001/*
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: Resource.java,v 1.5 2009/01/28 05:34:50 ww203982 Exp $
026 *
027 * Portions Copyright 2015 ForgeRock AS.
028 */
029
030package com.iplanet.ums;
031
032import java.security.Principal;
033import java.util.Collection;
034import java.util.Iterator;
035
036import com.sun.identity.shared.debug.Debug;
037import com.iplanet.services.ldap.AttrSet;
038import org.forgerock.opendj.ldap.DN;
039import org.forgerock.opendj.ldap.SearchScope;
040
041/**
042 * Represents a user entry in UMS.
043 *
044 * @supported.api
045 */
046public class Resource extends PersistentObject {
047
048    private static Debug debug;
049
050    static {
051        debug = Debug.getInstance(IUMSConstants.UMS_DEBUG);
052    }
053
054    /**
055     * No args constructor; used to construct the right object as entries are
056     * read from persistent storage.
057     * 
058     */
059    protected Resource() throws UMSException {
060        super();
061    }
062
063    /**
064     * Construct user entry from session and a given guid.
065     * 
066     * @param session
067     *            authenticated session maintained by Session Manager
068     * @param guid
069     *            globally unique identifier for the entity
070     */
071    Resource(Principal principal, Guid guid) throws UMSException {
072        super(principal, guid);
073        verifyClass();
074    }
075
076    /**
077     * Construct Resource object without a session. Unlike the constructor with
078     * a session parameter; this one simply creates a Resource object in memory,
079     * using the default template. The save() method must be called to save the
080     * object to the persistent store.
081     * 
082     * @param attrSet
083     *            attribute/value set
084     * 
085     */
086    Resource(AttrSet attrSet) throws UMSException {
087        this(TemplateManager.getTemplateManager().getCreationTemplate(_class,
088                null), attrSet);
089    }
090
091    /**
092     * Construct Resource object without session. Unlike constructor with
093     * session, this one simply creates a Resource object in memory. Call the
094     * save() method to save the object to data store.
095     * 
096     * @param template
097     *            template to the Resource
098     * @param attrSet
099     *            attribute/value set
100     * 
101     * @supported.api
102     */
103    public Resource(CreationTemplate template, AttrSet attrSet)
104            throws UMSException {
105        super(template, attrSet);
106    }
107
108    /**
109     * Return attribute set according to a supplied search template. The search
110     * template is used as attribute retrieval guidelines.
111     * 
112     * @param template
113     *            Search template
114     * @return attribute set with attribute names defined in the template
115     * 
116     * @supported.api
117     */
118    public AttrSet getAttributes(SearchTemplate template) throws UMSException {
119        AttrSet attrSet = new AttrSet();
120        String[] attrNames = template.getAttributeNames();
121
122        for (int i = 0; i < attrNames.length; i++) {
123            attrSet.add(getAttribute(attrNames[i]));
124        }
125        return attrSet;
126    }
127
128    /**
129     * Get the access rights associated with the user; this will return an
130     * aggregation of all the attribute access rights granted by each of the
131     * user's roles. The aggregation will only include from the 'guid' parameter
132     * on up the DIT.
133     * 
134     * @param guid
135     *            The starting location of the role (rights) aggregation.
136     * @return AccessRightObject associated with the user
137     * 
138     * @supported.api
139     */
140    public AccessRightObject getAccessRight(Guid guid) throws UMSException,
141            com.iplanet.services.ldap.aci.ACIParseException {
142        AccessRightObject aro = new AccessRightObject();
143        Collection roles = getRoles();
144        Iterator it = roles.iterator();
145        if (it != null) {
146            if (debug.messageEnabled()) {
147                debug.message("Resource.getAccessRight : Get rights for : "
148                        + guid.getDn());
149            }
150            DN guidDn = DN.valueOf(guid.getDn());
151            while (it.hasNext()) {
152                Guid roleGuid = new Guid((String) it.next());
153                DN roleGuidDn = DN.valueOf(roleGuid.getDn());
154                if (debug.messageEnabled()) {
155                    debug.message("Resource.getAccessRight : Role Dn : "
156                            + roleGuid.getDn());
157                }
158                if (roleGuidDn.parent().isInScopeOf(guidDn, SearchScope.SUBORDINATES))
159                    continue;
160                BaseRole role = (BaseRole) UMSObject.getObject(getPrincipal(),
161                        roleGuid);
162                if (debug.messageEnabled()) {
163                    debug.message("Resource.getAccessRight : Role "
164                            + role.getGuid());
165                }
166                AccessRightObject right = role.getAccessRight();
167                aro.grantReadPermission(right.getReadableAttributeNames());
168                aro.grantWritePermission(right.getWritableAttributeNames());
169                debug.message("Resource.getAccessRight : Done grant");
170            }
171        }
172        return aro;
173    }
174
175    static final String NEW_INSTANCE_FAILED = "newinstancefailed";
176
177    private static final Class _class = com.iplanet.ums.Resource.class;
178}