Examples with Group edu.harvard.iq.dataverse.authorization.groups.Group used on opensource projects

Search in sources :

Example 6 with Group

use of edu.harvard.iq.dataverse.authorization.groups.Group in project dataverse by IQSS.

the class PermissionServiceBean method permissionsFor.

/**
 * Returns the set of permission a user/group has over a dataverse object.
 * This method takes into consideration group memberships as well, but does
 * not look into request-level groups.
 * @param ra The role assignee.
 * @param dvo The {@link DvObject} on which the user wants to operate
 * @return the set of permissions {@code ra} has over {@code dvo}.
 */
public Set<Permission> permissionsFor(RoleAssignee ra, DvObject dvo) {
    Set<Permission> permissions = EnumSet.noneOf(Permission.class);
    // Add permissions specifically given to the user
    permissions.addAll(permissionsForSingleRoleAssignee(ra, dvo));
    // Add permissions gained from groups
    Set<Group> groupsRaBelongsTo = groupService.groupsFor(ra, dvo);
    for (Group g : groupsRaBelongsTo) {
        permissions.addAll(permissionsForSingleRoleAssignee(g, dvo));
    }
    if ((ra instanceof User) && (!((User) ra).isAuthenticated())) {
        permissions.removeAll(PERMISSIONS_FOR_AUTHENTICATED_USERS_ONLY);
    }
    return permissions;
}
Also used : Group(edu.harvard.iq.dataverse.authorization.groups.Group) AuthenticatedUser(edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser) User(edu.harvard.iq.dataverse.authorization.users.User) GuestUser(edu.harvard.iq.dataverse.authorization.users.GuestUser) Permission(edu.harvard.iq.dataverse.authorization.Permission)

Example 7 with Group

use of edu.harvard.iq.dataverse.authorization.groups.Group in project dataverse by IQSS.

the class SearchPermissionsServiceBean method getIndexableStringForUserOrGroup.

/**
 * From a Solr perspective we can't just index any string when we go to do
 * the JOIN to enforce security. (Maybe putting quotes around the string at
 * search time would allow this.) For users, we index the primary key from
 * the AuthenticatedUsers table. For groups we index the "alias" which
 * should be globally unique because non-builtin groups have a sort of a
 * name space with "shib/2" and "ip/ipGroup3", for example.
 */
private String getIndexableStringForUserOrGroup(RoleAssignee userOrGroup) {
    if (userOrGroup instanceof AuthenticatedUser) {
        logger.fine(userOrGroup.getIdentifier() + " must be a user: " + userOrGroup.getClass().getName());
        AuthenticatedUser au = (AuthenticatedUser) userOrGroup;
        // Strong prefence to index based on system generated value (e.g. primary key) whenever possible: https://github.com/IQSS/dataverse/issues/1151
        Long primaryKey = au.getId();
        return IndexServiceBean.getGroupPerUserPrefix() + primaryKey;
    } else if (userOrGroup instanceof Group) {
        logger.fine(userOrGroup.getIdentifier() + " must be a group: " + userOrGroup.getClass().getName());
        Group group = (Group) userOrGroup;
        logger.fine("group: " + group.getAlias());
        String groupAlias = group.getAlias();
        if (groupAlias != null) {
            return IndexServiceBean.getGroupPrefix() + groupAlias;
        } else {
            logger.fine("Could not find group alias for " + group.getIdentifier());
            return null;
        }
    } else {
        return null;
    }
}
Also used : Group(edu.harvard.iq.dataverse.authorization.groups.Group) AuthenticatedUser(edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser)

Example 8 with Group

use of edu.harvard.iq.dataverse.authorization.groups.Group in project dataverse by IQSS.

the class DataverseUserPage method getRoleStringFromUser.

private String getRoleStringFromUser(AuthenticatedUser au, DvObject dvObj) {
    // Find user's role(s) for given dataverse/dataset
    Set<RoleAssignment> roles = permissionService.assignmentsFor(au, dvObj);
    List<String> roleNames = new ArrayList<>();
    // Include roles derived from a user's groups
    Set<Group> groupsUserBelongsTo = groupService.groupsFor(au, dvObj);
    for (Group g : groupsUserBelongsTo) {
        roles.addAll(permissionService.assignmentsFor(g, dvObj));
    }
    for (RoleAssignment ra : roles) {
        roleNames.add(ra.getRole().getName());
    }
    if (roleNames.isEmpty()) {
        return "[Unknown]";
    }
    return StringUtils.join(roleNames, "/");
}
Also used : Group(edu.harvard.iq.dataverse.authorization.groups.Group) RoleAssignment(edu.harvard.iq.dataverse.RoleAssignment) ArrayList(java.util.ArrayList)

Aggregations

Group (edu.harvard.iq.dataverse.authorization.groups.Group)8 AuthenticatedUser (edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser)3 ArrayList (java.util.ArrayList)3 Permission (edu.harvard.iq.dataverse.authorization.Permission)2 GuestUser (edu.harvard.iq.dataverse.authorization.users.GuestUser)2 User (edu.harvard.iq.dataverse.authorization.users.User)2 RoleAssignment (edu.harvard.iq.dataverse.RoleAssignment)1 ExplicitGroup (edu.harvard.iq.dataverse.authorization.groups.impl.explicit.ExplicitGroup)1 PrivateUrlUser (edu.harvard.iq.dataverse.authorization.users.PrivateUrlUser)1 LinkedList (java.util.LinkedList)1 Query (javax.persistence.Query)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial