Search in sources :

Example 1 with RoleDAO

use of com.runwaysdk.business.rbac.RoleDAO in project geoprism-registry by terraframe.

the class BusinessType method apply.

@Transaction
public static BusinessType apply(JsonObject object) {
    String code = object.get(BusinessType.CODE).getAsString();
    String organizationCode = object.get(BusinessType.ORGANIZATION).getAsString();
    Organization organization = Organization.getByCode(organizationCode);
    ServiceFactory.getGeoObjectTypePermissionService().enforceCanCreate(organization.getCode(), false);
    if (!MasterList.isValidName(code)) {
        throw new InvalidMasterListCodeException("The geo object type code has an invalid character");
    }
    if (code.length() > 64) {
        // Setting the typename on the MdBusiness creates this limitation.
        CodeLengthException ex = new CodeLengthException();
        ex.setLength(64);
        throw ex;
    }
    // assignSRAPermissions(mdVertex, mdBusiness);
    // assignAll_RA_Permissions(mdVertex, mdBusiness, organizationCode);
    LocalizedValue localizedValue = LocalizedValue.fromJSON(object.get(DISPLAYLABEL).getAsJsonObject());
    BusinessType businessType = (object.has(OID) && !object.get(OID).isJsonNull()) ? BusinessType.get(object.get(OID).getAsString()) : new BusinessType();
    businessType.setCode(code);
    businessType.setOrganization(organization);
    LocalizedValueConverter.populate(businessType.getDisplayLabel(), localizedValue);
    boolean isNew = businessType.isNew();
    if (isNew) {
        MdVertexDAO mdVertex = MdVertexDAO.newInstance();
        mdVertex.setValue(MdGeoVertexInfo.PACKAGE, RegistryConstants.BUSINESS_PACKAGE);
        mdVertex.setValue(MdGeoVertexInfo.NAME, code);
        mdVertex.setValue(MdGeoVertexInfo.ENABLE_CHANGE_OVER_TIME, MdAttributeBooleanInfo.FALSE);
        mdVertex.setValue(MdGeoVertexInfo.GENERATE_SOURCE, MdAttributeBooleanInfo.FALSE);
        LocalizedValueConverter.populate(mdVertex, MdVertexInfo.DISPLAY_LABEL, localizedValue);
        mdVertex.apply();
        // TODO CREATE the edge between this class and GeoVertex??
        MdVertexDAOIF mdGeoVertexDAO = MdVertexDAO.getMdVertexDAO(GeoVertex.CLASS);
        MdAttributeGraphReferenceDAO mdGeoObject = MdAttributeGraphReferenceDAO.newInstance();
        mdGeoObject.setValue(MdAttributeGraphReferenceInfo.REFERENCE_MD_VERTEX, mdGeoVertexDAO.getOid());
        mdGeoObject.setValue(MdAttributeGraphReferenceInfo.DEFINING_MD_CLASS, mdVertex.getOid());
        mdGeoObject.setValue(MdAttributeGraphReferenceInfo.NAME, GEO_OBJECT);
        mdGeoObject.setStructValue(MdAttributeGraphReferenceInfo.DESCRIPTION, MdAttributeLocalInfo.DEFAULT_LOCALE, "Geo Object");
        mdGeoObject.apply();
        // DefaultAttribute.CODE
        MdAttributeCharacterDAO vertexCodeMdAttr = MdAttributeCharacterDAO.newInstance();
        vertexCodeMdAttr.setValue(MdAttributeConcreteInfo.NAME, DefaultAttribute.CODE.getName());
        vertexCodeMdAttr.setStructValue(MdAttributeConcreteInfo.DISPLAY_LABEL, MdAttributeLocalInfo.DEFAULT_LOCALE, DefaultAttribute.CODE.getDefaultLocalizedName());
        vertexCodeMdAttr.setStructValue(MdAttributeConcreteInfo.DESCRIPTION, MdAttributeLocalInfo.DEFAULT_LOCALE, DefaultAttribute.CODE.getDefaultDescription());
        vertexCodeMdAttr.setValue(MdAttributeCharacterInfo.SIZE, MdAttributeCharacterInfo.MAX_CHARACTER_SIZE);
        vertexCodeMdAttr.setValue(MdAttributeConcreteInfo.DEFINING_MD_CLASS, mdVertex.getOid());
        vertexCodeMdAttr.setValue(MdAttributeConcreteInfo.REQUIRED, MdAttributeBooleanInfo.TRUE);
        vertexCodeMdAttr.addItem(MdAttributeConcreteInfo.INDEX_TYPE, IndexTypes.UNIQUE_INDEX.getOid());
        vertexCodeMdAttr.apply();
        businessType.setMdVertexId(mdVertex.getOid());
        // Assign permissions
        Roles role = Roles.findRoleByName(RegistryConstants.REGISTRY_SUPER_ADMIN_ROLE);
        RoleDAO roleDAO = (RoleDAO) BusinessFacade.getEntityDAO(role);
        roleDAO.grantPermission(Operation.CREATE, mdVertex.getOid());
        roleDAO.grantPermission(Operation.DELETE, mdVertex.getOid());
        roleDAO.grantPermission(Operation.WRITE, mdVertex.getOid());
        roleDAO.grantPermission(Operation.WRITE_ALL, mdVertex.getOid());
    }
    businessType.apply();
    return businessType;
}
Also used : MdVertexDAOIF(com.runwaysdk.dataaccess.MdVertexDAOIF) MdAttributeGraphReferenceDAO(com.runwaysdk.dataaccess.metadata.MdAttributeGraphReferenceDAO) Roles(com.runwaysdk.system.Roles) MdAttributeCharacterDAO(com.runwaysdk.dataaccess.metadata.MdAttributeCharacterDAO) LocalizedValue(org.commongeoregistry.adapter.dataaccess.LocalizedValue) RoleDAO(com.runwaysdk.business.rbac.RoleDAO) MdVertexDAO(com.runwaysdk.dataaccess.metadata.graph.MdVertexDAO) Transaction(com.runwaysdk.dataaccess.transaction.Transaction)

Example 2 with RoleDAO

use of com.runwaysdk.business.rbac.RoleDAO in project geoprism-registry by terraframe.

the class MasterListVersion method assignDefaultRolePermissions.

private static void assignDefaultRolePermissions(ComponentIF component) {
    RoleDAO adminRole = RoleDAO.findRole(DefaultConfiguration.ADMIN).getBusinessDAO();
    adminRole.grantPermission(Operation.CREATE, component.getOid());
    adminRole.grantPermission(Operation.DELETE, component.getOid());
    adminRole.grantPermission(Operation.WRITE, component.getOid());
    adminRole.grantPermission(Operation.WRITE_ALL, component.getOid());
    RoleDAO maintainer = RoleDAO.findRole(RegistryConstants.REGISTRY_MAINTAINER_ROLE).getBusinessDAO();
    maintainer.grantPermission(Operation.CREATE, component.getOid());
    maintainer.grantPermission(Operation.DELETE, component.getOid());
    maintainer.grantPermission(Operation.WRITE, component.getOid());
    maintainer.grantPermission(Operation.WRITE_ALL, component.getOid());
    RoleDAO consumer = RoleDAO.findRole(RegistryConstants.API_CONSUMER_ROLE).getBusinessDAO();
    consumer.grantPermission(Operation.READ, component.getOid());
    consumer.grantPermission(Operation.READ_ALL, component.getOid());
    RoleDAO contributor = RoleDAO.findRole(RegistryConstants.REGISTRY_CONTRIBUTOR_ROLE).getBusinessDAO();
    contributor.grantPermission(Operation.READ, component.getOid());
    contributor.grantPermission(Operation.READ_ALL, component.getOid());
}
Also used : RoleDAO(com.runwaysdk.business.rbac.RoleDAO)

Example 3 with RoleDAO

use of com.runwaysdk.business.rbac.RoleDAO in project geoprism-registry by terraframe.

the class Organization method createOrganizationRole.

/**
 * Creates a {@link RoleDAOIF} for this {@link Organization}.
 *
 * Precondition: a {@link RoleDAOIF} does not exist for this
 * {@link Organization}. Precondition: the display label for the default
 * locale has a value for this {@link Organization}
 */
private void createOrganizationRole() {
    String roleName = this.getRoleName();
    String defaultDisplayLabel = this.getDisplayLabel().getDefaultValue();
    RoleDAO orgRole = RoleDAO.createRole(roleName, defaultDisplayLabel);
    RoleDAO rootOrgRole = (RoleDAO) RoleDAO.findRole(RegistryRole.Type.REGISTRY_ROOT_ORG_ROLE);
    rootOrgRole.addInheritance(orgRole);
}
Also used : RoleDAO(com.runwaysdk.business.rbac.RoleDAO)

Example 4 with RoleDAO

use of com.runwaysdk.business.rbac.RoleDAO in project geoprism-registry by terraframe.

the class UndirectedGraphType method create.

@Transaction
public static UndirectedGraphType create(String code, LocalizedValue label, LocalizedValue description) {
    RoleDAO maintainer = RoleDAO.findRole(RegistryConstants.REGISTRY_MAINTAINER_ROLE).getBusinessDAO();
    RoleDAO consumer = RoleDAO.findRole(RegistryConstants.API_CONSUMER_ROLE).getBusinessDAO();
    RoleDAO contributor = RoleDAO.findRole(RegistryConstants.REGISTRY_CONTRIBUTOR_ROLE).getBusinessDAO();
    try {
        MdVertexDAOIF mdBusGeoEntity = MdVertexDAO.getMdVertexDAO(GeoVertex.CLASS);
        MdEdgeDAO mdEdgeDAO = MdEdgeDAO.newInstance();
        mdEdgeDAO.setValue(MdEdgeInfo.PACKAGE, RegistryConstants.UNDIRECTED_GRAPH_PACKAGE);
        mdEdgeDAO.setValue(MdEdgeInfo.NAME, code);
        mdEdgeDAO.setValue(MdEdgeInfo.PARENT_MD_VERTEX, mdBusGeoEntity.getOid());
        mdEdgeDAO.setValue(MdEdgeInfo.CHILD_MD_VERTEX, mdBusGeoEntity.getOid());
        LocalizedValueConverter.populate(mdEdgeDAO, MdEdgeInfo.DISPLAY_LABEL, label);
        LocalizedValueConverter.populate(mdEdgeDAO, MdEdgeInfo.DESCRIPTION, description);
        mdEdgeDAO.setValue(MdEdgeInfo.ENABLE_CHANGE_OVER_TIME, MdAttributeBooleanInfo.FALSE);
        mdEdgeDAO.apply();
        MdAttributeDateTimeDAO startDate = MdAttributeDateTimeDAO.newInstance();
        startDate.setValue(MdAttributeDateTimeInfo.NAME, GeoVertex.START_DATE);
        startDate.setStructValue(MdAttributeDateTimeInfo.DISPLAY_LABEL, MdAttributeLocalInfo.DEFAULT_LOCALE, "Start Date");
        startDate.setStructValue(MdAttributeDateTimeInfo.DESCRIPTION, MdAttributeLocalInfo.DEFAULT_LOCALE, "Start Date");
        startDate.setValue(MdAttributeDateTimeInfo.DEFINING_MD_CLASS, mdEdgeDAO.getOid());
        startDate.apply();
        MdAttributeDateTimeDAO endDate = MdAttributeDateTimeDAO.newInstance();
        endDate.setValue(MdAttributeDateTimeInfo.NAME, GeoVertex.END_DATE);
        endDate.setStructValue(MdAttributeDateTimeInfo.DISPLAY_LABEL, MdAttributeLocalInfo.DEFAULT_LOCALE, "End Date");
        endDate.setStructValue(MdAttributeDateTimeInfo.DESCRIPTION, MdAttributeLocalInfo.DEFAULT_LOCALE, "End Date");
        endDate.setValue(MdAttributeDateTimeInfo.DEFINING_MD_CLASS, mdEdgeDAO.getOid());
        endDate.apply();
        ServerHierarchyTypeBuilder permissionBuilder = new ServerHierarchyTypeBuilder();
        permissionBuilder.grantWritePermissionsOnMdTermRel(mdEdgeDAO);
        permissionBuilder.grantWritePermissionsOnMdTermRel(maintainer, mdEdgeDAO);
        permissionBuilder.grantReadPermissionsOnMdTermRel(consumer, mdEdgeDAO);
        permissionBuilder.grantReadPermissionsOnMdTermRel(contributor, mdEdgeDAO);
        UndirectedGraphType graphType = new UndirectedGraphType();
        graphType.setCode(code);
        graphType.setMdEdgeId(mdEdgeDAO.getOid());
        LocalizedValueConverter.populate(graphType.getDisplayLabel(), label);
        LocalizedValueConverter.populate(graphType.getDescription(), description);
        graphType.apply();
        return graphType;
    } catch (DuplicateDataException ex) {
        DuplicateHierarchyTypeException ex2 = new DuplicateHierarchyTypeException();
        ex2.setDuplicateValue(code);
        throw ex2;
    }
}
Also used : MdVertexDAOIF(com.runwaysdk.dataaccess.MdVertexDAOIF) DuplicateDataException(com.runwaysdk.dataaccess.DuplicateDataException) RoleDAO(com.runwaysdk.business.rbac.RoleDAO) MdEdgeDAO(com.runwaysdk.dataaccess.metadata.graph.MdEdgeDAO) ServerHierarchyTypeBuilder(net.geoprism.registry.conversion.ServerHierarchyTypeBuilder) MdAttributeDateTimeDAO(com.runwaysdk.dataaccess.metadata.MdAttributeDateTimeDAO) Transaction(com.runwaysdk.dataaccess.transaction.Transaction)

Example 5 with RoleDAO

use of com.runwaysdk.business.rbac.RoleDAO in project geoprism-registry by terraframe.

the class UserInfo method applyUserWithRoles.

@Transaction
public static JSONObject applyUserWithRoles(JsonObject account, String[] roleNameArray, boolean isUserInvite) {
    GeoprismUser geoprismUser = deserialize(account);
    if (roleNameArray != null && roleNameArray.length == 0) {
        // TODO : Better Error
        throw new AttributeValueException("You're attempting to apply a user with zero roles?", "");
    }
    /*
     * Make sure they have permissions to all these new roles they want to
     * assign
     */
    if (!isUserInvite && Session.getCurrentSession() != null && Session.getCurrentSession().getUser() != null) {
        Set<RoleDAOIF> myRoles = Session.getCurrentSession().getUser().authorizedRoles();
        boolean hasSRA = false;
        for (RoleDAOIF myRole : myRoles) {
            if (RegistryRole.Type.isSRA_Role(myRole.getRoleName())) {
                hasSRA = true;
            }
        }
        if (!hasSRA && roleNameArray != null) {
            for (String roleName : roleNameArray) {
                boolean hasPermission = false;
                if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
                    String orgCodeArg = RegistryRole.Type.parseOrgCode(roleName);
                    for (RoleDAOIF myRole : myRoles) {
                        if (RegistryRole.Type.isRA_Role(myRole.getRoleName())) {
                            String myOrgCode = RegistryRole.Type.parseOrgCode(myRole.getRoleName());
                            if (myOrgCode.equals(orgCodeArg)) {
                                hasPermission = true;
                                break;
                            }
                        }
                    }
                } else if (RegistryRole.Type.isSRA_Role(roleName)) {
                    SRAException ex = new SRAException();
                    throw ex;
                } else {
                    hasPermission = true;
                }
                if (!hasPermission) {
                    OrganizationRAException ex = new OrganizationRAException();
                    throw ex;
                }
            }
        }
    }
    // They're not allowed to change the admin username
    if (!geoprismUser.isNew()) {
        GeoprismUser adminUser = getAdminUser();
        if (adminUser != null && adminUser.getOid().equals(geoprismUser.getOid()) && !geoprismUser.getUsername().equals(RegistryConstants.ADMIN_USER_NAME)) {
            // TODO : Better Error
            throw new AttributeValueException("You can't change the admin username", RegistryConstants.ADMIN_USER_NAME);
        }
    }
    geoprismUser.apply();
    if (roleNameArray != null) {
        List<Roles> newRoles = new LinkedList<Roles>();
        Set<String> roleIdSet = new HashSet<String>();
        for (String roleName : roleNameArray) {
            Roles role = Roles.findRoleByName(roleName);
            roleIdSet.add(role.getOid());
            newRoles.add(role);
        }
        List<ConfigurationIF> configurations = ConfigurationService.getConfigurations();
        for (ConfigurationIF configuration : configurations) {
            configuration.configureUserRoles(roleIdSet);
        }
        UserDAOIF user = UserDAO.get(geoprismUser.getOid());
        // Remove existing roles.
        Set<RoleDAOIF> userRoles = user.assignedRoles();
        for (RoleDAOIF roleDAOIF : userRoles) {
            RoleDAO roleDAO = RoleDAO.get(roleDAOIF.getOid()).getBusinessDAO();
            if (!(geoprismUser.getUsername().equals(RegistryConstants.ADMIN_USER_NAME) && (roleDAO.getRoleName().equals(RegistryConstants.REGISTRY_SUPER_ADMIN_ROLE) || roleDAO.getRoleName().equals(DefaultConfiguration.ADMIN)))) {
                roleDAO.deassignMember(user);
            }
        }
        // Delete existing relationships with Organizations.
        QueryFactory qf = new QueryFactory();
        OrganizationUserQuery q = new OrganizationUserQuery(qf);
        q.WHERE(q.childOid().EQ(geoprismUser.getOid()));
        OIterator<? extends OrganizationUser> i = q.getIterator();
        i.forEach(r -> r.delete());
        /*
       * Assign roles and associate with the user
       */
        Set<String> organizationSet = new HashSet<String>();
        for (Roles role : newRoles) {
            RoleDAO roleDAO = (RoleDAO) BusinessFacade.getEntityDAO(role);
            roleDAO.assignMember(user);
            RegistryRole registryRole = new RegistryRoleConverter().build(role);
            if (registryRole != null) {
                String organizationCode = registryRole.getOrganizationCode();
                if (organizationCode != null && !organizationCode.equals("") && !organizationSet.contains(organizationCode)) {
                    Organization organization = Organization.getByCode(organizationCode);
                    organization.addUsers(geoprismUser).apply();
                    organizationSet.add(organizationCode);
                }
            }
        }
    }
    UserInfo info = getByUser(geoprismUser);
    if (info == null) {
        info = new UserInfo();
        info.setGeoprismUser(geoprismUser);
    } else {
        info.lock();
    }
    if (account.has(UserInfo.ALTFIRSTNAME)) {
        info.setAltFirstName(account.get(UserInfo.ALTFIRSTNAME).getAsString());
    } else {
        info.setAltFirstName("");
    }
    if (account.has(UserInfo.ALTLASTNAME)) {
        info.setAltLastName(account.get(UserInfo.ALTLASTNAME).getAsString());
    } else {
        info.setAltLastName("");
    }
    if (account.has(UserInfo.ALTPHONENUMBER)) {
        info.setAltPhoneNumber(account.get(UserInfo.ALTPHONENUMBER).getAsString());
    } else {
        info.setAltPhoneNumber("");
    }
    if (account.has(UserInfo.POSITION)) {
        info.setPosition(account.get(UserInfo.POSITION).getAsString());
    } else {
        info.setPosition("");
    }
    if (account.has(UserInfo.DEPARTMENT)) {
        info.setDepartment(account.get(UserInfo.DEPARTMENT).getAsString());
    } else {
        info.setDepartment("");
    }
    if (account.has(UserInfo.EXTERNALSYSTEMOID)) {
        info.setExternalSystemOid(account.get(UserInfo.EXTERNALSYSTEMOID).getAsString());
    } else {
        info.setExternalSystemOid("");
    }
    info.apply();
    return serialize(geoprismUser, info);
}
Also used : RegistryRole(org.commongeoregistry.adapter.metadata.RegistryRole) QueryFactory(com.runwaysdk.query.QueryFactory) Roles(com.runwaysdk.system.Roles) AttributeValueException(com.runwaysdk.dataaccess.attributes.AttributeValueException) LinkedList(java.util.LinkedList) ConfigurationIF(net.geoprism.ConfigurationIF) RegistryRoleConverter(net.geoprism.registry.conversion.RegistryRoleConverter) RoleDAO(com.runwaysdk.business.rbac.RoleDAO) GeoprismUser(net.geoprism.GeoprismUser) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF) UserDAOIF(com.runwaysdk.business.rbac.UserDAOIF) HashSet(java.util.HashSet) Transaction(com.runwaysdk.dataaccess.transaction.Transaction)

Aggregations

RoleDAO (com.runwaysdk.business.rbac.RoleDAO)20 Roles (com.runwaysdk.system.Roles)6 Transaction (com.runwaysdk.dataaccess.transaction.Transaction)5 DuplicateDataException (com.runwaysdk.dataaccess.DuplicateDataException)3 MdVertexDAOIF (com.runwaysdk.dataaccess.MdVertexDAOIF)3 MdEdgeDAO (com.runwaysdk.dataaccess.metadata.graph.MdEdgeDAO)3 Locale (java.util.Locale)3 InitializationStrategyIF (com.runwaysdk.business.ontology.InitializationStrategyIF)2 AttributeValueException (com.runwaysdk.dataaccess.attributes.AttributeValueException)2 MdAttributeDateTimeDAO (com.runwaysdk.dataaccess.metadata.MdAttributeDateTimeDAO)2 MdBusinessDAO (com.runwaysdk.dataaccess.metadata.MdBusinessDAO)2 MdTermRelationship (com.runwaysdk.system.metadata.MdTermRelationship)2 ServerHierarchyTypeBuilder (net.geoprism.registry.conversion.ServerHierarchyTypeBuilder)2 ComponentIF (com.runwaysdk.ComponentIF)1 RoleDAOIF (com.runwaysdk.business.rbac.RoleDAOIF)1 UserDAOIF (com.runwaysdk.business.rbac.UserDAOIF)1 MdAttributeCharacterDAO (com.runwaysdk.dataaccess.metadata.MdAttributeCharacterDAO)1 MdAttributeGraphReferenceDAO (com.runwaysdk.dataaccess.metadata.MdAttributeGraphReferenceDAO)1 MdVertexDAO (com.runwaysdk.dataaccess.metadata.graph.MdVertexDAO)1 QueryFactory (com.runwaysdk.query.QueryFactory)1