001/*
002 *  Licensed to the Apache Software Foundation (ASF) under one
003 *  or more contributor license agreements.  See the NOTICE file
004 *  distributed with this work for additional information
005 *  regarding copyright ownership.  The ASF licenses this file
006 *  to you under the Apache License, Version 2.0 (the
007 *  "License"); you may not use this file except in compliance
008 *  with the License.  You may obtain a copy of the License at
009 *  
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *  
012 *  Unless required by applicable law or agreed to in writing,
013 *  software distributed under the License is distributed on an
014 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *  KIND, either express or implied.  See the License for the
016 *  specific language governing permissions and limitations
017 *  under the License. 
018 *  
019 */
020package org.apache.directory.api.ldap.aci;
021
022
023import java.util.ArrayList;
024import java.util.Collection;
025import java.util.Collections;
026import java.util.Set;
027
028import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
029
030
031/**
032 * An {@link ACIItem} which specifies {@link UserClass}es first and then
033 * {@link ProtectedItem}s each {@link UserClass} will have. (18.4.2.4. X.501)
034 * 
035 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
036 */
037public class UserFirstACIItem extends ACIItem
038{
039    /** The user classes. */
040    private final Collection<UserClass> userClasses;
041
042    /** The user permissions. */
043    private final Collection<UserPermission> userPermissions;
044
045
046    /**
047     * Creates a new instance.
048     * 
049     * @param identificationTag
050     *            the id string of this item
051     * @param precedence
052     *            the precedence of this item
053     * @param authenticationLevel
054     *            the level of authentication required to this item
055     * @param userClasses
056     *            the collection of {@link UserClass}es this item protects
057     * @param userPermissions
058     *            the collection of {@link UserPermission}s each
059     *            <tt>protectedItems</tt> will have
060     */
061    public UserFirstACIItem( String identificationTag, int precedence, AuthenticationLevel authenticationLevel,
062        Collection<UserClass> userClasses, Collection<UserPermission> userPermissions )
063    {
064        super( identificationTag, precedence, authenticationLevel );
065
066        this.userClasses = Collections.unmodifiableCollection( new ArrayList<UserClass>( userClasses ) );
067        this.userPermissions = Collections.unmodifiableCollection( new ArrayList<UserPermission>( userPermissions ) );
068    }
069
070
071    /**
072     * Gets the collection of {@link UserClass}es.
073     *
074     * @return the collection of {@link UserClass}es
075     */
076    public Collection<UserClass> getUserClasses()
077    {
078        return userClasses;
079    }
080
081
082    /**
083     * Gets the collection of {@link UserPermission}s.
084     *
085     * @return the collection of {@link UserPermission}s
086     */
087    public Collection<UserPermission> getUserPermission()
088    {
089        return userPermissions;
090    }
091
092
093    /**
094     * {@inheritDoc}
095     */
096    @Override
097    public String toString()
098    {
099        StringBuilder buf = new StringBuilder();
100
101        // identificationTag
102        buf.append( "{ identificationTag \"" );
103        buf.append( getIdentificationTag() );
104        buf.append( "\", " );
105
106        // precedence
107        buf.append( "precedence " );
108        buf.append( getPrecedence() );
109        buf.append( ", " );
110
111        // authenticationLevel
112        buf.append( "authenticationLevel " );
113        buf.append( getAuthenticationLevel().getName() );
114        buf.append( ", " );
115
116        // itemOrUserFirst
117        buf.append( "itemOrUserFirst userFirst: { " );
118
119        // protectedItems
120        buf.append( "userClasses { " );
121
122        boolean isFirst = true;
123
124        for ( UserClass userClass : userClasses )
125        {
126            if ( isFirst )
127            {
128                isFirst = false;
129            }
130            else
131            {
132                buf.append( ", " );
133            }
134
135            buf.append( userClass.toString() );
136        }
137
138        buf.append( " }, " );
139
140        // itemPermissions
141        buf.append( "userPermissions { " );
142
143        isFirst = true;
144
145        for ( UserPermission permission : userPermissions )
146        {
147            if ( isFirst )
148            {
149                isFirst = false;
150            }
151            else
152            {
153                buf.append( ", " );
154            }
155
156            buf.append( permission.toString() );
157        }
158
159        buf.append( " } } }" );
160
161        return buf.toString();
162    }
163
164
165    /**
166     * {@inheritDoc}
167     */
168    @Override
169    public Collection<ACITuple> toTuples()
170    {
171        Collection<ACITuple> tuples = new ArrayList<>();
172
173        for ( UserPermission userPermission : userPermissions )
174        {
175            Set<GrantAndDenial> grants = userPermission.getGrants();
176            Set<GrantAndDenial> denials = userPermission.getDenials();
177            int precedence = userPermission.getPrecedence() != null
178                ? userPermission.getPrecedence()
179                : this.getPrecedence();
180
181            if ( !grants.isEmpty() )
182            {
183                tuples.add( new ACITuple( getUserClasses(), getAuthenticationLevel(), userPermission
184                    .getProtectedItems(), toMicroOperations( grants ), true, precedence ) );
185            }
186            if ( !denials.isEmpty() )
187            {
188                tuples.add( new ACITuple( getUserClasses(), getAuthenticationLevel(), userPermission
189                    .getProtectedItems(), toMicroOperations( denials ), false, precedence ) );
190            }
191        }
192        return tuples;
193    }
194}