Example 1 with RoleDAOIF
use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.
the class UserInfo method getSRAs.
public static JSONObject getSRAs(Integer pageSize, Integer pageNumber) {
RoleDAOIF role = RoleDAO.findRole(RegistryConstants.REGISTRY_SUPER_ADMIN_ROLE);
Set<SingleActorDAOIF> actors = role.assignedActors();
Set<String> oids = actors.parallelStream().map(actor -> actor.getOid()).collect(Collectors.toSet());
ValueQuery vQuery = new ValueQuery(new QueryFactory());
GeoprismUserQuery uQuery = new GeoprismUserQuery(vQuery);
UserInfoQuery iQuery = new UserInfoQuery(vQuery);
vQuery.SELECT(uQuery.getOid(), uQuery.getUsername(), uQuery.getFirstName(), uQuery.getLastName(), uQuery.getPhoneNumber(), uQuery.getEmail(), uQuery.getInactive());
vQuery.SELECT(iQuery.getAltFirstName(), iQuery.getAltLastName(), iQuery.getAltPhoneNumber(), iQuery.getPosition());
vQuery.SELECT(iQuery.getExternalSystemOid());
vQuery.WHERE(new LeftJoinEq(uQuery.getOid(), iQuery.getGeoprismUser()));
vQuery.AND(uQuery.getOid().IN(oids.toArray(new String[oids.size()])));
vQuery.ORDER_BY_ASC(uQuery.getUsername());
return serializePage(pageSize, pageNumber, new JSONArray(), vQuery);
}
Also used :
RegistryRole(org.commongeoregistry.adapter.metadata.RegistryRole)
JsonObject(com.google.gson.JsonObject)
RegistryRoleConverter(net.geoprism.registry.conversion.RegistryRoleConverter)
Transaction(com.runwaysdk.dataaccess.transaction.Transaction)
ValueObject(com.runwaysdk.dataaccess.ValueObject)
ConfigurationIF(net.geoprism.ConfigurationIF)
Random(java.util.Random)
AttributeBooleanIF(com.runwaysdk.dataaccess.AttributeBooleanIF)
DefaultConfiguration(net.geoprism.DefaultConfiguration)
ServiceFactory(net.geoprism.registry.service.ServiceFactory)
AttributeValueException(com.runwaysdk.dataaccess.attributes.AttributeValueException)
HashSet(java.util.HashSet)
ValueQuery(com.runwaysdk.query.ValueQuery)
JSONObject(org.json.JSONObject)
GeoprismUserQuery(net.geoprism.GeoprismUserQuery)
QueryFactory(com.runwaysdk.query.QueryFactory)
ConfigurationService(net.geoprism.ConfigurationService)
RoleDAO(com.runwaysdk.business.rbac.RoleDAO)
LinkedList(java.util.LinkedList)
AttributeBoolean(com.runwaysdk.dataaccess.attributes.entity.AttributeBoolean)
RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)
Set(java.util.Set)
Roles(com.runwaysdk.system.Roles)
Collectors(java.util.stream.Collectors)
BusinessFacade(com.runwaysdk.business.BusinessFacade)
UserDAO(com.runwaysdk.business.rbac.UserDAO)
LeftJoinEq(com.runwaysdk.query.LeftJoinEq)
OIterator(com.runwaysdk.query.OIterator)
List(java.util.List)
UserDAOIF(com.runwaysdk.business.rbac.UserDAOIF)
GeoprismUser(net.geoprism.GeoprismUser)
SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF)
ExternalSystem(net.geoprism.registry.graph.ExternalSystem)
Session(com.runwaysdk.session.Session)
RolePermissionService(net.geoprism.registry.permission.RolePermissionService)
JSONArray(org.json.JSONArray)
ValueQuery(com.runwaysdk.query.ValueQuery)
LeftJoinEq(com.runwaysdk.query.LeftJoinEq)
QueryFactory(com.runwaysdk.query.QueryFactory)
GeoprismUserQuery(net.geoprism.GeoprismUserQuery)
JSONArray(org.json.JSONArray)
SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF)
RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)
Example 2 with RoleDAOIF
use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.
the class UserInfo method applyUserWithRoles.
@Transaction
public static JSONObject applyUserWithRoles(JsonObject account, String[] roleNameArray, boolean isUserInvite) {
GeoprismUser geoprismUser = deserialize(account);
if (roleNameArray != null && roleNameArray.length == 0) {
// TODO : Better Error
throw new AttributeValueException("You're attempting to apply a user with zero roles?", "");
}
/*
* Make sure they have permissions to all these new roles they want to
* assign
*/
if (!isUserInvite && Session.getCurrentSession() != null && Session.getCurrentSession().getUser() != null) {
Set<RoleDAOIF> myRoles = Session.getCurrentSession().getUser().authorizedRoles();
boolean hasSRA = false;
for (RoleDAOIF myRole : myRoles) {
if (RegistryRole.Type.isSRA_Role(myRole.getRoleName())) {
hasSRA = true;
}
}
if (!hasSRA && roleNameArray != null) {
for (String roleName : roleNameArray) {
boolean hasPermission = false;
if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
String orgCodeArg = RegistryRole.Type.parseOrgCode(roleName);
for (RoleDAOIF myRole : myRoles) {
if (RegistryRole.Type.isRA_Role(myRole.getRoleName())) {
String myOrgCode = RegistryRole.Type.parseOrgCode(myRole.getRoleName());
if (myOrgCode.equals(orgCodeArg)) {
hasPermission = true;
break;
}
}
}
} else if (RegistryRole.Type.isSRA_Role(roleName)) {
SRAException ex = new SRAException();
throw ex;
} else {
hasPermission = true;
}
if (!hasPermission) {
OrganizationRAException ex = new OrganizationRAException();
throw ex;
}
}
}
}
// They're not allowed to change the admin username
if (!geoprismUser.isNew()) {
GeoprismUser adminUser = getAdminUser();
if (adminUser != null && adminUser.getOid().equals(geoprismUser.getOid()) && !geoprismUser.getUsername().equals(RegistryConstants.ADMIN_USER_NAME)) {
// TODO : Better Error
throw new AttributeValueException("You can't change the admin username", RegistryConstants.ADMIN_USER_NAME);
}
}
geoprismUser.apply();
if (roleNameArray != null) {
List<Roles> newRoles = new LinkedList<Roles>();
Set<String> roleIdSet = new HashSet<String>();
for (String roleName : roleNameArray) {
Roles role = Roles.findRoleByName(roleName);
roleIdSet.add(role.getOid());
newRoles.add(role);
}
List<ConfigurationIF> configurations = ConfigurationService.getConfigurations();
for (ConfigurationIF configuration : configurations) {
configuration.configureUserRoles(roleIdSet);
}
UserDAOIF user = UserDAO.get(geoprismUser.getOid());
// Remove existing roles.
Set<RoleDAOIF> userRoles = user.assignedRoles();
for (RoleDAOIF roleDAOIF : userRoles) {
RoleDAO roleDAO = RoleDAO.get(roleDAOIF.getOid()).getBusinessDAO();
if (!(geoprismUser.getUsername().equals(RegistryConstants.ADMIN_USER_NAME) && (roleDAO.getRoleName().equals(RegistryConstants.REGISTRY_SUPER_ADMIN_ROLE) || roleDAO.getRoleName().equals(DefaultConfiguration.ADMIN)))) {
roleDAO.deassignMember(user);
}
}
// Delete existing relationships with Organizations.
QueryFactory qf = new QueryFactory();
OrganizationUserQuery q = new OrganizationUserQuery(qf);
q.WHERE(q.childOid().EQ(geoprismUser.getOid()));
OIterator<? extends OrganizationUser> i = q.getIterator();
i.forEach(r -> r.delete());
/*
* Assign roles and associate with the user
*/
Set<String> organizationSet = new HashSet<String>();
for (Roles role : newRoles) {
RoleDAO roleDAO = (RoleDAO) BusinessFacade.getEntityDAO(role);
roleDAO.assignMember(user);
RegistryRole registryRole = new RegistryRoleConverter().build(role);
if (registryRole != null) {
String organizationCode = registryRole.getOrganizationCode();
if (organizationCode != null && !organizationCode.equals("") && !organizationSet.contains(organizationCode)) {
Organization organization = Organization.getByCode(organizationCode);
organization.addUsers(geoprismUser).apply();
organizationSet.add(organizationCode);
}
}
}
}
UserInfo info = getByUser(geoprismUser);
if (info == null) {
info = new UserInfo();
info.setGeoprismUser(geoprismUser);
} else {
info.lock();
}
if (account.has(UserInfo.ALTFIRSTNAME)) {
info.setAltFirstName(account.get(UserInfo.ALTFIRSTNAME).getAsString());
} else {
info.setAltFirstName("");
}
if (account.has(UserInfo.ALTLASTNAME)) {
info.setAltLastName(account.get(UserInfo.ALTLASTNAME).getAsString());
} else {
info.setAltLastName("");
}
if (account.has(UserInfo.ALTPHONENUMBER)) {
info.setAltPhoneNumber(account.get(UserInfo.ALTPHONENUMBER).getAsString());
} else {
info.setAltPhoneNumber("");
}
if (account.has(UserInfo.POSITION)) {
info.setPosition(account.get(UserInfo.POSITION).getAsString());
} else {
info.setPosition("");
}
if (account.has(UserInfo.DEPARTMENT)) {
info.setDepartment(account.get(UserInfo.DEPARTMENT).getAsString());
} else {
info.setDepartment("");
}
if (account.has(UserInfo.EXTERNALSYSTEMOID)) {
info.setExternalSystemOid(account.get(UserInfo.EXTERNALSYSTEMOID).getAsString());
} else {
info.setExternalSystemOid("");
}
info.apply();
return serialize(geoprismUser, info);
}
Also used :
RegistryRole(org.commongeoregistry.adapter.metadata.RegistryRole)
QueryFactory(com.runwaysdk.query.QueryFactory)
Roles(com.runwaysdk.system.Roles)
AttributeValueException(com.runwaysdk.dataaccess.attributes.AttributeValueException)
LinkedList(java.util.LinkedList)
ConfigurationIF(net.geoprism.ConfigurationIF)
RegistryRoleConverter(net.geoprism.registry.conversion.RegistryRoleConverter)
RoleDAO(com.runwaysdk.business.rbac.RoleDAO)
GeoprismUser(net.geoprism.GeoprismUser)
RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)
UserDAOIF(com.runwaysdk.business.rbac.UserDAOIF)
HashSet(java.util.HashSet)
Transaction(com.runwaysdk.dataaccess.transaction.Transaction)
Example 3 with RoleDAOIF
use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.
the class TaskService method getTasksForCurrentUser.
@Request(RequestType.SESSION)
public static JsonObject getTasksForCurrentUser(String sessionId, String orderBy, int pageNum, int pageSize, String whereStatus) {
QueryFactory qf = new QueryFactory();
ValueQuery vq = new ValueQuery(qf);
TaskHasRoleQuery thrq = new TaskHasRoleQuery(vq);
TaskQuery tq = new TaskQuery(vq);
vq.WHERE(thrq.getParent().EQ(tq));
if (whereStatus != null) {
vq.WHERE(tq.getStatus().EQ(whereStatus));
}
RolesQuery rq = new RolesQuery(vq);
vq.WHERE(thrq.getChild().EQ(rq));
Condition cond = null;
// Map<String, String> roles = Session.getCurrentSession().getUserRoles();
Set<RoleDAOIF> roles = Session.getCurrentSession().getUser().assignedRoles();
// for (String roleName : roles.keySet())
for (RoleDAOIF role : roles) {
String roleName = role.getRoleName();
if (roleName.equals(DefaultConfiguration.ADMIN)) {
continue;
}
if (cond == null) {
cond = rq.getRoleName().EQ(roleName);
} else {
cond = cond.OR(rq.getRoleName().EQ(roleName));
}
}
vq.WHERE(cond);
LocalizedValueStoreQuery lvsqTemplate = new LocalizedValueStoreQuery(vq);
vq.WHERE(tq.getTemplate().EQ(lvsqTemplate));
LocalizedValueStoreQuery lvsqTitle = new LocalizedValueStoreQuery(vq);
vq.WHERE(tq.getTitle().EQ(lvsqTitle));
vq.SELECT(tq.getOid("oid"));
vq.SELECT(lvsqTemplate.getStoreKey("templateKey"));
vq.SELECT(tq.getMessage().localize("msg"));
vq.SELECT(lvsqTitle.getStoreValue().localize("title"));
vq.SELECT(tq.getStatus("status"));
vq.SELECT(tq.getCreateDate("createDate"));
vq.SELECT(tq.getLastUpdateDate("completedDate"));
vq.ORDER_BY(tq.get(orderBy), SortOrder.DESC);
vq.restrictRows(pageSize, pageNum);
try (OIterator<ValueObject> it = vq.getIterator()) {
List<JsonWrapper> results = it.getAll().stream().map(vo -> {
JsonObject jo = new JsonObject();
jo.addProperty("id", vo.getValue("oid"));
jo.addProperty("templateKey", vo.getValue("templateKey"));
jo.addProperty("msg", vo.getValue("msg"));
jo.addProperty("title", vo.getValue("title"));
jo.addProperty("status", vo.getValue("status"));
jo.addProperty("createDate", ETLService.formatDate(MdAttributeDateTimeUtil.getTypeSafeValue(vo.getValue("createDate"))));
jo.addProperty("completedDate", vo.getValue("status").equals(TaskStatus.RESOLVED.name()) ? ETLService.formatDate(MdAttributeDateTimeUtil.getTypeSafeValue(vo.getValue("completedDate"))) : null);
return new JsonWrapper(jo);
}).collect(Collectors.toList());
return new Page<JsonWrapper>(vq.getCount(), pageNum, pageSize, results).toJSON();
}
}
Also used :
ValueQuery(com.runwaysdk.query.ValueQuery)
Condition(com.runwaysdk.query.Condition)
JsonObject(com.google.gson.JsonObject)
SortOrder(com.runwaysdk.query.OrderBy.SortOrder)
ProgrammingErrorException(com.runwaysdk.dataaccess.ProgrammingErrorException)
RequestType(com.runwaysdk.session.RequestType)
RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)
Set(java.util.Set)
ValueObject(com.runwaysdk.dataaccess.ValueObject)
LocalizedValueStoreQuery(com.runwaysdk.localization.LocalizedValueStoreQuery)
MdAttributeDateTimeUtil(com.runwaysdk.constants.MdAttributeDateTimeUtil)
Collectors(java.util.stream.Collectors)
Request(com.runwaysdk.session.Request)
RolesQuery(com.runwaysdk.system.RolesQuery)
DefaultConfiguration(net.geoprism.DefaultConfiguration)
ETLService(net.geoprism.registry.etl.ETLService)
OIterator(com.runwaysdk.query.OIterator)
Page(net.geoprism.registry.view.Page)
ValueQuery(com.runwaysdk.query.ValueQuery)
List(java.util.List)
Condition(com.runwaysdk.query.Condition)
JsonWrapper(net.geoprism.registry.view.JsonWrapper)
QueryFactory(com.runwaysdk.query.QueryFactory)
Session(com.runwaysdk.session.Session)
TaskStatus(net.geoprism.registry.task.Task.TaskStatus)
QueryFactory(com.runwaysdk.query.QueryFactory)
JsonObject(com.google.gson.JsonObject)
JsonWrapper(net.geoprism.registry.view.JsonWrapper)
RolesQuery(com.runwaysdk.system.RolesQuery)
ValueObject(com.runwaysdk.dataaccess.ValueObject)
RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)
LocalizedValueStoreQuery(com.runwaysdk.localization.LocalizedValueStoreQuery)
Request(com.runwaysdk.session.Request)
Example 4 with RoleDAOIF
use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.
the class GeoObjectRelationshipPermissionService method hasDirectPermission.
protected boolean hasDirectPermission(String orgCode, ServerGeoObjectType parentType, ServerGeoObjectType childType, Operation op, boolean isChangeRequest) {
if (// null actor is assumed to be SYSTEM
!this.hasSessionUser()) {
return true;
}
if (orgCode != null) {
SingleActorDAOIF actor = this.getSessionUser();
Set<RoleDAOIF> roles = actor.authorizedRoles();
for (RoleDAOIF role : roles) {
String roleName = role.getRoleName();
if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
if (op.equals(Operation.READ_CHILD) && (childType != null && !childType.getIsPrivate())) {
return true;
}
if (roleOrgCode.equals(orgCode)) {
if (RegistryRole.Type.isRA_Role(roleName)) {
return true;
} else if (RegistryRole.Type.isRM_Role(roleName) || RegistryRole.Type.isRC_Role(roleName) || RegistryRole.Type.isAC_Role(roleName)) {
String roleGotCode = RegistryRole.Type.parseGotCode(roleName);
if (childType == null || childType.getCode().equals(roleGotCode)) {
if (RegistryRole.Type.isRM_Role(roleName)) {
return true;
} else if (RegistryRole.Type.isRC_Role(roleName)) {
if (isChangeRequest || op.equals(Operation.READ_CHILD)) {
return true;
}
} else if (RegistryRole.Type.isAC_Role(roleName)) {
if (op.equals(Operation.READ_CHILD)) {
return true;
}
}
}
}
}
} else if (RegistryRole.Type.isSRA_Role(roleName)) {
return true;
}
}
}
return false;
}
Also used :
SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF)
RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)
Example 5 with RoleDAOIF
use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.
the class GeoObjectTypePermissionService method hasDirectPermission.
private boolean hasDirectPermission(String orgCode, ServerGeoObjectType got, boolean isPrivate, CGRPermissionActionIF action) {
if (orgCode != null) {
SingleActorDAOIF actor = this.getSessionUser();
Set<RoleDAOIF> roles = actor.authorizedRoles();
for (RoleDAOIF role : roles) {
String roleName = role.getRoleName();
if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
if (action.equals(CGRPermissionAction.READ) && !isPrivate) {
return true;
}
if (roleOrgCode.equals(orgCode)) {
if (action.equals(CGRPermissionAction.READ) && isPrivate) {
return true;
}
if (RegistryRole.Type.isRA_Role(roleName)) {
return true;
} else if (RegistryRole.Type.isRM_Role(roleName) || RegistryRole.Type.isRC_Role(roleName) || RegistryRole.Type.isAC_Role(roleName)) {
String roleGotCode = RegistryRole.Type.parseGotCode(roleName);
if (got != null && got.getCode().equals(roleGotCode)) {
if (RegistryRole.Type.isRM_Role(roleName)) {
if (action.equals(CGRPermissionAction.READ)) {
return true;
}
} else if (RegistryRole.Type.isRC_Role(roleName)) {
if (// ||
action.equals(CGRPermissionAction.READ)) // isChangeRequest
{
return true;
}
} else if (RegistryRole.Type.isAC_Role(roleName)) {
if (action.equals(CGRPermissionAction.READ)) {
return true;
}
}
}
}
}
} else if (RegistryRole.Type.isSRA_Role(roleName)) {
return true;
}
}
}
return false;
}
Also used :
SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF)
RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)
Aggregations
RoleDAOIF (com.runwaysdk.business.rbac.RoleDAOIF)18
SingleActorDAOIF (com.runwaysdk.business.rbac.SingleActorDAOIF)16
ArrayList (java.util.ArrayList)5
Condition (com.runwaysdk.query.Condition)3
QueryFactory (com.runwaysdk.query.QueryFactory)3
HashSet (java.util.HashSet)3
GeoprismUser (net.geoprism.GeoprismUser)3
Organization (net.geoprism.registry.Organization)3
ServerGeoObjectType (net.geoprism.registry.model.ServerGeoObjectType)3
JsonObject (com.google.gson.JsonObject)2
RoleDAO (com.runwaysdk.business.rbac.RoleDAO)2
UserDAOIF (com.runwaysdk.business.rbac.UserDAOIF)2
ProgrammingErrorException (com.runwaysdk.dataaccess.ProgrammingErrorException)2
ValueObject (com.runwaysdk.dataaccess.ValueObject)2
AttributeValueException (com.runwaysdk.dataaccess.attributes.AttributeValueException)2
Transaction (com.runwaysdk.dataaccess.transaction.Transaction)2
OIterator (com.runwaysdk.query.OIterator)2
ValueQuery (com.runwaysdk.query.ValueQuery)2
Session (com.runwaysdk.session.Session)2
Roles (com.runwaysdk.system.Roles)2
