Search in sources :

Example 16 with SingleActorDAOIF

use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.

the class RolePermissionService method isSRA.

public boolean isSRA() {
    if (!this.hasSessionUser()) {
        return true;
    }
    SingleActorDAOIF actor = this.getSessionUser();
    Set<RoleDAOIF> roles = actor.authorizedRoles();
    for (RoleDAOIF role : roles) {
        String roleName = role.getRoleName();
        if (RegistryRole.Type.isSRA_Role(roleName)) {
            return true;
        }
    }
    return false;
}
Also used : SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)

Example 17 with SingleActorDAOIF

use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.

the class GeoObjectTypeRestrictionUtil method hasMandateOnType.

public static List<String> hasMandateOnType(String orgCodeAttr, String gotCodeAttr, boolean allowRC) {
    List<String> criteria = new ArrayList<String>();
    List<String> raOrgs = new ArrayList<String>();
    List<String> goRoles = new ArrayList<String>();
    SingleActorDAOIF actor = Session.getCurrentSession().getUser();
    for (RoleDAOIF role : actor.authorizedRoles()) {
        String roleName = role.getRoleName();
        if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
            if (RegistryRole.Type.isRA_Role(roleName)) {
                String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
                raOrgs.add(roleOrgCode);
            } else if (RegistryRole.Type.isRM_Role(roleName)) {
                goRoles.add(roleName);
            } else if (allowRC && RegistryRole.Type.isRC_Role(roleName)) {
                goRoles.add(roleName);
            }
        }
    }
    for (String orgCode : raOrgs) {
        criteria.add("(" + orgCodeAttr + " = '" + orgCode + "')");
    }
    for (String roleName : goRoles) {
        String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
        String gotCode = RegistryRole.Type.parseGotCode(roleName);
        criteria.add("(" + orgCodeAttr + " = '" + roleOrgCode + "' AND " + gotCodeAttr + " = '" + gotCode + "')");
        // If they have permission to an abstract parent type, then they also have
        // permission to all its children.
        Optional<ServerGeoObjectType> op = ServiceFactory.getMetadataCache().getGeoObjectType(gotCode);
        if (op.isPresent() && op.get().getIsAbstract()) {
            List<ServerGeoObjectType> subTypes = op.get().getSubtypes();
            for (ServerGeoObjectType subType : subTypes) {
                criteria.add("(" + orgCodeAttr + " = '" + subType.getOrganization().getCode() + "' AND " + gotCodeAttr + " = '" + subType.getCode() + "')");
            }
        }
    }
    return criteria;
}
Also used : ServerGeoObjectType(net.geoprism.registry.model.ServerGeoObjectType) ArrayList(java.util.ArrayList) SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)

Example 18 with SingleActorDAOIF

use of com.runwaysdk.business.rbac.SingleActorDAOIF in project geoprism-registry by terraframe.

the class ChangeRequestService method filterQueryBasedOnPermissions.

public void filterQueryBasedOnPermissions(ChangeRequestQuery crq) {
    List<String> raOrgs = new ArrayList<String>();
    List<String> goRoles = new ArrayList<String>();
    Condition cond = null;
    SingleActorDAOIF actor = Session.getCurrentSession().getUser();
    for (RoleDAOIF role : actor.authorizedRoles()) {
        String roleName = role.getRoleName();
        if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
            if (RegistryRole.Type.isRA_Role(roleName)) {
                String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
                raOrgs.add(roleOrgCode);
            } else if (RegistryRole.Type.isRM_Role(roleName) || RegistryRole.Type.isRC_Role(roleName) || RegistryRole.Type.isAC_Role(roleName)) {
                goRoles.add(roleName);
            }
        }
    }
    for (String orgCode : raOrgs) {
        Organization org = Organization.getByCode(orgCode);
        Condition loopCond = crq.getOrganizationCode().EQ(org.getCode());
        if (cond == null) {
            cond = loopCond;
        } else {
            cond = cond.OR(loopCond);
        }
    }
    for (String roleName : goRoles) {
        String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
        Organization org = Organization.getByCode(roleOrgCode);
        String gotCode = RegistryRole.Type.parseGotCode(roleName);
        Condition loopCond = crq.getGeoObjectTypeCode().EQ(gotCode).AND(crq.getOrganizationCode().EQ(org.getCode()));
        if (cond == null) {
            cond = loopCond;
        } else {
            cond = cond.OR(loopCond);
        }
        // If they have permission to an abstract parent type, then they also have
        // permission to all its children.
        Optional<ServerGeoObjectType> op = ServiceFactory.getMetadataCache().getGeoObjectType(gotCode);
        if (op.isPresent() && op.get().getIsAbstract()) {
            List<ServerGeoObjectType> subTypes = op.get().getSubtypes();
            for (ServerGeoObjectType subType : subTypes) {
                Condition superCond = crq.getGeoObjectTypeCode().EQ(subType.getCode()).AND(crq.getOrganizationCode().EQ(subType.getOrganization().getCode()));
                cond = cond.OR(superCond);
            }
        }
    }
    if (cond != null) {
        crq.AND(cond);
    }
}
Also used : Condition(com.runwaysdk.query.Condition) Organization(net.geoprism.registry.Organization) ServerGeoObjectType(net.geoprism.registry.model.ServerGeoObjectType) ArrayList(java.util.ArrayList) SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF) RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)

Aggregations

SingleActorDAOIF (com.runwaysdk.business.rbac.SingleActorDAOIF)18 RoleDAOIF (com.runwaysdk.business.rbac.RoleDAOIF)16 ArrayList (java.util.ArrayList)5 ServerGeoObjectType (net.geoprism.registry.model.ServerGeoObjectType)4 Organization (net.geoprism.registry.Organization)3 JsonObject (com.google.gson.JsonObject)2 Condition (com.runwaysdk.query.Condition)2 HashSet (java.util.HashSet)2 GeoprismUser (net.geoprism.GeoprismUser)2 RolePermissionService (net.geoprism.registry.permission.RolePermissionService)2 JSONObject (org.json.JSONObject)2 BusinessFacade (com.runwaysdk.business.BusinessFacade)1 Authenticate (com.runwaysdk.business.rbac.Authenticate)1 RoleDAO (com.runwaysdk.business.rbac.RoleDAO)1 UserDAO (com.runwaysdk.business.rbac.UserDAO)1 UserDAOIF (com.runwaysdk.business.rbac.UserDAOIF)1 AttributeBooleanIF (com.runwaysdk.dataaccess.AttributeBooleanIF)1 ProgrammingErrorException (com.runwaysdk.dataaccess.ProgrammingErrorException)1 ValueObject (com.runwaysdk.dataaccess.ValueObject)1 AttributeValueException (com.runwaysdk.dataaccess.attributes.AttributeValueException)1