airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From scnakand...@apache.org
Subject [16/24] airavata git commit: implementing airavata sharing manager
Date Sun, 09 Oct 2016 05:47:42 GMT
http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/airavata-api/airavata-data-models/src/main/java/org/apache/airavata/model/workspace/Gateway.java
----------------------------------------------------------------------
diff --git a/airavata-api/airavata-data-models/src/main/java/org/apache/airavata/model/workspace/Gateway.java b/airavata-api/airavata-data-models/src/main/java/org/apache/airavata/model/workspace/Gateway.java
index 102251d..c32cc0d 100644
--- a/airavata-api/airavata-data-models/src/main/java/org/apache/airavata/model/workspace/Gateway.java
+++ b/airavata-api/airavata-data-models/src/main/java/org/apache/airavata/model/workspace/Gateway.java
@@ -23,15 +23,32 @@
  */
 package org.apache.airavata.model.workspace;
 
-import org.apache.thrift.EncodingUtils;
-import org.apache.thrift.protocol.TTupleProtocol;
 import org.apache.thrift.scheme.IScheme;
 import org.apache.thrift.scheme.SchemeFactory;
 import org.apache.thrift.scheme.StandardScheme;
-import org.apache.thrift.scheme.TupleScheme;
 
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import org.apache.thrift.async.AsyncMethodCallback;
+import org.apache.thrift.server.AbstractNonblockingServer.*;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
 import javax.annotation.Generated;
-import java.util.*;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 @SuppressWarnings({"cast", "rawtypes", "serial", "unchecked"})
 @Generated(value = "Autogenerated by Thrift Compiler (0.9.3)")

http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/dev-tools/ansible/README.md
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/README.md b/dev-tools/ansible/README.md
index f497fb5..ef4628d 100644
--- a/dev-tools/ansible/README.md
+++ b/dev-tools/ansible/README.md
@@ -14,7 +14,7 @@ Ansible script to deploy Apache Airavata
 - **common** :- Checkout Airavata source from git and run maven build. Move keystore files.
 - **gfac** :- Setup Gfac deployment and Change configurations.
 - **api-orch** :- Setup Api-Orch deployment and Change configurations.
-- **pga** :- Deploy Airavata PHP Gateway._(Under development)_
+- **pga** :- Deploy Airavata PHP Gateway.
 
 ## Useful commands
 

http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/dev-tools/ansible/group_vars/all.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/group_vars/all.yml b/dev-tools/ansible/group_vars/all.yml
index 5a159c3..5c9da80 100644
--- a/dev-tools/ansible/group_vars/all.yml
+++ b/dev-tools/ansible/group_vars/all.yml
@@ -2,7 +2,7 @@
 ansible_connection: ssh
 # ansible_ssh_user: centos
 ansible_ssh_user: root
-ansible_ssh_private_key_file: /Users/syodage/Projects/airavata-ansible/dev-deployment-key.pem
+ansible_ssh_private_key_file: /Users/supun/Desktop/shameera-key.pem
 # ansible_ssh_private_key_file: /Users/syodage/Projects/airavata-ansible/shameera-aws.pem.txt
 
 user: centos
@@ -14,7 +14,8 @@ deployment_dir: "{{ user_home }}/dev-deployment"
 airavata_source_dir: "{{ user_home }}/source"
 airavata_dist: "apache-airavata-server-0.17-SNAPSHOT"
 airavata_dist_name: "{{ airavata_dist }}-bin.tar.gz"
-git_branch: develop
+git_branch: airavata-gov-registry
+#git_branch: develop
 
 # Database related variables
 db_server: "{{ groups['database'][0] }}"
@@ -24,6 +25,7 @@ db_password: "airavata"
 app_catalog: "app_catalog"
 exp_catalog: "exp_catalog"
 replica_catalog: "replica_catalog"
+sharing_catalog: "sharing_catalog"
 workflow_catalog: "wf_catalog"
 credential_store: "credential_store"
 
@@ -47,7 +49,7 @@ api_server_port: "8930"
 api_secured: "false"
 tls_enable: "false"
 api_server_tls_port: "9930"
-enable_sharing: "false"
+enable_sharing: "true"
 
 # Orchestrator  related variables
 orchestrator_name: "orchestrator-node0"

http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/dev-tools/ansible/hosts
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/hosts b/dev-tools/ansible/hosts
index 9dbec9c..b7500a9 100644
--- a/dev-tools/ansible/hosts
+++ b/dev-tools/ansible/hosts
@@ -20,7 +20,7 @@
 149.165.170.105
 
 [gfac]
-149.165.170.104
+149.165.171.0
 
 [pga]
 149.165.170.103

http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/dev-tools/ansible/roles/api-orch/templates/airavata-server.properties.j2
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/api-orch/templates/airavata-server.properties.j2 b/dev-tools/ansible/roles/api-orch/templates/airavata-server.properties.j2
index b8d093e..bf92e39 100644
--- a/dev-tools/ansible/roles/api-orch/templates/airavata-server.properties.j2
+++ b/dev-tools/ansible/roles/api-orch/templates/airavata-server.properties.j2
@@ -91,6 +91,19 @@ workflowcatalog.jdbc.password={{ db_password }}
 workflowcatalog.validationQuery=SELECT 1 from CONFIGURATION
 
 ###########################################################################
+#  Sharing Catalog DB Configuration
+###########################################################################
+#for derby [AiravataJPARegistry]
+#sharingcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
+#sharingcatalog.jdbc.url=jdbc:derby://localhost:1527/sharing_catalog;create=true;user=airavata;password=airavata
+# MySql database configuration
+sharingcatalog.jdbc.driver=com.mysql.jdbc.Driver
+sharingcatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ sharing_catalog }}
+sharingcatalog.jdbc.user={{ db_user }}
+sharingcatalog.jdbc.password={{ db_password }}
+sharingcatalog.validationQuery=SELECT 1 from CONFIGURATION
+
+###########################################################################
 #  User Profile MongoDB Configuration
 ###########################################################################
 userprofile.mongodb.host=localhost

http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/dev-tools/ansible/roles/gfac/templates/airavata-server.properties.j2
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/gfac/templates/airavata-server.properties.j2 b/dev-tools/ansible/roles/gfac/templates/airavata-server.properties.j2
index b8d093e..bf92e39 100644
--- a/dev-tools/ansible/roles/gfac/templates/airavata-server.properties.j2
+++ b/dev-tools/ansible/roles/gfac/templates/airavata-server.properties.j2
@@ -91,6 +91,19 @@ workflowcatalog.jdbc.password={{ db_password }}
 workflowcatalog.validationQuery=SELECT 1 from CONFIGURATION
 
 ###########################################################################
+#  Sharing Catalog DB Configuration
+###########################################################################
+#for derby [AiravataJPARegistry]
+#sharingcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
+#sharingcatalog.jdbc.url=jdbc:derby://localhost:1527/sharing_catalog;create=true;user=airavata;password=airavata
+# MySql database configuration
+sharingcatalog.jdbc.driver=com.mysql.jdbc.Driver
+sharingcatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ sharing_catalog }}
+sharingcatalog.jdbc.user={{ db_user }}
+sharingcatalog.jdbc.password={{ db_password }}
+sharingcatalog.validationQuery=SELECT 1 from CONFIGURATION
+
+###########################################################################
 #  User Profile MongoDB Configuration
 ###########################################################################
 userprofile.mongodb.host=localhost

http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/templates/pga_config.php.j2 b/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
index 7b38575..c71308d 100644
--- a/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
+++ b/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
@@ -161,7 +161,7 @@ return array(
          /**
           * Data Sharing enabled
           */
-          'data-sharing-enabled' => false
+          'data-sharing-enabled' => true
     ],
 
     /**

http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/dev-tools/ansible/roles/registry/templates/airavata-server.properties.j2
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/registry/templates/airavata-server.properties.j2 b/dev-tools/ansible/roles/registry/templates/airavata-server.properties.j2
index b8d093e..bf92e39 100644
--- a/dev-tools/ansible/roles/registry/templates/airavata-server.properties.j2
+++ b/dev-tools/ansible/roles/registry/templates/airavata-server.properties.j2
@@ -91,6 +91,19 @@ workflowcatalog.jdbc.password={{ db_password }}
 workflowcatalog.validationQuery=SELECT 1 from CONFIGURATION
 
 ###########################################################################
+#  Sharing Catalog DB Configuration
+###########################################################################
+#for derby [AiravataJPARegistry]
+#sharingcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
+#sharingcatalog.jdbc.url=jdbc:derby://localhost:1527/sharing_catalog;create=true;user=airavata;password=airavata
+# MySql database configuration
+sharingcatalog.jdbc.driver=com.mysql.jdbc.Driver
+sharingcatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ sharing_catalog }}
+sharingcatalog.jdbc.user={{ db_user }}
+sharingcatalog.jdbc.password={{ db_password }}
+sharingcatalog.validationQuery=SELECT 1 from CONFIGURATION
+
+###########################################################################
 #  User Profile MongoDB Configuration
 ###########################################################################
 userprofile.mongodb.host=localhost

http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/modules/configuration/server/src/main/resources/airavata-server.properties
----------------------------------------------------------------------
diff --git a/modules/configuration/server/src/main/resources/airavata-server.properties b/modules/configuration/server/src/main/resources/airavata-server.properties
index aa84353..9dace79 100644
--- a/modules/configuration/server/src/main/resources/airavata-server.properties
+++ b/modules/configuration/server/src/main/resources/airavata-server.properties
@@ -91,6 +91,19 @@ workflowcatalog.jdbc.password=airavata
 workflowcatalog.validationQuery=SELECT 1 from CONFIGURATION
 
 ###########################################################################
+#  Sharing Catalog DB Configuration
+###########################################################################
+#for derby [AiravataJPARegistry]
+sharingcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
+sharingcatalog.jdbc.url=jdbc:derby://localhost:1527/sharing_catalog;create=true;user=airavata;password=airavata
+# MySql database configuration
+#sharingcatalog.jdbc.driver=com.mysql.jdbc.Driver
+#sharingcatalog.jdbc.url=jdbc:mysql://localhost:3306/sharing_catalog
+sharingcatalog.jdbc.user=airavata
+sharingcatalog.jdbc.password=airavata
+sharingcatalog.validationQuery=SELECT 1 from CONFIGURATION
+
+###########################################################################
 #  User Profile MongoDB Configuration
 ###########################################################################
 userprofile.mongodb.host=localhost

http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/modules/distribution/src/main/assembly/bin-assembly.xml
----------------------------------------------------------------------
diff --git a/modules/distribution/src/main/assembly/bin-assembly.xml b/modules/distribution/src/main/assembly/bin-assembly.xml
index 79778e7..6aa8fa9 100644
--- a/modules/distribution/src/main/assembly/bin-assembly.xml
+++ b/modules/distribution/src/main/assembly/bin-assembly.xml
@@ -67,6 +67,15 @@
             </includes>
         </fileSet>
         <fileSet>
+            <directory>../sharing-registry/sharing-registry-core/src/main/resources/
+            </directory>
+            <outputDirectory>bin/database_scripts
+            </outputDirectory>
+            <includes>
+                <include>*sql*</include>
+            </includes>
+        </fileSet>
+        <fileSet>
             <directory>src/main/resources/bin</directory>
             <outputDirectory>bin</outputDirectory>
             <fileMode>777</fileMode>

http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/modules/group-manager/pom.xml
----------------------------------------------------------------------
diff --git a/modules/group-manager/pom.xml b/modules/group-manager/pom.xml
deleted file mode 100644
index d660eb6..0000000
--- a/modules/group-manager/pom.xml
+++ /dev/null
@@ -1,58 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <parent>
-        <artifactId>airavata</artifactId>
-        <groupId>org.apache.airavata</groupId>
-        <version>0.17-SNAPSHOT</version>
-        <relativePath>../../pom.xml</relativePath>
-    </parent>
-    <modelVersion>4.0.0</modelVersion>
-
-    <artifactId>group-manager</artifactId>
-
-
-    <properties>
-        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    </properties>
-
-    <dependencies>
-
-        <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-            <version>3.8.1</version>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>edu.internet2.middleware.grouper</groupId>
-            <artifactId>grouper</artifactId>
-            <version>2.3.0</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>commons-digester</groupId>
-                    <artifactId>commons-digester</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>xerces</groupId>
-                    <artifactId>xercesImpl</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-
-        <dependency>
-            <groupId>commons-digester</groupId>
-            <artifactId>commons-digester</artifactId>
-            <version>1.7</version>
-        </dependency>
-
-        <dependency>
-            <groupId>org.hibernate</groupId>
-            <artifactId>hibernate-ehcache</artifactId>
-            <version>5.0.4.Final</version>
-        </dependency>
-
-    </dependencies>
-</project>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/modules/group-manager/src/main/java/edu/internet2/middleware/grouper/internal/dao/PermissionEntryDAO.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/edu/internet2/middleware/grouper/internal/dao/PermissionEntryDAO.java b/modules/group-manager/src/main/java/edu/internet2/middleware/grouper/internal/dao/PermissionEntryDAO.java
deleted file mode 100755
index 120e82c..0000000
--- a/modules/group-manager/src/main/java/edu/internet2/middleware/grouper/internal/dao/PermissionEntryDAO.java
+++ /dev/null
@@ -1,286 +0,0 @@
-/**
- * Copyright 2014 Internet2
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
-  Copyright (C) 2007 University Corporation for Advanced Internet Development, Inc.
-  Copyright (C) 2007 The University Of Chicago
-
-  Licensed under the Apache License, Version 2.0 (the "License");
-  you may not use this file except in compliance with the License.
-  You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-  Unless required by applicable law or agreed to in writing, software
-  distributed under the License is distributed on an "AS IS" BASIS,
-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  See the License for the specific language governing permissions and
-  limitations under the License.
-*/
-
-package edu.internet2.middleware.grouper.internal.dao;
-
-import edu.internet2.middleware.grouper.Stem;
-import edu.internet2.middleware.grouper.Stem.Scope;
-import edu.internet2.middleware.grouper.permissions.PermissionEntry;
-
-import java.sql.Timestamp;
-import java.util.Collection;
-import java.util.Set;
-
-/** 
- * Basic <code>PermissionEntry</code> DAO interface.
- * @author  mchyzer
- * @version $Id: PermissionEntryDAO.java,v 1.3 2009-10-26 04:52:17 mchyzer Exp $
- */
-public interface PermissionEntryDAO extends GrouperDAO {
-
-  /**
-   * find all permissions that a subject has
-   * @param memberId
-   * @return the permissions
-   */
-  public Set<PermissionEntry> findByMemberId(String memberId);
-  
-  /**
-   * get attribute assigns by member and attribute def name id
-   * @param memberId
-   * @param attributeDefNameId
-   * @return set of assigns or empty if none there
-   */
-  public Set<PermissionEntry> findByMemberIdAndAttributeDefNameId(String memberId, String attributeDefNameId);
-
-  /**
-   * see if the permission exists and is enabled
-   * @param subjectId
-   * @param sourceId
-   * @param action
-   * @param attributeDefNameName
-   * @return true if has permissions and is enabled
-   */
-  public boolean hasPermissionBySubjectIdSourceIdActionAttributeDefName(String subjectId, String sourceId,
-                                                                        String action, String attributeDefNameName);
-  
-  
-  /**
-   * securely search for assignments.  need to pass in either the assign ids, def ids, def name ids, or group ids
-   * cannot have more than 100 bind variables.  well, you can pass more than 100 members... it will batch
-   * @param attributeDefIds optional
-   * @param attributeDefNameIds mutually exclusive with attributeDefIds
-   * @param roleIds optional
-   * @param actions (null means all actions)
-   * @param enabled (null means all, true means enabled, false means disabled)
-   * @param memberIds
-   * @param noEndDate true if no end date on memberships
-   * @return the permissions
-   */
-  public Set<PermissionEntry> findPermissions(
-          Collection<String> attributeDefIds,
-          Collection<String> attributeDefNameIds,
-          Collection<String> roleIds,
-          Collection<String> actions,
-          Boolean enabled,
-          Collection<String> memberIds,
-          boolean noEndDate);
-
-  /**
-   * securely search for assignments.  need to pass in either the assign ids, def ids, def name ids, or group ids
-   * cannot have more than 100 bind variables.  well, you can pass more than 100 members... it will batch
-   * @param attributeDefIds optional
-   * @param attributeDefNameIds mutually exclusive with attributeDefIds
-   * @param roleIds optional
-   * @param actions (null means all actions)
-   * @param enabled (null means all, true means enabled, false means disabled)
-   * @param memberIds
-   * @param noEndDate true if no end date on memberships
-   * @param permissionNameInStem if looking for permission names in a certain stem, put it here
-   * @param permissionNameInStemScope if looking for permission names in a certain stem, put scope here
-   * @return the permissions
-   */
-  public Set<PermissionEntry> findPermissions(
-          Collection<String> attributeDefIds,
-          Collection<String> attributeDefNameIds,
-          Collection<String> roleIds,
-          Collection<String> actions,
-          Boolean enabled,
-          Collection<String> memberIds,
-          boolean noEndDate, Stem permissionNameInStem, Scope permissionNameInStemScope);
-  
-  /**
-   * securely search for assignments.  need to pass in either the assign ids, def ids, def name ids, or group ids
-   * cannot have more than 100 bind variables.  well, you can pass more than 100 members... it will batch
-   * @param attributeDefIds optional
-   * @param attributeDefNameIds mutually exclusive with attributeDefIds
-   * @param roleIds optional
-   * @param actions (null means all actions)
-   * @param enabled (null means all, true means enabled, false means disabled)
-   * @param memberIds
-   * @param noEndDate true if no end date on memberships
-   * @param permissionNameInStem if looking for permission names in a certain stem, put it here
-   * @param permissionNameInStemScope if looking for permission names in a certain stem, put scope here
-   * @param queryOptions queryOptions for sorting and paging
-   * @return the permissions
-   */
-  public Set<PermissionEntry> findPermissions(
-          Collection<String> attributeDefIds,
-          Collection<String> attributeDefNameIds,
-          Collection<String> roleIds,
-          Collection<String> actions,
-          Boolean enabled,
-          Collection<String> memberIds,
-          boolean noEndDate, Stem permissionNameInStem, Scope permissionNameInStemScope, QueryOptions queryOptions);
-
-
-  /**
-   * securely search for assignments
-   * @param attributeAssignType
-   * @param attributeDefId optional
-   * @param attributeDefNameId mutually exclusive with attributeDefIds
-   * @param ownerRoleId optional
-   * @param ownerStemId optional
-   * @param ownerMemberId optional
-   * @param ownerAttributeDefId optional
-   * @param ownerMembershipId optional
-   * @param action optional
-   * @param enabled (null means all, true means enabled, false means disabled)
-   * @param includeAssignmentsOnAssignments if assignments on assignments should also be included
-   * @return the assignments
-   */
-  public Set<PermissionEntry> findPermissions(
-          String attributeDefId, String attributeDefNameId,
-          String ownerRoleId, String ownerMemberId, String action,
-          Boolean enabled);
-
-  /**
-   * securely search for assignments
-   * @param attributeAssignType
-   * @param attributeDefId optional
-   * @param attributeDefNameId mutually exclusive with attributeDefIds
-   * @param ownerRoleId optional
-   * @param ownerStemId optional
-   * @param ownerAttributeDefId optional
-   * @param ownerMembershipId optional
-   * @param action optional
-   * @param enabled (null means all, true means enabled, false means disabled)
-   * @param includeAssignmentsOnAssignments if assignments on assignments should also be included
-   * @return the assignments
-   */
-  public Set<PermissionEntry> findRolePermissions(
-          String attributeDefId, String attributeDefNameId,
-          String ownerRoleId, String action,
-          Boolean enabled);
-
-  
-  /**
-   * securely search for assignments.  need to pass in either the assign ids, def ids, def name ids, or group ids
-   * cannot have more than 100 bind variables
-   * @param attributeDefIds optional
-   * @param attributeDefNameIds mutually exclusive with attributeDefIds
-   * @param roleIds optional
-   * @param actions (null means all actions)
-   * @param enabled (null means all, true means enabled, false means disabled)
-   * @param memberIds
-   * @return the permissions
-   */
-  public Set<PermissionEntry> findPermissions(
-          Collection<String> attributeDefIds,
-          Collection<String> attributeDefNameIds,
-          Collection<String> roleIds,
-          Collection<String> actions,
-          Boolean enabled,
-          Collection<String> memberIds);
-
-  /**
-   * Find all permissions based on attributeDefinition, and a range of disabled dates
-   * @param attributeDefId 
-   * @param disabledDateFrom null if dont consider
-   * @param disabledDateTo null if dont consider
-   * @return the permission records
-   */
-  public Set<PermissionEntry> findPermissionsByAttributeDefDisabledRange(String attributeDefId,
-                                                                         Timestamp disabledDateFrom, Timestamp disabledDateTo);
-
-
-  /**
-   * find subjects who are not in a group but who have permissions
-   * @param attributeDefId
-   * @param groupId
-   * @param immediateRoleMembershipsOrRoleSubject
-   * @param queryOptions
-   * @param enabled
-   * @param hasNoEndDate
-   * @return the set of members
-   */
-  public Set<PermissionEntry> findAllPermissionsNotInGroupAndType(String attributeDefId, String groupId,
-                                                                  boolean immediateRoleMembershipsOrRoleSubject, QueryOptions queryOptions, Boolean enabled, boolean hasNoEndDate);
-
-  /**
-   * find subjects who are not in a group but who have permissions
-   * @param attributeDefId
-   * @param stem
-   * @param stemScope
-   * @param immediateRoleMembershipsOrRoleSubject
-   * @param queryOptions
-   * @param enabled
-   * @param hasNoEndDate
-   * @return the set of members
-   */
-  public Set<PermissionEntry> findAllPermissionsNotInStem(String attributeDefId, Stem stem, Stem.Scope stemScope,
-                                                          boolean immediateRoleMembershipsOrRoleSubject, QueryOptions queryOptions, Boolean enabled, boolean hasNoEndDate);
-
-  /**
-   * securely search for role assignments.  need to pass in either the assign ids, def ids, def name ids, or group ids
-   * cannot have more than 100 bind variables
-   * @param attributeDefIds optional
-   * @param attributeDefNameIds mutually exclusive with attributeDefIds
-   * @param roleIds optional
-   * @param actions (null means all actions)
-   * @param enabled (null means all, true means enabled, false means disabled)
-   * @param memberIds
-   * @param noEndDate true if no end date on memberships
-   * @return the permissions
-   */
-  public Set<PermissionEntry> findRolePermissions(
-          Collection<String> attributeDefIds,
-          Collection<String> attributeDefNameIds,
-          Collection<String> roleIds,
-          Collection<String> actions,
-          Boolean enabled,
-          boolean noEndDate);
-
-  /**
-   * securely search for role assignments.  need to pass in either the assign ids, def ids, def name ids, or group ids
-   * cannot have more than 100 bind variables
-   * @param attributeDefIds optional
-   * @param attributeDefNameIds mutually exclusive with attributeDefIds
-   * @param roleIds optional
-   * @param actions (null means all actions)
-   * @param enabled (null means all, true means enabled, false means disabled)
-   * @param memberIds
-   * @param noEndDate true if no end date on memberships
-   * @param permissionNameInStem if looking for permission names in a certain stem, put it here
-   * @param permissionNameInStemScope if looking for permission names in a certain stem, put scope here
-   * @return the permissions
-   */
-  public Set<PermissionEntry> findRolePermissions(
-          Collection<String> attributeDefIds,
-          Collection<String> attributeDefNameIds,
-          Collection<String> roleIds,
-          Collection<String> actions,
-          Boolean enabled,
-          boolean noEndDate, Stem permissionNameInStem, Scope permissionNameInStemScope);
-
-} 
-

http://git-wip-us.apache.org/repos/asf/airavata/blob/82e57526/modules/group-manager/src/main/java/edu/internet2/middleware/grouper/internal/dao/hib3/Hib3PermissionEntryDAO.java
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/java/edu/internet2/middleware/grouper/internal/dao/hib3/Hib3PermissionEntryDAO.java b/modules/group-manager/src/main/java/edu/internet2/middleware/grouper/internal/dao/hib3/Hib3PermissionEntryDAO.java
deleted file mode 100755
index 244d8d2..0000000
--- a/modules/group-manager/src/main/java/edu/internet2/middleware/grouper/internal/dao/hib3/Hib3PermissionEntryDAO.java
+++ /dev/null
@@ -1,1123 +0,0 @@
-/**
- * Copyright 2014 Internet2
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
-  Copyright (C) 2004-2007 University Corporation for Advanced Internet Development, Inc.
-  Copyright (C) 2004-2007 The University Of Chicago
-
-  Licensed under the Apache License, Version 2.0 (the "License");
-  you may not use this file except in compliance with the License.
-  You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-  Unless required by applicable law or agreed to in writing, software
-  distributed under the License is distributed on an "AS IS" BASIS,
-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  See the License for the specific language governing permissions and
-  limitations under the License.
-*/
-
-package edu.internet2.middleware.grouper.internal.dao.hib3;
-import edu.internet2.middleware.grouper.Group;
-import edu.internet2.middleware.grouper.GrouperSession;
-import edu.internet2.middleware.grouper.Stem;
-import edu.internet2.middleware.grouper.Stem.Scope;
-import edu.internet2.middleware.grouper.cfg.GrouperConfig;
-import edu.internet2.middleware.grouper.hibernate.ByHqlStatic;
-import edu.internet2.middleware.grouper.hibernate.HibUtils;
-import edu.internet2.middleware.grouper.hibernate.HibernateSession;
-import edu.internet2.middleware.grouper.internal.dao.PermissionEntryDAO;
-import edu.internet2.middleware.grouper.internal.dao.QueryOptions;
-import edu.internet2.middleware.grouper.internal.dao.QuerySort;
-import edu.internet2.middleware.grouper.permissions.PermissionEntry;
-import edu.internet2.middleware.grouper.permissions.PermissionEntryImpl;
-import edu.internet2.middleware.grouper.privs.AccessPrivilege;
-import edu.internet2.middleware.grouper.privs.AttributeDefPrivilege;
-import edu.internet2.middleware.grouper.util.GrouperUtil;
-import edu.internet2.middleware.subject.Subject;
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.logging.Log;
-
-import java.sql.Timestamp;
-import java.util.*;
-
-/**
- * Basic Hibernate <code>PermissionEntry</code> DAO interface.
- * @author  Chris Hyzer
- * @version $Id: Hib3PermissionEntryDAO.java,v 1.4 2009-10-26 04:52:17 mchyzer Exp $
- */
-public class Hib3PermissionEntryDAO extends Hib3DAO implements PermissionEntryDAO {
-
-  /** logger */
-  @SuppressWarnings("unused")
-  private static final Log LOG = GrouperUtil.getLog(Hib3PermissionEntryDAO.class);
-
-  /** */
-  private static final String KLASS = Hib3PermissionEntryDAO.class.getName();
-  
-  private static final String PERMISSION_ENTRY_COLUMNS = "gr.nameDb as roleName, gm.subjectSourceIdDb as subjectSourceId, gm.subjectIdDb as subjectId, gaaa.nameDb as action, gadn.nameDb as attributeDefNameName, gadn.displayNameDb as attributeDefNameDispName, gr.displayNameDb as roleDisplayName, gaa.attributeAssignDelegatableDb as attributeAssignDelegatableDb, gaa.enabledDb as enabledDb, gaa.enabledTimeDb as enabledTimeDb, gaa.disabledTimeDb as disabledTimeDb, gr.uuid as roleId, gadn.attributeDefId as attributeDefId, gm.uuid as memberId, gadn.id as attributeDefNameId, gaaa.id as actionId, gmav.depth as membershipDepth, grs.depth as roleSetDepth, gadns.depth as attributeDefNameSetDepth, gaaas.depth as attributeAssignActionSetDepth, gmav.uuid as membershipId, gaa.id as attributeAssignId, gaa.attributeAssignTypeDb as attributeAssignTypeDb, gaa.notes as assignmentNotes, gmav.enabledTimeDb as immediateMshipEnabledTimeDb, gmav.disabledTimeDb as immediateMshipDisabledTimeDb, gaa.disallowedD
 b as disallowedDb";
-
-  private static final String PERMISSION_ENTRY_TABLES = "Group gr, MembershipEntry gmav, Member gm, Field gf, RoleSet grs, AttributeDef gad, AttributeAssign gaa, AttributeDefName gadn, AttributeDefNameSet gadns, AttributeAssignAction gaaa, AttributeAssignActionSet gaaas";
-  
-  private static final String PERMISSION_ENTRY_WHERE_CLAUSE = "gmav.ownerGroupId = gr.uuid and gmav.fieldId = gf.uuid and gr.typeOfGroupDb = 'role' and gf.typeString = 'list' and gf.name = 'members' and gmav.enabledDb = 'T' and gmav.memberUuid = gm.id and gadn.attributeDefId = gad.id and gad.attributeDefTypeDb = 'perm' and gaa.attributeDefNameId = gadns.ifHasAttributeDefNameId and gadn.id = gadns.thenHasAttributeDefNameId and gaa.attributeAssignActionId = gaaas.ifHasAttrAssignActionId and gaaa.id = gaaas.thenHasAttrAssignActionId and ((grs.ifHasRoleId = gr.uuid and gaa.ownerGroupId = grs.thenHasRoleId  and gaa.attributeAssignTypeDb = 'group') or (grs.ifHasRoleId = gr.uuid and grs.thenHasRoleId = gr.uuid and gmav.ownerGroupId = gaa.ownerGroupId and gmav.memberUuid = gaa.ownerMemberId and gaa.attributeAssignTypeDb = 'any_mem'))";
-  
-  /**
-   * 
-   * @see edu.internet2.middleware.grouper.internal.dao.PermissionEntryDAO#findByMemberId(String)
-   */
-  public Set<PermissionEntry> findByMemberId(String memberId) {
-
-    String sql = 
-      "select distinct " + PERMISSION_ENTRY_COLUMNS + " from " + PERMISSION_ENTRY_TABLES + " where " + PERMISSION_ENTRY_WHERE_CLAUSE + " " +
-      "and gm.uuid = :theMemberId ";
-    
-    Set<PermissionEntryImpl> permissionData = HibernateSession.byHqlStatic().createQuery(sql)
-      .setString("theMemberId", memberId)
-      .assignConvertHqlColumnsToObject(true)
-      .listSet(PermissionEntryImpl.class);
-    
-    return new LinkedHashSet<PermissionEntry>(permissionData);
-  }
-
-  /**
-   * 
-   * @see edu.internet2.middleware.grouper.internal.dao.PermissionEntryDAO#hasPermissionBySubjectIdSourceIdActionAttributeDefName(String, String, String, String)
-   */
-  public boolean hasPermissionBySubjectIdSourceIdActionAttributeDefName(String subjectId, String sourceId, 
-      String action, String attributeDefNameName) {
-    Long count = HibernateSession.byHqlStatic().createQuery(
-        "select count(*) from " + PERMISSION_ENTRY_TABLES + " where " + PERMISSION_ENTRY_WHERE_CLAUSE + " " +
-              "and gm.subjectIdDb = :theSubjectId " +
-              "and gm.subjectSourceIdDb = :theSubjectSourceId " +
-              "and gaaa.nameDb = :theAction " +
-              "and gadn.nameDb = :theAttributeDefNameName")
-        .setString("theSubjectId", subjectId)
-        .setString("theSubjectSourceId", sourceId)
-        .setString("theAction", action)
-        .setString("theAttributeDefNameName", attributeDefNameName)
-        .uniqueResult(Long.class);
-
-    return count > 0;
-  }
-
-  /**
-   * @see edu.internet2.middleware.grouper.internal.dao.PermissionEntryDAO#findByMemberIdAndAttributeDefNameId(String, String)
-   */
-  public Set<PermissionEntry> findByMemberIdAndAttributeDefNameId(String memberId,
-      String attributeDefNameId) {
-    Set<PermissionEntryImpl> permissionEntries = HibernateSession.byHqlStatic().createQuery(
-      "select " + PERMISSION_ENTRY_COLUMNS + " from " + PERMISSION_ENTRY_TABLES + " where " + PERMISSION_ENTRY_WHERE_CLAUSE +
-      " and gm.uuid = :theMemberId" +
-      " and gadn.id = :theAttributeDefNameId")
-      .setString("theMemberId", memberId)
-      .setString("theAttributeDefNameId", attributeDefNameId)
-      .assignConvertHqlColumnsToObject(true)
-      .listSet(PermissionEntryImpl.class);
-  
-    return new LinkedHashSet<PermissionEntry>(permissionEntries);
-  }
-
-  /**
-   * @see edu.internet2.middleware.grouper.internal.dao.PermissionEntryDAO#findPermissions(Collection, Collection, Collection, Collection, Boolean, Collection)
-   */
-  public Set<PermissionEntry> findPermissions(Collection<String> attributeDefIds,
-      Collection<String> attributeDefNameIds, Collection<String> roleIds,
-      Collection<String> actions, Boolean enabled, Collection<String> memberIds) {
-    return findPermissions(attributeDefIds, attributeDefNameIds, roleIds, actions, enabled, memberIds, false);
-  }
-    
-  /**
-   * @see edu.internet2.middleware.grouper.internal.dao.PermissionEntryDAO#findPermissions(Collection, Collection, Collection, Collection, Boolean, Collection, boolean)
-   */
-  public Set<PermissionEntry> findPermissions(Collection<String> attributeDefIds,
-      Collection<String> attributeDefNameIds, Collection<String> roleIds,
-      Collection<String> actions, Boolean enabled, Collection<String> memberIdsTotal, boolean noEndDate) {
-    return findPermissions(attributeDefIds, attributeDefNameIds, roleIds, actions, enabled, memberIdsTotal, false, null, null);
-  }
-    
-  /**
-   * @see edu.internet2.middleware.grouper.internal.dao.PermissionEntryDAO#findPermissions(Collection, Collection, Collection, Collection, Boolean, Collection, boolean, Stem, Scope)
-   */
-  public Set<PermissionEntry> findPermissions(Collection<String> attributeDefIds,
-      Collection<String> attributeDefNameIds, Collection<String> roleIds,
-      Collection<String> actions, Boolean enabled, Collection<String> memberIdsTotal, 
-      boolean noEndDate, Stem permissionNameInStem, Scope permissionNameInStemScope) {
-    
-    Set<PermissionEntry> totalResults = new LinkedHashSet<PermissionEntry>();
-
-    int numberOfMemberBatches = GrouperUtil.batchNumberOfBatches(memberIdsTotal, 100);
-    
-    boolean hasMemberBatches = numberOfMemberBatches > 0;
-    //there needs to be at least one batch
-    numberOfMemberBatches = numberOfMemberBatches == 0 ? 1 : numberOfMemberBatches;
-    
-    List<String> membersIdsTotalList = memberIdsTotal instanceof List ? (List)memberIdsTotal 
-        : new ArrayList<String>(GrouperUtil.nonNull(memberIdsTotal));
-    
-    for (int memberBatchIndex=0;memberBatchIndex<numberOfMemberBatches;memberBatchIndex++) {
-      
-      //if no batches, just use null
-      List<String> memberIds = hasMemberBatches ? GrouperUtil.batchList(membersIdsTotalList, 100, memberBatchIndex) : null;
-      
-      int memberIdsSize = GrouperUtil.length(memberIds);
-      int roleIdsSize = GrouperUtil.length(roleIds);
-      int actionsSize = GrouperUtil.length(actions);
-      int attributeDefIdsSize = GrouperUtil.length(attributeDefIds);
-      int attributeDefNameIdsSize = GrouperUtil.length(attributeDefNameIds);
-      
-      //if (memberIdsSize == 0 && roleIdsSize == 0 && attributeDefIdsSize == 0 && attributeDefNameIdsSize == 0) {
-      //  throw new RuntimeException("Illegal query, you need to pass in members and/or attributeDefId(s) and/or roleId(s) and/or roleNames and/or attributeDefNameIds");
-      //}
-      
-      //too many bind vars... note, we can batch up the memberIds
-      if (memberIdsSize + roleIdsSize + attributeDefIdsSize + attributeDefNameIdsSize + actionsSize > 180) {
-        throw new RuntimeException("Too many memberIdsSize " + memberIdsSize 
-            + " roleIdsSize " + roleIdsSize + " or attributeDefIdsSize " 
-            + attributeDefIdsSize + " or attributeDefNameIds " + attributeDefNameIdsSize + " or actionsSize " + actionsSize );
-      }
-
-      
-      
-      ByHqlStatic byHqlStatic = HibernateSession.byHqlStatic();
-
-      String selectPrefix = "select distinct " + PERMISSION_ENTRY_COLUMNS + " ";
-      
-      //doesnt work due to composite key, hibernate puts parens around it and mysql fails
-      //String countPrefix = "select count(distinct pea) ";
-      
-      StringBuilder sqlTables = new StringBuilder(" from " + PERMISSION_ENTRY_TABLES + " ");
-
-      if (permissionNameInStem != null && permissionNameInStemScope == Scope.ONE) {
-        sqlTables.append(" , AttributeDefName adn2 ");
-      }
-      
-      StringBuilder sqlWhereClause = new StringBuilder(" " + PERMISSION_ENTRY_WHERE_CLAUSE + " ");
-      
-      GrouperSession grouperSession = GrouperSession.staticGrouperSession();
-      
-      Subject grouperSessionSubject = grouperSession.getSubject();
-      
-      grouperSession.getAttributeDefResolver().hqlFilterAttrDefsWhereClause(
-        grouperSessionSubject, byHqlStatic, 
-        sqlTables, sqlWhereClause, "gadn.attributeDefId", AttributeDefPrivilege.ATTR_READ_PRIVILEGES);
-      
-      boolean changedQuery = grouperSession.getAccessResolver().hqlFilterGroupsWhereClause(
-          grouperSessionSubject, byHqlStatic, 
-          sqlTables, "gr.uuid", AccessPrivilege.ATTRIBUTE_READ_PRIVILEGES);
-
-      StringBuilder sql;
-      if (changedQuery) {
-        if (sqlWhereClause.length() > 0) {
-          sql = sqlTables.append(" and ").append(sqlWhereClause);
-        } else {
-          throw new RuntimeException("Unexpected.");
-        }
-      } else {
-        sql = sqlTables.append(" where ").append(sqlWhereClause);
-      }
-      
-      if (enabled != null && enabled) {
-        sql.append(" and gaa.enabledDb = 'T' ");
-      }
-      if (enabled != null && !enabled) {
-        sql.append(" and gaa.enabledDb = 'F' ");
-      }
-      
-      if (permissionNameInStem != null) {
-        switch (permissionNameInStemScope) {
-          case ONE:
-            sql.append(" and gadn.id = adn2.id and adn2.stemId = :stemId ");
-            byHqlStatic.setString("stemId", permissionNameInStem.getUuid());
-            break;
-          case SUB:
-            
-            sql.append(" and gadn.nameDb like :stemSub ");
-            byHqlStatic.setString("stemSub", permissionNameInStem.getName() + ":%");
-            
-            break;
-          default:
-            throw new RuntimeException("Not expecting permissionNameInStemScope: " + permissionNameInStemScope);
-        }
-      }
-
-      
-      if (noEndDate) {
-        sql.append(" and gmav.disabledTimeDb is null ");
-        sql.append(" and gaa.disabledTimeDb is null ");
-      }
-      
-      if (actionsSize > 0) {
-        sql.append(" and gaaa.nameDb in (");
-        sql.append(HibUtils.convertToInClause(actions, byHqlStatic));
-        sql.append(") ");
-      }
-      if (roleIdsSize > 0) {
-        sql.append(" and gr.uuid in (");
-        sql.append(HibUtils.convertToInClause(roleIds, byHqlStatic));
-        sql.append(") ");
-      }
-      if (attributeDefIdsSize > 0) {
-        sql.append(" and gadn.attributeDefId in (");
-        sql.append(HibUtils.convertToInClause(attributeDefIds, byHqlStatic));
-        sql.append(") ");
-      }
-      if (attributeDefNameIdsSize > 0) {
-        sql.append(" and gadn.id in (");
-        sql.append(HibUtils.convertToInClause(attributeDefNameIds, byHqlStatic));
-        sql.append(") ");
-      }
-      if (memberIdsSize > 0) {
-        sql.append(" and gm.uuid in (");
-        sql.append(HibUtils.convertToInClause(memberIds, byHqlStatic));
-        sql.append(") ");
-      }
-      
-      QueryOptions queryOptions = new QueryOptions();
-      QuerySort querySort = new QuerySort("gm.subjectIdDb", true);
-      querySort.insertSortToBeginning("gaaa.nameDb", true);
-      querySort.insertSortToBeginning("gr.displayNameDb", true);
-      querySort.insertSortToBeginning("gadn.displayNameDb", true);
-      queryOptions.sort(querySort);
-      
-      System.out.println("TEST TEST TEST");
-      
-      byHqlStatic
-        .setCacheable(false)
-        .setCacheRegion(KLASS + ".findPermissions").options(queryOptions);
-
-      int maxAssignments = GrouperConfig.retrieveConfig().propertyValueInt("ws.findPermissions.maxResultSize", 30000);
-      
-      String sqlString = sql.toString();
-      
-      //if we did where and, then switch to where
-      sqlString = sqlString.replaceAll("where\\s+and", "where");
-
-      //if we end in where, strip it out
-      sqlString = sqlString.trim();
-      if (sqlString.endsWith("where")) {
-        sqlString = sqlString.substring(0, sqlString.length()-5);
-      }
-
-      Set<PermissionEntryImpl> permissionData = byHqlStatic.createQuery(selectPrefix + sqlString)
-        .assignConvertHqlColumnsToObject(true)
-        .listSet(PermissionEntryImpl.class);
-      
-      int size = GrouperUtil.length(permissionData);
-      if (maxAssignments >= 0) {
-
-        //doesnt work on mysql i think due to hibernate and composite key
-        //size = byHqlStatic.createQuery(countPrefix + sqlString).uniqueResult(long.class);    
-        
-        //see if too many
-        if (size > maxAssignments) {
-          throw new RuntimeException("Too many results: " + size);
-        }
-        
-      }
-      
-
-      //nothing to filter
-      if (size == 0) {
-        continue;
-      }
-      
-      Set<PermissionEntry> results = new LinkedHashSet<PermissionEntry>(permissionData);
-      
-      //if the hql didnt filter, we need to do that here
-      results = grouperSession.getAttributeDefResolver().postHqlFilterPermissions(grouperSessionSubject, results);
-      
-      //we should be down to the secure list
-      totalResults.addAll(results);
-    }
-      
-    return totalResults;
-  }
-  
-  /**
-   * @see edu.internet2.middleware.grouper.internal.dao.PermissionEntryDAO#findPermissions(Collection, Collection, Collection, Collection, Boolean, Collection, boolean, Stem, Scope, QueryOptions)
-   */
-  public Set<PermissionEntry> findPermissions(Collection<String> attributeDefIds,
-      Collection<String> attributeDefNameIds, Collection<String> roleIds,
-      Collection<String> actions, Boolean enabled, Collection<String> memberIdsTotal, 
-      boolean noEndDate, Stem permissionNameInStem, Scope permissionNameInStemScope, QueryOptions queryOptions) {
-    
-    Set<PermissionEntry> totalResults = new LinkedHashSet<PermissionEntry>();
-
-    int numberOfMemberBatches = GrouperUtil.batchNumberOfBatches(memberIdsTotal, 100);
-    
-    boolean hasMemberBatches = numberOfMemberBatches > 0;
-    //there needs to be at least one batch
-    numberOfMemberBatches = numberOfMemberBatches == 0 ? 1 : numberOfMemberBatches;
-    
-    List<String> membersIdsTotalList = memberIdsTotal instanceof List ? (List)memberIdsTotal 
-        : new ArrayList<String>(GrouperUtil.nonNull(memberIdsTotal));
-    
-    for (int memberBatchIndex=0;memberBatchIndex<numberOfMemberBatches;memberBatchIndex++) {
-      
-      //if no batches, just use null
-      List<String> memberIds = hasMemberBatches ? GrouperUtil.batchList(membersIdsTotalList, 100, memberBatchIndex) : null;
-      
-      int memberIdsSize = GrouperUtil.length(memberIds);
-      int roleIdsSize = GrouperUtil.length(roleIds);
-      int actionsSize = GrouperUtil.length(actions);
-      int attributeDefIdsSize = GrouperUtil.length(attributeDefIds);
-      int attributeDefNameIdsSize = GrouperUtil.length(attributeDefNameIds);
-      
-      //if (memberIdsSize == 0 && roleIdsSize == 0 && attributeDefIdsSize == 0 && attributeDefNameIdsSize == 0) {
-      //  throw new RuntimeException("Illegal query, you need to pass in members and/or attributeDefId(s) and/or roleId(s) and/or roleNames and/or attributeDefNameIds");
-      //}
-      
-      //too many bind vars... note, we can batch up the memberIds
-      if (memberIdsSize + roleIdsSize + attributeDefIdsSize + attributeDefNameIdsSize + actionsSize > 180) {
-        throw new RuntimeException("Too many memberIdsSize " + memberIdsSize 
-            + " roleIdsSize " + roleIdsSize + " or attributeDefIdsSize " 
-            + attributeDefIdsSize + " or attributeDefNameIds " + attributeDefNameIdsSize + " or actionsSize " + actionsSize );
-      }
-
-      
-      
-      ByHqlStatic byHqlStatic = HibernateSession.byHqlStatic();
-
-      String selectPrefix = "select distinct " + PERMISSION_ENTRY_COLUMNS + " ";
-      
-      //doesnt work due to composite key, hibernate puts parens around it and mysql fails
-      //String countPrefix = "select count(distinct pea) ";
-      
-      StringBuilder sqlTables = new StringBuilder(" from " + PERMISSION_ENTRY_TABLES + " ");
-
-      if (permissionNameInStem != null && permissionNameInStemScope == Scope.ONE) {
-        sqlTables.append(" , AttributeDefName adn2 ");
-      }
-      
-      StringBuilder sqlWhereClause = new StringBuilder(" " + PERMISSION_ENTRY_WHERE_CLAUSE + " ");
-      
-      GrouperSession grouperSession = GrouperSession.staticGrouperSession();
-      
-      Subject grouperSessionSubject = grouperSession.getSubject();
-      
-      grouperSession.getAttributeDefResolver().hqlFilterAttrDefsWhereClause(
-        grouperSessionSubject, byHqlStatic, 
-        sqlTables, sqlWhereClause, "gadn.attributeDefId", AttributeDefPrivilege.ATTR_READ_PRIVILEGES);
-      
-      boolean changedQuery = grouperSession.getAccessResolver().hqlFilterGroupsWhereClause(
-          grouperSessionSubject, byHqlStatic, 
-          sqlTables, "gr.uuid", AccessPrivilege.ATTRIBUTE_READ_PRIVILEGES);
-
-      StringBuilder sql;
-      if (changedQuery) {
-        if (sqlWhereClause.length() > 0) {
-          sql = sqlTables.append(" and ").append(sqlWhereClause);
-        } else {
-          throw new RuntimeException("Unexpected.");
-        }
-      } else {
-        sql = sqlTables.append(" where ").append(sqlWhereClause);
-      }
-      
-      if (enabled != null && enabled) {
-        sql.append(" and gaa.enabledDb = 'T' ");
-      }
-      if (enabled != null && !enabled) {
-        sql.append(" and gaa.enabledDb = 'F' ");
-      }
-      
-      if (permissionNameInStem != null) {
-        switch (permissionNameInStemScope) {
-          case ONE:
-            sql.append(" and gadn.id = adn2.id and adn2.stemId = :stemId ");
-            byHqlStatic.setString("stemId", permissionNameInStem.getUuid());
-            break;
-          case SUB:
-            
-            sql.append(" and gadn.nameDb like :stemSub ");
-            byHqlStatic.setString("stemSub", permissionNameInStem.getName() + ":%");
-            
-            break;
-          default:
-            throw new RuntimeException("Not expecting permissionNameInStemScope: " + permissionNameInStemScope);
-        }
-      }
-
-      
-      if (noEndDate) {
-        sql.append(" and gmav.disabledTimeDb is null ");
-        sql.append(" and gaa.disabledTimeDb is null ");
-      }
-      
-      if (actionsSize > 0) {
-        sql.append(" and gaaa.nameDb in (");
-        sql.append(HibUtils.convertToInClause(actions, byHqlStatic));
-        sql.append(") ");
-      }
-      if (roleIdsSize > 0) {
-        sql.append(" and gr.uuid in (");
-        sql.append(HibUtils.convertToInClause(roleIds, byHqlStatic));
-        sql.append(") ");
-      }
-      if (attributeDefIdsSize > 0) {
-        sql.append(" and gadn.attributeDefId in (");
-        sql.append(HibUtils.convertToInClause(attributeDefIds, byHqlStatic));
-        sql.append(") ");
-      }
-      if (attributeDefNameIdsSize > 0) {
-        sql.append(" and gadn.id in (");
-        sql.append(HibUtils.convertToInClause(attributeDefNameIds, byHqlStatic));
-        sql.append(") ");
-      }
-      if (memberIdsSize > 0) {
-        sql.append(" and gm.uuid in (");
-        sql.append(HibUtils.convertToInClause(memberIds, byHqlStatic));
-        sql.append(") ");
-      }
-      
-      if (queryOptions == null) {
-        queryOptions = new QueryOptions();
-      }
-      // don't let the client override the sorting settings
-      QuerySort querySort = new QuerySort("gm.subjectIdDb", true);
-      querySort.insertSortToBeginning("gaaa.nameDb", true);
-      querySort.insertSortToBeginning("gr.displayNameDb", true);
-      querySort.insertSortToBeginning("gadn.displayNameDb", true);
-      queryOptions.sort(querySort);
-      
-            
-      byHqlStatic
-        .setCacheable(false)
-        .setCacheRegion(KLASS + ".findPermissions").options(queryOptions);
-
-      int maxAssignments = GrouperConfig.retrieveConfig().propertyValueInt("ws.findPermissions.maxResultSize", 30000);
-      
-      String sqlString = sql.toString();
-      
-      //if we did where and, then switch to where
-      sqlString = sqlString.replaceAll("where\\s+and", "where");
-
-      //if we end in where, strip it out
-      sqlString = sqlString.trim();
-      if (sqlString.endsWith("where")) {
-        sqlString = sqlString.substring(0, sqlString.length()-5);
-      }
-
-      Set<PermissionEntryImpl> permissionData = byHqlStatic.createQuery(selectPrefix + sqlString)
-        .assignConvertHqlColumnsToObject(true)
-        .listSet(PermissionEntryImpl.class);
-      
-      int size = GrouperUtil.length(permissionData);
-      if (maxAssignments >= 0) {
-
-        //doesnt work on mysql i think due to hibernate and composite key
-        //size = byHqlStatic.createQuery(countPrefix + sqlString).uniqueResult(long.class);    
-        
-        //see if too many
-        if (size > maxAssignments) {
-          throw new RuntimeException("Too many results: " + size);
-        }
-        
-      }
-      
-
-      //nothing to filter
-      if (size == 0) {
-        continue;
-      }
-      
-      Set<PermissionEntry> results = new LinkedHashSet<PermissionEntry>(permissionData);
-      
-      //if the hql didnt filter, we need to do that here
-      results = grouperSession.getAttributeDefResolver().postHqlFilterPermissions(grouperSessionSubject, results);
-      
-      //we should be down to the secure list
-      totalResults.addAll(results);
-    }
-      
-    return totalResults;
-  }
-
-  /**
-   * @see PermissionEntryDAO#findPermissionsByAttributeDefDisabledRange(String, Timestamp, Timestamp)
-   * find permissions by attribute definition which are about to expire
-   */
-  public Set<PermissionEntry> findPermissionsByAttributeDefDisabledRange(
-      String attributeDefId, Timestamp disabledDateFrom, Timestamp disabledDateTo) {
-    
-    if (disabledDateFrom == null && disabledDateTo == null) {
-      throw new RuntimeException("Need to pass in disabledFrom or disabledTo");
-    }
-    
-    //if they got it backwards, then fix it for them
-    if (disabledDateFrom != null && disabledDateTo != null 
-        && disabledDateFrom.getTime() > disabledDateTo.getTime()) {
-      
-      Timestamp temp = disabledDateFrom;
-      disabledDateFrom = disabledDateTo;
-      disabledDateTo = temp;
-      
-    }
-    
-    ByHqlStatic byHqlStatic = HibernateSession.byHqlStatic();
-
-    StringBuilder sql = new StringBuilder(
-        "select " + PERMISSION_ENTRY_COLUMNS + " from " + PERMISSION_ENTRY_TABLES + ", AttributeDefName theAttributeDefName where " + PERMISSION_ENTRY_WHERE_CLAUSE
-        + " and gadn.id = theAttributeDefName.id "
-        + " and theAttributeDefName.attributeDefId   = :theAttributeDefId "
-        + " and gm.uuid is not null "
-        + " and gaa.enabledDb = 'T' ");
-    
-    if (disabledDateFrom != null) {
-      sql.append(" and gaa.disabledTimeDb >= :disabledDateFrom ");
-      byHqlStatic.setLong( "disabledDateFrom" , disabledDateFrom.getTime() );
-    }
-    if (disabledDateTo != null) {
-      sql.append(" and gaa.disabledTimeDb <= :disabledDateTo ");
-      byHqlStatic.setLong( "disabledDateTo" , disabledDateTo.getTime() );
-    }
-
-    sql.append(
-        " and not exists ( select gaaInner.id from " + PERMISSION_ENTRY_TABLES.replaceAll("(\\w+) (\\w+)", "$1 $2Inner") + " where " + PERMISSION_ENTRY_WHERE_CLAUSE.replace(".", "Inner.") +
-        " and gadnInner.id = gadn.id " +
-        " and gaaaInner.id = gaaa.id " +
-        //note, who cares which role it is, if the user has the permission...  (not exactly right if not flattening permissions, but thats ok)
-        //" and validPermissionEntry.roleId = thePermissionEntry.roleId " +
-        " and gmInner.uuid = gm.uuid " +
-        " and gaaInner.enabledDb = 'T' and ( gaaInner.disabledTimeDb is null ");
-
-    if (disabledDateTo != null) {
-      sql.append(" or gaaInner.disabledTimeDb > :disabledDateTo ");
-    } else if (disabledDateFrom != null) {
-      sql.append(" or gaaInner.disabledTimeDb < :disabledDateFrom ");
-    }
-    
-    
-    sql.append(") )");
-    
-    Set<PermissionEntryImpl> permissionEntries = byHqlStatic
-      .createQuery(sql.toString())
-      .setCacheable(false)
-      .setCacheRegion(KLASS + ".FindPermissionsByAttributeDefDisabledRange")
-      .setString( "theAttributeDefId" , attributeDefId )
-      .assignConvertHqlColumnsToObject(true)
-      .listSet(PermissionEntryImpl.class);
-
-    return new LinkedHashSet<PermissionEntry>(permissionEntries);
-
-    
-  }
-
-  /**
-   * @see PermissionEntryDAO#findAllPermissionsNotInGroupAndType(String, String, boolean, QueryOptions, Boolean, boolean)
-   */
-  public Set<PermissionEntry> findAllPermissionsNotInGroupAndType(String attributeDefId,
-      String groupId, boolean immediateRoleMembershipsOrRoleSubject, QueryOptions queryOptions,
-      Boolean enabled, boolean hasNoEndDate) {
-
-    StringBuilder sql = new StringBuilder(
-        "select " + PERMISSION_ENTRY_COLUMNS + " from " + PERMISSION_ENTRY_TABLES + ", AttributeDefName theAttributeDefName where " + PERMISSION_ENTRY_WHERE_CLAUSE
-        + " and gadn.id = theAttributeDefName.id "
-        + " and theAttributeDefName.attributeDefId   = :theAttributeDefId "
-        + " and gm.uuid is not null ");
-    
-    if (enabled != null) {
-      sql.append(" and gaa.enabledDb = 'T' ");
-    }
-
-    if (immediateRoleMembershipsOrRoleSubject) {
-      //either t
-      sql.append(" and (gmav.depth = 0 " );
-      sql.append(" or gaa.attributeAssignTypeDb != 'group' ) " );
-    }
-
-    if (hasNoEndDate) {
-      sql.append(" and gaa.disabledTimeDb is null ");
-      sql.append(" and gmav.disabledTimeDb is null ");
-    }
-
-    sql.append(" and  gm.uuid not in ( select notInMembershipEntry.memberUuid from MembershipEntry as notInMembershipEntry " +
-        " where notInMembershipEntry.ownerGroupId = :ownerGroupId "
-        + " and notInMembershipEntry.fieldId = '" + Group.getDefaultList().getUuid() + "' ");
-    if (enabled != null) {
-      if (enabled) {
-        sql.append(" and notInMembershipEntry.enabledDb = 'T' ");
-      } else {
-        sql.append(" and notInMembershipEntry.enabledDb = 'F' ");
-      }
-    }
-    sql.append(" ) ");
-    
-    ByHqlStatic byHqlStatic = HibernateSession.byHqlStatic();
-
-    Set<PermissionEntryImpl> permissionEntries = byHqlStatic
-      .createQuery(sql.toString())
-      .setCacheable(false)
-      .setCacheRegion(KLASS + ".FindAllPermissionsNotInGroupAndType")
-      .setString( "theAttributeDefId" , attributeDefId )
-      .setString( "ownerGroupId" , groupId )
-      .assignConvertHqlColumnsToObject(true)
-      .listSet(PermissionEntryImpl.class);
-
-    return new LinkedHashSet<PermissionEntry>(permissionEntries);
-
-  
-  }
-
-  /**
-   * @see PermissionEntryDAO#findAllPermissionsNotInStem(String, Stem, Stem.Scope, boolean, QueryOptions, Boolean, boolean)
-   */
-  public Set<PermissionEntry> findAllPermissionsNotInStem(String attributeDefId,
-      Stem ownerNotInStem, Stem.Scope stemScope,  boolean immediateRoleMembershipsOrRoleSubject,
-      QueryOptions queryOptions, Boolean enabled, boolean hasNoEndDate) {
-
-    StringBuilder sql = new StringBuilder(
-        "select " + PERMISSION_ENTRY_COLUMNS + " from " + PERMISSION_ENTRY_TABLES + ", AttributeDefName theAttributeDefName where " + PERMISSION_ENTRY_WHERE_CLAUSE
-        + " and gadn.id = theAttributeDefName.id "
-        + " and theAttributeDefName.attributeDefId   = :theAttributeDefId "
-        + " and gm.uuid is not null ");
-    
-    if (enabled != null) {
-      sql.append(" and gaa.enabledDb = 'T' ");
-    }
-
-    if (immediateRoleMembershipsOrRoleSubject) {
-      //either t
-      sql.append(" and (gmav.depth = 0 " );
-      sql.append(" or gaa.attributeAssignTypeDb != 'group' ) " );
-    }
-
-    if (hasNoEndDate) {
-      sql.append(" and gaa.disabledTimeDb is null ");
-      sql.append(" and gmav.disabledTimeDb is null ");
-    }
-
-    sql.append(" and  not exists ( select notInMembershipEntry.memberUuid " +
-        " from MembershipEntry as notInMembershipEntry, Group as theStemGroup " +
-            " where notInMembershipEntry.ownerGroupId = theStemGroup.uuid "
-            + " and notInMembershipEntry.memberUuid = gm.uuid "
-            + " and notInMembershipEntry.fieldId = '" + Group.getDefaultList().getUuid() + "' ");
-
-    ByHqlStatic byHqlStatic = HibernateSession.byHqlStatic();
-
-    switch (stemScope) {
-      case ONE:
-        
-        sql.append(" and theStemGroup.parentUuid = :stemId ");
-        byHqlStatic.setString("stemId", ownerNotInStem.getUuid());
-        break;
-
-      case SUB:
-        
-        sql.append(" and theStemGroup.nameDb like :stemSub ");
-        byHqlStatic.setString("stemSub", ownerNotInStem.getName() + ":%");
-        
-        break;
-      default:
-        throw new RuntimeException("Not expecting scope: " + stemScope);
-    }
-    
-    sql.append(" ) ");
-            
-    
-    Set<PermissionEntryImpl> permissionEntries = byHqlStatic
-      .createQuery(sql.toString())
-      .setCacheable(false)
-      .setCacheRegion(KLASS + ".FindAllPermissionsNotInStem")
-      .setString( "theAttributeDefId" , attributeDefId )
-      .assignConvertHqlColumnsToObject(true)
-      .listSet(PermissionEntryImpl.class);
-
-    return new LinkedHashSet<PermissionEntry>(permissionEntries);
-
-  }
-  
-  /**
-   * find permissions based on filter criteria
-   */
-  public Set<PermissionEntry> findPermissions(String attributeDefId,
-      String attributeDefNameId, String ownerRoleId, String ownerMemberId,
-      String action, Boolean enabled) {
-    
-    ByHqlStatic byHqlStatic = HibernateSession.byHqlStatic();
-
-    String selectPrefix = "select distinct " + PERMISSION_ENTRY_COLUMNS + " ";
-    
-    //doesnt work due to composite key, hibernate puts parens around it and mysql fails
-    //String countPrefix = "select count(distinct pea) ";
-    
-    StringBuilder sqlTables = new StringBuilder(" from " + PERMISSION_ENTRY_TABLES + " ");
-    
-    StringBuilder sqlWhereClause = new StringBuilder(" " + PERMISSION_ENTRY_WHERE_CLAUSE + " ");
-    
-    GrouperSession grouperSession = GrouperSession.staticGrouperSession();
-    
-    Subject grouperSessionSubject = grouperSession.getSubject();
-    
-    grouperSession.getAttributeDefResolver().hqlFilterAttrDefsWhereClause(
-      grouperSessionSubject, byHqlStatic, 
-      sqlTables, sqlWhereClause, "gadn.attributeDefId", AttributeDefPrivilege.ATTR_READ_PRIVILEGES);
-    
-    boolean changedQuery = grouperSession.getAccessResolver().hqlFilterGroupsWhereClause(
-        grouperSessionSubject, byHqlStatic, 
-        sqlTables, "gr.uuid", AccessPrivilege.ATTRIBUTE_READ_PRIVILEGES);
-
-    StringBuilder sql;
-    if (changedQuery) {
-      if (sqlWhereClause.length() > 0) {
-        sql = sqlTables.append(" and ").append(sqlWhereClause);
-      } else {
-        throw new RuntimeException("Unexpected.");
-      }
-    } else {
-      sql = sqlTables.append(" where ").append(sqlWhereClause);
-    }
-    
-    if (enabled != null && enabled) {
-      sql.append(" and gaa.enabledDb = 'T' ");
-    }
-    if (enabled != null && !enabled) {
-      sql.append(" and gaa.enabledDb = 'F' ");
-    }
-    
-    if (!StringUtils.isBlank(ownerRoleId)) {
-      sql.append(" and gr.uuid = :theOwnerRoleId ");
-      byHqlStatic.setString("theOwnerRoleId", ownerRoleId);
-    }
-    
-    if (!StringUtils.isBlank(action)) {
-      sql.append(" and gaaa.nameDb = :theAction ");
-      byHqlStatic.setString("theAction", action);
-    }
-
-    if (!StringUtils.isBlank(attributeDefId)) {
-      sql.append(" and gadn.attributeDefId = :theAttributeDefId ");
-      byHqlStatic.setString("theAttributeDefId", attributeDefId);
-    }
-    if (!StringUtils.isBlank(attributeDefNameId)) {
-      sql.append(" and gadn.id = :theAttributeDefNameId ");
-      byHqlStatic.setString("theAttributeDefNameId", attributeDefNameId);
-    }
-    if (!StringUtils.isBlank(ownerMemberId)) {
-      sql.append(" and gm.uuid = :theOwnerMemberId ");
-      byHqlStatic.setString("theOwnerMemberId", ownerMemberId);
-    }
-    byHqlStatic
-      .setCacheable(false)
-      .setCacheRegion(KLASS + ".findPermissions");
-
-    int maxAssignments = GrouperConfig.retrieveConfig().propertyValueInt("ws.findPermissions.maxResultSize", 30000);
-    
-    String sqlString = sql.toString();
-    
-    //if we did where and, then switch to where
-    sqlString = sqlString.replaceAll("where\\s+and", "where");
-    sqlString = sqlString.replaceAll("where\\s*$", "");
-    
-    Set<PermissionEntryImpl> resultsTemp = byHqlStatic.createQuery(selectPrefix + sqlString)
-      .assignConvertHqlColumnsToObject(true)
-      .listSet(PermissionEntryImpl.class);
-
-    int size = GrouperUtil.length(resultsTemp);
-    if (maxAssignments >= 0) {
-
-      //doesnt work on mysql i think due to hibernate and composite key
-      //size = byHqlStatic.createQuery(countPrefix + sqlString).uniqueResult(long.class);    
-      
-      //see if too many
-      if (size > maxAssignments) {
-        throw new RuntimeException("Too many results: " + size);
-      }
-      
-    }
-    
-    Set<PermissionEntry> results = new LinkedHashSet<PermissionEntry>(resultsTemp);
-    
-
-    //nothing to filter
-    if (size == 0) {
-      return results;
-    }
-    
-    //if the hql didnt filter, we need to do that here
-    results = grouperSession.getAttributeDefResolver().postHqlFilterPermissions(grouperSessionSubject, results);
-    
-    //we should be down to the secure list
-    return results;
-  }
-
-  /**
-   * @see PermissionEntry#findRolePermissions(String attributeDefId, String attributeDefNameId, String ownerRoleId, String action, Boolean enabled)
-   */
-  public Set<PermissionEntry> findRolePermissions(String attributeDefId,
-      String attributeDefNameId, String ownerRoleId, String action, Boolean enabled) {
-    
-    ByHqlStatic byHqlStatic = HibernateSession.byHqlStatic();
-
-    String selectPrefix = "select distinct pea ";
-    
-    //doesnt work due to composite key, hibernate puts parens around it and mysql fails
-    //String countPrefix = "select count(distinct pea) ";
-    
-    StringBuilder sqlTables = new StringBuilder(" from PermissionEntryRoleAssigned pea ");
-    
-    StringBuilder sqlWhereClause = new StringBuilder("");
-    
-    GrouperSession grouperSession = GrouperSession.staticGrouperSession();
-    
-    Subject grouperSessionSubject = grouperSession.getSubject();
-    
-    grouperSession.getAttributeDefResolver().hqlFilterAttrDefsWhereClause(
-      grouperSessionSubject, byHqlStatic, 
-      sqlTables, sqlWhereClause, "pea.attributeDefId", AttributeDefPrivilege.ATTR_READ_PRIVILEGES);
-    
-    boolean changedQuery = grouperSession.getAccessResolver().hqlFilterGroupsWhereClause(
-        grouperSessionSubject, byHqlStatic, 
-        sqlTables, "pea.roleId", AccessPrivilege.ATTRIBUTE_READ_PRIVILEGES);
-
-    StringBuilder sql;
-    if (changedQuery) {
-      if (sqlWhereClause.length() > 0) {
-        sql = sqlTables.append(" and ").append(sqlWhereClause);
-      } else {
-        sql = sqlTables;
-      }
-    } else {
-      sql = sqlTables.append(" where ").append(sqlWhereClause);
-    }
-    
-    if (enabled != null && enabled) {
-      sql.append(" and pea.enabledDb = 'T' ");
-    }
-    if (enabled != null && !enabled) {
-      sql.append(" and pea.enabledDb = 'F' ");
-    }
-    
-    if (!StringUtils.isBlank(ownerRoleId)) {
-      sql.append(" and pea.roleId = :theOwnerRoleId ");
-      byHqlStatic.setString("theOwnerRoleId", ownerRoleId);
-    }
-    
-    if (!StringUtils.isBlank(action)) {
-      sql.append(" and pea.action = :theAction ");
-      byHqlStatic.setString("theAction", action);
-    }
-
-    if (!StringUtils.isBlank(attributeDefId)) {
-      sql.append(" and pea.attributeDefId = :theAttributeDefId ");
-      byHqlStatic.setString("theAttributeDefId", attributeDefId);
-    }
-    if (!StringUtils.isBlank(attributeDefNameId)) {
-      sql.append(" and pea.attributeDefNameId = :theAttributeDefNameId ");
-      byHqlStatic.setString("theAttributeDefNameId", attributeDefNameId);
-    }
-    byHqlStatic
-      .setCacheable(false)
-      .setCacheRegion(KLASS + ".findRolePermissions");
-
-    int maxAssignments = GrouperConfig.retrieveConfig().propertyValueInt("ws.findPermissions.maxResultSize", 30000);
-    
-    String sqlString = sql.toString();
-    
-    //if we did where and, then switch to where
-    sqlString = sqlString.replaceAll("where\\s+and", "where");
-    sqlString = sqlString.replaceAll("where\\s*$", "");
-    
-    Set<PermissionEntry> results = byHqlStatic.createQuery(selectPrefix + sqlString).listSet(PermissionEntry.class);
-
-    int size = GrouperUtil.length(results);
-    if (maxAssignments >= 0) {
-
-      //doesnt work on mysql i think due to hibernate and composite key
-      //size = byHqlStatic.createQuery(countPrefix + sqlString).uniqueResult(long.class);    
-      
-      //see if too many
-      if (size > maxAssignments) {
-        throw new RuntimeException("Too many results: " + size);
-      }
-      
-    }
-    
-
-    //nothing to filter
-    if (size == 0) {
-      return results;
-    }
-    
-    //if the hql didnt filter, we need to do that here
-    results = grouperSession.getAttributeDefResolver().postHqlFilterPermissions(grouperSessionSubject, results);
-    
-    //we should be down to the secure list
-    return results;
-
-  }
-
-  /**
-   * @see PermissionEntryDAO#findRolePermissions(Collection, Collection, Collection, Collection, Boolean, boolean)
-   */
-  public Set<PermissionEntry> findRolePermissions(Collection<String> attributeDefIds,
-      Collection<String> attributeDefNameIds, Collection<String> roleIds,
-      Collection<String> actions, Boolean enabled, boolean noEndDate) {
-    return findRolePermissions(attributeDefIds, attributeDefNameIds, roleIds, actions, enabled, noEndDate, null, null);
-  }
-
-  /**
-   * @see PermissionEntryDAO#findRolePermissions(Collection, Collection, Collection, Collection, Boolean, boolean, Stem, Scope)
-   */
-  public Set<PermissionEntry> findRolePermissions(Collection<String> attributeDefIds,
-      Collection<String> attributeDefNameIds, Collection<String> roleIds,
-      Collection<String> actions, Boolean enabled, boolean noEndDate, 
-      Stem permissionNameInStem, Scope permissionNameInStemScope) {
-    int roleIdsSize = GrouperUtil.length(roleIds);
-    int actionsSize = GrouperUtil.length(actions);
-    int attributeDefIdsSize = GrouperUtil.length(attributeDefIds);
-    int attributeDefNameIdsSize = GrouperUtil.length(attributeDefNameIds);
-
-    //too many bind vars
-    if (roleIdsSize + attributeDefIdsSize + attributeDefNameIdsSize + actionsSize > 100) {
-      throw new RuntimeException("Too many roleIdsSize " + roleIdsSize + " or attributeDefIdsSize " 
-          + attributeDefIdsSize + " or attributeDefNameIds " + attributeDefNameIdsSize + " or actionsSize " + actionsSize );
-    }
-
-    ByHqlStatic byHqlStatic = HibernateSession.byHqlStatic();
-
-    String selectPrefix = "select distinct pea ";
-
-    //doesnt work due to composite key, hibernate puts parens around it and mysql fails
-    //String countPrefix = "select count(distinct pea) ";
-
-    StringBuilder sqlTables = new StringBuilder(" from PermissionEntryRoleAssigned pea ");
-
-    if (permissionNameInStem != null && permissionNameInStemScope == Scope.ONE) {
-      sqlTables.append(" , AttributeDefName adn ");
-    }
-
-    StringBuilder sqlWhereClause = new StringBuilder("");
-
-    GrouperSession grouperSession = GrouperSession.staticGrouperSession();
-
-    Subject grouperSessionSubject = grouperSession.getSubject();
-
-    grouperSession.getAttributeDefResolver().hqlFilterAttrDefsWhereClause(
-      grouperSessionSubject, byHqlStatic, 
-      sqlTables, sqlWhereClause, "pea.attributeDefId", AttributeDefPrivilege.ATTR_READ_PRIVILEGES);
-    
-    boolean changedQuery = grouperSession.getAccessResolver().hqlFilterGroupsWhereClause(
-        grouperSessionSubject, byHqlStatic, 
-        sqlTables, "pea.roleId", AccessPrivilege.ATTRIBUTE_READ_PRIVILEGES);
-
-    StringBuilder sql;
-    if (changedQuery) {
-      if (sqlWhereClause.length() > 0) {
-        sql = sqlTables.append(" and ").append(sqlWhereClause);
-      } else {
-        sql = sqlTables;
-      }
-    } else {
-      sql = sqlTables.append(" where ").append(sqlWhereClause);
-    }
-    
-    if (enabled != null && enabled) {
-      sql.append(" and pea.enabledDb = 'T' ");
-    }
-    if (enabled != null && !enabled) {
-      sql.append(" and pea.enabledDb = 'F' ");
-    }
-    
-    if (noEndDate) {
-      sql.append(" and pea.disabledTimeDb is null ");
-    }
-
-    if (permissionNameInStem != null) {
-      switch (permissionNameInStemScope) {
-        case ONE:
-          sql.append(" and pea.attributeDefNameId = adn.id and adn.stemId = :stemId ");
-          byHqlStatic.setString("stemId", permissionNameInStem.getUuid());
-          break;
-        case SUB:
-          
-          sql.append(" and pea.attributeDefNameName like :stemSub ");
-          byHqlStatic.setString("stemSub", permissionNameInStem.getName() + ":%");
-          
-          break;
-        default:
-          throw new RuntimeException("Not expecting permissionNameInStemScope: " + permissionNameInStemScope);
-      }
-    }
-
-    
-    if (actionsSize > 0) {
-      sql.append(" and pea.action in (");
-      sql.append(HibUtils.convertToInClause(actions, byHqlStatic));
-      sql.append(") ");
-    }
-    if (roleIdsSize > 0) {
-      sql.append(" and pea.roleId in (");
-      sql.append(HibUtils.convertToInClause(roleIds, byHqlStatic));
-      sql.append(") ");
-    }
-    if (attributeDefIdsSize > 0) {
-      sql.append(" and pea.attributeDefId in (");
-      sql.append(HibUtils.convertToInClause(attributeDefIds, byHqlStatic));
-      sql.append(") ");
-    }
-    if (attributeDefNameIdsSize > 0) {
-      sql.append(" and pea.attributeDefNameId in (");
-      sql.append(HibUtils.convertToInClause(attributeDefNameIds, byHqlStatic));
-      sql.append(") ");
-    }
-    
-    QueryOptions queryOptions = new QueryOptions();
-    QuerySort querySort = new QuerySort("pea.action", true);
-    querySort.insertSortToBeginning("pea.roleDisplayName", true);
-    querySort.insertSortToBeginning("pea.attributeDefNameDispName", true);
-    queryOptions.sort(querySort);
-    
-    byHqlStatic
-      .setCacheable(false).options(queryOptions)
-      .setCacheRegion(KLASS + ".findRolePermissions");
-
-    int maxAssignments = GrouperConfig.retrieveConfig().propertyValueInt("ws.findPermissions.maxResultSize", 30000);
-    
-    String sqlString = sql.toString();
-    
-    //if we did where and, then switch to where
-    sqlString = sqlString.replaceAll("where\\s+and", "where");
-    
-    Set<PermissionEntry> results = byHqlStatic.createQuery(selectPrefix + sqlString).listSet(PermissionEntry.class);
-
-    int size = GrouperUtil.length(results);
-    if (maxAssignments >= 0) {
-
-      //doesnt work on mysql i think due to hibernate and composite key
-      //size = byHqlStatic.createQuery(countPrefix + sqlString).uniqueResult(long.class);    
-      
-      //see if too many
-      if (size > maxAssignments) {
-        throw new RuntimeException("Too many results: " + size);
-      }
-      
-    }
-    
-
-    //nothing to filter
-    if (size == 0) {
-      return results;
-    }
-    
-    //if the hql didnt filter, we need to do that here
-    results = grouperSession.getAttributeDefResolver().postHqlFilterPermissions(grouperSessionSubject, results);
-    
-    //we should be down to the secure list
-    return results;
-      
-  }
-}


Mime
View raw message