Source Code of com.comcast.cns.controller.CNSAddPermissionAction

/**
 * Copyright 2012 Comcast Corporation
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.comcast.cns.controller;

import java.util.ArrayList;
import java.util.List;

import javax.servlet.AsyncContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.log4j.Logger;

import com.comcast.cmb.common.model.CMBPolicy;
import com.comcast.cmb.common.model.User;
import com.comcast.cmb.common.persistence.IUserPersistence;
import com.comcast.cmb.common.persistence.PersistenceFactory;
import com.comcast.cmb.common.util.CMBErrorCodes;
import com.comcast.cmb.common.util.CMBException;
import com.comcast.cmb.common.util.CMBProperties;
import com.comcast.cns.io.CNSAttributePopulator;
import com.comcast.cns.model.CNSTopic;
import com.comcast.cns.model.CNSTopicAttributes;
import com.comcast.cns.util.CNSErrorCodes;
import com.comcast.cqs.util.CQSConstants;
import com.comcast.cqs.util.CQSErrorCodes;
import com.comcast.cqs.util.Util;

/**
 * Add permission action
 * @author bwolf
 */
public class CNSAddPermissionAction extends CNSAction {

  private static Logger logger = Logger.getLogger(CNSAddPermissionAction.class);

  public CNSAddPermissionAction() {
    super("AddPermission");
  }

  @Override
  public boolean doAction(User user, AsyncContext asyncContext) throws Exception {

        HttpServletRequest request = (HttpServletRequest)asyncContext.getRequest();
        HttpServletResponse response = (HttpServletResponse)asyncContext.getResponse();

      String topicArn = request.getParameter("TopicArn");

      if ((topicArn == null) ) {
        logger.error("event=cns_add_permission error_code=missing_parameter_topic_arn");
      throw new CMBException(CNSErrorCodes.CNS_InvalidParameter,"Missing parameter TopicArn");
      }

      CNSTopic topic = PersistenceFactory.getTopicPersistence().getTopic(topicArn);

      if (topic == null) {
        logger.error("event=cns_add_permission error_code=invalid_parameter_topic_arn");
      throw new CMBException(CNSErrorCodes.CNS_NotFound,"Resource not found.");
      }

        String label = request.getParameter(CQSConstants.LABEL);

        if (label == null) {
          throw new CMBException(CMBErrorCodes.ValidationError, "Validation error detected: Value null at 'label' failed to satisfy constraint: Member must not be null");
        }

        if (!Util.isValidId(label)) {
            throw new CMBException(CQSErrorCodes.InvalidBatchEntryId, "Label " + label + " is invalid. Only alphanumeric, hyphen, and underscore are allowed. It can be at most " + CMBProperties.getInstance().getCQSMaxMessageSuppliedIdLength() + " letters long.");
        }

        List<String> userList = new ArrayList<String>();
        int index = 1;

        String userId = request.getParameter(CQSConstants.AWS_ACCOUNT_ID + ".member." + index);

        IUserPersistence userHandler = PersistenceFactory.getUserPersistence();

        while (userId != null) {

          if (userId.equals("*") || userHandler.getUserById(userId) != null) { // only add user if they exist
                userList.add(userId);
            }

          index++;
            userId = request.getParameter(CQSConstants.AWS_ACCOUNT_ID + ".member." + index);
        }

        if (userList.size() == 0) {
            throw new CMBException(CMBErrorCodes.NotFound, "AWSAccountId is required");
        }

        List<String> actionList = new ArrayList<String>();
        index = 1;
        String action = request.getParameter(CQSConstants.ACTION_NAME + ".member." + index);

        while (action != null) {

          if (action.equals("")) {
          throw new CMBException(CMBErrorCodes.ValidationError, "Blank action parameter is invalid");
          }

          if (!CMBPolicy.CNS_ACTIONS.contains(action) && !action.equals("*")) {
          throw new CMBException(CNSErrorCodes.CNS_InvalidParameter, "Invalid action parameter " + action);
          }

          actionList.add(action);
            index++;
            action = request.getParameter(CQSConstants.ACTION_NAME + ".member." + index);
        }

        if (actionList.size() == 0) {
            throw new CMBException(CMBErrorCodes.NotFound, "ActionName is required");
        }

        CMBPolicy policy = null;
    CNSTopicAttributes attributes = CNSCache.getTopicAttributes(topicArn);

        // validate policy string

        if (attributes.getPolicy() != null) {
          policy = new CMBPolicy(attributes.getPolicy());
        } else {
          policy = new CMBPolicy();
        }

        if (policy.addStatement(CMBPolicy.SERVICE.CNS, label, "Allow", userList, actionList, topicArn, null)) {
          attributes.setPolicy(policy.toString());
          PersistenceFactory.getCNSAttributePersistence().setTopicAttributes(attributes, topicArn);
        } else {
          throw new CMBException(CMBErrorCodes.InvalidParameterValue, "Value " + label + " for parameter Label is invalid. Reason: Already exists.");
        }

        String out = CNSAttributePopulator.getAddPermissionResponse();
        writeResponse(out, response);

        return true;
  }
}