Examples with Permissions com.manydesigns.portofino.actions.Permissions used on opensource projects

Search in sources :

Example 1 with Permissions

use of com.manydesigns.portofino.actions.Permissions in project Portofino by ManyDesigns.

the class EntityPermissionsChecks method getPermissions.

@NotNull
public static Permissions getPermissions(Configuration configuration, @NotNull EntityPermissions ep) {
    Permissions permissions = new Permissions();
    String allGroup = SecurityLogic.getAllGroup(configuration);
    configurePermission(permissions, allGroup, AbstractCrudAction.PERMISSION_CREATE, ep.create());
    configurePermission(permissions, allGroup, AbstractCrudAction.PERMISSION_DELETE, ep.delete());
    configurePermission(permissions, allGroup, AbstractCrudAction.PERMISSION_EDIT, ep.update());
    configurePermission(permissions, allGroup, AbstractCrudAction.PERMISSION_READ, ep.read());
    permissions.init();
    return permissions;
}
Also used : Permissions(com.manydesigns.portofino.actions.Permissions) NotNull(org.jetbrains.annotations.NotNull)

Example 2 with Permissions

use of com.manydesigns.portofino.actions.Permissions in project Portofino by ManyDesigns.

the class SecurityFacade method isOperationAllowed.

public boolean isOperationAllowed(HttpServletRequest request, ActionInstance actionInstance, ResourceAction resourceAction, Method handler) {
    if (!satisfiesRequiresAdministrator(resourceAction, handler, isAdministrator(request))) {
        return false;
    }
    logger.debug("Checking actionDescriptor permissions");
    boolean isNotAdmin = !isAdministrator(request);
    if (isNotAdmin) {
        ServletContext servletContext = request.getServletContext();
        ConfigurationSource configuration = (ConfigurationSource) servletContext.getAttribute(PortofinoSpringConfiguration.CONFIGURATION_SOURCE);
        Permissions permissions;
        String resource;
        boolean allowed;
        if (actionInstance != null) {
            logger.debug("The protected resource is a actionDescriptor action");
            resource = actionInstance.getPath();
            allowed = hasPermissions(configuration.getProperties(), actionInstance, handler);
        } else {
            logger.debug("The protected resource is a regular JAX-RS resource");
            resource = request.getRequestURI();
            permissions = new Permissions();
            allowed = hasPermissions(configuration.getProperties(), permissions, handler, resourceAction.getClass());
        }
        if (!allowed) {
            logger.info("Access to {} is forbidden", resource);
            return false;
        }
    }
    return true;
}
Also used : ConfigurationSource(com.manydesigns.portofino.config.ConfigurationSource) Permissions(com.manydesigns.portofino.actions.Permissions) ServletContext(javax.servlet.ServletContext)

Example 3 with Permissions

use of com.manydesigns.portofino.actions.Permissions in project Portofino by ManyDesigns.

the class SecurityLogic method calculateActualPermissions.

public static Permissions calculateActualPermissions(Permissions basePermissions, List<ActionDescriptor> actionDescriptors) {
    Permissions result = new Permissions();
    Map<String, AccessLevel> resultLevels = result.getActualLevels();
    resultLevels.putAll(basePermissions.getActualLevels());
    for (ActionDescriptor current : actionDescriptors) {
        Permissions currentPerms = current.getPermissions();
        Map<String, AccessLevel> currentLevels = currentPerms.getActualLevels();
        for (Map.Entry<String, AccessLevel> entry : currentLevels.entrySet()) {
            String currentGroup = entry.getKey();
            AccessLevel currentLevel = entry.getValue();
            AccessLevel resultLevel = resultLevels.get(currentGroup);
            if (resultLevel != AccessLevel.DENY && currentLevel != null) {
                resultLevels.put(currentGroup, currentLevel);
            }
        }
    }
    if (actionDescriptors.size() > 0) {
        ActionDescriptor lastAction = actionDescriptors.get(actionDescriptors.size() - 1);
        Map<String, Set<String>> lastPermissions = lastAction.getPermissions().getActualPermissions();
        result.getActualPermissions().putAll(lastPermissions);
    } else {
        result.getActualPermissions().putAll(basePermissions.getActualPermissions());
    }
    return result;
}
Also used : Set(java.util.Set) ActionDescriptor(com.manydesigns.portofino.actions.ActionDescriptor) Permissions(com.manydesigns.portofino.actions.Permissions) Map(java.util.Map)

Example 4 with Permissions

use of com.manydesigns.portofino.actions.Permissions in project Portofino by ManyDesigns.

the class UpstairsAction method setupUserPages.

protected void setupUserPages(ConnectionProvider connectionProvider, Template template, Table userTable, List<Map> createdPages) throws Exception {
    List<Reference> references = computeChildren(userTable);
    if (references != null) {
        for (Reference ref : references) {
            Column fromColumn = ref.getActualFromColumn();
            Column toColumn = ref.getActualToColumn();
            Table fromTable = fromColumn.getTable();
            Table toTable = toColumn.getTable();
            String entityName = fromTable.getActualEntityName();
            List<Column> pkColumns = toTable.getPrimaryKey().getColumns();
            if (!pkColumns.contains(toColumn)) {
                continue;
            }
            String linkToUserProperty = fromColumn.getActualPropertyName();
            String childQuery = "from " + entityName + " where " + linkToUserProperty + " = %{#securityUtils.primaryPrincipal.id}" + " order by id desc";
            String dirName = "my-" + entityName;
            boolean multipleRoles = isMultipleRoles(fromTable, ref, references);
            if (multipleRoles) {
                dirName += "-as-" + linkToUserProperty;
            }
            FileObject dir = actionsDirectory.resolveFile(dirName);
            Map<String, String> bindings = new HashMap<>();
            bindings.put("generatedClassName", "UserManagementCrudAction");
            bindings.put("parentName", "securityUtils");
            bindings.put("parentProperty", "primaryPrincipal.id");
            bindings.put("linkToParentProperty", linkToUserProperty);
            ActionDescriptor action = createCrudAction(connectionProvider, dir, fromTable, childQuery, template, bindings, null, null, createdPages, 1);
            if (action != null) {
                Group group = new Group();
                group.setName(SecurityLogic.getAnonymousGroup(portofinoConfiguration));
                group.setAccessLevel(AccessLevel.DENY.name());
                Permissions permissions = new Permissions();
                permissions.getGroups().add(group);
                action.setPermissions(permissions);
                ActionLogic.saveActionDescriptor(dir, action);
            }
        }
    }
}
Also used : Group(com.manydesigns.portofino.actions.Group) ActionDescriptor(com.manydesigns.portofino.actions.ActionDescriptor) Permissions(com.manydesigns.portofino.actions.Permissions) FileObject(org.apache.commons.vfs2.FileObject)

Example 5 with Permissions

use of com.manydesigns.portofino.actions.Permissions in project Portofino by ManyDesigns.

the class SecurityLogic method calculateActualPermissions.

public static Permissions calculateActualPermissions(ActionInstance instance) {
    List<ActionDescriptor> actionDescriptors = new ArrayList<>();
    while (instance != null) {
        actionDescriptors.add(0, instance.getActionDescriptor());
        instance = instance.getParent();
    }
    return calculateActualPermissions(new Permissions(), actionDescriptors);
}
Also used : ActionDescriptor(com.manydesigns.portofino.actions.ActionDescriptor) ArrayList(java.util.ArrayList) Permissions(com.manydesigns.portofino.actions.Permissions)

Aggregations

Permissions (com.manydesigns.portofino.actions.Permissions)7 ActionDescriptor (com.manydesigns.portofino.actions.ActionDescriptor)3 Group (com.manydesigns.portofino.actions.Group)3 FileObject (org.apache.commons.vfs2.FileObject)3 NotNull (org.jetbrains.annotations.NotNull)3 EntityPermissions (com.manydesigns.portofino.resourceactions.crud.security.EntityPermissions)2 MapKeyValueAccessor (com.manydesigns.elements.MapKeyValueAccessor)1 com.manydesigns.elements.annotations (com.manydesigns.elements.annotations)1 SelectImpl (com.manydesigns.elements.annotations.impl.SelectImpl)1 Form (com.manydesigns.elements.forms.Form)1 FormBuilder (com.manydesigns.elements.forms.FormBuilder)1 RequestMessages (com.manydesigns.elements.messages.RequestMessages)1 DisplayMode (com.manydesigns.elements.options.DisplayMode)1 SearchDisplayMode (com.manydesigns.elements.options.SearchDisplayMode)1 MutableClassAccessor (com.manydesigns.elements.reflection.MutableClassAccessor)1 MutablePropertyAccessor (com.manydesigns.elements.reflection.MutablePropertyAccessor)1 ReflectionUtil (com.manydesigns.elements.util.ReflectionUtil)1 ConfigurationSource (com.manydesigns.portofino.config.ConfigurationSource)1 Annotation (com.manydesigns.portofino.model.Annotation)1 Property (com.manydesigns.portofino.model.Property)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial