Examples with IEntityGroup org.apereo.portal.groups.IEntityGroup used on opensource projects

Example 41 with IEntityGroup

use of org.apereo.portal.groups.IEntityGroup in project uPortal by Jasig.

the class PermissionsRESTController method getPermissionsForEntity.

protected List<JsonPermission> getPermissionsForEntity(JsonEntityBean entity, boolean includeInherited) {
    Set<UniquePermission> directAssignments = new HashSet<UniquePermission>();
    IAuthorizationPrincipal p = this.authorizationService.newPrincipal(entity.getId(), entity.getEntityType().getClazz());
    // first get the permissions explicitly set for this principal
    IPermission[] directPermissions = permissionStore.select(null, p.getPrincipalString(), null, null, null);
    for (IPermission permission : directPermissions) {
        directAssignments.add(new UniquePermission(permission.getOwner(), permission.getActivity(), permission.getTarget(), false));
    }
    Set<UniquePermission> inheritedAssignments = new HashSet<UniquePermission>();
    if (includeInherited) {
        IGroupMember member = GroupService.getGroupMember(p.getKey(), p.getType());
        for (IEntityGroup parent : member.getAncestorGroups()) {
            IAuthorizationPrincipal parentPrincipal = this.authorizationService.newPrincipal(parent);
            IPermission[] parentPermissions = permissionStore.select(null, parentPrincipal.getPrincipalString(), null, null, null);
            for (IPermission permission : parentPermissions) {
                inheritedAssignments.add(new UniquePermission(permission.getOwner(), permission.getActivity(), permission.getTarget(), true));
            }
        }
    }
    List<JsonPermission> rslt = new ArrayList<JsonPermission>();
    for (UniquePermission permission : directAssignments) {
        if (p.hasPermission(permission.getOwner(), permission.getActivity(), permission.getIdentifier())) {
            rslt.add(getPermissionForPrincipal(permission, entity));
        }
    }
    for (UniquePermission permission : inheritedAssignments) {
        if (p.hasPermission(permission.getOwner(), permission.getActivity(), permission.getIdentifier())) {
            rslt.add(getPermissionForPrincipal(permission, entity));
        }
    }
    Collections.sort(rslt);
    return rslt;
}

Example 42 with IEntityGroup

use of org.apereo.portal.groups.IEntityGroup in project uPortal by Jasig.

the class SmartLdapGroupStore method searchForGroups.

public EntityIdentifier[] searchForGroups(String query, int method, Class leaftype) throws GroupsException {
    if (isTreeRefreshRequired()) {
        refreshTree();
    }
    log.debug("Invoking searchForGroups():  query={}, method={}, leaftype=", query, method, leaftype.getClass().getName());
    // We only match the IPerson leaf type...
    final IEntityGroup root = getRootGroup();
    if (!leaftype.equals(root.getLeafType())) {
        return new EntityIdentifier[0];
    }
    // We need to escape regex special characters that appear in the query string...
    final String[][] specials = new String[][] { /* backslash must come first! */
    new String[] { "\\", "\\\\" }, new String[] { "[", "\\[" }, /* closing ']' isn't needed b/c it's a normal character w/o a preceding '[' */
    new String[] { "{", "\\{" }, /* closing '}' isn't needed b/c it's a normal character w/o a preceding '{' */
    new String[] { "^", "\\^" }, new String[] { "$", "\\$" }, new String[] { ".", "\\." }, new String[] { "|", "\\|" }, new String[] { "?", "\\?" }, new String[] { "*", "\\*" }, new String[] { "+", "\\+" }, new String[] { "(", "\\(" }, new String[] { ")", "\\)" } };
    for (String[] s : specials) {
        query = query.replace(s[0], s[1]);
    }
    // Establish the regex pattern to match on...
    String regex;
    switch(method) {
        case IGroupConstants.IS:
            regex = query.toUpperCase();
            break;
        case IGroupConstants.STARTS_WITH:
            regex = query.toUpperCase() + ".*";
            break;
        case IGroupConstants.ENDS_WITH:
            regex = ".*" + query.toUpperCase();
            break;
        case IGroupConstants.CONTAINS:
            regex = ".*" + query.toUpperCase() + ".*";
            break;
        default:
            String msg = "Unsupported search method:  " + method;
            throw new GroupsException(msg);
    }
    List<EntityIdentifier> rslt = new LinkedList<>();
    for (Map.Entry<String, List<String>> y : groupsTree.getKeysByUpperCaseName().entrySet()) {
        if (y.getKey().matches(regex)) {
            List<String> keys = y.getValue();
            for (String k : keys) {
                rslt.add(new EntityIdentifier(k, IEntityGroup.class));
            }
        }
    }
    return rslt.toArray(new EntityIdentifier[rslt.size()]);
}

Example 43 with IEntityGroup

use of org.apereo.portal.groups.IEntityGroup in project uPortal by Jasig.

the class SmartLdapGroupStore method hasUndiscoveredChildrenWithinDn.

public boolean hasUndiscoveredChildrenWithinDn(LdapRecord record, String referenceDn, Set<LdapRecord> groupsSet) {
    // default
    boolean rslt = false;
    for (String childKey : record.getKeysOfChildren()) {
        if (childKey.endsWith(referenceDn)) {
            // Make sure the one we found isn't already in the groupsSet;
            // NOTE!... this test takes advantage of the implementation of
            // equals() on LdapRecord, which states that 2 records with the
            // same group key are equal.
            IEntityGroup group = new EntityGroupImpl(childKey, IPerson.class);
            List<String> list = Collections.emptyList();
            LdapRecord proxy = new LdapRecord(group, list);
            if (!groupsSet.contains(proxy)) {
                rslt = true;
                break;
            } else {
                log.trace("Child group is already in collection:  {}", childKey);
            }
        }
    }
    log.trace("Query for children of parent group '{}':  {}", record.getGroup().getLocalKey(), rslt);
    return rslt;
}

Example 44 with IEntityGroup

use of org.apereo.portal.groups.IEntityGroup in project uPortal by Jasig.

the class SmartLdapGroupStore method buildGroupsTree.

private GroupsTree buildGroupsTree() {
    long timestamp = System.currentTimeMillis();
    // Prepare the new local indeces...
    Map<String, IEntityGroup> new_groups = Collections.synchronizedMap(new HashMap<String, IEntityGroup>());
    Map<String, List<String>> new_parents = Collections.synchronizedMap(new HashMap<String, List<String>>());
    Map<String, List<String>> new_children = Collections.synchronizedMap(new HashMap<String, List<String>>());
    Map<String, List<String>> new_keysByUpperCaseName = Collections.synchronizedMap(new HashMap<String, List<String>>());
    // Gather IEntityGroup objects from LDAP...
    RuntimeRequestResponse req = new RuntimeRequestResponse();
    Set<LdapRecord> set = new HashSet<>();
    req.setAttribute("GROUPS", set);
    req.setAttribute("smartLdapGroupStore", this);
    SubQueryCounter queryCounter = new SubQueryCounter();
    req.setAttribute("queryCounter", queryCounter);
    // This one changes iteratively...
    req.setAttribute("filter", filter);
    // while this one stays the same.
    req.setAttribute("baseFilter", filter);
    if (StringUtils.isBlank(baseGroupDn)) {
        throw new IllegalStateException("baseGroupDn property not set");
    }
    req.setAttribute("baseGroupDn", baseGroupDn);
    if (ldapContext == null) {
        throw new IllegalStateException("ldapContext property not set");
    }
    req.setAttribute("ldapContext", ldapContext);
    req.setAttribute("resolveMemberGroups", resolveMemberGroups);
    req.setAttribute("resolveDnList", resolveDnList);
    req.setAttribute("memberOfAttributeName", memberOfAttributeName);
    req.setAttribute("attributesMapper", attributesMapper);
    runner.run(initTask, req);
    log.info("init() found {} records", set.size());
    // Do a first loop to build the main catalog (new_groups)...
    for (LdapRecord r : set) {
        // new_groups (me)...
        IEntityGroup g = r.getGroup();
        new_groups.put(g.getLocalKey(), g);
    }
    // Do a second loop to build local indeces...
    for (LdapRecord r : set) {
        IEntityGroup g = r.getGroup();
        // new_parents (I am a parent for all my children)...
        for (String childKey : r.getKeysOfChildren()) {
            // discard everything else...
            if (!new_groups.containsKey(childKey)) {
                break;
            }
            List<String> parentsList = new_parents.get(childKey);
            if (parentsList == null) {
                // first parent for this child...
                parentsList = Collections.synchronizedList(new LinkedList<String>());
                new_parents.put(childKey, parentsList);
            }
            parentsList.add(g.getLocalKey());
        }
        // new_children...
        List<String> childrenList = Collections.synchronizedList(new LinkedList<String>());
        for (String childKey : r.getKeysOfChildren()) {
            // discard everything else...
            if (new_groups.containsKey(childKey)) {
                childrenList.add(childKey);
            }
        }
        new_children.put(g.getLocalKey(), childrenList);
        // new_keysByUpperCaseName...
        List<String> groupsWithMyName = new_keysByUpperCaseName.get(g.getName().toUpperCase());
        if (groupsWithMyName == null) {
            // I am the first group with my name (pretty likely)...
            groupsWithMyName = Collections.synchronizedList(new LinkedList<String>());
            new_keysByUpperCaseName.put(g.getName().toUpperCase(), groupsWithMyName);
        }
        groupsWithMyName.add(g.getLocalKey());
    }
    /*
         * Now load the ROOT_GROUP into the collections...
         */
    // new_groups (me)...
    final IEntityGroup root = getRootGroup();
    new_groups.put(root.getLocalKey(), root);
    // new_parents (I am a parent for all groups that have no other parent)...
    List<String> childrenOfRoot = // for later...
    Collections.synchronizedList(new LinkedList<String>());
    for (String possibleChildKey : new_groups.keySet()) {
        if (!possibleChildKey.equals(root.getLocalKey()) && !new_parents.containsKey(possibleChildKey)) {
            List<String> p = Collections.synchronizedList(new LinkedList<String>());
            p.add(root.getLocalKey());
            new_parents.put(possibleChildKey, p);
            // for later...
            childrenOfRoot.add(possibleChildKey);
        }
    }
    // new_children...
    new_children.put(root.getLocalKey(), childrenOfRoot);
    // new_keysByUpperCaseName...
    List<String> groupsWithMyName = new_keysByUpperCaseName.get(root.getName().toUpperCase());
    if (groupsWithMyName == null) {
        // I am the first group with my name (pretty likely)...
        groupsWithMyName = Collections.synchronizedList(new LinkedList<String>());
        new_keysByUpperCaseName.put(root.getName().toUpperCase(), groupsWithMyName);
    }
    groupsWithMyName.add(root.getLocalKey());
    final long benchmark = System.currentTimeMillis() - timestamp;
    log.info("Refresh of groups tree completed in {} milliseconds", benchmark);
    log.info("Total number of LDAP queries:  {}", queryCounter.getCount() + 1);
    final String msg = "init() :: final size of each collection is as follows..." + "\n\tgroups={}" + "\n\tparents={}" + "\n\tchildren={}" + "\n\tkeysByUpperCaseName={}";
    log.info(msg, new_groups.size(), new_parents.size(), new_children.size(), new_keysByUpperCaseName.size());
    if (log.isTraceEnabled()) {
        StringBuilder sbuilder = new StringBuilder();
        // new_groups...
        sbuilder.setLength(0);
        sbuilder.append("Here are the keys of the new_groups collection:");
        for (String s : new_groups.keySet()) {
            sbuilder.append("\n\t").append(s);
        }
        log.trace(sbuilder.toString());
        // new_parents...
        sbuilder.setLength(0);
        sbuilder.append("Here are the parents of each child in the new_parents collection:");
        for (Map.Entry<String, List<String>> y : new_parents.entrySet()) {
            sbuilder.append("\n\tchild=").append(y.getKey());
            for (String s : y.getValue()) {
                sbuilder.append("\n\t\tparent=").append(s);
            }
        }
        log.trace(sbuilder.toString());
        // new_children...
        sbuilder.setLength(0);
        sbuilder.append("Here are the children of each parent in the new_children collection:");
        for (Map.Entry<String, List<String>> y : new_children.entrySet()) {
            sbuilder.append("\n\tparent=").append(y.getKey());
            for (String s : y.getValue()) {
                sbuilder.append("\n\t\tchild=").append(s);
            }
        }
        log.trace(sbuilder.toString());
        // new_keysByUpperCaseName...
        sbuilder.append("Here are the groups that have each name in the new_keysByUpperCaseName collection:");
        for (Map.Entry<String, List<String>> y : new_keysByUpperCaseName.entrySet()) {
            sbuilder.append("\n\tname=").append(y.getKey());
            for (String s : y.getValue()) {
                sbuilder.append("\n\t\tgroup=").append(s);
            }
        }
        log.trace(sbuilder.toString());
    }
    return new GroupsTree(new_groups, new_parents, new_children, new_keysByUpperCaseName);
}

Example 45 with IEntityGroup

use of org.apereo.portal.groups.IEntityGroup in project uPortal by Jasig.

the class JpaAggregatedGroupLookupDaoTest method testLoginAggregationLifecycle.

@Test
public void testLoginAggregationLifecycle() throws Exception {
    final IEntityGroup everyoneGroup = mock(IEntityGroup.class);
    when(everyoneGroup.getServiceName()).thenReturn(new CompositeName("local"));
    when(everyoneGroup.getName()).thenReturn("Everyone");
    when(compositeGroupService.findGroup("local.0")).thenReturn(everyoneGroup);
    this.execute(new CallableWithoutResult() {

        @Override
        protected void callWithoutResult() {
            final AggregatedGroupMapping groupMapping = aggregatedGroupLookupDao.getGroupMapping("local.0");
            assertNotNull(groupMapping);
            assertEquals("local", groupMapping.getGroupService());
            assertEquals("Everyone", groupMapping.getGroupName());
        }
    });
    this.execute(new CallableWithoutResult() {

        @Override
        protected void callWithoutResult() {
            final AggregatedGroupMapping groupMapping = aggregatedGroupLookupDao.getGroupMapping("local.0");
            assertNotNull(groupMapping);
            assertEquals("local", groupMapping.getGroupService());
            assertEquals("Everyone", groupMapping.getGroupName());
        }
    });
    this.execute(new CallableWithoutResult() {

        @Override
        protected void callWithoutResult() {
            final AggregatedGroupMapping groupMapping = aggregatedGroupLookupDao.getGroupMapping("local.2");
            assertNotNull(groupMapping);
            assertEquals("local", groupMapping.getGroupService());
            assertEquals("2", groupMapping.getGroupName());
        }
    });
}