[ all classes ]
[ com.acciente.oacc ]
Coverage Summary for Class: DomainCreatePermissions (com.acciente.oacc)
Class | Method, % | Line, % |
---|---|---|
DomainCreatePermissions | 84.6% (11/ 13) | 83.5% (66/ 79) |
DomainCreatePermissions$DomainCreatePermissionImpl | 81.2% (13/ 16) | 70.4% (57/ 81) |
total | 82.8% (24/ 29) | 76.9% (123/ 160) |
1 /*
2 * Copyright 2009-2017, Acciente LLC
3 *
4 * Acciente LLC licenses this file to you under the
5 * Apache License, Version 2.0 (the "License"); you
6 * may not use this file except in compliance with the
7 * License. You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in
12 * writing, software distributed under the License is
13 * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
14 * OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing
16 * permissions and limitations under the License.
17 */
18 package com.acciente.oacc;
19
20 import com.acciente.oacc.DomainPermissions.DomainPermissionImpl;
21
22 import java.io.Serializable;
23 import java.util.ArrayList;
24 import java.util.Collections;
25 import java.util.HashMap;
26 import java.util.List;
27 import java.util.Map;
28 import java.util.concurrent.ConcurrentHashMap;
29 import java.util.concurrent.ConcurrentMap;
30
31 public class DomainCreatePermissions {
32 // constants for the important system permission names with pre-defined semantics
33 private static final SysPermission SYSPERMISSION_CREATE = new SysPermission(-300, "*CREATE");
34 public static final String CREATE = SYSPERMISSION_CREATE.getPermissionName();
35
36 private static final Map<String, SysPermission> sysPermissionsByName;
37 private static final Map<Long, String> sysPermissionNamesById;
38 private static final List<String> sysPermissionNames;
39 private static final ConcurrentMap<String, DomainCreatePermission> grantableCreatePermissionsByName;
40 private static final ConcurrentMap<String, DomainCreatePermission> ungrantableCreatePermissionsByName;
41 private static final ConcurrentMap<DomainPermission, DomainCreatePermission> grantableCreatePermissionsByPostCreatePermission;
42 private static final ConcurrentMap<DomainPermission, DomainCreatePermission> ungrantableCreatePermissionsByPostCreatePermission;
43 static {
44 sysPermissionsByName = new HashMap<>();
45 sysPermissionsByName.put(CREATE, SYSPERMISSION_CREATE);
46
47 sysPermissionNamesById = new HashMap<>(sysPermissionsByName.size());
48 for (SysPermission sysPermission : sysPermissionsByName.values()) {
49 sysPermissionNamesById.put(sysPermission.getSystemPermissionId(), sysPermission.getPermissionName());
50 }
51
52 sysPermissionNames = Collections.unmodifiableList(new ArrayList<>(sysPermissionNamesById.values()));
53
54 grantableCreatePermissionsByName = new ConcurrentHashMap<>(sysPermissionsByName.size());
55 ungrantableCreatePermissionsByName = new ConcurrentHashMap<>(sysPermissionsByName.size());
56 grantableCreatePermissionsByPostCreatePermission = new ConcurrentHashMap<>();
57 ungrantableCreatePermissionsByPostCreatePermission = new ConcurrentHashMap<>();
58 }
59
60 public static List<String> getSysPermissionNames() {
61 return sysPermissionNames;
62 }
63
64 public static String getSysPermissionName(long systemPermissionId) {
65 final String sysPermissionName = sysPermissionNamesById.get(systemPermissionId);
66
67 if (sysPermissionName == null) {
68 throw new IllegalArgumentException("Invalid system permission ID: " + systemPermissionId);
69 }
70
71 return sysPermissionName;
72 }
73
74 /**
75 * Creates a new domain create permission with no post-create permissions (i.e. only domain creation),
76 * but with the option to grant the create-permission to another resource
77 *
78 * @param sysPermissionName the name of the system permission
79 * @return a domain create permission
80 */
81 public static DomainCreatePermission getInstanceWithGrantOption(String sysPermissionName) {
82 sysPermissionName = getCanonicalSysPermissionName(sysPermissionName);
83
84 DomainCreatePermission domainCreatePermission = grantableCreatePermissionsByName.get(sysPermissionName);
85
86 if (domainCreatePermission == null) {
87 domainCreatePermission = new DomainCreatePermissionImpl(sysPermissionName, true);
88 final DomainCreatePermission cachedInstance
89 = grantableCreatePermissionsByName.putIfAbsent(sysPermissionName, domainCreatePermission);
90 if (cachedInstance != null) {
91 domainCreatePermission = cachedInstance;
92 }
93 }
94
95 return domainCreatePermission;
96 }
97
98 /**
99 * @deprecated as of v2.0.0-rc.5; use {@link #getInstanceWithGrantOption(String)} or {@link #getInstance(String)} instead.
100 */
101 @Deprecated
102 public static DomainCreatePermission getInstance(String sysPermissionName, boolean withGrant) {
103 return new DomainCreatePermissionImpl(sysPermissionName, withGrant);
104 }
105
106 /**
107 * Creates a new domain create permission with no post-create permissions (i.e. only domain creation)
108 * without the option to grant the create-permission to another resource
109 *
110 * @param sysPermissionName the name of the system permission
111 * @return a domain create permission
112 */
113 public static DomainCreatePermission getInstance(String sysPermissionName) {
114 sysPermissionName = getCanonicalSysPermissionName(sysPermissionName);
115
116 DomainCreatePermission domainCreatePermission = ungrantableCreatePermissionsByName.get(sysPermissionName);
117
118 if (domainCreatePermission == null) {
119 domainCreatePermission = new DomainCreatePermissionImpl(sysPermissionName, false);
120 final DomainCreatePermission cachedInstance
121 = ungrantableCreatePermissionsByName.putIfAbsent(sysPermissionName, domainCreatePermission);
122 if (cachedInstance != null) {
123 domainCreatePermission = cachedInstance;
124 }
125 }
126
127 return domainCreatePermission;
128 }
129
130 /**
131 * Creates a new domain create permission with the specified post-create domain permission
132 * without the option to grant the create-permission to another resource
133 *
134 * @param postCreateDomainPermission the post-create domain permission
135 * @return a domain create permission
136 */
137 public static DomainCreatePermission getInstance(DomainPermission postCreateDomainPermission) {
138 assertPostCreatePermissionSpecified(postCreateDomainPermission);
139 // normalize post create permission before cache lookup, to prevent hash collisions from rogue implementations
140 postCreateDomainPermission = DomainPermissions.getInstance(postCreateDomainPermission);
141
142 DomainCreatePermission domainCreatePermission
143 = ungrantableCreatePermissionsByPostCreatePermission.get(postCreateDomainPermission);
144
145 if (domainCreatePermission == null) {
146 domainCreatePermission = new DomainCreatePermissionImpl((DomainPermissionImpl) postCreateDomainPermission, false);
147 final DomainCreatePermission cachedInstance
148 = ungrantableCreatePermissionsByPostCreatePermission.putIfAbsent(postCreateDomainPermission, domainCreatePermission);
149 if (cachedInstance != null) {
150 domainCreatePermission = cachedInstance;
151 }
152 }
153
154 return domainCreatePermission;
155 }
156
157 /**
158 * Creates a new domain create permission with the specified post-create domain permission,
159 * but with the option to grant the create-permission to another resource
160 *
161 * @param postCreateDomainPermission the post-create domain permission
162 * @return a domain create permission
163 */
164 public static DomainCreatePermission getInstanceWithGrantOption(DomainPermission postCreateDomainPermission) {
165 assertPostCreatePermissionSpecified(postCreateDomainPermission);
166 // normalize post create permission before cache lookup, to prevent hash collisions from rogue implementations
167 postCreateDomainPermission = DomainPermissions.getInstance(postCreateDomainPermission);
168
169 DomainCreatePermission domainCreatePermission
170 = grantableCreatePermissionsByPostCreatePermission.get(postCreateDomainPermission);
171
172 if (domainCreatePermission == null) {
173 domainCreatePermission = new DomainCreatePermissionImpl((DomainPermissionImpl) postCreateDomainPermission, true);
174 final DomainCreatePermission cachedInstance
175 = grantableCreatePermissionsByPostCreatePermission.putIfAbsent(postCreateDomainPermission, domainCreatePermission);
176 if (cachedInstance != null) {
177 domainCreatePermission = cachedInstance;
178 }
179 }
180
181 return domainCreatePermission;
182 }
183
184 /**
185 * @deprecated as of v2.0.0-rc.5; use {@link #getInstanceWithGrantOption(DomainPermission)} or {@link #getInstance(DomainPermission)} instead.
186 */
187 @Deprecated
188 public static DomainCreatePermission getInstance(DomainPermission domainPostCreatePermission, boolean withGrant) {
189 domainPostCreatePermission = DomainPermissions.getInstance(domainPostCreatePermission);
190 return new DomainCreatePermissionImpl((DomainPermissionImpl) domainPostCreatePermission, withGrant);
191 }
192
193 public static DomainCreatePermission getInstance(DomainCreatePermission domainCreatePermission) {
194 if (domainCreatePermission instanceof DomainCreatePermissions.DomainCreatePermissionImpl) {
195 return domainCreatePermission;
196 }
197
198 final DomainCreatePermission verifiedPermission;
199
200 if (domainCreatePermission.isSystemPermission()) {
201 if (domainCreatePermission.isWithGrantOption()) {
202 verifiedPermission = getInstanceWithGrantOption(domainCreatePermission.getPermissionName());
203 }
204 else {
205 verifiedPermission = getInstance(domainCreatePermission.getPermissionName());
206 }
207
208 // validate system permission name and id matched
209 if (verifiedPermission.getSystemPermissionId() != domainCreatePermission.getSystemPermissionId()){
210 throw new IllegalArgumentException("Invalid system permission id for domain create permission: "
211 + domainCreatePermission);
212 }
213 }
214 else {
215 if (domainCreatePermission.isWithGrantOption()) {
216 verifiedPermission = getInstanceWithGrantOption(DomainPermissions.getInstance(domainCreatePermission.getPostCreateDomainPermission()));
217 }
218 else {
219 verifiedPermission = getInstance(DomainPermissions.getInstance(domainCreatePermission.getPostCreateDomainPermission()));
220 }
221 }
222
223 return verifiedPermission;
224 }
225
226 private static String getCanonicalSysPermissionName(String permissionName) {
227 if (permissionName == null) {
228 throw new IllegalArgumentException("A system permission name is required");
229 }
230
231 permissionName = permissionName.trim();
232
233 if (permissionName.isEmpty()) {
234 throw new IllegalArgumentException("A system permission name is required");
235 }
236 return permissionName;
237 }
238
239 private static void assertPostCreatePermissionSpecified(DomainPermission postCreateDomainPermission) {
240 if (postCreateDomainPermission == null) {
241 throw new IllegalArgumentException("A post create domain permission is required");
242 }
243 }
244
245 static class DomainCreatePermissionImpl implements DomainCreatePermission, Serializable{
246 private static final long serialVersionUID = 2L;
247
248 // permission data
249 private final long systemPermissionId;
250 private final String sysPermissionName;
251 private final DomainPermissionImpl postCreateDomainPermission;
252 private final boolean withGrantOption;
253
254 private DomainCreatePermissionImpl(String sysPermissionName,
255 boolean withGrantOption) {
256 SysPermission sysPermission = getSysPermission(sysPermissionName);
257
258 this.systemPermissionId = sysPermission.getSystemPermissionId();
259 this.sysPermissionName = sysPermission.getPermissionName();
260 this.postCreateDomainPermission = null;
261 this.withGrantOption = withGrantOption;
262 }
263
264 private DomainCreatePermissionImpl(DomainPermissionImpl postCreateDomainPermission,
265 boolean withGrantOption) {
266 this.systemPermissionId = 0;
267 this.sysPermissionName = null;
268 this.postCreateDomainPermission = postCreateDomainPermission;
269 this.withGrantOption = withGrantOption;
270 }
271
272 @Override
273 public boolean isSystemPermission() {
274 return systemPermissionId != 0;
275 }
276
277 @Override
278 public String getPermissionName() {
279 if (!isSystemPermission()) {
280 throw new IllegalStateException(
281 "No system permission name may be retrieved for non-system domain create permission: " + this + ", please check your code");
282 }
283
284 return sysPermissionName;
285 }
286
287 @Override
288 public long getSystemPermissionId() {
289 if (!isSystemPermission()) {
290 throw new IllegalStateException(
291 "No system permission ID may be retrieved for non-system domain create permission: " + this + ", please check your code");
292 }
293 return systemPermissionId;
294 }
295
296 @Override
297 public DomainPermission getPostCreateDomainPermission() {
298 if (isSystemPermission()) {
299 throw new IllegalStateException(
300 "No post create domain permission may be retrieved for system domain create permission: " + this + ", please check your code");
301 }
302 return postCreateDomainPermission;
303 }
304
305 @Override
306 public boolean isWithGrantOption() {
307 return withGrantOption;
308 }
309
310 @Override
311 @Deprecated
312 public boolean isWithGrant() {
313 return isWithGrantOption();
314 }
315
316 @Override
317 public boolean isGrantableFrom(DomainCreatePermission other) {
318 if (other == null) {
319 return false;
320 }
321
322 if (!other.isWithGrantOption()) {
323 return false;
324 }
325
326 if (this.isSystemPermission() != other.isSystemPermission()) {
327 return false;
328 }
329
330 if (this.isSystemPermission()) {
331 return this.systemPermissionId == other.getSystemPermissionId();
332 }
333
334 if (this.postCreateDomainPermission.isWithGrantOption() && !other.getPostCreateDomainPermission().isWithGrantOption()) {
335 return false;
336 }
337
338 return this.postCreateDomainPermission.equalsIgnoreGrantOption(other.getPostCreateDomainPermission());
339 }
340
341 @Override
342 public boolean equals(Object other) {
343 if (this == other) {
344 return true;
345 }
346 if (other == null || getClass() != other.getClass()) {
347 return false;
348 }
349
350 DomainCreatePermissionImpl otherDomainCreatePermission = (DomainCreatePermissionImpl) other;
351
352 if (systemPermissionId != otherDomainCreatePermission.systemPermissionId) {
353 return false;
354 }
355 if (withGrantOption != otherDomainCreatePermission.withGrantOption) {
356 return false;
357 }
358 if (postCreateDomainPermission != null
359 ? !postCreateDomainPermission.equals(otherDomainCreatePermission.postCreateDomainPermission)
360 : otherDomainCreatePermission.postCreateDomainPermission != null) {
361 return false;
362 }
363 if (sysPermissionName != null
364 ? !sysPermissionName.equals(otherDomainCreatePermission.sysPermissionName)
365 : otherDomainCreatePermission.sysPermissionName != null) {
366 return false;
367 }
368
369 return true;
370 }
371
372 @Override
373 public boolean equalsIgnoreGrantOption(Object other) {
374 if (this == other) {
375 return true;
376 }
377 if (other == null || getClass() != other.getClass()) {
378 return false;
379 }
380
381 DomainCreatePermissionImpl otherDomainCreatePermission = (DomainCreatePermissionImpl) other;
382
383 if (systemPermissionId != otherDomainCreatePermission.systemPermissionId) {
384 return false;
385 }
386
387 if (postCreateDomainPermission != null
388 ? !postCreateDomainPermission.equals(otherDomainCreatePermission.postCreateDomainPermission)
389 : otherDomainCreatePermission.postCreateDomainPermission != null) {
390 return false;
391 }
392
393 if (sysPermissionName != null
394 ? !sysPermissionName.equals(otherDomainCreatePermission.sysPermissionName)
395 : otherDomainCreatePermission.sysPermissionName != null) {
396 return false;
397 }
398
399 return true;
400 }
401
402 @Override
403 @Deprecated
404 public boolean equalsIgnoreGrant(Object other) {
405 return equalsIgnoreGrantOption(other);
406 }
407
408 @Override
409 public int hashCode() {
410 int result = (int) (systemPermissionId ^ (systemPermissionId >>> 32));
411 result = 31 * result + (sysPermissionName != null ? sysPermissionName.hashCode() : 0);
412 result = 31 * result + (postCreateDomainPermission != null ? postCreateDomainPermission.hashCode() : 0);
413 result = 31 * result + (withGrantOption ? 1 : 0);
414 return result;
415 }
416
417 @Override
418 public String toString() {
419 if (postCreateDomainPermission == null) {
420 return withGrantOption ? sysPermissionName + " /G" : sysPermissionName;
421 }
422 else {
423 return "[" + postCreateDomainPermission.toString() + "]" + (withGrantOption ? " /G" : "");
424 }
425 }
426
427 // private static helper method to convert a sys permission name to a sys permission object
428
429 private static SysPermission getSysPermission(String permissionName) {
430 if (permissionName == null) {
431 throw new IllegalArgumentException("A system permission name is required");
432 }
433
434 final String trimmedPermissionName = permissionName.trim();
435
436 if (trimmedPermissionName.isEmpty()) {
437 throw new IllegalArgumentException("A system permission name is required");
438 }
439
440 final SysPermission sysPermission = sysPermissionsByName.get(trimmedPermissionName);
441
442 if (sysPermission == null) {
443 throw new IllegalArgumentException("Invalid system permission name: " + trimmedPermissionName);
444 }
445
446 return sysPermission;
447 }
448 }
449 }