Example 6 with RoleDAOIF
use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.
the class RolePermissionService method getRMGeoObjectTypes.
/**
* If the session user is a role, this method will return the user's
* GeoObjectType. Otherwise this method will return null.
*/
public List<String> getRMGeoObjectTypes() {
List<String> types = new ArrayList<String>();
SingleActorDAOIF actor = this.getSessionUser();
Set<RoleDAOIF> roles = actor.authorizedRoles();
for (RoleDAOIF role : roles) {
String roleName = role.getRoleName();
if (RegistryRole.Type.isOrgRole(roleName) && RegistryRole.Type.isRM_Role(roleName)) {
String gotCode = RegistryRole.Type.parseGotCode(roleName);
types.add(gotCode);
}
}
return types;
}
Also used :
ArrayList(java.util.ArrayList)
SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF)
RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)
Example 7 with RoleDAOIF
use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.
the class RolePermissionService method isRA.
public boolean isRA(String orgCode) {
if (!this.hasSessionUser()) {
return true;
}
SingleActorDAOIF actor = this.getSessionUser();
Set<RoleDAOIF> roles = actor.authorizedRoles();
for (RoleDAOIF role : roles) {
String roleName = role.getRoleName();
if (RegistryRole.Type.isRA_Role(roleName)) {
String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
if (orgCode != null && orgCode.equals(roleOrgCode)) {
return true;
} else if (orgCode == null) {
return true;
}
} else if (RegistryRole.Type.isSRA_Role(roleName)) {
return true;
}
}
return false;
}
Also used :
SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF)
RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)
Example 8 with RoleDAOIF
use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.
the class ChangeRequest method apply.
@Override
public void apply() {
// We aren't using 'isNew' here because isNew will be true until the transaction applies
final boolean isApplied = this.isAppliedToDB();
// Cache the Geo-Object label and type label on this object for sorting purposes
this.getGeoObjectLabel().setLocaleMap(this.getGeoObjectDisplayLabel().getLocaleMap());
this.getGeoObjectTypeLabel().setLocaleMap(this.getGeoObjectType().getLabel().getLocaleMap());
super.apply();
// Send an email to RMs telling them about this new CR
try {
if (!isApplied) {
SingleActor createdBy = this.getCreatedBy();
if (createdBy instanceof GeoprismUser) {
// Get all RM's for the GOT and Org
String rmRoleName = this.getGeoObjectType().getMaintainerRoleName();
RoleDAOIF role = RoleDAO.findRole(rmRoleName);
Set<SingleActorDAOIF> actors = role.assignedActors();
List<String> toAddresses = new ArrayList<String>();
for (SingleActorDAOIF actor : actors) {
if (actor.getType().equals(GeoprismUser.CLASS)) {
GeoprismUser geoprismUser = GeoprismUser.get(actor.getOid());
String email = geoprismUser.getEmail();
if (email != null && email.length() > 0 && !email.contains("@noreply")) {
toAddresses.add(email);
}
}
}
if (toAddresses.size() > 0) {
String subject = LocalizationFacade.getFromBundles("change.request.email.submit.subject");
String body = LocalizationFacade.getFromBundles("change.request.email.submit.body");
body = body.replaceAll("\\\\n", "\n");
body = body.replaceAll("\\{user\\}", ((GeoprismUser) createdBy).getUsername());
body = body.replaceAll("\\{geoobject\\}", this.getGeoObjectDisplayLabel().getValue());
String link = GeoregistryProperties.getRemoteServerUrl() + "cgr/manage#/registry/change-requests/" + this.getOid();
body = body.replaceAll("\\{link\\}", link);
// Aspects will weave in here and this will happen at the end of the transaction
new SendEmailCommand(subject, body, toAddresses.toArray(new String[toAddresses.size()])).doIt();
}
}
}
} catch (Throwable t) {
t.printStackTrace();
}
}
Also used :
ArrayList(java.util.ArrayList)
GeoprismUser(net.geoprism.GeoprismUser)
SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF)
RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)
SendEmailCommand(net.geoprism.registry.command.SendEmailCommand)
SingleActor(com.runwaysdk.system.SingleActor)
Example 9 with RoleDAOIF
use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.
the class ETLService method filterHistoryQueryBasedOnPermissions.
public void filterHistoryQueryBasedOnPermissions(ImportHistoryQuery ihq) {
List<String> raOrgs = new ArrayList<String>();
List<String> rmGeoObjects = new ArrayList<String>();
Condition cond = null;
SingleActorDAOIF actor = Session.getCurrentSession().getUser();
for (RoleDAOIF role : actor.authorizedRoles()) {
String roleName = role.getRoleName();
if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
if (RegistryRole.Type.isRA_Role(roleName)) {
String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
raOrgs.add(roleOrgCode);
} else if (RegistryRole.Type.isRM_Role(roleName)) {
rmGeoObjects.add(roleName);
}
}
}
if (!new RolePermissionService().isSRA() && raOrgs.size() == 0 && rmGeoObjects.size() == 0) {
throw new ProgrammingErrorException("This endpoint must be invoked by an RA or RM");
}
for (String orgCode : raOrgs) {
Organization org = Organization.getByCode(orgCode);
Condition loopCond = ihq.getOrganization().EQ(org);
if (cond == null) {
cond = loopCond;
} else {
cond = cond.OR(loopCond);
}
}
for (String roleName : rmGeoObjects) {
String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
Organization org = Organization.getByCode(roleOrgCode);
String gotCode = RegistryRole.Type.parseGotCode(roleName);
Condition loopCond = ihq.getGeoObjectTypeCode().EQ(gotCode).AND(ihq.getOrganization().EQ(org));
if (cond == null) {
cond = loopCond;
} else {
cond = cond.OR(loopCond);
}
// If they have permission to an abstract parent type, then they also have
// permission to all its children.
Optional<ServerGeoObjectType> op = ServiceFactory.getMetadataCache().getGeoObjectType(gotCode);
if (op.isPresent() && op.get().getIsAbstract()) {
List<ServerGeoObjectType> subTypes = op.get().getSubtypes();
for (ServerGeoObjectType subType : subTypes) {
Condition superCond = ihq.getGeoObjectTypeCode().EQ(subType.getCode()).AND(ihq.getOrganization().EQ(subType.getOrganization()));
cond = cond.OR(superCond);
}
}
}
if (cond != null) {
ihq.AND(cond);
}
}
Also used :
Condition(com.runwaysdk.query.Condition)
RolePermissionService(net.geoprism.registry.permission.RolePermissionService)
Organization(net.geoprism.registry.Organization)
ServerGeoObjectType(net.geoprism.registry.model.ServerGeoObjectType)
ArrayList(java.util.ArrayList)
SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF)
RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)
ProgrammingErrorException(com.runwaysdk.dataaccess.ProgrammingErrorException)
Example 10 with RoleDAOIF
use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.
the class GeoObjectTypeRelationshipPermissionService method directRelationshipPermission.
private boolean directRelationshipPermission(ServerHierarchyType ht, ServerGeoObjectType parentType, ServerGeoObjectType childType, boolean allowRC) {
if (// null actor is assumed to be SYSTEM
!this.hasSessionUser()) {
return true;
}
if (ht.getMdTermRelationship().getKey().equals(AllowedIn.CLASS) || ht.getMdTermRelationship().getKey().equals(LocatedIn.CLASS)) {
// AllowedIn is deprecated and should not be used by the
return true;
// end-user.
}
Organization thisOrg = ht.getOrganization();
if (thisOrg != null) {
SingleActorDAOIF actor = this.getSessionUser();
String thisOrgCode = thisOrg.getCode();
Set<RoleDAOIF> roles = actor.authorizedRoles();
for (RoleDAOIF role : roles) {
String roleName = role.getRoleName();
if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
String orgCode = RegistryRole.Type.parseOrgCode(roleName);
if (RegistryRole.Type.isRA_Role(roleName) && orgCode.equals(thisOrgCode)) {
return true;
} else if (RegistryRole.Type.isRM_Role(roleName) && orgCode.equals(thisOrgCode)) {
String gotCode = RegistryRole.Type.parseGotCode(roleName);
if (// Null parent / child
parentType == null || childType == null || // widget
gotCode.equals(parentType.getCode()) || gotCode.equals(childType.getCode())) {
return true;
}
} else if (allowRC && RegistryRole.Type.isRC_Role(roleName) && orgCode.equals(thisOrgCode)) {
String gotCode = RegistryRole.Type.parseGotCode(roleName);
if (gotCode.equals(parentType.getCode()) || gotCode.equals(childType.getCode())) {
return true;
}
}
} else if (RegistryRole.Type.isSRA_Role(roleName)) {
return true;
}
}
}
return false;
}
Also used :
Organization(net.geoprism.registry.Organization)
SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF)
RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)
Aggregations
RoleDAOIF (com.runwaysdk.business.rbac.RoleDAOIF)18
SingleActorDAOIF (com.runwaysdk.business.rbac.SingleActorDAOIF)16
ArrayList (java.util.ArrayList)5
Condition (com.runwaysdk.query.Condition)3
QueryFactory (com.runwaysdk.query.QueryFactory)3
HashSet (java.util.HashSet)3
GeoprismUser (net.geoprism.GeoprismUser)3
Organization (net.geoprism.registry.Organization)3
ServerGeoObjectType (net.geoprism.registry.model.ServerGeoObjectType)3
JsonObject (com.google.gson.JsonObject)2
RoleDAO (com.runwaysdk.business.rbac.RoleDAO)2
UserDAOIF (com.runwaysdk.business.rbac.UserDAOIF)2
ProgrammingErrorException (com.runwaysdk.dataaccess.ProgrammingErrorException)2
ValueObject (com.runwaysdk.dataaccess.ValueObject)2
AttributeValueException (com.runwaysdk.dataaccess.attributes.AttributeValueException)2
Transaction (com.runwaysdk.dataaccess.transaction.Transaction)2
OIterator (com.runwaysdk.query.OIterator)2
ValueQuery (com.runwaysdk.query.ValueQuery)2
Session (com.runwaysdk.session.Session)2
Roles (com.runwaysdk.system.Roles)2
