use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.
the class RolePermissionService method isSRA.
public boolean isSRA() {
if (!this.hasSessionUser()) {
return true;
}
SingleActorDAOIF actor = this.getSessionUser();
Set<RoleDAOIF> roles = actor.authorizedRoles();
for (RoleDAOIF role : roles) {
String roleName = role.getRoleName();
if (RegistryRole.Type.isSRA_Role(roleName)) {
return true;
}
}
return false;
}
use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.
the class GeoObjectTypeRestrictionUtil method hasMandateOnType.
public static List<String> hasMandateOnType(String orgCodeAttr, String gotCodeAttr, boolean allowRC) {
List<String> criteria = new ArrayList<String>();
List<String> raOrgs = new ArrayList<String>();
List<String> goRoles = new ArrayList<String>();
SingleActorDAOIF actor = Session.getCurrentSession().getUser();
for (RoleDAOIF role : actor.authorizedRoles()) {
String roleName = role.getRoleName();
if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
if (RegistryRole.Type.isRA_Role(roleName)) {
String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
raOrgs.add(roleOrgCode);
} else if (RegistryRole.Type.isRM_Role(roleName)) {
goRoles.add(roleName);
} else if (allowRC && RegistryRole.Type.isRC_Role(roleName)) {
goRoles.add(roleName);
}
}
}
for (String orgCode : raOrgs) {
criteria.add("(" + orgCodeAttr + " = '" + orgCode + "')");
}
for (String roleName : goRoles) {
String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
String gotCode = RegistryRole.Type.parseGotCode(roleName);
criteria.add("(" + orgCodeAttr + " = '" + roleOrgCode + "' AND " + gotCodeAttr + " = '" + gotCode + "')");
// If they have permission to an abstract parent type, then they also have
// permission to all its children.
Optional<ServerGeoObjectType> op = ServiceFactory.getMetadataCache().getGeoObjectType(gotCode);
if (op.isPresent() && op.get().getIsAbstract()) {
List<ServerGeoObjectType> subTypes = op.get().getSubtypes();
for (ServerGeoObjectType subType : subTypes) {
criteria.add("(" + orgCodeAttr + " = '" + subType.getOrganization().getCode() + "' AND " + gotCodeAttr + " = '" + subType.getCode() + "')");
}
}
}
return criteria;
}
use of com.runwaysdk.business.rbac.RoleDAOIF in project geoprism-registry by terraframe.
the class ChangeRequestService method filterQueryBasedOnPermissions.
public void filterQueryBasedOnPermissions(ChangeRequestQuery crq) {
List<String> raOrgs = new ArrayList<String>();
List<String> goRoles = new ArrayList<String>();
Condition cond = null;
SingleActorDAOIF actor = Session.getCurrentSession().getUser();
for (RoleDAOIF role : actor.authorizedRoles()) {
String roleName = role.getRoleName();
if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
if (RegistryRole.Type.isRA_Role(roleName)) {
String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
raOrgs.add(roleOrgCode);
} else if (RegistryRole.Type.isRM_Role(roleName) || RegistryRole.Type.isRC_Role(roleName) || RegistryRole.Type.isAC_Role(roleName)) {
goRoles.add(roleName);
}
}
}
for (String orgCode : raOrgs) {
Organization org = Organization.getByCode(orgCode);
Condition loopCond = crq.getOrganizationCode().EQ(org.getCode());
if (cond == null) {
cond = loopCond;
} else {
cond = cond.OR(loopCond);
}
}
for (String roleName : goRoles) {
String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
Organization org = Organization.getByCode(roleOrgCode);
String gotCode = RegistryRole.Type.parseGotCode(roleName);
Condition loopCond = crq.getGeoObjectTypeCode().EQ(gotCode).AND(crq.getOrganizationCode().EQ(org.getCode()));
if (cond == null) {
cond = loopCond;
} else {
cond = cond.OR(loopCond);
}
// If they have permission to an abstract parent type, then they also have
// permission to all its children.
Optional<ServerGeoObjectType> op = ServiceFactory.getMetadataCache().getGeoObjectType(gotCode);
if (op.isPresent() && op.get().getIsAbstract()) {
List<ServerGeoObjectType> subTypes = op.get().getSubtypes();
for (ServerGeoObjectType subType : subTypes) {
Condition superCond = crq.getGeoObjectTypeCode().EQ(subType.getCode()).AND(crq.getOrganizationCode().EQ(subType.getOrganization().getCode()));
cond = cond.OR(superCond);
}
}
}
if (cond != null) {
crq.AND(cond);
}
}
Aggregations