001/**
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: Resource.java,v 1.5 2009/01/28 05:34:50 ww203982 Exp $
026 *
027 */
028
029package com.iplanet.ums;
030
031import java.security.Principal;
032import java.util.Collection;
033import java.util.Iterator;
034
035import com.sun.identity.shared.ldap.util.DN;
036
037import com.sun.identity.shared.debug.Debug;
038import com.iplanet.services.ldap.AttrSet;
039
040/**
041 * Represents a user entry in UMS.
042 *
043 * @supported.api
044 */
045public class Resource extends PersistentObject {
046
047    private static Debug debug;
048
049    static {
050        debug = Debug.getInstance(IUMSConstants.UMS_DEBUG);
051    }
052
053    /**
054     * No args constructor; used to construct the right object as entries are
055     * read from persistent storage.
056     * 
057     */
058    protected Resource() throws UMSException {
059        super();
060    }
061
062    /**
063     * Construct user entry from session and a given guid.
064     * 
065     * @param session
066     *            authenticated session maintained by Session Manager
067     * @param guid
068     *            globally unique identifier for the entity
069     */
070    Resource(Principal principal, Guid guid) throws UMSException {
071        super(principal, guid);
072        verifyClass();
073    }
074
075    /**
076     * Construct Resource object without a session. Unlike the constructor with
077     * a session parameter; this one simply creates a Resource object in memory,
078     * using the default template. The save() method must be called to save the
079     * object to the persistent store.
080     * 
081     * @param attrSet
082     *            attribute/value set
083     * 
084     */
085    Resource(AttrSet attrSet) throws UMSException {
086        this(TemplateManager.getTemplateManager().getCreationTemplate(_class,
087                null), attrSet);
088    }
089
090    /**
091     * Construct Resource object without session. Unlike constructor with
092     * session, this one simply creates a Resource object in memory. Call the
093     * save() method to save the object to data store.
094     * 
095     * @param template
096     *            template to the Resource
097     * @param attrSet
098     *            attribute/value set
099     * 
100     * @supported.api
101     */
102    public Resource(CreationTemplate template, AttrSet attrSet)
103            throws UMSException {
104        super(template, attrSet);
105    }
106
107    /**
108     * Return attribute set according to a supplied search template. The search
109     * template is used as attribute retrieval guidelines.
110     * 
111     * @param template
112     *            Search template
113     * @return attribute set with attribute names defined in the template
114     * 
115     * @supported.api
116     */
117    public AttrSet getAttributes(SearchTemplate template) throws UMSException {
118        AttrSet attrSet = new AttrSet();
119        String[] attrNames = template.getAttributeNames();
120
121        for (int i = 0; i < attrNames.length; i++) {
122            attrSet.add(getAttribute(attrNames[i]));
123        }
124        return attrSet;
125    }
126
127    /**
128     * Get the access rights associated with the user; this will return an
129     * aggregation of all the attribute access rights granted by each of the
130     * user's roles. The aggregation will only include from the 'guid' parameter
131     * on up the DIT.
132     * 
133     * @param guid
134     *            The starting location of the role (rights) aggregation.
135     * @return AccessRightObject associated with the user
136     * 
137     * @supported.api
138     */
139    public AccessRightObject getAccessRight(Guid guid) throws UMSException,
140            com.iplanet.services.ldap.aci.ACIParseException {
141        AccessRightObject aro = new AccessRightObject();
142        Collection roles = getRoles();
143        Iterator it = roles.iterator();
144        if (it != null) {
145            if (debug.messageEnabled()) {
146                debug.message("Resource.getAccessRight : Get rights for : "
147                        + guid.getDn());
148            }
149            DN guidDn = new DN(guid.getDn());
150            while (it.hasNext()) {
151                Guid roleGuid = new Guid((String) it.next());
152                DN roleGuidDn = new DN(roleGuid.getDn());
153                if (debug.messageEnabled()) {
154                    debug.message("Resource.getAccessRight : Role Dn : "
155                            + roleGuid.getDn());
156                }
157                if (roleGuidDn.getParent().isDescendantOf(guidDn))
158                    continue;
159                BaseRole role = (BaseRole) UMSObject.getObject(getPrincipal(),
160                        roleGuid);
161                if (debug.messageEnabled()) {
162                    debug.message("Resource.getAccessRight : Role "
163                            + role.getGuid());
164                }
165                AccessRightObject right = role.getAccessRight();
166                aro.grantReadPermission(right.getReadableAttributeNames());
167                aro.grantWritePermission(right.getWritableAttributeNames());
168                debug.message("Resource.getAccessRight : Done grant");
169            }
170        }
171        return aro;
172    }
173
174    static final String NEW_INSTANCE_FAILED = "newinstancefailed";
175
176    private static final Class _class = com.iplanet.ums.Resource.class;
177}