use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.
the class RolePermissionService method isRA.
public boolean isRA(String orgCode) {
if (!this.hasSessionUser()) {
return true;
}
SingleActorDAOIF actor = this.getSessionUser();
Set<RoleDAOIF> roles = actor.authorizedRoles();
for (RoleDAOIF role : roles) {
String roleName = role.getRoleName();
if (RegistryRole.Type.isRA_Role(roleName)) {
String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
if (orgCode != null && orgCode.equals(roleOrgCode)) {
return true;
} else if (orgCode == null) {
return true;
}
} else if (RegistryRole.Type.isSRA_Role(roleName)) {
return true;
}
}
return false;
}
use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.
the class ChangeRequest method apply.
@Override
public void apply() {
// We aren't using 'isNew' here because isNew will be true until the transaction applies
final boolean isApplied = this.isAppliedToDB();
// Cache the Geo-Object label and type label on this object for sorting purposes
this.getGeoObjectLabel().setLocaleMap(this.getGeoObjectDisplayLabel().getLocaleMap());
this.getGeoObjectTypeLabel().setLocaleMap(this.getGeoObjectType().getLabel().getLocaleMap());
super.apply();
// Send an email to RMs telling them about this new CR
try {
if (!isApplied) {
SingleActor createdBy = this.getCreatedBy();
if (createdBy instanceof GeoprismUser) {
// Get all RM's for the GOT and Org
String rmRoleName = this.getGeoObjectType().getMaintainerRoleName();
RoleDAOIF role = RoleDAO.findRole(rmRoleName);
Set<SingleActorDAOIF> actors = role.assignedActors();
List<String> toAddresses = new ArrayList<String>();
for (SingleActorDAOIF actor : actors) {
if (actor.getType().equals(GeoprismUser.CLASS)) {
GeoprismUser geoprismUser = GeoprismUser.get(actor.getOid());
String email = geoprismUser.getEmail();
if (email != null && email.length() > 0 && !email.contains("@noreply")) {
toAddresses.add(email);
}
}
}
if (toAddresses.size() > 0) {
String subject = LocalizationFacade.getFromBundles("change.request.email.submit.subject");
String body = LocalizationFacade.getFromBundles("change.request.email.submit.body");
body = body.replaceAll("\\\\n", "\n");
body = body.replaceAll("\\{user\\}", ((GeoprismUser) createdBy).getUsername());
body = body.replaceAll("\\{geoobject\\}", this.getGeoObjectDisplayLabel().getValue());
String link = GeoregistryProperties.getRemoteServerUrl() + "cgr/manage#/registry/change-requests/" + this.getOid();
body = body.replaceAll("\\{link\\}", link);
// Aspects will weave in here and this will happen at the end of the transaction
new SendEmailCommand(subject, body, toAddresses.toArray(new String[toAddresses.size()])).doIt();
}
}
}
} catch (Throwable t) {
t.printStackTrace();
}
}
use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.
the class ETLService method filterHistoryQueryBasedOnPermissions.
public void filterHistoryQueryBasedOnPermissions(ImportHistoryQuery ihq) {
List<String> raOrgs = new ArrayList<String>();
List<String> rmGeoObjects = new ArrayList<String>();
Condition cond = null;
SingleActorDAOIF actor = Session.getCurrentSession().getUser();
for (RoleDAOIF role : actor.authorizedRoles()) {
String roleName = role.getRoleName();
if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
if (RegistryRole.Type.isRA_Role(roleName)) {
String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
raOrgs.add(roleOrgCode);
} else if (RegistryRole.Type.isRM_Role(roleName)) {
rmGeoObjects.add(roleName);
}
}
}
if (!new RolePermissionService().isSRA() && raOrgs.size() == 0 && rmGeoObjects.size() == 0) {
throw new ProgrammingErrorException("This endpoint must be invoked by an RA or RM");
}
for (String orgCode : raOrgs) {
Organization org = Organization.getByCode(orgCode);
Condition loopCond = ihq.getOrganization().EQ(org);
if (cond == null) {
cond = loopCond;
} else {
cond = cond.OR(loopCond);
}
}
for (String roleName : rmGeoObjects) {
String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
Organization org = Organization.getByCode(roleOrgCode);
String gotCode = RegistryRole.Type.parseGotCode(roleName);
Condition loopCond = ihq.getGeoObjectTypeCode().EQ(gotCode).AND(ihq.getOrganization().EQ(org));
if (cond == null) {
cond = loopCond;
} else {
cond = cond.OR(loopCond);
}
// If they have permission to an abstract parent type, then they also have
// permission to all its children.
Optional<ServerGeoObjectType> op = ServiceFactory.getMetadataCache().getGeoObjectType(gotCode);
if (op.isPresent() && op.get().getIsAbstract()) {
List<ServerGeoObjectType> subTypes = op.get().getSubtypes();
for (ServerGeoObjectType subType : subTypes) {
Condition superCond = ihq.getGeoObjectTypeCode().EQ(subType.getCode()).AND(ihq.getOrganization().EQ(subType.getOrganization()));
cond = cond.OR(superCond);
}
}
}
if (cond != null) {
ihq.AND(cond);
}
}
use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.
the class GeoObjectPermissionService method doesActorHavePermission.
protected boolean doesActorHavePermission(String orgCode, ServerGeoObjectType type, Operation op, boolean isChangeRequest) {
if (this.hasSessionUser()) {
SingleActorDAOIF actor = this.getSessionUser();
boolean permission = this.hasDirectPermission(actor, orgCode, type, op, isChangeRequest);
if (!permission) {
ServerGeoObjectType superType = type.getSuperType();
if (superType != null) {
permission = this.hasDirectPermission(actor, orgCode, superType, op, isChangeRequest);
}
}
return permission;
}
return true;
}
use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.
the class GeoObjectTypeRelationshipPermissionService method directRelationshipPermission.
private boolean directRelationshipPermission(ServerHierarchyType ht, ServerGeoObjectType parentType, ServerGeoObjectType childType, boolean allowRC) {
if (// null actor is assumed to be SYSTEM
!this.hasSessionUser()) {
return true;
}
if (ht.getMdTermRelationship().getKey().equals(AllowedIn.CLASS) || ht.getMdTermRelationship().getKey().equals(LocatedIn.CLASS)) {
// AllowedIn is deprecated and should not be used by the
return true;
// end-user.
}
Organization thisOrg = ht.getOrganization();
if (thisOrg != null) {
SingleActorDAOIF actor = this.getSessionUser();
String thisOrgCode = thisOrg.getCode();
Set<RoleDAOIF> roles = actor.authorizedRoles();
for (RoleDAOIF role : roles) {
String roleName = role.getRoleName();
if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
String orgCode = RegistryRole.Type.parseOrgCode(roleName);
if (RegistryRole.Type.isRA_Role(roleName) && orgCode.equals(thisOrgCode)) {
return true;
} else if (RegistryRole.Type.isRM_Role(roleName) && orgCode.equals(thisOrgCode)) {
String gotCode = RegistryRole.Type.parseGotCode(roleName);
if (// Null parent / child
parentType == null || childType == null || // widget
gotCode.equals(parentType.getCode()) || gotCode.equals(childType.getCode())) {
return true;
}
} else if (allowRC && RegistryRole.Type.isRC_Role(roleName) && orgCode.equals(thisOrgCode)) {
String gotCode = RegistryRole.Type.parseGotCode(roleName);
if (gotCode.equals(parentType.getCode()) || gotCode.equals(childType.getCode())) {
return true;
}
}
} else if (RegistryRole.Type.isSRA_Role(roleName)) {
return true;
}
}
}
return false;
}
Aggregations