use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.
the class UserInfo method getSRAs.
public static JSONObject getSRAs(Integer pageSize, Integer pageNumber) {
RoleDAOIF role = RoleDAO.findRole(RegistryConstants.REGISTRY_SUPER_ADMIN_ROLE);
Set<SingleActorDAOIF> actors = role.assignedActors();
Set<String> oids = actors.parallelStream().map(actor -> actor.getOid()).collect(Collectors.toSet());
ValueQuery vQuery = new ValueQuery(new QueryFactory());
GeoprismUserQuery uQuery = new GeoprismUserQuery(vQuery);
UserInfoQuery iQuery = new UserInfoQuery(vQuery);
vQuery.SELECT(uQuery.getOid(), uQuery.getUsername(), uQuery.getFirstName(), uQuery.getLastName(), uQuery.getPhoneNumber(), uQuery.getEmail(), uQuery.getInactive());
vQuery.SELECT(iQuery.getAltFirstName(), iQuery.getAltLastName(), iQuery.getAltPhoneNumber(), iQuery.getPosition());
vQuery.SELECT(iQuery.getExternalSystemOid());
vQuery.WHERE(new LeftJoinEq(uQuery.getOid(), iQuery.getGeoprismUser()));
vQuery.AND(uQuery.getOid().IN(oids.toArray(new String[oids.size()])));
vQuery.ORDER_BY_ASC(uQuery.getUsername());
return serializePage(pageSize, pageNumber, new JSONArray(), vQuery);
}
use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.
the class RegistrySessionService method ologin.
/**
* Serves as a "redirect url" for logging into DHIS2 via oauth.
*
* @param serverId
* @param code
* @param locales
* @param redirectBase
* @return
*/
@Authenticate
public static java.lang.String ologin(java.lang.String serverId, java.lang.String code, java.lang.String locales, java.lang.String redirectBase) {
try {
// We used to try to build this from the controller but it would include stuff (like the port :443) which then wouldn't match
// with the redirect url the client specified in DHIS2. Therefore this has to be something that the user can set (or, at least,
// in a properties file)
redirectBase = GeoregistryProperties.getRemoteServerUrl();
String redirect = redirectBase + "cgrsession/ologin";
OauthServer server = OauthServer.get(serverId);
/*
* Get the access token
*/
TokenRequestBuilder tokenBuilder = OAuthClientRequest.tokenLocation(server.getTokenLocation());
tokenBuilder.setGrantType(GrantType.AUTHORIZATION_CODE);
tokenBuilder.setRedirectURI(redirect);
tokenBuilder.setCode(code);
String auth = server.getClientId() + ":" + server.getSecretKey();
OAuthClientRequest tokenRequest = tokenBuilder.buildBodyMessage();
tokenRequest.setHeader("Accept", "application/json");
tokenRequest.setHeader("Authorization", "Basic " + new String(Base64.getEncoder().encode(auth.getBytes())));
URLConnectionClient connClient = new URLConnectionClient();
OAuthClient oAuthClient = new OAuthClient(connClient);
OAuthJSONAccessTokenResponse accessToken = oAuthClient.accessToken(tokenRequest, OAuth.HttpMethod.POST, OAuthJSONAccessTokenResponse.class);
/*
* Request the user information
*/
OAuthBearerClientRequest requestBuilder = new OAuthBearerClientRequest(server.getProfileLocation());
requestBuilder.setAccessToken(accessToken.getAccessToken());
OAuthClientRequest bearerRequest = requestBuilder.buildQueryMessage();
OAuthResourceResponse resourceResponse = oAuthClient.resource(bearerRequest, OAuth.HttpMethod.GET, OAuthResourceResponse.class);
String body = resourceResponse.getBody();
JSONObject object = new JSONObject(body);
final String username = object.getJSONObject("userCredentials").getString("username");
SingleActorDAOIF profile = RegistrySessionService.getActor(server, username);
String sessionId = SessionFacade.logIn(profile, LocaleSerializer.deserialize(locales));
JsonObject json = new JsonObject();
json.addProperty("sessionId", sessionId);
json.addProperty("username", username);
return json.toString();
} catch (JSONException | OAuthSystemException | OAuthProblemException e) {
throw new InvalidLoginException(e);
}
}
use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.
the class GeoObjectRelationshipPermissionService method hasDirectPermission.
protected boolean hasDirectPermission(String orgCode, ServerGeoObjectType parentType, ServerGeoObjectType childType, Operation op, boolean isChangeRequest) {
if (// null actor is assumed to be SYSTEM
!this.hasSessionUser()) {
return true;
}
if (orgCode != null) {
SingleActorDAOIF actor = this.getSessionUser();
Set<RoleDAOIF> roles = actor.authorizedRoles();
for (RoleDAOIF role : roles) {
String roleName = role.getRoleName();
if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
if (op.equals(Operation.READ_CHILD) && (childType != null && !childType.getIsPrivate())) {
return true;
}
if (roleOrgCode.equals(orgCode)) {
if (RegistryRole.Type.isRA_Role(roleName)) {
return true;
} else if (RegistryRole.Type.isRM_Role(roleName) || RegistryRole.Type.isRC_Role(roleName) || RegistryRole.Type.isAC_Role(roleName)) {
String roleGotCode = RegistryRole.Type.parseGotCode(roleName);
if (childType == null || childType.getCode().equals(roleGotCode)) {
if (RegistryRole.Type.isRM_Role(roleName)) {
return true;
} else if (RegistryRole.Type.isRC_Role(roleName)) {
if (isChangeRequest || op.equals(Operation.READ_CHILD)) {
return true;
}
} else if (RegistryRole.Type.isAC_Role(roleName)) {
if (op.equals(Operation.READ_CHILD)) {
return true;
}
}
}
}
}
} else if (RegistryRole.Type.isSRA_Role(roleName)) {
return true;
}
}
}
return false;
}
use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.
the class GeoObjectTypePermissionService method hasDirectPermission.
private boolean hasDirectPermission(String orgCode, ServerGeoObjectType got, boolean isPrivate, CGRPermissionActionIF action) {
if (orgCode != null) {
SingleActorDAOIF actor = this.getSessionUser();
Set<RoleDAOIF> roles = actor.authorizedRoles();
for (RoleDAOIF role : roles) {
String roleName = role.getRoleName();
if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
if (action.equals(CGRPermissionAction.READ) && !isPrivate) {
return true;
}
if (roleOrgCode.equals(orgCode)) {
if (action.equals(CGRPermissionAction.READ) && isPrivate) {
return true;
}
if (RegistryRole.Type.isRA_Role(roleName)) {
return true;
} else if (RegistryRole.Type.isRM_Role(roleName) || RegistryRole.Type.isRC_Role(roleName) || RegistryRole.Type.isAC_Role(roleName)) {
String roleGotCode = RegistryRole.Type.parseGotCode(roleName);
if (got != null && got.getCode().equals(roleGotCode)) {
if (RegistryRole.Type.isRM_Role(roleName)) {
if (action.equals(CGRPermissionAction.READ)) {
return true;
}
} else if (RegistryRole.Type.isRC_Role(roleName)) {
if (// ||
action.equals(CGRPermissionAction.READ)) // isChangeRequest
{
return true;
}
} else if (RegistryRole.Type.isAC_Role(roleName)) {
if (action.equals(CGRPermissionAction.READ)) {
return true;
}
}
}
}
}
} else if (RegistryRole.Type.isSRA_Role(roleName)) {
return true;
}
}
}
return false;
}
use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.
the class RolePermissionService method getRMGeoObjectTypes.
/**
* If the session user is a role, this method will return the user's
* GeoObjectType. Otherwise this method will return null.
*/
public List<String> getRMGeoObjectTypes() {
List<String> types = new ArrayList<String>();
SingleActorDAOIF actor = this.getSessionUser();
Set<RoleDAOIF> roles = actor.authorizedRoles();
for (RoleDAOIF role : roles) {
String roleName = role.getRoleName();
if (RegistryRole.Type.isOrgRole(roleName) && RegistryRole.Type.isRM_Role(roleName)) {
String gotCode = RegistryRole.Type.parseGotCode(roleName);
types.add(gotCode);
}
}
return types;
}
Aggregations