Search in sources :

Example 1 with SingleActorDAOIF

use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.

the class UserInfo method getSRAs.

public static JSONObject getSRAs(Integer pageSize, Integer pageNumber) {
    RoleDAOIF role = RoleDAO.findRole(RegistryConstants.REGISTRY_SUPER_ADMIN_ROLE);
    Set<SingleActorDAOIF> actors = role.assignedActors();
    Set<String> oids = actors.parallelStream().map(actor -> actor.getOid()).collect(Collectors.toSet());
    ValueQuery vQuery = new ValueQuery(new QueryFactory());
    GeoprismUserQuery uQuery = new GeoprismUserQuery(vQuery);
    UserInfoQuery iQuery = new UserInfoQuery(vQuery);
    vQuery.SELECT(uQuery.getOid(), uQuery.getUsername(), uQuery.getFirstName(), uQuery.getLastName(), uQuery.getPhoneNumber(), uQuery.getEmail(), uQuery.getInactive());
    vQuery.SELECT(iQuery.getAltFirstName(), iQuery.getAltLastName(), iQuery.getAltPhoneNumber(), iQuery.getPosition());
    vQuery.SELECT(iQuery.getExternalSystemOid());
    vQuery.WHERE(new LeftJoinEq(uQuery.getOid(), iQuery.getGeoprismUser()));
    vQuery.AND(uQuery.getOid().IN(oids.toArray(new String[oids.size()])));
    vQuery.ORDER_BY_ASC(uQuery.getUsername());
    return serializePage(pageSize, pageNumber, new JSONArray(), vQuery);
}
Also used : RegistryRole(org.commongeoregistry.adapter.metadata.RegistryRole) JsonObject(com.google.gson.JsonObject) RegistryRoleConverter(net.geoprism.registry.conversion.RegistryRoleConverter) Transaction(com.runwaysdk.dataaccess.transaction.Transaction) ValueObject(com.runwaysdk.dataaccess.ValueObject) ConfigurationIF(net.geoprism.ConfigurationIF) Random(java.util.Random) AttributeBooleanIF(com.runwaysdk.dataaccess.AttributeBooleanIF) DefaultConfiguration(net.geoprism.DefaultConfiguration) ServiceFactory(net.geoprism.registry.service.ServiceFactory) AttributeValueException(com.runwaysdk.dataaccess.attributes.AttributeValueException) HashSet(java.util.HashSet) ValueQuery(com.runwaysdk.query.ValueQuery) JSONObject(org.json.JSONObject) GeoprismUserQuery(net.geoprism.GeoprismUserQuery) QueryFactory(com.runwaysdk.query.QueryFactory) ConfigurationService(net.geoprism.ConfigurationService) RoleDAO(com.runwaysdk.business.rbac.RoleDAO) LinkedList(java.util.LinkedList) AttributeBoolean(com.runwaysdk.dataaccess.attributes.entity.AttributeBoolean) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF) Set(java.util.Set) Roles(com.runwaysdk.system.Roles) Collectors(java.util.stream.Collectors) BusinessFacade(com.runwaysdk.business.BusinessFacade) UserDAO(com.runwaysdk.business.rbac.UserDAO) LeftJoinEq(com.runwaysdk.query.LeftJoinEq) OIterator(com.runwaysdk.query.OIterator) List(java.util.List) UserDAOIF(com.runwaysdk.business.rbac.UserDAOIF) GeoprismUser(net.geoprism.GeoprismUser) SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF) ExternalSystem(net.geoprism.registry.graph.ExternalSystem) Session(com.runwaysdk.session.Session) RolePermissionService(net.geoprism.registry.permission.RolePermissionService) JSONArray(org.json.JSONArray) ValueQuery(com.runwaysdk.query.ValueQuery) LeftJoinEq(com.runwaysdk.query.LeftJoinEq) QueryFactory(com.runwaysdk.query.QueryFactory) GeoprismUserQuery(net.geoprism.GeoprismUserQuery) JSONArray(org.json.JSONArray) SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)

Example 2 with SingleActorDAOIF

use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.

the class RegistrySessionService method ologin.

/**
 * Serves as a "redirect url" for logging into DHIS2 via oauth.
 *
 * @param serverId
 * @param code
 * @param locales
 * @param redirectBase
 * @return
 */
@Authenticate
public static java.lang.String ologin(java.lang.String serverId, java.lang.String code, java.lang.String locales, java.lang.String redirectBase) {
    try {
        // We used to try to build this from the controller but it would include stuff (like the port :443) which then wouldn't match
        // with the redirect url the client specified in DHIS2. Therefore this has to be something that the user can set (or, at least,
        // in a properties file)
        redirectBase = GeoregistryProperties.getRemoteServerUrl();
        String redirect = redirectBase + "cgrsession/ologin";
        OauthServer server = OauthServer.get(serverId);
        /*
       * Get the access token
       */
        TokenRequestBuilder tokenBuilder = OAuthClientRequest.tokenLocation(server.getTokenLocation());
        tokenBuilder.setGrantType(GrantType.AUTHORIZATION_CODE);
        tokenBuilder.setRedirectURI(redirect);
        tokenBuilder.setCode(code);
        String auth = server.getClientId() + ":" + server.getSecretKey();
        OAuthClientRequest tokenRequest = tokenBuilder.buildBodyMessage();
        tokenRequest.setHeader("Accept", "application/json");
        tokenRequest.setHeader("Authorization", "Basic " + new String(Base64.getEncoder().encode(auth.getBytes())));
        URLConnectionClient connClient = new URLConnectionClient();
        OAuthClient oAuthClient = new OAuthClient(connClient);
        OAuthJSONAccessTokenResponse accessToken = oAuthClient.accessToken(tokenRequest, OAuth.HttpMethod.POST, OAuthJSONAccessTokenResponse.class);
        /*
       * Request the user information
       */
        OAuthBearerClientRequest requestBuilder = new OAuthBearerClientRequest(server.getProfileLocation());
        requestBuilder.setAccessToken(accessToken.getAccessToken());
        OAuthClientRequest bearerRequest = requestBuilder.buildQueryMessage();
        OAuthResourceResponse resourceResponse = oAuthClient.resource(bearerRequest, OAuth.HttpMethod.GET, OAuthResourceResponse.class);
        String body = resourceResponse.getBody();
        JSONObject object = new JSONObject(body);
        final String username = object.getJSONObject("userCredentials").getString("username");
        SingleActorDAOIF profile = RegistrySessionService.getActor(server, username);
        String sessionId = SessionFacade.logIn(profile, LocaleSerializer.deserialize(locales));
        JsonObject json = new JsonObject();
        json.addProperty("sessionId", sessionId);
        json.addProperty("username", username);
        return json.toString();
    } catch (JSONException | OAuthSystemException | OAuthProblemException e) {
        throw new InvalidLoginException(e);
    }
}
Also used : TokenRequestBuilder(org.apache.oltu.oauth2.client.request.OAuthClientRequest.TokenRequestBuilder) OAuthResourceResponse(org.apache.oltu.oauth2.client.response.OAuthResourceResponse) OAuthClient(org.apache.oltu.oauth2.client.OAuthClient) OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException) JsonObject(com.google.gson.JsonObject) JSONException(org.json.JSONException) OAuthBearerClientRequest(org.apache.oltu.oauth2.client.request.OAuthBearerClientRequest) OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException) URLConnectionClient(org.apache.oltu.oauth2.client.URLConnectionClient) JSONObject(org.json.JSONObject) InvalidLoginException(com.runwaysdk.session.InvalidLoginException) OAuthJSONAccessTokenResponse(org.apache.oltu.oauth2.client.response.OAuthJSONAccessTokenResponse) SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF) OAuthClientRequest(org.apache.oltu.oauth2.client.request.OAuthClientRequest) OauthServer(net.geoprism.account.OauthServer) Authenticate(com.runwaysdk.business.rbac.Authenticate)

Example 3 with SingleActorDAOIF

use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.

the class GeoObjectRelationshipPermissionService method hasDirectPermission.

protected boolean hasDirectPermission(String orgCode, ServerGeoObjectType parentType, ServerGeoObjectType childType, Operation op, boolean isChangeRequest) {
    if (// null actor is assumed to be SYSTEM
    !this.hasSessionUser()) {
        return true;
    }
    if (orgCode != null) {
        SingleActorDAOIF actor = this.getSessionUser();
        Set<RoleDAOIF> roles = actor.authorizedRoles();
        for (RoleDAOIF role : roles) {
            String roleName = role.getRoleName();
            if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
                String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
                if (op.equals(Operation.READ_CHILD) && (childType != null && !childType.getIsPrivate())) {
                    return true;
                }
                if (roleOrgCode.equals(orgCode)) {
                    if (RegistryRole.Type.isRA_Role(roleName)) {
                        return true;
                    } else if (RegistryRole.Type.isRM_Role(roleName) || RegistryRole.Type.isRC_Role(roleName) || RegistryRole.Type.isAC_Role(roleName)) {
                        String roleGotCode = RegistryRole.Type.parseGotCode(roleName);
                        if (childType == null || childType.getCode().equals(roleGotCode)) {
                            if (RegistryRole.Type.isRM_Role(roleName)) {
                                return true;
                            } else if (RegistryRole.Type.isRC_Role(roleName)) {
                                if (isChangeRequest || op.equals(Operation.READ_CHILD)) {
                                    return true;
                                }
                            } else if (RegistryRole.Type.isAC_Role(roleName)) {
                                if (op.equals(Operation.READ_CHILD)) {
                                    return true;
                                }
                            }
                        }
                    }
                }
            } else if (RegistryRole.Type.isSRA_Role(roleName)) {
                return true;
            }
        }
    }
    return false;
}
Also used : SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)

Example 4 with SingleActorDAOIF

use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.

the class GeoObjectTypePermissionService method hasDirectPermission.

private boolean hasDirectPermission(String orgCode, ServerGeoObjectType got, boolean isPrivate, CGRPermissionActionIF action) {
    if (orgCode != null) {
        SingleActorDAOIF actor = this.getSessionUser();
        Set<RoleDAOIF> roles = actor.authorizedRoles();
        for (RoleDAOIF role : roles) {
            String roleName = role.getRoleName();
            if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
                String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
                if (action.equals(CGRPermissionAction.READ) && !isPrivate) {
                    return true;
                }
                if (roleOrgCode.equals(orgCode)) {
                    if (action.equals(CGRPermissionAction.READ) && isPrivate) {
                        return true;
                    }
                    if (RegistryRole.Type.isRA_Role(roleName)) {
                        return true;
                    } else if (RegistryRole.Type.isRM_Role(roleName) || RegistryRole.Type.isRC_Role(roleName) || RegistryRole.Type.isAC_Role(roleName)) {
                        String roleGotCode = RegistryRole.Type.parseGotCode(roleName);
                        if (got != null && got.getCode().equals(roleGotCode)) {
                            if (RegistryRole.Type.isRM_Role(roleName)) {
                                if (action.equals(CGRPermissionAction.READ)) {
                                    return true;
                                }
                            } else if (RegistryRole.Type.isRC_Role(roleName)) {
                                if (// ||
                                action.equals(CGRPermissionAction.READ)) // isChangeRequest
                                {
                                    return true;
                                }
                            } else if (RegistryRole.Type.isAC_Role(roleName)) {
                                if (action.equals(CGRPermissionAction.READ)) {
                                    return true;
                                }
                            }
                        }
                    }
                }
            } else if (RegistryRole.Type.isSRA_Role(roleName)) {
                return true;
            }
        }
    }
    return false;
}
Also used : SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)

Example 5 with SingleActorDAOIF

use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.

the class RolePermissionService method getRMGeoObjectTypes.

/**
 * If the session user is a role, this method will return the user's
 * GeoObjectType. Otherwise this method will return null.
 */
public List<String> getRMGeoObjectTypes() {
    List<String> types = new ArrayList<String>();
    SingleActorDAOIF actor = this.getSessionUser();
    Set<RoleDAOIF> roles = actor.authorizedRoles();
    for (RoleDAOIF role : roles) {
        String roleName = role.getRoleName();
        if (RegistryRole.Type.isOrgRole(roleName) && RegistryRole.Type.isRM_Role(roleName)) {
            String gotCode = RegistryRole.Type.parseGotCode(roleName);
            types.add(gotCode);
        }
    }
    return types;
}
Also used : ArrayList(java.util.ArrayList) SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)

Aggregations

SingleActorDAOIF (com.runwaysdk.business.rbac.SingleActorDAOIF)18 RoleDAOIF (com.runwaysdk.business.rbac.RoleDAOIF)16 ArrayList (java.util.ArrayList)5 ServerGeoObjectType (net.geoprism.registry.model.ServerGeoObjectType)4 Organization (net.geoprism.registry.Organization)3 JsonObject (com.google.gson.JsonObject)2 Condition (com.runwaysdk.query.Condition)2 HashSet (java.util.HashSet)2 GeoprismUser (net.geoprism.GeoprismUser)2 RolePermissionService (net.geoprism.registry.permission.RolePermissionService)2 JSONObject (org.json.JSONObject)2 BusinessFacade (com.runwaysdk.business.BusinessFacade)1 Authenticate (com.runwaysdk.business.rbac.Authenticate)1 RoleDAO (com.runwaysdk.business.rbac.RoleDAO)1 UserDAO (com.runwaysdk.business.rbac.UserDAO)1 UserDAOIF (com.runwaysdk.business.rbac.UserDAOIF)1 AttributeBooleanIF (com.runwaysdk.dataaccess.AttributeBooleanIF)1 ProgrammingErrorException (com.runwaysdk.dataaccess.ProgrammingErrorException)1 ValueObject (com.runwaysdk.dataaccess.ValueObject)1 AttributeValueException (com.runwaysdk.dataaccess.attributes.AttributeValueException)1