use of org.apereo.portal.concurrency.caching.RequestCache in project uPortal by Jasig.
the class MobileUrlNodeSyntaxHelper method getFolderNameForPortlet.
/* (non-Javadoc)
* @see org.apereo.portal.url.IUrlNodeSyntaxHelper#getFolderNameForPortlet(javax.servlet.http.HttpServletRequest, org.apereo.portal.portlet.om.IPortletWindowId)
*/
@RequestCache(keyMask = { false, true })
@Override
public String getFolderNameForPortlet(HttpServletRequest request, IPortletWindowId portletWindowId) {
final IPortletWindow portletWindow = this.portletWindowRegistry.getPortletWindow(request, portletWindowId);
final IPortletEntity portletEntity = portletWindow.getPortletEntity();
final IPortletDefinition portletDefinition = portletEntity.getPortletDefinition();
final String fname = portletDefinition.getFName();
final String channelSubscribeId = portletEntity.getLayoutNodeId();
//Build the targeted portlet string (fname + subscribeId)
return fname + PORTLET_PATH_ELEMENT_SEPERATOR + channelSubscribeId;
}
use of org.apereo.portal.concurrency.caching.RequestCache in project uPortal by Jasig.
the class AuthorizationImpl method canPrincipalManage.
/**
* Answers if the principal has permission to MANAGE this Channel.
*
* @return boolean
* @param principal IAuthorizationPrincipal
* @param portletDefinitionId
* @exception AuthorizationException indicates authorization information could not be retrieved.
*/
@RequestCache
public boolean canPrincipalManage(IAuthorizationPrincipal principal, String portletDefinitionId) throws AuthorizationException {
String owner = IPermission.PORTAL_PUBLISH;
String target = IPermission.PORTLET_PREFIX + portletDefinitionId;
// retrieve the indicated channel from the channel registry store and
// determine its current lifecycle state
IPortletDefinition portlet = this.portletDefinitionRegistry.getPortletDefinition(portletDefinitionId);
if (portlet == null) {
return doesPrincipalHavePermission(principal, owner, IPermission.PORTLET_MANAGER_APPROVED_ACTIVITY, target);
// throw new AuthorizationException("Unable to locate channel " + channelPublishId);
}
PortletLifecycleState state = portlet.getLifecycleState();
int order = state.getOrder();
/*
* The following code assumes that later lifecycle states imply permission
* for earlier lifecycle states. For example, if a user has permission to
* manage an expired channel, we assume s/he also has permission to
* create, approve, and publish channels. The following code counts
* channels with auto-publish or auto-expiration dates set as requiring
* publish or expiration permissions for management, even though the channel
* may not yet be published or expired.
*/
String activity = IPermission.PORTLET_MANAGER_MAINTENANCE_ACTIVITY;
if (order <= PortletLifecycleState.MAINTENANCE.getOrder() && doesPrincipalHavePermission(principal, owner, activity, target)) {
return true;
}
activity = IPermission.PORTLET_MANAGER_EXPIRED_ACTIVITY;
if ((order <= PortletLifecycleState.EXPIRED.getOrder() || portlet.getExpirationDate() != null) && doesPrincipalHavePermission(principal, owner, activity, target)) {
return true;
}
activity = IPermission.PORTLET_MANAGER_ACTIVITY;
if ((order <= PortletLifecycleState.PUBLISHED.getOrder() || portlet.getPublishDate() != null) && doesPrincipalHavePermission(principal, owner, activity, target)) {
return true;
}
activity = IPermission.PORTLET_MANAGER_APPROVED_ACTIVITY;
log.debug("order: " + order + ", approved order: " + PortletLifecycleState.APPROVED.getOrder());
if (order <= PortletLifecycleState.APPROVED.getOrder() && doesPrincipalHavePermission(principal, owner, activity, target)) {
return true;
}
activity = IPermission.PORTLET_MANAGER_CREATED_ACTIVITY;
if (order <= PortletLifecycleState.CREATED.getOrder() && doesPrincipalHavePermission(principal, owner, activity, target)) {
return true;
}
// if no permissions were found, return false
return false;
}
use of org.apereo.portal.concurrency.caching.RequestCache in project uPortal by Jasig.
the class AuthorizationImpl method doesPrincipalHavePermission.
/**
* Answers if the owner has given the principal permission to perform the activity on the
* target, as evaluated by the policy. Params <code>policy</code>, <code>owner</code> and <code>
* activity</code> must be non-null.
*
* @return boolean
* @param principal IAuthorizationPrincipal
* @param owner java.lang.String
* @param activity java.lang.String
* @param target java.lang.String
* @exception AuthorizationException indicates authorization information could not be retrieved.
*/
@Override
@RequestCache
public boolean doesPrincipalHavePermission(IAuthorizationPrincipal principal, String owner, String activity, String target, IPermissionPolicy policy) throws AuthorizationException {
final CacheKeyBuilder<Serializable, Serializable> cacheKeyBuilder = CacheKey.builder(AuthorizationImpl.class.getName());
final String username = principal.getKey();
if (IPerson.class.equals(principal.getType())) {
cacheKeyBuilder.addTag(UsernameTaggedCacheEntryPurger.createCacheEntryTag(username));
}
cacheKeyBuilder.addAll(policy.getClass(), username, principal.getType(), owner, activity, target);
final CacheKey key = cacheKeyBuilder.build();
final Element element = this.doesPrincipalHavePermissionCache.get(key);
if (element != null) {
return (Boolean) element.getValue();
}
/*
* Convert to (strongly-typed) Java objects based on interfaces in
* o.j.p.permission before we make the actual check with IPermissionPolicy;
* parameters that communicate something of the nature of the things they
* represent helps us make the check(s) more intelligently. This objects
* were retro-fitted to IPermissionPolicy in uP 4.3; perhaps we should do
* the same to IAuthorizationService itself?
*/
final IPermissionOwner ipOwner = permissionOwnerDao.getPermissionOwner(owner);
final IPermissionActivity ipActivity = permissionOwnerDao.getPermissionActivity(owner, activity);
if (ipActivity == null) {
// Means needed data is missing; much clearer than NPE
String msg = "The following activity is not defined for owner '" + owner + "': " + activity;
throw new RuntimeException(msg);
}
final IPermissionTargetProvider targetProvider = targetProviderRegistry.getTargetProvider(ipActivity.getTargetProviderKey());
final IPermissionTarget ipTarget = targetProvider.getTarget(target);
final boolean doesPrincipalHavePermission = policy.doesPrincipalHavePermission(this, principal, ipOwner, ipActivity, ipTarget);
this.doesPrincipalHavePermissionCache.put(new Element(key, doesPrincipalHavePermission));
return doesPrincipalHavePermission;
}
use of org.apereo.portal.concurrency.caching.RequestCache in project uPortal by Jasig.
the class AuthorizationImpl method canPrincipalSubscribe.
/**
* Answers if the principal has permission to SUBSCRIBE to this Channel.
*
* @return boolean
* @param principal IAuthorizationPrincipal
* @param portletDefinitionId
* @exception AuthorizationException indicates authorization information could not be retrieved.
*/
@RequestCache
public boolean canPrincipalSubscribe(IAuthorizationPrincipal principal, String portletDefinitionId) {
String owner = IPermission.PORTAL_SUBSCRIBE;
// retrieve the indicated channel from the channel registry store and
// determine its current lifecycle state
IPortletDefinition portlet = this.portletDefinitionRegistry.getPortletDefinition(portletDefinitionId);
if (portlet == null) {
return false;
}
String target = PermissionHelper.permissionTargetIdForPortletDefinition(portlet);
PortletLifecycleState state = portlet.getLifecycleState();
/*
* Each channel lifecycle state now has its own subscribe permission. The
* following logic checks the appropriate permission for the lifecycle.
*/
String permission;
if (state.equals(PortletLifecycleState.PUBLISHED) || state.equals(PortletLifecycleState.MAINTENANCE)) {
// NB: There is no separate SUBSCRIBE permission for MAINTENANCE
// mode; everyone simply sees the 'out of service' message
permission = IPermission.PORTLET_SUBSCRIBER_ACTIVITY;
} else if (state.equals(PortletLifecycleState.APPROVED)) {
permission = IPermission.PORTLET_SUBSCRIBER_APPROVED_ACTIVITY;
} else if (state.equals(PortletLifecycleState.CREATED)) {
permission = IPermission.PORTLET_SUBSCRIBER_CREATED_ACTIVITY;
} else if (state.equals(PortletLifecycleState.EXPIRED)) {
permission = IPermission.PORTLET_SUBSCRIBER_EXPIRED_ACTIVITY;
} else {
throw new AuthorizationException("Unrecognized lifecycle state for channel " + portletDefinitionId);
}
// Test the appropriate permission.
return doesPrincipalHavePermission(principal, owner, permission, target);
}
Aggregations