use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.
the class UserInfo method getSRAs.
public static JSONObject getSRAs(Integer pageSize, Integer pageNumber) {
RoleDAOIF role = RoleDAO.findRole(RegistryConstants.REGISTRY_SUPER_ADMIN_ROLE);
Set<SingleActorDAOIF> actors = role.assignedActors();
Set<String> oids = actors.parallelStream().map(actor -> actor.getOid()).collect(Collectors.toSet());
ValueQuery vQuery = new ValueQuery(new QueryFactory());
GeoprismUserQuery uQuery = new GeoprismUserQuery(vQuery);
UserInfoQuery iQuery = new UserInfoQuery(vQuery);
vQuery.SELECT(uQuery.getOid(), uQuery.getUsername(), uQuery.getFirstName(), uQuery.getLastName(), uQuery.getPhoneNumber(), uQuery.getEmail(), uQuery.getInactive());
vQuery.SELECT(iQuery.getAltFirstName(), iQuery.getAltLastName(), iQuery.getAltPhoneNumber(), iQuery.getPosition());
vQuery.SELECT(iQuery.getExternalSystemOid());
vQuery.WHERE(new LeftJoinEq(uQuery.getOid(), iQuery.getGeoprismUser()));
vQuery.AND(uQuery.getOid().IN(oids.toArray(new String[oids.size()])));
vQuery.ORDER_BY_ASC(uQuery.getUsername());
return serializePage(pageSize, pageNumber, new JSONArray(), vQuery);
}
use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.
the class UserInfo method applyUserWithRoles.
@Transaction
public static JSONObject applyUserWithRoles(JsonObject account, String[] roleNameArray, boolean isUserInvite) {
GeoprismUser geoprismUser = deserialize(account);
if (roleNameArray != null && roleNameArray.length == 0) {
// TODO : Better Error
throw new AttributeValueException("You're attempting to apply a user with zero roles?", "");
}
/*
* Make sure they have permissions to all these new roles they want to
* assign
*/
if (!isUserInvite && Session.getCurrentSession() != null && Session.getCurrentSession().getUser() != null) {
Set<RoleDAOIF> myRoles = Session.getCurrentSession().getUser().authorizedRoles();
boolean hasSRA = false;
for (RoleDAOIF myRole : myRoles) {
if (RegistryRole.Type.isSRA_Role(myRole.getRoleName())) {
hasSRA = true;
}
}
if (!hasSRA && roleNameArray != null) {
for (String roleName : roleNameArray) {
boolean hasPermission = false;
if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
String orgCodeArg = RegistryRole.Type.parseOrgCode(roleName);
for (RoleDAOIF myRole : myRoles) {
if (RegistryRole.Type.isRA_Role(myRole.getRoleName())) {
String myOrgCode = RegistryRole.Type.parseOrgCode(myRole.getRoleName());
if (myOrgCode.equals(orgCodeArg)) {
hasPermission = true;
break;
}
}
}
} else if (RegistryRole.Type.isSRA_Role(roleName)) {
SRAException ex = new SRAException();
throw ex;
} else {
hasPermission = true;
}
if (!hasPermission) {
OrganizationRAException ex = new OrganizationRAException();
throw ex;
}
}
}
}
// They're not allowed to change the admin username
if (!geoprismUser.isNew()) {
GeoprismUser adminUser = getAdminUser();
if (adminUser != null && adminUser.getOid().equals(geoprismUser.getOid()) && !geoprismUser.getUsername().equals(RegistryConstants.ADMIN_USER_NAME)) {
// TODO : Better Error
throw new AttributeValueException("You can't change the admin username", RegistryConstants.ADMIN_USER_NAME);
}
}
geoprismUser.apply();
if (roleNameArray != null) {
List<Roles> newRoles = new LinkedList<Roles>();
Set<String> roleIdSet = new HashSet<String>();
for (String roleName : roleNameArray) {
Roles role = Roles.findRoleByName(roleName);
roleIdSet.add(role.getOid());
newRoles.add(role);
}
List<ConfigurationIF> configurations = ConfigurationService.getConfigurations();
for (ConfigurationIF configuration : configurations) {
configuration.configureUserRoles(roleIdSet);
}
UserDAOIF user = UserDAO.get(geoprismUser.getOid());
// Remove existing roles.
Set<RoleDAOIF> userRoles = user.assignedRoles();
for (RoleDAOIF roleDAOIF : userRoles) {
RoleDAO roleDAO = RoleDAO.get(roleDAOIF.getOid()).getBusinessDAO();
if (!(geoprismUser.getUsername().equals(RegistryConstants.ADMIN_USER_NAME) && (roleDAO.getRoleName().equals(RegistryConstants.REGISTRY_SUPER_ADMIN_ROLE) || roleDAO.getRoleName().equals(DefaultConfiguration.ADMIN)))) {
roleDAO.deassignMember(user);
}
}
// Delete existing relationships with Organizations.
QueryFactory qf = new QueryFactory();
OrganizationUserQuery q = new OrganizationUserQuery(qf);
q.WHERE(q.childOid().EQ(geoprismUser.getOid()));
OIterator<? extends OrganizationUser> i = q.getIterator();
i.forEach(r -> r.delete());
/*
* Assign roles and associate with the user
*/
Set<String> organizationSet = new HashSet<String>();
for (Roles role : newRoles) {
RoleDAO roleDAO = (RoleDAO) BusinessFacade.getEntityDAO(role);
roleDAO.assignMember(user);
RegistryRole registryRole = new RegistryRoleConverter().build(role);
if (registryRole != null) {
String organizationCode = registryRole.getOrganizationCode();
if (organizationCode != null && !organizationCode.equals("") && !organizationSet.contains(organizationCode)) {
Organization organization = Organization.getByCode(organizationCode);
organization.addUsers(geoprismUser).apply();
organizationSet.add(organizationCode);
}
}
}
}
UserInfo info = getByUser(geoprismUser);
if (info == null) {
info = new UserInfo();
info.setGeoprismUser(geoprismUser);
} else {
info.lock();
}
if (account.has(UserInfo.ALTFIRSTNAME)) {
info.setAltFirstName(account.get(UserInfo.ALTFIRSTNAME).getAsString());
} else {
info.setAltFirstName("");
}
if (account.has(UserInfo.ALTLASTNAME)) {
info.setAltLastName(account.get(UserInfo.ALTLASTNAME).getAsString());
} else {
info.setAltLastName("");
}
if (account.has(UserInfo.ALTPHONENUMBER)) {
info.setAltPhoneNumber(account.get(UserInfo.ALTPHONENUMBER).getAsString());
} else {
info.setAltPhoneNumber("");
}
if (account.has(UserInfo.POSITION)) {
info.setPosition(account.get(UserInfo.POSITION).getAsString());
} else {
info.setPosition("");
}
if (account.has(UserInfo.DEPARTMENT)) {
info.setDepartment(account.get(UserInfo.DEPARTMENT).getAsString());
} else {
info.setDepartment("");
}
if (account.has(UserInfo.EXTERNALSYSTEMOID)) {
info.setExternalSystemOid(account.get(UserInfo.EXTERNALSYSTEMOID).getAsString());
} else {
info.setExternalSystemOid("");
}
info.apply();
return serialize(geoprismUser, info);
}
use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.
the class TaskService method getTasksForCurrentUser.
@Request(RequestType.SESSION)
public static JsonObject getTasksForCurrentUser(String sessionId, String orderBy, int pageNum, int pageSize, String whereStatus) {
QueryFactory qf = new QueryFactory();
ValueQuery vq = new ValueQuery(qf);
TaskHasRoleQuery thrq = new TaskHasRoleQuery(vq);
TaskQuery tq = new TaskQuery(vq);
vq.WHERE(thrq.getParent().EQ(tq));
if (whereStatus != null) {
vq.WHERE(tq.getStatus().EQ(whereStatus));
}
RolesQuery rq = new RolesQuery(vq);
vq.WHERE(thrq.getChild().EQ(rq));
Condition cond = null;
// Map<String, String> roles = Session.getCurrentSession().getUserRoles();
Set<RoleDAOIF> roles = Session.getCurrentSession().getUser().assignedRoles();
// for (String roleName : roles.keySet())
for (RoleDAOIF role : roles) {
String roleName = role.getRoleName();
if (roleName.equals(DefaultConfiguration.ADMIN)) {
continue;
}
if (cond == null) {
cond = rq.getRoleName().EQ(roleName);
} else {
cond = cond.OR(rq.getRoleName().EQ(roleName));
}
}
vq.WHERE(cond);
LocalizedValueStoreQuery lvsqTemplate = new LocalizedValueStoreQuery(vq);
vq.WHERE(tq.getTemplate().EQ(lvsqTemplate));
LocalizedValueStoreQuery lvsqTitle = new LocalizedValueStoreQuery(vq);
vq.WHERE(tq.getTitle().EQ(lvsqTitle));
vq.SELECT(tq.getOid("oid"));
vq.SELECT(lvsqTemplate.getStoreKey("templateKey"));
vq.SELECT(tq.getMessage().localize("msg"));
vq.SELECT(lvsqTitle.getStoreValue().localize("title"));
vq.SELECT(tq.getStatus("status"));
vq.SELECT(tq.getCreateDate("createDate"));
vq.SELECT(tq.getLastUpdateDate("completedDate"));
vq.ORDER_BY(tq.get(orderBy), SortOrder.DESC);
vq.restrictRows(pageSize, pageNum);
try (OIterator<ValueObject> it = vq.getIterator()) {
List<JsonWrapper> results = it.getAll().stream().map(vo -> {
JsonObject jo = new JsonObject();
jo.addProperty("id", vo.getValue("oid"));
jo.addProperty("templateKey", vo.getValue("templateKey"));
jo.addProperty("msg", vo.getValue("msg"));
jo.addProperty("title", vo.getValue("title"));
jo.addProperty("status", vo.getValue("status"));
jo.addProperty("createDate", ETLService.formatDate(MdAttributeDateTimeUtil.getTypeSafeValue(vo.getValue("createDate"))));
jo.addProperty("completedDate", vo.getValue("status").equals(TaskStatus.RESOLVED.name()) ? ETLService.formatDate(MdAttributeDateTimeUtil.getTypeSafeValue(vo.getValue("completedDate"))) : null);
return new JsonWrapper(jo);
}).collect(Collectors.toList());
return new Page<JsonWrapper>(vq.getCount(), pageNum, pageSize, results).toJSON();
}
}
use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.
the class GeoObjectRelationshipPermissionService method hasDirectPermission.
protected boolean hasDirectPermission(String orgCode, ServerGeoObjectType parentType, ServerGeoObjectType childType, Operation op, boolean isChangeRequest) {
if (// null actor is assumed to be SYSTEM
!this.hasSessionUser()) {
return true;
}
if (orgCode != null) {
SingleActorDAOIF actor = this.getSessionUser();
Set<RoleDAOIF> roles = actor.authorizedRoles();
for (RoleDAOIF role : roles) {
String roleName = role.getRoleName();
if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
if (op.equals(Operation.READ_CHILD) && (childType != null && !childType.getIsPrivate())) {
return true;
}
if (roleOrgCode.equals(orgCode)) {
if (RegistryRole.Type.isRA_Role(roleName)) {
return true;
} else if (RegistryRole.Type.isRM_Role(roleName) || RegistryRole.Type.isRC_Role(roleName) || RegistryRole.Type.isAC_Role(roleName)) {
String roleGotCode = RegistryRole.Type.parseGotCode(roleName);
if (childType == null || childType.getCode().equals(roleGotCode)) {
if (RegistryRole.Type.isRM_Role(roleName)) {
return true;
} else if (RegistryRole.Type.isRC_Role(roleName)) {
if (isChangeRequest || op.equals(Operation.READ_CHILD)) {
return true;
}
} else if (RegistryRole.Type.isAC_Role(roleName)) {
if (op.equals(Operation.READ_CHILD)) {
return true;
}
}
}
}
}
} else if (RegistryRole.Type.isSRA_Role(roleName)) {
return true;
}
}
}
return false;
}
use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.
the class GeoObjectTypePermissionService method hasDirectPermission.
private boolean hasDirectPermission(String orgCode, ServerGeoObjectType got, boolean isPrivate, CGRPermissionActionIF action) {
if (orgCode != null) {
SingleActorDAOIF actor = this.getSessionUser();
Set<RoleDAOIF> roles = actor.authorizedRoles();
for (RoleDAOIF role : roles) {
String roleName = role.getRoleName();
if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
if (action.equals(CGRPermissionAction.READ) && !isPrivate) {
return true;
}
if (roleOrgCode.equals(orgCode)) {
if (action.equals(CGRPermissionAction.READ) && isPrivate) {
return true;
}
if (RegistryRole.Type.isRA_Role(roleName)) {
return true;
} else if (RegistryRole.Type.isRM_Role(roleName) || RegistryRole.Type.isRC_Role(roleName) || RegistryRole.Type.isAC_Role(roleName)) {
String roleGotCode = RegistryRole.Type.parseGotCode(roleName);
if (got != null && got.getCode().equals(roleGotCode)) {
if (RegistryRole.Type.isRM_Role(roleName)) {
if (action.equals(CGRPermissionAction.READ)) {
return true;
}
} else if (RegistryRole.Type.isRC_Role(roleName)) {
if (// ||
action.equals(CGRPermissionAction.READ)) // isChangeRequest
{
return true;
}
} else if (RegistryRole.Type.isAC_Role(roleName)) {
if (action.equals(CGRPermissionAction.READ)) {
return true;
}
}
}
}
}
} else if (RegistryRole.Type.isSRA_Role(roleName)) {
return true;
}
}
}
return false;
}
Aggregations