      securityGroup.getSyndicate().forEach(nested  -> {

 //        flatten(SecurityGroups.get(nested), permissions);

 //      });

     });

     return permissions;

   }


   private static void flatten(SecurityGroup securityGroup, FlatPermissions permissions) {

     permissions.put("@" + securityGroup.getId(), ON_SET);

     securityGroup.getRoles().forEach(role -> {

       RoleMap rm = instance().roleMaps.get(role);

       permissions.put("#" + role, ON_SET);

       if(rm != null) {

         permissions.addPermissions(rm.getRolePermissions());

       }

     });

   }


   public static Set<String> getSecurityGroupIdsBy(String role) {

     if(role.contains(":")) { // permission

       Set<String> roleNames = getRoleNamesByPermission(role);

       return SecurityGroups.getAll().stream()

               .filter(sg -> sg.getRoles().stream().anyMatch(r -> roleNames.contains(r)))

               .map(sg -> sg.getId()).collect(Collectors.toSet());

     } else { // role name

       return SecurityGroups.getAll().stream()

               .filter(sg -> sg.getRoles().contains(role))

               .map(sg -> sg.getId()).collect(Collectors.toSet());

     }

   }


   public static Set<String> getRoleNames() {

     return instance().roleMaps.keySet();

   }


   public static Set<String> getRoleNames(Set<String> securityGroups) {

     return securityGroups.stream().flatMap(sg -> SecurityGroups.get(sg).getRoles().stream()).collect(Collectors.toSet());

   }


   public static Set<String> getRoleNamesByPermission(String role) {

     String parts[] = role.split(":");

     Set<String> set = new HashSet<>();

     instance().roleMaps.entrySet().forEach(rm -> {

       rm.getValue().getRolePermissions().entrySet().forEach(permission -> {

         if(permission.getKey().equals(parts[0])) {

           if(parts.length == 2 && permission.getValue().contains(parts[1])) {

             set.add(rm.getValue().getName());

           } else {

             set.add(rm.getValue().getName());

           }

         }

       });

     });

     return set;

   }


   /* Utils */


   public static SortedMap<String, SortedSet<String>> permissionStringMap() {

     SortedMap<String, SortedSet<String>> map = new TreeMap<>();

     instance().roleMaps.entrySet().forEach(role -> {

       SortedSet<String> set = new TreeSet<>();

       role.getValue().getRolePermissions().entrySet().forEach(permission -> {

         set.add(permission.getKey() + ": " + permission.getValue().stream().collect(Collectors.joining(", ")));

       });

       map.put(role.getKey(), set);

     });

     return map;

   }


   public static TreeSet

           ON_SET = new TreeSet<>(Set.of("on")),

           IS_SET = new TreeSet<>(Set.of("is"));


   /* Factory */


   private static final Initializer<Permissions> INIT = new Initializer<>();


   public static Permissions instance() {

     return INIT.instance(() -> new Permissions());

   }


   public static void reset() {

     INIT.reset();

   }


   protected Permissions() {

     roleMaps = new TreeMap<>();

     loadMap();

   }


   private static final String

           ROLES_FOLDER = "/WEB-INF/elephant/roles";


   private void loadMap() {

     File root = new File(ElephantContext.getRealPath(ROLES_FOLDER));

     for(File f : root.listFiles()) {

       RoleMap rm = RoleMap.loadFrom(f);

       roleMaps.put(rm.getName(), rm);

     }

   }


 }

org.turro.elephant.context.ElephantContext
Definition: ElephantContext.java:59

org.turro.elephant.context.ElephantContext.getRealPath
static String getRealPath(String path)
Definition: ElephantContext.java:115

org.turro.security.FlatPermissions
Definition: FlatPermissions.java:33

org.turro.security.FlatPermissions.addPermissions
void addPermissions(TreeMap< String, TreeSet< String >> rolePermissions)
Definition: FlatPermissions.java:51

org.turro.security.Permissions
Definition: Permissions.java:36

org.turro.security.Permissions.Permissions
Permissions()
Definition: Permissions.java:132

org.turro.security.Permissions.permissionStringMap
static SortedMap< String, SortedSet< String > > permissionStringMap()
Definition: Permissions.java:104

org.turro.security.Permissions.getRoleNames
static Set< String > getRoleNames()
Definition: Permissions.java:77

org.turro.security.Permissions.instance
static Permissions instance()
Definition: Permissions.java:124

org.turro.security.Permissions.ON_SET
static TreeSet ON_SET
Definition: Permissions.java:117

org.turro.security.Permissions.roleMaps
final TreeMap< String, RoleMap > roleMaps
Definition: Permissions.java:38

org.turro.security.Permissions.from
static FlatPermissions from(Set< String > securityGroups)
Definition: Permissions.java:40

org.turro.security.Permissions.getRoleNames
static Set< String > getRoleNames(Set< String > securityGroups)
Definition: Permissions.java:81

org.turro.security.Permissions.reset
static void reset()
Definition: Permissions.java:128

org.turro.security.Permissions.getSecurityGroupIdsBy
static Set< String > getSecurityGroupIdsBy(String role)
Definition: Permissions.java:64

org.turro.security.Permissions.getRoleNamesByPermission
static Set< String > getRoleNamesByPermission(String role)
Definition: Permissions.java:85

org.turro.security.RoleMap
Definition: RoleMap.java:38

org.turro.security.RoleMap.loadFrom
static RoleMap loadFrom(File file)
Definition: RoleMap.java:61

org.turro.security.RoleMap.getName
String getName()
Definition: RoleMap.java:47

org.turro.security.RoleMap.getRolePermissions
TreeMap< String, TreeSet< String > > getRolePermissions()
Definition: RoleMap.java:51

org.turro.security.SecurityGroup
Definition: SecurityGroup.java:40

org.turro.security.SecurityGroup.getId
String getId()
Definition: SecurityGroup.java:50

org.turro.security.SecurityGroup.getRoles
Set< String > getRoles()
Definition: SecurityGroup.java:90

org.turro.security.SecurityGroups
Definition: SecurityGroups.java:34

org.turro.security.SecurityGroups.get
static SecurityGroup get(String id)
Definition: SecurityGroups.java:38

org.turro.security.SecurityGroups.getAll
static Collection< SecurityGroup > getAll()
Definition: SecurityGroups.java:42