Example 16 with EntityIdentifier
use of org.apereo.portal.EntityIdentifier in project uPortal by Jasig.
the class GroupAdministrationHelper method canViewGroup.
public boolean canViewGroup(IPerson currentUser, String target) {
EntityIdentifier ei = currentUser.getEntityIdentifier();
IAuthorizationPrincipal ap = AuthorizationService.instance().newPrincipal(ei.getKey(), ei.getType());
return (ap.hasPermission(IPermission.PORTAL_GROUPS, IPermission.VIEW_GROUP_ACTIVITY, target));
}
Also used :
IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)
EntityIdentifier(org.apereo.portal.EntityIdentifier)
Example 17 with EntityIdentifier
use of org.apereo.portal.EntityIdentifier in project uPortal by Jasig.
the class UserAccountHelper method canDeleteUser.
public boolean canDeleteUser(IPerson currentUser, String target) {
// first check to see if this is a local user
if (!isLocalAccount(target)) {
return false;
}
EntityIdentifier ei = currentUser.getEntityIdentifier();
IAuthorizationPrincipal ap = AuthorizationService.instance().newPrincipal(ei.getKey(), ei.getType());
// TODO create new user editing permission
return (ap.hasPermission("UP_USERS", "DELETE_USER", target));
}
Also used :
IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)
EntityIdentifier(org.apereo.portal.EntityIdentifier)
Example 18 with EntityIdentifier
use of org.apereo.portal.EntityIdentifier in project uPortal by Jasig.
the class UserAccountHelper method updateAccount.
public void updateAccount(IPerson currentUser, PersonForm form) {
ILocalAccountPerson account;
// username
if (form.getId() < 0) {
account = accountDao.getPerson(form.getUsername());
if (account == null) {
/*
* Should there be a permissions check to verify
* the user is allowed to create new users?
*/
account = accountDao.createPerson(form.getUsername());
}
} else // otherwise, get the existing account from the database
{
account = accountDao.getPerson(form.getId());
}
/*
* SANITY CHECK #1: Is the user permitted to modify this account?
* (Presumably this check was already made when the page was rendered,
* but re-checking alleviates danger from cleverly-crafted HTTP
* requests.)
*/
if (!canEditUser(currentUser, account.getName())) {
throw new RuntimeException("Current user " + currentUser.getName() + " does not have permissions to update person " + account.getName());
}
// Used w/ check #2
EntityIdentifier ei = currentUser.getEntityIdentifier();
IAuthorizationPrincipal ap = AuthorizationService.instance().newPrincipal(ei.getKey(), ei.getType());
// update the account attributes to match those specified in the form
List<Preference> editableAttributes = getEditableUserAttributes(currentUser);
for (Preference editableAttribute : editableAttributes) {
String attributeName = editableAttribute.getName();
/*
* SANITY CHECK #2: Should never fail since getEditableUserAttributes should return only
* editable attribute names, but do this anyway just in case.
*/
if (!ap.hasPermission("UP_USERS", "EDIT_USER_ATTRIBUTE", attributeName)) {
throw new RuntimeException("Current user " + currentUser.getName() + " does not have permissions to edit attribute " + attributeName);
}
if (form.getAttributes().get(attributeName) == null || form.getAttributes().get(attributeName).isBlank()) {
account.removeAttribute(attributeName);
} else {
account.setAttribute(attributeName, form.getAttributes().get(attributeName).getValue());
}
}
// if a new password has been specified, update the account password
if (StringUtils.isNotBlank(form.getPassword())) {
account.setPassword(passwordService.encryptPassword(form.getPassword()));
account.setLastPasswordChange(new Date());
account.removeAttribute("loginToken");
}
accountDao.updateAccount(account);
log.info("Account " + account.getName() + " successfully updated");
}
Also used :
Preference(org.apereo.portal.portletpublishing.xml.Preference)
IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)
EntityIdentifier(org.apereo.portal.EntityIdentifier)
ILocalAccountPerson(org.apereo.portal.persondir.ILocalAccountPerson)
Date(java.util.Date)
Example 19 with EntityIdentifier
use of org.apereo.portal.EntityIdentifier in project uPortal by Jasig.
the class GroupAdministrationHelper method canEditGroup.
public boolean canEditGroup(IPerson currentUser, String target) {
EntityIdentifier ei = currentUser.getEntityIdentifier();
IAuthorizationPrincipal ap = AuthorizationService.instance().newPrincipal(ei.getKey(), ei.getType());
return (ap.hasPermission(IPermission.PORTAL_GROUPS, IPermission.EDIT_GROUP_ACTIVITY, target));
}
Also used :
IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)
EntityIdentifier(org.apereo.portal.EntityIdentifier)
Example 20 with EntityIdentifier
use of org.apereo.portal.EntityIdentifier in project uPortal by Jasig.
the class ImportExportController method exportEntity.
@RequestMapping(value = "/entity/{entityType}/{entityId}", method = RequestMethod.GET)
public void exportEntity(@PathVariable("entityId") String entityId, @PathVariable("entityType") String entityType, @RequestParam(value = "download", required = false) boolean download, @RequestParam(value = "format", defaultValue = "XML", required = false) String formatType, HttpServletRequest request, HttpServletResponse response) throws IOException, JSONException {
final IPerson person = personManager.getPerson(request);
final EntityIdentifier ei = person.getEntityIdentifier();
final IAuthorizationPrincipal ap = AuthorizationService.instance().newPrincipal(ei.getKey(), ei.getType());
// object type, return a 401 error code
if (!ap.hasPermission(IPermission.PORTAL_SYSTEM, IPermission.EXPORT_ACTIVITY, entityType)) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
//Export the data into a string buffer
final StringWriter exportBuffer = new StringWriter();
final String fileName = portalDataHandlerService.exportData(entityType, entityId, new StreamResult(exportBuffer));
final PrintWriter responseWriter = response.getWriter();
if (download) {
response.setHeader("Content-Disposition", "attachment; filename=\"" + fileName + "." + entityType + "." + formatType.toLowerCase() + "\"");
}
if ("XML".equalsIgnoreCase(formatType)) {
responseWriter.print(exportBuffer.getBuffer());
} else if ("JSON".equalsIgnoreCase(formatType)) {
JSONObject json = XML.toJSONObject(exportBuffer.getBuffer().toString());
responseWriter.print(json);
} else {
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
return;
}
}
Also used :
IPerson(org.apereo.portal.security.IPerson)
StringWriter(java.io.StringWriter)
StreamResult(javax.xml.transform.stream.StreamResult)
JSONObject(org.json.JSONObject)
IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)
EntityIdentifier(org.apereo.portal.EntityIdentifier)
PrintWriter(java.io.PrintWriter)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Aggregations
EntityIdentifier (org.apereo.portal.EntityIdentifier)79
IAuthorizationPrincipal (org.apereo.portal.security.IAuthorizationPrincipal)31
HashSet (java.util.HashSet)20
IPerson (org.apereo.portal.security.IPerson)17
ArrayList (java.util.ArrayList)15
IEntityGroup (org.apereo.portal.groups.IEntityGroup)13
IGroupMember (org.apereo.portal.groups.IGroupMember)12
IPortletDefinition (org.apereo.portal.portlet.om.IPortletDefinition)12
Set (java.util.Set)9
GroupsException (org.apereo.portal.groups.GroupsException)9
Iterator (java.util.Iterator)7
Element (net.sf.ehcache.Element)6
PortletCategory (org.apereo.portal.portlet.om.PortletCategory)6
HashMap (java.util.HashMap)4
List (java.util.List)4
LinkedHashSet (java.util.LinkedHashSet)3
LinkedList (java.util.LinkedList)2
Locale (java.util.Locale)2
Map (java.util.Map)2
SortedSet (java.util.SortedSet)2
