Examples with IAuthorizationPrincipal org.apereo.portal.security.IAuthorizationPrincipal used on opensource projects

Example 91 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class PortletDefinitionImporterExporter method exportPermission.

private boolean exportPermission(IPortletDefinition def, ExternalPermissionDefinition permDef, List<String> groupList, List<String> userList) {
    final AuthorizationServiceFacade authService = AuthorizationServiceFacade.instance();
    final IPermissionManager pm = authService.newPermissionManager(permDef.getSystem());
    final String portletTargetId = PermissionHelper.permissionTargetIdForPortletDefinition(def);
    final IAuthorizationPrincipal[] principals = pm.getAuthorizedPrincipals(permDef.getActivity(), portletTargetId);
    boolean permAdded = false;
    for (IAuthorizationPrincipal principal : principals) {
        IGroupMember member = authService.getGroupMember(principal);
        if (member.isGroup()) {
            final EntityNameFinderService entityNameFinderService = EntityNameFinderService.instance();
            final IEntityNameFinder nameFinder = entityNameFinderService.getNameFinder(member.getType());
            try {
                groupList.add(nameFinder.getName(member.getKey()));
                permAdded = true;
            } catch (Exception e) {
                throw new RuntimeException("Could not find group name for entity: " + member.getKey(), e);
            }
        } else {
            if (userList != null) {
                userList.add(member.getKey());
                permAdded = true;
            }
        }
    }
    Collections.sort(groupList);
    if (userList != null) {
        Collections.sort(userList);
    }
    return permAdded;
}

Example 92 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class ClassicMaxInactiveStrategy method calcMaxInactive.

@Override
public Integer calcMaxInactive(IPerson person) {
    assert person != null;
    IAuthorizationPrincipal principal = authorizationService.newPrincipal((String) person.getAttribute(IPerson.USERNAME), IPerson.class);
    IPermission[] permissions = authorizationService.getAllPermissionsForPrincipal(principal, IPermission.PORTAL_SYSTEM, MAX_INACTIVE_ATTR, null);
    assert permissions != null;
    if (permissions.length == 0) {
        // No max inactive permission set for this user
        log.info("No {} permissions apply to user '{}'", MAX_INACTIVE_ATTR, person.getAttribute(IPerson.USERNAME));
        return null;
    }
    Integer rulingGrant = null;
    Integer rulingDeny = null;
    for (IPermission p : permissions) {
        // First be sure the record applies currently...
        long now = System.currentTimeMillis();
        if (p.getEffective() != null && p.getEffective().getTime() > now) {
            // It's *TOO EARLY* for this record... move on.
            continue;
        }
        if (p.getExpires() != null && p.getExpires().getTime() < now) {
            // It's *TOO LATE* for this record... move on.
            continue;
        }
        if (p.getType().equals(IPermission.PERMISSION_TYPE_GRANT)) {
            try {
                Integer grantEntry = Integer.valueOf(p.getTarget());
                if (rulingGrant == null || grantEntry < 0 || /* Any negative number trumps all */
                rulingGrant < grantEntry) {
                    rulingGrant = grantEntry;
                }
            } catch (NumberFormatException nfe) {
                log.warn("Invalid MAX_INACTIVE permission grant '" + p.getTarget() + "';  target must be an integer value.");
            }
        } else if (p.getType().equals(IPermission.PERMISSION_TYPE_DENY)) {
            try {
                Integer denyEntry = Integer.valueOf(p.getTarget());
                if (rulingDeny == null || rulingDeny > denyEntry) {
                    rulingDeny = denyEntry;
                }
            } catch (NumberFormatException nfe) {
                log.warn("Invalid MAX_INACTIVE permission deny '" + p.getTarget() + "';  target must be an integer value.");
            }
        } else {
            log.warn("Unknown permission type:  " + p.getType());
        }
    }
    if (rulingDeny != null && rulingDeny < 0) {
        // Negative MaxInactiveInterval values mean the session never
        // times out, so a negative DENY is somewhat nonsensical... just
        // clear it.
        log.warn("A MAX_INACTIVE DENY entry improperly specified a negative target:  " + rulingDeny);
        rulingDeny = null;
    }
    if (rulingGrant != null || rulingDeny != null) {
        // We only want to intervene if there's some actual value
        // specified... otherwise we'll just let the container settings
        // govern.
        int maxInactive = rulingGrant != null ? rulingGrant : // If rulingGrant is null, rulingDeny won't be...
        0;
        if (rulingDeny != null) {
            // Applying DENY entries is tricky b/c GRANT entries may be negative...
            int limit = rulingDeny;
            if (maxInactive >= 0) {
                maxInactive = limit < maxInactive ? limit : maxInactive;
            } else {
                // The best grant was negative (unlimited), so go with limit...
                maxInactive = limit;
            }
        }
        return maxInactive;
    }
    return null;
}

Example 93 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class MarketplaceService method browseableNonEmptyPortletCategoriesFor.

@Override
public Set<PortletCategory> browseableNonEmptyPortletCategoriesFor(final IPerson user, final Set<PortletCategory> categories) {
    final IAuthorizationPrincipal principal = AuthorizationPrincipalHelper.principalFromUser(user);
    final Set<MarketplaceEntry> browseablePortlets = browseableMarketplaceEntriesFor(user, categories);
    final Set<PortletCategory> browseableCategories = new HashSet<PortletCategory>();
    // categories containing zero browseable portlets are excluded.
    for (final MarketplaceEntry entry : browseablePortlets) {
        IPortletDefinition portletDefinition = entry.getMarketplacePortletDefinition();
        for (final PortletCategory category : this.portletCategoryRegistry.getParentCategories(portletDefinition)) {
            final String categoryId = category.getId();
            if (mayBrowse(principal, categoryId)) {
                browseableCategories.add(category);
            } else {
                logger.trace("Portlet {} is browseable by {} but it is in category {} " + "which is not browseable by that user.  " + "This may be as intended, " + "or it may be that that portlet category ought to be more widely browseable.", portletDefinition, user, category);
            }
        }
    }
    logger.trace("These categories {} are browseable by {}.", browseableCategories, user);
    return browseableCategories;
}