Examples with AuthorizationServiceFacade org.apereo.portal.services.AuthorizationServiceFacade used on opensource projects

Example 1 with AuthorizationServiceFacade

use of org.apereo.portal.services.AuthorizationServiceFacade in project uPortal by Jasig.

the class GroupListHelperImpl method getPrincipalForEntity.

@Override
public IAuthorizationPrincipal getPrincipalForEntity(JsonEntityBean entity) {
    if (entity == null) {
        throw new IllegalArgumentException("Parameter cannot be null.");
    }
    // attempt to determine the entity type class for this principal
    Class entityType;
    EntityEnum jsonType = entity.getEntityType();
    if (jsonType == null) {
        throw new IllegalArgumentException("Parameter's entityType cannot be null.");
    }
    if (jsonType.isGroup()) {
        entityType = IEntityGroup.class;
    } else {
        entityType = jsonType.getClazz();
    }
    // construct an authorization principal for this JsonEntityBean
    AuthorizationServiceFacade authService = AuthorizationServiceFacade.instance();
    IAuthorizationPrincipal p = authService.newPrincipal(entity.getId(), entityType);
    return p;
}

Example 2 with AuthorizationServiceFacade

use of org.apereo.portal.services.AuthorizationServiceFacade in project uPortal by Jasig.

the class EntityService method getPrincipalForEntity.

public IAuthorizationPrincipal getPrincipalForEntity(Entity entity) {
    // attempt to determine the entity type class for this principal
    if (entity == null) {
        return null;
    }
    Class entityType;
    if (entity.getEntityType().equals(EntityEnum.GROUP.toString())) {
        entityType = IEntityGroup.class;
    } else {
        entityType = EntityEnum.getEntityEnum(entity.getEntityType()).getClazz();
    }
    // construct an authorization principal for this JsonEntityBean
    AuthorizationServiceFacade authService = AuthorizationServiceFacade.instance();
    IAuthorizationPrincipal p = authService.newPrincipal(entity.getId(), entityType);
    return p;
}

Example 3 with AuthorizationServiceFacade

use of org.apereo.portal.services.AuthorizationServiceFacade in project uPortal by Jasig.

the class PortletDefinitionImporterExporter method removePortletDefinition.

@Transactional
@Override
public void removePortletDefinition(IPortletDefinition portletDefinition, IPerson person) {
    IPortletDefinition portletDef = portletDefinitionDao.getPortletDefinition(portletDefinition.getPortletDefinitionId());
    // Delete existing category memberships for this portlet
    String portletDefinitionId = portletDefinition.getPortletDefinitionId().getStringId();
    IEntity channelDefEntity = GroupService.getEntity(portletDefinitionId, IPortletDefinition.class);
    for (IEntityGroup group : channelDefEntity.getAncestorGroups()) {
        group.removeChild(channelDefEntity);
        group.update();
    }
    // Delete permissions records that refer to this portlet
    AuthorizationServiceFacade authService = AuthorizationServiceFacade.instance();
    String target = PermissionHelper.permissionTargetIdForPortletDefinition(portletDefinition);
    IUpdatingPermissionManager upm = authService.newUpdatingPermissionManager(IPermission.PORTAL_SUBSCRIBE);
    IPermission[] oldPermissions = upm.getPermissionsForTarget(target);
    upm.removePermissions(oldPermissions);
    // Delete any ratings (incl. reviews) associated with the portlet
    marketplaceRatingDao.clearRatingsForPortlet(portletDef);
    // Delete the portlet itself.
    portletDefinitionDao.deletePortletDefinition(portletDef);
}

Example 4 with AuthorizationServiceFacade

use of org.apereo.portal.services.AuthorizationServiceFacade in project uPortal by Jasig.

the class ILFBuilder method constructILF.

public static Document constructILF(Document PLF, List<Document> sequence, IPerson person) {
    if (LOG.isDebugEnabled()) {
        LOG.debug("Constructing ILF for IPerson='" + person + "'");
    }
    // first construct the destination document and root element. The root
    // element should be a complete copy of the PLF's root including its
    // node identifier in the new document. This requires the use of
    // the implementation class to set the identifier for that node
    // in the document.
    Document result = DocumentFactory.getThreadDocument();
    Element plfLayout = PLF.getDocumentElement();
    Element ilfLayout = (Element) result.importNode(plfLayout, false);
    result.appendChild(ilfLayout);
    Element plfRoot = (Element) plfLayout.getFirstChild();
    Element ilfRoot = (Element) result.importNode(plfRoot, false);
    ilfLayout.appendChild(ilfRoot);
    if (ilfRoot.getAttribute(Constants.ATT_ID) != null)
        ilfRoot.setIdAttribute(Constants.ATT_ID, true);
    // build the auth principal for determining if pushed channels can be
    // used by this user
    EntityIdentifier ei = person.getEntityIdentifier();
    AuthorizationServiceFacade authS = AuthorizationServiceFacade.instance();
    IAuthorizationPrincipal ap = authS.newPrincipal(ei.getKey(), ei.getType());
    for (final Document document : sequence) {
        mergeFragment(document, result, ap);
    }
    return result;
}

Example 5 with AuthorizationServiceFacade

use of org.apereo.portal.services.AuthorizationServiceFacade in project uPortal by Jasig.

the class PortletRendererImpl method enforceConfigPermission.

/**
 * Enforces config mode access control. If requesting user does not have CONFIG permission, and
 * the PortletWindow specifies config mode, throws AuthorizationException. Otherwise does
 * nothing.
 *
 * @param httpServletRequest the non-null current HttpServletRequest (for determining requesting
 *     user)
 * @param portletWindow a non-null portlet window that might be in config mode
 * @throws AuthorizationException if the user is not permitted to access config mode yet portlet
 *     window specifies config mode
 * @throws java.lang.IllegalArgumentException if the request or window are null
 * @since 4.0.13.1, 4.0.14, 4.1.
 */
protected void enforceConfigPermission(final HttpServletRequest httpServletRequest, final IPortletWindow portletWindow) {
    Validate.notNull(httpServletRequest, "Servlet request must not be null to determine remote user.");
    Validate.notNull(portletWindow, "Portlet window must not be null to determine its mode.");
    final PortletMode portletMode = portletWindow.getPortletMode();
    if (portletMode != null) {
        if (IPortletRenderer.CONFIG.equals(portletMode)) {
            final IPerson person = this.personManager.getPerson(httpServletRequest);
            final EntityIdentifier ei = person.getEntityIdentifier();
            final AuthorizationServiceFacade authorizationServiceFacade = AuthorizationServiceFacade.instance();
            final IAuthorizationPrincipal ap = authorizationServiceFacade.newPrincipal(ei.getKey(), ei.getType());
            final IPortletEntity portletEntity = portletWindow.getPortletEntity();
            final IPortletDefinition portletDefinition = portletEntity.getPortletDefinition();
            if (!ap.canConfigure(portletDefinition.getPortletDefinitionId().getStringId())) {
                logger.error("User {} attempted to use portlet {} in {} but lacks permission to use that mode.  " + "THIS MAY BE AN ATTEMPT TO EXPLOIT A HISTORICAL SECURITY FLAW.  " + "You should probably figure out who this user is and why they are trying to access " + "unauthorized portlet modes.", person.getUserName(), portletDefinition.getFName(), portletMode);
                throw new AuthorizationException(person.getUserName() + " does not have permission to render '" + portletDefinition.getFName() + "' in " + portletMode + " PortletMode.");
            }
        }
    }
}