/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package framework.beans.arm;
import framework.beans.SecuredBean;
import framework.beans.security.BeanRights;
import framework.beans.directory.simple.entities.Arm;
import framework.beans.security.entities.ArmPanel;
import framework.beans.security.entities.ArmPanelPK;
import framework.beans.security.entities.ArmRight;
import framework.beans.security.entities.ArmRightPK;
import framework.generic.ClipsServerException;
import framework.generic.ESecurity;
import framework.security.UserRight;
import framework.security.UserRightsGroup;
import framework.security.UserRightsSetAbstract;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.ejb.Stateful;
import framework.security.UserRightsSetLocal;
import javax.ejb.EJB;
/**
* @security - Ok.
* @author axe
*/
@Stateful(mappedName="clips-beans/ArmPanelBean")
public class ArmPanelBean extends SecuredBean implements ArmPanelBeanRemote {
public static int COMMAND_HANDLE_ARM = 0;
@EJB
private UserRightsSetLocal rightsSet;
@Override
protected void initBeanRights() {
int[] r = new int[1];
r[COMMAND_HANDLE_ARM] = RightPresence(UserRightsSetAbstract.WRITE_REGION_ADMIN_DIRECTORY.id);
rights = new BeanRights(r);
}
protected List<ArmPanel> getArmList(int armID) throws ClipsServerException{
return findEntityList(ArmPanel.class, "arm", findEntity(Arm.class, armID));
}
//
/**
* Возвращает список имен панелей для указанного АРМА
* @param armID АРМ
* @return список
* @throws ClipsServerException
* @security без ограничений
*/
@Override
public Set <String> getPanelList(int armID) throws ClipsServerException {
//checkCommandAccessibility(COMMAND_HANDLE_ARM);
List<ArmPanel> contracts = getArmList(armID);
Set<String> res = new HashSet<String>();
Iterator<ArmPanel> i = contracts.iterator();
while(i.hasNext()) {
ArmPanel j = i.next();
res.add(j.getKey().getPanel());
}
return res;
}
/**
* Назначает список панелей для указанного АРМА
* @param armID АРМ
* @param panels не пустой список панелей
* @security без ограничений
*/
@Override
public void setPanelList(int armID, Set <String> panels) throws ClipsServerException {
checkCommandAccessibility(COMMAND_HANDLE_ARM);
Iterator i = getArmList(armID).iterator();
while(i.hasNext()) {
ArmPanel armPanel = (ArmPanel) i.next();
String panel = armPanel.getKey().getPanel();
if(!panels.contains(panel)) {
manager.remove(armPanel);
} else {
panels.remove(panel);
}
}
Iterator<String> newPS = panels.iterator();
while(newPS.hasNext()) {
ArmPanel panel = new ArmPanel();
panel.setKey(new ArmPanelPK(newPS.next(), armID));
manager.persist(panel);
}
}
/**
* Вовзврашает список идентификаторов прав
* @return
* @throws generic.EDataIntegrity
*/
@Override
public Set<Integer> getRights(int armID) throws ClipsServerException {
//checkCommandAccessibility(COMMAND_HANDLE_ARM);
if(armID == 0) {
throw new IllegalArgumentException("arm == 0");
}
Iterator<ArmRight> list = findEntityList(ArmRight.class, "key.arm", armID).iterator();
Set<Integer> res = new HashSet<Integer>();
while(list.hasNext()) {
ArmRight right = list.next();
int rg = right.getId().getRightId();
if (UserRightsSetAbstract.getRightFromID(rg) != null) {
res.add(rg);
}
}
return res;
}
/**
* Назанчает список идентификаторов прав
* @return
* @throws generic.EDataIntegrity
*/
@Override
public void setRights(int armID, Set<Integer> rights) throws ClipsServerException {
checkCommandAccessibility(COMMAND_HANDLE_ARM);
Set<Integer> backup = new HashSet<Integer>(rights);
Set<Integer> oldRights = getRights(armID);
//make rights to add
rights.removeAll(oldRights);
//make rights to delete
oldRights.removeAll(backup);
Iterator<Integer> addNew = rights.iterator();
while(addNew.hasNext()) {
ArmRight r = new ArmRight();
r.setId(new ArmRightPK(armID, addNew.next()));
manager.persist(r);
}
if(oldRights.size() > 0) {
Field f[] = {
new Field("key.arm", armID),
new Field("key.rightId", oldRights, Field.OPERATOR_IN)
};
deleteEntityList(ArmRight.class, f);
}
}
@Override
public Map<String, Integer> getRightsMask(int armID) throws ClipsServerException {
Map<String, Integer> rm = new HashMap<String, Integer>();
Enumeration<UserRightsGroup> e = rightsSet.rightsGroups();
while (e.hasMoreElements()) {
rm.put(e.nextElement().getTitle(), 0);
}
int mask = 0;
Iterator<Integer> it = getRights(armID).iterator();
while (it.hasNext()) {
Integer id = it.next();
UserRight right = UserRightsSetAbstract.getRightFromID(id);
mask = rm.get(right.getGroup().getTitle());
mask = mask | right.getRightsMask();
rm.put(right.getGroup().getTitle(), mask);
}
return rm;
}
@Override
public void setRightsMask(int armID, Map<String, Integer> maskMap) throws ClipsServerException {
Set<Integer> rightsId2Save = new HashSet<Integer>();//эти права будут сохранены
int mask = 0;
Enumeration<UserRightsGroup> e = rightsSet.rightsGroups();
while (e.hasMoreElements()) {
UserRightsGroup group = e.nextElement();
mask = maskMap.get(group.getTitle());
Iterator<UserRight> it = getRightsFromMask(group, mask).iterator();
while (it.hasNext()) {
UserRight ur = it.next();
rightsId2Save.add(ur.getID());
}
mask = 0;
}
setRights(armID, rightsId2Save);
}
/**
* извлекает из группы сет прав доступных по маске
* если из имеющихся прав данную маску построить невозможно
* выкинет ошибку
* @param group
* @param mask
* @return
* @throws generic.ESecurity
*/
private Set<UserRight> getRightsFromMask(UserRightsGroup group, int mask) throws ESecurity{
Set<UserRight> rts = new HashSet<UserRight>();
Iterator<UserRight> it = group.getRights().iterator();
//разбираем
while (it.hasNext()) {
UserRight ur = it.next();
if (include(mask, ur.getRightsMask())){
rts.add(ur);
}
}
//сравниваем
if (createMask(rts) != mask){
throw new ESecurity("Попытка установить невозможную комбинацию прав: " + mask);
}
return rts;
}
/**
* Строит маску из прав
* @param rts
* @param mask
* @return
* @throws generic.ESecurity
*/
private int createMask(Set<UserRight> rts){
int mask = 0;
Iterator<UserRight> it = rts.iterator();
while (it.hasNext()) {
UserRight ur = it.next();
mask = mask | ur.getRightsMask();
}
return mask;
}
/**
* проверяет вхождение маски в маску
* @param mask
* @param subMask
* @return
*/
private boolean include(int mask, int subMask){
return mask == ( mask | subMask);
}
}