/**
* Copyright (C) 2008 - Abiquo Holdings S.L. All rights reserved.
*
* Please see /opt/abiquo/tomcat/webapps/legal/ on Abiquo server
* or contact contact@abiquo.com for licensing information.
*/
package com.abiquo.server.core.enterprise;
import java.util.Collection;
import java.util.List;
import javax.persistence.EntityManager;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.hibernate.Criteria;
import org.hibernate.Query;
import org.hibernate.SQLQuery;
import org.hibernate.criterion.CriteriaSpecification;
import org.hibernate.criterion.Criterion;
import org.hibernate.criterion.Disjunction;
import org.hibernate.criterion.Order;
import org.hibernate.criterion.Restrictions;
import org.springframework.stereotype.Repository;
import com.abiquo.model.enumerator.AuthType;
import com.abiquo.server.core.cloud.VirtualDatacenter;
import com.abiquo.server.core.common.persistence.DefaultDAOBase;
import com.abiquo.server.core.util.PagedList;
import com.softwarementors.bzngine.entities.PersistentEntity;
@Repository("jpaUserDAO")
public class UserDAO extends DefaultDAOBase<Integer, User>
{
public UserDAO()
{
super(User.class);
}
public UserDAO(final EntityManager entityManager)
{
super(User.class, entityManager);
}
public static Criterion sameEnterprise(final Enterprise enterprise)
{
return Restrictions.eq(User.ENTERPRISE_PROPERTY, enterprise);
}
public static Criterion sameId(final Integer userId)
{
return Restrictions.eq(PersistentEntity.ID_PROPERTY, userId);
}
public static Criterion sameNick(final String nick)
{
return Restrictions.eq(User.NICK_PROPERTY, nick);
}
public static Criterion sameRole(final Role role)
{
return Restrictions.eq(User.ROLE_PROPERTY, role);
}
public static Criterion fromEnterprises(final Collection<Enterprise> enterprises)
{
return Restrictions.in(User.ENTERPRISE_PROPERTY, enterprises);
}
private Criterion filterBy(final String filter)
{
Disjunction filterDisjunction = Restrictions.disjunction();
filterDisjunction.add(Restrictions.like(User.NAME_PROPERTY, '%' + filter + '%'));
filterDisjunction.add(Restrictions.like(User.SURNAME_PROPERTY, '%' + filter + '%'));
filterDisjunction.add(Restrictions.like(User.EMAIL_PROPERTY, '%' + filter + '%'));
filterDisjunction.add(Restrictions.like(User.NICK_PROPERTY, '%' + filter + '%'));
return filterDisjunction;
}
public Collection<User> findByRole(final Role role)
{
return find(null, role, null, PersistentEntity.ID_PROPERTY, false, false, 0, 25, null);
}
public Collection<User> findByEnterprise(final Enterprise enterprise)
{
return find(enterprise, null, VirtualDatacenter.NAME_PROPERTY, false);
}
public User findByEnterprise(final Integer userId, final Enterprise enterprise)
{
Criteria criteria = createCriteria(sameId(userId), sameEnterprise(enterprise));
criteria.addOrder(Order.asc(VirtualDatacenter.NAME_PROPERTY));
return (User) criteria.uniqueResult();
}
public Collection<User> find(final Enterprise enterprise, final String filter,
final String orderBy, final boolean desc)
{
return find(enterprise, null, filter, orderBy, desc, false, 0, 25, null);
}
public Collection<User> find(final Enterprise enterprise, final Role role, final String filter,
final String orderBy, final boolean desc, final boolean connected, final Integer offset,
final Integer numResults, final Collection<Enterprise> enterprises)
{
String[] filters = new String[] {};
if (filter != null)
{
filters = filter.split("\\s+");
}
Criteria criteria =
createCriteria(enterprise, role, filters, orderBy, desc, connected, enterprises);
Number total = count(criteria);
criteria = createCriteria(enterprise, role, filters, orderBy, desc, connected, enterprises);
criteria.setFirstResult(offset * numResults);
criteria.setMaxResults(numResults);
List<User> result = getResultList(criteria);
PagedList<User> page = new PagedList<User>();
page.addAll(result);
page.setCurrentElement(offset);
page.setPageSize(numResults);
page.setTotalResults(total.intValue());
return page;
}
private Criteria createCriteria(final Enterprise enterprise, final Role role,
final String[] filters, final String orderBy, final boolean desc, final boolean connected,
final Collection<Enterprise> enterprises)
{
Criteria criteria = createCriteria();
if (enterprise != null)
{
criteria.add(sameEnterprise(enterprise));
}
if (role != null)
{
criteria.add(sameRole(role));
}
if (enterprises != null)
{
criteria.add(fromEnterprises(enterprises));
}
if (!ArrayUtils.isEmpty(filters))
{
for (String filter : filters)
{
if (!StringUtils.isEmpty(filter))
{
criteria.add(filterBy(filter));
}
}
}
if (!StringUtils.isEmpty(orderBy))
{
Order order = Order.asc(orderBy);
if (desc)
{
order = Order.desc(orderBy);
}
criteria.addOrder(order);
}
if (connected)
{
// Sessions no longer expire. Return all users with an existing session
criteria.createCriteria("sessions").add(Restrictions.isNotNull("id"));
// criteria.createCriteria("sessions").add(Restrictions.gt("expireDate", new Date()));
criteria.setResultTransformer(CriteriaSpecification.DISTINCT_ROOT_ENTITY);
}
return criteria;
}
public boolean existAnyUserWithNick(final String nick)
{
return existsAnyByCriterions(sameNick(nick));
}
public boolean existAnyOtherUserWithNick(final User user, final String nick)
{
return existsAnyOtherByCriterions(user, sameNick(nick));
}
/**
* Returns a User with nick {login} that is login to DB.
*
* @param login that must match.
* @return User.
*/
public User getAbiquoUserByLogin(final String login)
{
Criteria criteria = createCriteria();
criteria.add(sameNick(login));
criteria.add(Restrictions.eq("authType", AuthType.ABIQUO));
return (User) criteria.uniqueResult();
}
/**
* eturns a User with nick {login} that is login to [authType].
*
* @param login that must match.
* @param authType a {@link com.abiquo.model.enumerator.AuthType} value.
* @return User .
*/
public User getUserByAuth(final String login, final AuthType authType)
{
Criteria criteria = createCriteria();
criteria.add(sameNick(login));
criteria.add(Restrictions.eq("authType", authType));
return (User) criteria.uniqueResult();
}
/**
* Same AuthType?.
*
* @param authType AuthType {@link AuthType} value.
* @return Criterion
*/
public static Criterion sameAuthType(final AuthType authType)
{
return Restrictions.eq("authType", authType);
}
/**
* Look up in the DB for a user with login == nick and authType == authType.
*
* @param nick login.
* @param authType a {@link com.abiquo.model.enumerator.AuthType} value.
* @return boolean true if exists, false otherwise.
*/
public boolean existAnyUserWithNickAndAuth(final String nick, final AuthType authType)
{
return existsAnyByCriterions(sameNick(nick), sameAuthType(authType));
}
public boolean existAnyUserWithRole(final Role role)
{
return existsAnyByCriterions(sameRole(role));
}
@SuppressWarnings("rawtypes")
public boolean isUserAllowedToUseVirtualDatacenter(final String username,
final String authtype, final String[] privileges, final Integer idVdc)
{
Query query = getSession().createSQLQuery(USER_ALLOWED_VDC_SQL);
query.setParameter("username", username);
query.setParameter("authtype", authtype);
query.setParameterList("privileges", privileges);
query.setParameter("idvdc", idVdc);
List result = query.list();
if (result == null || result.isEmpty())
{
return false;
}
else
{
return true;
}
}
private static final String USER_ALLOWED_VDC_SQL =
"select 1 from user u where u.user = :username and u.authType = :authtype and (('ENTERPRISE_ADMINISTER_ALL' in (:privileges) or 'USERS_MANAGE_OTHER_ENTERPRISES' in (:privileges) or 'PHYS_DC_RETRIEVE_DETAILS' in (:privileges)) or u.idEnterprise = (select vdc.idEnterprise from virtualdatacenter vdc where vdc.idVirtualDatacenter = :idvdc and (u.availableVirtualDatacenters is null or u.availableVirtualDatacenters REGEXP CONCAT('.*[,]?',:idvdc,'($|[,].*$)'))))";
public boolean isVDCwithinScope(final String username, final Integer idVdc)
{
SQLQuery query = getSession().createSQLQuery(USER_DEFAULT_SCOPE);
query.setParameter("username", username);
List result = query.list();
// check if the scope is the global then the enterprise is allowed
if (!result.isEmpty())
{
return true;
}
// in other case we have to check if vdc is in scope
query = getSession().createSQLQuery(VDC_IN_SCOPE_SQL);
query.setParameter("username", username);
query.setParameter("idvdc", idVdc);
result = query.list();
return !(result == null || result.isEmpty());
}
private static final String USER_DEFAULT_SCOPE =
"select 1 FROM user u, role r ,scope s where u.user=:username and u.idRole=r.idRole and (r.idScope ='1' or(r.idScope=s.id and s.name='Global scope')) ";
private static final String VDC_IN_SCOPE_SQL =
"select 1 FROM virtualdatacenter vdc where vdc.idVirtualDatacenter=:idvdc and "
+ " vdc.idEnterprise in (select sr.idResource from scope_resource sr, user u, role r where u.user=:username and u.idRole=r.idRole and r.idScope =sr.idScope and sr.resourceType='ENTERPRISE')";
@SuppressWarnings("rawtypes")
public boolean isUserAllowedToEnterprise(final String username, final String authtype,
final String[] privileges, final Integer ident)
{
Query query = getSession().createSQLQuery(USER_ALLOWED_ENTERPRSE_SQL);
query.setParameter("username", username);
query.setParameter("authtype", authtype);
query.setParameterList("privileges", privileges);
query.setParameter("identerprise", ident);
List result = query.list();
if (result == null || result.isEmpty())
{
return false;
}
else
{
return true;
}
}
private static final String USER_ALLOWED_ENTERPRSE_SQL =
"select 1 from user u where u.user = :username and u.authType = :authtype "
+ "and (('ENTERPRISE_ADMINISTER_ALL' in (:privileges) or 'USERS_MANAGE_OTHER_ENTERPRISES' in (:privileges) or 'PHYS_DC_RETRIEVE_DETAILS' in (:privileges)) or u.idEnterprise = :identerprise)";
public boolean isUserAllowedToUseDatacenter(final String userName, final Integer idDatacenter)
{
SQLQuery query = getSession().createSQLQuery(USER_DEFAULT_SCOPE);
query.setParameter("username", userName);
List result = query.list();
// check if the scope is the global then the enterprise is allowed
if (!result.isEmpty())
{
return true;
}
// in other case we have to check if vdc is in scope
query = getSession().createSQLQuery(DATACENTER_IN_SCOPE_SQL);
query.setParameter("username", userName);
query.setParameter("idDatacenter", idDatacenter);
result = query.list();
return !(result == null || result.isEmpty());
}
private static final String DATACENTER_IN_SCOPE_SQL =
"select 1 FROM datacenter d where d.idDatacenter=:idDatacenter and d.idDatacenter in ( select s.idResource from user u, role r, scope_resource s where u.user=:username and u.idRole=r.idRole and r.idScope =s.idScope and s.resourceType='DATACENTER')";
}