Search in sources :

Example 6 with RoleDAOIF

use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.

the class RolePermissionService method getRMGeoObjectTypes.

/**
 * If the session user is a role, this method will return the user's
 * GeoObjectType. Otherwise this method will return null.
 */
public List<String> getRMGeoObjectTypes() {
    List<String> types = new ArrayList<String>();
    SingleActorDAOIF actor = this.getSessionUser();
    Set<RoleDAOIF> roles = actor.authorizedRoles();
    for (RoleDAOIF role : roles) {
        String roleName = role.getRoleName();
        if (RegistryRole.Type.isOrgRole(roleName) && RegistryRole.Type.isRM_Role(roleName)) {
            String gotCode = RegistryRole.Type.parseGotCode(roleName);
            types.add(gotCode);
        }
    }
    return types;
}
Also used : ArrayList(java.util.ArrayList) SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)

Example 7 with RoleDAOIF

use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.

the class RolePermissionService method isRA.

public boolean isRA(String orgCode) {
    if (!this.hasSessionUser()) {
        return true;
    }
    SingleActorDAOIF actor = this.getSessionUser();
    Set<RoleDAOIF> roles = actor.authorizedRoles();
    for (RoleDAOIF role : roles) {
        String roleName = role.getRoleName();
        if (RegistryRole.Type.isRA_Role(roleName)) {
            String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
            if (orgCode != null && orgCode.equals(roleOrgCode)) {
                return true;
            } else if (orgCode == null) {
                return true;
            }
        } else if (RegistryRole.Type.isSRA_Role(roleName)) {
            return true;
        }
    }
    return false;
}
Also used : SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)

Example 8 with RoleDAOIF

use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.

the class ChangeRequest method apply.

@Override
public void apply() {
    // We aren't using 'isNew' here because isNew will be true until the transaction applies
    final boolean isApplied = this.isAppliedToDB();
    // Cache the Geo-Object label and type label on this object for sorting purposes
    this.getGeoObjectLabel().setLocaleMap(this.getGeoObjectDisplayLabel().getLocaleMap());
    this.getGeoObjectTypeLabel().setLocaleMap(this.getGeoObjectType().getLabel().getLocaleMap());
    super.apply();
    // Send an email to RMs telling them about this new CR
    try {
        if (!isApplied) {
            SingleActor createdBy = this.getCreatedBy();
            if (createdBy instanceof GeoprismUser) {
                // Get all RM's for the GOT and Org
                String rmRoleName = this.getGeoObjectType().getMaintainerRoleName();
                RoleDAOIF role = RoleDAO.findRole(rmRoleName);
                Set<SingleActorDAOIF> actors = role.assignedActors();
                List<String> toAddresses = new ArrayList<String>();
                for (SingleActorDAOIF actor : actors) {
                    if (actor.getType().equals(GeoprismUser.CLASS)) {
                        GeoprismUser geoprismUser = GeoprismUser.get(actor.getOid());
                        String email = geoprismUser.getEmail();
                        if (email != null && email.length() > 0 && !email.contains("@noreply")) {
                            toAddresses.add(email);
                        }
                    }
                }
                if (toAddresses.size() > 0) {
                    String subject = LocalizationFacade.getFromBundles("change.request.email.submit.subject");
                    String body = LocalizationFacade.getFromBundles("change.request.email.submit.body");
                    body = body.replaceAll("\\\\n", "\n");
                    body = body.replaceAll("\\{user\\}", ((GeoprismUser) createdBy).getUsername());
                    body = body.replaceAll("\\{geoobject\\}", this.getGeoObjectDisplayLabel().getValue());
                    String link = GeoregistryProperties.getRemoteServerUrl() + "cgr/manage#/registry/change-requests/" + this.getOid();
                    body = body.replaceAll("\\{link\\}", link);
                    // Aspects will weave in here and this will happen at the end of the transaction
                    new SendEmailCommand(subject, body, toAddresses.toArray(new String[toAddresses.size()])).doIt();
                }
            }
        }
    } catch (Throwable t) {
        t.printStackTrace();
    }
}
Also used : ArrayList(java.util.ArrayList) GeoprismUser(net.geoprism.GeoprismUser) SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF) SendEmailCommand(net.geoprism.registry.command.SendEmailCommand) SingleActor(com.runwaysdk.system.SingleActor)

Example 9 with RoleDAOIF

use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.

the class ETLService method filterHistoryQueryBasedOnPermissions.

public void filterHistoryQueryBasedOnPermissions(ImportHistoryQuery ihq) {
    List<String> raOrgs = new ArrayList<String>();
    List<String> rmGeoObjects = new ArrayList<String>();
    Condition cond = null;
    SingleActorDAOIF actor = Session.getCurrentSession().getUser();
    for (RoleDAOIF role : actor.authorizedRoles()) {
        String roleName = role.getRoleName();
        if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
            if (RegistryRole.Type.isRA_Role(roleName)) {
                String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
                raOrgs.add(roleOrgCode);
            } else if (RegistryRole.Type.isRM_Role(roleName)) {
                rmGeoObjects.add(roleName);
            }
        }
    }
    if (!new RolePermissionService().isSRA() && raOrgs.size() == 0 && rmGeoObjects.size() == 0) {
        throw new ProgrammingErrorException("This endpoint must be invoked by an RA or RM");
    }
    for (String orgCode : raOrgs) {
        Organization org = Organization.getByCode(orgCode);
        Condition loopCond = ihq.getOrganization().EQ(org);
        if (cond == null) {
            cond = loopCond;
        } else {
            cond = cond.OR(loopCond);
        }
    }
    for (String roleName : rmGeoObjects) {
        String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
        Organization org = Organization.getByCode(roleOrgCode);
        String gotCode = RegistryRole.Type.parseGotCode(roleName);
        Condition loopCond = ihq.getGeoObjectTypeCode().EQ(gotCode).AND(ihq.getOrganization().EQ(org));
        if (cond == null) {
            cond = loopCond;
        } else {
            cond = cond.OR(loopCond);
        }
        // If they have permission to an abstract parent type, then they also have
        // permission to all its children.
        Optional<ServerGeoObjectType> op = ServiceFactory.getMetadataCache().getGeoObjectType(gotCode);
        if (op.isPresent() && op.get().getIsAbstract()) {
            List<ServerGeoObjectType> subTypes = op.get().getSubtypes();
            for (ServerGeoObjectType subType : subTypes) {
                Condition superCond = ihq.getGeoObjectTypeCode().EQ(subType.getCode()).AND(ihq.getOrganization().EQ(subType.getOrganization()));
                cond = cond.OR(superCond);
            }
        }
    }
    if (cond != null) {
        ihq.AND(cond);
    }
}
Also used : Condition(com.runwaysdk.query.Condition) RolePermissionService(net.geoprism.registry.permission.RolePermissionService) Organization(net.geoprism.registry.Organization) ServerGeoObjectType(net.geoprism.registry.model.ServerGeoObjectType) ArrayList(java.util.ArrayList) SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF) ProgrammingErrorException(com.runwaysdk.dataaccess.ProgrammingErrorException)

Example 10 with RoleDAOIF

use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.

the class GeoObjectTypeRelationshipPermissionService method directRelationshipPermission.

private boolean directRelationshipPermission(ServerHierarchyType ht, ServerGeoObjectType parentType, ServerGeoObjectType childType, boolean allowRC) {
    if (// null actor is assumed to be SYSTEM
    !this.hasSessionUser()) {
        return true;
    }
    if (ht.getMdTermRelationship().getKey().equals(AllowedIn.CLASS) || ht.getMdTermRelationship().getKey().equals(LocatedIn.CLASS)) {
        // AllowedIn is deprecated and should not be used by the
        return true;
    // end-user.
    }
    Organization thisOrg = ht.getOrganization();
    if (thisOrg != null) {
        SingleActorDAOIF actor = this.getSessionUser();
        String thisOrgCode = thisOrg.getCode();
        Set<RoleDAOIF> roles = actor.authorizedRoles();
        for (RoleDAOIF role : roles) {
            String roleName = role.getRoleName();
            if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
                String orgCode = RegistryRole.Type.parseOrgCode(roleName);
                if (RegistryRole.Type.isRA_Role(roleName) && orgCode.equals(thisOrgCode)) {
                    return true;
                } else if (RegistryRole.Type.isRM_Role(roleName) && orgCode.equals(thisOrgCode)) {
                    String gotCode = RegistryRole.Type.parseGotCode(roleName);
                    if (// Null parent / child
                    parentType == null || childType == null || // widget
                    gotCode.equals(parentType.getCode()) || gotCode.equals(childType.getCode())) {
                        return true;
                    }
                } else if (allowRC && RegistryRole.Type.isRC_Role(roleName) && orgCode.equals(thisOrgCode)) {
                    String gotCode = RegistryRole.Type.parseGotCode(roleName);
                    if (gotCode.equals(parentType.getCode()) || gotCode.equals(childType.getCode())) {
                        return true;
                    }
                }
            } else if (RegistryRole.Type.isSRA_Role(roleName)) {
                return true;
            }
        }
    }
    return false;
}
Also used : Organization(net.geoprism.registry.Organization) SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)

Aggregations

RoleDAOIF (com.runwaysdk.business.rbac.RoleDAOIF)18 SingleActorDAOIF (com.runwaysdk.business.rbac.SingleActorDAOIF)16 ArrayList (java.util.ArrayList)5 Condition (com.runwaysdk.query.Condition)3 QueryFactory (com.runwaysdk.query.QueryFactory)3 HashSet (java.util.HashSet)3 GeoprismUser (net.geoprism.GeoprismUser)3 Organization (net.geoprism.registry.Organization)3 ServerGeoObjectType (net.geoprism.registry.model.ServerGeoObjectType)3 JsonObject (com.google.gson.JsonObject)2 RoleDAO (com.runwaysdk.business.rbac.RoleDAO)2 UserDAOIF (com.runwaysdk.business.rbac.UserDAOIF)2 ProgrammingErrorException (com.runwaysdk.dataaccess.ProgrammingErrorException)2 ValueObject (com.runwaysdk.dataaccess.ValueObject)2 AttributeValueException (com.runwaysdk.dataaccess.attributes.AttributeValueException)2 Transaction (com.runwaysdk.dataaccess.transaction.Transaction)2 OIterator (com.runwaysdk.query.OIterator)2 ValueQuery (com.runwaysdk.query.ValueQuery)2 Session (com.runwaysdk.session.Session)2 Roles (com.runwaysdk.system.Roles)2