}
// Don't add another node if the specified Assignment
// is already in the hierarchy somewhere...
for (Assignment root : hierarchy) {
Assignment duplicate = root.findDecendentOrSelfIfExists(a.getPrincipal());
if (duplicate != null) {
return;
}
}
// To proceed, we need to know about the containing
// groups (if any) for this principal...
IGroupMember member = null;
EntityEnum entityEnum = a.getPrincipal().getEntityType();
if (entityEnum.isGroup()) {
member = GroupService.findGroup(a.getPrincipal().getId());
} else {
member = GroupService.getGroupMember(a.getPrincipal().getId(), entityEnum.getClazz());
}
AuthorizationService authService = AuthorizationService.instance();
Iterator<?> it = GroupService.getCompositeGroupService().findContainingGroups(member);
if (it.hasNext()) {
// This member must be nested within its parent(s)...
while (it.hasNext()) {
IEntityGroup group = (IEntityGroup) it.next();
EntityEnum beanType = EntityEnum.getEntityEnum(group.getEntityType(), true);
JsonEntityBean bean = new JsonEntityBean(group, beanType);
Assignment parent = null;
for (Assignment root : hierarchy) {
parent = root.findDecendentOrSelfIfExists(bean);
if (parent != null) {
// We found one...
parent.addChild(a);
break;
}
}
if (parent == null) {
// We weren't able to integrate this node into the existing
// hierarchy; we have to dig deeper, until we either (1)
// find a match, or (2) reach a root; type is INHERIT,
// unless (by chance) there's something specified in an
// entry on grantOrDenyMap.
IAuthorizationPrincipal principal = authService.newPrincipal(group);
Assignment.Type assignmentType = getAssignmentType(principal, owner, activity, target);
parent = new Assignment(principal.getPrincipalString(), bean, assignmentType);
parent.addChild(a);
placeInHierarchy(parent, hierarchy, owner, activity, target);
}
}
} else {
// This member is a root...