Search in sources :

Example 6 with Permission

use of fi.otavanopisto.muikku.model.security.Permission in project muikku by otavanopisto.

the class UserRolePermissionObserver method onWorkspaceRoleDiscoveredEvent.

public void onWorkspaceRoleDiscoveredEvent(@Observes(during = TransactionPhase.BEFORE_COMPLETION) SchoolDataWorkspaceRoleDiscoveredEvent event) {
    for (MuikkuPermissionCollection collection : permissionCollections) {
        List<String> permissions = collection.listPermissions();
        for (String permissionName : permissions) {
            Permission permission = permissionDAO.findByName(permissionName);
            if (permission != null) {
                try {
                    String permissionScope = collection.getPermissionScope(permissionName);
                    RoleEntity role = workspaceRoleEntityDAO.findById(event.getDiscoveredWorkspaceRoleEntityId());
                    WorkspaceRoleArchetype[] archetypes = collection.getDefaultWorkspaceRoles(permissionName);
                    if (archetypes != null) {
                        for (WorkspaceRoleArchetype archetype : archetypes) {
                            if (archetype.equals(translateArchetype(event.getArchetype()))) {
                                applyPermission(permissionScope, role, permission);
                                break;
                            }
                        }
                    }
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
        }
    }
}
Also used : RoleEntity(fi.otavanopisto.muikku.model.users.RoleEntity) Permission(fi.otavanopisto.muikku.model.security.Permission) RolePermission(fi.otavanopisto.muikku.model.security.RolePermission) WorkspaceRoleArchetype(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleArchetype)

Example 7 with Permission

use of fi.otavanopisto.muikku.model.security.Permission in project muikku by otavanopisto.

the class DefaultPermissionResolver method hasEveryonePermission.

@Override
public boolean hasEveryonePermission(String permission, ContextReference contextReference) {
    RoleEntity everyoneRole = getEveryoneRole();
    Permission permissionEntity = permissionController.findByName(permission);
    return permissionEntity != null && permissionController.hasPermission(everyoneRole, permissionEntity);
}
Also used : RoleEntity(fi.otavanopisto.muikku.model.users.RoleEntity) Permission(fi.otavanopisto.muikku.model.security.Permission)

Example 8 with Permission

use of fi.otavanopisto.muikku.model.security.Permission in project muikku by otavanopisto.

the class DefaultPermissionResolver method hasPermission.

@Override
public boolean hasPermission(String permission, ContextReference contextReference, User user) {
    Permission permissionEntity = permissionController.findByName(permission);
    if (permissionEntity == null) {
        logger.severe(String.format("Reference to missing permission %s", permission));
        return false;
    }
    UserEntity userEntity = getUserEntity(user);
    if (userEntity == null) {
        return hasEveryonePermission(permission, contextReference);
    }
    // Workspace access
    if (permissionEntity.getScope().equals(PermissionScope.WORKSPACE) && contextReference != null) {
        WorkspaceEntity workspaceEntity = resolveWorkspace(contextReference);
        if (workspaceEntity != null) {
            if (hasWorkspaceAccess(workspaceEntity, userEntity, permissionEntity)) {
                return true;
            }
        }
    }
    // Environment access
    return hasEnvironmentAccess(userEntity, permissionEntity);
}
Also used : WorkspaceEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceEntity) Permission(fi.otavanopisto.muikku.model.security.Permission) WorkspaceUserEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceUserEntity) UserEntity(fi.otavanopisto.muikku.model.users.UserEntity)

Example 9 with Permission

use of fi.otavanopisto.muikku.model.security.Permission in project muikku by otavanopisto.

the class WorkspacePermissionsManagementBackingBean method init.

@RequestAction
public String init() {
    String urlName = getWorkspaceUrlName();
    if (StringUtils.isBlank(urlName)) {
        return NavigationRules.NOT_FOUND;
    }
    WorkspaceEntity workspaceEntity = workspaceController.findWorkspaceEntityByUrlName(urlName);
    if (workspaceEntity == null) {
        return NavigationRules.NOT_FOUND;
    }
    if (!sessionController.hasWorkspacePermission(MuikkuPermissions.WORKSPACE_MANAGE_PERMISSIONS, workspaceEntity)) {
        return NavigationRules.NOT_FOUND;
    }
    workspaceEntityId = workspaceEntity.getId();
    workspaceBackingBean.setWorkspaceUrlName(urlName);
    workspaceName = workspaceBackingBean.getWorkspaceName();
    userGroupBeans = new ArrayList<WorkspacePermissionsManagementBackingBean.UserGroupBean>();
    permissions = new ArrayList<Permission>();
    // TODO: atm we only support the sign up permission
    Permission permission = permissionController.findByName(MuikkuPermissions.WORKSPACE_SIGNUP);
    permissions.add(permission);
    List<UserGroupEntity> userGroupEntities;
    String permissionGroupIds = pluginSettingsController.getPluginSetting("workspace", "permission-group-ids");
    if (permissionGroupIds == null) {
        userGroupEntities = userGroupEntityController.listUserGroupEntities();
    } else {
        userGroupEntities = new ArrayList<UserGroupEntity>();
        String[] idArray = permissionGroupIds.split(",");
        for (int i = 0; i < idArray.length; i++) {
            Long groupId = NumberUtils.createLong(idArray[i]);
            if (groupId != null) {
                UserGroupEntity userGroupEntity = userGroupEntityController.findUserGroupEntityById(groupId);
                if (userGroupEntity == null) {
                    logger.warning(String.format("Missing group %d in plugin setting workspace.permission-group-ids", groupId));
                } else {
                    userGroupEntities.add(userGroupEntity);
                }
            } else {
                logger.warning(String.format("Malformatted plugin setting workspace.permission-group-ids %s", permissionGroupIds));
            }
        }
    }
    for (UserGroupEntity userGroupEntity : userGroupEntities) {
        UserGroup userGroup = userGroupController.findUserGroup(userGroupEntity);
        userGroupBeans.add(new UserGroupBean(userGroupEntity.getId(), userGroup.getName()));
    }
    Collections.sort(userGroupBeans, new Comparator<UserGroupBean>() {

        @Override
        public int compare(UserGroupBean o1, UserGroupBean o2) {
            return o1.getName().compareTo(o2.getName());
        }
    });
    return null;
}
Also used : UserGroupEntity(fi.otavanopisto.muikku.model.users.UserGroupEntity) UserGroup(fi.otavanopisto.muikku.schooldata.entity.UserGroup) WorkspaceEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceEntity) Permission(fi.otavanopisto.muikku.model.security.Permission) RequestAction(org.ocpsoft.rewrite.annotation.RequestAction)

Example 10 with Permission

use of fi.otavanopisto.muikku.model.security.Permission in project muikku by otavanopisto.

the class PermissionsPluginController method resetPermissions.

public void resetPermissions(Set<RoleEntity> resetRoleEntities) {
    if (CollectionUtils.isEmpty(resetRoleEntities))
        return;
    // TODO Only handles environment and workspace scopes
    for (MuikkuPermissionCollection collection : permissionCollections) {
        logger.log(Level.INFO, "Processing permission collection " + collection.getClass().getSimpleName());
        List<String> permissions = collection.listPermissions();
        for (String permissionName : permissions) {
            Permission permission = permissionDAO.findByName(permissionName);
            if (permission != null) {
                try {
                    String permissionScope = collection.getPermissionScope(permissionName);
                    if (permissionScope != null) {
                        if (!PermissionScope.PERSONAL.equals(permissionScope)) {
                            // Current roles
                            String[] pseudoRoles = collection.getDefaultPseudoRoles(permissionName);
                            EnvironmentRoleArchetype[] environmentRoles = collection.getDefaultEnvironmentRoles(permissionName);
                            WorkspaceRoleArchetype[] workspaceRoles = collection.getDefaultWorkspaceRoles(permissionName);
                            List<RoleEntity> currentRoles = new ArrayList<RoleEntity>();
                            if (pseudoRoles != null) {
                                for (String pseudoRole : pseudoRoles) {
                                    RoleEntity roleEntity = roleEntityDAO.findByName(pseudoRole);
                                    if (roleEntity != null) {
                                        currentRoles.add(roleEntity);
                                    }
                                }
                            }
                            if (environmentRoles != null) {
                                for (EnvironmentRoleArchetype environmentRole : environmentRoles) {
                                    List<EnvironmentRoleEntity> envRoles = environmentRoleEntityDAO.listByArchetype(environmentRole);
                                    currentRoles.addAll(envRoles);
                                }
                            }
                            if (workspaceRoles != null) {
                                for (WorkspaceRoleArchetype workspaceRole : workspaceRoles) {
                                    List<WorkspaceRoleEntity> wsRoles = workspaceRoleEntityDAO.listByArchetype(workspaceRole);
                                    currentRoles.addAll(wsRoles);
                                }
                            }
                            logger.info(String.format("Permission %s applies to %d roles", permissionName, currentRoles.size()));
                            if (PermissionScope.ENVIRONMENT.equals(permissionScope) || PermissionScope.WORKSPACE.equals(permissionScope)) {
                                List<RolePermission> databasePermissions = rolePermissionDAO.listByPermission(permission);
                                removeNonHandledRoles(currentRoles, databasePermissions, resetRoleEntities);
                                for (RolePermission databasePermission : databasePermissions) {
                                    int index = indexOfRoleEntity(currentRoles, databasePermission);
                                    if (index >= 0) {
                                        currentRoles.remove(index);
                                    } else {
                                        logger.info(String.format("Removing %s from %s", databasePermission.getRole().getName(), permission.getName()));
                                        rolePermissionDAO.delete(databasePermission);
                                    }
                                }
                                for (RoleEntity currentRole : currentRoles) {
                                    logger.info(String.format("Adding environment role %s for %s", currentRole.getName(), permission.getName()));
                                    rolePermissionDAO.create(currentRole, permission);
                                }
                            }
                        }
                    }
                } catch (Exception e) {
                    logger.log(Level.SEVERE, "Permission handling failed for " + permissionName);
                }
            }
        }
    }
}
Also used : EnvironmentRoleEntity(fi.otavanopisto.muikku.model.users.EnvironmentRoleEntity) EnvironmentRoleArchetype(fi.otavanopisto.muikku.model.users.EnvironmentRoleArchetype) MuikkuPermissionCollection(fi.otavanopisto.muikku.security.MuikkuPermissionCollection) ArrayList(java.util.ArrayList) WorkspaceRoleEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleEntity) RoleEntity(fi.otavanopisto.muikku.model.users.RoleEntity) EnvironmentRoleEntity(fi.otavanopisto.muikku.model.users.EnvironmentRoleEntity) WorkspaceRoleEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleEntity) RolePermission(fi.otavanopisto.muikku.model.security.RolePermission) Permission(fi.otavanopisto.muikku.model.security.Permission) WorkspaceRoleArchetype(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleArchetype) RolePermission(fi.otavanopisto.muikku.model.security.RolePermission)

Aggregations

Permission (fi.otavanopisto.muikku.model.security.Permission)16 RoleEntity (fi.otavanopisto.muikku.model.users.RoleEntity)9 WorkspaceEntity (fi.otavanopisto.muikku.model.workspace.WorkspaceEntity)6 RolePermission (fi.otavanopisto.muikku.model.security.RolePermission)4 EnvironmentRoleEntity (fi.otavanopisto.muikku.model.users.EnvironmentRoleEntity)4 UserGroupEntity (fi.otavanopisto.muikku.model.users.UserGroupEntity)4 EnvironmentRoleArchetype (fi.otavanopisto.muikku.model.users.EnvironmentRoleArchetype)3 WorkspaceRoleArchetype (fi.otavanopisto.muikku.model.workspace.WorkspaceRoleArchetype)3 WorkspaceRoleEntity (fi.otavanopisto.muikku.model.workspace.WorkspaceRoleEntity)3 WorkspaceUserEntity (fi.otavanopisto.muikku.model.workspace.WorkspaceUserEntity)3 ArrayList (java.util.ArrayList)3 RequestAction (org.ocpsoft.rewrite.annotation.RequestAction)3 SystemRoleEntity (fi.otavanopisto.muikku.model.users.SystemRoleEntity)2 UserEntity (fi.otavanopisto.muikku.model.users.UserEntity)2 ForumArea (fi.otavanopisto.muikku.plugins.forum.model.ForumArea)2 WorkspaceForumArea (fi.otavanopisto.muikku.plugins.forum.model.WorkspaceForumArea)2 MuikkuPermissionCollection (fi.otavanopisto.muikku.security.MuikkuPermissionCollection)2 EntityManager (javax.persistence.EntityManager)2 CriteriaBuilder (javax.persistence.criteria.CriteriaBuilder)2 WorkspaceGroupPermission (fi.otavanopisto.muikku.model.security.WorkspaceGroupPermission)1