Example 6 with Permission
use of fi.otavanopisto.muikku.model.security.Permission in project muikku by otavanopisto.
the class UserRolePermissionObserver method onWorkspaceRoleDiscoveredEvent.
public void onWorkspaceRoleDiscoveredEvent(@Observes(during = TransactionPhase.BEFORE_COMPLETION) SchoolDataWorkspaceRoleDiscoveredEvent event) {
for (MuikkuPermissionCollection collection : permissionCollections) {
List<String> permissions = collection.listPermissions();
for (String permissionName : permissions) {
Permission permission = permissionDAO.findByName(permissionName);
if (permission != null) {
try {
String permissionScope = collection.getPermissionScope(permissionName);
RoleEntity role = workspaceRoleEntityDAO.findById(event.getDiscoveredWorkspaceRoleEntityId());
WorkspaceRoleArchetype[] archetypes = collection.getDefaultWorkspaceRoles(permissionName);
if (archetypes != null) {
for (WorkspaceRoleArchetype archetype : archetypes) {
if (archetype.equals(translateArchetype(event.getArchetype()))) {
applyPermission(permissionScope, role, permission);
break;
}
}
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
}
}
Also used :
RoleEntity(fi.otavanopisto.muikku.model.users.RoleEntity)
Permission(fi.otavanopisto.muikku.model.security.Permission)
RolePermission(fi.otavanopisto.muikku.model.security.RolePermission)
WorkspaceRoleArchetype(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleArchetype)
Example 7 with Permission
use of fi.otavanopisto.muikku.model.security.Permission in project muikku by otavanopisto.
the class DefaultPermissionResolver method hasEveryonePermission.
@Override
public boolean hasEveryonePermission(String permission, ContextReference contextReference) {
RoleEntity everyoneRole = getEveryoneRole();
Permission permissionEntity = permissionController.findByName(permission);
return permissionEntity != null && permissionController.hasPermission(everyoneRole, permissionEntity);
}
Also used :
RoleEntity(fi.otavanopisto.muikku.model.users.RoleEntity)
Permission(fi.otavanopisto.muikku.model.security.Permission)
Example 8 with Permission
use of fi.otavanopisto.muikku.model.security.Permission in project muikku by otavanopisto.
the class DefaultPermissionResolver method hasPermission.
@Override
public boolean hasPermission(String permission, ContextReference contextReference, User user) {
Permission permissionEntity = permissionController.findByName(permission);
if (permissionEntity == null) {
logger.severe(String.format("Reference to missing permission %s", permission));
return false;
}
UserEntity userEntity = getUserEntity(user);
if (userEntity == null) {
return hasEveryonePermission(permission, contextReference);
}
// Workspace access
if (permissionEntity.getScope().equals(PermissionScope.WORKSPACE) && contextReference != null) {
WorkspaceEntity workspaceEntity = resolveWorkspace(contextReference);
if (workspaceEntity != null) {
if (hasWorkspaceAccess(workspaceEntity, userEntity, permissionEntity)) {
return true;
}
}
}
// Environment access
return hasEnvironmentAccess(userEntity, permissionEntity);
}
Also used :
WorkspaceEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceEntity)
Permission(fi.otavanopisto.muikku.model.security.Permission)
WorkspaceUserEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceUserEntity)
UserEntity(fi.otavanopisto.muikku.model.users.UserEntity)
Example 9 with Permission
use of fi.otavanopisto.muikku.model.security.Permission in project muikku by otavanopisto.
the class WorkspacePermissionsManagementBackingBean method init.
@RequestAction
public String init() {
String urlName = getWorkspaceUrlName();
if (StringUtils.isBlank(urlName)) {
return NavigationRules.NOT_FOUND;
}
WorkspaceEntity workspaceEntity = workspaceController.findWorkspaceEntityByUrlName(urlName);
if (workspaceEntity == null) {
return NavigationRules.NOT_FOUND;
}
if (!sessionController.hasWorkspacePermission(MuikkuPermissions.WORKSPACE_MANAGE_PERMISSIONS, workspaceEntity)) {
return NavigationRules.NOT_FOUND;
}
workspaceEntityId = workspaceEntity.getId();
workspaceBackingBean.setWorkspaceUrlName(urlName);
workspaceName = workspaceBackingBean.getWorkspaceName();
userGroupBeans = new ArrayList<WorkspacePermissionsManagementBackingBean.UserGroupBean>();
permissions = new ArrayList<Permission>();
// TODO: atm we only support the sign up permission
Permission permission = permissionController.findByName(MuikkuPermissions.WORKSPACE_SIGNUP);
permissions.add(permission);
List<UserGroupEntity> userGroupEntities;
String permissionGroupIds = pluginSettingsController.getPluginSetting("workspace", "permission-group-ids");
if (permissionGroupIds == null) {
userGroupEntities = userGroupEntityController.listUserGroupEntities();
} else {
userGroupEntities = new ArrayList<UserGroupEntity>();
String[] idArray = permissionGroupIds.split(",");
for (int i = 0; i < idArray.length; i++) {
Long groupId = NumberUtils.createLong(idArray[i]);
if (groupId != null) {
UserGroupEntity userGroupEntity = userGroupEntityController.findUserGroupEntityById(groupId);
if (userGroupEntity == null) {
logger.warning(String.format("Missing group %d in plugin setting workspace.permission-group-ids", groupId));
} else {
userGroupEntities.add(userGroupEntity);
}
} else {
logger.warning(String.format("Malformatted plugin setting workspace.permission-group-ids %s", permissionGroupIds));
}
}
}
for (UserGroupEntity userGroupEntity : userGroupEntities) {
UserGroup userGroup = userGroupController.findUserGroup(userGroupEntity);
userGroupBeans.add(new UserGroupBean(userGroupEntity.getId(), userGroup.getName()));
}
Collections.sort(userGroupBeans, new Comparator<UserGroupBean>() {
@Override
public int compare(UserGroupBean o1, UserGroupBean o2) {
return o1.getName().compareTo(o2.getName());
}
});
return null;
}
Also used :
UserGroupEntity(fi.otavanopisto.muikku.model.users.UserGroupEntity)
UserGroup(fi.otavanopisto.muikku.schooldata.entity.UserGroup)
WorkspaceEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceEntity)
Permission(fi.otavanopisto.muikku.model.security.Permission)
RequestAction(org.ocpsoft.rewrite.annotation.RequestAction)
Example 10 with Permission
use of fi.otavanopisto.muikku.model.security.Permission in project muikku by otavanopisto.
the class PermissionsPluginController method resetPermissions.
public void resetPermissions(Set<RoleEntity> resetRoleEntities) {
if (CollectionUtils.isEmpty(resetRoleEntities))
return;
// TODO Only handles environment and workspace scopes
for (MuikkuPermissionCollection collection : permissionCollections) {
logger.log(Level.INFO, "Processing permission collection " + collection.getClass().getSimpleName());
List<String> permissions = collection.listPermissions();
for (String permissionName : permissions) {
Permission permission = permissionDAO.findByName(permissionName);
if (permission != null) {
try {
String permissionScope = collection.getPermissionScope(permissionName);
if (permissionScope != null) {
if (!PermissionScope.PERSONAL.equals(permissionScope)) {
// Current roles
String[] pseudoRoles = collection.getDefaultPseudoRoles(permissionName);
EnvironmentRoleArchetype[] environmentRoles = collection.getDefaultEnvironmentRoles(permissionName);
WorkspaceRoleArchetype[] workspaceRoles = collection.getDefaultWorkspaceRoles(permissionName);
List<RoleEntity> currentRoles = new ArrayList<RoleEntity>();
if (pseudoRoles != null) {
for (String pseudoRole : pseudoRoles) {
RoleEntity roleEntity = roleEntityDAO.findByName(pseudoRole);
if (roleEntity != null) {
currentRoles.add(roleEntity);
}
}
}
if (environmentRoles != null) {
for (EnvironmentRoleArchetype environmentRole : environmentRoles) {
List<EnvironmentRoleEntity> envRoles = environmentRoleEntityDAO.listByArchetype(environmentRole);
currentRoles.addAll(envRoles);
}
}
if (workspaceRoles != null) {
for (WorkspaceRoleArchetype workspaceRole : workspaceRoles) {
List<WorkspaceRoleEntity> wsRoles = workspaceRoleEntityDAO.listByArchetype(workspaceRole);
currentRoles.addAll(wsRoles);
}
}
logger.info(String.format("Permission %s applies to %d roles", permissionName, currentRoles.size()));
if (PermissionScope.ENVIRONMENT.equals(permissionScope) || PermissionScope.WORKSPACE.equals(permissionScope)) {
List<RolePermission> databasePermissions = rolePermissionDAO.listByPermission(permission);
removeNonHandledRoles(currentRoles, databasePermissions, resetRoleEntities);
for (RolePermission databasePermission : databasePermissions) {
int index = indexOfRoleEntity(currentRoles, databasePermission);
if (index >= 0) {
currentRoles.remove(index);
} else {
logger.info(String.format("Removing %s from %s", databasePermission.getRole().getName(), permission.getName()));
rolePermissionDAO.delete(databasePermission);
}
}
for (RoleEntity currentRole : currentRoles) {
logger.info(String.format("Adding environment role %s for %s", currentRole.getName(), permission.getName()));
rolePermissionDAO.create(currentRole, permission);
}
}
}
}
} catch (Exception e) {
logger.log(Level.SEVERE, "Permission handling failed for " + permissionName);
}
}
}
}
}
Also used :
EnvironmentRoleEntity(fi.otavanopisto.muikku.model.users.EnvironmentRoleEntity)
EnvironmentRoleArchetype(fi.otavanopisto.muikku.model.users.EnvironmentRoleArchetype)
MuikkuPermissionCollection(fi.otavanopisto.muikku.security.MuikkuPermissionCollection)
ArrayList(java.util.ArrayList)
WorkspaceRoleEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleEntity)
RoleEntity(fi.otavanopisto.muikku.model.users.RoleEntity)
EnvironmentRoleEntity(fi.otavanopisto.muikku.model.users.EnvironmentRoleEntity)
WorkspaceRoleEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleEntity)
RolePermission(fi.otavanopisto.muikku.model.security.RolePermission)
Permission(fi.otavanopisto.muikku.model.security.Permission)
WorkspaceRoleArchetype(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleArchetype)
RolePermission(fi.otavanopisto.muikku.model.security.RolePermission)
Aggregations
Permission (fi.otavanopisto.muikku.model.security.Permission)16
RoleEntity (fi.otavanopisto.muikku.model.users.RoleEntity)9
WorkspaceEntity (fi.otavanopisto.muikku.model.workspace.WorkspaceEntity)6
RolePermission (fi.otavanopisto.muikku.model.security.RolePermission)4
EnvironmentRoleEntity (fi.otavanopisto.muikku.model.users.EnvironmentRoleEntity)4
UserGroupEntity (fi.otavanopisto.muikku.model.users.UserGroupEntity)4
EnvironmentRoleArchetype (fi.otavanopisto.muikku.model.users.EnvironmentRoleArchetype)3
WorkspaceRoleArchetype (fi.otavanopisto.muikku.model.workspace.WorkspaceRoleArchetype)3
WorkspaceRoleEntity (fi.otavanopisto.muikku.model.workspace.WorkspaceRoleEntity)3
WorkspaceUserEntity (fi.otavanopisto.muikku.model.workspace.WorkspaceUserEntity)3
ArrayList (java.util.ArrayList)3
RequestAction (org.ocpsoft.rewrite.annotation.RequestAction)3
SystemRoleEntity (fi.otavanopisto.muikku.model.users.SystemRoleEntity)2
UserEntity (fi.otavanopisto.muikku.model.users.UserEntity)2
ForumArea (fi.otavanopisto.muikku.plugins.forum.model.ForumArea)2
WorkspaceForumArea (fi.otavanopisto.muikku.plugins.forum.model.WorkspaceForumArea)2
MuikkuPermissionCollection (fi.otavanopisto.muikku.security.MuikkuPermissionCollection)2
EntityManager (javax.persistence.EntityManager)2
CriteriaBuilder (javax.persistence.criteria.CriteriaBuilder)2
WorkspaceGroupPermission (fi.otavanopisto.muikku.model.security.WorkspaceGroupPermission)1
