[tmp/jakarta-migration.git] /

/**\r
 *  This document is a part of the source code and related artifacts\r
 *  for CollectionSpace, an open source collections management system\r
 *  for museums and related institutions:\r
\r
 *  http://www.collectionspace.org\r
 *  http://wiki.collectionspace.org\r
\r
 *  Copyright 2009 University of California at Berkeley\r
\r
 *  Licensed under the Educational Community License (ECL), Version 2.0.\r
 *  You may not use this file except in compliance with this License.\r
\r
 *  You may obtain a copy of the ECL 2.0 License at\r
\r
 *  https://source.collectionspace.org/collection-space/LICENSE.txt\r
 */\r
package org.collectionspace.services.report.nuxeo;\r
\r
import java.sql.Connection;\r
import java.sql.ResultSet;\r
import java.sql.SQLException;\r
import java.sql.Statement;\r
import java.util.List;\r
\r
import org.collectionspace.services.common.api.Tools;\r
import org.collectionspace.services.common.service.ServiceBindingType;\r
import org.collectionspace.services.common.init.IInitHandler;\r
import org.collectionspace.services.common.init.InitHandler;\r
import org.collectionspace.services.common.service.InitHandler.Params.Field;\r
import org.collectionspace.services.common.service.InitHandler.Params.Property;\r
import org.collectionspace.services.common.storage.DatabaseProductType;\r
import org.collectionspace.services.common.storage.JDBCTools;\r
\r
import org.slf4j.Logger;\r
import org.slf4j.LoggerFactory;\r
\r
/**\r
 * ReportPostInitHandler, post-init action to add grant reader access to DB\r
 * \r
 * In the configuration file, looks for a single Field declaration \r
 * with a param value that has the name of the reader account/role.\r
 * If not specified, it will assume 'reader'; \r
 * \r
 * $LastChangedRevision: 5103 $\r
 * $LastChangedDate: 2011-06-23 16:50:06 -0700 (Thu, 23 Jun 2011) $\r
 */\r
public class ReportPostInitHandler extends InitHandler implements IInitHandler {\r
\r
    final Logger logger = LoggerFactory.getLogger(ReportPostInitHandler.class);\r
    public static final String READ_ROLE_NAME_KEY = "readerRoleName";\r
    private String readerRoleName = "reader";\r
\r
    /** See the class javadoc for this class: it shows the syntax supported in the configuration params.\r
     */\r
    @Override\r
    public void onRepositoryInitialized(ServiceBindingType sbt, List<Field> fields, \r
                        List<Property> properties) throws Exception {\r
        //Check for existing privileges, and if not there, grant them\r
        for(Property prop:properties) {\r
                if(READ_ROLE_NAME_KEY.equals(prop.getKey())) {\r
                    String value = prop.getValue();\r
                    if(Tools.notEmpty(value) && !readerRoleName.equals(value)){\r
                        readerRoleName = value;\r
                        logger.debug("ReportPostInitHandler: overriding readerRoleName to use: "\r
                                + value);\r
                    }\r
                }\r
        }\r
        Connection conn = null;\r
        Statement stmt = null;\r
        String sql = "";\r
        try {\r
            DatabaseProductType databaseProductType = JDBCTools.getDatabaseProductType();\r
            if (databaseProductType == DatabaseProductType.MYSQL) {\r
                // Nothing to do: MYSQL already does wildcard grants in init_db.sql\r
            } else if(databaseProductType != DatabaseProductType.POSTGRESQL) {\r
                throw new Exception("Unrecognized database system " + databaseProductType);\r
            } else {\r
                boolean hasRights = false;\r
                // Check for rights on report_common, and infer rights from that\r
                sql = "SELECT has_table_privilege('"+readerRoleName\r
                        +"', '"+ReportConstants.DB_COMMON_PART_TABLE_NAME+"', 'SELECT')";\r
                conn = JDBCTools.getConnection(JDBCTools.NUXEO_REPOSITORY_NAME);\r
                stmt = conn.createStatement();\r
                ResultSet rs = stmt.executeQuery(sql);\r
                if(rs.next()) {\r
                        hasRights = rs.getBoolean(1);\r
                }\r
                rs.close();\r
                if(!hasRights) {\r
                        sql = "REVOKE SELECT ON ALL TABLES IN SCHEMA public FROM "+readerRoleName;\r
                    stmt.execute(sql);\r
                        sql = "GRANT SELECT ON ALL TABLES IN SCHEMA public TO "+readerRoleName;\r
                    stmt.execute(sql);\r
                }\r
            }\r
            \r
        } catch (SQLException sqle) {\r
            SQLException tempException = sqle;\r
            while (null != tempException) {       // SQLExceptions can be chained. Loop to log all.\r
                logger.debug("SQL Exception: " + sqle.getLocalizedMessage());\r
                tempException = tempException.getNextException();\r
            }\r
            logger.debug("ReportPostInitHandler: SQL problem in executeQuery: ", sqle);\r
        } catch (Throwable e) {\r
            logger.debug("ReportPostInitHandler: problem checking/adding grant for reader: "+readerRoleName+") SQL: "+sql+" ERROR: "+e);\r
        } finally {\r
            try {\r
                if (conn != null) {\r
                    conn.close();\r
                }\r
                if (stmt != null) {\r
                    stmt.close();\r
                }\r
            } catch (SQLException sqle) {\r
                logger.debug("SQL Exception closing statement/connection in executeQuery: " + sqle.getLocalizedMessage());\r
            }\r
        }\r
    }\r
    \r
\r
}\r