Search in sources :

Example 11 with Permission

use of fi.otavanopisto.muikku.model.security.Permission in project muikku by otavanopisto.

the class PermissionsPluginController method processPermissions.

public void processPermissions() {
    logger.log(Level.INFO, "Starting permission gathering");
    for (SystemRoleType systemRoleType : SystemRoleType.values()) {
        if (systemRoleEntityDAO.findByRoleType(systemRoleType) == null)
            systemRoleEntityDAO.create(systemRoleType.name(), systemRoleType);
    }
    for (MuikkuPermissionCollection collection : permissionCollections) {
        logger.log(Level.INFO, "Processing permission collection " + collection.getClass().getSimpleName());
        List<String> permissions = collection.listPermissions();
        for (String permissionName : permissions) {
            Permission permission = permissionDAO.findByName(permissionName);
            if (permission == null) {
                logger.log(Level.INFO, "Recording new permission " + permissionName);
                try {
                    final String permissionScope = collection.getPermissionScope(permissionName);
                    if (permissionScope != null) {
                        permission = permissionDAO.create(permissionName, permissionScope);
                        if (!PermissionScope.PERSONAL.equals(permissionScope)) {
                            String[] pseudoRoles = collection.getDefaultPseudoRoles(permissionName);
                            EnvironmentRoleArchetype[] environmentRoles = collection.getDefaultEnvironmentRoles(permissionName);
                            WorkspaceRoleArchetype[] workspaceRoles = collection.getDefaultWorkspaceRoles(permissionName);
                            List<RoleEntity> roles = new ArrayList<RoleEntity>();
                            if (pseudoRoles != null) {
                                for (String pseudoRole : pseudoRoles) {
                                    RoleEntity roleEntity = roleEntityDAO.findByName(pseudoRole);
                                    if (roleEntity != null)
                                        roles.add(roleEntity);
                                }
                            }
                            if (environmentRoles != null) {
                                for (EnvironmentRoleArchetype envRole : environmentRoles) {
                                    List<EnvironmentRoleEntity> envRoles = environmentRoleEntityDAO.listByArchetype(envRole);
                                    roles.addAll(envRoles);
                                }
                            }
                            if (workspaceRoles != null) {
                                for (WorkspaceRoleArchetype arc : workspaceRoles) {
                                    List<WorkspaceRoleEntity> wsRoles = workspaceRoleEntityDAO.listByArchetype(arc);
                                    roles.addAll(wsRoles);
                                }
                            }
                            switch(permissionScope) {
                                case PermissionScope.ENVIRONMENT:
                                case PermissionScope.WORKSPACE:
                                    for (RoleEntity role : roles) {
                                        rolePermissionDAO.create(role, permission);
                                    }
                                    break;
                                case PermissionScope.USERGROUP:
                                    List<UserGroupEntity> userGroups = userGroupDAO.listAll();
                                    for (RoleEntity role : roles) {
                                        // TODO Workspace creation & templates - is this necessary and bulletproof?
                                        for (UserGroupEntity userGroup : userGroups) {
                                            userGroupRolePermissionDAO.create(userGroup, role, permission);
                                        }
                                    }
                                    break;
                                default:
                                    permissionDiscoveredEvent.select(new PermissionScopeBinding() {

                                        private static final long serialVersionUID = 9009824962970938515L;

                                        @Override
                                        public String value() {
                                            return permissionScope;
                                        }
                                    }).fire(new PermissionDiscoveredEvent(permission));
                                    break;
                            }
                        }
                    } else
                        logger.log(Level.WARNING, "PermissionScope null for " + permissionName);
                } catch (Exception e) {
                    logger.log(Level.SEVERE, "Permission handling failed for " + permissionName);
                }
            }
        }
    }
    logger.log(Level.INFO, "Finished permission gathering");
}
Also used : EnvironmentRoleEntity(fi.otavanopisto.muikku.model.users.EnvironmentRoleEntity) EnvironmentRoleArchetype(fi.otavanopisto.muikku.model.users.EnvironmentRoleArchetype) SystemRoleType(fi.otavanopisto.muikku.model.users.SystemRoleType) MuikkuPermissionCollection(fi.otavanopisto.muikku.security.MuikkuPermissionCollection) ArrayList(java.util.ArrayList) UserGroupEntity(fi.otavanopisto.muikku.model.users.UserGroupEntity) WorkspaceRoleEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleEntity) RoleEntity(fi.otavanopisto.muikku.model.users.RoleEntity) EnvironmentRoleEntity(fi.otavanopisto.muikku.model.users.EnvironmentRoleEntity) WorkspaceRoleEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleEntity) RolePermission(fi.otavanopisto.muikku.model.security.RolePermission) Permission(fi.otavanopisto.muikku.model.security.Permission) WorkspaceRoleArchetype(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleArchetype)

Example 12 with Permission

use of fi.otavanopisto.muikku.model.security.Permission in project muikku by otavanopisto.

the class ForumPermissionResolver method hasEveryonePermission.

@Override
public boolean hasEveryonePermission(String permission, ContextReference contextReference) {
    ForumArea forumArea = getForumArea(contextReference);
    RoleEntity userRole = getEveryoneRole();
    Permission perm = permissionDAO.findByName(permission);
    if (forumArea == null)
        return false;
    return resourceUserRolePermissionDAO.hasResourcePermissionAccess(resourceRightsController.findResourceRightsById(forumArea.getRights()), userRole, perm);
}
Also used : RoleEntity(fi.otavanopisto.muikku.model.users.RoleEntity) Permission(fi.otavanopisto.muikku.model.security.Permission) WorkspaceForumArea(fi.otavanopisto.muikku.plugins.forum.model.WorkspaceForumArea) ForumArea(fi.otavanopisto.muikku.plugins.forum.model.ForumArea)

Example 13 with Permission

use of fi.otavanopisto.muikku.model.security.Permission in project muikku by otavanopisto.

the class PermissionRESTService method setWorkspaceUserGroupPermission.

@PUT
@Path("/workspaceUserGroupPermissions")
@RESTPermit(handling = Handling.INLINE, requireLoggedIn = true)
public Response setWorkspaceUserGroupPermission(WorkspaceUserGroupPermission payload) {
    UserGroupEntity userGroupEntity = userGroupEntityController.findUserGroupEntityById(payload.getUserGroupId());
    Permission permission = permissionDAO.findById(payload.getPermissionId());
    WorkspaceEntity workspaceEntity = workspaceController.findWorkspaceEntityById(payload.getWorkspaceId());
    if (!sessionController.hasPermission(MuikkuPermissions.WORKSPACE_MANAGEWORKSPACESETTINGS, workspaceEntity)) {
        return Response.status(Status.FORBIDDEN).build();
    }
    if ((userGroupEntity == null) || (permission == null)) {
        return Response.status(Response.Status.NOT_FOUND).build();
    }
    try {
        if (payload.getPermitted())
            permissionController.addWorkspaceGroupPermission(workspaceEntity, userGroupEntity, permission);
        else {
            WorkspaceGroupPermission workspaceGroupPermission = permissionController.findWorkspaceGroupPermission(workspaceEntity, userGroupEntity, permission);
            if (workspaceGroupPermission != null)
                permissionController.removeWorkspaceGroupPermission(workspaceGroupPermission);
            else
                return Response.status(Response.Status.NOT_FOUND).build();
        }
        return Response.noContent().build();
    } catch (ConstraintViolationException violationException) {
        return getConstraintViolations(violationException);
    }
}
Also used : WorkspaceGroupPermission(fi.otavanopisto.muikku.model.security.WorkspaceGroupPermission) WorkspaceEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceEntity) Permission(fi.otavanopisto.muikku.model.security.Permission) WorkspaceGroupPermission(fi.otavanopisto.muikku.model.security.WorkspaceGroupPermission) WorkspaceUserGroupPermission(fi.otavanopisto.muikku.rest.model.WorkspaceUserGroupPermission) ConstraintViolationException(javax.validation.ConstraintViolationException) UserGroupEntity(fi.otavanopisto.muikku.model.users.UserGroupEntity) Path(javax.ws.rs.Path) RESTPermit(fi.otavanopisto.security.rest.RESTPermit) PUT(javax.ws.rs.PUT)

Example 14 with Permission

use of fi.otavanopisto.muikku.model.security.Permission in project muikku by otavanopisto.

the class PermissionDAO method listByScope.

public List<Permission> listByScope(String scope) {
    EntityManager entityManager = getEntityManager();
    CriteriaBuilder criteriaBuilder = entityManager.getCriteriaBuilder();
    CriteriaQuery<Permission> criteria = criteriaBuilder.createQuery(Permission.class);
    Root<Permission> root = criteria.from(Permission.class);
    criteria.select(root);
    criteria.where(criteriaBuilder.equal(root.get(Permission_.scope), scope));
    return entityManager.createQuery(criteria).getResultList();
}
Also used : CriteriaBuilder(javax.persistence.criteria.CriteriaBuilder) EntityManager(javax.persistence.EntityManager) Permission(fi.otavanopisto.muikku.model.security.Permission)

Example 15 with Permission

use of fi.otavanopisto.muikku.model.security.Permission in project muikku by otavanopisto.

the class PermissionDAO method findByName.

public Permission findByName(String name) {
    EntityManager entityManager = getEntityManager();
    CriteriaBuilder criteriaBuilder = entityManager.getCriteriaBuilder();
    CriteriaQuery<Permission> criteria = criteriaBuilder.createQuery(Permission.class);
    Root<Permission> root = criteria.from(Permission.class);
    criteria.select(root);
    criteria.where(criteriaBuilder.equal(root.get(Permission_.name), name));
    return getSingleResult(entityManager.createQuery(criteria));
}
Also used : CriteriaBuilder(javax.persistence.criteria.CriteriaBuilder) EntityManager(javax.persistence.EntityManager) Permission(fi.otavanopisto.muikku.model.security.Permission)

Aggregations

Permission (fi.otavanopisto.muikku.model.security.Permission)16 RoleEntity (fi.otavanopisto.muikku.model.users.RoleEntity)9 WorkspaceEntity (fi.otavanopisto.muikku.model.workspace.WorkspaceEntity)6 RolePermission (fi.otavanopisto.muikku.model.security.RolePermission)4 EnvironmentRoleEntity (fi.otavanopisto.muikku.model.users.EnvironmentRoleEntity)4 UserGroupEntity (fi.otavanopisto.muikku.model.users.UserGroupEntity)4 EnvironmentRoleArchetype (fi.otavanopisto.muikku.model.users.EnvironmentRoleArchetype)3 WorkspaceRoleArchetype (fi.otavanopisto.muikku.model.workspace.WorkspaceRoleArchetype)3 WorkspaceRoleEntity (fi.otavanopisto.muikku.model.workspace.WorkspaceRoleEntity)3 WorkspaceUserEntity (fi.otavanopisto.muikku.model.workspace.WorkspaceUserEntity)3 ArrayList (java.util.ArrayList)3 RequestAction (org.ocpsoft.rewrite.annotation.RequestAction)3 SystemRoleEntity (fi.otavanopisto.muikku.model.users.SystemRoleEntity)2 UserEntity (fi.otavanopisto.muikku.model.users.UserEntity)2 ForumArea (fi.otavanopisto.muikku.plugins.forum.model.ForumArea)2 WorkspaceForumArea (fi.otavanopisto.muikku.plugins.forum.model.WorkspaceForumArea)2 MuikkuPermissionCollection (fi.otavanopisto.muikku.security.MuikkuPermissionCollection)2 EntityManager (javax.persistence.EntityManager)2 CriteriaBuilder (javax.persistence.criteria.CriteriaBuilder)2 WorkspaceGroupPermission (fi.otavanopisto.muikku.model.security.WorkspaceGroupPermission)1