Search in sources :

Example 11 with Principal

use of com.autentia.tnt.manager.security.Principal in project TNTConcept by autentia.

the class DefaultAclService method addAclLevel.

private void addAclLevel(Map<AclMatrixKey, AclMatrixValue> matrix, AclImpl acl, Class type, ITransferObject dto, Permission perm) {
    Principal principal = SpringUtils.getPrincipal();
    Sid sid = new PrincipalSid(principal.getUsername());
    AclMatrixKey key = new AclMatrixKey(type, principal.getRoleId());
    AclMatrixValue level = matrix.get(key);
    if (log.isDebugEnabled()) {
        log.debug("addAclLevel -" + " permission=[" + perm.getPattern() + "]" + " type=" + type.getSimpleName() + " id=" + dto.getId() + " ownerId=" + dto.getOwnerId() + " departmentId=" + dto.getDepartmentId() + " userId=" + principal.getId() + " roleId=" + principal.getRoleId() + " level=" + level);
    }
    if (level == null) {
        throw new UnsupportedOperationException("Write permission level for " + key + " not defined");
    }
    switch(level) {
        case ALL:
            acl.insertAce(null, perm, sid, true);
            break;
        case OWN:
            if (isIgnoreUnownedObjects() && (dto.getOwnerId() == null)) {
                acl.insertAce(null, perm, sid, true);
                log.warn("addAclLevel - allowing permission [" + perm.getPattern() + "] on object " + type.getSimpleName() + "[" + dto.getId() + "] " + "because it is not owned by any user and ignoreUnknownedObjects=true in DefaultAclService");
            } else {
                if (dto.getOwnerId() == principal.getId()) {
                    acl.insertAce(null, perm, sid, true);
                }
            }
            break;
        case AREA:
            if (isIgnoreUnownedObjects() && (dto.getDepartmentId() == null)) {
                acl.insertAce(null, perm, sid, true);
                log.warn("addAclLevel - allowing permission [" + perm.getPattern() + "] on object " + type.getSimpleName() + "[" + dto.getId() + "] " + "because it is not owned by any department and ignoreUnknownedObjects=true in DefaultAclService");
            } else {
                if (dto.getDepartmentId() == principal.getDepartmentId()) {
                    acl.insertAce(null, perm, sid, true);
                }
            }
            break;
        case DENY:
            // Do nothing
            break;
        case OWNERS:
            if (dto.getOwnersId() != null && dto.getOwnersId().contains(principal.getId())) {
                acl.insertAce(null, perm, sid, true);
            }
            break;
        default:
            throw new UnsupportedOperationException("AclMatrixValue(" + level + ") not supported by write permission in readAclById()");
    }
}
Also used : PrincipalSid(org.acegisecurity.acls.sid.PrincipalSid) Principal(com.autentia.tnt.manager.security.Principal) Sid(org.acegisecurity.acls.sid.Sid) PrincipalSid(org.acegisecurity.acls.sid.PrincipalSid)

Example 12 with Principal

use of com.autentia.tnt.manager.security.Principal in project TNTConcept by autentia.

the class ContractExpirationNotificationBean method authenticateAs.

// TODO Extract to a Security Utils Class or similar
private void authenticateAs(final String userLogin) {
    final Principal principal = (Principal) AuthenticationManager.getDefault().loadUserByUsername(userLogin);
    Authentication auth = new UsernamePasswordAuthenticationToken(principal, principal.getUser().getPassword(), principal.getAuthorities());
    SecurityContextHolder.getContext().setAuthentication(auth);
}
Also used : Authentication(org.acegisecurity.Authentication) UsernamePasswordAuthenticationToken(org.acegisecurity.providers.UsernamePasswordAuthenticationToken) Principal(com.autentia.tnt.manager.security.Principal)

Example 13 with Principal

use of com.autentia.tnt.manager.security.Principal in project TNTConcept by autentia.

the class MenuBean method getMenu.

/**
 * Get menu tree
 * @return menu tree
 */
public TreeNode getMenu() {
    // Create menu only the first time
    if (menu == null) {
        Principal creds = SpringUtils.getPrincipal();
        Stack<TreeNode> path = new Stack<TreeNode>();
        menu = new TreeNodeBase("menu", "Menu", false);
        path.push(menu);
        if (openNode(path, creds, null, "admin")) {
            addLeaf(path, creds, Permission.Entity_Menu(User.class), "users");
            addLeaf(path, creds, Permission.Entity_Menu(UserCategory.class), "userCategorys");
            addLeaf(path, creds, null, "changePassword");
            addLeaf(path, creds, Permission.Entity_Menu(Department.class), "departments");
            // addLeaf( path, creds, Permission.Entity_Menu(Setting.class),      "settings" );
            closeNode(path);
        }
        if (openNode(path, creds, null, "masterTables")) {
            addLeaf(path, creds, Permission.Entity_Menu(AccountEntryType.class), "accountEntryTypes");
            addLeaf(path, creds, Permission.Entity_Menu(OrganizationType.class), "organizationTypes");
            addLeaf(path, creds, Permission.Entity_Menu(InteractionType.class), "interactionTypes");
            addLeaf(path, creds, Permission.Entity_Menu(OrganizationISOCategory.class), "organizationISOCategorys");
            addLeaf(path, creds, Permission.Entity_Menu(ContractType.class), "contractTypes");
            addLeaf(path, creds, Permission.Entity_Menu(Magazine.class), "magazines");
            addLeaf(path, creds, Permission.Entity_Menu(OfferRejectReason.class), "offerRejectReasons");
            closeNode(path);
        }
        if (openNode(path, creds, null, "billing")) {
            addLeaf(path, creds, Permission.Entity_Menu(Bill.class), "bills");
            addLeaf(path, creds, Permission.Entity_Menu(Account.class), "accounts");
            addLeaf(path, creds, Permission.Entity_Menu(AccountEntry.class), "accountEntrys");
            addLeaf(path, creds, Permission.Entity_Menu(PeriodicalAccountEntry.class), "periodicalAccountEntrys");
            addLeaf(path, creds, Permission.Action_NOF, "nof");
            addLeaf(path, creds, Permission.Entity_Menu(FinancialRatio.class), "financialRatios");
            closeNode(path);
        }
        if (openNode(path, creds, null, "contacts")) {
            addLeaf(path, creds, Permission.Entity_Menu(Organization.class), "organizations");
            addLeaf(path, creds, Permission.Entity_Menu(Interaction.class), "interactions");
            addLeaf(path, creds, Permission.Entity_Menu(Contact.class), "contacts");
            addLeaf(path, creds, Permission.Entity_Menu(Offer.class), "offers");
            addLeaf(path, creds, Permission.Entity_Menu(Project.class), "projects");
            closeNode(path);
        }
        if (openNode(path, creds, null, "quality")) {
            addLeaf(path, creds, Permission.Action_ListQualityDocuments, "qualityDocuments");
            closeNode(path);
        }
        if (openNode(path, creds, null, "bulletin")) {
            addLeaf(path, creds, Permission.Entity_Menu(BulletinBoard.class), "bulletinBoards");
            addLeaf(path, creds, Permission.Entity_Menu(CompanyState.class), "companyStates");
            addLeaf(path, creds, Permission.Entity_Menu(BulletinBoardCategory.class), "bulletinBoardCategorys");
            addLeaf(path, creds, Permission.Entity_Menu(Idea.class), "ideas");
            closeNode(path);
        }
        if (openNode(path, creds, null, "activity")) {
            addLeaf(path, creds, Permission.Entity_Menu(Activity.class), "activitys");
            addLeaf(path, creds, Permission.Entity_Menu(Objective.class), "objectives");
            closeNode(path);
        }
        if (openNode(path, creds, null, "reports")) {
            addLeaf(path, creds, Permission.Action_GeneralReports, "generalReports");
            addLeaf(path, creds, Permission.Action_BitacoreReports, "bitacoreReports");
            addLeaf(path, creds, Permission.Action_BillReports, "billReports");
            addLeaf(path, creds, Permission.Action_ProjectReports, "projectReports");
            addLeaf(path, creds, Permission.Action_InteractionReports, "interactionReports");
            addLeaf(path, creds, Permission.Action_OrganizationReports, "organizationReports");
            addLeaf(path, creds, Permission.Action_OfferReports, "offerReports");
            addLeaf(path, creds, Permission.Action_OwnReports, "ownReports");
            addLeaf(path, creds, Permission.Action_PersonalReports, "personalReports");
            closeNode(path);
        }
        if (openNode(path, creds, null, "publish")) {
            addLeaf(path, creds, Permission.Entity_Menu(Tutorial.class), "tutorials");
            addLeaf(path, creds, Permission.Entity_Menu(Publication.class), "publications");
            closeNode(path);
        }
        if (openNode(path, creds, null, "holiday")) {
            addLeaf(path, creds, Permission.Entity_Menu(Holiday.class), "holidays");
            addLeaf(path, creds, Permission.Entity_Menu(RequestHoliday.class), "requestHolidays");
            addLeaf(path, creds, Permission.Entity_Menu(AdminHoliday.class), "adminHolidays");
            closeNode(path);
        }
        if (openNode(path, creds, null, "utils")) {
            addLeaf(path, creds, Permission.Entity_Menu(Book.class), "books");
            addLeaf(path, creds, Permission.Entity_Menu(Inventary.class), "inventarys");
            closeNode(path);
        }
    }
    return menu;
}
Also used : InteractionType(com.autentia.tnt.businessobject.InteractionType) UserCategory(com.autentia.tnt.businessobject.UserCategory) Account(com.autentia.tnt.businessobject.Account) User(com.autentia.tnt.businessobject.User) Organization(com.autentia.tnt.businessobject.Organization) BulletinBoardCategory(com.autentia.tnt.businessobject.BulletinBoardCategory) Activity(com.autentia.tnt.businessobject.Activity) PeriodicalAccountEntry(com.autentia.tnt.businessobject.PeriodicalAccountEntry) AccountEntry(com.autentia.tnt.businessobject.AccountEntry) TreeNodeBase(org.apache.myfaces.custom.tree2.TreeNodeBase) RequestHoliday(com.autentia.tnt.businessobject.RequestHoliday) Department(com.autentia.tnt.businessobject.Department) PeriodicalAccountEntry(com.autentia.tnt.businessobject.PeriodicalAccountEntry) TreeNode(org.apache.myfaces.custom.tree2.TreeNode) Book(com.autentia.tnt.businessobject.Book) OrganizationISOCategory(com.autentia.tnt.businessobject.OrganizationISOCategory) FinancialRatio(com.autentia.tnt.businessobject.FinancialRatio) Tutorial(com.autentia.tnt.businessobject.Tutorial) Interaction(com.autentia.tnt.businessobject.Interaction) Publication(com.autentia.tnt.businessobject.Publication) AccountEntryType(com.autentia.tnt.businessobject.AccountEntryType) CompanyState(com.autentia.tnt.businessobject.CompanyState) OrganizationType(com.autentia.tnt.businessobject.OrganizationType) Inventary(com.autentia.tnt.businessobject.Inventary) Stack(java.util.Stack) Contact(com.autentia.tnt.businessobject.Contact) BulletinBoard(com.autentia.tnt.businessobject.BulletinBoard) Project(com.autentia.tnt.businessobject.Project) Objective(com.autentia.tnt.businessobject.Objective) OfferRejectReason(com.autentia.tnt.businessobject.OfferRejectReason) Offer(com.autentia.tnt.businessobject.Offer) Idea(com.autentia.tnt.businessobject.Idea) Holiday(com.autentia.tnt.businessobject.Holiday) AdminHoliday(com.autentia.tnt.businessobject.AdminHoliday) RequestHoliday(com.autentia.tnt.businessobject.RequestHoliday) Bill(com.autentia.tnt.businessobject.Bill) ContractType(com.autentia.tnt.businessobject.ContractType) Principal(com.autentia.tnt.manager.security.Principal) Magazine(com.autentia.tnt.businessobject.Magazine) AdminHoliday(com.autentia.tnt.businessobject.AdminHoliday)

Aggregations

Principal (com.autentia.tnt.manager.security.Principal)13 UsernamePasswordAuthenticationToken (org.acegisecurity.providers.UsernamePasswordAuthenticationToken)7 Authentication (org.acegisecurity.Authentication)6 AccountEntry (com.autentia.tnt.businessobject.AccountEntry)2 AccountEntryType (com.autentia.tnt.businessobject.AccountEntryType)2 Activity (com.autentia.tnt.businessobject.Activity)2 AdminHoliday (com.autentia.tnt.businessobject.AdminHoliday)2 Bill (com.autentia.tnt.businessobject.Bill)2 Book (com.autentia.tnt.businessobject.Book)2 BulletinBoard (com.autentia.tnt.businessobject.BulletinBoard)2 BulletinBoardCategory (com.autentia.tnt.businessobject.BulletinBoardCategory)2 CompanyState (com.autentia.tnt.businessobject.CompanyState)2 Contact (com.autentia.tnt.businessobject.Contact)2 ContractType (com.autentia.tnt.businessobject.ContractType)2 Department (com.autentia.tnt.businessobject.Department)2 FinancialRatio (com.autentia.tnt.businessobject.FinancialRatio)2 Holiday (com.autentia.tnt.businessobject.Holiday)2 Idea (com.autentia.tnt.businessobject.Idea)2 Interaction (com.autentia.tnt.businessobject.Interaction)2 InteractionType (com.autentia.tnt.businessobject.InteractionType)2