PageRenderTime 52ms CodeModel.GetById 20ms RepoModel.GetById 0ms app.codeStats 1ms

/repository/src/org/pentaho/platform/security/userroledao/jackrabbit/AbstractJcrBackedUserRoleDao.java

https://github.com/dbogdanovich/pentaho-platform
Java | 800 lines | 669 code | 103 blank | 28 comment | 191 complexity | c10e03c4420c0afd4a84de8972f4dbcd MD5 | raw file
    

  1. package org.pentaho.platform.security.userroledao.jackrabbit;

    2. 

  2. 

    3. 

  3. import java.io.Serializable;

    4. 

  4. import java.util.ArrayList;

    5. 

  5. import java.util.Arrays;

    6. 

  6. import java.util.EnumSet;

    7. 

  7. import java.util.HashMap;

    8. 

  8. import java.util.HashSet;

    9. 

  9. import java.util.Iterator;

    10. 

  10. import java.util.List;

    11. 

  11. import java.util.Properties;

    12. 

  12. import java.util.Set;

    13. 

  13. 

    14. 

  14. import javax.jcr.Credentials;

    15. 

  15. import javax.jcr.NamespaceException;

    16. 

  16. import javax.jcr.Node;

    17. 

  17. import javax.jcr.RepositoryException;

    18. 

  18. import javax.jcr.Session;

    19. 

  19. import javax.jcr.Value;

    20. 

  20. 

    21. 

  21. import org.apache.commons.collections.map.LRUMap;

    22. 

  22. import org.apache.jackrabbit.api.security.user.Authorizable;

    23. 

  23. import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;

    24. 

  24. import org.apache.jackrabbit.api.security.user.Group;

    25. 

  25. import org.apache.jackrabbit.api.security.user.User;

    26. 

  26. import org.apache.jackrabbit.api.security.user.UserManager;

    27. 

  27. import org.apache.jackrabbit.core.SessionImpl;

    28. 

  28. import org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials;

    29. 

  29. import org.apache.jackrabbit.core.security.principal.PrincipalImpl;

    30. 

  30. import org.apache.jackrabbit.core.security.user.UserManagerImpl;

    31. 

  31. import org.apache.jackrabbit.spi.Name;

    32. 

  32. import org.apache.jackrabbit.spi.NameFactory;

    33. 

  33. import org.apache.jackrabbit.spi.commons.name.NameFactoryImpl;

    34. 

  34. import org.pentaho.platform.api.engine.security.userroledao.IPentahoRole;

    35. 

  35. import org.pentaho.platform.api.engine.security.userroledao.IPentahoUser;

    36. 

  36. import org.pentaho.platform.api.engine.security.userroledao.IUserRoleDao;

    37. 

  37. import org.pentaho.platform.api.engine.security.userroledao.NotFoundException;

    38. 

  38. import org.pentaho.platform.api.mt.ITenant;

    39. 

  39. import org.pentaho.platform.api.mt.ITenantedPrincipleNameResolver;

    40. 

  40. import org.pentaho.platform.api.repository2.unified.IRepositoryDefaultAclHandler;

    41. 

  41. import org.pentaho.platform.api.repository2.unified.RepositoryFile;

    42. 

  42. import org.pentaho.platform.api.repository2.unified.RepositoryFileAcl;

    43. 

  43. import org.pentaho.platform.api.repository2.unified.RepositoryFileAcl.Builder;

    44. 

  44. import org.pentaho.platform.api.repository2.unified.RepositoryFilePermission;

    45. 

  45. import org.pentaho.platform.api.repository2.unified.RepositoryFileSid;

    46. 

  46. import org.pentaho.platform.api.repository2.unified.RepositoryFileSid.Type;

    47. 

  47. import org.pentaho.platform.engine.core.system.TenantUtils;

    48. 

  48. import org.pentaho.platform.security.userroledao.messages.Messages;

    49. 

  49. import org.pentaho.platform.repository2.unified.IRepositoryFileAclDao;

    50. 

  50. import org.pentaho.platform.repository2.unified.IRepositoryFileDao;

    51. 

  51. import org.pentaho.platform.repository2.unified.ServerRepositoryPaths;

    52. 

  52. import org.pentaho.platform.repository2.unified.jcr.ILockHelper;

    53. 

  53. import org.pentaho.platform.repository2.unified.jcr.IPathConversionHelper;

    54. 

  54. import org.pentaho.platform.repository2.unified.jcr.JcrRepositoryFileAclUtils;

    55. 

  55. import org.pentaho.platform.repository2.unified.jcr.JcrRepositoryFileUtils;

    56. 

  56. import org.pentaho.platform.repository2.unified.jcr.JcrTenantUtils;

    57. 

  57. import org.pentaho.platform.repository2.unified.jcr.PentahoJcrConstants;

    58. 

  58. import org.pentaho.platform.security.userroledao.PentahoRole;

    59. 

  59. import org.pentaho.platform.security.userroledao.PentahoUser;

    60. 

  60. import org.springframework.security.providers.dao.UserCache;

    61. 

  61. import org.springframework.security.providers.dao.cache.NullUserCache;

    62. 

  62. 

    63. 

  63. public abstract class AbstractJcrBackedUserRoleDao implements IUserRoleDao {

    64. 

  64. 

    65. 

  65.   NameFactory NF = NameFactoryImpl.getInstance();

    66. 

  66. 

    67. 

  67.   Name P_PRINCIPAL_NAME = NF.create(Name.NS_REP_URI, "principalName"); //$NON-NLS-1$

    68. 

  68. 

    69. 

  69.   protected ITenantedPrincipleNameResolver tenantedUserNameUtils;

    70. 

  70. 

    71. 

  71.   protected ITenantedPrincipleNameResolver tenantedRoleNameUtils;

    72. 

  72. 

    73. 

  73.   String pPrincipalName = "rep:principalName"; //$NON-NLS-1$

    74. 

  74. 

    75. 

  75.   IRepositoryFileAclDao repositoryFileAclDao;

    76. 

  76. 

    77. 

  77.   IRepositoryFileDao repositoryFileDao;

    78. 

  78. 

    79. 

  79.   String defaultTenant;

    80. 

  80. 

    81. 

  81.   String authenticatedRoleName;

    82. 

  82. 

    83. 

  83.   String tenantAdminRoleName;

    84. 

  84. 

    85. 

  85.   String repositoryAdminUsername;

    86. 

  86. 

    87. 

  87.   IPathConversionHelper pathConversionHelper;

    88. 

  88. 

    89. 

  89.   IRepositoryDefaultAclHandler defaultAclHandler;

    90. 

  90. 

    91. 

  91.   ILockHelper lockHelper;

    92. 

  92. 

    93. 

  93.   List<String> systemRoles;

    94. 

  94.   

    95. 

  95.   List<String> extraRoles;

    96. 

  96.   

    97. 

  97.   HashMap<String, UserManagerImpl> userMgrMap = new HashMap<String, UserManagerImpl>();

    98. 

  98. 

    99. 

  99.   private LRUMap userCache = new LRUMap(4096);

    100. 

  100. 

    101. 

  101.   private UserCache userDetailsCache = new NullUserCache();

    102. 

  102. 

    103. 

  103.   public AbstractJcrBackedUserRoleDao(ITenantedPrincipleNameResolver userNameUtils,

    104. 

  104.                                       ITenantedPrincipleNameResolver roleNameUtils, String authenticatedRoleName, String tenantAdminRoleName,

    105. 

  105.                                       String repositoryAdminUsername, IRepositoryFileAclDao repositoryFileAclDao, IRepositoryFileDao repositoryFileDao,

    106. 

  106.                                       final IPathConversionHelper pathConversionHelper, final ILockHelper lockHelper,

    107. 

  107.                                       final IRepositoryDefaultAclHandler defaultAclHandler, final List<String> systemRoles, final List<String> extraRoles, UserCache userDetailsCache) throws NamespaceException {

    108. 

  108.     this.tenantedUserNameUtils = userNameUtils;

    109. 

  109.     this.tenantedRoleNameUtils = roleNameUtils;

    110. 

  110.     this.authenticatedRoleName = authenticatedRoleName;

    111. 

  111.     this.tenantAdminRoleName = tenantAdminRoleName;

    112. 

  112.     this.repositoryAdminUsername = repositoryAdminUsername;

    113. 

  113.     this.repositoryFileAclDao = repositoryFileAclDao;

    114. 

  114.     this.repositoryFileDao = repositoryFileDao;

    115. 

  115.     this.pathConversionHelper = pathConversionHelper;

    116. 

  116.     this.lockHelper = lockHelper;

    117. 

  117.     this.defaultAclHandler = defaultAclHandler;

    118. 

  118.     this.systemRoles = systemRoles;

    119. 

  119.     this.extraRoles = extraRoles;

    120. 

  120.     this.userDetailsCache = userDetailsCache;

    121. 

  121.   }

    122. 

  122. 

    123. 

  123.   public void setRoleMembers(Session session, final ITenant theTenant, final String roleName,

    124. 

  124.       final String[] memberUserNames) throws RepositoryException, NotFoundException {

    125. 

  125.     List<IPentahoUser> currentRoleMembers = getRoleMembers(session, theTenant, roleName);

    126. 

  126.     if(tenantAdminRoleName.equals(roleName) && (currentRoleMembers != null && currentRoleMembers.size() > 0) && memberUserNames.length == 0) {

    127. 

  127.       throw new RepositoryException(Messages.getInstance().getString(

    128. 

  128.           "AbstractJcrBackedUserRoleDao.ERROR_0001_LAST_ADMIN_ROLE", tenantAdminRoleName));

    129. 

  129.     }

    130. 

  130.     Group jackrabbitGroup = getJackrabbitGroup(theTenant, roleName, session);

    131. 

  131. 

    132. 

  132.     if ((jackrabbitGroup == null)

    133. 

  133.         || !TenantUtils.isAccessibleTenant(theTenant == null ? tenantedRoleNameUtils.getTenant(jackrabbitGroup.getID())

    134. 

  134.             : theTenant)) {

    135. 

  135.       throw new NotFoundException(Messages.getInstance().getString(

    136. 

  136.           "AbstractJcrBackedUserRoleDao.ERROR_0002_ROLE_NOT_FOUND"));

    137. 

  137.     }

    138. 

  138.     HashMap<String, User> currentlyAssignedUsers = new HashMap<String, User>();

    139. 

  139.     Iterator<Authorizable> currentMembers = jackrabbitGroup.getMembers();

    140. 

  140.     while (currentMembers.hasNext()) {

    141. 

  141.       Authorizable member = currentMembers.next();

    142. 

  142.       if (member instanceof User) {

    143. 

  143.         currentlyAssignedUsers.put(member.getID(), (User) member);

    144. 

  144.       }

    145. 

  145.     }

    146. 

  146. 

    147. 

  147.     HashMap<String, User> finalCollectionOfAssignedUsers = new HashMap<String, User>();

    148. 

  148.     if (memberUserNames != null) {

    149. 

  149.       ITenant tenant = theTenant == null ? JcrTenantUtils.getTenant(roleName, false) : theTenant;

    150. 

  150.       for (String user : memberUserNames) {

    151. 

  151.         User jackrabbitUser = getJackrabbitUser(tenant, user, session);

    152. 

  152.         if (jackrabbitUser != null) {

    153. 

  153.           finalCollectionOfAssignedUsers.put(tenantedRoleNameUtils.getPrincipleId(tenant, user), jackrabbitUser);

    154. 

  154.         }

    155. 

  155.       }

    156. 

  156.     }

    157. 

  157. 

    158. 

  158.     ArrayList<String> usersToRemove = new ArrayList<String>(currentlyAssignedUsers.keySet());

    159. 

  159.     usersToRemove.removeAll(finalCollectionOfAssignedUsers.keySet());

    160. 

  160. 

    161. 

  161.     ArrayList<String> usersToAdd = new ArrayList<String>(finalCollectionOfAssignedUsers.keySet());

    162. 

  162.     usersToAdd.removeAll(currentlyAssignedUsers.keySet());

    163. 

  163. 

    164. 

  164.     for (String userId : usersToRemove) {

    165. 

  165.       jackrabbitGroup.removeMember(currentlyAssignedUsers.get(userId));

    166. 

  166.     }

    167. 

  167. 

    168. 

  168.     for (String userId : usersToAdd) {

    169. 

  169.       jackrabbitGroup.addMember(finalCollectionOfAssignedUsers.get(userId));

    170. 

  170. 

    171. 

  171.       // Purge the UserDetails cache

    172. 

  172.       purgeUserFromCache(userId);

    173. 

  173.     }

    174. 

  174.   }

    175. 

  175. 

    176. 

  176.   private void setUserRolesForNewUser(Session session, final ITenant theTenant, final String userName,

    177. 

  177.       final String[] roles) throws RepositoryException, NotFoundException {

    178. 

  178.     Set<String> roleSet = new HashSet<String>();

    179. 

  179.     if (roles != null) {

    180. 

  180.       roleSet.addAll(Arrays.asList(roles));

    181. 

  181.     }

    182. 

  182.     roleSet.add(authenticatedRoleName);

    183. 

  183. 

    184. 

  184.     User jackrabbitUser = getJackrabbitUser(theTenant, userName, session);

    185. 

  185. 

    186. 

  186.     if ((jackrabbitUser == null)

    187. 

  187.         || !TenantUtils.isAccessibleTenant(theTenant == null ? tenantedUserNameUtils.getTenant(jackrabbitUser.getID())

    188. 

  188.             : theTenant)) {

    189. 

  189.       throw new NotFoundException(Messages.getInstance().getString(

    190. 

  190.           "AbstractJcrBackedUserRoleDao.ERROR_0003_USER_NOT_FOUND"));

    191. 

  191.     }

    192. 

  192. 

    193. 

  193.     HashMap<String, Group> finalCollectionOfAssignedGroups = new HashMap<String, Group>();

    194. 

  194.     ITenant tenant = theTenant == null ? JcrTenantUtils.getTenant(userName, true) : theTenant;

    195. 

  195.     for (String role : roleSet) {

    196. 

  196.       Group jackrabbitGroup = getJackrabbitGroup(tenant, role, session);

    197. 

  197.       if (jackrabbitGroup != null) {

    198. 

  198.         finalCollectionOfAssignedGroups.put(tenantedRoleNameUtils.getPrincipleId(tenant, role), jackrabbitGroup);

    199. 

  199.       }

    200. 

  200.     }

    201. 

  201. 

    202. 

  202.     ArrayList<String> groupsToAdd = new ArrayList<String>(finalCollectionOfAssignedGroups.keySet());

    203. 

  203. 

    204. 

  204.     for (String groupId : groupsToAdd) {

    205. 

  205.       finalCollectionOfAssignedGroups.get(groupId).addMember(jackrabbitUser);

    206. 

  206.       // Purge the UserDetails cache

    207. 

  207.       purgeUserFromCache(userName);

    208. 

  208.     }

    209. 

  209.   }

    210. 

  210. 

    211. 

  211.   private void purgeUserFromCache(String userName) {

    212. 

  212.     userDetailsCache.removeUserFromCache(getTenantedUserNameUtils().getPrincipleName(userName));

    213. 

  213.   }

    214. 

  214. 

    215. 

  215.   public void setUserRoles(Session session, final ITenant theTenant, final String userName, final String[] roles)

    216. 

  216.       throws RepositoryException, NotFoundException {

    217. 

  217.     if(hasAdminRole(getUserRoles(theTenant, userName)) && (roles.length == 0)) {

    218. 

  218.       throw new RepositoryException(Messages.getInstance().getString(

    219. 

  219.           "AbstractJcrBackedUserRoleDao.ERROR_0005_LAST_ADMIN_USER", userName));

    220. 

  220.     }

    221. 

  221. 

    222. 

  222.     Set<String> roleSet = new HashSet<String>();

    223. 

  223.     if (roles != null) {

    224. 

  224.       roleSet.addAll(Arrays.asList(roles));

    225. 

  225.     }

    226. 

  226.     roleSet.add(authenticatedRoleName);

    227. 

  227. 

    228. 

  228.     User jackrabbitUser = getJackrabbitUser(theTenant, userName, session);

    229. 

  229. 

    230. 

  230.     if ((jackrabbitUser == null)

    231. 

  231.         || !TenantUtils.isAccessibleTenant(theTenant == null ? tenantedUserNameUtils.getTenant(jackrabbitUser.getID())

    232. 

  232.             : theTenant)) {

    233. 

  233.       throw new NotFoundException(Messages.getInstance().getString(

    234. 

  234.           "AbstractJcrBackedUserRoleDao.ERROR_0003_USER_NOT_FOUND"));

    235. 

  235.     }

    236. 

  236.     HashMap<String, Group> currentlyAssignedGroups = new HashMap<String, Group>();

    237. 

  237.     Iterator<Group> currentGroups = jackrabbitUser.memberOf();

    238. 

  238.     while (currentGroups.hasNext()) {

    239. 

  239.       Group currentGroup = currentGroups.next();

    240. 

  240.       currentlyAssignedGroups.put(currentGroup.getID(), currentGroup);

    241. 

  241.     }

    242. 

  242. 

    243. 

  243.     HashMap<String, Group> finalCollectionOfAssignedGroups = new HashMap<String, Group>();

    244. 

  244.     ITenant tenant = theTenant == null ? JcrTenantUtils.getTenant(userName, true) : theTenant;

    245. 

  245.     for (String role : roleSet) {

    246. 

  246.       Group jackrabbitGroup = getJackrabbitGroup(tenant, role, session);

    247. 

  247.       if (jackrabbitGroup != null) {

    248. 

  248.         finalCollectionOfAssignedGroups.put(tenantedRoleNameUtils.getPrincipleId(tenant, role), jackrabbitGroup);

    249. 

  249.       }

    250. 

  250.     }

    251. 

  251. 

    252. 

  252.     ArrayList<String> groupsToRemove = new ArrayList<String>(currentlyAssignedGroups.keySet());

    253. 

  253.     groupsToRemove.removeAll(finalCollectionOfAssignedGroups.keySet());

    254. 

  254. 

    255. 

  255.     ArrayList<String> groupsToAdd = new ArrayList<String>(finalCollectionOfAssignedGroups.keySet());

    256. 

  256.     groupsToAdd.removeAll(currentlyAssignedGroups.keySet());

    257. 

  257. 

    258. 

  258.     for (String groupId : groupsToRemove) {

    259. 

  259.       currentlyAssignedGroups.get(groupId).removeMember(jackrabbitUser);

    260. 

  260.     }

    261. 

  261. 

    262. 

  262.     for (String groupId : groupsToAdd) {

    263. 

  263.       finalCollectionOfAssignedGroups.get(groupId).addMember(jackrabbitUser);

    264. 

  264.     }

    265. 

  265. 

    266. 

  266.     // Purge the UserDetails cache

    267. 

  267.     purgeUserFromCache(userName);

    268. 

  268.   }

    269. 

  269. 

    270. 

  270.   public IPentahoRole createRole(Session session, final ITenant theTenant, final String roleName,

    271. 

  271.       final String description, final String[] memberUserNames) throws AuthorizableExistsException, RepositoryException {

    272. 

  272.     ITenant tenant = theTenant;

    273. 

  273.     String role = roleName;

    274. 

  274.     if (tenant == null) {

    275. 

  275.       tenant = JcrTenantUtils.getTenant(roleName, false);

    276. 

  276.       role = JcrTenantUtils.getPrincipalName(roleName, false);

    277. 

  277.     }

    278. 

  278.     if (tenant == null || tenant.getId() == null) {

    279. 

  279.       tenant = JcrTenantUtils.getCurrentTenant();

    280. 

  280.     }

    281. 

  281.     if (!TenantUtils.isAccessibleTenant(tenant)) {

    282. 

  282.       throw new NotFoundException(Messages.getInstance().getString(

    283. 

  283.           "AbstractJcrBackedUserRoleDao.ERROR_0006_TENANT_NOT_FOUND", theTenant.getId()));

    284. 

  284.     }

    285. 

  285.     String roleId = tenantedRoleNameUtils.getPrincipleId(tenant, role);

    286. 

  286. 

    287. 

  287.     UserManager tenantUserMgr = getUserManager(tenant, session);

    288. 

  288.     // Intermediate path will always be an empty string. The path is already provided while creating a user manager

    289. 

  289.     tenantUserMgr.createGroup(new PrincipalImpl(roleId), ""); //$NON-NLS-1$

    290. 

  290.     setRoleMembers(session, tenant, role, memberUserNames);

    291. 

  291.     setRoleDescription(session, tenant, role, description);

    292. 

  292.     return getRole(session, theTenant, roleName);

    293. 

  293.   }

    294. 

  294. 

    295. 

  295.   public IPentahoUser createUser(Session session, final ITenant theTenant, final String userName,

    296. 

  296.       final String password, final String description, final String[] roles) throws AuthorizableExistsException,

    297. 

  297.       RepositoryException {

    298. 

  298.     ITenant tenant = theTenant;

    299. 

  299.     String user = userName;

    300. 

  300.     if (tenant == null) {

    301. 

  301.       tenant = JcrTenantUtils.getTenant(userName, true);

    302. 

  302.       user = JcrTenantUtils.getPrincipalName(userName, true);

    303. 

  303.     }

    304. 

  304.     if (tenant == null || tenant.getId() == null) {

    305. 

  305.       tenant = JcrTenantUtils.getCurrentTenant();

    306. 

  306.     }

    307. 

  307.     if (!TenantUtils.isAccessibleTenant(tenant)) {

    308. 

  308.       throw new NotFoundException(Messages.getInstance().getString(

    309. 

  309.           "AbstractJcrBackedUserRoleDao.ERROR_0006_TENANT_NOT_FOUND", theTenant.getId()));

    310. 

  310.     }

    311. 

  311.     String userId = tenantedUserNameUtils.getPrincipleId(tenant, user);

    312. 

  312.     UserManager tenantUserMgr = getUserManager(tenant, session);

    313. 

  313.     tenantUserMgr.createUser(userId, password, new PrincipalImpl(userId), ""); //$NON-NLS-1$

    314. 

  314.     session.save();

    315. 

  315.     /** This call is absolutely necessary. setUserRolesForNewUser will never

    316. 

  316.     **  inspect what roles this user is a part of. Since this is a new user

    317. 

  317.     **  it will not be a part of new roles

    318. 

  318.     **/

    319. 

  319.     setUserRolesForNewUser(session, tenant, user, roles);

    320. 

  320.     setUserDescription(session, tenant, user, description);

    321. 

  321.     session.save();

    322. 

  322.     createUserHomeFolder(tenant, user, session);

    323. 

  323.     session.save();

    324. 

  324.     this.userDetailsCache.removeUserFromCache(userName);

    325. 

  325.     return getUser(session, tenant, userName);

    326. 

  326.   }

    327. 

  327. 

    328. 

  328.   public void deleteRole(Session session, final IPentahoRole role) throws NotFoundException, RepositoryException {

    329. 

  329.     if(canDeleteRole(session, role)) {

    330. 

  330.       Group jackrabbitGroup = getJackrabbitGroup(role.getTenant(), role.getName(), session);

    331. 

  331.       if (jackrabbitGroup != null

    332. 

  332.           && TenantUtils.isAccessibleTenant(tenantedRoleNameUtils.getTenant(jackrabbitGroup.getID()))) {

    333. 

  333.         jackrabbitGroup.remove();

    334. 

  334.       } else {

    335. 

  335.         throw new NotFoundException(""); //$NON-NLS-1$

    336. 

  336.       }

    337. 

  337.     } else {

    338. 

  338.       throw new RepositoryException(Messages.getInstance().getString(

    339. 

  339.           "AbstractJcrBackedUserRoleDao.ERROR_0007_ATTEMPTED_SYSTEM_ROLE_DELETE"));

    340. 

  340.     } 

    341. 

  341.   }

    342. 

  342. 

    343. 

  343.   public void deleteUser(Session session, final IPentahoUser user) throws NotFoundException, RepositoryException {

    344. 

  344.     if(canDeleteUser(session, user)) {

    345. 

  345.       User jackrabbitUser = getJackrabbitUser(user.getTenant(), user.getUsername(), session);

    346. 

  346.       if (jackrabbitUser != null

    347. 

  347.           && TenantUtils.isAccessibleTenant(tenantedUserNameUtils.getTenant(jackrabbitUser.getID()))) {

    348. 

  348.         

    349. 

  349.         // [BISERVER-9215] Adding new user with same user name as a previously deleted user, defaults to all previous roles

    350. 

  350.         Iterator<Group> currentGroups = jackrabbitUser.memberOf();

    351. 

  351.         while (currentGroups.hasNext()) {

    352. 

  352.           currentGroups.next().removeMember(jackrabbitUser);

    353. 

  353.         }

    354. 

  354.         // [BISERVER-9215]

    355. 

  355.         

    356. 

  356.         jackrabbitUser.remove();

    357. 

  357.       } else {

    358. 

  358.         throw new NotFoundException(""); //$NON-NLS-1$

    359. 

  359.       }

    360. 

  360.     } else {

    361. 

  361.       throw new RepositoryException(Messages.getInstance().getString(

    362. 

  362.           "AbstractJcrBackedUserRoleDao.ERROR_0004_LAST_USER_NEEDED_IN_ROLE", tenantAdminRoleName));

    363. 

  363.     }

    364. 

  364.   }

    365. 

  365. 

    366. 

  366.   public List<IPentahoRole> getRoles(Session session) throws RepositoryException {

    367. 

  367.     return getRoles(session, JcrTenantUtils.getCurrentTenant());

    368. 

  368.   }

    369. 

  369. 

    370. 

  370.   private IPentahoUser convertToPentahoUser(User jackrabbitUser) throws RepositoryException {

    371. 

  371.     if(userCache.containsKey(jackrabbitUser.getID())){

    372. 

  372.       return (IPentahoUser) userCache.get(jackrabbitUser.getID());

    373. 

  373.     }

    374. 

  374.     IPentahoUser pentahoUser = null;

    375. 

  375.     Value[] propertyValues = null;

    376. 

  376. 

    377. 

  377.     String description = null;

    378. 

  378.     try {

    379. 

  379.       propertyValues = jackrabbitUser.getProperty("description"); //$NON-NLS-1$

    380. 

  380.       description = propertyValues.length > 0 ? propertyValues[0].getString() : null;

    381. 

  381.     } catch (Exception ex) {

    382. 

  382.     }

    383. 

  383. 

    384. 

  384.     Credentials credentials = jackrabbitUser.getCredentials();

    385. 

  385.     String password = null;

    386. 

  386.     if (credentials instanceof CryptedSimpleCredentials) {

    387. 

  387.       password = new String(((CryptedSimpleCredentials) credentials).getPassword());

    388. 

  388.     }

    389. 

  389. 

    390. 

  390.     pentahoUser = new PentahoUser(tenantedUserNameUtils.getTenant(jackrabbitUser.getID()),

    391. 

  391.         tenantedUserNameUtils.getPrincipleName(jackrabbitUser.getID()), password, description,

    392. 

  392.         !jackrabbitUser.isDisabled());

    393. 

  393. 

    394. 

  394.     userCache.put(jackrabbitUser.getID(), pentahoUser);

    395. 

  395.     return pentahoUser;

    396. 

  396.   }

    397. 

  397. 

    398. 

  398.   private IPentahoRole convertToPentahoRole(Group jackrabbitGroup) throws RepositoryException {

    399. 

  399.     IPentahoRole role = null;

    400. 

  400.     Value[] propertyValues = null;

    401. 

  401. 

    402. 

  402.     String description = null;

    403. 

  403.     try {

    404. 

  404.       propertyValues = jackrabbitGroup.getProperty("description"); //$NON-NLS-1$

    405. 

  405.       description = propertyValues.length > 0 ? propertyValues[0].getString() : null;

    406. 

  406.     } catch (Exception ex) {

    407. 

  407.     }

    408. 

  408. 

    409. 

  409.     role = new PentahoRole(tenantedRoleNameUtils.getTenant(jackrabbitGroup.getID()),

    410. 

  410.         tenantedRoleNameUtils.getPrincipleName(jackrabbitGroup.getID()), description);

    411. 

  411.     return role;

    412. 

  412.   }

    413. 

  413. 

    414. 

  414.   public List<IPentahoUser> getUsers(Session session) throws RepositoryException {

    415. 

  415.     return getUsers(session, JcrTenantUtils.getCurrentTenant());

    416. 

  416.   }

    417. 

  417. 

    418. 

  418.   public void setRoleDescription(Session session, final ITenant theTenant, final String roleName,

    419. 

  419.       final String description) throws NotFoundException, RepositoryException {

    420. 

  420.     Group jackrabbitGroup = getJackrabbitGroup(theTenant, roleName, session);

    421. 

  421.     if (jackrabbitGroup != null

    422. 

  422.         && TenantUtils.isAccessibleTenant(theTenant == null ? tenantedRoleNameUtils.getTenant(jackrabbitGroup.getID())

    423. 

  423.             : theTenant)) {

    424. 

  424.       if (description == null) {

    425. 

  425.         jackrabbitGroup.removeProperty("description"); //$NON-NLS-1$

    426. 

  426.       } else {

    427. 

  427.         jackrabbitGroup.setProperty("description", session.getValueFactory().createValue(description)); //$NON-NLS-1$

    428. 

  428.       }

    429. 

  429.     } else {

    430. 

  430.       throw new NotFoundException(Messages.getInstance().getString(

    431. 

  431.           "AbstractJcrBackedUserRoleDao.ERROR_0002_ROLE_NOT_FOUND"));

    432. 

  432.     }

    433. 

  433.   }

    434. 

  434. 

    435. 

  435.   public void setUserDescription(Session session, final ITenant theTenant, final String userName,

    436. 

  436.       final String description) throws NotFoundException, RepositoryException {

    437. 

  437.     User jackrabbitUser = getJackrabbitUser(theTenant, userName, session);

    438. 

  438.     if ((jackrabbitUser == null)

    439. 

  439.         || !TenantUtils.isAccessibleTenant(theTenant == null ? tenantedUserNameUtils.getTenant(jackrabbitUser.getID())

    440. 

  440.             : theTenant)) {

    441. 

  441.       throw new NotFoundException(Messages.getInstance().getString(

    442. 

  442.           "AbstractJcrBackedUserRoleDao.ERROR_0003_USER_NOT_FOUND"));

    443. 

  443.     }

    444. 

  444.     if (description == null) {

    445. 

  445.       jackrabbitUser.removeProperty("description"); //$NON-NLS-1$

    446. 

  446.     } else {

    447. 

  447.       jackrabbitUser.setProperty("description", session.getValueFactory().createValue(description)); //$NON-NLS-1$

    448. 

  448.     }

    449. 

  449.   }

    450. 

  450. 

    451. 

  451.   public void setPassword(Session session, final ITenant theTenant, final String userName, final String password)

    452. 

  452.       throws NotFoundException, RepositoryException {

    453. 

  453.     User jackrabbitUser = getJackrabbitUser(theTenant, userName, session);

    454. 

  454.     if ((jackrabbitUser == null)

    455. 

  455.         || !TenantUtils.isAccessibleTenant(theTenant == null ? tenantedUserNameUtils.getTenant(jackrabbitUser.getID())

    456. 

  456.             : theTenant)) {

    457. 

  457.       throw new NotFoundException(Messages.getInstance().getString(

    458. 

  458.           "AbstractJcrBackedUserRoleDao.ERROR_0003_USER_NOT_FOUND"));

    459. 

  459.     }

    460. 

  460.     jackrabbitUser.changePassword(password);

    461. 

  461. 

    462. 

  462.     /**

    463. 

  463.      * BISERVER-9906 Clear cache after changing password

    464. 

  464.      */

    465. 

  465.     purgeUserFromCache(userName);

    466. 

  466.     userCache.remove(jackrabbitUser.getID());

    467. 

  467.   }

    468. 

  468. 

    469. 

  469.   public ITenantedPrincipleNameResolver getTenantedUserNameUtils() {

    470. 

  470.     return tenantedUserNameUtils;

    471. 

  471.   }

    472. 

  472. 

    473. 

  473.   public ITenantedPrincipleNameResolver getTenantedRoleNameUtils() {

    474. 

  474.     return tenantedRoleNameUtils;

    475. 

  475.   }

    476. 

  476. 

    477. 

  477.   public List<IPentahoRole> getRoles(Session session, ITenant tenant) throws RepositoryException, NamespaceException {

    478. 

  478.     return getRoles(session, tenant, false);

    479. 

  479.   }

    480. 

  480. 

    481. 

  481.   public List<IPentahoRole> getRoles(Session session, final ITenant theTenant, boolean includeSubtenants)

    482. 

  482.       throws RepositoryException {

    483. 

  483.     ArrayList<IPentahoRole> roles = new ArrayList<IPentahoRole>();

    484. 

  484.     if (TenantUtils.isAccessibleTenant(theTenant)) {

    485. 

  485.       UserManager userMgr = getUserManager(theTenant, session);

    486. 

  486.       pPrincipalName = ((SessionImpl) session).getJCRName(P_PRINCIPAL_NAME);

    487. 

  487.       Iterator<Authorizable> it = userMgr.findAuthorizables(pPrincipalName, null, UserManager.SEARCH_TYPE_GROUP);

    488. 

  488.       while (it.hasNext()) {

    489. 

  489.         Group group = (Group) it.next();

    490. 

  490.         IPentahoRole pentahoRole = convertToPentahoRole(group);

    491. 

  491.         // Exclude the system role from the list of roles to be returned back

    492. 

  492.         if(!extraRoles.contains(pentahoRole.getName())) {

    493. 

  493.           if (includeSubtenants) {

    494. 

  494.             roles.add(pentahoRole);

    495. 

  495.           } else {

    496. 

  496.             if (pentahoRole.getTenant() != null && pentahoRole.getTenant().equals(theTenant)) {

    497. 

  497.               roles.add(pentahoRole);

    498. 

  498.             }

    499. 

  499.           }

    500. 

  500.         }

    501. 

  501.       }

    502. 

  502.     }

    503. 

  503.     return roles;

    504. 

  504.   }

    505. 

  505. 

    506. 

  506.   public List<IPentahoUser> getUsers(Session session, ITenant tenant) throws RepositoryException {

    507. 

  507.     return getUsers(session, tenant, false);

    508. 

  508.   }

    509. 

  509. 

    510. 

  510.   public List<IPentahoUser> getUsers(Session session, final ITenant theTenant, boolean includeSubtenants)

    511. 

  511.       throws RepositoryException {

    512. 

  512.     ArrayList<IPentahoUser> users = new ArrayList<IPentahoUser>();

    513. 

  513.     if (TenantUtils.isAccessibleTenant(theTenant)) {

    514. 

  514.       UserManager userMgr = getUserManager(theTenant, session);

    515. 

  515.       pPrincipalName = ((SessionImpl) session).getJCRName(P_PRINCIPAL_NAME);

    516. 

  516.       Iterator<Authorizable> it = userMgr.findAuthorizables(pPrincipalName, null, UserManager.SEARCH_TYPE_USER);

    517. 

  517.       while (it.hasNext()) {

    518. 

  518.         User user = (User) it.next();

    519. 

  519.         IPentahoUser pentahoUser = convertToPentahoUser(user);

    520. 

  520.         if (includeSubtenants) {

    521. 

  521.           users.add(pentahoUser);

    522. 

  522.         } else {

    523. 

  523.           if (pentahoUser.getTenant() != null && pentahoUser.getTenant().equals(theTenant)) {

    524. 

  524.             users.add(pentahoUser);

    525. 

  525.           }

    526. 

  526.         }

    527. 

  527.       }

    528. 

  528.     }

    529. 

  529.     return users;

    530. 

  530.   }

    531. 

  531. 

    532. 

  532.   public IPentahoRole getRole(Session session, final ITenant tenant, final String name) throws RepositoryException {

    533. 

  533.     Group jackrabbitGroup = getJackrabbitGroup(tenant, name, session);

    534. 

  534.     return jackrabbitGroup != null

    535. 

  535.         && TenantUtils.isAccessibleTenant(tenant == null ? tenantedRoleNameUtils.getTenant(jackrabbitGroup.getID())

    536. 

  536.             : tenant) ? convertToPentahoRole(jackrabbitGroup) : null;

    537. 

  537.   }

    538. 

  538. 

    539. 

  539.   private UserManagerImpl getUserManager(ITenant theTenant, Session session) throws RepositoryException {

    540. 

  540.     Properties tenantProperties = new Properties();

    541. 

  541.     tenantProperties.put(UserManagerImpl.PARAM_USERS_PATH,

    542. 

  542.         UserManagerImpl.USERS_PATH + theTenant.getRootFolderAbsolutePath());

    543. 

  543.     tenantProperties.put(UserManagerImpl.PARAM_GROUPS_PATH,

    544. 

  544.         UserManagerImpl.GROUPS_PATH + theTenant.getRootFolderAbsolutePath());

    545. 

  545.     return new UserManagerImpl((SessionImpl) session, session.getUserID(), tenantProperties);

    546. 

  546.   }

    547. 

  547. 

    548. 

  548.   public IPentahoUser getUser(Session session, final ITenant tenant, final String name) throws RepositoryException {

    549. 

  549.     User jackrabbitUser = getJackrabbitUser(tenant, name, session);

    550. 

  550.     return jackrabbitUser != null

    551. 

  551.         && TenantUtils.isAccessibleTenant(tenant == null ? tenantedUserNameUtils.getTenant(jackrabbitUser.getID())

    552. 

  552.             : tenant) ? convertToPentahoUser(jackrabbitUser) : null;

    553. 

  553.   }

    554. 

  554. 

    555. 

  555.   private Group getJackrabbitGroup(ITenant theTenant, String name, Session session) throws RepositoryException {

    556. 

  556.     Group jackrabbitGroup = null;

    557. 

  557.     String roleId = name;

    558. 

  558.     String roleName = name;

    559. 

  559.     ITenant tenant = theTenant;

    560. 

  560. 

    561. 

  561.     if (tenant == null) {

    562. 

  562.       tenant = JcrTenantUtils.getTenant(roleName, false);

    563. 

  563.       roleName = JcrTenantUtils.getPrincipalName(roleName, false);

    564. 

  564.     }

    565. 

  565.     if (tenant == null || tenant.getId() == null) {

    566. 

  566.       tenant = JcrTenantUtils.getCurrentTenant();

    567. 

  567.     }

    568. 

  568.     if (tenant == null || tenant.getId() == null) {

    569. 

  569.       tenant = JcrTenantUtils.getDefaultTenant();

    570. 

  570.     }

    571. 

  571.     roleId = tenantedRoleNameUtils.getPrincipleId(tenant, roleName);

    572. 

  572. 

    573. 

  573.     UserManager userMgr = getUserManager(tenant, session);

    574. 

  574.     Authorizable authorizable = userMgr.getAuthorizable(roleId);

    575. 

  575.     if (authorizable instanceof Group) {

    576. 

  576.       jackrabbitGroup = (Group) authorizable;

    577. 

  577.     }

    578. 

  578.     return jackrabbitGroup;

    579. 

  579.   }

    580. 

  580. 

    581. 

  581.   private User getJackrabbitUser(ITenant theTenant, String name, Session session) throws RepositoryException {

    582. 

  582.     User jackrabbitUser = null;

    583. 

  583.     String userId = name;

    584. 

  584.     String userName = name;

    585. 

  585.     ITenant tenant = theTenant;

    586. 

  586.     if (tenant == null) {

    587. 

  587.       tenant = JcrTenantUtils.getTenant(userName, true);

    588. 

  588.       userName = JcrTenantUtils.getPrincipalName(userName, true);

    589. 

  589.     }

    590. 

  590.     if (tenant == null || tenant.getId() == null) {

    591. 

  591.       tenant = JcrTenantUtils.getCurrentTenant();

    592. 

  592.     }

    593. 

  593.     if (tenant == null || tenant.getId() == null) {

    594. 

  594.       tenant = JcrTenantUtils.getDefaultTenant();

    595. 

  595.     }

    596. 

  596. 

    597. 

  597.     if (tenant != null) {

    598. 

  598.       userId = tenantedUserNameUtils.getPrincipleId(tenant, userName);

    599. 

  599. 

    600. 

  600.       UserManager userMgr = getUserManager(tenant, session);

    601. 

  601.       Authorizable authorizable = userMgr.getAuthorizable(userId);

    602. 

  602.       if (authorizable instanceof User) {

    603. 

  603.         jackrabbitUser = (User) authorizable;

    604. 

  604.       }

    605. 

  605.     }

    606. 

  606.     return jackrabbitUser;

    607. 

  607.   }

    608. 

  608. 

    609. 

  609.   protected boolean tenantExists(String tenantName) {

    610. 

  610.     return tenantName != null && tenantName.trim().length() > 0;

    611. 

  611.   }

    612. 

  612. 

    613. 

  613.   public List<IPentahoUser> getRoleMembers(Session session, final ITenant theTenant, final String roleName)

    614. 

  614.       throws RepositoryException {

    615. 

  615.     List<IPentahoUser> users = new ArrayList<IPentahoUser>();

    616. 

  616.     Group jackrabbitGroup = getJackrabbitGroup(theTenant, roleName, session);

    617. 

  617.     if ((jackrabbitGroup != null)

    618. 

  618.         && TenantUtils.isAccessibleTenant(theTenant == null ? tenantedRoleNameUtils.getTenant(jackrabbitGroup.getID())

    619. 

  619.             : theTenant)) {

    620. 

  620.       Iterator<Authorizable> authorizables = jackrabbitGroup.getMembers();

    621. 

  621.       while (authorizables.hasNext()) {

    622. 

  622.         Authorizable authorizable = authorizables.next();

    623. 

  623.         if (authorizable instanceof User) {

    624. 

  624.           users.add(convertToPentahoUser((User) authorizable));

    625. 

  625.         }

    626. 

  626.       }

    627. 

  627.     }

    628. 

  628.     return users;

    629. 

  629.   }

    630. 

  630. 

    631. 

  631.   public List<IPentahoRole> getUserRoles(Session session, final ITenant theTenant, final String userName)

    632. 

  632.       throws RepositoryException {

    633. 

  633.     ArrayList<IPentahoRole> roles = new ArrayList<IPentahoRole>();

    634. 

  634.     User jackrabbitUser = getJackrabbitUser(theTenant, userName, session);

    635. 

  635.     if ((jackrabbitUser != null)

    636. 

  636.         && TenantUtils.isAccessibleTenant(theTenant == null ? tenantedUserNameUtils.getTenant(jackrabbitUser.getID())

    637. 

  637.             : theTenant)) {

    638. 

  638.       Iterator<Group> groups = jackrabbitUser.memberOf();

    639. 

  639.       while (groups.hasNext()) {

    640. 

  640.         IPentahoRole role = convertToPentahoRole(groups.next());

    641. 

  641.         // Exclude the extra role from the list of roles to be returned back

    642. 

  642.         if(!extraRoles.contains(role.getName())) {

    643. 

  643.           roles.add(role);

    644. 

  644.         }

    645. 

  645.       }

    646. 

  646.     }

    647. 

  647.     return roles;

    648. 

  648.   }

    649. 

  649. 

    650. 

  650.   private RepositoryFile createUserHomeFolder(ITenant theTenant, String username, Session session)

    651. 

  651.       throws RepositoryException {

    652. 

  652.     Builder aclsForUserHomeFolder = null;

    653. 

  653.     Builder aclsForTenantHomeFolder = null;

    654. 

  654. 

    655. 

  655.     if (theTenant == null) {

    656. 

  656.       theTenant = JcrTenantUtils.getTenant(username, true);

    657. 

  657.       username = JcrTenantUtils.getPrincipalName(username, true);

    658. 

  658.     }

    659. 

  659.     if (theTenant == null || theTenant.getId() == null) {

    660. 

  660.       theTenant = JcrTenantUtils.getCurrentTenant();

    661. 

  661.     }

    662. 

  662.     if (theTenant == null || theTenant.getId() == null) {

    663. 

  663.       theTenant = JcrTenantUtils.getDefaultTenant();

    664. 

  664.     }

    665. 

  665.     RepositoryFile userHomeFolder = null;

    666. 

  666.     String userId = tenantedUserNameUtils.getPrincipleId(theTenant, username);

    667. 

  667.     final RepositoryFileSid userSid = new RepositoryFileSid(userId);

    668. 

  668.     RepositoryFile tenantHomeFolder = null;

    669. 

  669.     RepositoryFile tenantRootFolder = null;

    670. 

  670.     RepositoryFileSid ownerSid = null;

    671. 

  671.     // Get the Tenant Root folder. If the Tenant Root folder does not exist then exit.

    672. 

  672.     tenantRootFolder = JcrRepositoryFileUtils.getFileByAbsolutePath(session,

    673. 

  673.         ServerRepositoryPaths.getTenantRootFolderPath(theTenant), pathConversionHelper, lockHelper, false, null);

    674. 

  674.     if (tenantRootFolder != null) {

    675. 

  675.       // Try to see if Tenant Home folder exist

    676. 

  676.       tenantHomeFolder = JcrRepositoryFileUtils.getFileByAbsolutePath(session,

    677. 

  677.           ServerRepositoryPaths.getTenantHomeFolderPath(theTenant), pathConversionHelper, lockHelper, false, null);

    678. 

  678. 

    679. 

  679.       if (tenantHomeFolder == null) {

    680. 

  680.         String ownerId = tenantedUserNameUtils.getPrincipleId(theTenant, username);

    681. 

  681.         ownerSid = new RepositoryFileSid(ownerId, Type.USER);

    682. 

  682. 

    683. 

  683.         String tenantAuthenticatedRoleId = tenantedRoleNameUtils.getPrincipleId(theTenant, authenticatedRoleName);

    684. 

  684.         RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid(tenantAuthenticatedRoleId, Type.ROLE);

    685. 

  685. 

    686. 

  686.         aclsForTenantHomeFolder = new RepositoryFileAcl.Builder(userSid).ace(tenantAuthenticatedRoleSid,

    687. 

  687.             EnumSet.of(RepositoryFilePermission.READ));

    688. 

  688. 

    689. 

  689.         aclsForUserHomeFolder = new RepositoryFileAcl.Builder(userSid).ace(ownerSid,

    690. 

  690.             EnumSet.of(RepositoryFilePermission.ALL));

    691. 

  691.         tenantHomeFolder = internalCreateFolder(session, tenantRootFolder.getId(), new RepositoryFile.Builder(

    692. 

  692.             ServerRepositoryPaths.getTenantHomeFolderName()).folder(true).title(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.usersFolderDisplayName")).build(), aclsForTenantHomeFolder.build(),

    693. 

  693.             "tenant home folder"); //$NON-NLS-1$

    694. 

  694.       } else {

    695. 

  695.         String ownerId = tenantedUserNameUtils.getPrincipleId(theTenant, username);

    696. 

  696.         ownerSid = new RepositoryFileSid(ownerId, Type.USER);

    697. 

  697.         aclsForUserHomeFolder = new RepositoryFileAcl.Builder(userSid).ace(ownerSid,

    698. 

  698.             EnumSet.of(RepositoryFilePermission.ALL));

    699. 

  699.       }

    700. 

  700. 

    701. 

  701.       // now check if user's home folder exist

    702. 

  702.       userHomeFolder = JcrRepositoryFileUtils.getFileByAbsolutePath(session,

    703. 

  703.           ServerRepositoryPaths.getUserHomeFolderPath(theTenant, username), pathConversionHelper, lockHelper, false,

    704. 

  704.           null);

    705. 

  705.       if (userHomeFolder == null) {

    706. 

  706.         userHomeFolder = internalCreateFolder(session, tenantHomeFolder.getId(), new RepositoryFile.Builder(username)

    707. 

  707.             .folder(true).build(), aclsForUserHomeFolder.build(), "user home folder"); //$NON-NLS-1$

    708. 

  708.       }

    709. 

  709. 

    710. 

  710.     }

    711. 

  711.     return userHomeFolder;

    712. 

  712.   }

    713. 

  713. 

    714. 

  714.   private RepositoryFile internalCreateFolder(final Session session, final Serializable parentFolderId,

    715. 

  715.       final RepositoryFile folder, final RepositoryFileAcl acl, final String versionMessage) throws RepositoryException {

    716. 

  716.     PentahoJcrConstants pentahoJcrConstants = new PentahoJcrConstants(session);

    717. 

  717.     JcrRepositoryFileUtils.checkoutNearestVersionableFileIfNecessary(session, pentahoJcrConstants, parentFolderId);

    718. 

  718.     Node folderNode = JcrRepositoryFileUtils.createFolderNode(session, pentahoJcrConstants, parentFolderId, folder);

    719. 

  719.     // we must create the acl during checkout

    720. 

  720.     JcrRepositoryFileAclUtils.createAcl(session, pentahoJcrConstants, folderNode.getIdentifier(),

    721. 

  721.         acl == null ? defaultAclHandler.createDefaultAcl(folder) : acl);

    722. 

  722.     session.save();

    723. 

  723.     if (folder.isVersioned()) {

    724. 

  724.       JcrRepositoryFileUtils.checkinNearestVersionableNodeIfNecessary(session, pentahoJcrConstants, folderNode,

    725. 

  725.           versionMessage);

    726. 

  726.     }

    727. 

  727.     JcrRepositoryFileUtils

    728. 

  728.         .checkinNearestVersionableFileIfNecessary(

    729. 

  729.             session,

    730. 

  730.             pentahoJcrConstants,

    731. 

  731.             parentFolderId,

    732. 

  732.             Messages

    733. 

  733.                 .getInstance()

    734. 

  734.                 .getString(

    735. 

  735.                     "JcrRepositoryFileDao.USER_0001_VER_COMMENT_ADD_FOLDER", folder.getName(), (parentFolderId == null ? "root" : parentFolderId.toString()))); //$NON-NLS-1$ //$NON-NLS-2$

    736. 

  736.     return JcrRepositoryFileUtils

    737. 

  737.         .nodeToFile(session, pentahoJcrConstants, pathConversionHelper, lockHelper, folderNode);

    738. 

  738.   }

    739. 

  739.   

    740. 

  740.   /**

    741. 

  741.    * Checks to see if the removal of the received roles and users would

    742. 

  742.    * cause the system to have no login associated with the Admin role.

    743. 

  743.    * This check is to be made before any changes take place

    744. 

  744.    * @param deleteRoles  Roles to be deleted separated with | char

    745. 

  745.    * @param deleteUsers  Users to be deleted separated with | char

    746. 

  746.    * @return Error message if invalid or null if ok

    747. 

  747.    * @throws RepositoryException 

    748. 

  748.    */

    749. 

  749.   

    750. 

  750.   private boolean canDeleteUser(Session session, final IPentahoUser user) throws RepositoryException {

    751. 

  751.     boolean userHasAdminRole = false;

    752. 

  752.     List<IPentahoRole> roles = getUserRoles(null, user.getUsername());

    753. 

  753.     for(IPentahoRole role:roles) {

    754. 

  754.       if(tenantAdminRoleName.equals(role.getName())) {

    755. 

  755.         userHasAdminRole = true;

    756. 

  756.         break;

    757. 

  757.       }

    758. 

  758.     }

    759. 

  759.     if(userHasAdminRole) {

    760. 

  760.       List<IPentahoUser> usersWithAdminRole = getRoleMembers(session, null, tenantAdminRoleName);

    761. 

  761.       if(usersWithAdminRole != null) {

    762. 

  762.         

    763. 

  763.       } else {

    764. 

  764.         throw new RepositoryException(Messages.getInstance().getString(

    765. 

  765.             "AbstractJcrBackedUserRoleDao.ERROR_0004_LAST_USER_NEEDED_IN_ROLE", tenantAdminRoleName));

    766. 

  766.       }

    767. 

  767.       if(usersWithAdminRole.size() > 1) {

    768. 

  768.         return true;

    769. 

  769.       } else if(usersWithAdminRole.size() == 1) {

    770. 

  770.         return false;

    771. 

  771.       } else {

    772. 

  772.         throw new RepositoryException(Messages.getInstance().getString(

    773. 

  773.             "AbstractJcrBackedUserRoleDao.ERROR_0004_LAST_USER_NEEDED_IN_ROLE", tenantAdminRoleName));

    774. 

  774.       }

    775. 

  775.     }

    776. 

  776.     return true;

    777. 

  777.   }

    778. 

  778.   

    779. 

  779.   private boolean canDeleteRole(Session session, final IPentahoRole role) {

    780. 

  780.     return !(role != null && systemRoles.contains(role.getName()));

    781. 

  781.   }

    782. 

  782.   

    783. 

  783.   private boolean hasAdminRole(List<IPentahoRole> roles) {

    784. 

  784.     for(IPentahoRole role:roles) {

    785. 

  785.       if(tenantAdminRoleName.equals(role.getName())) {

    786. 

  786.         return true;

    787. 

  787.       }

    788. 

  788.     }

    789. 

  789.     return false;

    790. 

  790.   }

    791. 

  791.   

    792. 

  792.   private boolean hasAdminRole(String[] roles) {

    793. 

  793.     for(int i=0;i<roles.length;i++) {

    794. 

  794.       if(tenantAdminRoleName.equals(roles[i])) {

    795. 

  795.         return true;

    796. 

  796.       }

    797. 

  797.     }

    798. 

  798.     return false;

    799. 

  799.   }

    800. 

  800. }
    801.