Example 1 with Permission
use of fi.otavanopisto.muikku.model.security.Permission in project muikku by otavanopisto.
the class PermissionDAO method create.
public Permission create(String name, String scope) {
Permission permission = new Permission();
permission.setName(name);
permission.setScope(scope);
getEntityManager().persist(permission);
return permission;
}
Also used :
Permission(fi.otavanopisto.muikku.model.security.Permission)
Example 2 with Permission
use of fi.otavanopisto.muikku.model.security.Permission in project muikku by otavanopisto.
the class ForumPermissionResolver method hasPermission.
@Override
public boolean hasPermission(String permission, ContextReference contextReference, User user) {
ForumArea forumArea = getForumArea(contextReference);
Permission perm = permissionDAO.findByName(permission);
UserEntity userEntity = getUserEntity(user);
if (forumArea == null) {
return false;
}
RoleEntity userRole;
// TODO: typecasts
if (forumArea instanceof WorkspaceForumArea) {
WorkspaceForumArea workspaceForum = (WorkspaceForumArea) forumArea;
WorkspaceEntity workspaceEntity = workspaceController.findWorkspaceEntityById(workspaceForum.getWorkspace());
WorkspaceUserEntity workspaceUserEntity = workspaceUserEntityController.findActiveWorkspaceUserByWorkspaceEntityAndUserEntity(workspaceEntity, userEntity);
if (workspaceUserEntity != null) {
userRole = workspaceUserEntity.getWorkspaceUserRole();
if (resourceUserRolePermissionDAO.hasResourcePermissionAccess(resourceRightsController.findResourceRightsById(forumArea.getRights()), userRole, perm) || hasEveryonePermission(permission, forumArea) || userEntity.getId().equals(forumArea.getOwner()))
return true;
}
}
EnvironmentUser environmentUser = environmentUserDAO.findByUserAndArchived(userEntity, Boolean.FALSE);
userRole = environmentUser.getRole();
boolean isOwner = userEntity != null ? userEntity.getId().equals(forumArea.getOwner()) : false;
return resourceUserRolePermissionDAO.hasResourcePermissionAccess(resourceRightsController.findResourceRightsById(forumArea.getRights()), userRole, perm) || hasEveryonePermission(permission, forumArea) || isOwner;
}
Also used :
RoleEntity(fi.otavanopisto.muikku.model.users.RoleEntity)
WorkspaceForumArea(fi.otavanopisto.muikku.plugins.forum.model.WorkspaceForumArea)
EnvironmentUser(fi.otavanopisto.muikku.model.users.EnvironmentUser)
WorkspaceUserEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceUserEntity)
WorkspaceEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceEntity)
Permission(fi.otavanopisto.muikku.model.security.Permission)
WorkspaceForumArea(fi.otavanopisto.muikku.plugins.forum.model.WorkspaceForumArea)
ForumArea(fi.otavanopisto.muikku.plugins.forum.model.ForumArea)
WorkspaceUserEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceUserEntity)
UserEntity(fi.otavanopisto.muikku.model.users.UserEntity)
Example 3 with Permission
use of fi.otavanopisto.muikku.model.security.Permission in project muikku by otavanopisto.
the class VopsLister method processCourse.
private VopsRESTModel.VopsEntry processCourse(Subject subject, int courseNumber) {
VopsRESTModel.VopsEntry transferCreditEntry = processTransferCredits(subject, courseNumber);
if (transferCreditEntry != null) {
return transferCreditEntry;
}
List<VopsWorkspace> workspaces = vopsController.listWorkspaceIdentifiersBySubjectIdentifierAndCourseNumber(subject.getSchoolDataSource(), subject.getIdentifier(), courseNumber);
List<WorkspaceAssessment> workspaceAssessments = new ArrayList<>();
if (curriculumIdentifier != null) {
workspaces.removeIf((VopsWorkspace workspace) -> !workspace.getCurriculumIdentifiers().contains(curriculumIdentifier));
}
if (!workspaces.isEmpty()) {
SchoolDataIdentifier educationSubtypeIdentifier = null;
boolean workspaceUserExists = false;
String name = "";
String description = "";
boolean canSignUp = false;
for (VopsWorkspace workspace : workspaces) {
WorkspaceEntity workspaceEntity = workspaceController.findWorkspaceEntityById(workspace.getWorkspaceIdentifier());
WorkspaceUserEntity workspaceUser = workspaceUserEntityController.findWorkspaceUserByWorkspaceEntityAndUserIdentifier(workspaceEntity, studentIdentifier);
WorkspaceAssessment workspaceAssesment = studentAssessments.get(workspace.getWorkspaceIdentifier());
List<UserGroupEntity> userGroupEntities = userGroupEntityController.listUserGroupsByUserIdentifier(studentIdentifier);
Permission permission = permissionController.findByName(MuikkuPermissions.WORKSPACE_SIGNUP);
for (UserGroupEntity userGroupEntity : userGroupEntities) {
if (permissionController.hasWorkspaceGroupPermission(workspaceEntity, userGroupEntity, permission)) {
canSignUp = true;
break;
}
}
if (workspaceAssesment != null) {
workspaceAssessments.add(workspaceAssesment);
}
if (workspaceUser != null) {
workspaceUserExists = true;
}
}
for (VopsWorkspace workspace : workspaces) {
name = workspace.getName();
if (name != null) {
break;
}
}
for (VopsWorkspace workspace : workspaces) {
description = workspace.getDescription();
if (description != null) {
break;
}
}
for (VopsWorkspace workspace : workspaces) {
educationSubtypeIdentifier = workspace.getEducationSubtypeIdentifier();
if (educationSubtypeIdentifier != null) {
break;
}
}
Mandatority mandatority = educationTypeMapping.getMandatority(educationSubtypeIdentifier);
CourseCompletionState state = CourseCompletionState.NOT_ENROLLED;
String grade = null;
if (workspaceUserExists) {
state = CourseCompletionState.ENROLLED;
}
for (WorkspaceAssessment workspaceAssessment : workspaceAssessments) {
if (!Boolean.TRUE.equals(workspaceAssessment.getPassing())) {
state = CourseCompletionState.FAILED;
break;
}
}
for (WorkspaceAssessment workspaceAssessment : workspaceAssessments) {
if (Boolean.TRUE.equals(workspaceAssessment.getPassing())) {
state = CourseCompletionState.ASSESSED;
numCourses++;
if (mandatority == Mandatority.MANDATORY) {
numMandatoryCourses++;
}
SchoolDataIdentifier gradingScaleIdentifier = workspaceAssessment.getGradingScaleIdentifier();
if (gradingScaleIdentifier == null) {
break;
}
SchoolDataIdentifier gradeIdentifier = workspaceAssessment.getGradeIdentifier();
if (gradeIdentifier == null) {
break;
}
GradingScaleItem gradingScaleItem = findGradingScaleItemCached(gradingScaleIdentifier, gradeIdentifier);
String gradeName = gradingScaleItem.getName();
if (!StringUtils.isBlank(gradeName)) {
if (gradeName.length() > 2)
grade = gradeName.substring(0, 2);
else
grade = gradeName;
}
break;
}
}
if (state == CourseCompletionState.NOT_ENROLLED && !canSignUp) {
return new VopsRESTModel.VopsPlaceholder();
}
StudiesViewCourseChoice courseChoice = studiesViewCourseChoiceController.find(new SchoolDataIdentifier(subject.getIdentifier(), subject.getSchoolDataSource()).toId(), courseNumber, studentIdentifierString);
if (state == CourseCompletionState.NOT_ENROLLED && courseChoice != null) {
state = CourseCompletionState.PLANNED;
}
return new VopsRESTModel.VopsItem(courseNumber, state, educationSubtypeIdentifier != null ? educationSubtypeIdentifier.toId() : null, mandatority, grade, workspaceUserExists, clean(name), clean(description));
}
return new VopsRESTModel.VopsPlaceholder();
}
Also used :
SchoolDataIdentifier(fi.otavanopisto.muikku.schooldata.SchoolDataIdentifier)
WorkspaceAssessment(fi.otavanopisto.muikku.schooldata.entity.WorkspaceAssessment)
GradingScaleItem(fi.otavanopisto.muikku.schooldata.entity.GradingScaleItem)
ArrayList(java.util.ArrayList)
UserGroupEntity(fi.otavanopisto.muikku.model.users.UserGroupEntity)
StudiesViewCourseChoice(fi.otavanopisto.muikku.plugins.transcriptofrecords.model.StudiesViewCourseChoice)
WorkspaceUserEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceUserEntity)
WorkspaceEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceEntity)
Mandatority(fi.otavanopisto.muikku.plugins.transcriptofrecords.rest.Mandatority)
Permission(fi.otavanopisto.muikku.model.security.Permission)
VopsRESTModel(fi.otavanopisto.muikku.plugins.transcriptofrecords.rest.VopsRESTModel)
CourseCompletionState(fi.otavanopisto.muikku.plugins.transcriptofrecords.rest.CourseCompletionState)
Example 4 with Permission
use of fi.otavanopisto.muikku.model.security.Permission in project muikku by otavanopisto.
the class WorkspacePermissionsRoleManagementBackingBean method init.
@RequestAction
public String init() {
String urlName = getWorkspaceUrlName();
if (StringUtils.isBlank(urlName)) {
return NavigationRules.NOT_FOUND;
}
WorkspaceEntity workspaceEntity = workspaceController.findWorkspaceEntityByUrlName(urlName);
if (workspaceEntity == null) {
return NavigationRules.NOT_FOUND;
}
if (!sessionController.hasWorkspacePermission(MuikkuPermissions.WORKSPACE_MANAGEWORKSPACESETTINGS, workspaceEntity)) {
return NavigationRules.ACCESS_DENIED;
}
workspaceEntityId = workspaceEntity.getId();
workspaceBackingBean.setWorkspaceUrlName(urlName);
workspaceName = workspaceBackingBean.getWorkspaceName();
/**
* View data
*/
permissions = permissionController.listPermissionsByScope(PermissionScope.WORKSPACE);
Collections.sort(permissions, new Comparator<Permission>() {
@Override
public int compare(Permission o1, Permission o2) {
return o1.getName().compareTo(o2.getName());
}
});
roleEntities = new ArrayList<RoleEntity>();
List<SystemRoleEntity> systemRoleEntities = roleController.listSystemRoleEntities();
List<EnvironmentRoleEntity> environmentRoleEnties = roleController.listEnvironmentRoleEntities();
List<WorkspaceRoleEntity> workspaceRoleEntities = roleController.listWorkspaceRoleEntities();
Collections.sort(environmentRoleEnties, new Comparator<EnvironmentRoleEntity>() {
@Override
public int compare(EnvironmentRoleEntity o1, EnvironmentRoleEntity o2) {
return o1.getArchetype().compareTo(o2.getArchetype());
}
});
Collections.sort(workspaceRoleEntities, new Comparator<WorkspaceRoleEntity>() {
@Override
public int compare(WorkspaceRoleEntity o1, WorkspaceRoleEntity o2) {
return o1.getArchetype().compareTo(o2.getArchetype());
}
});
for (SystemRoleEntity systemRoleEntity : systemRoleEntities) {
roleEntities.add(systemRoleEntity);
}
for (EnvironmentRoleEntity environmentRoleEntity : environmentRoleEnties) {
roleEntities.add(environmentRoleEntity);
}
for (WorkspaceRoleEntity workspaceRoleEntity : workspaceRoleEntities) {
roleEntities.add(workspaceRoleEntity);
}
return null;
}
Also used :
EnvironmentRoleEntity(fi.otavanopisto.muikku.model.users.EnvironmentRoleEntity)
SystemRoleEntity(fi.otavanopisto.muikku.model.users.SystemRoleEntity)
WorkspaceRoleEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleEntity)
SystemRoleEntity(fi.otavanopisto.muikku.model.users.SystemRoleEntity)
RoleEntity(fi.otavanopisto.muikku.model.users.RoleEntity)
EnvironmentRoleEntity(fi.otavanopisto.muikku.model.users.EnvironmentRoleEntity)
WorkspaceEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceEntity)
WorkspaceRoleEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleEntity)
Permission(fi.otavanopisto.muikku.model.security.Permission)
RequestAction(org.ocpsoft.rewrite.annotation.RequestAction)
Example 5 with Permission
use of fi.otavanopisto.muikku.model.security.Permission in project muikku by otavanopisto.
the class UserRolePermissionObserver method onEnvironmentRoleDiscoveredEvent.
// TODO: roolit workspacen luonnissa
public void onEnvironmentRoleDiscoveredEvent(@Observes(during = TransactionPhase.BEFORE_COMPLETION) SchoolDataEnvironmentRoleDiscoveredEvent event) {
for (MuikkuPermissionCollection collection : permissionCollections) {
List<String> permissions = collection.listPermissions();
for (String permissionName : permissions) {
Permission permission = permissionDAO.findByName(permissionName);
if (permission != null) {
try {
String permissionScope = collection.getPermissionScope(permissionName);
RoleEntity role = environmentRoleEntityDAO.findById(event.getDiscoveredEnvironmentRoleEntityId());
EnvironmentRoleArchetype[] archetypes = collection.getDefaultEnvironmentRoles(permissionName);
if (archetypes != null) {
for (EnvironmentRoleArchetype archetype : archetypes) {
if (archetype.equals(event.getArchetype())) {
applyPermission(permissionScope, role, permission);
break;
}
}
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
}
}
Also used :
RoleEntity(fi.otavanopisto.muikku.model.users.RoleEntity)
EnvironmentRoleArchetype(fi.otavanopisto.muikku.model.users.EnvironmentRoleArchetype)
Permission(fi.otavanopisto.muikku.model.security.Permission)
RolePermission(fi.otavanopisto.muikku.model.security.RolePermission)
Aggregations
Permission (fi.otavanopisto.muikku.model.security.Permission)16
RoleEntity (fi.otavanopisto.muikku.model.users.RoleEntity)9
WorkspaceEntity (fi.otavanopisto.muikku.model.workspace.WorkspaceEntity)6
RolePermission (fi.otavanopisto.muikku.model.security.RolePermission)4
EnvironmentRoleEntity (fi.otavanopisto.muikku.model.users.EnvironmentRoleEntity)4
UserGroupEntity (fi.otavanopisto.muikku.model.users.UserGroupEntity)4
EnvironmentRoleArchetype (fi.otavanopisto.muikku.model.users.EnvironmentRoleArchetype)3
WorkspaceRoleArchetype (fi.otavanopisto.muikku.model.workspace.WorkspaceRoleArchetype)3
WorkspaceRoleEntity (fi.otavanopisto.muikku.model.workspace.WorkspaceRoleEntity)3
WorkspaceUserEntity (fi.otavanopisto.muikku.model.workspace.WorkspaceUserEntity)3
ArrayList (java.util.ArrayList)3
RequestAction (org.ocpsoft.rewrite.annotation.RequestAction)3
SystemRoleEntity (fi.otavanopisto.muikku.model.users.SystemRoleEntity)2
UserEntity (fi.otavanopisto.muikku.model.users.UserEntity)2
ForumArea (fi.otavanopisto.muikku.plugins.forum.model.ForumArea)2
WorkspaceForumArea (fi.otavanopisto.muikku.plugins.forum.model.WorkspaceForumArea)2
MuikkuPermissionCollection (fi.otavanopisto.muikku.security.MuikkuPermissionCollection)2
EntityManager (javax.persistence.EntityManager)2
CriteriaBuilder (javax.persistence.criteria.CriteriaBuilder)2
WorkspaceGroupPermission (fi.otavanopisto.muikku.model.security.WorkspaceGroupPermission)1
