Example 1 with SingleActorDAOIF
use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.
the class UserInfo method getSRAs.
public static JSONObject getSRAs(Integer pageSize, Integer pageNumber) {
RoleDAOIF role = RoleDAO.findRole(RegistryConstants.REGISTRY_SUPER_ADMIN_ROLE);
Set<SingleActorDAOIF> actors = role.assignedActors();
Set<String> oids = actors.parallelStream().map(actor -> actor.getOid()).collect(Collectors.toSet());
ValueQuery vQuery = new ValueQuery(new QueryFactory());
GeoprismUserQuery uQuery = new GeoprismUserQuery(vQuery);
UserInfoQuery iQuery = new UserInfoQuery(vQuery);
vQuery.SELECT(uQuery.getOid(), uQuery.getUsername(), uQuery.getFirstName(), uQuery.getLastName(), uQuery.getPhoneNumber(), uQuery.getEmail(), uQuery.getInactive());
vQuery.SELECT(iQuery.getAltFirstName(), iQuery.getAltLastName(), iQuery.getAltPhoneNumber(), iQuery.getPosition());
vQuery.SELECT(iQuery.getExternalSystemOid());
vQuery.WHERE(new LeftJoinEq(uQuery.getOid(), iQuery.getGeoprismUser()));
vQuery.AND(uQuery.getOid().IN(oids.toArray(new String[oids.size()])));
vQuery.ORDER_BY_ASC(uQuery.getUsername());
return serializePage(pageSize, pageNumber, new JSONArray(), vQuery);
}
Also used :
RegistryRole(org.commongeoregistry.adapter.metadata.RegistryRole)
JsonObject(com.google.gson.JsonObject)
RegistryRoleConverter(net.geoprism.registry.conversion.RegistryRoleConverter)
Transaction(com.runwaysdk.dataaccess.transaction.Transaction)
ValueObject(com.runwaysdk.dataaccess.ValueObject)
ConfigurationIF(net.geoprism.ConfigurationIF)
Random(java.util.Random)
AttributeBooleanIF(com.runwaysdk.dataaccess.AttributeBooleanIF)
DefaultConfiguration(net.geoprism.DefaultConfiguration)
ServiceFactory(net.geoprism.registry.service.ServiceFactory)
AttributeValueException(com.runwaysdk.dataaccess.attributes.AttributeValueException)
HashSet(java.util.HashSet)
ValueQuery(com.runwaysdk.query.ValueQuery)
JSONObject(org.json.JSONObject)
GeoprismUserQuery(net.geoprism.GeoprismUserQuery)
QueryFactory(com.runwaysdk.query.QueryFactory)
ConfigurationService(net.geoprism.ConfigurationService)
RoleDAO(com.runwaysdk.business.rbac.RoleDAO)
LinkedList(java.util.LinkedList)
AttributeBoolean(com.runwaysdk.dataaccess.attributes.entity.AttributeBoolean)
RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)
Set(java.util.Set)
Roles(com.runwaysdk.system.Roles)
Collectors(java.util.stream.Collectors)
BusinessFacade(com.runwaysdk.business.BusinessFacade)
UserDAO(com.runwaysdk.business.rbac.UserDAO)
LeftJoinEq(com.runwaysdk.query.LeftJoinEq)
OIterator(com.runwaysdk.query.OIterator)
List(java.util.List)
UserDAOIF(com.runwaysdk.business.rbac.UserDAOIF)
GeoprismUser(net.geoprism.GeoprismUser)
SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF)
ExternalSystem(net.geoprism.registry.graph.ExternalSystem)
Session(com.runwaysdk.session.Session)
RolePermissionService(net.geoprism.registry.permission.RolePermissionService)
JSONArray(org.json.JSONArray)
ValueQuery(com.runwaysdk.query.ValueQuery)
LeftJoinEq(com.runwaysdk.query.LeftJoinEq)
QueryFactory(com.runwaysdk.query.QueryFactory)
GeoprismUserQuery(net.geoprism.GeoprismUserQuery)
JSONArray(org.json.JSONArray)
SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF)
RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)
Example 2 with SingleActorDAOIF
use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.
the class RegistrySessionService method ologin.
/**
* Serves as a "redirect url" for logging into DHIS2 via oauth.
*
* @param serverId
* @param code
* @param locales
* @param redirectBase
* @return
*/
@Authenticate
public static java.lang.String ologin(java.lang.String serverId, java.lang.String code, java.lang.String locales, java.lang.String redirectBase) {
try {
// We used to try to build this from the controller but it would include stuff (like the port :443) which then wouldn't match
// with the redirect url the client specified in DHIS2. Therefore this has to be something that the user can set (or, at least,
// in a properties file)
redirectBase = GeoregistryProperties.getRemoteServerUrl();
String redirect = redirectBase + "cgrsession/ologin";
OauthServer server = OauthServer.get(serverId);
/*
* Get the access token
*/
TokenRequestBuilder tokenBuilder = OAuthClientRequest.tokenLocation(server.getTokenLocation());
tokenBuilder.setGrantType(GrantType.AUTHORIZATION_CODE);
tokenBuilder.setRedirectURI(redirect);
tokenBuilder.setCode(code);
String auth = server.getClientId() + ":" + server.getSecretKey();
OAuthClientRequest tokenRequest = tokenBuilder.buildBodyMessage();
tokenRequest.setHeader("Accept", "application/json");
tokenRequest.setHeader("Authorization", "Basic " + new String(Base64.getEncoder().encode(auth.getBytes())));
URLConnectionClient connClient = new URLConnectionClient();
OAuthClient oAuthClient = new OAuthClient(connClient);
OAuthJSONAccessTokenResponse accessToken = oAuthClient.accessToken(tokenRequest, OAuth.HttpMethod.POST, OAuthJSONAccessTokenResponse.class);
/*
* Request the user information
*/
OAuthBearerClientRequest requestBuilder = new OAuthBearerClientRequest(server.getProfileLocation());
requestBuilder.setAccessToken(accessToken.getAccessToken());
OAuthClientRequest bearerRequest = requestBuilder.buildQueryMessage();
OAuthResourceResponse resourceResponse = oAuthClient.resource(bearerRequest, OAuth.HttpMethod.GET, OAuthResourceResponse.class);
String body = resourceResponse.getBody();
JSONObject object = new JSONObject(body);
final String username = object.getJSONObject("userCredentials").getString("username");
SingleActorDAOIF profile = RegistrySessionService.getActor(server, username);
String sessionId = SessionFacade.logIn(profile, LocaleSerializer.deserialize(locales));
JsonObject json = new JsonObject();
json.addProperty("sessionId", sessionId);
json.addProperty("username", username);
return json.toString();
} catch (JSONException | OAuthSystemException | OAuthProblemException e) {
throw new InvalidLoginException(e);
}
}
Also used :
TokenRequestBuilder(org.apache.oltu.oauth2.client.request.OAuthClientRequest.TokenRequestBuilder)
OAuthResourceResponse(org.apache.oltu.oauth2.client.response.OAuthResourceResponse)
OAuthClient(org.apache.oltu.oauth2.client.OAuthClient)
OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException)
JsonObject(com.google.gson.JsonObject)
JSONException(org.json.JSONException)
OAuthBearerClientRequest(org.apache.oltu.oauth2.client.request.OAuthBearerClientRequest)
OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException)
URLConnectionClient(org.apache.oltu.oauth2.client.URLConnectionClient)
JSONObject(org.json.JSONObject)
InvalidLoginException(com.runwaysdk.session.InvalidLoginException)
OAuthJSONAccessTokenResponse(org.apache.oltu.oauth2.client.response.OAuthJSONAccessTokenResponse)
SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF)
OAuthClientRequest(org.apache.oltu.oauth2.client.request.OAuthClientRequest)
OauthServer(net.geoprism.account.OauthServer)
Authenticate(com.runwaysdk.business.rbac.Authenticate)
Example 3 with SingleActorDAOIF
use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.
the class GeoObjectRelationshipPermissionService method hasDirectPermission.
protected boolean hasDirectPermission(String orgCode, ServerGeoObjectType parentType, ServerGeoObjectType childType, Operation op, boolean isChangeRequest) {
if (// null actor is assumed to be SYSTEM
!this.hasSessionUser()) {
return true;
}
if (orgCode != null) {
SingleActorDAOIF actor = this.getSessionUser();
Set<RoleDAOIF> roles = actor.authorizedRoles();
for (RoleDAOIF role : roles) {
String roleName = role.getRoleName();
if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
if (op.equals(Operation.READ_CHILD) && (childType != null && !childType.getIsPrivate())) {
return true;
}
if (roleOrgCode.equals(orgCode)) {
if (RegistryRole.Type.isRA_Role(roleName)) {
return true;
} else if (RegistryRole.Type.isRM_Role(roleName) || RegistryRole.Type.isRC_Role(roleName) || RegistryRole.Type.isAC_Role(roleName)) {
String roleGotCode = RegistryRole.Type.parseGotCode(roleName);
if (childType == null || childType.getCode().equals(roleGotCode)) {
if (RegistryRole.Type.isRM_Role(roleName)) {
return true;
} else if (RegistryRole.Type.isRC_Role(roleName)) {
if (isChangeRequest || op.equals(Operation.READ_CHILD)) {
return true;
}
} else if (RegistryRole.Type.isAC_Role(roleName)) {
if (op.equals(Operation.READ_CHILD)) {
return true;
}
}
}
}
}
} else if (RegistryRole.Type.isSRA_Role(roleName)) {
return true;
}
}
}
return false;
}
Also used :
SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF)
RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)
Example 4 with SingleActorDAOIF
use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.
the class GeoObjectTypePermissionService method hasDirectPermission.
private boolean hasDirectPermission(String orgCode, ServerGeoObjectType got, boolean isPrivate, CGRPermissionActionIF action) {
if (orgCode != null) {
SingleActorDAOIF actor = this.getSessionUser();
Set<RoleDAOIF> roles = actor.authorizedRoles();
for (RoleDAOIF role : roles) {
String roleName = role.getRoleName();
if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
if (action.equals(CGRPermissionAction.READ) && !isPrivate) {
return true;
}
if (roleOrgCode.equals(orgCode)) {
if (action.equals(CGRPermissionAction.READ) && isPrivate) {
return true;
}
if (RegistryRole.Type.isRA_Role(roleName)) {
return true;
} else if (RegistryRole.Type.isRM_Role(roleName) || RegistryRole.Type.isRC_Role(roleName) || RegistryRole.Type.isAC_Role(roleName)) {
String roleGotCode = RegistryRole.Type.parseGotCode(roleName);
if (got != null && got.getCode().equals(roleGotCode)) {
if (RegistryRole.Type.isRM_Role(roleName)) {
if (action.equals(CGRPermissionAction.READ)) {
return true;
}
} else if (RegistryRole.Type.isRC_Role(roleName)) {
if (// ||
action.equals(CGRPermissionAction.READ)) // isChangeRequest
{
return true;
}
} else if (RegistryRole.Type.isAC_Role(roleName)) {
if (action.equals(CGRPermissionAction.READ)) {
return true;
}
}
}
}
}
} else if (RegistryRole.Type.isSRA_Role(roleName)) {
return true;
}
}
}
return false;
}
Also used :
SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF)
RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)
Example 5 with SingleActorDAOIF
use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.
the class RolePermissionService method getRMGeoObjectTypes.
/**
* If the session user is a role, this method will return the user's
* GeoObjectType. Otherwise this method will return null.
*/
public List<String> getRMGeoObjectTypes() {
List<String> types = new ArrayList<String>();
SingleActorDAOIF actor = this.getSessionUser();
Set<RoleDAOIF> roles = actor.authorizedRoles();
for (RoleDAOIF role : roles) {
String roleName = role.getRoleName();
if (RegistryRole.Type.isOrgRole(roleName) && RegistryRole.Type.isRM_Role(roleName)) {
String gotCode = RegistryRole.Type.parseGotCode(roleName);
types.add(gotCode);
}
}
return types;
}
Also used :
ArrayList(java.util.ArrayList)
SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF)
RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)
Aggregations
SingleActorDAOIF (com.runwaysdk.business.rbac.SingleActorDAOIF)18
RoleDAOIF (com.runwaysdk.business.rbac.RoleDAOIF)16
ArrayList (java.util.ArrayList)5
ServerGeoObjectType (net.geoprism.registry.model.ServerGeoObjectType)4
Organization (net.geoprism.registry.Organization)3
JsonObject (com.google.gson.JsonObject)2
Condition (com.runwaysdk.query.Condition)2
HashSet (java.util.HashSet)2
GeoprismUser (net.geoprism.GeoprismUser)2
RolePermissionService (net.geoprism.registry.permission.RolePermissionService)2
JSONObject (org.json.JSONObject)2
BusinessFacade (com.runwaysdk.business.BusinessFacade)1
Authenticate (com.runwaysdk.business.rbac.Authenticate)1
RoleDAO (com.runwaysdk.business.rbac.RoleDAO)1
UserDAO (com.runwaysdk.business.rbac.UserDAO)1
UserDAOIF (com.runwaysdk.business.rbac.UserDAOIF)1
AttributeBooleanIF (com.runwaysdk.dataaccess.AttributeBooleanIF)1
ProgrammingErrorException (com.runwaysdk.dataaccess.ProgrammingErrorException)1
ValueObject (com.runwaysdk.dataaccess.ValueObject)1
AttributeValueException (com.runwaysdk.dataaccess.attributes.AttributeValueException)1
