Search in sources :

Example 1 with WorkspaceRoleArchetype

use of fi.otavanopisto.muikku.model.workspace.WorkspaceRoleArchetype in project muikku by otavanopisto.

the class UserRolePermissionObserver method onWorkspaceRoleDiscoveredEvent.

public void onWorkspaceRoleDiscoveredEvent(@Observes(during = TransactionPhase.BEFORE_COMPLETION) SchoolDataWorkspaceRoleDiscoveredEvent event) {
    for (MuikkuPermissionCollection collection : permissionCollections) {
        List<String> permissions = collection.listPermissions();
        for (String permissionName : permissions) {
            Permission permission = permissionDAO.findByName(permissionName);
            if (permission != null) {
                try {
                    String permissionScope = collection.getPermissionScope(permissionName);
                    RoleEntity role = workspaceRoleEntityDAO.findById(event.getDiscoveredWorkspaceRoleEntityId());
                    WorkspaceRoleArchetype[] archetypes = collection.getDefaultWorkspaceRoles(permissionName);
                    if (archetypes != null) {
                        for (WorkspaceRoleArchetype archetype : archetypes) {
                            if (archetype.equals(translateArchetype(event.getArchetype()))) {
                                applyPermission(permissionScope, role, permission);
                                break;
                            }
                        }
                    }
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
        }
    }
}
Also used : RoleEntity(fi.otavanopisto.muikku.model.users.RoleEntity) Permission(fi.otavanopisto.muikku.model.security.Permission) RolePermission(fi.otavanopisto.muikku.model.security.RolePermission) WorkspaceRoleArchetype(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleArchetype)

Example 2 with WorkspaceRoleArchetype

use of fi.otavanopisto.muikku.model.workspace.WorkspaceRoleArchetype in project muikku by otavanopisto.

the class DefaultSchoolDataRoleListener method onSchoolDataWorkspaceRoleDiscoveredEvent.

public void onSchoolDataWorkspaceRoleDiscoveredEvent(@Observes SchoolDataWorkspaceRoleDiscoveredEvent event) {
    String discoverId = "WSR-" + event.getDataSource() + "/" + event.getIdentifier();
    if (discoveredWorkspaceRoles.containsKey(discoverId)) {
        event.setDiscoveredWorkspaceRoleEntityId(discoveredWorkspaceRoles.get(discoverId));
        return;
    }
    WorkspaceRoleEntity workspaceRoleEntity = workspaceRoleEntityController.findWorkspaceRoleEntityByDataSourceAndIdentifier(event.getDataSource(), event.getIdentifier());
    if (workspaceRoleEntity == null) {
        WorkspaceRoleArchetype roleArchetype = WorkspaceRoleArchetype.valueOf(event.getArchetype().name());
        workspaceRoleEntity = workspaceRoleEntityController.createWorkspaceRoleEntity(event.getDataSource(), event.getIdentifier(), roleArchetype, event.getName());
        discoveredWorkspaceRoles.put(discoverId, workspaceRoleEntity.getId());
        event.setDiscoveredWorkspaceRoleEntityId(workspaceRoleEntity.getId());
    } else {
        logger.warning("WorkspaceRoleEntity for " + event.getIdentifier() + "/" + event.getDataSource() + " already exists");
    }
}
Also used : WorkspaceRoleEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleEntity) WorkspaceRoleArchetype(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleArchetype)

Example 3 with WorkspaceRoleArchetype

use of fi.otavanopisto.muikku.model.workspace.WorkspaceRoleArchetype in project muikku by otavanopisto.

the class PermissionsPluginController method resetPermissions.

public void resetPermissions(Set<RoleEntity> resetRoleEntities) {
    if (CollectionUtils.isEmpty(resetRoleEntities))
        return;
    // TODO Only handles environment and workspace scopes
    for (MuikkuPermissionCollection collection : permissionCollections) {
        logger.log(Level.INFO, "Processing permission collection " + collection.getClass().getSimpleName());
        List<String> permissions = collection.listPermissions();
        for (String permissionName : permissions) {
            Permission permission = permissionDAO.findByName(permissionName);
            if (permission != null) {
                try {
                    String permissionScope = collection.getPermissionScope(permissionName);
                    if (permissionScope != null) {
                        if (!PermissionScope.PERSONAL.equals(permissionScope)) {
                            // Current roles
                            String[] pseudoRoles = collection.getDefaultPseudoRoles(permissionName);
                            EnvironmentRoleArchetype[] environmentRoles = collection.getDefaultEnvironmentRoles(permissionName);
                            WorkspaceRoleArchetype[] workspaceRoles = collection.getDefaultWorkspaceRoles(permissionName);
                            List<RoleEntity> currentRoles = new ArrayList<RoleEntity>();
                            if (pseudoRoles != null) {
                                for (String pseudoRole : pseudoRoles) {
                                    RoleEntity roleEntity = roleEntityDAO.findByName(pseudoRole);
                                    if (roleEntity != null) {
                                        currentRoles.add(roleEntity);
                                    }
                                }
                            }
                            if (environmentRoles != null) {
                                for (EnvironmentRoleArchetype environmentRole : environmentRoles) {
                                    List<EnvironmentRoleEntity> envRoles = environmentRoleEntityDAO.listByArchetype(environmentRole);
                                    currentRoles.addAll(envRoles);
                                }
                            }
                            if (workspaceRoles != null) {
                                for (WorkspaceRoleArchetype workspaceRole : workspaceRoles) {
                                    List<WorkspaceRoleEntity> wsRoles = workspaceRoleEntityDAO.listByArchetype(workspaceRole);
                                    currentRoles.addAll(wsRoles);
                                }
                            }
                            logger.info(String.format("Permission %s applies to %d roles", permissionName, currentRoles.size()));
                            if (PermissionScope.ENVIRONMENT.equals(permissionScope) || PermissionScope.WORKSPACE.equals(permissionScope)) {
                                List<RolePermission> databasePermissions = rolePermissionDAO.listByPermission(permission);
                                removeNonHandledRoles(currentRoles, databasePermissions, resetRoleEntities);
                                for (RolePermission databasePermission : databasePermissions) {
                                    int index = indexOfRoleEntity(currentRoles, databasePermission);
                                    if (index >= 0) {
                                        currentRoles.remove(index);
                                    } else {
                                        logger.info(String.format("Removing %s from %s", databasePermission.getRole().getName(), permission.getName()));
                                        rolePermissionDAO.delete(databasePermission);
                                    }
                                }
                                for (RoleEntity currentRole : currentRoles) {
                                    logger.info(String.format("Adding environment role %s for %s", currentRole.getName(), permission.getName()));
                                    rolePermissionDAO.create(currentRole, permission);
                                }
                            }
                        }
                    }
                } catch (Exception e) {
                    logger.log(Level.SEVERE, "Permission handling failed for " + permissionName);
                }
            }
        }
    }
}
Also used : EnvironmentRoleEntity(fi.otavanopisto.muikku.model.users.EnvironmentRoleEntity) EnvironmentRoleArchetype(fi.otavanopisto.muikku.model.users.EnvironmentRoleArchetype) MuikkuPermissionCollection(fi.otavanopisto.muikku.security.MuikkuPermissionCollection) ArrayList(java.util.ArrayList) WorkspaceRoleEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleEntity) RoleEntity(fi.otavanopisto.muikku.model.users.RoleEntity) EnvironmentRoleEntity(fi.otavanopisto.muikku.model.users.EnvironmentRoleEntity) WorkspaceRoleEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleEntity) RolePermission(fi.otavanopisto.muikku.model.security.RolePermission) Permission(fi.otavanopisto.muikku.model.security.Permission) WorkspaceRoleArchetype(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleArchetype) RolePermission(fi.otavanopisto.muikku.model.security.RolePermission)

Example 4 with WorkspaceRoleArchetype

use of fi.otavanopisto.muikku.model.workspace.WorkspaceRoleArchetype in project muikku by otavanopisto.

the class PermissionsPluginController method processPermissions.

public void processPermissions() {
    logger.log(Level.INFO, "Starting permission gathering");
    for (SystemRoleType systemRoleType : SystemRoleType.values()) {
        if (systemRoleEntityDAO.findByRoleType(systemRoleType) == null)
            systemRoleEntityDAO.create(systemRoleType.name(), systemRoleType);
    }
    for (MuikkuPermissionCollection collection : permissionCollections) {
        logger.log(Level.INFO, "Processing permission collection " + collection.getClass().getSimpleName());
        List<String> permissions = collection.listPermissions();
        for (String permissionName : permissions) {
            Permission permission = permissionDAO.findByName(permissionName);
            if (permission == null) {
                logger.log(Level.INFO, "Recording new permission " + permissionName);
                try {
                    final String permissionScope = collection.getPermissionScope(permissionName);
                    if (permissionScope != null) {
                        permission = permissionDAO.create(permissionName, permissionScope);
                        if (!PermissionScope.PERSONAL.equals(permissionScope)) {
                            String[] pseudoRoles = collection.getDefaultPseudoRoles(permissionName);
                            EnvironmentRoleArchetype[] environmentRoles = collection.getDefaultEnvironmentRoles(permissionName);
                            WorkspaceRoleArchetype[] workspaceRoles = collection.getDefaultWorkspaceRoles(permissionName);
                            List<RoleEntity> roles = new ArrayList<RoleEntity>();
                            if (pseudoRoles != null) {
                                for (String pseudoRole : pseudoRoles) {
                                    RoleEntity roleEntity = roleEntityDAO.findByName(pseudoRole);
                                    if (roleEntity != null)
                                        roles.add(roleEntity);
                                }
                            }
                            if (environmentRoles != null) {
                                for (EnvironmentRoleArchetype envRole : environmentRoles) {
                                    List<EnvironmentRoleEntity> envRoles = environmentRoleEntityDAO.listByArchetype(envRole);
                                    roles.addAll(envRoles);
                                }
                            }
                            if (workspaceRoles != null) {
                                for (WorkspaceRoleArchetype arc : workspaceRoles) {
                                    List<WorkspaceRoleEntity> wsRoles = workspaceRoleEntityDAO.listByArchetype(arc);
                                    roles.addAll(wsRoles);
                                }
                            }
                            switch(permissionScope) {
                                case PermissionScope.ENVIRONMENT:
                                case PermissionScope.WORKSPACE:
                                    for (RoleEntity role : roles) {
                                        rolePermissionDAO.create(role, permission);
                                    }
                                    break;
                                case PermissionScope.USERGROUP:
                                    List<UserGroupEntity> userGroups = userGroupDAO.listAll();
                                    for (RoleEntity role : roles) {
                                        // TODO Workspace creation & templates - is this necessary and bulletproof?
                                        for (UserGroupEntity userGroup : userGroups) {
                                            userGroupRolePermissionDAO.create(userGroup, role, permission);
                                        }
                                    }
                                    break;
                                default:
                                    permissionDiscoveredEvent.select(new PermissionScopeBinding() {

                                        private static final long serialVersionUID = 9009824962970938515L;

                                        @Override
                                        public String value() {
                                            return permissionScope;
                                        }
                                    }).fire(new PermissionDiscoveredEvent(permission));
                                    break;
                            }
                        }
                    } else
                        logger.log(Level.WARNING, "PermissionScope null for " + permissionName);
                } catch (Exception e) {
                    logger.log(Level.SEVERE, "Permission handling failed for " + permissionName);
                }
            }
        }
    }
    logger.log(Level.INFO, "Finished permission gathering");
}
Also used : EnvironmentRoleEntity(fi.otavanopisto.muikku.model.users.EnvironmentRoleEntity) EnvironmentRoleArchetype(fi.otavanopisto.muikku.model.users.EnvironmentRoleArchetype) SystemRoleType(fi.otavanopisto.muikku.model.users.SystemRoleType) MuikkuPermissionCollection(fi.otavanopisto.muikku.security.MuikkuPermissionCollection) ArrayList(java.util.ArrayList) UserGroupEntity(fi.otavanopisto.muikku.model.users.UserGroupEntity) WorkspaceRoleEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleEntity) RoleEntity(fi.otavanopisto.muikku.model.users.RoleEntity) EnvironmentRoleEntity(fi.otavanopisto.muikku.model.users.EnvironmentRoleEntity) WorkspaceRoleEntity(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleEntity) RolePermission(fi.otavanopisto.muikku.model.security.RolePermission) Permission(fi.otavanopisto.muikku.model.security.Permission) WorkspaceRoleArchetype(fi.otavanopisto.muikku.model.workspace.WorkspaceRoleArchetype)

Aggregations

WorkspaceRoleArchetype (fi.otavanopisto.muikku.model.workspace.WorkspaceRoleArchetype)4 Permission (fi.otavanopisto.muikku.model.security.Permission)3 RolePermission (fi.otavanopisto.muikku.model.security.RolePermission)3 RoleEntity (fi.otavanopisto.muikku.model.users.RoleEntity)3 WorkspaceRoleEntity (fi.otavanopisto.muikku.model.workspace.WorkspaceRoleEntity)3 EnvironmentRoleArchetype (fi.otavanopisto.muikku.model.users.EnvironmentRoleArchetype)2 EnvironmentRoleEntity (fi.otavanopisto.muikku.model.users.EnvironmentRoleEntity)2 MuikkuPermissionCollection (fi.otavanopisto.muikku.security.MuikkuPermissionCollection)2 ArrayList (java.util.ArrayList)2 SystemRoleType (fi.otavanopisto.muikku.model.users.SystemRoleType)1 UserGroupEntity (fi.otavanopisto.muikku.model.users.UserGroupEntity)1