Example 1 with EnvironmentRoleArchetype
use of fi.otavanopisto.muikku.model.users.EnvironmentRoleArchetype in project muikku by otavanopisto.
the class UserRESTService method searchUsers.
@GET
@Path("/users")
@RESTPermitUnimplemented
public Response searchUsers(@QueryParam("searchString") String searchString, @QueryParam("firstResult") @DefaultValue("0") Integer firstResult, @QueryParam("maxResults") @DefaultValue("10") Integer maxResults, @QueryParam("userGroupIds") List<Long> userGroupIds, @QueryParam("myUserGroups") Boolean myUserGroups, @QueryParam("workspaceIds") List<Long> workspaceIds, @QueryParam("myWorkspaces") Boolean myWorkspaces, @QueryParam("archetype") String archetype, @DefaultValue("false") @QueryParam("onlyDefaultUsers") Boolean onlyDefaultUsers) {
if (!sessionController.isLoggedIn()) {
return Response.status(Status.FORBIDDEN).build();
}
if (CollectionUtils.isNotEmpty(userGroupIds) && Boolean.TRUE.equals(myUserGroups))
return Response.status(Status.BAD_REQUEST).build();
if (CollectionUtils.isNotEmpty(workspaceIds) && Boolean.TRUE.equals(myWorkspaces))
return Response.status(Status.BAD_REQUEST).build();
UserEntity loggedUser = sessionController.getLoggedUserEntity();
EnvironmentRoleArchetype roleArchetype = archetype != null ? EnvironmentRoleArchetype.valueOf(archetype) : null;
Set<Long> userGroupFilters = null;
Set<Long> workspaceFilters = null;
if (!sessionController.hasEnvironmentPermission(RoleFeatures.ACCESS_ONLY_GROUP_STUDENTS)) {
if ((myUserGroups != null) && myUserGroups) {
userGroupFilters = new HashSet<Long>();
// Groups where user is a member
List<UserGroupEntity> userGroups = userGroupEntityController.listUserGroupsByUserIdentifier(sessionController.getLoggedUser());
for (UserGroupEntity userGroup : userGroups) {
userGroupFilters.add(userGroup.getId());
}
} else if (!CollectionUtils.isEmpty(userGroupIds)) {
userGroupFilters = new HashSet<Long>();
// Defined user groups
userGroupFilters.addAll(userGroupIds);
}
} else {
// User can only list users from his/her own user groups
userGroupFilters = new HashSet<Long>();
// Groups where user is a member and the ids of the groups
List<UserGroupEntity> userGroups = userGroupEntityController.listUserGroupsByUserIdentifier(sessionController.getLoggedUser());
Set<Long> accessibleUserGroupEntityIds = userGroups.stream().map(UserGroupEntity::getId).collect(Collectors.toSet());
if (CollectionUtils.isNotEmpty(userGroupIds)) {
// if there are specified user groups, they need to be subset of the groups that the user can access
if (!CollectionUtils.isSubCollection(userGroupIds, accessibleUserGroupEntityIds))
return Response.status(Status.BAD_REQUEST).build();
userGroupFilters.addAll(userGroupIds);
} else {
userGroupFilters.addAll(accessibleUserGroupEntityIds);
}
}
if ((myWorkspaces != null) && myWorkspaces) {
// Workspaces where user is a member
List<WorkspaceEntity> workspaces = workspaceUserEntityController.listWorkspaceEntitiesByUserEntity(loggedUser);
Set<Long> myWorkspaceIds = new HashSet<Long>();
for (WorkspaceEntity ws : workspaces) myWorkspaceIds.add(ws.getId());
workspaceFilters = new HashSet<Long>(myWorkspaceIds);
} else if (!CollectionUtils.isEmpty(workspaceIds)) {
// Defined workspaces
workspaceFilters = new HashSet<Long>(workspaceIds);
}
SearchProvider elasticSearchProvider = getProvider("elastic-search");
if (elasticSearchProvider != null) {
String[] fields = new String[] { "firstName", "lastName", "nickName", "email" };
SearchResult result = elasticSearchProvider.searchUsers(searchString, fields, roleArchetype != null ? Arrays.asList(roleArchetype) : null, userGroupFilters, workspaceFilters, null, false, false, onlyDefaultUsers, firstResult, maxResults);
List<Map<String, Object>> results = result.getResults();
boolean hasImage = false;
List<fi.otavanopisto.muikku.rest.model.User> ret = new ArrayList<fi.otavanopisto.muikku.rest.model.User>();
if (!results.isEmpty()) {
for (Map<String, Object> o : results) {
String[] id = ((String) o.get("id")).split("/", 2);
UserEntity userEntity = userEntityController.findUserEntityByDataSourceAndIdentifier(id[1], id[0]);
if (userEntity != null) {
String emailAddress = userEmailEntityController.getUserDefaultEmailAddress(userEntity, true);
Date studyStartDate = getDateResult(o.get("studyStartDate"));
Date studyTimeEnd = getDateResult(o.get("studyTimeEnd"));
ret.add(new fi.otavanopisto.muikku.rest.model.User(userEntity.getId(), (String) o.get("firstName"), (String) o.get("lastName"), (String) o.get("nickName"), hasImage, (String) o.get("nationality"), (String) o.get("language"), (String) o.get("municipality"), (String) o.get("school"), emailAddress, studyStartDate, studyTimeEnd));
}
}
return Response.ok(ret).build();
} else
return Response.noContent().build();
}
return Response.status(Status.INTERNAL_SERVER_ERROR).build();
}
Also used :
User(fi.otavanopisto.muikku.schooldata.entity.User)
EnvironmentUser(fi.otavanopisto.muikku.model.users.EnvironmentUser)
EnvironmentRoleArchetype(fi.otavanopisto.muikku.model.users.EnvironmentRoleArchetype)
ArrayList(java.util.ArrayList)
HashSet(java.util.HashSet)
UserGroupEntity(fi.otavanopisto.muikku.model.users.UserGroupEntity)
SearchProvider(fi.otavanopisto.muikku.search.SearchProvider)
SearchResult(fi.otavanopisto.muikku.search.SearchResult)
UserEntity(fi.otavanopisto.muikku.model.users.UserEntity)
WorkspaceUserEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceUserEntity)
Date(java.util.Date)
WorkspaceEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceEntity)
Map(java.util.Map)
HashMap(java.util.HashMap)
Path(javax.ws.rs.Path)
RESTPermitUnimplemented(fi.otavanopisto.muikku.rest.RESTPermitUnimplemented)
GET(javax.ws.rs.GET)
Example 2 with EnvironmentRoleArchetype
use of fi.otavanopisto.muikku.model.users.EnvironmentRoleArchetype in project muikku by otavanopisto.
the class UserIndexer method indexUser.
public void indexUser(String dataSource, String identifier) {
schoolDataBridgeSessionController.startSystemSession();
try {
User user = userController.findUserByDataSourceAndIdentifier(dataSource, identifier);
if (user != null) {
EnvironmentRoleArchetype archetype = null;
UserEntity userEntity = userEntityController.findUserEntityByDataSourceAndIdentifier(user.getSchoolDataSource(), user.getIdentifier());
if (userEntity != null) {
EnvironmentUser eu = environmentUserController.findEnvironmentUserByUserEntity(userEntity);
if ((eu != null) && (eu.getRole() != null))
archetype = eu.getRole().getArchetype();
}
if ((archetype != null) && (userEntity != null)) {
SchoolDataIdentifier userIdentifier = new SchoolDataIdentifier(user.getIdentifier(), user.getSchoolDataSource());
boolean isDefaultIdentifier = (userEntity.getDefaultIdentifier() != null && userEntity.getDefaultSchoolDataSource() != null) ? userEntity.getDefaultIdentifier().equals(user.getIdentifier()) && userEntity.getDefaultSchoolDataSource().getIdentifier().equals(user.getSchoolDataSource()) : false;
Map<String, Object> extra = new HashMap<>();
extra.put("archetype", archetype);
extra.put("userEntityId", userEntity.getId());
extra.put("isDefaultIdentifier", isDefaultIdentifier);
Set<Long> workspaceEntityIds = new HashSet<Long>();
Set<Long> userGroupIds = new HashSet<Long>();
// List workspaces in which the student is active (TODO Should we have a separate variable for all workspaces?)
List<WorkspaceEntity> workspaces = workspaceUserEntityController.listActiveWorkspaceEntitiesByUserIdentifier(userIdentifier);
for (WorkspaceEntity workspace : workspaces) {
workspaceEntityIds.add(workspace.getId());
}
extra.put("workspaces", workspaceEntityIds);
List<UserGroupEntity> userGroups = userGroupEntityController.listUserGroupsByUserIdentifier(userIdentifier);
for (UserGroupEntity userGroup : userGroups) {
userGroupIds.add(userGroup.getId());
}
extra.put("groups", userGroupIds);
if (EnvironmentRoleArchetype.TEACHER.equals(archetype) || EnvironmentRoleArchetype.STUDY_GUIDER.equals(archetype) || EnvironmentRoleArchetype.STUDY_PROGRAMME_LEADER.equals(archetype) || EnvironmentRoleArchetype.MANAGER.equals(archetype) || EnvironmentRoleArchetype.ADMINISTRATOR.equals(archetype)) {
String userDefaultEmailAddress = userEmailEntityController.getUserDefaultEmailAddress(userEntity, false);
extra.put("email", userDefaultEmailAddress);
}
indexer.index(User.class.getSimpleName(), user, extra);
} else
indexer.index(User.class.getSimpleName(), user);
} else {
logger.info(String.format("Removing user %s/%s from index", identifier, dataSource));
removeUser(dataSource, identifier);
}
} catch (Exception ex) {
logger.log(Level.SEVERE, "Indexing of user identifier " + identifier + " failed.", ex);
} finally {
schoolDataBridgeSessionController.endSystemSession();
}
}
Also used :
SchoolDataIdentifier(fi.otavanopisto.muikku.schooldata.SchoolDataIdentifier)
UserSchoolDataIdentifier(fi.otavanopisto.muikku.model.users.UserSchoolDataIdentifier)
EnvironmentUser(fi.otavanopisto.muikku.model.users.EnvironmentUser)
User(fi.otavanopisto.muikku.schooldata.entity.User)
EnvironmentUser(fi.otavanopisto.muikku.model.users.EnvironmentUser)
EnvironmentRoleArchetype(fi.otavanopisto.muikku.model.users.EnvironmentRoleArchetype)
HashMap(java.util.HashMap)
UserGroupEntity(fi.otavanopisto.muikku.model.users.UserGroupEntity)
UserEntity(fi.otavanopisto.muikku.model.users.UserEntity)
WorkspaceEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceEntity)
HashSet(java.util.HashSet)
Example 3 with EnvironmentRoleArchetype
use of fi.otavanopisto.muikku.model.users.EnvironmentRoleArchetype in project muikku by otavanopisto.
the class UserRolePermissionObserver method onEnvironmentRoleDiscoveredEvent.
// TODO: roolit workspacen luonnissa
public void onEnvironmentRoleDiscoveredEvent(@Observes(during = TransactionPhase.BEFORE_COMPLETION) SchoolDataEnvironmentRoleDiscoveredEvent event) {
for (MuikkuPermissionCollection collection : permissionCollections) {
List<String> permissions = collection.listPermissions();
for (String permissionName : permissions) {
Permission permission = permissionDAO.findByName(permissionName);
if (permission != null) {
try {
String permissionScope = collection.getPermissionScope(permissionName);
RoleEntity role = environmentRoleEntityDAO.findById(event.getDiscoveredEnvironmentRoleEntityId());
EnvironmentRoleArchetype[] archetypes = collection.getDefaultEnvironmentRoles(permissionName);
if (archetypes != null) {
for (EnvironmentRoleArchetype archetype : archetypes) {
if (archetype.equals(event.getArchetype())) {
applyPermission(permissionScope, role, permission);
break;
}
}
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
}
}
Also used :
RoleEntity(fi.otavanopisto.muikku.model.users.RoleEntity)
EnvironmentRoleArchetype(fi.otavanopisto.muikku.model.users.EnvironmentRoleArchetype)
Permission(fi.otavanopisto.muikku.model.security.Permission)
RolePermission(fi.otavanopisto.muikku.model.security.RolePermission)
Example 4 with EnvironmentRoleArchetype
use of fi.otavanopisto.muikku.model.users.EnvironmentRoleArchetype in project muikku by otavanopisto.
the class DefaultSchoolDataRoleListener method onSchoolDataEnvironmentRoleDiscoveredEvent.
public void onSchoolDataEnvironmentRoleDiscoveredEvent(@Observes SchoolDataEnvironmentRoleDiscoveredEvent event) {
String discoverId = "ER-" + event.getDataSource() + "/" + event.getIdentifier();
if (discoveredEnvironmentRoles.containsKey(discoverId)) {
event.setDiscoveredEnvironmentRoleEntityId(discoveredEnvironmentRoles.get(discoverId));
return;
}
EnvironmentRoleEntity environmentRoleEntity = environmentRoleEntityController.findEnvironmentRoleEntity(event.getDataSource(), event.getIdentifier());
if (environmentRoleEntity == null) {
EnvironmentRoleArchetype roleArchetype = EnvironmentRoleArchetype.valueOf(event.getArchetype().name());
environmentRoleEntity = environmentRoleEntityController.createEnvironmentRoleEntity(event.getDataSource(), event.getIdentifier(), roleArchetype, event.getName());
discoveredEnvironmentRoles.put(discoverId, environmentRoleEntity.getId());
event.setDiscoveredEnvironmentRoleEntityId(environmentRoleEntity.getId());
} else {
logger.warning("EnvironmentRoleEntity for " + event.getIdentifier() + "/" + event.getDataSource() + " already exists");
}
}
Also used :
EnvironmentRoleEntity(fi.otavanopisto.muikku.model.users.EnvironmentRoleEntity)
EnvironmentRoleArchetype(fi.otavanopisto.muikku.model.users.EnvironmentRoleArchetype)
Example 5 with EnvironmentRoleArchetype
use of fi.otavanopisto.muikku.model.users.EnvironmentRoleArchetype in project muikku by otavanopisto.
the class PermissionsPluginController method resetPermissions.
public void resetPermissions(Set<RoleEntity> resetRoleEntities) {
if (CollectionUtils.isEmpty(resetRoleEntities))
return;
// TODO Only handles environment and workspace scopes
for (MuikkuPermissionCollection collection : permissionCollections) {
logger.log(Level.INFO, "Processing permission collection " + collection.getClass().getSimpleName());
List<String> permissions = collection.listPermissions();
for (String permissionName : permissions) {
Permission permission = permissionDAO.findByName(permissionName);
if (permission != null) {
try {
String permissionScope = collection.getPermissionScope(permissionName);
if (permissionScope != null) {
if (!PermissionScope.PERSONAL.equals(permissionScope)) {
// Current roles
String[] pseudoRoles = collection.getDefaultPseudoRoles(permissionName);
EnvironmentRoleArchetype[] environmentRoles = collection.getDefaultEnvironmentRoles(permissionName);
WorkspaceRoleArchetype[] workspaceRoles = collection.getDefaultWorkspaceRoles(permissionName);
List<RoleEntity> currentRoles = new ArrayList<RoleEntity>();
if (pseudoRoles != null) {
for (String pseudoRole : pseudoRoles) {
RoleEntity roleEntity = roleEntityDAO.findByName(pseudoRole);
if (roleEntity != null) {
currentRoles.add(roleEntity);
}
}
}
if (environmentRoles != null) {
for (EnvironmentRoleArchetype environmentRole : environmentRoles) {
List<EnvironmentRoleEntity> envRoles = environmentRoleEntityDAO.listByArchetype(environmentRole);
currentRoles.addAll(envRoles);
}
}
if (workspaceRoles != null) {
for (WorkspaceRoleArchetype workspaceRole : workspaceRoles) {
List<WorkspaceRoleEntity> wsRoles = workspaceRoleEntityDAO.listByArchetype(workspaceRole);
currentRoles.addAll(wsRoles);
}
}
logger.info(String.format("Permission %s applies to %d roles", permissionName, currentRoles.size()));
if (PermissionScope.ENVIRONMENT.equals(permissionScope) || PermissionScope.WORKSPACE.equals(permissionScope)) {
List<RolePermission> databasePermissions = rolePermissionDAO.listByPermission(permission);
removeNonHandledRoles(currentRoles, databasePermissions, resetRoleEntities);
for (RolePermission databasePermission : databasePermissions) {
int index = indexOfRoleEntity(currentRoles, databasePermission);
if (index >= 0) {
currentRoles.remove(index);
} else {
logger.info(String.format("Removing %s from %s", databasePermission.getRole().getName(), permission.getName()));
rolePermissionDAO.delete(databasePermission);
}
}
for (RoleEntity currentRole : currentRoles) {
logger.info(String.format("Adding environment role %s for %s", currentRole.getName(), permission.getName()));
rolePermissionDAO.create(currentRole, permission);
}
}
}
}
} catch (Exception e) {
logger.log(Level.SEVERE, "Permission handling failed for " + permissionName);
}
}
}
}
}
Also used :
EnvironmentRoleEntity(fi.otavanopisto.muikku.model.users.EnvironmentRoleEntity)
EnvironmentRoleArchetype(fi.otavanopisto.muikku.model.users.EnvironmentRoleArchetype)
MuikkuPermissionCollection(fi.otavanopisto.muikku.security.MuikkuPermissionCollection)
ArrayList(java.util.ArrayList)
WorkspaceRoleEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleEntity)
RoleEntity(fi.otavanopisto.muikku.model.users.RoleEntity)
EnvironmentRoleEntity(fi.otavanopisto.muikku.model.users.EnvironmentRoleEntity)
WorkspaceRoleEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleEntity)
RolePermission(fi.otavanopisto.muikku.model.security.RolePermission)
Permission(fi.otavanopisto.muikku.model.security.Permission)
WorkspaceRoleArchetype(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleArchetype)
RolePermission(fi.otavanopisto.muikku.model.security.RolePermission)
Aggregations
EnvironmentRoleArchetype (fi.otavanopisto.muikku.model.users.EnvironmentRoleArchetype)8
ArrayList (java.util.ArrayList)5
HashMap (java.util.HashMap)4
Permission (fi.otavanopisto.muikku.model.security.Permission)3
RolePermission (fi.otavanopisto.muikku.model.security.RolePermission)3
EnvironmentRoleEntity (fi.otavanopisto.muikku.model.users.EnvironmentRoleEntity)3
RoleEntity (fi.otavanopisto.muikku.model.users.RoleEntity)3
UserEntity (fi.otavanopisto.muikku.model.users.UserEntity)3
UserGroupEntity (fi.otavanopisto.muikku.model.users.UserGroupEntity)3
WorkspaceEntity (fi.otavanopisto.muikku.model.workspace.WorkspaceEntity)3
SchoolDataIdentifier (fi.otavanopisto.muikku.schooldata.SchoolDataIdentifier)3
SearchResult (fi.otavanopisto.muikku.search.SearchResult)3
Map (java.util.Map)3
EnvironmentUser (fi.otavanopisto.muikku.model.users.EnvironmentUser)2
UserSchoolDataIdentifier (fi.otavanopisto.muikku.model.users.UserSchoolDataIdentifier)2
WorkspaceRoleArchetype (fi.otavanopisto.muikku.model.workspace.WorkspaceRoleArchetype)2
WorkspaceRoleEntity (fi.otavanopisto.muikku.model.workspace.WorkspaceRoleEntity)2
WorkspaceUserEntity (fi.otavanopisto.muikku.model.workspace.WorkspaceUserEntity)2
User (fi.otavanopisto.muikku.schooldata.entity.User)2
SearchProvider (fi.otavanopisto.muikku.search.SearchProvider)2
