Examples with IPermissionTargetProvider org.apereo.portal.permission.target.IPermissionTargetProvider used on opensource projects

Example 1 with IPermissionTargetProvider

use of org.apereo.portal.permission.target.IPermissionTargetProvider in project uPortal by Jasig.

the class ApiPermissionsService method createAssignment.

/*
     * Implementation
     */
private Assignment createAssignment(IPermission permission, IAuthorizationPrincipal authP, boolean inherited) {
    Assignment rslt = null;
    try {
        // Owner
        IPermissionOwner owner = permissionOwnerDao.getPermissionOwner(permission.getOwner());
        Owner ownerImpl = new OwnerImpl(permission.getOwner(), owner.getName());
        // Activity
        IPermissionActivity activity = permissionOwnerDao.getPermissionActivity(permission.getOwner(), permission.getActivity());
        Activity activityImpl = new ActivityImpl(permission.getActivity(), activity.getName());
        // Principal
        Principal principalImpl = new PrincipalImpl(authP.getKey(), authP.getPrincipalString());
        // Target
        // default
        Target targetImpl = null;
        IPermissionTargetProvider targetProvider = targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey());
        IPermissionTarget target = targetProvider.getTarget(permission.getTarget());
        if (target != null) {
            targetImpl = new TargetImpl(permission.getTarget(), target.getName());
        }
        rslt = new AssignmentImpl(ownerImpl, activityImpl, principalImpl, targetImpl, inherited);
    } catch (Exception e) {
        log.warn("Exception while adding permission", e);
    }
    return rslt;
}

Example 2 with IPermissionTargetProvider

use of org.apereo.portal.permission.target.IPermissionTargetProvider in project uPortal by Jasig.

the class PermissionsRESTController method getTargets.

/**
     * Return a list of targets defined for a particular IPermissionActivity matching the specified
     * search query.
     *
     * @param activityId
     * @param query
     * @param req
     * @param response
     * @return
     * @throws Exception
     */
@PreAuthorize("hasPermission('string', 'ALL', new org.apereo.portal.spring.security.evaluator.AuthorizableActivity('UP_PERMISSIONS', 'VIEW_PERMISSIONS'))")
@RequestMapping(value = "/permissions/{activity}/targets.json", method = RequestMethod.GET)
public ModelAndView getTargets(@PathVariable("activity") Long activityId, @RequestParam("q") String query, HttpServletRequest req, HttpServletResponse response) throws Exception {
    IPermissionActivity activity = permissionOwnerDao.getPermissionActivity(activityId);
    IPermissionTargetProvider provider = targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey());
    SortedSet<IPermissionTarget> matchingTargets = new TreeSet<IPermissionTarget>();
    // add matching results for this identifier provider to the set
    Collection<IPermissionTarget> targets = provider.searchTargets(query);
    for (IPermissionTarget target : targets) {
        if ((StringUtils.isNotBlank(target.getName()) && target.getName().toLowerCase().contains(query)) || target.getKey().toLowerCase().contains(query)) {
            matchingTargets.addAll(targets);
        }
    }
    ModelAndView mv = new ModelAndView();
    mv.addObject("targets", targets);
    mv.setViewName("json");
    return mv;
}

Example 3 with IPermissionTargetProvider

use of org.apereo.portal.permission.target.IPermissionTargetProvider in project uPortal by Jasig.

the class PermissionsRESTController method getPermissionForPrincipal.

protected JsonPermission getPermissionForPrincipal(UniquePermission permission, JsonEntityBean entity) {
    JsonPermission perm = new JsonPermission();
    perm.setOwnerKey(permission.getOwner());
    perm.setActivityKey(permission.getActivity());
    perm.setTargetKey(permission.getIdentifier());
    perm.setPrincipalKey(entity.getId());
    perm.setPrincipalName(entity.getName());
    perm.setInherited(permission.isInherited());
    try {
        IPermissionOwner owner = permissionOwnerDao.getPermissionOwner(permission.getOwner());
        if (owner != null) {
            perm.setOwnerName(owner.getName());
        }
        IPermissionActivity activity = permissionOwnerDao.getPermissionActivity(permission.getOwner(), permission.getActivity());
        if (activity != null) {
            perm.setActivityName(activity.getName());
            IPermissionTargetProvider targetProvider = targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey());
            if (targetProvider != null) {
                IPermissionTarget target = targetProvider.getTarget(permission.getIdentifier());
                if (target != null) {
                    perm.setTargetName(target.getName());
                }
            }
        }
    } catch (RuntimeException e) {
        log.warn("Exception while adding permission", e);
    }
    return perm;
}

Example 4 with IPermissionTargetProvider

use of org.apereo.portal.permission.target.IPermissionTargetProvider in project uPortal by Jasig.

the class PermissionsListController method marshall.

/*
     * Private Stuff.
     */
private List<Map<String, String>> marshall(IPermission[] data) {
    // Assertions.
    if (data == null) {
        String msg = "Argument 'data' cannot be null";
        throw new IllegalArgumentException(msg);
    }
    List<Map<String, String>> rslt = new ArrayList<Map<String, String>>(data.length);
    for (IPermission p : data) {
        JsonEntityBean bean = getEntityBean(p.getPrincipal());
        Map<String, String> entry = new HashMap<String, String>();
        entry.put("owner", p.getOwner());
        entry.put("principalType", bean.getEntityTypeAsString());
        entry.put("principalName", bean.getName());
        entry.put("principalKey", p.getPrincipal());
        entry.put("activity", p.getActivity());
        entry.put("target", p.getTarget());
        entry.put("permissionType", p.getType());
        /*
             *  Attempt to find a name for this target through the permission
             *  target provider registry.  If none can be found, just use
             *  the target key.
             */
        String targetName = null;
        try {
            // attempt to get the target provider for this activity
            IPermissionActivity activity = permissionOwnerDao.getPermissionActivity(p.getOwner(), p.getActivity());
            entry.put("activityName", activity.getName());
            IPermissionOwner owner = permissionOwnerDao.getPermissionOwner(p.getOwner());
            entry.put("ownerName", owner.getName());
            String providerKey = activity.getTargetProviderKey();
            IPermissionTargetProvider provider = targetProviderRegistry.getTargetProvider(providerKey);
            // get the target from the provider
            IPermissionTarget target = provider.getTarget(p.getTarget());
            targetName = target.getName();
        } catch (RuntimeException e) {
            // likely a result of a null activity or provider
            log.trace("Failed to resolve target name", e);
        }
        if (targetName == null) {
            targetName = p.getTarget();
        }
        entry.put("targetName", targetName);
        rslt.add(entry);
    }
    return rslt;
}

Example 5 with IPermissionTargetProvider

use of org.apereo.portal.permission.target.IPermissionTargetProvider in project uPortal by Jasig.

the class AuthorizationImpl method doesPrincipalHavePermission.

/**
     * Answers if the owner has given the principal permission to perform the activity on the
     * target, as evaluated by the policy. Params <code>policy</code>, <code>owner</code> and <code>
     * activity</code> must be non-null.
     *
     * @return boolean
     * @param principal IAuthorizationPrincipal
     * @param owner java.lang.String
     * @param activity java.lang.String
     * @param target java.lang.String
     * @exception AuthorizationException indicates authorization information could not be retrieved.
     */
@Override
@RequestCache
public boolean doesPrincipalHavePermission(IAuthorizationPrincipal principal, String owner, String activity, String target, IPermissionPolicy policy) throws AuthorizationException {
    final CacheKeyBuilder<Serializable, Serializable> cacheKeyBuilder = CacheKey.builder(AuthorizationImpl.class.getName());
    final String username = principal.getKey();
    if (IPerson.class.equals(principal.getType())) {
        cacheKeyBuilder.addTag(UsernameTaggedCacheEntryPurger.createCacheEntryTag(username));
    }
    cacheKeyBuilder.addAll(policy.getClass(), username, principal.getType(), owner, activity, target);
    final CacheKey key = cacheKeyBuilder.build();
    final Element element = this.doesPrincipalHavePermissionCache.get(key);
    if (element != null) {
        return (Boolean) element.getValue();
    }
    /*
         * Convert to (strongly-typed) Java objects based on interfaces in
         * o.j.p.permission before we make the actual check with IPermissionPolicy;
         * parameters that communicate something of the nature of the things they
         * represent helps us make the check(s) more intelligently.  This objects
         * were retro-fitted to IPermissionPolicy in uP 4.3;  perhaps we should do
         * the same to IAuthorizationService itself?
         */
    final IPermissionOwner ipOwner = permissionOwnerDao.getPermissionOwner(owner);
    final IPermissionActivity ipActivity = permissionOwnerDao.getPermissionActivity(owner, activity);
    if (ipActivity == null) {
        // Means needed data is missing;  much clearer than NPE
        String msg = "The following activity is not defined for owner '" + owner + "':  " + activity;
        throw new RuntimeException(msg);
    }
    final IPermissionTargetProvider targetProvider = targetProviderRegistry.getTargetProvider(ipActivity.getTargetProviderKey());
    final IPermissionTarget ipTarget = targetProvider.getTarget(target);
    final boolean doesPrincipalHavePermission = policy.doesPrincipalHavePermission(this, principal, ipOwner, ipActivity, ipTarget);
    this.doesPrincipalHavePermissionCache.put(new Element(key, doesPrincipalHavePermission));
    return doesPrincipalHavePermission;
}