in redback-rbac/redback-rbac-role-manager/src/main/java/org/apache/archiva/redback/role/template/DefaultRoleTemplateProcessor.java [186:374]
private String processTemplate( RedbackRoleModel model, ModelTemplate template, String resource )
throws RoleManagerException
{
final String templateName = template.getNamePrefix() + template.getDelimiter() + resource;
final String roleId = getRoleId( template.getId( ), resource );
List<Permission> permissions = processPermissions( model, template, resource );
boolean roleExists = false;
try
{
roleExists = rbacManager.roleExists( templateName );
}
catch ( RbacManagerException e )
{
throw new RoleExistsException( e.getMessage(), e );
}
if ( !roleExists )
{
try
{
Role role = rbacManager.createRole( templateName );
role.setId( roleId );
role.setModelId( template.getId() );
role.setResource( resource );
role.setTemplateInstance( true );
role.setDescription( template.getDescription() );
role.setPermanent( template.isPermanent() );
role.setAssignable( template.isAssignable() );
// add any permissions associated with this role
for ( Iterator<Permission> j = permissions.iterator(); j.hasNext(); )
{
Permission permission = j.next();
role.addPermission( permission );
}
// add child roles to this role
if ( template.getChildRoles() != null )
{
for ( String childRoleId : template.getChildRoles() )
{
ModelRole childRoleProfile = RoleModelUtils.getModelRole( model, childRoleId );
role.addChildRoleName( childRoleProfile.getName() );
role.addChildRoleId( childRoleProfile.getId() );
}
}
// add child templates to this role, be nice and make them if they don't exist
if ( template.getChildTemplates() != null )
{
for ( String childTemplateId : template.getChildTemplates() )
{
ModelTemplate childModelTemplate = RoleModelUtils.getModelTemplate( model, childTemplateId );
if ( childModelTemplate == null )
{
throw new RoleManagerException(
"error obtaining child template from model: template " + templateName
+ " # child template: " + childTemplateId );
}
String childRoleName =
childModelTemplate.getNamePrefix() + childModelTemplate.getDelimiter() + resource;
// check if the role exists, if it does then add it as a child, otherwise make it and add it
// this should be safe since validation should protect us from template cycles
if ( rbacManager.roleExists( childRoleName ) )
{
role.addChildRoleName( childRoleName );
role.addChildRoleId( getRoleId( childTemplateId, resource ) );
}
else
{
processTemplate( model, childModelTemplate, resource );
role.addChildRoleName( childRoleName );
role.addChildRoleId( getRoleId( childTemplateId, resource ) );
}
}
}
// this role needs to be saved since it now needs to be added as a child role by
// another role
if ( !rbacManager.roleExists( role.getName() ) )
{
role = rbacManager.saveRole( role );
}
// add link from parent roles to this new role
if ( template.getParentRoles() != null )
{
for ( String parentRoleId : template.getParentRoles() )
{
ModelRole parentModelRole = RoleModelUtils.getModelRole( model, parentRoleId );
Role parentRole = rbacManager.getRole( parentModelRole.getName() );
parentRole.addChildRole( role );
rbacManager.saveRole( parentRole );
}
}
// add child templates to this role, be nice and make them if they don't exist
if ( template.getParentTemplates() != null )
{
for ( String parentTemplateId : template.getParentTemplates() )
{
ModelTemplate parentModelTemplate = RoleModelUtils.getModelTemplate( model, parentTemplateId );
if ( parentModelTemplate == null )
{
throw new RoleManagerException(
"error obtaining parent template from model: template " + templateName
+ " # child template: " + parentTemplateId );
}
String parentRoleName =
parentModelTemplate.getNamePrefix() + parentModelTemplate.getDelimiter() + resource;
// check if the role exists, if it does then add it as a child, otherwise make it and add it
// this should be safe since validation should protect us from template cycles
if ( rbacManager.roleExists( parentRoleName ) )
{
Role parentRole = rbacManager.getRole( parentRoleName );
parentRole.addChildRole( role );
rbacManager.saveRole( parentRole );
}
else
{
processTemplate( model, parentModelTemplate, resource );
Role parentRole = rbacManager.getRole( parentRoleName );
parentRole.addChildRole( role );
rbacManager.saveRole( parentRole );
}
}
}
}
catch ( RbacManagerException e )
{
throw new RoleManagerException( "error creating role '" + templateName + "'", e );
}
}
else
{
try
{
Role role = rbacManager.getRole( templateName );
boolean changed = false;
for ( Permission permission : permissions )
{
if ( !role.getPermissions().contains( permission ) )
{
log.info( "Adding new permission '{}' to role '{}'",
permission.getName(), role.getName() );
role.addPermission( permission );
changed = true;
}
}
// Copy list to avoid concurrent modifications
List<Permission> oldPermissions = new ArrayList<Permission>( role.getPermissions() );
for ( Permission permission : oldPermissions )
{
if ( !permissions.contains( permission ) )
{
log.info( "Removing old permission '{}' from role '{}'", permission.getName(), role.getName() );
role.removePermission( permission );
changed = true;
}
}
if ( changed )
{
rbacManager.saveRole( role );
}
}
catch ( RbacManagerException e )
{
throw new RoleManagerException( "error updating role '" + templateName + "'", e );
}
}
return roleId;
}