in redback-rbac/redback-rbac-role-manager/src/main/java/org/apache/archiva/redback/role/processor/DefaultRoleModelProcessor.java [153:288]
private void processRoles( RedbackRoleModel model )
throws RoleManagerException
{
StopWatch stopWatch = new StopWatch();
stopWatch.reset();
stopWatch.start();
List<String> sortedGraph = RoleModelUtils.reverseTopologicalSortedRoleList(model);
List<? extends Role> allRoles;
try
{
allRoles = rbacManager.getAllRoles();
}
catch ( RbacManagerException e )
{
throw new RoleManagerException( e.getMessage(), e );
}
Set<String> allRoleNames = new HashSet<String>( allRoles.size() );
for ( Role role : allRoles )
{
allRoleNames.add( role.getName() );
}
for ( String roleId : sortedGraph )
{
ModelRole roleProfile = RoleModelUtils.getModelRole( model, roleId );
List<? extends Permission> permissions = processPermissions( roleProfile.getPermissions() );
boolean roleExists = allRoleNames.contains( roleProfile.getName() );// false;
/*try
{
roleExists = rbacManager.roleExists( roleProfile.getName() );
}
catch ( RbacManagerException e )
{
throw new RoleManagerException( e.getMessage(), e );
}*/
if ( !roleExists )
{
try
{
Role role = rbacManager.createRole( roleProfile.getName() );
role.setId( roleProfile.getId() );
role.setModelId( roleProfile.getId() );
role.setTemplateInstance( false );
role.setDescription( roleProfile.getDescription() );
role.setPermanent( roleProfile.isPermanent() );
role.setAssignable( roleProfile.isAssignable() );
// add any permissions associated with this role
for ( Permission permission : permissions )
{
role.addPermission( permission );
}
// add child roles to this role
if ( roleProfile.getChildRoles() != null )
{
for ( String childRoleId : roleProfile.getChildRoles() )
{
ModelRole childRoleProfile = RoleModelUtils.getModelRole( model, childRoleId );
role.addChildRoleName( childRoleProfile.getName() );
role.addChildRoleId( childRoleProfile.getId() );
}
}
rbacManager.saveRole( role );
allRoleNames.add( role.getName() );
// add link from parent roles to this new role
if ( roleProfile.getParentRoles() != null )
{
for ( String parentRoleId : roleProfile.getParentRoles() )
{
ModelRole parentModelRole = RoleModelUtils.getModelRole( model, parentRoleId );
Role parentRole = rbacManager.getRole( parentModelRole.getName() );
parentRole.addChildRole( role );
rbacManager.saveRole( parentRole );
allRoleNames.add( parentRole.getName() );
}
}
}
catch ( RbacManagerException e )
{
throw new RoleManagerException( "error creating role '" + roleProfile.getName() + "'", e );
}
}
else
{
try
{
Role role = rbacManager.getRole( roleProfile.getName() );
boolean changed = false;
for ( Permission permission : permissions )
{
if ( !role.getPermissions().contains( permission ) )
{
log.info( "Adding new permission '{}' to role '{}'", permission.getName(), role.getName() );
role.addPermission( permission );
changed = true;
}
}
// Copy list to avoid concurrent modification [REDBACK-220]
List<Permission> oldPermissions = new ArrayList<Permission>( role.getPermissions() );
for ( Permission permission : oldPermissions )
{
if ( !permissions.contains( permission ) )
{
log.info(
"Removing old permission '{}' from role '{}'", permission.getName(), role.getName() );
role.removePermission( permission );
changed = true;
}
}
if ( changed )
{
rbacManager.saveRole( role );
allRoleNames.add( role.getName() );
}
}
catch ( RbacManagerException e )
{
throw new RoleManagerException( "error updating role '" + roleProfile.getName() + "'", e );
}
}
}
stopWatch.stop();
log.info( "time to process roles model: {} ms", stopWatch.getTime() );
}