001/* 002 * Copyright 2016 Anyware Services 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016package org.ametys.core.ui.right; 017 018import java.util.ArrayList; 019import java.util.Collections; 020import java.util.HashMap; 021import java.util.HashSet; 022import java.util.List; 023import java.util.Map; 024import java.util.Optional; 025import java.util.Set; 026import java.util.stream.Collectors; 027 028import org.apache.avalon.framework.service.ServiceException; 029import org.apache.avalon.framework.service.ServiceManager; 030 031import org.ametys.core.ObservationConstants; 032import org.ametys.core.group.GroupDirectoryDAO; 033import org.ametys.core.group.GroupIdentity; 034import org.ametys.core.group.GroupManager; 035import org.ametys.core.observation.Event; 036import org.ametys.core.observation.ObservationManager; 037import org.ametys.core.right.Profile; 038import org.ametys.core.right.ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys; 039import org.ametys.core.right.ProfileAssignmentStorage.UserOrGroup; 040import org.ametys.core.right.ProfileAssignmentStorageExtensionPoint; 041import org.ametys.core.right.RightAssignmentContext; 042import org.ametys.core.right.RightAssignmentContextExtensionPoint; 043import org.ametys.core.right.RightManager.RightResult; 044import org.ametys.core.right.RightProfilesDAO; 045import org.ametys.core.right.RightsException; 046import org.ametys.core.ui.Callable; 047import org.ametys.core.ui.ClientSideElement; 048import org.ametys.core.ui.ClientSideElementHelper; 049import org.ametys.core.ui.StaticClientSideElement; 050import org.ametys.core.user.UserIdentity; 051import org.ametys.plugins.core.user.UserHelper; 052 053import com.google.common.collect.Sets; 054 055/** 056 * {@link ClientSideElement} for the tool displaying the profile assignments 057 */ 058public class ProfileAssignmentsToolClientSideElement extends StaticClientSideElement 059{ 060 /** The profile assignment storage component */ 061 protected ProfileAssignmentStorageExtensionPoint _profileAssignmentStorageEP; 062 /** The extension point for right assignment contexts */ 063 protected RightAssignmentContextExtensionPoint _rightAssignmentContextEP; 064 /** The DAO for group directories */ 065 protected GroupDirectoryDAO _groupDirectoryDAO; 066 /** The group manager */ 067 protected GroupManager _groupManager; 068 /** The observation manager */ 069 protected ObservationManager _observationManager; 070 /** The user helper */ 071 protected UserHelper _userHelper; 072 /** The profile DAO */ 073 protected RightProfilesDAO _profileDAO; 074 075 /** 076 * Enumeration of all possible access types 077 */ 078 public enum AccessType 079 { 080 /** 081 * Indicates that the access is allowed 082 */ 083 ALLOW 084 { 085 @Override 086 public String toString() 087 { 088 return "allow"; 089 } 090 }, 091 /** 092 * Indicates that the access is denied 093 */ 094 DENY 095 { 096 @Override 097 public String toString() 098 { 099 return "deny"; 100 } 101 }, 102 /** 103 * Indicates that the access is allowed by inheritance 104 */ 105 INHERITED_ALLOW 106 { 107 @Override 108 public String toString() 109 { 110 return "inherited_allow"; 111 } 112 }, 113 /** 114 * Indicates that the access is denied by inheritance 115 */ 116 INHERITED_DENY 117 { 118 @Override 119 public String toString() 120 { 121 return "inherited_deny"; 122 } 123 }, 124 /** 125 * Indicates that the access can not be determined 126 */ 127 UNKNOWN 128 { 129 @Override 130 public String toString() 131 { 132 return "unknown"; 133 } 134 } 135 } 136 137 /** 138 * Enumeration of all possible target types 139 */ 140 public enum TargetType 141 { 142 /** 143 * Indicates that the target is the anonymous user 144 */ 145 ANONYMOUS 146 { 147 @Override 148 public String toString() 149 { 150 return "anonymous"; 151 } 152 }, 153 /** 154 * Indicates that the target is the anonymous user 155 */ 156 ANYCONNECTED_USER 157 { 158 @Override 159 public String toString() 160 { 161 return "anyconnected_user"; 162 } 163 }, 164 /** 165 * Indicates that the target is a user 166 */ 167 USER 168 { 169 @Override 170 public String toString() 171 { 172 return "user"; 173 } 174 }, 175 /** 176 * Indicates that the target is a group 177 */ 178 GROUP 179 { 180 @Override 181 public String toString() 182 { 183 return "group"; 184 } 185 } 186 } 187 188 @Override 189 public void service(ServiceManager smanager) throws ServiceException 190 { 191 super.service(smanager); 192 _profileAssignmentStorageEP = (ProfileAssignmentStorageExtensionPoint) smanager.lookup(ProfileAssignmentStorageExtensionPoint.ROLE); 193 _rightAssignmentContextEP = (RightAssignmentContextExtensionPoint) smanager.lookup(RightAssignmentContextExtensionPoint.ROLE); 194 _groupDirectoryDAO = (GroupDirectoryDAO) smanager.lookup(GroupDirectoryDAO.ROLE); 195 _groupManager = (GroupManager) smanager.lookup(GroupManager.ROLE); 196 _observationManager = (ObservationManager) smanager.lookup(ObservationManager.ROLE); 197 _userHelper = (UserHelper) smanager.lookup(UserHelper.ROLE); 198 _profileDAO = (RightProfilesDAO) smanager.lookup(RightProfilesDAO.ROLE); 199 } 200 201 @SuppressWarnings("unchecked") 202 @Override 203 public List<Script> getScripts(boolean ignoreRights, Map<String, Object> contextParameters) 204 { 205 List<Script> scripts = super.getScripts(ignoreRights, contextParameters); 206 207 if (scripts.size() > 0) 208 { 209 Script script = ClientSideElementHelper.cloneScript(scripts.get(0)); 210 211 Map<String, Object> jsClasses = new HashMap<>(); 212 script.getParameters().put("classes", jsClasses); 213 214 boolean excludePrivate = true; 215 Set<String> rightContextIds = _rightAssignmentContextEP.getExtensionsIds(); 216 if (script.getParameters().containsKey("right-contexts")) 217 { 218 excludePrivate = false; 219 // Restrict the right contexts to the configured right contexts if exist 220 Object ctxConfig = ((Map<String, Object>) script.getParameters().get("right-contexts")).get("right-context"); 221 if (ctxConfig instanceof List) 222 { 223 rightContextIds = new HashSet<>((List<String>) ctxConfig); 224 } 225 else 226 { 227 rightContextIds = Sets.newHashSet((String) ctxConfig); 228 } 229 } 230 231 for (String rightContextId: rightContextIds) 232 { 233 RightAssignmentContext rightAssignmentContext = _rightAssignmentContextEP.getExtension(rightContextId); 234 235 if (!excludePrivate || !rightAssignmentContext.isPrivate()) 236 { 237 List<Script> rightAssignmentContextScripts = rightAssignmentContext.getScripts(ignoreRights, contextParameters); 238 int index = 0; 239 for (Script rightAssignmentContextScript: rightAssignmentContextScripts) 240 { 241 Map<String, Object> classInfo = new HashMap<>(); 242 classInfo.put("className", rightAssignmentContextScript.getScriptClassname()); 243 classInfo.put("serverId", rightContextId); 244 classInfo.put("parameters", rightAssignmentContextScript.getParameters()); 245 jsClasses.put(rightContextId + "-" + index++, classInfo); 246 247 script.getScriptFiles().addAll(rightAssignmentContextScript.getScriptFiles()); 248 script.getCSSFiles().addAll(rightAssignmentContextScript.getCSSFiles()); 249 } 250 } 251 252 } 253 254 scripts = new ArrayList<>(); 255 scripts.add(script); 256 } 257 258 return scripts; 259 } 260 261 /** 262 * Gets the groups of a user as JSON 263 * @param login The login of the user 264 * @param populationId The population of the user 265 * @return the groups of a user as JSON 266 */ 267 @Callable 268 public List<Map<String, Object>> getUserGroups(String login, String populationId) 269 { 270 return _groupManager.getUserGroups(new UserIdentity(login, populationId)).stream() 271 .map(this::_groupToJson) 272 .collect(Collectors.toList()); 273 } 274 275 private Map<String, Object> _groupToJson(GroupIdentity groupIdentity) 276 { 277 Map<String, Object> result = new HashMap<>(); 278 result.put("groupId", groupIdentity.getId()); 279 result.put("groupDirectory", groupIdentity.getDirectoryId()); 280 return result; 281 } 282 283 /** 284 * Save some changes made client-side. 285 * @param rightAssignmentCtxId The id of the right assignment context 286 * @param jsContext The JS object context 287 * @param assignmentsInfo The list of all the changes to make. Each map in the list must contain the following keys: 288 * <ol> 289 * <li><b>profileId</b> for the id of the profile (as a string)</li> 290 * <li><b>assignment</b> for the kind of assignment (can be ACCESS_TYPE_ALLOW, ACCESS_TYPE_DENY...)</li> 291 * <li><b>assignmentType</b> expects one of these four strings: "user", "group", "anonymous", "anyConnectedUser"</li> 292 * <li><b>identity</b> Can be null if assignmentType is "anonymous" or "anyConnectedUser". If "user", must be a map with the keys "login" and "populationId". If "group", must be a map with the keys "groupId" and "groupDirectory"</li> 293 * </ol> 294 * @return a map containing 3 objects : 295 * success : boolean, everything is saved 296 * successInfos : elements from assignmentsInfo that are saved 297 * errorInfos : elements from assignmentsInfo that are not saved 298 */ 299 @SuppressWarnings("unchecked") 300 @Callable 301 public Map<String, Object> saveChanges(String rightAssignmentCtxId, Object jsContext, List<Map<String, Object>> assignmentsInfo) 302 { 303 Map<String, Object> result = new HashMap<>(); 304 List<Map<String, Object>> successInfos = new ArrayList<>(); 305 List<Map<String, Object>> errorInfos = new ArrayList<>(); 306 307 UserIdentity user = _currentUserProvider.getUser(); 308 Set<GroupIdentity> groups = _groupManager.getUserGroups(user); 309 310 if (!hasRight(getRights(Collections.EMPTY_MAP))) 311 { 312 throw new RightsException("The user '" + user + "' try to assign profile without sufficient rights"); 313 } 314 315 boolean hasHandleRight = _rightManager.hasRight(user, "Runtime_Rights_Rights_Handle", "/${WorkspaceName}") == RightResult.RIGHT_ALLOW; 316 317 Set<String> updatedProfiles = new HashSet<>(); 318 RightAssignmentContext rightAssignmentContext = _rightAssignmentContextEP.getExtension(rightAssignmentCtxId); 319 Object context = rightAssignmentContext.convertJSContext(jsContext); 320 String contextIdentifier = rightAssignmentContext.getContextIdentifier(context); 321 for (Map<String, Object> assignmentInfo : assignmentsInfo) 322 { 323 String profileId = (String) assignmentInfo.get("profileId"); 324 String assignment = (String) assignmentInfo.get("assignment"); 325 String targetType = (String) assignmentInfo.get("targetType"); 326 327 Profile profile = _profileDAO.getProfile(profileId); 328 assignmentInfo.put("profileLabel", profile.getLabel()); 329 330 if (hasHandleRight || canDelegateRights(user, groups, profileId, assignment, context)) 331 { 332 updatedProfiles.add(profileId); 333 Map<String, String> identity = (Map<String, String>) assignmentInfo.get("identity"); 334 _saveChange(context, profileId, assignment, targetType, identity); 335 successInfos.add(assignmentInfo); 336 } 337 else 338 { 339 errorInfos.add(assignmentInfo); 340 } 341 } 342 _notifyObservers(context, contextIdentifier, updatedProfiles); 343 344 result.put("successInfos", successInfos); 345 result.put("errorInfos", errorInfos); 346 result.put("success", errorInfos.isEmpty()); 347 348 return result; 349 } 350 351 /** 352 * Only allow user with right CMS_Rights_Delegate_Rights to add a profil that this user already have on this context 353 * @param user user that want to de an assignment 354 * @param groups groups of the user 355 * @param profileId profil impacted 356 * @param assignment assignment see {@link AccessType} 357 * @param context context of the assignment 358 * @return true if user can de this assignment 359 */ 360 protected boolean canDelegateRights(UserIdentity user, Set<GroupIdentity> groups, String profileId, String assignment , Object context) 361 { 362 AccessType accessType = assignment != null ? AccessType.valueOf(assignment.toUpperCase()) : AccessType.UNKNOWN; 363 return accessType == AccessType.ALLOW 364 && _rightManager.hasRight(user, "CMS_Rights_Delegate_Rights", "/${WorkspaceName}") == RightResult.RIGHT_ALLOW 365 && _profileAssignmentStorageEP.getPermissions(user, groups, Set.of(profileId), context).get(profileId).toRightResult() == RightResult.RIGHT_ALLOW; 366 } 367 368 private void _notifyObservers(Object context, String contextIdentifier, Set<String> profileIds) 369 { 370 Map<String, Object> eventParams = new HashMap<>(); 371 eventParams.put(ObservationConstants.ARGS_ACL_CONTEXT, context); 372 eventParams.put(ObservationConstants.ARGS_ACL_CONTEXT_IDENTIFIER, contextIdentifier); 373 eventParams.put(ObservationConstants.ARGS_ACL_PROFILES, profileIds); 374 375 _observationManager.notify(new Event(ObservationConstants.EVENT_ACL_UPDATED, _currentUserProvider.getUser(), eventParams)); 376 } 377 378 /** 379 * Determines if the inheritance of assignments is disallowed on the given context 380 * @param rightAssignmentCtxId The id of the right assignment context 381 * @param jsContext The JS object context 382 * @return true if the inheritance is disallowed. 383 */ 384 @Callable 385 public boolean isInheritanceDisallowed(String rightAssignmentCtxId, Object jsContext) 386 { 387 RightAssignmentContext rightCtx = _rightAssignmentContextEP.getExtension(rightAssignmentCtxId); 388 Object context = rightCtx.convertJSContext(jsContext); 389 390 return _profileAssignmentStorageEP.isInheritanceDisallowed(context); 391 } 392 393 /** 394 * Allow or disallow the inheritance of assignments on the given context 395 * @param rightAssignmentCtxId The id of the right assignment context 396 * @param jsContext The JS object context 397 * @param disallow true to disallow the inheritance, false to allow. 398 */ 399 @Callable 400 public void disallowInheritance(String rightAssignmentCtxId, Object jsContext, boolean disallow) 401 { 402 RightAssignmentContext rightCtx = _rightAssignmentContextEP.getExtension(rightAssignmentCtxId); 403 Object context = rightCtx.convertJSContext(jsContext); 404 String contextIdentifier = rightCtx.getContextIdentifier(context); 405 406 _profileAssignmentStorageEP.disallowInheritance(context, disallow); 407 408 // notify observers for all profiles 409 Set<String> profileIds = _profileDAO.getProfiles().stream() 410 .map(Profile::getId) 411 .collect(Collectors.toSet()); 412 413 _notifyObservers(context, contextIdentifier, profileIds); 414 } 415 416 /** 417 * Get the first permission given by inheritance for a object context and profiles 418 * @param rightAssignmentCtxId The id of the right assignment context 419 * @param jsContext The JS object context 420 * @param profileIds The list of profiles 421 * @param targetType The type of target : anonymous, any connected users, a user or a group 422 * @param identity The identity of the target. Can be null if the target is anonymous or any connected users 423 * @return The first access type given by inheritance for each profile 424 */ 425 @Callable 426 public Map<String, String> getInheritedAssignments (String rightAssignmentCtxId, Object jsContext, List<String> profileIds, String targetType, Map<String, String> identity) 427 { 428 RightAssignmentContext rightCtx = _rightAssignmentContextEP.getExtension(rightAssignmentCtxId); 429 Object context = rightCtx.convertJSContext(jsContext); 430 431 if (_profileAssignmentStorageEP.isInheritanceDisallowed(context)) 432 { 433 return profileIds.stream() 434 .collect(Collectors.toMap(profileId -> profileId, profileId -> AccessType.UNKNOWN.toString())); 435 } 436 else 437 { 438 return profileIds.stream() 439 .collect(Collectors.toMap(profileId -> profileId, profileId -> getInheritedAssignment(rightAssignmentCtxId, jsContext, profileId, targetType, identity))); 440 } 441 } 442 443 /** 444 * Get the first permission given by inheritance for a object context and a specific profile 445 * @param rightAssignmentCtxId The id of the right assignment context 446 * @param jsContext The JS object context 447 * @param profileId The id of profile 448 * @param targetType The type of target : anonymous, any connected users, a user or a group 449 * @param identity The identity of the target. Can be null if the target is anonymous or any connected users 450 * @return The first access type given by inheritance 451 */ 452 @Callable 453 public String getInheritedAssignment (String rightAssignmentCtxId, Object jsContext, String profileId, String targetType, Map<String, String> identity) 454 { 455 RightAssignmentContext rightCtx = _rightAssignmentContextEP.getExtension(rightAssignmentCtxId); 456 Object context = rightCtx.convertJSContext(jsContext); 457 458 if (_profileAssignmentStorageEP.isInheritanceDisallowed(context)) 459 { 460 return AccessType.UNKNOWN.toString(); 461 } 462 else 463 { 464 switch (TargetType.valueOf(targetType.toUpperCase())) 465 { 466 case ANONYMOUS: 467 return _getInheritedAssignmentForAnonymous(rightCtx, context, profileId); 468 case ANYCONNECTED_USER: 469 return _getInheritedAssignmentForAnyconnected(rightCtx, context, profileId); 470 case USER: 471 UserIdentity user = _userHelper.json2userIdentity(identity); 472 return _getInheritedAssignmentForUser(rightCtx, context, profileId, user); 473 case GROUP: 474 GroupIdentity group = new GroupIdentity(identity.get("groupId"), identity.get("groupDirectory")); 475 return _getInheritedAssignmentForGroup(rightCtx, context, profileId, group); 476 default: 477 return AccessType.UNKNOWN.toString(); 478 } 479 } 480 } 481 482 private String _getInheritedAssignmentForAnonymous (RightAssignmentContext extension, Object context, String profileId) 483 { 484 String value = AccessType.UNKNOWN.toString(); 485 486 Set<Object> parentContexts = extension.getParentContexts(context); 487 if (parentContexts != null) 488 { 489 for (Object parentContext : parentContexts) 490 { 491 Map<AnonymousOrAnyConnectedKeys, Set<String>> profilesForAnonymousAndAnyConnectedUser = _profileAssignmentStorageEP.getProfilesForAnonymousAndAnyConnectedUser(parentContexts); 492 493 Set<String> deniedProfiles = Optional.ofNullable(profilesForAnonymousAndAnyConnectedUser.get(AnonymousOrAnyConnectedKeys.ANONYMOUS_DENIED)).orElse(Set.of()); 494 if (deniedProfiles.contains(profileId)) 495 { 496 return AccessType.INHERITED_DENY.toString(); 497 } 498 499 Set<String> allowedProfiles = Optional.ofNullable(profilesForAnonymousAndAnyConnectedUser.get(AnonymousOrAnyConnectedKeys.ANONYMOUS_ALLOWED)).orElse(Set.of()); 500 if (allowedProfiles.contains(profileId)) 501 { 502 value = AccessType.INHERITED_ALLOW.toString(); 503 } 504 505 String parentsValue = _getInheritedAssignmentForAnonymous(extension, parentContext, profileId); 506 if (!AccessType.UNKNOWN.toString().equals(parentsValue)) 507 { 508 value = parentsValue; 509 } 510 } 511 } 512 513 return value; 514 } 515 516 private String _getInheritedAssignmentForAnyconnected(RightAssignmentContext extension, Object context, String profileId) 517 { 518 String value = AccessType.UNKNOWN.toString(); 519 520 Set<Object> parentContexts = extension.getParentContexts(context); 521 if (parentContexts != null) 522 { 523 for (Object parentContext : parentContexts) 524 { 525 Map<AnonymousOrAnyConnectedKeys, Set<String>> profilesForAnonymousAndAnyConnectedUser = _profileAssignmentStorageEP.getProfilesForAnonymousAndAnyConnectedUser(parentContexts); 526 527 Set<String> deniedProfiles = Optional.ofNullable(profilesForAnonymousAndAnyConnectedUser.get(AnonymousOrAnyConnectedKeys.ANYCONNECTEDUSER_DENIED)).orElse(Set.of()); 528 if (deniedProfiles.contains(profileId)) 529 { 530 return AccessType.INHERITED_DENY.toString(); 531 } 532 533 Set<String> allowedProfiles = Optional.ofNullable(profilesForAnonymousAndAnyConnectedUser.get(AnonymousOrAnyConnectedKeys.ANYCONNECTEDUSER_ALLOWED)).orElse(Set.of()); 534 if (allowedProfiles.contains(profileId)) 535 { 536 value = AccessType.INHERITED_ALLOW.toString(); 537 } 538 539 String parentsValue = _getInheritedAssignmentForAnyconnected(extension, parentContext, profileId); 540 if (!AccessType.UNKNOWN.toString().equals(parentsValue)) 541 { 542 value = parentsValue; 543 } 544 } 545 } 546 547 return value; 548 } 549 550 private String _getInheritedAssignmentForUser(RightAssignmentContext extension, Object context, String profileId, UserIdentity user) 551 { 552 String value = AccessType.UNKNOWN.toString(); 553 554 Set<Object> parentContexts = extension.getParentContexts(context); 555 if (parentContexts != null) 556 { 557 for (Object parentContext : parentContexts) 558 { 559 Map<UserIdentity, Map<UserOrGroup, Set<String>>> profilesForUsers = _profileAssignmentStorageEP.getProfilesForUsers(parentContext, user); 560 561 Set<String> deniedProfiles = Optional.ofNullable(profilesForUsers.get(user)).map(a -> a.get(UserOrGroup.DENIED)).orElse(Set.of()); 562 if (deniedProfiles.contains(profileId)) 563 { 564 return AccessType.INHERITED_DENY.toString(); 565 } 566 567 Set<String> allowedProfiles = Optional.ofNullable(profilesForUsers.get(user)).map(a -> a.get(UserOrGroup.ALLOWED)).orElse(Set.of()); 568 if (allowedProfiles.contains(profileId)) 569 { 570 value = AccessType.INHERITED_ALLOW.toString(); 571 } 572 573 String parentsValue = _getInheritedAssignmentForUser(extension, parentContext, profileId, user); 574 if (!AccessType.UNKNOWN.toString().equals(parentsValue)) 575 { 576 value = parentsValue; 577 } 578 } 579 } 580 581 return value; 582 } 583 584 private String _getInheritedAssignmentForGroup(RightAssignmentContext extension, Object context, String profileId, GroupIdentity group) 585 { 586 String value = AccessType.UNKNOWN.toString(); 587 588 Set<Object> parentContexts = extension.getParentContexts(context); 589 if (parentContexts != null) 590 { 591 for (Object parentContext : parentContexts) 592 { 593 Map<GroupIdentity, Map<UserOrGroup, Set<String>>> profilesForGroups = _profileAssignmentStorageEP.getProfilesForGroups(parentContext, Set.of(group)); 594 595 Set<String> deniedProfiles = Optional.ofNullable(profilesForGroups.get(group)).map(a -> a.get(UserOrGroup.DENIED)).orElse(Set.of()); 596 if (deniedProfiles.contains(profileId)) 597 { 598 return AccessType.INHERITED_DENY.toString(); 599 } 600 601 Set<String> allowedProfiles = Optional.ofNullable(profilesForGroups.get(group)).map(a -> a.get(UserOrGroup.ALLOWED)).orElse(Set.of()); 602 if (allowedProfiles.contains(profileId)) 603 { 604 value = AccessType.INHERITED_ALLOW.toString(); 605 } 606 607 String parentsValue = _getInheritedAssignmentForGroup(extension, parentContext, profileId, group); 608 if (!AccessType.UNKNOWN.toString().equals(parentsValue)) 609 { 610 value = parentsValue; 611 } 612 } 613 } 614 615 return value; 616 } 617 618 private void _saveChange(Object context, String profileId, String assignment, String targetType, Map<String, String> identity) 619 { 620 AccessType accessType = assignment != null ? AccessType.valueOf(assignment.toUpperCase()) : AccessType.UNKNOWN; 621 switch (TargetType.valueOf(targetType.toUpperCase())) 622 { 623 case ANONYMOUS: 624 switch (accessType) 625 { 626 case ALLOW: 627 _profileAssignmentStorageEP.removeDeniedProfileFromAnonymous(profileId, context); 628 _profileAssignmentStorageEP.allowProfileToAnonymous(profileId, context); 629 break; 630 case DENY: 631 _profileAssignmentStorageEP.removeAllowedProfileFromAnonymous(profileId, context); 632 _profileAssignmentStorageEP.denyProfileToAnonymous(profileId, context); 633 break; 634 default: 635 _profileAssignmentStorageEP.removeAllowedProfileFromAnonymous(profileId, context); 636 _profileAssignmentStorageEP.removeDeniedProfileFromAnonymous(profileId, context); 637 break; 638 } 639 break; 640 641 case ANYCONNECTED_USER: 642 switch (accessType) 643 { 644 case ALLOW: 645 _profileAssignmentStorageEP.removeDeniedProfileFromAnyConnectedUser(profileId, context); 646 _profileAssignmentStorageEP.allowProfileToAnyConnectedUser(profileId, context); 647 break; 648 case DENY: 649 _profileAssignmentStorageEP.removeAllowedProfileFromAnyConnectedUser(profileId, context); 650 _profileAssignmentStorageEP.denyProfileToAnyConnectedUser(profileId, context); 651 break; 652 default: 653 _profileAssignmentStorageEP.removeAllowedProfileFromAnyConnectedUser(profileId, context); 654 _profileAssignmentStorageEP.removeDeniedProfileFromAnyConnectedUser(profileId, context); 655 break; 656 } 657 break; 658 659 case USER: 660 UserIdentity user = _userHelper.json2userIdentity(identity); 661 switch (accessType) 662 { 663 case ALLOW: 664 _profileAssignmentStorageEP.removeDeniedProfileFromUser(user, profileId, context); 665 _profileAssignmentStorageEP.allowProfileToUser(user, profileId, context); 666 break; 667 case DENY: 668 _profileAssignmentStorageEP.removeAllowedProfileFromUser(user, profileId, context); 669 _profileAssignmentStorageEP.denyProfileToUser(user, profileId, context); 670 break; 671 default: 672 _profileAssignmentStorageEP.removeAllowedProfileFromUser(user, profileId, context); 673 _profileAssignmentStorageEP.removeDeniedProfileFromUser(user, profileId, context); 674 break; 675 } 676 break; 677 678 case GROUP: 679 GroupIdentity group = new GroupIdentity(identity.get("groupId"), identity.get("groupDirectory")); 680 switch (accessType) 681 { 682 case ALLOW: 683 _profileAssignmentStorageEP.removeDeniedProfileFromGroup(group, profileId, context); 684 _profileAssignmentStorageEP.allowProfileToGroup(group, profileId, context); 685 break; 686 case DENY: 687 _profileAssignmentStorageEP.removeAllowedProfileFromGroup(group, profileId, context); 688 _profileAssignmentStorageEP.denyProfileToGroup(group, profileId, context); 689 break; 690 default: 691 _profileAssignmentStorageEP.removeAllowedProfileFromGroup(group, profileId, context); 692 _profileAssignmentStorageEP.removeDeniedProfileFromGroup(group, profileId, context); 693 break; 694 } 695 break; 696 default: 697 break; 698 } 699 } 700 701 702}