Search in sources :

Example 1 with RoleDAOIF

use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.

the class UserInfo method getSRAs.

public static JSONObject getSRAs(Integer pageSize, Integer pageNumber) {
    RoleDAOIF role = RoleDAO.findRole(RegistryConstants.REGISTRY_SUPER_ADMIN_ROLE);
    Set<SingleActorDAOIF> actors = role.assignedActors();
    Set<String> oids = actors.parallelStream().map(actor -> actor.getOid()).collect(Collectors.toSet());
    ValueQuery vQuery = new ValueQuery(new QueryFactory());
    GeoprismUserQuery uQuery = new GeoprismUserQuery(vQuery);
    UserInfoQuery iQuery = new UserInfoQuery(vQuery);
    vQuery.SELECT(uQuery.getOid(), uQuery.getUsername(), uQuery.getFirstName(), uQuery.getLastName(), uQuery.getPhoneNumber(), uQuery.getEmail(), uQuery.getInactive());
    vQuery.SELECT(iQuery.getAltFirstName(), iQuery.getAltLastName(), iQuery.getAltPhoneNumber(), iQuery.getPosition());
    vQuery.SELECT(iQuery.getExternalSystemOid());
    vQuery.WHERE(new LeftJoinEq(uQuery.getOid(), iQuery.getGeoprismUser()));
    vQuery.AND(uQuery.getOid().IN(oids.toArray(new String[oids.size()])));
    vQuery.ORDER_BY_ASC(uQuery.getUsername());
    return serializePage(pageSize, pageNumber, new JSONArray(), vQuery);
}
Also used : RegistryRole(org.commongeoregistry.adapter.metadata.RegistryRole) JsonObject(com.google.gson.JsonObject) RegistryRoleConverter(net.geoprism.registry.conversion.RegistryRoleConverter) Transaction(com.runwaysdk.dataaccess.transaction.Transaction) ValueObject(com.runwaysdk.dataaccess.ValueObject) ConfigurationIF(net.geoprism.ConfigurationIF) Random(java.util.Random) AttributeBooleanIF(com.runwaysdk.dataaccess.AttributeBooleanIF) DefaultConfiguration(net.geoprism.DefaultConfiguration) ServiceFactory(net.geoprism.registry.service.ServiceFactory) AttributeValueException(com.runwaysdk.dataaccess.attributes.AttributeValueException) HashSet(java.util.HashSet) ValueQuery(com.runwaysdk.query.ValueQuery) JSONObject(org.json.JSONObject) GeoprismUserQuery(net.geoprism.GeoprismUserQuery) QueryFactory(com.runwaysdk.query.QueryFactory) ConfigurationService(net.geoprism.ConfigurationService) RoleDAO(com.runwaysdk.business.rbac.RoleDAO) LinkedList(java.util.LinkedList) AttributeBoolean(com.runwaysdk.dataaccess.attributes.entity.AttributeBoolean) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF) Set(java.util.Set) Roles(com.runwaysdk.system.Roles) Collectors(java.util.stream.Collectors) BusinessFacade(com.runwaysdk.business.BusinessFacade) UserDAO(com.runwaysdk.business.rbac.UserDAO) LeftJoinEq(com.runwaysdk.query.LeftJoinEq) OIterator(com.runwaysdk.query.OIterator) List(java.util.List) UserDAOIF(com.runwaysdk.business.rbac.UserDAOIF) GeoprismUser(net.geoprism.GeoprismUser) SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF) ExternalSystem(net.geoprism.registry.graph.ExternalSystem) Session(com.runwaysdk.session.Session) RolePermissionService(net.geoprism.registry.permission.RolePermissionService) JSONArray(org.json.JSONArray) ValueQuery(com.runwaysdk.query.ValueQuery) LeftJoinEq(com.runwaysdk.query.LeftJoinEq) QueryFactory(com.runwaysdk.query.QueryFactory) GeoprismUserQuery(net.geoprism.GeoprismUserQuery) JSONArray(org.json.JSONArray) SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)

Example 2 with RoleDAOIF

use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.

the class UserInfo method applyUserWithRoles.

@Transaction
public static JSONObject applyUserWithRoles(JsonObject account, String[] roleNameArray, boolean isUserInvite) {
    GeoprismUser geoprismUser = deserialize(account);
    if (roleNameArray != null && roleNameArray.length == 0) {
        // TODO : Better Error
        throw new AttributeValueException("You're attempting to apply a user with zero roles?", "");
    }
    /*
     * Make sure they have permissions to all these new roles they want to
     * assign
     */
    if (!isUserInvite && Session.getCurrentSession() != null && Session.getCurrentSession().getUser() != null) {
        Set<RoleDAOIF> myRoles = Session.getCurrentSession().getUser().authorizedRoles();
        boolean hasSRA = false;
        for (RoleDAOIF myRole : myRoles) {
            if (RegistryRole.Type.isSRA_Role(myRole.getRoleName())) {
                hasSRA = true;
            }
        }
        if (!hasSRA && roleNameArray != null) {
            for (String roleName : roleNameArray) {
                boolean hasPermission = false;
                if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
                    String orgCodeArg = RegistryRole.Type.parseOrgCode(roleName);
                    for (RoleDAOIF myRole : myRoles) {
                        if (RegistryRole.Type.isRA_Role(myRole.getRoleName())) {
                            String myOrgCode = RegistryRole.Type.parseOrgCode(myRole.getRoleName());
                            if (myOrgCode.equals(orgCodeArg)) {
                                hasPermission = true;
                                break;
                            }
                        }
                    }
                } else if (RegistryRole.Type.isSRA_Role(roleName)) {
                    SRAException ex = new SRAException();
                    throw ex;
                } else {
                    hasPermission = true;
                }
                if (!hasPermission) {
                    OrganizationRAException ex = new OrganizationRAException();
                    throw ex;
                }
            }
        }
    }
    // They're not allowed to change the admin username
    if (!geoprismUser.isNew()) {
        GeoprismUser adminUser = getAdminUser();
        if (adminUser != null && adminUser.getOid().equals(geoprismUser.getOid()) && !geoprismUser.getUsername().equals(RegistryConstants.ADMIN_USER_NAME)) {
            // TODO : Better Error
            throw new AttributeValueException("You can't change the admin username", RegistryConstants.ADMIN_USER_NAME);
        }
    }
    geoprismUser.apply();
    if (roleNameArray != null) {
        List<Roles> newRoles = new LinkedList<Roles>();
        Set<String> roleIdSet = new HashSet<String>();
        for (String roleName : roleNameArray) {
            Roles role = Roles.findRoleByName(roleName);
            roleIdSet.add(role.getOid());
            newRoles.add(role);
        }
        List<ConfigurationIF> configurations = ConfigurationService.getConfigurations();
        for (ConfigurationIF configuration : configurations) {
            configuration.configureUserRoles(roleIdSet);
        }
        UserDAOIF user = UserDAO.get(geoprismUser.getOid());
        // Remove existing roles.
        Set<RoleDAOIF> userRoles = user.assignedRoles();
        for (RoleDAOIF roleDAOIF : userRoles) {
            RoleDAO roleDAO = RoleDAO.get(roleDAOIF.getOid()).getBusinessDAO();
            if (!(geoprismUser.getUsername().equals(RegistryConstants.ADMIN_USER_NAME) && (roleDAO.getRoleName().equals(RegistryConstants.REGISTRY_SUPER_ADMIN_ROLE) || roleDAO.getRoleName().equals(DefaultConfiguration.ADMIN)))) {
                roleDAO.deassignMember(user);
            }
        }
        // Delete existing relationships with Organizations.
        QueryFactory qf = new QueryFactory();
        OrganizationUserQuery q = new OrganizationUserQuery(qf);
        q.WHERE(q.childOid().EQ(geoprismUser.getOid()));
        OIterator<? extends OrganizationUser> i = q.getIterator();
        i.forEach(r -> r.delete());
        /*
       * Assign roles and associate with the user
       */
        Set<String> organizationSet = new HashSet<String>();
        for (Roles role : newRoles) {
            RoleDAO roleDAO = (RoleDAO) BusinessFacade.getEntityDAO(role);
            roleDAO.assignMember(user);
            RegistryRole registryRole = new RegistryRoleConverter().build(role);
            if (registryRole != null) {
                String organizationCode = registryRole.getOrganizationCode();
                if (organizationCode != null && !organizationCode.equals("") && !organizationSet.contains(organizationCode)) {
                    Organization organization = Organization.getByCode(organizationCode);
                    organization.addUsers(geoprismUser).apply();
                    organizationSet.add(organizationCode);
                }
            }
        }
    }
    UserInfo info = getByUser(geoprismUser);
    if (info == null) {
        info = new UserInfo();
        info.setGeoprismUser(geoprismUser);
    } else {
        info.lock();
    }
    if (account.has(UserInfo.ALTFIRSTNAME)) {
        info.setAltFirstName(account.get(UserInfo.ALTFIRSTNAME).getAsString());
    } else {
        info.setAltFirstName("");
    }
    if (account.has(UserInfo.ALTLASTNAME)) {
        info.setAltLastName(account.get(UserInfo.ALTLASTNAME).getAsString());
    } else {
        info.setAltLastName("");
    }
    if (account.has(UserInfo.ALTPHONENUMBER)) {
        info.setAltPhoneNumber(account.get(UserInfo.ALTPHONENUMBER).getAsString());
    } else {
        info.setAltPhoneNumber("");
    }
    if (account.has(UserInfo.POSITION)) {
        info.setPosition(account.get(UserInfo.POSITION).getAsString());
    } else {
        info.setPosition("");
    }
    if (account.has(UserInfo.DEPARTMENT)) {
        info.setDepartment(account.get(UserInfo.DEPARTMENT).getAsString());
    } else {
        info.setDepartment("");
    }
    if (account.has(UserInfo.EXTERNALSYSTEMOID)) {
        info.setExternalSystemOid(account.get(UserInfo.EXTERNALSYSTEMOID).getAsString());
    } else {
        info.setExternalSystemOid("");
    }
    info.apply();
    return serialize(geoprismUser, info);
}
Also used : RegistryRole(org.commongeoregistry.adapter.metadata.RegistryRole) QueryFactory(com.runwaysdk.query.QueryFactory) Roles(com.runwaysdk.system.Roles) AttributeValueException(com.runwaysdk.dataaccess.attributes.AttributeValueException) LinkedList(java.util.LinkedList) ConfigurationIF(net.geoprism.ConfigurationIF) RegistryRoleConverter(net.geoprism.registry.conversion.RegistryRoleConverter) RoleDAO(com.runwaysdk.business.rbac.RoleDAO) GeoprismUser(net.geoprism.GeoprismUser) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF) UserDAOIF(com.runwaysdk.business.rbac.UserDAOIF) HashSet(java.util.HashSet) Transaction(com.runwaysdk.dataaccess.transaction.Transaction)

Example 3 with RoleDAOIF

use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.

the class TaskService method getTasksForCurrentUser.

@Request(RequestType.SESSION)
public static JsonObject getTasksForCurrentUser(String sessionId, String orderBy, int pageNum, int pageSize, String whereStatus) {
    QueryFactory qf = new QueryFactory();
    ValueQuery vq = new ValueQuery(qf);
    TaskHasRoleQuery thrq = new TaskHasRoleQuery(vq);
    TaskQuery tq = new TaskQuery(vq);
    vq.WHERE(thrq.getParent().EQ(tq));
    if (whereStatus != null) {
        vq.WHERE(tq.getStatus().EQ(whereStatus));
    }
    RolesQuery rq = new RolesQuery(vq);
    vq.WHERE(thrq.getChild().EQ(rq));
    Condition cond = null;
    // Map<String, String> roles = Session.getCurrentSession().getUserRoles();
    Set<RoleDAOIF> roles = Session.getCurrentSession().getUser().assignedRoles();
    // for (String roleName : roles.keySet())
    for (RoleDAOIF role : roles) {
        String roleName = role.getRoleName();
        if (roleName.equals(DefaultConfiguration.ADMIN)) {
            continue;
        }
        if (cond == null) {
            cond = rq.getRoleName().EQ(roleName);
        } else {
            cond = cond.OR(rq.getRoleName().EQ(roleName));
        }
    }
    vq.WHERE(cond);
    LocalizedValueStoreQuery lvsqTemplate = new LocalizedValueStoreQuery(vq);
    vq.WHERE(tq.getTemplate().EQ(lvsqTemplate));
    LocalizedValueStoreQuery lvsqTitle = new LocalizedValueStoreQuery(vq);
    vq.WHERE(tq.getTitle().EQ(lvsqTitle));
    vq.SELECT(tq.getOid("oid"));
    vq.SELECT(lvsqTemplate.getStoreKey("templateKey"));
    vq.SELECT(tq.getMessage().localize("msg"));
    vq.SELECT(lvsqTitle.getStoreValue().localize("title"));
    vq.SELECT(tq.getStatus("status"));
    vq.SELECT(tq.getCreateDate("createDate"));
    vq.SELECT(tq.getLastUpdateDate("completedDate"));
    vq.ORDER_BY(tq.get(orderBy), SortOrder.DESC);
    vq.restrictRows(pageSize, pageNum);
    try (OIterator<ValueObject> it = vq.getIterator()) {
        List<JsonWrapper> results = it.getAll().stream().map(vo -> {
            JsonObject jo = new JsonObject();
            jo.addProperty("id", vo.getValue("oid"));
            jo.addProperty("templateKey", vo.getValue("templateKey"));
            jo.addProperty("msg", vo.getValue("msg"));
            jo.addProperty("title", vo.getValue("title"));
            jo.addProperty("status", vo.getValue("status"));
            jo.addProperty("createDate", ETLService.formatDate(MdAttributeDateTimeUtil.getTypeSafeValue(vo.getValue("createDate"))));
            jo.addProperty("completedDate", vo.getValue("status").equals(TaskStatus.RESOLVED.name()) ? ETLService.formatDate(MdAttributeDateTimeUtil.getTypeSafeValue(vo.getValue("completedDate"))) : null);
            return new JsonWrapper(jo);
        }).collect(Collectors.toList());
        return new Page<JsonWrapper>(vq.getCount(), pageNum, pageSize, results).toJSON();
    }
}
Also used : ValueQuery(com.runwaysdk.query.ValueQuery) Condition(com.runwaysdk.query.Condition) JsonObject(com.google.gson.JsonObject) SortOrder(com.runwaysdk.query.OrderBy.SortOrder) ProgrammingErrorException(com.runwaysdk.dataaccess.ProgrammingErrorException) RequestType(com.runwaysdk.session.RequestType) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF) Set(java.util.Set) ValueObject(com.runwaysdk.dataaccess.ValueObject) LocalizedValueStoreQuery(com.runwaysdk.localization.LocalizedValueStoreQuery) MdAttributeDateTimeUtil(com.runwaysdk.constants.MdAttributeDateTimeUtil) Collectors(java.util.stream.Collectors) Request(com.runwaysdk.session.Request) RolesQuery(com.runwaysdk.system.RolesQuery) DefaultConfiguration(net.geoprism.DefaultConfiguration) ETLService(net.geoprism.registry.etl.ETLService) OIterator(com.runwaysdk.query.OIterator) Page(net.geoprism.registry.view.Page) ValueQuery(com.runwaysdk.query.ValueQuery) List(java.util.List) Condition(com.runwaysdk.query.Condition) JsonWrapper(net.geoprism.registry.view.JsonWrapper) QueryFactory(com.runwaysdk.query.QueryFactory) Session(com.runwaysdk.session.Session) TaskStatus(net.geoprism.registry.task.Task.TaskStatus) QueryFactory(com.runwaysdk.query.QueryFactory) JsonObject(com.google.gson.JsonObject) JsonWrapper(net.geoprism.registry.view.JsonWrapper) RolesQuery(com.runwaysdk.system.RolesQuery) ValueObject(com.runwaysdk.dataaccess.ValueObject) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF) LocalizedValueStoreQuery(com.runwaysdk.localization.LocalizedValueStoreQuery) Request(com.runwaysdk.session.Request)

Example 4 with RoleDAOIF

use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.

the class GeoObjectRelationshipPermissionService method hasDirectPermission.

protected boolean hasDirectPermission(String orgCode, ServerGeoObjectType parentType, ServerGeoObjectType childType, Operation op, boolean isChangeRequest) {
    if (// null actor is assumed to be SYSTEM
    !this.hasSessionUser()) {
        return true;
    }
    if (orgCode != null) {
        SingleActorDAOIF actor = this.getSessionUser();
        Set<RoleDAOIF> roles = actor.authorizedRoles();
        for (RoleDAOIF role : roles) {
            String roleName = role.getRoleName();
            if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
                String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
                if (op.equals(Operation.READ_CHILD) && (childType != null && !childType.getIsPrivate())) {
                    return true;
                }
                if (roleOrgCode.equals(orgCode)) {
                    if (RegistryRole.Type.isRA_Role(roleName)) {
                        return true;
                    } else if (RegistryRole.Type.isRM_Role(roleName) || RegistryRole.Type.isRC_Role(roleName) || RegistryRole.Type.isAC_Role(roleName)) {
                        String roleGotCode = RegistryRole.Type.parseGotCode(roleName);
                        if (childType == null || childType.getCode().equals(roleGotCode)) {
                            if (RegistryRole.Type.isRM_Role(roleName)) {
                                return true;
                            } else if (RegistryRole.Type.isRC_Role(roleName)) {
                                if (isChangeRequest || op.equals(Operation.READ_CHILD)) {
                                    return true;
                                }
                            } else if (RegistryRole.Type.isAC_Role(roleName)) {
                                if (op.equals(Operation.READ_CHILD)) {
                                    return true;
                                }
                            }
                        }
                    }
                }
            } else if (RegistryRole.Type.isSRA_Role(roleName)) {
                return true;
            }
        }
    }
    return false;
}
Also used : SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)

Example 5 with RoleDAOIF

use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.

the class GeoObjectTypePermissionService method hasDirectPermission.

private boolean hasDirectPermission(String orgCode, ServerGeoObjectType got, boolean isPrivate, CGRPermissionActionIF action) {
    if (orgCode != null) {
        SingleActorDAOIF actor = this.getSessionUser();
        Set<RoleDAOIF> roles = actor.authorizedRoles();
        for (RoleDAOIF role : roles) {
            String roleName = role.getRoleName();
            if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
                String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
                if (action.equals(CGRPermissionAction.READ) && !isPrivate) {
                    return true;
                }
                if (roleOrgCode.equals(orgCode)) {
                    if (action.equals(CGRPermissionAction.READ) && isPrivate) {
                        return true;
                    }
                    if (RegistryRole.Type.isRA_Role(roleName)) {
                        return true;
                    } else if (RegistryRole.Type.isRM_Role(roleName) || RegistryRole.Type.isRC_Role(roleName) || RegistryRole.Type.isAC_Role(roleName)) {
                        String roleGotCode = RegistryRole.Type.parseGotCode(roleName);
                        if (got != null && got.getCode().equals(roleGotCode)) {
                            if (RegistryRole.Type.isRM_Role(roleName)) {
                                if (action.equals(CGRPermissionAction.READ)) {
                                    return true;
                                }
                            } else if (RegistryRole.Type.isRC_Role(roleName)) {
                                if (// ||
                                action.equals(CGRPermissionAction.READ)) // isChangeRequest
                                {
                                    return true;
                                }
                            } else if (RegistryRole.Type.isAC_Role(roleName)) {
                                if (action.equals(CGRPermissionAction.READ)) {
                                    return true;
                                }
                            }
                        }
                    }
                }
            } else if (RegistryRole.Type.isSRA_Role(roleName)) {
                return true;
            }
        }
    }
    return false;
}
Also used : SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)

Aggregations

RoleDAOIF (com.runwaysdk.business.rbac.RoleDAOIF)18 SingleActorDAOIF (com.runwaysdk.business.rbac.SingleActorDAOIF)16 ArrayList (java.util.ArrayList)5 Condition (com.runwaysdk.query.Condition)3 QueryFactory (com.runwaysdk.query.QueryFactory)3 HashSet (java.util.HashSet)3 GeoprismUser (net.geoprism.GeoprismUser)3 Organization (net.geoprism.registry.Organization)3 ServerGeoObjectType (net.geoprism.registry.model.ServerGeoObjectType)3 JsonObject (com.google.gson.JsonObject)2 RoleDAO (com.runwaysdk.business.rbac.RoleDAO)2 UserDAOIF (com.runwaysdk.business.rbac.UserDAOIF)2 ProgrammingErrorException (com.runwaysdk.dataaccess.ProgrammingErrorException)2 ValueObject (com.runwaysdk.dataaccess.ValueObject)2 AttributeValueException (com.runwaysdk.dataaccess.attributes.AttributeValueException)2 Transaction (com.runwaysdk.dataaccess.transaction.Transaction)2 OIterator (com.runwaysdk.query.OIterator)2 ValueQuery (com.runwaysdk.query.ValueQuery)2 Session (com.runwaysdk.session.Session)2 Roles (com.runwaysdk.system.Roles)2