Source Code of org.ejbca.ui.cli.admins.AdminsChangeRuleCommand

/*************************************************************************
 *                                                                       *
 *  EJBCA: The OpenSource Certificate Authority                          *
 *                                                                       *
 *  This software is free software; you can redistribute it and/or       *
 *  modify it under the terms of the GNU Lesser General Public           *
 *  License as published by the Free Software Foundation; either         *
 *  version 2.1 of the License, or any later version.                    *
 *                                                                       *
 *  See terms of license at gnu.org.                                     *
 *                                                                       *
 *************************************************************************/

package org.ejbca.ui.cli.admins;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;

import org.ejbca.config.GlobalConfiguration;
import org.ejbca.core.model.authorization.AccessRule;
import org.ejbca.core.model.authorization.AdminGroup;
import org.ejbca.ui.cli.ErrorAdminCommandException;

/**
 * Changes an access rule
 */
public class AdminsChangeRuleCommand extends BaseAdminsCommand {

  public String getMainCommand() { return MAINCOMMAND; }
  public String getSubCommand() { return "changerule"; }
  public String getDescription() { return "Changes an access rule"; }

  public void execute(String[] args) throws ErrorAdminCommandException {
    try {
      if (args.length < 5) {
          getLogger().info("Description: " + getDescription());
        getLogger().info("Usage: " + getCommand() + " <name of group> <access rule> <rule> <recursive>");
        Collection<AdminGroup> adminGroups = ejb.getAdminGroupSession().getAuthorizedAdminGroupNames(getAdmin(), ejb.getCaSession().getAvailableCAs(getAdmin()));
        Collections.sort((List<AdminGroup>) adminGroups);
        String availableGroups = "";
        for (AdminGroup adminGroup : adminGroups) {
          availableGroups += (availableGroups.length()==0?"":", ") + "\"" + adminGroup.getAdminGroupName() + "\"";
        }
        getLogger().info("Available Admin groups: " + availableGroups);
        getLogger().info("Available access rules:");
        GlobalConfiguration globalConfiguration = ejb.getGlobalConfigurationSession().getCachedGlobalConfiguration(getAdmin());
        for (String current : (Collection<String>) ejb.getAuthorizationSession().getAuthorizedAvailableAccessRules(getAdmin(), ejb.getCaSession().getAvailableCAs(getAdmin()),
            globalConfiguration.getEnableEndEntityProfileLimitations(), globalConfiguration.getIssueHardwareTokens(), globalConfiguration.getEnableKeyRecovery(),
            ejb.getEndEntityProfileSession().getAuthorizedEndEntityProfileIds(getAdmin()), ejb.getUserDataSourceSession().getAuthorizedUserDataSourceIds(getAdmin(), true))) {
          getLogger().info(" " + getParsedAccessRule(current));
        }
        String availableRules = "";
        for (String current : AccessRule.RULE_TEXTS) {
          availableRules += (availableRules.length()==0?"":", ") + current;
        }
        getLogger().info("Available rules: " + availableRules);
        getLogger().info("Recursive is one of: TRUE, FALSE");
        return;
      }
      String groupName = args[1];
            if (ejb.getAdminGroupSession().getAdminGroup(getAdmin(), groupName) == null) {
              getLogger().error("No such group \"" + groupName + "\" .");
                return;
            }
      String accessRule = getOriginalAccessRule(args[2]);
      GlobalConfiguration globalConfiguration = ejb.getGlobalConfigurationSession().getCachedGlobalConfiguration(getAdmin());
      if (!((Collection<String>) ejb.getAuthorizationSession().getAuthorizedAvailableAccessRules(getAdmin(), ejb.getCaSession().getAvailableCAs(getAdmin()),
          globalConfiguration.getEnableEndEntityProfileLimitations(), globalConfiguration.getIssueHardwareTokens(), globalConfiguration.getEnableKeyRecovery(),
          ejb.getEndEntityProfileSession().getAuthorizedEndEntityProfileIds(getAdmin()), ejb.getUserDataSourceSession().getAuthorizedUserDataSourceIds(getAdmin(), true))).contains(accessRule)) {
        getLogger().error("Accessrule \"" + accessRule + "\" is not available.");
        return;
      }
      int rule = Arrays.asList(AccessRule.RULE_TEXTS).indexOf(args[3]);
      if (rule == -1) {
        getLogger().error("No such rule \"" + args[3] + "\".");
        return;
      }
      boolean recursive = "TRUE".equalsIgnoreCase(args[4]);
      List<String> accessRuleStrings = new ArrayList<String>();
      accessRuleStrings.add(accessRule);
      if (rule == AccessRule.RULE_NOTUSED) {
          ejb.getAdminGroupSession().removeAccessRules(getAdmin(), groupName, accessRuleStrings);
      } else {
          ejb.getAdminGroupSession().removeAccessRules(getAdmin(), groupName, accessRuleStrings);
        AccessRule accessRuleObject = new AccessRule(accessRule, rule, recursive);
        Collection<AccessRule> accessRules = new ArrayList<AccessRule>();
        accessRules.add(accessRuleObject);
        ejb.getAdminGroupSession().addAccessRules(getAdmin(), groupName, accessRules);
      }
    } catch (Exception e) {
      getLogger().error("",e);
      throw new ErrorAdminCommandException(e);
    }
  }
}