Examples with IEntityGroup org.apereo.portal.groups.IEntityGroup used on opensource projects

Example 71 with IEntityGroup

use of org.apereo.portal.groups.IEntityGroup in project uPortal by Jasig.

the class AuthorizationImpl method getInheritedPrincipals.

/**
     * Hook into the Groups system, find all containing groups, and convert the them to <code>
     * IAuthorizationPrincipals</code>.
     *
     * @param principal - org.apereo.portal.security.IAuthorizationPrincipal
     * @return java.util.Iterator over Collection of IEntityGroups
     */
private Iterator getInheritedPrincipals(IAuthorizationPrincipal principal) throws AuthorizationException {
    Iterator i = null;
    ArrayList<IAuthorizationPrincipal> al = new ArrayList<IAuthorizationPrincipal>(5);
    try {
        i = getGroupsForPrincipal(principal);
    } catch (GroupsException ge) {
        throw new AuthorizationException("Could not retrieve Groups for " + principal, ge);
    }
    while (i.hasNext()) {
        IEntityGroup group = (IEntityGroup) i.next();
        IAuthorizationPrincipal p = getPrincipalForGroup(group);
        al.add(p);
    }
    return al.iterator();
}

Example 72 with IEntityGroup

use of org.apereo.portal.groups.IEntityGroup in project uPortal by Jasig.

the class AuthorizationImpl method primGetPermissionsForPrincipal.

/**
     * @return IPermission[]
     * @param principal org.apereo.portal.security.IAuthorizationPrincipal
     * @param owner String
     * @param activity String
     * @param target String
     */
private IPermission[] primGetPermissionsForPrincipal(IAuthorizationPrincipal principal, String owner, String activity, String target) throws AuthorizationException {
    /*
         * Get a list of all permissions for the specified principal, then iterate
         * through them to build a list of the permissions matching the specified criteria.
         */
    IPermission[] perms = primGetPermissionsForPrincipal(principal);
    if (owner == null && activity == null && target == null) {
        return perms;
    }
    // If there are no permissions left, no need to look through group mappings.
    if (perms.length == 0) {
        return perms;
    }
    Set<String> containingGroups;
    if (target != null) {
        final Element element = this.entityParentsCache.get(target);
        if (element != null) {
            containingGroups = (Set<String>) element.getObjectValue();
        } else {
            containingGroups = new HashSet<String>();
            //Ignore target entity lookups for the various synthetic ALL targets
            if (!IPermission.ALL_CATEGORIES_TARGET.equals(target) && !IPermission.ALL_GROUPS_TARGET.equals(target) && !IPermission.ALL_PORTLETS_TARGET.equals(target) && !IPermission.ALL_TARGET.equals(target)) {
                // UP-4410; It would be ideal if the target string indicated it was a group or entity that might be
                // a member of a group so we could determine whether to check what groups the target entity might be
                // contained within to see if the principal has permission to the containing group, but it does not
                // (too significant to refactor database values at this point).  If the owner and activity strings map to
                // a type of target that might be a group name or entity name, create a set of the groups the target
                // entity is contained in.
                boolean checkTargetForContainingGroups = true;
                if (owner != null && activity != null) {
                    IPermissionActivity permissionActivity = permissionOwner.getPermissionActivity(owner, activity);
                    if (nonEntityPermissionTargetProviders.contains(permissionActivity.getTargetProviderKey())) {
                        checkTargetForContainingGroups = false;
                    }
                }
                if (checkTargetForContainingGroups) {
                    log.debug("Target '{}' is an entity. Checking for group or groups containing entity", target);
                    IGroupMember targetEntity = GroupService.findGroup(target);
                    if (targetEntity == null) {
                        if (target.startsWith(IPermission.PORTLET_PREFIX)) {
                            targetEntity = GroupService.getGroupMember(target.replace(IPermission.PORTLET_PREFIX, ""), IPortletDefinition.class);
                        } else {
                            targetEntity = GroupService.getGroupMember(target, IPerson.class);
                        }
                    }
                    if (targetEntity != null) {
                        for (IEntityGroup ancestor : targetEntity.getAncestorGroups()) {
                            containingGroups.add(ancestor.getKey());
                        }
                    }
                }
            }
            this.entityParentsCache.put(new Element(target, containingGroups));
        }
    } else {
        containingGroups = new HashSet<String>();
    }
    List<IPermission> al = new ArrayList<IPermission>(perms.length);
    for (int i = 0; i < perms.length; i++) {
        String permissionTarget = perms[i].getTarget();
        if (// owner matches
        (owner == null || owner.equals(perms[i].getOwner())) && // activity matches
        (activity == null || activity.equals(perms[i].getActivity())) && // target matches or is a member of the current permission target
        (target == null || target.equals(permissionTarget) || containingGroups.contains(permissionTarget))) {
            al.add(perms[i]);
        }
    }
    if (log.isTraceEnabled()) {
        log.trace("AuthorizationImpl.primGetPermissionsForPrincipal(): " + "Principal: " + principal + " owner: " + owner + " activity: " + activity + " target: " + target + " : permissions retrieved: " + al);
    } else if (log.isDebugEnabled()) {
        log.debug("AuthorizationImpl.primGetPermissionsForPrincipal(): " + "Principal: " + principal + " owner: " + owner + " activity: " + activity + " target: " + target + " : number of permissions retrieved: " + al.size());
    }
    return ((IPermission[]) al.toArray(new IPermission[al.size()]));
}

Example 73 with IEntityGroup

use of org.apereo.portal.groups.IEntityGroup in project uPortal by Jasig.

the class PortletPermissionsCachePrimer method primeCache.

public void primeCache() {
    if (executor.getActiveCount() != 0) {
        log.warn("Skipping this run becasue there are active threads in the executor, signifying the previous run is not complete");
        return;
    }
    log.info("STARTING PortletPermissionsCachePrimer.primeCache()...");
    final long timestamp = System.currentTimeMillis();
    /*
         * This task is pretty effort-intensive and may take in excess of a
         * minute to run in a single thread.  Going to use a divide-and-conquer
         * approach.
         */
    final Map<NodeWalker, Future<NodeWalkerReport>> futures = new HashMap<>();
    final IEntityGroup rootGroup = GroupService.getRootGroup(IPerson.class);
    for (Map.Entry<String, Set<String>> y : permissionsMap.entrySet()) {
        final IPermissionOwner owner = permissionOwnerDao.getPermissionOwner(y.getKey());
        for (String s : y.getValue()) {
            final IPermissionActivity activity = permissionOwnerDao.getPermissionActivity(y.getKey(), s);
            final IPermissionTargetProvider targetProvider = targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey());
            final NodeWalker walker = new NodeWalker(rootGroup, owner, activity, targetProvider);
            final Future<NodeWalkerReport> future = this.executor.submit(walker);
            futures.put(walker, future);
        }
    }
    int totalCombinations = 0;
    for (Map.Entry<NodeWalker, Future<NodeWalkerReport>> y : futures.entrySet()) {
        try {
            final NodeWalkerReport report = y.getValue().get();
            totalCombinations += report.getCombinationCount();
            log.debug("NodeWalker '{}' processed {} combinations in {}ms", y.getKey(), report.getCombinationCount(), report.getDuration());
        } catch (InterruptedException | ExecutionException e) {
            log.error("NodeWalker '{}' failed", y.getKey());
        }
    }
    log.info("COMPLETED PortletPermissionsCachePrimer.primeCache();  processed {} total combinations in {}ms", totalCombinations, Long.toString(System.currentTimeMillis() - timestamp));
}

Example 74 with IEntityGroup

use of org.apereo.portal.groups.IEntityGroup in project uPortal by Jasig.

the class XalanGroupMembershipHelperBean method isUserDeepMemberOf.

/* (non-Javadoc)
     * @see org.apereo.portal.security.xslt.IXalanGroupMembershipHelper#isUserDeepMemberOf(java.lang.String, java.lang.String)
     */
@Override
public boolean isUserDeepMemberOf(String userName, String groupKey) {
    final IEntityGroup distinguishedGroup = GroupService.findGroup(groupKey);
    if (distinguishedGroup == null) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("No group found for key '" + groupKey + "'");
        }
        return false;
    }
    final IEntity entity = GroupService.getEntity(userName, IPerson.class);
    if (entity == null) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("No user found for key '" + userName + "'");
        }
        return false;
    }
    return distinguishedGroup.deepContains(entity);
}