001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020package org.apache.directory.api.ldap.aci; 021 022 023import java.util.ArrayList; 024import java.util.Collection; 025import java.util.Collections; 026import java.util.Set; 027 028import org.apache.directory.api.ldap.model.constants.AuthenticationLevel; 029 030 031/** 032 * An {@link ACIItem} which specifies {@link UserClass}es first and then 033 * {@link ProtectedItem}s each {@link UserClass} will have. (18.4.2.4. X.501) 034 * 035 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 036 */ 037public class UserFirstACIItem extends ACIItem 038{ 039 /** The user classes. */ 040 private final Collection<UserClass> userClasses; 041 042 /** The user permissions. */ 043 private final Collection<UserPermission> userPermissions; 044 045 046 /** 047 * Creates a new instance. 048 * 049 * @param identificationTag 050 * the id string of this item 051 * @param precedence 052 * the precedence of this item 053 * @param authenticationLevel 054 * the level of authentication required to this item 055 * @param userClasses 056 * the collection of {@link UserClass}es this item protects 057 * @param userPermissions 058 * the collection of {@link UserPermission}s each 059 * <tt>protectedItems</tt> will have 060 */ 061 public UserFirstACIItem( String identificationTag, int precedence, AuthenticationLevel authenticationLevel, 062 Collection<UserClass> userClasses, Collection<UserPermission> userPermissions ) 063 { 064 super( identificationTag, precedence, authenticationLevel ); 065 066 this.userClasses = Collections.unmodifiableCollection( new ArrayList<UserClass>( userClasses ) ); 067 this.userPermissions = Collections.unmodifiableCollection( new ArrayList<UserPermission>( userPermissions ) ); 068 } 069 070 071 /** 072 * Gets the collection of {@link UserClass}es. 073 * 074 * @return the collection of {@link UserClass}es 075 */ 076 public Collection<UserClass> getUserClasses() 077 { 078 return userClasses; 079 } 080 081 082 /** 083 * Gets the collection of {@link UserPermission}s. 084 * 085 * @return the collection of {@link UserPermission}s 086 */ 087 public Collection<UserPermission> getUserPermission() 088 { 089 return userPermissions; 090 } 091 092 093 /** 094 * {@inheritDoc} 095 */ 096 @Override 097 public String toString() 098 { 099 StringBuilder buf = new StringBuilder(); 100 101 // identificationTag 102 buf.append( "{ identificationTag \"" ); 103 buf.append( getIdentificationTag() ); 104 buf.append( "\", " ); 105 106 // precedence 107 buf.append( "precedence " ); 108 buf.append( getPrecedence() ); 109 buf.append( ", " ); 110 111 // authenticationLevel 112 buf.append( "authenticationLevel " ); 113 buf.append( getAuthenticationLevel().getName() ); 114 buf.append( ", " ); 115 116 // itemOrUserFirst 117 buf.append( "itemOrUserFirst userFirst: { " ); 118 119 // protectedItems 120 buf.append( "userClasses { " ); 121 122 boolean isFirst = true; 123 124 for ( UserClass userClass : userClasses ) 125 { 126 if ( isFirst ) 127 { 128 isFirst = false; 129 } 130 else 131 { 132 buf.append( ", " ); 133 } 134 135 buf.append( userClass.toString() ); 136 } 137 138 buf.append( " }, " ); 139 140 // itemPermissions 141 buf.append( "userPermissions { " ); 142 143 isFirst = true; 144 145 for ( UserPermission permission : userPermissions ) 146 { 147 if ( isFirst ) 148 { 149 isFirst = false; 150 } 151 else 152 { 153 buf.append( ", " ); 154 } 155 156 buf.append( permission.toString() ); 157 } 158 159 buf.append( " } } }" ); 160 161 return buf.toString(); 162 } 163 164 165 /** 166 * {@inheritDoc} 167 */ 168 @Override 169 public Collection<ACITuple> toTuples() 170 { 171 Collection<ACITuple> tuples = new ArrayList<>(); 172 173 for ( UserPermission userPermission : userPermissions ) 174 { 175 Set<GrantAndDenial> grants = userPermission.getGrants(); 176 Set<GrantAndDenial> denials = userPermission.getDenials(); 177 int precedence = userPermission.getPrecedence() != null 178 ? userPermission.getPrecedence() 179 : this.getPrecedence(); 180 181 if ( !grants.isEmpty() ) 182 { 183 tuples.add( new ACITuple( getUserClasses(), getAuthenticationLevel(), userPermission 184 .getProtectedItems(), toMicroOperations( grants ), true, precedence ) ); 185 } 186 if ( !denials.isEmpty() ) 187 { 188 tuples.add( new ACITuple( getUserClasses(), getAuthenticationLevel(), userPermission 189 .getProtectedItems(), toMicroOperations( denials ), false, precedence ) ); 190 } 191 } 192 return tuples; 193 } 194}