accessrightsmanager.java

CRM源码This file describes some issues that should be implemented in future and how it should be imple

     */
    private static PermissionSet createRealPermissionSet(LogonSession ls, User user)
            throws EQLException {

        // retrieve real permissions records
        List<UserPermissionsObject> permissionObjs = UserPermissionsObjectHandler.selectByUserID(
                getJEOManager(), ls, user.getUserID());
        if(permissionObjs == null) {
            return PermissionSet.EMPTY;
        }

        PermissionSet permissions = new PermissionSet();

        for(UserPermissionsObject permissionObj : permissionObjs) {
            PermissionObjectType objectType = PermissionObjectType.getByTypeConstant(permissionObj.getPermission_object_type());
            // Value of access_level
            AccessLevel accessLevel = AccessLevel.getByLevelConstant(permissionObj.getAccess_level());
            // Value of object_name
            String objectName = permissionObj.getObject_name();

            Permission permission = permissions.getPermissionObject(objectType, objectName);
            if(permission != null) {
                // retain only unique permissions with highest access level
                if(permission.getLevel().level < accessLevel.level) {
                    permission.setLevel(accessLevel);
                }
            } else {
                permission = new Permission(objectType, accessLevel, objectName);
                permissions.addPermission(permission);
            }
        }

        return permissions;
    }

    /**
     * Adjusts given set of permissions by access level in proper order.
     * Note that given set of permissions should contains sequence of all permissions for
     * the tree-like structure as shown below.
     * <p/>
     * focus - by default (READ)
     * subfocus - real permission (WRITE)
     * tab1 - inherited from parent subfocus (WRITE)
     * form1 - real permission (OWNER)
     * form2 - inherited from parent tab (WRITE)
     * tab2 - inherited from parent subfocus (WRITE)
     * form3 - real permission (READ overloads inherited WRITE)
     * form4 - real permission (OWNER)
     */
    private static void adjustAccessLevel(PermissionSet permissions) {
        for(Permission permission : permissions) {
            if(permission.getObjectType().equals(PermissionObjectType.FOCUS)) {
                ajustAccessLevelRecursively(permissions, permission);
            }
        }
    }

    private static void ajustAccessLevelRecursively(PermissionSet permissions, Permission parent) {
        // Default permission level is READ
        if(parent.getLevel() == null)
            parent.setLevel(AccessLevel.READ);

        for(Permission permission : permissions) {
            if(isDirectChildPermission(parent, permission)) {
                if(permission.getLevel() == null){
                    permission.setLevel(parent.getLevel());
                }

                ajustAccessLevelRecursively(permissions, permission);
            }
        }
    }

    private static boolean isDirectChildPermission(Permission parent, Permission child) {
        if(EntityHelper.isParentObject(parent.getObjectID(), child.getObjectID())) {
            return child.getObjectType().isDirectChildOf(parent.getObjectType());
        }
        return false;
    }

    private static Set<String> getFocusNames(PermissionSet permissionSet) {
        Set<String> focusNames = new HashSet<String>();
        for(Permission permission : permissionSet) {
            focusNames.add(
                    EntityHelper.getFocusName(permission.getObjectID()));
        }
        return focusNames;
    }

    /**
     * Retrieves all permission objects (focus->subfocus->tab->form)
     * that related to the geven set of permissions
     *
     * @param ls
     * @param permissions
     * @return
     * @throws EQLException
     */
    private static List<ViewObjectsObject> getRelatedViewObjects(
            LogonSession ls, PermissionSet permissions) throws EQLException {

        List<ViewObjectsObject> viewObjects = new ArrayList<ViewObjectsObject>();
        for(String focusName : getFocusNames(permissions)) {
            List<ViewObjectsObject> objs
                    = ViewObjectsObjectHandler.selectByFocus(getJEOManager(), ls, focusName);
            if(objs != null) {
                viewObjects.addAll(objs);
            }
        }

        return viewObjects;
    }

    /**
     * Returns permission object for some object in system for specified user.
     *
     * @param user     user to check permission
     * @param objectID object id in system. (can be focus name, subfocus name, tab name, form name)
     * @param type     type of the object.
     * @return permission object
     */
    public static Permission getPermissionForObject(User user, String objectID, PermissionObjectType type) {
        PermissionSet permissions = getPermissionSetForUser(user);
        return permissions.getPermissionObject(type, objectID);
    }

    /**
     * Need this method in IntegratorGetRecords
     *
     * @param user       requesting user
     * @param objectID   object id
     * @param objectType object type
     * @param action     action type
     * @return can this user perform this kind of action under the given object
     */
    public static boolean canUserPerformAction(User user, String objectID, PermissionObjectType objectType, CommonActionTypes action) {
        return canUserPerformAction(getPermissionForObject(user, objectID, objectType).getLevel(), action);
    }

    /**
     * @param level  access level for that
     * @param action action type
     * @return is this action available for this access level.
     */
    public static boolean canUserPerformAction(AccessLevel level, CommonActionTypes action) {
        boolean can = false;
        switch(action) {
            case READ:
                can = level.level >= AccessLevel.READ.level;
                break;
            case WRITE:
                can = level.level >= AccessLevel.WRITE.level;
                break;
            case DELETE_OWNED_RECORDS:
                can = level.level >= AccessLevel.OWNER.level;
                break;
            case DELETE_ANY_RECORD:
                can = level.level >= AccessLevel.FULL_CONTROL.level;
                break;
        }
        return can;
    }

    /**
     * Retrieve collection of users that belong to some group
     * Couldn't return null object.
     *
     * @param groupID
     * @return
     * @throws NoSuchGroupException thrown if no such group with the given id
     */
    public static Collection<User> getUsersInGroup(Long groupID) throws NoSuchGroupException {
        LogonSession ls = getSystemLogonSession();

        List<UserObject> userObjs;
        try {
            userObjs = UserObjectHandler.selectByWorkgroupID(
                    getJEOManager(), ls, groupID);
        } catch (EQLException e) {
            logger.ERROR("EQLException: " + e.getMessage(), e);
            throw new GenericSystemException("EQLException: " + e.getMessage(), e);
        }
        if(userObjs == null) {
            throw new NoSuchGroupException(groupID);
        }

        return createUsers(ls, userObjs);
    }

    /**
     * Retrieve collection of users that belong to some group with the given tier
     * Couldn't return null object.
     *
     * @param groupID
     * @param tier    tier of the users
     * @return
     * @throws NoSuchGroupException thrown if no such group with the given id
     */
    public static Collection<User> getUsersInGroup(Long groupID, Integer tier) throws NoSuchGroupException {
        LogonSession ls = getSystemLogonSession();

        List<UserObject> userObjs;
        try {
            userObjs = UserObjectHandler.selectByWorkgroupIDAndTier(
                    getJEOManager(), ls, groupID, tier);
        } catch (EQLException e) {
            logger.ERROR("EQLException: " + e.getMessage(), e);
            throw new GenericSystemException("EQLException: " + e.getMessage(), e);
        }
        if(userObjs == null) {
            throw new NoSuchGroupException(groupID);
        }

        return createUsers(ls, userObjs);
    }

    /**
     * Retrieve workgroup by it's id.
     * Couldn't return null object.
     *
     * @param groupID
     * @return
     * @throws NoSuchGroupException thrown if no such group with the given id
     */
    public static WorkGroup getGroup(Long groupID) throws NoSuchGroupException {
//        if(workGroupCache.containsKey(groupID))
//            return workGroupCache.get(groupID);

        WorkgroupObject workgroupObj;
        try {
            workgroupObj = WorkgroupObjectHandler.selectByID(
                    getJEOManager(), getSystemLogonSession(), groupID);
        } catch (EQLException e) {
            logger.ERROR("EQLException: " + e.getMessage(), e);
            throw new GenericSystemException("EQLException: " + e.getMessage(), e);
        }
        if(workgroupObj == null) {
            throw new NoSuchGroupException(groupID);
        }

        WorkGroup workGroup = new WorkGroup(groupID,
                workgroupObj.getName(), workgroupObj.getNotificationaddr(),
                workgroupObj.getNotifymethod().intValue());

//        workGroupCache.put(groupID, workGroup);

        return workGroup;
    }

    private static JEOManagerLocal getJEOManager() {
        return (JEOManagerLocal) com.getLocalObject(JNDINames.JEOManager, JEOManagerLocalHome.class);
    }

    private static User createUser(LogonSession ls, UserObject jeoUser) {
//        Long userID = jeoUser.getPkey();

//        if(usersCache.containsKey(userID))
//            return usersCache.get(userID);

        User user = new User();
        user.setUserID(jeoUser.getPkey());
        user.setLoginName(jeoUser.getLoginname());
        user.setPasswordDigest(jeoUser.getPassword());
        user.setFullName(jeoUser.getFullname());
        user.setEmail(jeoUser.getEmail());
        user.setAuthenticationType(jeoUser.getUser_type());

        // User settings
        JEOManagerLocal jeoManager = getJEOManager();
        UserSettingsObject userProp;
        try {
            userProp = UserSettingsObjectHandler.selectByUser(jeoManager, ls, jeoUser);
        } catch (EQLException e) {
            logger.ERROR("EQLException: " + e.getMessage(), e);
            throw new GenericSystemException("EQLException: " + e.getMessage(), e);
        }
        if(userProp == null) {
            user.setLangID(SystemHelper.DEFAULT_LANGUAGE);
            user.setCountryID(SystemHelper.DEFAULT_COUNTRY);
            user.setTimeZoneID(SystemHelper.DEFAULT_TIMEZONE.getID());
            user.setDatePattern(SystemHelper.DEFAULT_DATE_PATTERN);
            user.setTimePattern(SystemHelper.DEFAULT_TIME_PATTERN);
        } else {
            String langID = userProp.textLang();
            user.setLangID(langID != null ? langID:SystemHelper.DEFAULT_LANGUAGE);
            String countryID = userProp.textCountry();
            user.setCountryID(countryID != null ? countryID:SystemHelper.DEFAULT_COUNTRY);
            String timeZoneID = userProp.textTimezone();
            user.setTimeZoneID(timeZoneID != null ? timeZoneID:SystemHelper.DEFAULT_TIMEZONE.getID());
            String datePattern = userProp.textDpattern();
            user.setDatePattern(datePattern != null ? datePattern:SystemHelper.DEFAULT_DATE_PATTERN);
            String timePattern = userProp.textTpattern();
            user.setTimePattern(timePattern != null ? timePattern:SystemHelper.DEFAULT_TIME_PATTERN);
            user.setDatePositionFirst(NumberHelper.num2bool(userProp.getDpos()));
        }

        // All User roles
        List<UserRolesObject> userRoles;
        try {
            userRoles = UserRolesObjectHandler.selectByUser(jeoManager, ls, jeoUser);
            Set<Long> rolesIDs = new HashSet<Long>();
            if(userRoles != null) {
                for(UserRolesObject role : userRoles) {
                    rolesIDs.add(role.getRole_id());

                    Long defaultFocus = role.getDefault_focus_id();
                    if(defaultFocus != null && user.getDefaultFocus() == null) {
                        ViewObjectsObject focus = ViewObjectsObjectHandler.selectByPkey(
                                jeoManager, ls, defaultFocus);
                        if(focus != null) {
                            user.setDefaultFocus(focus.getName());
                        }
                    }
                }
            }
            user.setRolesIDs(rolesIDs);
        } catch (EQLException e) {
            logger.ERROR("EQLException: " + e.getMessage(), e);
            throw new GenericSystemException("EQLException: " + e.getMessage(), e);
        }

        //  User workgroups
        List<WorkgroupObject> workgroups;
        try {
            workgroups = WorkgroupObjectHandler.selectByUser(jeoManager, ls, jeoUser);
        } catch (EQLException e) {
            logger.ERROR("EQLException: " + e.getMessage(), e);
            throw new GenericSystemException("EQLException: " + e.getMessage(), e);
        }
        if(workgroups != null) {
            List<Long> workgroupIDs = new ArrayList<Long>();
            for(WorkgroupObject workgroup : workgroups) {
                workgroupIDs.add(workgroup.getPkey());
            }
            user.setUserGroups(workgroupIDs);
        }

//        // Cache user object
//        usersCache.put(userID, user);

        return user;
    }

    private static Collection<User> createUsers(LogonSession ls, List<UserObject> userObjs) {
        List<User> users = new ArrayList<User>();
        for(UserObject userObj : userObjs) {
            users.add(createUser(ls, userObj));
        }
        return users;
    }

}