use of com.agiletec.aps.system.services.role.Role in project entando-core by entando.
the class TestAuthenticationProviderManager method testUpdateRoleWithPrivacyModuleEnabled.
public void testUpdateRoleWithPrivacyModuleEnabled() throws Throwable {
String username = "MEMisToUpdateRole";
String password = "123456";
this.addUserForTest(username, password);
try {
boolean privacyModuleStatus = this.getPrivacyModuleStatus();
assertTrue(!privacyModuleStatus);
this.togglePrivacyModuleStatus(true);
privacyModuleStatus = this.getPrivacyModuleStatus();
assertTrue(privacyModuleStatus);
UserDetails user = this._authenticationProvider.getUser(username, password);
assertNotNull(user);
assertEquals(1, user.getAuthorizations().size());
// update role
Role adminRole = this._roleManager.getRole("admin");
Group freeGroup = this._groupManager.getGroup(Group.FREE_GROUP_NAME);
this._authorizationManager.addUserAuthorization(username, Group.FREE_GROUP_NAME, "admin");
// verify role
user = this._authenticationProvider.getUser(username, password);
assertNotNull(user);
assertEquals(2, user.getAuthorizations().size());
} catch (Throwable t) {
throw t;
} finally {
this.togglePrivacyModuleStatus(false);
this._userManager.removeUser(username);
UserDetails verify = this._userManager.getUser(username);
assertNull(verify);
}
}
use of com.agiletec.aps.system.services.role.Role in project entando-core by entando.
the class UserAuthorizationAction method addAuthorization.
public String addAuthorization() {
try {
if (!this.checkAuthorizationSessionBean()) {
return "userList";
}
String groupName = this.getGroupName();
String roleName = this.getRoleName();
Group group = this.getGroupManager().getGroup(groupName);
Role role = this.getRoleManager().getRole(roleName);
if (!StringUtils.isEmpty(groupName) && null == group) {
this.addFieldError("groupName", this.getText("error.userAuthorization.invalidGroup", new String[] { groupName }));
}
if (!StringUtils.isEmpty(roleName) && null == role) {
this.addFieldError("roleName", this.getText("error.userAuthorization.invalidRole", new String[] { groupName }));
}
if (null == group && null == role) {
this.addFieldError("groupName", this.getText("error.userAuthorization.invalidGroupAndRole"));
this.addFieldError("roleName", this.getText("error.userAuthorization.invalidGroupAndRole"));
}
if (this.hasFieldErrors()) {
return INPUT;
}
Authorization authorization = new Authorization(group, role);
boolean result = this.getUserAuthsFormBean().addAuthorization(authorization);
if (!result) {
this.addActionError(this.getText("error.userAuthorization.alreadyExists", new String[] { groupName, roleName }));
return INPUT;
}
} catch (Throwable t) {
_logger.error("error adding user authorization", t);
return FAILURE;
}
return SUCCESS;
}
use of com.agiletec.aps.system.services.role.Role in project entando-core by entando.
the class AuthorizationDAO method getUserAuthorizations.
@Override
public List<Authorization> getUserAuthorizations(String username, Map<String, Group> groups, Map<String, Role> roles) {
Connection conn = null;
List<Authorization> authorizations = new ArrayList<Authorization>();
PreparedStatement stat = null;
ResultSet res = null;
try {
conn = this.getConnection();
stat = conn.prepareStatement(GET_USER_AUTHORIZATIONS);
stat.setString(1, username);
res = stat.executeQuery();
while (res.next()) {
String groupname = res.getString(1);
Group group = (null != groupname) ? groups.get(groupname) : null;
String rolename = res.getString(2);
Role role = (null != rolename) ? roles.get(rolename) : null;
Authorization authorization = new Authorization(group, role);
if (!authorizations.contains(authorization)) {
authorizations.add(authorization);
}
}
} catch (Throwable t) {
_logger.error("Error loading user authorization", t);
throw new RuntimeException("Error loading user authorization", t);
} finally {
closeDaoResources(res, stat, conn);
}
return authorizations;
}
use of com.agiletec.aps.system.services.role.Role in project entando-core by entando.
the class AuthorizationManager method isAuthOnGroupAndRole.
@Override
public boolean isAuthOnGroupAndRole(UserDetails user, String groupName, String roleName, boolean chechAdmin) {
if (null == user || (null == groupName && null == roleName)) {
return false;
}
List<Authorization> userAuths = user.getAuthorizations();
for (int i = 0; i < userAuths.size(); i++) {
Authorization userAuth = userAuths.get(i);
if (null == userAuth) {
continue;
}
Group group = userAuth.getGroup();
if ((null == group && null != groupName) || (null != group && null == groupName)) {
continue;
} else if (null != group && null != groupName) {
if (!chechAdmin && !groupName.equals(group.getName())) {
continue;
} else if (chechAdmin && !Group.ADMINS_GROUP_NAME.equals(group.getName())) {
continue;
}
}
Role role = userAuth.getRole();
if (null == roleName) {
return true;
} else {
boolean isSuper = role.hasPermission(Permission.SUPERUSER);
if (role.getName().equals(roleName) || (chechAdmin && isSuper)) {
return true;
}
}
}
return false;
}
use of com.agiletec.aps.system.services.role.Role in project entando-core by entando.
the class AuthorizationManager method getRelatedAuthorities.
private List getRelatedAuthorities(UserDetails user, String requiredAuthName, boolean isRole) {
if (null == user || null == requiredAuthName || (isRole && null == this.getRoleManager().getRole(requiredAuthName)) || (!isRole && null == this.getGroupManager().getGroup(requiredAuthName))) {
return null;
}
List<String> adminRoleNames = new ArrayList<String>();
if (isRole) {
List<Role> adminRoles = this.getRolesWithPermission(user, Permission.SUPERUSER);
if (null != adminRoles && !adminRoles.isEmpty()) {
for (int i = 0; i < adminRoles.size(); i++) {
Role role = adminRoles.get(i);
if (null != role) {
adminRoleNames.add(role.getName());
}
}
}
}
List authorities = new ArrayList<IApsAuthority>();
List<Authorization> userAuths = user.getAuthorizations();
for (int i = 0; i < userAuths.size(); i++) {
Authorization userAuth = userAuths.get(i);
if (null == userAuth) {
continue;
}
if (!isRole && null != userAuth.getGroup() && (userAuth.getGroup().getName().equals(Group.ADMINS_GROUP_NAME) || requiredAuthName.equals(userAuth.getGroup().getAuthority()))) {
authorities.add(userAuth.getRole());
}
if (isRole && null != userAuth.getRole() && (adminRoleNames.contains(userAuth.getRole().getName()) || requiredAuthName.equals(userAuth.getRole().getAuthority()))) {
if (userAuth.getGroup().getName().equals(Group.ADMINS_GROUP_NAME)) {
return this.getGroupManager().getGroups();
} else {
authorities.add(userAuth.getGroup());
}
}
}
return authorities;
}
Aggregations