Search in sources :

Example 6 with SingleActorDAOIF

use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.

the class RolePermissionService method isRA.

public boolean isRA(String orgCode) {
    if (!this.hasSessionUser()) {
        return true;
    }
    SingleActorDAOIF actor = this.getSessionUser();
    Set<RoleDAOIF> roles = actor.authorizedRoles();
    for (RoleDAOIF role : roles) {
        String roleName = role.getRoleName();
        if (RegistryRole.Type.isRA_Role(roleName)) {
            String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
            if (orgCode != null && orgCode.equals(roleOrgCode)) {
                return true;
            } else if (orgCode == null) {
                return true;
            }
        } else if (RegistryRole.Type.isSRA_Role(roleName)) {
            return true;
        }
    }
    return false;
}
Also used : SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)

Example 7 with SingleActorDAOIF

use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.

the class ChangeRequest method apply.

@Override
public void apply() {
    // We aren't using 'isNew' here because isNew will be true until the transaction applies
    final boolean isApplied = this.isAppliedToDB();
    // Cache the Geo-Object label and type label on this object for sorting purposes
    this.getGeoObjectLabel().setLocaleMap(this.getGeoObjectDisplayLabel().getLocaleMap());
    this.getGeoObjectTypeLabel().setLocaleMap(this.getGeoObjectType().getLabel().getLocaleMap());
    super.apply();
    // Send an email to RMs telling them about this new CR
    try {
        if (!isApplied) {
            SingleActor createdBy = this.getCreatedBy();
            if (createdBy instanceof GeoprismUser) {
                // Get all RM's for the GOT and Org
                String rmRoleName = this.getGeoObjectType().getMaintainerRoleName();
                RoleDAOIF role = RoleDAO.findRole(rmRoleName);
                Set<SingleActorDAOIF> actors = role.assignedActors();
                List<String> toAddresses = new ArrayList<String>();
                for (SingleActorDAOIF actor : actors) {
                    if (actor.getType().equals(GeoprismUser.CLASS)) {
                        GeoprismUser geoprismUser = GeoprismUser.get(actor.getOid());
                        String email = geoprismUser.getEmail();
                        if (email != null && email.length() > 0 && !email.contains("@noreply")) {
                            toAddresses.add(email);
                        }
                    }
                }
                if (toAddresses.size() > 0) {
                    String subject = LocalizationFacade.getFromBundles("change.request.email.submit.subject");
                    String body = LocalizationFacade.getFromBundles("change.request.email.submit.body");
                    body = body.replaceAll("\\\\n", "\n");
                    body = body.replaceAll("\\{user\\}", ((GeoprismUser) createdBy).getUsername());
                    body = body.replaceAll("\\{geoobject\\}", this.getGeoObjectDisplayLabel().getValue());
                    String link = GeoregistryProperties.getRemoteServerUrl() + "cgr/manage#/registry/change-requests/" + this.getOid();
                    body = body.replaceAll("\\{link\\}", link);
                    // Aspects will weave in here and this will happen at the end of the transaction
                    new SendEmailCommand(subject, body, toAddresses.toArray(new String[toAddresses.size()])).doIt();
                }
            }
        }
    } catch (Throwable t) {
        t.printStackTrace();
    }
}
Also used : ArrayList(java.util.ArrayList) GeoprismUser(net.geoprism.GeoprismUser) SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF) SendEmailCommand(net.geoprism.registry.command.SendEmailCommand) SingleActor(com.runwaysdk.system.SingleActor)

Example 8 with SingleActorDAOIF

use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.

the class ETLService method filterHistoryQueryBasedOnPermissions.

public void filterHistoryQueryBasedOnPermissions(ImportHistoryQuery ihq) {
    List<String> raOrgs = new ArrayList<String>();
    List<String> rmGeoObjects = new ArrayList<String>();
    Condition cond = null;
    SingleActorDAOIF actor = Session.getCurrentSession().getUser();
    for (RoleDAOIF role : actor.authorizedRoles()) {
        String roleName = role.getRoleName();
        if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
            if (RegistryRole.Type.isRA_Role(roleName)) {
                String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
                raOrgs.add(roleOrgCode);
            } else if (RegistryRole.Type.isRM_Role(roleName)) {
                rmGeoObjects.add(roleName);
            }
        }
    }
    if (!new RolePermissionService().isSRA() && raOrgs.size() == 0 && rmGeoObjects.size() == 0) {
        throw new ProgrammingErrorException("This endpoint must be invoked by an RA or RM");
    }
    for (String orgCode : raOrgs) {
        Organization org = Organization.getByCode(orgCode);
        Condition loopCond = ihq.getOrganization().EQ(org);
        if (cond == null) {
            cond = loopCond;
        } else {
            cond = cond.OR(loopCond);
        }
    }
    for (String roleName : rmGeoObjects) {
        String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
        Organization org = Organization.getByCode(roleOrgCode);
        String gotCode = RegistryRole.Type.parseGotCode(roleName);
        Condition loopCond = ihq.getGeoObjectTypeCode().EQ(gotCode).AND(ihq.getOrganization().EQ(org));
        if (cond == null) {
            cond = loopCond;
        } else {
            cond = cond.OR(loopCond);
        }
        // If they have permission to an abstract parent type, then they also have
        // permission to all its children.
        Optional<ServerGeoObjectType> op = ServiceFactory.getMetadataCache().getGeoObjectType(gotCode);
        if (op.isPresent() && op.get().getIsAbstract()) {
            List<ServerGeoObjectType> subTypes = op.get().getSubtypes();
            for (ServerGeoObjectType subType : subTypes) {
                Condition superCond = ihq.getGeoObjectTypeCode().EQ(subType.getCode()).AND(ihq.getOrganization().EQ(subType.getOrganization()));
                cond = cond.OR(superCond);
            }
        }
    }
    if (cond != null) {
        ihq.AND(cond);
    }
}
Also used : Condition(com.runwaysdk.query.Condition) RolePermissionService(net.geoprism.registry.permission.RolePermissionService) Organization(net.geoprism.registry.Organization) ServerGeoObjectType(net.geoprism.registry.model.ServerGeoObjectType) ArrayList(java.util.ArrayList) SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF) ProgrammingErrorException(com.runwaysdk.dataaccess.ProgrammingErrorException)

Example 9 with SingleActorDAOIF

use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.

the class GeoObjectPermissionService method doesActorHavePermission.

protected boolean doesActorHavePermission(String orgCode, ServerGeoObjectType type, Operation op, boolean isChangeRequest) {
    if (this.hasSessionUser()) {
        SingleActorDAOIF actor = this.getSessionUser();
        boolean permission = this.hasDirectPermission(actor, orgCode, type, op, isChangeRequest);
        if (!permission) {
            ServerGeoObjectType superType = type.getSuperType();
            if (superType != null) {
                permission = this.hasDirectPermission(actor, orgCode, superType, op, isChangeRequest);
            }
        }
        return permission;
    }
    return true;
}
Also used : ServerGeoObjectType(net.geoprism.registry.model.ServerGeoObjectType) SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF)

Example 10 with SingleActorDAOIF

use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.

the class GeoObjectTypeRelationshipPermissionService method directRelationshipPermission.

private boolean directRelationshipPermission(ServerHierarchyType ht, ServerGeoObjectType parentType, ServerGeoObjectType childType, boolean allowRC) {
    if (// null actor is assumed to be SYSTEM
    !this.hasSessionUser()) {
        return true;
    }
    if (ht.getMdTermRelationship().getKey().equals(AllowedIn.CLASS) || ht.getMdTermRelationship().getKey().equals(LocatedIn.CLASS)) {
        // AllowedIn is deprecated and should not be used by the
        return true;
    // end-user.
    }
    Organization thisOrg = ht.getOrganization();
    if (thisOrg != null) {
        SingleActorDAOIF actor = this.getSessionUser();
        String thisOrgCode = thisOrg.getCode();
        Set<RoleDAOIF> roles = actor.authorizedRoles();
        for (RoleDAOIF role : roles) {
            String roleName = role.getRoleName();
            if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
                String orgCode = RegistryRole.Type.parseOrgCode(roleName);
                if (RegistryRole.Type.isRA_Role(roleName) && orgCode.equals(thisOrgCode)) {
                    return true;
                } else if (RegistryRole.Type.isRM_Role(roleName) && orgCode.equals(thisOrgCode)) {
                    String gotCode = RegistryRole.Type.parseGotCode(roleName);
                    if (// Null parent / child
                    parentType == null || childType == null || // widget
                    gotCode.equals(parentType.getCode()) || gotCode.equals(childType.getCode())) {
                        return true;
                    }
                } else if (allowRC && RegistryRole.Type.isRC_Role(roleName) && orgCode.equals(thisOrgCode)) {
                    String gotCode = RegistryRole.Type.parseGotCode(roleName);
                    if (gotCode.equals(parentType.getCode()) || gotCode.equals(childType.getCode())) {
                        return true;
                    }
                }
            } else if (RegistryRole.Type.isSRA_Role(roleName)) {
                return true;
            }
        }
    }
    return false;
}
Also used : Organization(net.geoprism.registry.Organization) SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)

Aggregations

SingleActorDAOIF (com.runwaysdk.business.rbac.SingleActorDAOIF)18 RoleDAOIF (com.runwaysdk.business.rbac.RoleDAOIF)16 ArrayList (java.util.ArrayList)5 ServerGeoObjectType (net.geoprism.registry.model.ServerGeoObjectType)4 Organization (net.geoprism.registry.Organization)3 JsonObject (com.google.gson.JsonObject)2 Condition (com.runwaysdk.query.Condition)2 HashSet (java.util.HashSet)2 GeoprismUser (net.geoprism.GeoprismUser)2 RolePermissionService (net.geoprism.registry.permission.RolePermissionService)2 JSONObject (org.json.JSONObject)2 BusinessFacade (com.runwaysdk.business.BusinessFacade)1 Authenticate (com.runwaysdk.business.rbac.Authenticate)1 RoleDAO (com.runwaysdk.business.rbac.RoleDAO)1 UserDAO (com.runwaysdk.business.rbac.UserDAO)1 UserDAOIF (com.runwaysdk.business.rbac.UserDAOIF)1 AttributeBooleanIF (com.runwaysdk.dataaccess.AttributeBooleanIF)1 ProgrammingErrorException (com.runwaysdk.dataaccess.ProgrammingErrorException)1 ValueObject (com.runwaysdk.dataaccess.ValueObject)1 AttributeValueException (com.runwaysdk.dataaccess.attributes.AttributeValueException)1