Package org.olat.basesecurity

Source Code of org.olat.basesecurity.PersistingManager

/**
* OLAT - Online Learning and Training<br>
* http://www.olat.org
* <p>
* Licensed under the Apache License, Version 2.0 (the "License"); <br>
* you may not use this file except in compliance with the License.<br>
* You may obtain a copy of the License at
* <p>
* http://www.apache.org/licenses/LICENSE-2.0
* <p>
* Unless required by applicable law or agreed to in writing,<br>
* software distributed under the License is distributed on an "AS IS" BASIS, <br>
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. <br>
* See the License for the specific language governing permissions and <br>
* limitations under the License.
* <p>
* Copyright (c) since 2004 at Multimedia- & E-Learning Services (MELS),<br>
* University of Zurich, Switzerland.
* <p>
*/

package org.olat.basesecurity;

import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;

import org.hibernate.Hibernate;
import org.hibernate.type.Type;
import org.olat.admin.quota.GenericQuotaEditController;
import org.olat.admin.quota.QuotaController;
import org.olat.admin.sysinfo.SysinfoController;
import org.olat.admin.user.UserAdminController;
import org.olat.admin.user.UserChangePasswordController;
import org.olat.admin.user.UserCreateController;
import org.olat.basesecurity.events.NewIdentityCreatedEvent;
import org.olat.core.commons.persistence.DB;
import org.olat.core.commons.persistence.DBFactory;
import org.olat.core.commons.persistence.DBQuery;
import org.olat.core.gui.translator.Translator;
import org.olat.core.id.Identity;
import org.olat.core.id.OLATResourceable;
import org.olat.core.id.Roles;
import org.olat.core.id.User;
import org.olat.core.id.UserConstants;
import org.olat.core.logging.AssertException;
import org.olat.core.util.Util;
import org.olat.core.util.coordinate.CoordinatorManager;
import org.olat.core.util.resource.OresHelper;
import org.olat.resource.OLATResource;
import org.olat.resource.OLATResourceManager;
import org.olat.user.ChangePasswordController;
import org.olat.user.PersonalSettingsController;
import org.olat.user.UserManager;

/**
* <h3>Description:</h3>
* The PersistingManager implements the security manager and provide methods to
* manage identities and user objects based on a database persistence mechanism
* using hibernate.
* <p>
*
* @author Felix Jost, Florian Gnaegi
*/
public class PersistingManager implements Manager {
  private OLATResourceManager orm; // orm is stateless, but we have less to type
  private static String GUEST_USERNAME_PREFIX = "guest_";
 
  public static final OLATResourceable IDENTITY_EVENT_CHANNEL = OresHelper.lookupType(Identity.class);

  // if we grab an instance here

  /**
   * package local
   */
  PersistingManager() {
    orm = OLATResourceManager.getInstance();
  }

  /**
   * @see org.olat.basesecurity.Manager#init()
   */
  public void init() { // called only once at startup and only from one thread
    // init the system level groups and its policies
    initSysGroupAdmin();
    initSysGroupAuthors();
    initSysGroupGroupmanagers();
    initSysGroupUsermanagers();
    initSysGroupUsers();
    initSysGroupAnonymous();
    initSysGroupInstitutionalResourceManager();
  }

  /**
   * OLAT system administrators, root, good, whatever you name it...
   */
  private void initSysGroupAdmin() {
    SecurityGroup adminGroup = findSecurityGroupByName(Constants.GROUP_ADMIN);
    if (adminGroup == null)
      adminGroup = createAndPersistNamedSecurityGroup(Constants.GROUP_ADMIN);

    // we check everthing by policies, so we must give admins the hasRole
    // permission on the type resource "Admin"
    createAndPersistPolicyIfNotExists(adminGroup, Constants.PERMISSION_HASROLE, Constants.ORESOURCE_ADMIN);

    //admins have role "authors" by default
    createAndPersistPolicyIfNotExists(adminGroup, Constants.PERMISSION_HASROLE, Constants.ORESOURCE_AUTHOR);

    //admins have a groupmanager policy and access permissions to groupmanaging tools
    createAndPersistPolicyIfNotExists(adminGroup, Constants.PERMISSION_HASROLE, Constants.ORESOURCE_GROUPMANAGER);

    //admins have a usemanager policy and access permissions to usermanagement tools
    createAndPersistPolicyIfNotExists(adminGroup, Constants.PERMISSION_HASROLE, Constants.ORESOURCE_USERMANAGER);

    //admins are also regular users
    createAndPersistPolicyIfNotExists(adminGroup, Constants.PERMISSION_HASROLE, Constants.ORESOURCE_USERS);

    //olat admins have access to all security groups
    createAndPersistPolicyIfNotExists(adminGroup, Constants.PERMISSION_ACCESS, Constants.ORESOURCE_SECURITYGROUPS);

    // and to all courses
    createAndPersistPolicyIfNotExists(adminGroup, Constants.PERMISSION_ADMIN, Constants.ORESOURCE_COURSES);

    createAndPersistPolicyIfNotExists(adminGroup, Constants.PERMISSION_ACCESS, OresHelper.lookupType(SysinfoController.class));
    createAndPersistPolicyIfNotExists(adminGroup, Constants.PERMISSION_ACCESS, OresHelper.lookupType(UserAdminController.class));
    createAndPersistPolicyIfNotExists(adminGroup, Constants.PERMISSION_ACCESS, OresHelper.lookupType(UserChangePasswordController.class));
    createAndPersistPolicyIfNotExists(adminGroup, Constants.PERMISSION_ACCESS, OresHelper.lookupType(UserCreateController.class));
    createAndPersistPolicyIfNotExists(adminGroup, Constants.PERMISSION_ACCESS, OresHelper.lookupType(QuotaController.class));
    createAndPersistPolicyIfNotExists(adminGroup, Constants.PERMISSION_ACCESS, OresHelper.lookupType(GenericQuotaEditController.class));
  }

  /**
   * Every active user that is an active user is in the user group. exceptions: logonDenied and anonymous users
   */
  private void initSysGroupUsers() {
    SecurityGroup olatuserGroup = findSecurityGroupByName(Constants.GROUP_OLATUSERS);
    if (olatuserGroup == null)
      olatuserGroup = createAndPersistNamedSecurityGroup(Constants.GROUP_OLATUSERS);

    //users have a user policy
    createAndPersistPolicyIfNotExists(olatuserGroup, Constants.PERMISSION_HASROLE, Constants.ORESOURCE_USERS);

    createAndPersistPolicyIfNotExists(olatuserGroup, Constants.PERMISSION_ACCESS, OresHelper.lookupType(ChangePasswordController.class));
    createAndPersistPolicyIfNotExists(olatuserGroup, Constants.PERMISSION_ACCESS, OresHelper.lookupType(PersonalSettingsController.class));
  }

  /**
   * Users with access to group context management (groupmanagement that can be used in multiple courses
   */
  private void initSysGroupGroupmanagers() {
    SecurityGroup olatGroupmanagerGroup = findSecurityGroupByName(Constants.GROUP_GROUPMANAGERS);
    if (olatGroupmanagerGroup == null)
      olatGroupmanagerGroup = createAndPersistNamedSecurityGroup(Constants.GROUP_GROUPMANAGERS);
    //gropumanagers have a groupmanager policy and access permissions to groupmanaging tools
    createAndPersistPolicyIfNotExists(olatGroupmanagerGroup, Constants.PERMISSION_HASROLE, Constants.ORESOURCE_GROUPMANAGER);
  }

  /**
   * Users with access to user management
   */
  private void initSysGroupUsermanagers() {
    SecurityGroup olatUsermanagerGroup = findSecurityGroupByName(Constants.GROUP_USERMANAGERS);
    if (olatUsermanagerGroup == null)
      olatUsermanagerGroup = createAndPersistNamedSecurityGroup(Constants.GROUP_USERMANAGERS);
    //gropumanagers have a groupmanager policy and access permissions to groupmanaging tools
    createAndPersistPolicyIfNotExists(olatUsermanagerGroup, Constants.PERMISSION_HASROLE, Constants.ORESOURCE_USERMANAGER);
    createAndPersistPolicyIfNotExists(olatUsermanagerGroup, Constants.PERMISSION_ACCESS, OresHelper.lookupType(UserAdminController.class));
    createAndPersistPolicyIfNotExists(olatUsermanagerGroup, Constants.PERMISSION_ACCESS, OresHelper.lookupType(UserChangePasswordController.class));
    createAndPersistPolicyIfNotExists(olatUsermanagerGroup, Constants.PERMISSION_ACCESS, OresHelper.lookupType(UserCreateController.class));
    createAndPersistPolicyIfNotExists(olatUsermanagerGroup, Constants.PERMISSION_ACCESS, OresHelper.lookupType(GenericQuotaEditController.class));
  }

  /**
   * Users with access to the authoring parts of the learning ressources repository
   */
  private void initSysGroupAuthors() {
    SecurityGroup olatauthorGroup = findSecurityGroupByName(Constants.GROUP_AUTHORS);
    if (olatauthorGroup == null)
      olatauthorGroup = createAndPersistNamedSecurityGroup(Constants.GROUP_AUTHORS);
    //authors have a author policy and access permissions to authoring tools
    createAndPersistPolicyIfNotExists(olatauthorGroup, Constants.PERMISSION_HASROLE, Constants.ORESOURCE_AUTHOR);
  }
 
  /**
   * Users with access to the authoring parts of the learning ressources repository (all resources in his university)
   */
  private void initSysGroupInstitutionalResourceManager() {
    SecurityGroup institutionalResourceManagerGroup = findSecurityGroupByName(Constants.GROUP_INST_ORES_MANAGER);
    if (institutionalResourceManagerGroup == null)
      institutionalResourceManagerGroup = createAndPersistNamedSecurityGroup(Constants.GROUP_INST_ORES_MANAGER);
    //manager have a author policy and access permissions to authoring tools
    createAndPersistPolicyIfNotExists(institutionalResourceManagerGroup, Constants.PERMISSION_HASROLE, Constants.ORESOURCE_INSTORESMANAGER);
    createAndPersistPolicyIfNotExists(institutionalResourceManagerGroup, Constants.PERMISSION_ACCESS, OresHelper.lookupType(QuotaController.class));
    createAndPersistPolicyIfNotExists(institutionalResourceManagerGroup, Constants.PERMISSION_ACCESS, OresHelper.lookupType(GenericQuotaEditController.class));
  }

  /**
   * Unknown users with guest only rights
   */
  private void initSysGroupAnonymous() {
    SecurityGroup guestGroup = findSecurityGroupByName(Constants.GROUP_ANONYMOUS);
    if (guestGroup == null)
      guestGroup = createAndPersistNamedSecurityGroup(Constants.GROUP_ANONYMOUS);
    //guest(=anonymous) have a guest policy
    createAndPersistPolicyIfNotExists(guestGroup, Constants.PERMISSION_HASROLE, Constants.ORESOURCE_GUESTONLY);
  }

  /**
   * @see org.olat.basesecurity.Manager#getGroupsWithPermissionOnOlatResourceable(java.lang.String,
   *      org.olat.core.id.OLATResourceable
   */
  public List getGroupsWithPermissionOnOlatResourceable(String permission, OLATResourceable olatResourceable) {
    Long oresid = olatResourceable.getResourceableId();
    if (oresid == null) oresid = new Long(0); //TODO: make a method in
    // OLATResorceManager, since this
    // is implementation detail
    String oresName = olatResourceable.getResourceableTypeName();

    List res = DBFactory.getInstance().find(
        "select sgi from"
          + " org.olat.basesecurity.SecurityGroupImpl as sgi,"
          + " org.olat.basesecurity.PolicyImpl as poi,"
          + " org.olat.resource.OLATResourceImpl as ori"
          + " where poi.securityGroup = sgi and poi.permission = ?"
          + " and poi.olatResource = ori"
          + " and (ori.resId = ? or ori.resId = 0) and ori.resName = ?",
        new Object[] { permission, oresid, oresName }, new Type[] { Hibernate.STRING, Hibernate.LONG, Hibernate.STRING });
    return res;
  }

  /**
   * @see org.olat.basesecurity.Manager#getIdentitiesWithPermissionOnOlatResourceable(java.lang.String,
   *      org.olat.core.id.OLATResourceable
   */
  public List getIdentitiesWithPermissionOnOlatResourceable(String permission, OLATResourceable olatResourceable) {
    Long oresid = olatResourceable.getResourceableId();
    if (oresid == null) oresid = new Long(0); //TODO: make a method in
    // OLATResorceManager, since this
    // is implementation detail
    String oresName = olatResourceable.getResourceableTypeName();

    // if the olatResourceable is not persisted as OLATResource, then the answer
    // is false,
    // therefore we can use the query assuming there is an OLATResource
    List res = DBFactory.getInstance().find(
        "select distinct im from"
          + " org.olat.basesecurity.SecurityGroupMembershipImpl as sgmsi,"
          + " org.olat.basesecurity.IdentityImpl as im,"
          + " org.olat.basesecurity.PolicyImpl as poi,"
          + " org.olat.resource.OLATResourceImpl as ori"
          + " where im = sgmsi.identity"
          + " and sgmsi.securityGroup = poi.securityGroup"
          + " and poi.permission = ?"
          + " and poi.olatResource = ori"
          + " and (ori.resId = ? or ori.resId = 0) and ori.resName = ?",
          // if you have a type right, you autom. have all instance rights
        new Object[] { permission, oresid, oresName }, new Type[] { Hibernate.STRING, Hibernate.LONG, Hibernate.STRING });
    return res;
  }

  /**
   * @see org.olat.basesecurity.Manager#getPoliciesOfSecurityGroup(org.olat.basesecurity.SecurityGroup)
   */
  public List getPoliciesOfSecurityGroup(SecurityGroup secGroup) {
    List res = DBFactory.getInstance().find(
        "select poi from org.olat.basesecurity.PolicyImpl as poi where poi.securityGroup = ?",
        new Object[] { secGroup.getKey() }, new Type[] { Hibernate.LONG });
    return res;
  }

  /**
   * @see org.olat.basesecurity.Manager#isIdentityPermittedOnResourceable(org.olat.core.id.Identity, java.lang.String, org.olat.core.id.OLATResourceable
   */
  /*
   * MAY BE USED LATER - do not remove please public boolean
   * isGroupPermittedOnResourceable(SecurityGroup secGroup, String permission,
   * OLATResourceable olatResourceable) { Long oresid =
   * olatResourceable.getResourceableId(); if (oresid == null) oresid = new
   * Long(0); //TODO: make a method in OLATResorceManager, since this is
   * implementation detail String oresName =
   * olatResourceable.getResourceableTypeName(); List res =
   * DB.getInstance().find("select count(poi) from"+ "
   * org.olat.basesecurity.SecurityGroupImpl as sgi,"+ "
   * org.olat.basesecurity.PolicyImpl as poi,"+ "
   * org.olat.resource.OLATResourceImpl as ori"+ " where sgi.key = ?" + " and
   * poi.securityGroup = sgi and poi.permission = ?"+ " and poi.olatResource =
   * ori" + " and (ori.resId = ? or ori.resId = 0) and ori.resName = ?", new
   * Object[] { secGroup.getKey(), permission, oresid, oresName }, new Type[] {
   * Hibernate.LONG, Hibernate.STRING, Hibernate.LONG, Hibernate.STRING } );
   * Integer cntI = (Integer)res.get(0); int cnt = cntI.intValue(); return (cnt >
   * 0); // can be > 1 if identity is in more the one group having the
   * permission on the olatresourceable }
   */

 
  public boolean isIdentityPermittedOnResourceable(Identity identity, String permission, OLATResourceable olatResourceable) {
    return isIdentityPermittedOnResourceable(identity, permission, olatResourceable, true);
  }
 

  /**
   * @see org.olat.basesecurity.Manager#isIdentityPermittedOnResourceable(org.olat.core.id.Identity, java.lang.String, org.olat.core.id.OLATResourceable boolean)
   */
  public boolean isIdentityPermittedOnResourceable(Identity identity, String permission, OLATResourceable olatResourceable, boolean checkTypeRight) {
    IdentityImpl iimpl = getImpl(identity);
    Long oresid = olatResourceable.getResourceableId();
    if (oresid == null) oresid = new Long(0); //TODO: make a method in
    // OLATResorceManager, since this
    // is implementation detail
    String oresName = olatResourceable.getResourceableTypeName();
    // if the olatResourceable is not persisted as OLATResource, then the answer
    // is false,
    // therefore we can use the query assuming there is an OLATResource

    String queryString;
    if (checkTypeRight) {
      queryString =
        "select count(poi) from"
      + " org.olat.basesecurity.SecurityGroupMembershipImpl as sgmsi,"
      + " org.olat.basesecurity.PolicyImpl as poi,"
      + " org.olat.resource.OLATResourceImpl as ori"
      + " where sgmsi.identity = :identitykey and sgmsi.securityGroup =  poi.securityGroup"
      + " and poi.permission = :permission and poi.olatResource = ori"
      + " and (ori.resId = :resid or ori.resId = 0) and ori.resName = :resname";
    } else {
      queryString =
        "select count(poi) from"
      + " org.olat.basesecurity.SecurityGroupMembershipImpl as sgmsi,"
      + " org.olat.basesecurity.PolicyImpl as poi,"
      + " org.olat.resource.OLATResourceImpl as ori"
      + " where sgmsi.identity = :identitykey and sgmsi.securityGroup =  poi.securityGroup"
      + " and poi.permission = :permission and poi.olatResource = ori"
      + " and (ori.resId = :resid) and ori.resName = :resname";
    }
    DBQuery query = DBFactory.getInstance().createQuery(queryString);
    query.setLong("identitykey", iimpl.getKey());
    query.setString("permission", permission);   
    query.setLong("resid", oresid);
    query.setString("resname", oresName);
    query.setCacheable(true);
    List res = query.list();
    Long cntL = (Long) res.get(0);
    return (cntL.longValue() > 0); // can be > 1 if identity is in more the one group having
    // the permission on the olatresourceable
  }

  /**
   * @see org.olat.basesecurity.Manager#getRoles(org.olat.core.id.Identity)
   */
  public Roles getRoles(Identity identity) {
    boolean isAdmin = isIdentityPermittedOnResourceable(identity, Constants.PERMISSION_HASROLE, Constants.ORESOURCE_ADMIN);
    boolean isAuthor = isIdentityPermittedOnResourceable(identity, Constants.PERMISSION_HASROLE, Constants.ORESOURCE_AUTHOR);
    boolean isGroupManager = isIdentityPermittedOnResourceable(identity, Constants.PERMISSION_HASROLE, Constants.ORESOURCE_GROUPMANAGER);
    boolean isUserManager = isIdentityPermittedOnResourceable(identity, Constants.PERMISSION_HASROLE, Constants.ORESOURCE_USERMANAGER);
    boolean isGuestOnly = isIdentityPermittedOnResourceable(identity, Constants.PERMISSION_HASROLE, Constants.ORESOURCE_GUESTONLY);
    boolean isInstitutionalResourceManager = isIdentityPermittedOnResourceable(identity, Constants.PERMISSION_HASROLE,
        Constants.ORESOURCE_INSTORESMANAGER);
    Roles roles = new Roles(isAdmin, isUserManager, isGroupManager, isAuthor, isGuestOnly, isInstitutionalResourceManager);
    return roles;
  }

  /**
   * scalar query : select sgi, poi, ori
   * @param identity
   * @return List of policies
   */
  public List getPoliciesOfIdentity(Identity identity) {
    IdentityImpl iimpl = getImpl(identity);
    List res = DBFactory.getInstance().find(
        "select sgi, poi, ori from"
        + " org.olat.basesecurity.SecurityGroupMembershipImpl as sgmsi,"
        + " org.olat.basesecurity.SecurityGroupImpl as sgi,"
        + " org.olat.basesecurity.PolicyImpl as poi,"
        + " org.olat.resource.OLATResourceImpl as ori"
        + " where sgmsi.identity = ? and sgmsi.securityGroup = sgi"
        + " and poi.securityGroup = sgi and poi.olatResource = ori",
        new Object[] { iimpl.getKey() }, new Type[] { Hibernate.LONG });
    // scalar query, we get a List of Object[]'s
    return res;
  }

  /**
   * @see org.olat.basesecurity.Manager#isIdentityInSecurityGroup(org.olat.core.id.Identity, org.olat.basesecurity.SecurityGroup)
   */
  public boolean isIdentityInSecurityGroup(Identity identity, SecurityGroup secGroup) {
    if (secGroup == null) return false;
    String queryString = "select count(sgmsi) from  org.olat.basesecurity.SecurityGroupMembershipImpl as sgmsi where sgmsi.identity = :identitykey and sgmsi.securityGroup = :securityGroup";
    DBQuery query = DBFactory.getInstance().createQuery(queryString);
    query.setLong("identitykey", identity.getKey());
    query.setLong("securityGroup", secGroup.getKey());
    query.setCacheable(true);
    List res = query.list();
    Long cntL = (Long) res.get(0);
    if (cntL.longValue() != 0 && cntL.longValue() != 1) throw new AssertException("unique n-to-n must always yield 0 or 1");
    return (cntL.longValue() == 1);
  }

  /**
   * @see org.olat.basesecurity.Manager#createAndPersistSecurityGroup()
   */
  public SecurityGroup createAndPersistSecurityGroup() {
    SecurityGroupImpl sgi = new SecurityGroupImpl();
    DBFactory.getInstance().saveObject(sgi);
    return sgi;
  }

  /**
   * @see org.olat.basesecurity.Manager#deleteSecurityGroup(org.olat.basesecurity.SecurityGroup)
   */
  public void deleteSecurityGroup(SecurityGroup secGroup) {
    // we do not use hibernate cascade="delete", but implement our own (to be
    // sure to understand our code)
    DB db = DBFactory.getInstance();
    //FIXME: fj: Please review: Create rep entry, restart olat, delete the rep
    // entry. previous implementation resulted in orange screen
    // secGroup = (SecurityGroup)db.loadObject(secGroup); // so we can later
    // delete it (hibernate needs an associated session)
    secGroup = (SecurityGroup) db.loadObject(secGroup);
    //o_clusterREVIEW
    //db.reputInHibernateSessionCache(secGroup);

    /*
     * if (!db.contains(secGroup)) { secGroup = (SecurityGroupImpl)
     * db.loadObject(SecurityGroupImpl.class, secGroup.getKey()); }
     */
    // 1) delete associated users (need to do it manually, hibernate knows
    // nothing about
    // the membership, modeled manually via many-to-one and not via set)
    db.delete("from org.olat.basesecurity.SecurityGroupMembershipImpl as msi where msi.securityGroup.key = ?", new Object[] { secGroup
        .getKey() }, new Type[] { Hibernate.LONG });
    // 2) delete all policies
    db.delete("from org.olat.basesecurity.PolicyImpl as poi where poi.securityGroup = ?", new Object[] { secGroup.getKey() },
        new Type[] { Hibernate.LONG });
    // 3) delete security group
    db.deleteObject(secGroup);
  }

  /**
   * @see org.olat.basesecurity.Manager#addIdentityToSecurityGroup(org.olat.core.id.Identity, org.olat.basesecurity.SecurityGroup)
   */
  public void addIdentityToSecurityGroup(Identity identity, SecurityGroup secGroup) {
    SecurityGroupMembershipImpl sgmsi = new SecurityGroupMembershipImpl();
    sgmsi.setIdentity(identity);
    sgmsi.setSecurityGroup(secGroup);
    sgmsi.setLastModified(new Date());
    DBFactory.getInstance().saveObject(sgmsi);
    //TODO: tracing
  }

  /**
   * @see org.olat.basesecurity.Manager#removeIdentityFromSecurityGroup(org.olat.core.id.Identity, org.olat.basesecurity.SecurityGroup)
   */
  public void removeIdentityFromSecurityGroup(Identity identity, SecurityGroup secGroup) {
    IdentityImpl iimpl = getImpl(identity);
    DBFactory.getInstance().delete(
        "from org.olat.basesecurity.SecurityGroupMembershipImpl as msi where msi.identity.key = ? and msi.securityGroup.key = ?",
        new Object[] { iimpl.getKey(), secGroup.getKey() }, new Type[] { Hibernate.LONG, Hibernate.LONG });
  }

  /**
   * @see org.olat.basesecurity.Manager#createAndPersistPolicy(org.olat.basesecurity.SecurityGroup, java.lang.String, org.olat.core.id.OLATResourceable
   */
  public Policy createAndPersistPolicy(SecurityGroup secGroup, String permission, OLATResourceable olatResourceable) {
    OLATResource olatResource = orm.findOrPersistResourceable(olatResourceable);
    return createAndPersistPolicyWithResource(secGroup, permission, olatResource);
  }

  /**
   * Creates a policy and persists on the database
   * @param secGroup
   * @param permission
   * @param olatResource
   * @return Policy
   */
  public Policy createAndPersistPolicyWithResource(SecurityGroup secGroup, String permission, OLATResource olatResource) {
    PolicyImpl pi = new PolicyImpl();
    pi.setSecurityGroup(secGroup);
    pi.setOlatResource(olatResource);
    pi.setPermission(permission);
    DBFactory.getInstance().saveObject(pi);
    return pi;
 
 
  /**
   * Helper method that only creates a policy only if no such policy exists in the database
   * @param secGroup
   * @param permission
   * @param olatResourceable
   * @return Policy
   */
  private Policy createAndPersistPolicyIfNotExists(SecurityGroup secGroup, String permission, OLATResourceable olatResourceable) {
    OLATResource olatResource = orm.findOrPersistResourceable(olatResourceable);
    Policy existingPolicy = findPolicy(secGroup, permission, olatResource);
    if (existingPolicy == null) {
      return createAndPersistPolicy(secGroup, permission, olatResource);
    }
    return existingPolicy;
  }


  Policy findPolicy(SecurityGroup secGroup, String permission, OLATResource olatResource) {
    Long secKey = secGroup.getKey();
    Long orKey = olatResource.getKey();

    List res = DBFactory.getInstance().find(
        " select poi from org.olat.basesecurity.PolicyImpl as poi"
        + " where poi.permission = ? and poi.olatResource = ? and poi.securityGroup = ?",
        new Object[] { permission, orKey, secKey },
        new Type[] { Hibernate.STRING, Hibernate.LONG, Hibernate.LONG });
    if (res.size() == 0) {
      return null;
    }
    else  {
      PolicyImpl poi = (PolicyImpl) res.get(0);
      return poi;
    }
  } 
 
  private void deletePolicy(Policy policy) {
    DBFactory.getInstance().deleteObject(policy);
  }

  /**
   * @see org.olat.basesecurity.Manager#deletePolicy(org.olat.basesecurity.SecurityGroup, java.lang.String, org.olat.core.id.OLATResourceable
   */
  public void deletePolicy(SecurityGroup secGroup, String permission, OLATResourceable olatResourceable) {    
    OLATResource olatResource = orm.findResourceable(olatResourceable);
    if (olatResource == null) throw new AssertException("cannot delete policy of a null olatresourceable!");
    Policy p = findPolicy(secGroup, permission, olatResource);
    // fj: introduced strict testing here on purpose
    if (p == null) throw new AssertException("findPolicy returned null, cannot delete policy");
    deletePolicy(p);
  }

  private IdentityImpl getImpl(Identity identity) {
    // since we are a persistingmanager, we also only accept real identities
    if (!(identity instanceof IdentityImpl)) throw new AssertException("identity was not of type identityimpl, but "
        + identity.getClass().getName());
    IdentityImpl iimpl = (IdentityImpl) identity;
    return iimpl;
  }

  /**
   * @param username the username
   * @param user the presisted User
   * @param authusername the username used as authentication credential
   *          (=username for provider "OLAT")
   * @param provider the provider of the authentication ("OLAT" or "AAI"). If null, no
   * authentication token is generated.
   * @param credential the credentials or null if not used
   * @return Identity
   */
  public Identity createAndPersistIdentity(String username, User user, String provider, String authusername, String credential) {
    IdentityImpl iimpl = new IdentityImpl(username, user);
    DBFactory.getInstance().saveObject(iimpl);
    if (provider != null) {
      createAndPersistAuthentication(iimpl, provider, authusername, credential);
    }
    notifyNewIdentityCreated(iimpl);
    return iimpl;
  }

  /**
   * @param username the username
   * @param user the unpresisted User
   * @param authusername the username used as authentication credential
   *          (=username for provider "OLAT")
   * @param provider the provider of the authentication ("OLAT" or "AAI"). If null, no
   * authentication token is generated.
   * @param credential the credentials or null if not used
   * @return Identity
   */
  public Identity createAndPersistIdentityAndUser(String username, User user, String provider, String authusername, String credential) {
    DBFactory.getInstance().saveObject(user);
    IdentityImpl iimpl = new IdentityImpl(username, user);
    DBFactory.getInstance().saveObject(iimpl);
    if (provider != null) {
      createAndPersistAuthentication(iimpl, provider, authusername, credential);
    }
    notifyNewIdentityCreated(iimpl);
    return iimpl;
  }
 
 
  private void notifyNewIdentityCreated(Identity newIdentity) {
    //Save the identity on the DB. So can the listeners of the event retrieve it
    //in cluster mode
    DBFactory.getInstance().intermediateCommit();
    CoordinatorManager.getCoordinator().getEventBus().fireEventToListenersOf(new NewIdentityCreatedEvent(newIdentity), IDENTITY_EVENT_CHANNEL);
  }

  /**
   * @see org.olat.basesecurity.Manager#getIdentitiesOfSecurityGroup(org.olat.basesecurity.SecurityGroup)
   */
  public List getIdentitiesOfSecurityGroup(SecurityGroup secGroup) {
    if (secGroup == null) {
      throw new AssertException("getIdentitiesOfSecurityGroup: ERROR secGroup was null !!");
    }
    DB db = DBFactory.getInstance();
    if (db == null) {
      throw new AssertException("getIdentitiesOfSecurityGroup: ERROR db was null !!");
    }
    List idents = DBFactory.getInstance().find(
              "select ii from"
              + " org.olat.basesecurity.IdentityImpl as ii inner join fetch ii.user as iuser, "
              + " org.olat.basesecurity.SecurityGroupMembershipImpl as sgmsi "
              + " where sgmsi.securityGroup = ? and sgmsi.identity = ii",
              new Object[] { secGroup.getKey() },
              new Type[] { Hibernate.LONG });

              return idents;
   
  }
 
  /**
   * @see org.olat.basesecurity.Manager#getIdentitiesAndDateOfSecurityGroup(org.olat.basesecurity.SecurityGroup)
   */
  public List getIdentitiesAndDateOfSecurityGroup(SecurityGroup secGroup) {
    return getIdentitiesAndDateOfSecurityGroup(secGroup,false);
  }
 
  /**
   * @see org.olat.basesecurity.Manager#getIdentitiesAndDateOfSecurityGroup(org.olat.basesecurity.SecurityGroup)
   * @param sortedByAddDate true= return list of idenities sorted by added date
   */
  public List getIdentitiesAndDateOfSecurityGroup(SecurityGroup secGroup, boolean sortedByAddDate) {
     StringBuilder queryString = new StringBuilder();
     queryString.append("select ii, sgmsi.lastModified from"
         + " org.olat.basesecurity.IdentityImpl as ii inner join fetch ii.user as iuser, "
         + " org.olat.basesecurity.SecurityGroupMembershipImpl as sgmsi "
         + " where sgmsi.securityGroup = ? and sgmsi.identity = ii");
     if (sortedByAddDate) {
       queryString.append(" order by sgmsi.lastModified");
     }
     List identAndDate = DBFactory.getInstance().find(queryString.toString(),
         new Object[] { secGroup.getKey() },
         new Type[] { Hibernate.LONG });
     return identAndDate;
  }

  /**
   *
   * @see org.olat.basesecurity.Manager#getSecurityGroupJoinDateForIdentity(org.olat.basesecurity.SecurityGroup, org.olat.core.id.Identity)
   */
  public Date getSecurityGroupJoinDateForIdentity(SecurityGroup secGroup, Identity identity){
    String query = "select creationDate from " + "  org.olat.basesecurity.SecurityGroupMembershipImpl as sgi "
        + " where sgi.securityGroup = :secGroup and sgi.identity = :identId";
   
    DB db = DBFactory.getInstance();
    DBQuery dbq = db.createQuery(query);
    dbq.setLong("identId", identity.getKey().longValue());
    dbq.setLong("secGroup", secGroup.getKey());
    List result = dbq.list();
    if (result.size()==0){
      return null;
    }
    else {
      return (Date)result.get(0);
    }
  }
 

  /**
   * @see org.olat.basesecurity.Manager#countIdentitiesOfSecurityGroup(org.olat.basesecurity.SecurityGroup)
   */
  public int countIdentitiesOfSecurityGroup(SecurityGroup secGroup) {
    DB db = DBFactory.getInstance();
    String q = "select count(sgm) from org.olat.basesecurity.SecurityGroupMembershipImpl sgm where sgm.securityGroup = :group";
    DBQuery query = db.createQuery(q);
    query.setEntity("group", secGroup);
    int result = ((Long) query.list().get(0)).intValue();
    return result;
  }

  /**
   * @see org.olat.basesecurity.Manager#createAndPersistNamedSecurityGroup(java.lang.String)
   */
  public SecurityGroup createAndPersistNamedSecurityGroup(String groupName) {
    SecurityGroup secG = createAndPersistSecurityGroup();
    NamedGroupImpl ngi = new NamedGroupImpl(groupName, secG);
    DBFactory.getInstance().saveObject(ngi);
    return secG;
  }

  /**
   * @see org.olat.basesecurity.Manager#findSecurityGroupByName(java.lang.String)
   */
  public SecurityGroup findSecurityGroupByName(String securityGroupName) {
    List group = DBFactory.getInstance().find(
        "select sgi from"
        + " org.olat.basesecurity.NamedGroupImpl as ngroup,"
        + " org.olat.basesecurity.SecurityGroupImpl as sgi"
        + " where ngroup.groupName = ? and ngroup.securityGroup = sgi", new Object[] { securityGroupName },
        new Type[] { Hibernate.STRING });
    int size = group.size();
    if (size == 0) return null;
    if (size != 1) throw new AssertException("non unique name in namedgroup: " + securityGroupName);
    SecurityGroup sg = (SecurityGroup) group.get(0);
    return sg;
  }

  /**
   * @see org.olat.basesecurity.Manager#findIdentityByName(java.lang.String)
   */
  public Identity findIdentityByName(String identityName) {
    if (identityName == null) throw new AssertException("findIdentitybyName: name was null");
    List identities = DBFactory.getInstance().find(
        "select ident from org.olat.basesecurity.IdentityImpl as ident where ident.name = ?", new Object[] { identityName },
        new Type[] { Hibernate.STRING });
    int size = identities.size();
    if (size == 0) return null;
    if (size != 1) throw new AssertException("non unique name in identites: " + identityName);
    Identity identity = (Identity) identities.get(0);
    return identity;
  }
 
  /**
   *
   * @see org.olat.basesecurity.Manager#loadIdentityByKey(java.lang.Long)
   */
  public Identity loadIdentityByKey(Long identityKey) {
    if (identityKey == null) throw new AssertException("findIdentitybyKey: key is null");
    if(identityKey.equals(Long.valueOf(0))) return null;
    return (Identity) DBFactory.getInstance().loadObject(IdentityImpl.class, identityKey);
  }
 
  /**
   *
   * @see org.olat.basesecurity.Manager#loadIdentityByKey(java.lang.Long)
   */
  public Identity loadIdentityByKey(Long identityKey, boolean strict) {
    if (identityKey == null) throw new AssertException("findIdentitybyKey: key is null");
    if(identityKey.equals(Long.valueOf(0))) return null;
    if(strict) {
      return (Identity) DBFactory.getInstance().loadObject(IdentityImpl.class, identityKey);
    }
   
    List<Identity> identities = DBFactory.getInstance().find(
        "select ident from org.olat.basesecurity.IdentityImpl ident where ident.key = ?", new Object[] { identityKey },
        new Type[] { Hibernate.LONG });
    if(identities.isEmpty()) return null;
    return identities.get(0);
  }

  /**
   *
   * @see org.olat.basesecurity.Manager#countUniqueUserLoginsSince(java.util.Date)
   */
  public Long countUniqueUserLoginsSince (Date lastLoginLimit){
    String queryStr ="Select count(ident) from org.olat.core.id.Identity as ident where "
      + "ident.lastLogin > :lastLoginLimit and ident.lastLogin != ident.creationDate"
    DBQuery dbq = DBFactory.getInstance().createQuery(queryStr);
    dbq.setDate("lastLoginLimit", lastLoginLimit);
    List res = dbq.list();
    Long cntL = (Long) res.get(0);
    return cntL;
 
 
  /**
   * @see org.olat.basesecurity.Manager#getAuthentications(org.olat.core.id.Identity)
   */
  public List<Authentication> getAuthentications(Identity identity) {
    return DBFactory.getInstance().find("select auth from  org.olat.basesecurity.AuthenticationImpl as auth " +
        "inner join fetch auth.identity as ident where ident.key = ?",
        new Object[] { identity.getKey() }, new Type[] { Hibernate.LONG });
  }

  /**
   * @see org.olat.basesecurity.Manager#createAndPersistAuthentication(org.olat.core.id.Identity, java.lang.String, java.lang.String, java.lang.String)
   */
  public Authentication createAndPersistAuthentication(Identity ident, String provider, String authUserName, String credential) {
    AuthenticationImpl authImpl = new AuthenticationImpl(ident, provider, authUserName, credential);
    DBFactory.getInstance().saveObject(authImpl);
    return authImpl;
  }

  /**
   * @see org.olat.basesecurity.Manager#findAuthentication(org.olat.core.id.Identity, java.lang.String)
   */
  public Authentication findAuthentication(Identity identity, String provider) {
    if (identity==null) {
      throw new IllegalArgumentException("identity must not be null");
    }
    DB dbInstance = DBFactory.getInstance();
    if (dbInstance==null) {
      throw new IllegalStateException("DBFactory.getInstance() returned null");
    }
    List results = dbInstance.find(
        "select auth from org.olat.basesecurity.AuthenticationImpl as auth where auth.identity.key = ? and auth.provider = ?",
        new Object[] { identity.getKey(), provider }, new Type[] { Hibernate.LONG, Hibernate.STRING });
    if (results == null || results.size() == 0) return null;
    if (results.size() > 1) throw new AssertException("Found more than one Authentication for a given subject and a given provider.");
    return (Authentication) results.get(0);
  }

  /**
   * @see org.olat.basesecurity.Manager#deleteAuthentication(org.olat.basesecurity.Authentication)
   */
  public void deleteAuthentication(Authentication auth) {
    DBFactory.getInstance().deleteObject(auth);
  }

  /**
   * @see org.olat.basesecurity.Manager#findAuthenticationByAuthusername(java.lang.String, java.lang.String)
   */
  public Authentication findAuthenticationByAuthusername(String authusername, String provider) {
    List results = DBFactory.getInstance().find(
        "from org.olat.basesecurity.AuthenticationImpl as auth where auth.provider = ? and auth.authusername = ?",
        new Object[] { provider, authusername }, new Type[] { Hibernate.STRING, Hibernate.STRING });
    if (results.size() == 0) return null;
    if (results.size() != 1) throw new AssertException(
        "more than one entry for the a given authusername and provider, should never happen (even db has a unique constraint on those columns combined) ");
    Authentication auth = (Authentication) results.get(0);
    return auth;
  }

  /**
   * @see org.olat.basesecurity.Manager#getVisibleIdentitiesByPowerSearch(java.lang.String, java.util.Map, boolean, org.olat.basesecurity.SecurityGroup[], org.olat.basesecurity.PermissionOnResourceable[], java.lang.String[], java.util.Date, java.util.Date)
   */
  public List getVisibleIdentitiesByPowerSearch(String login, Map<String, String> userproperties, boolean userPropertiesAsIntersectionSearch,
      SecurityGroup[] groups, PermissionOnResourceable[] permissionOnResources, String[] authProviders, Date createdAfter, Date createdBefore) {
    return getIdentitiesByPowerSearch(login, userproperties, userPropertiesAsIntersectionSearch, groups, permissionOnResources,
                                      authProviders, createdAfter, createdBefore, Identity.STATUS_VISIBLE_LIMIT );
  }

  /**
   * @see org.olat.basesecurity.Manager#getIdentitiesByPowerSearch(java.lang.String, java.util.Map, boolean, org.olat.basesecurity.SecurityGroup[], org.olat.basesecurity.PermissionOnResourceable[], java.lang.String[], java.util.Date, java.util.Date, java.lang.Integer)
   */
  public List getIdentitiesByPowerSearch(String login, Map<String, String> userproperties, boolean userPropertiesAsIntersectionSearch, SecurityGroup[] groups,
      PermissionOnResourceable[] permissionOnResources, String[] authProviders, Date createdAfter, Date createdBefore, Integer status) {
    boolean hasGroups = (groups != null && groups.length > 0);
    boolean hasPermissionOnResources = (permissionOnResources != null && permissionOnResources.length > 0);
    boolean hasAuthProviders = (authProviders != null && authProviders.length > 0);

    // select identity and inner join with user to optimize query
    StringBuilder sb = new StringBuilder();
    if (hasAuthProviders) {
      // I know, it looks wrong but I need to do the join reversed since it is not possible to
      // do this query with a left join that starts with the identity using hibernate HQL. A left
      // or right join is necessary since it is totally ok to have null values as authentication
      // providers (e.g. when searching for users that do not have any authentication providers at all!).
      // It took my quite a while to make this work, so think twice before you change anything here!
      sb = new StringBuilder("select distinct ident from org.olat.basesecurity.AuthenticationImpl as auth right join auth.identity as ident ");     
    } else {
      sb = new StringBuilder("select distinct ident from org.olat.core.id.Identity as ident ");
    }
    // In any case join with the user. Don't join-fetch user, this breaks the query
    // because of the user fields (don't know exactly why this behaves like
    // this)
    sb.append(" join ident.user as user ");
   
    if (hasGroups) {
      // join over security group memberships
      sb.append(" ,org.olat.basesecurity.SecurityGroupMembershipImpl as sgmsi ");

    }
    if (hasPermissionOnResources) {
      // join over policies
      sb.append(" ,org.olat.basesecurity.SecurityGroupMembershipImpl as policyGroupMembership ");
      sb.append(" ,org.olat.basesecurity.PolicyImpl as policy ");
      sb.append(" ,org.olat.resource.OLATResourceImpl as resource ");
    }   
   
    // complex where clause only when values are available
    if (login != null || (userproperties != null && !userproperties.isEmpty()) || createdAfter != null  || createdBefore != null ||
        hasAuthProviders || hasGroups || hasPermissionOnResources || status != null) {
      sb.append(" where ");   
      boolean needsAnd = false;
      boolean needsUserPropertiesJoin = false;
     
      // treat login and userProperties as one element in this query
      if (login != null && (userproperties != null && !userproperties.isEmpty())) {
        sb.append(" ( ");     
      }
      // append queries for user attributes
        if (login != null) {
          login = makeFuzzyQueryString(login);
          sb.append(" ident.name like :login ");
        // if user fields follow a join element is needed
        needsUserPropertiesJoin = true;
        // at least one user field used, after this and is required
        needsAnd = true;
      }

      // append queries for user fields
      if (userproperties != null && !userproperties.isEmpty()) {
        HashMap<String, String> emailProperties = new HashMap<String, String>();
        HashMap<String, String> otherProperties = new HashMap<String, String>();
 
        // split the user fields into two groups
        for (String key : userproperties.keySet()) {
          if (key.toLowerCase().contains("email")) {
            emailProperties.put(key, userproperties.get(key));
          } else {
            otherProperties.put(key, userproperties.get(key));
          }
        }
 
        // handle email fields special: search in all email fields
        if (!emailProperties.isEmpty()) {
          needsUserPropertiesJoin = checkIntersectionInUserProperties(sb,needsUserPropertiesJoin, userPropertiesAsIntersectionSearch);
          boolean moreThanOne = emailProperties.size() > 1;
          if (moreThanOne) sb.append("(");
          boolean needsOr = false;
          for (String key : emailProperties.keySet()) {
            if (needsOr) sb.append(" or ");
            sb.append(" user.properties['").append(key).append("'] like :").append(key).append("_value ");
            needsOr = true;
        }
          if (moreThanOne) sb.append(")");
          // cleanup
          emailProperties.clear();
        }
 
        // add other fields
        for (String key : otherProperties.keySet()) {
          needsUserPropertiesJoin = checkIntersectionInUserProperties(sb,needsUserPropertiesJoin, userPropertiesAsIntersectionSearch);
          sb.append(" user.properties['").append(key).append("'] like :").append(key).append("_value ");
          needsAnd = true;
        }
        // cleanup
        otherProperties.clear();
        // at least one user field used, after this and is required
        needsAnd = true;
        }
      // end of user fields and login part
      if (login != null && (userproperties != null && !userproperties.isEmpty())) {
        sb.append(" ) ");
      }
      // now continue with the other elements. They are joined with an AND connection
 
      // append query for named security groups
      if (hasGroups) {
        needsAnd = checkAnd(sb, needsAnd);
        sb.append(" (");
        for (int i = 0; i < groups.length; i++) {
          sb.append(" sgmsi.securityGroup=:group_").append(i);
          if (i < (groups.length - 1)) sb.append(" or ");
        }
        sb.append(") ");
        sb.append(" and sgmsi.identity=ident ");
      }
 
      // append query for policies
      if (hasPermissionOnResources) {
        needsAnd = checkAnd(sb, needsAnd);
        sb.append(" (");
        for (int i = 0; i < permissionOnResources.length; i++) {
          sb.append(" (");
          sb.append(" policy.permission=:permission_").append(i);
          sb.append(" and policy.olatResource = resource ");
          sb.append(" and resource.resId = :resourceId_").append(i);
          sb.append(" and resource.resName = :resourceName_").append(i);
          sb.append(" ) ");
          if (i < (permissionOnResources.length - 1)) sb.append(" or ");
        }
        sb.append(") ");
        sb.append(" and policy.securityGroup=policyGroupMembership.securityGroup ");
        sb.append(" and policyGroupMembership.identity=ident ");
      }
     
      // append query for authentication providers
      if (hasAuthProviders) {
        needsAnd = checkAnd(sb, needsAnd);
        sb.append(" (");
        for (int i = 0; i < authProviders.length; i++) {
          // special case for null auth provider
          if (authProviders[i] == null) {
            sb.append(" auth is null ");
          } else {
            sb.append(" auth.provider=:authProvider_").append(i);
          }
          if (i < (authProviders.length - 1)) sb.append(" or ");
        }
        sb.append(") ");
      }
 
      // append query for creation date restrictions
      if (createdAfter != null) {
        needsAnd = checkAnd(sb, needsAnd);
        sb.append(" ident.creationDate >= :createdAfter ");
      }
      if (createdBefore != null) {
        needsAnd = checkAnd(sb, needsAnd);
        sb.append(" ident.creationDate <= :createdBefore ");
      }
     
      if (status != null) {
        if (status.equals(Identity.STATUS_VISIBLE_LIMIT)) {
          // search for all status smaller than visible limit
          needsAnd = checkAnd(sb, needsAnd);
          sb.append(" ident.status < :status ");
        } else {
          // search for certain status
          needsAnd = checkAnd(sb, needsAnd);
          sb.append(" ident.status = :status ");
        }
      }
    }
     
    // create query object now from string
    String query = sb.toString();
    DB db = DBFactory.getInstance();
    DBQuery dbq = db.createQuery(query);
   
    // add user attributes
    if (login != null)
      dbq.setString("login", login);

    //   add user properties attributes
    if (userproperties != null && !userproperties.isEmpty()) {
      for (String key : userproperties.keySet()) {
        String value = userproperties.get(key);
        value = makeFuzzyQueryString(value);
        dbq.setString(key + "_value", value.toLowerCase());
      }
    }

    // add named security group names
    if (hasGroups) {
      for (int i = 0; i < groups.length; i++) {
        SecurityGroupImpl group = (SecurityGroupImpl) groups[i]; // need to work with impls
        dbq.setEntity("group_" + i, group);
      }
    }
   
    // add policies
    if (hasPermissionOnResources) {
      for (int i = 0; i < permissionOnResources.length; i++) {
        PermissionOnResourceable permissionOnResource = permissionOnResources[i];
        dbq.setString("permission_" + i, permissionOnResource.getPermission());
        Long id = permissionOnResource.getOlatResourceable().getResourceableId();
        dbq.setLong("resourceId_" + i, (id == null ? 0 : id.longValue()));
        dbq.setString("resourceName_" + i, permissionOnResource.getOlatResourceable().getResourceableTypeName());
      }
    }

    // add authentication providers
    if (hasAuthProviders) {
      for (int i = 0; i < authProviders.length; i++) {
        String authProvider = authProviders[i];
        if (authProvider != null) {
          dbq.setString("authProvider_" + i, authProvider);
        }
        // ignore null auth provider, already set to null in query
      }
    }
   
    // add date restrictions
    if (createdAfter != null) {
      dbq.setDate("createdAfter", createdAfter);
    }
    if (createdBefore != null) {
      dbq.setDate("createdBefore", createdBefore);
    }
    if (status != null) {
      dbq.setInteger("status", status);
    }

    // execute query
    return dbq.list();
  }

  /**
   * @see org.olat.basesecurity.Manager#isIdentityVisible(java.lang.String)
   */
  public boolean isIdentityVisible(String identityName) {
    if (identityName == null) throw new AssertException("findIdentitybyName: name was null");
    String queryString = "select count(ident) from org.olat.basesecurity.IdentityImpl as ident where ident.name = :identityName and ident.status < :status";
    DBQuery dbq = DBFactory.getInstance().createQuery(queryString);
    dbq.setString("identityName", identityName);
    dbq.setInteger("status", Identity.STATUS_VISIBLE_LIMIT);
    List res = dbq.list();
    Long cntL = (Long) res.get(0);
    return (cntL.longValue() > 0);
  }

  private boolean checkAnd(StringBuilder sb, boolean needsAnd) {
    if (needsAnd)   sb.append(" and ");
    return true;
  }

 
  private boolean checkIntersectionInUserProperties(StringBuilder sb, boolean needsJoin, boolean userPropertiesAsIntersectionSearch) {
    if (needsJoin)   {
      if (userPropertiesAsIntersectionSearch) {
        sb.append(" and ");               
      } else {
        sb.append(" or ");       
      }
    }
    return true;
  }

  /**
   * Helper method that replaces * with % and appends and
   * prepends % to the string to make fuzzy SQL match when using like
   * @param email
   * @return fuzzized string
   */
  private String makeFuzzyQueryString(String string) {
    // By default only fuzzyfy at the end. Usually it makes no sense to do a
    // fuzzy search with % at the beginning, but it makes the query very very
    // slow since it can not use any index and must perform a fulltext search.
    // User can always use * to make it a really fuzzy search query
    string = string.replace('*', '%');
    string = string + "%";
    // with 'LIKE' the character '_' is a wildcard which matches exactly one character.
    // To test for literal instances of '_', we have to escape it.
    string = string.replace("_", "\\_");
    return string;
  }

  /**
   * @see org.olat.basesecurity.Manager#saveIdentityStatus(org.olat.core.id.Identity)
   */
  public void saveIdentityStatus(Identity identity, Integer status) {
    //FIXME: cg: would be nice if the updated identity is returned. no loading required afterwards.
    identity = (Identity)DBFactory.getInstance().loadObject(identity.getClass(), identity.getKey());
    identity.setStatus(status);
    DBFactory.getInstance().updateObject(identity);
  }

 
  public List<SecurityGroup> getSecurityGroupsForIdentity(Identity identity) {
    DB db = DBFactory.getInstance();
    List<SecurityGroup> secGroups = db.find(
        "select sgi from"
        + " org.olat.basesecurity.SecurityGroupImpl as sgi,"
        + " org.olat.basesecurity.SecurityGroupMembershipImpl as sgmsi "
        + " where sgmsi.securityGroup = sgi and sgmsi.identity = ?",
        new Object[] { identity.getKey() },
        new Type[] { Hibernate.LONG });
    return secGroups;
  }
 

  /**
   * @see org.olat.basesecurity.Manager#getAndUpdateAnonymousUserForLanguage(java.util.Locale)
   */
  public Identity getAndUpdateAnonymousUserForLanguage(Locale locale) {
    Translator trans = Util.createPackageTranslator(UserManager.class, locale);
    String guestUsername = GUEST_USERNAME_PREFIX + locale.toString();   
    Identity guestIdentity = findIdentityByName(guestUsername);
    if (guestIdentity == null) {
      // Create it lazy on demand
      User guestUser = UserManager.getInstance().createUser(trans.translate("user.guest"), null, null);
      guestUser.getPreferences().setLanguage(locale.toString());
      guestIdentity = createAndPersistIdentityAndUser(guestUsername, guestUser, null, null, null);
      SecurityGroup anonymousGroup = findSecurityGroupByName(Constants.GROUP_ANONYMOUS);
      addIdentityToSecurityGroup(guestIdentity, anonymousGroup);
      return guestIdentity;
    } else {
      // Check if guest name has been updated in the i18n tool
      if ( ! guestIdentity.getUser().getProperty(UserConstants.FIRSTNAME, locale).equals(trans.translate("user.guest"))) {
        guestIdentity.getUser().setProperty(UserConstants.FIRSTNAME, trans.translate("user.guest"));
        DBFactory.getInstance().updateObject(guestIdentity);
      }
      return guestIdentity;
    }
  }

 
 
 
}
TOP

Related Classes of org.olat.basesecurity.PersistingManager

TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.