Example 6 with RolePermissionService
use of net.geoprism.registry.permission.RolePermissionService in project geoprism-registry by terraframe.
the class GeoObjectImportConfiguration method enforceExecutePermissions.
@Override
public void enforceExecutePermissions() {
Organization org = type.getOrganization();
RolePermissionService perms = ServiceFactory.getRolePermissionService();
if (perms.isRA()) {
perms.enforceRA(org.getCode());
} else if (perms.isRM()) {
perms.enforceRM(org.getCode(), type);
} else {
perms.enforceRM();
}
}
Also used :
RolePermissionService(net.geoprism.registry.permission.RolePermissionService)
Organization(net.geoprism.registry.Organization)
Example 7 with RolePermissionService
use of net.geoprism.registry.permission.RolePermissionService in project geoprism-registry by terraframe.
the class Organization method isRegistryAdmin.
/**
* @param org
* @return If the current user is part of the registry admin role for the
* given organization
*/
public static boolean isRegistryAdmin(Organization org) {
if (new RolePermissionService().isSRA()) {
return true;
}
String roleName = RegistryRole.Type.getRA_RoleName((org.getCode()));
final SessionIF session = Session.getCurrentSession();
if (session != null) {
return session.userHasRole(roleName);
}
return true;
}
Also used :
RolePermissionService(net.geoprism.registry.permission.RolePermissionService)
SessionIF(com.runwaysdk.session.SessionIF)
Example 8 with RolePermissionService
use of net.geoprism.registry.permission.RolePermissionService in project geoprism-registry by terraframe.
the class UserInfo method page.
public static JSONObject page(Integer pageSize, Integer pageNumber) {
final RolePermissionService perms = ServiceFactory.getRolePermissionService();
List<Organization> organizations = Organization.getUserOrganizations();
boolean isSRA = perms.isSRA();
boolean isRMorRCorAC = (!isSRA && !perms.isRA()) && (perms.isRM() || perms.isRC() || perms.isAC());
List<ExternalSystem> externalSystemList = ExternalSystem.getExternalSystemsForOrg(1, 100);
JSONArray externalSystems = new JSONArray();
for (ExternalSystem externalSystem : externalSystemList) {
externalSystems.put(new JSONObject(externalSystem.toJSON().toString()));
}
if (organizations.size() > 0 || isSRA) {
ValueQuery vQuery = new ValueQuery(new QueryFactory());
GeoprismUserQuery uQuery = new GeoprismUserQuery(vQuery);
UserInfoQuery iQuery = new UserInfoQuery(vQuery);
vQuery.SELECT(uQuery.getOid(), uQuery.getUsername(), uQuery.getFirstName(), uQuery.getLastName(), uQuery.getPhoneNumber(), uQuery.getEmail(), uQuery.getInactive());
vQuery.SELECT(iQuery.getAltFirstName(), iQuery.getAltLastName(), iQuery.getAltPhoneNumber(), iQuery.getPosition());
vQuery.SELECT(iQuery.getExternalSystemOid());
vQuery.WHERE(new LeftJoinEq(uQuery.getOid(), iQuery.getGeoprismUser()));
if (organizations.size() > 0) {
// restrict by org code
OrganizationQuery orgQuery = new OrganizationQuery(vQuery);
OrganizationUserQuery relQuery = new OrganizationUserQuery(vQuery);
for (Organization org : organizations) {
orgQuery.OR(orgQuery.getCode().EQ(org.getCode()));
}
vQuery.WHERE(relQuery.parentOid().EQ(orgQuery.getOid()));
vQuery.WHERE(uQuery.getOid().EQ(relQuery.childOid()));
}
if (isRMorRCorAC) {
vQuery.WHERE(uQuery.getInactive().EQ(false));
}
vQuery.ORDER_BY_ASC(uQuery.getUsername());
return serializePage(pageSize, pageNumber, externalSystems, vQuery);
}
JSONObject page = new JSONObject();
page.put("resultSet", new JSONArray());
page.put("count", 0);
page.put("pageNumber", pageNumber);
page.put("pageSize", pageSize);
page.put("externalSystems", externalSystems);
return page;
}
Also used :
RolePermissionService(net.geoprism.registry.permission.RolePermissionService)
ValueQuery(com.runwaysdk.query.ValueQuery)
QueryFactory(com.runwaysdk.query.QueryFactory)
ExternalSystem(net.geoprism.registry.graph.ExternalSystem)
JSONArray(org.json.JSONArray)
LeftJoinEq(com.runwaysdk.query.LeftJoinEq)
JSONObject(org.json.JSONObject)
GeoprismUserQuery(net.geoprism.GeoprismUserQuery)
Example 9 with RolePermissionService
use of net.geoprism.registry.permission.RolePermissionService in project geoprism-registry by terraframe.
the class ETLService method filterHistoryQueryBasedOnPermissions.
public void filterHistoryQueryBasedOnPermissions(ImportHistoryQuery ihq) {
List<String> raOrgs = new ArrayList<String>();
List<String> rmGeoObjects = new ArrayList<String>();
Condition cond = null;
SingleActorDAOIF actor = Session.getCurrentSession().getUser();
for (RoleDAOIF role : actor.authorizedRoles()) {
String roleName = role.getRoleName();
if (RegistryRole.Type.isOrgRole(roleName) && !RegistryRole.Type.isRootOrgRole(roleName)) {
if (RegistryRole.Type.isRA_Role(roleName)) {
String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
raOrgs.add(roleOrgCode);
} else if (RegistryRole.Type.isRM_Role(roleName)) {
rmGeoObjects.add(roleName);
}
}
}
if (!new RolePermissionService().isSRA() && raOrgs.size() == 0 && rmGeoObjects.size() == 0) {
throw new ProgrammingErrorException("This endpoint must be invoked by an RA or RM");
}
for (String orgCode : raOrgs) {
Organization org = Organization.getByCode(orgCode);
Condition loopCond = ihq.getOrganization().EQ(org);
if (cond == null) {
cond = loopCond;
} else {
cond = cond.OR(loopCond);
}
}
for (String roleName : rmGeoObjects) {
String roleOrgCode = RegistryRole.Type.parseOrgCode(roleName);
Organization org = Organization.getByCode(roleOrgCode);
String gotCode = RegistryRole.Type.parseGotCode(roleName);
Condition loopCond = ihq.getGeoObjectTypeCode().EQ(gotCode).AND(ihq.getOrganization().EQ(org));
if (cond == null) {
cond = loopCond;
} else {
cond = cond.OR(loopCond);
}
// If they have permission to an abstract parent type, then they also have
// permission to all its children.
Optional<ServerGeoObjectType> op = ServiceFactory.getMetadataCache().getGeoObjectType(gotCode);
if (op.isPresent() && op.get().getIsAbstract()) {
List<ServerGeoObjectType> subTypes = op.get().getSubtypes();
for (ServerGeoObjectType subType : subTypes) {
Condition superCond = ihq.getGeoObjectTypeCode().EQ(subType.getCode()).AND(ihq.getOrganization().EQ(subType.getOrganization()));
cond = cond.OR(superCond);
}
}
}
if (cond != null) {
ihq.AND(cond);
}
}
Also used :
Condition(com.runwaysdk.query.Condition)
RolePermissionService(net.geoprism.registry.permission.RolePermissionService)
Organization(net.geoprism.registry.Organization)
ServerGeoObjectType(net.geoprism.registry.model.ServerGeoObjectType)
ArrayList(java.util.ArrayList)
SingleActorDAOIF(com.runwaysdk.business.rbac.SingleActorDAOIF)
RoleDAOIF(com.runwaysdk.business.rbac.RoleDAOIF)
ProgrammingErrorException(com.runwaysdk.dataaccess.ProgrammingErrorException)
Example 10 with RolePermissionService
use of net.geoprism.registry.permission.RolePermissionService in project geoprism-registry by terraframe.
the class TransitionEvent method readOnly.
public boolean readOnly() {
RolePermissionService rps = ServiceFactory.getRolePermissionService();
ServerGeoObjectType type = ServiceFactory.getMetadataCache().getGeoObjectType(this.getBeforeTypeCode()).get();
final String orgCode = this.getBeforeTypeOrgCode();
return !(rps.isSRA() || rps.isRA(orgCode) || rps.isRM(orgCode, type) || rps.isRC(orgCode, type));
}
Also used :
RolePermissionService(net.geoprism.registry.permission.RolePermissionService)
ServerGeoObjectType(net.geoprism.registry.model.ServerGeoObjectType)
Aggregations
RolePermissionService (net.geoprism.registry.permission.RolePermissionService)15
ServerGeoObjectType (net.geoprism.registry.model.ServerGeoObjectType)11
JsonObject (com.google.gson.JsonObject)4
Transaction (com.runwaysdk.dataaccess.transaction.Transaction)3
SessionIF (com.runwaysdk.session.SessionIF)3
Organization (net.geoprism.registry.Organization)3
JsonArray (com.google.gson.JsonArray)2
HashSet (java.util.HashSet)2
CGRPermissionException (net.geoprism.registry.CGRPermissionException)2
ListType (net.geoprism.registry.ListType)2
ChangeRequest (net.geoprism.registry.action.ChangeRequest)2
ServerGeoObjectIF (net.geoprism.registry.model.ServerGeoObjectIF)2
VertexServerGeoObject (net.geoprism.registry.model.graph.VertexServerGeoObject)2
GeoObjectPermissionService (net.geoprism.registry.permission.GeoObjectPermissionService)2
GraphQuery (com.runwaysdk.business.graph.GraphQuery)1
VertexObject (com.runwaysdk.business.graph.VertexObject)1
RoleDAOIF (com.runwaysdk.business.rbac.RoleDAOIF)1
SingleActorDAOIF (com.runwaysdk.business.rbac.SingleActorDAOIF)1
MdAttributeDAOIF (com.runwaysdk.dataaccess.MdAttributeDAOIF)1
MdEdgeDAOIF (com.runwaysdk.dataaccess.MdEdgeDAOIF)1
