Search in sources :

Example 1 with IGroupMember

use of org.apereo.portal.groups.IGroupMember in project uPortal by Jasig.

the class ApiPermissionsService method getAssignmentsForPerson.

@Override
public Set<Assignment> getAssignmentsForPerson(String username, boolean includeInherited) {
    Set<Assignment> rslt = new HashSet<Assignment>();
    if (StringUtils.isBlank(username)) {
        return null;
    }
    IAuthorizationPrincipal authP = this.authorizationService.newPrincipal(username, EntityEnum.PERSON.getClazz());
    // first get the permissions explicitly set for this principal
    IPermission[] directPermissions = permissionStore.select(null, authP.getPrincipalString(), null, null, null);
    for (IPermission permission : directPermissions) {
        if (authP.hasPermission(permission.getOwner(), permission.getActivity(), permission.getTarget())) {
            Assignment a = createAssignment(permission, authP, false);
            if (a != null) {
                rslt.add(a);
            }
        }
    }
    if (includeInherited) {
        IGroupMember member = GroupService.getGroupMember(authP.getKey(), authP.getType());
        for (IEntityGroup parent : member.getAncestorGroups()) {
            IAuthorizationPrincipal parentPrincipal = this.authorizationService.newPrincipal(parent);
            IPermission[] parentPermissions = permissionStore.select(null, parentPrincipal.getPrincipalString(), null, null, null);
            for (IPermission permission : parentPermissions) {
                if (authP.hasPermission(permission.getOwner(), permission.getActivity(), permission.getTarget())) {
                    Assignment a = createAssignment(permission, authP, true);
                    if (a != null) {
                        rslt.add(a);
                    }
                }
            }
        }
    }
    return rslt;
}
Also used : IEntityGroup(org.apereo.portal.groups.IEntityGroup) IGroupMember(org.apereo.portal.groups.IGroupMember) IPermission(org.apereo.portal.security.IPermission) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal) HashSet(java.util.HashSet)

Example 2 with IGroupMember

use of org.apereo.portal.groups.IGroupMember in project uPortal by Jasig.

the class PermissionsRESTController method getAssignmentsOnTarget.

@PreAuthorize("hasPermission('ALL', 'java.lang.String', new org.apereo.portal.spring.security.evaluator.AuthorizableActivity('UP_PERMISSIONS', 'VIEW_PERMISSIONS'))")
@RequestMapping("/assignments/target/{target}.json")
public ModelAndView getAssignmentsOnTarget(@PathVariable("target") String target, @RequestParam(value = "includeInherited", required = false) boolean includeInherited, HttpServletRequest request, HttpServletResponse response) {
    Set<UniquePermission> directAssignments = new HashSet<UniquePermission>();
    // first get the permissions explicitly set for this principal
    IPermission[] directPermissions = permissionStore.select(null, null, null, target, null);
    for (IPermission permission : directPermissions) {
        directAssignments.add(new UniquePermission(permission.getOwner(), permission.getActivity(), permission.getPrincipal(), false));
    }
    JsonEntityBean entity = groupListHelper.getEntityForPrincipal(target);
    Set<UniquePermission> inheritedAssignments = new HashSet<UniquePermission>();
    List<JsonPermission> permissions = new ArrayList<JsonPermission>();
    if (entity != null) {
        IAuthorizationPrincipal p = this.authorizationService.newPrincipal(entity.getId(), entity.getEntityType().getClazz());
        if (includeInherited) {
            IGroupMember member = GroupService.getGroupMember(p.getKey(), p.getType());
            for (IEntityGroup parent : member.getAncestorGroups()) {
                IAuthorizationPrincipal parentPrincipal = this.authorizationService.newPrincipal(parent);
                IPermission[] parentPermissions = permissionStore.select(null, null, null, parentPrincipal.getKey(), null);
                for (IPermission permission : parentPermissions) {
                    inheritedAssignments.add(new UniquePermission(permission.getOwner(), permission.getActivity(), permission.getPrincipal(), true));
                }
            }
        }
        for (UniquePermission permission : directAssignments) {
            JsonEntityBean e = groupListHelper.getEntityForPrincipal(permission.getIdentifier());
            Class<?> clazz;
            EntityEnum entityType = EntityEnum.getEntityEnum(e.getEntityTypeAsString());
            if (entityType.isGroup()) {
                clazz = IEntityGroup.class;
            } else {
                clazz = entityType.getClazz();
            }
            IAuthorizationPrincipal principal = this.authorizationService.newPrincipal(e.getId(), clazz);
            if (principal.hasPermission(permission.getOwner(), permission.getActivity(), p.getKey())) {
                permissions.add(getPermissionOnTarget(permission, entity));
            }
        }
        for (UniquePermission permission : inheritedAssignments) {
            JsonEntityBean e = groupListHelper.getEntityForPrincipal(permission.getIdentifier());
            Class<?> clazz;
            EntityEnum entityType = EntityEnum.getEntityEnum(e.getEntityTypeAsString());
            if (entityType.isGroup()) {
                clazz = IEntityGroup.class;
            } else {
                clazz = entityType.getClazz();
            }
            IAuthorizationPrincipal principal = this.authorizationService.newPrincipal(e.getId(), clazz);
            if (principal.hasPermission(permission.getOwner(), permission.getActivity(), p.getKey())) {
                permissions.add(getPermissionOnTarget(permission, entity));
            }
        }
        Collections.sort(permissions);
    }
    ModelAndView mv = new ModelAndView();
    mv.addObject("assignments", permissions);
    mv.setViewName("json");
    return mv;
}
Also used : EntityEnum(org.apereo.portal.portlets.groupselector.EntityEnum) ArrayList(java.util.ArrayList) ModelAndView(org.springframework.web.servlet.ModelAndView) IEntityGroup(org.apereo.portal.groups.IEntityGroup) IGroupMember(org.apereo.portal.groups.IGroupMember) JsonEntityBean(org.apereo.portal.layout.dlm.remoting.JsonEntityBean) IPermission(org.apereo.portal.security.IPermission) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal) HashSet(java.util.HashSet) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 3 with IGroupMember

use of org.apereo.portal.groups.IGroupMember in project uPortal by Jasig.

the class RDBMUserIdentityStore method addNewUser.

protected int addNewUser(final int newUID, final IPerson person, final TemplateUser templateUser) throws Exception {
    // Copy template user's groups memberships
    IGroupMember me = GroupService.getGroupMember(person.getEntityIdentifier());
    IGroupMember template = GroupService.getEntity(templateUser.getUserName(), Class.forName("org.apereo.portal.security.IPerson"));
    for (IEntityGroup eg : template.getParentGroups()) {
        ILockableEntityGroup leg = getSafeLockableGroup(eg, me);
        if (leg != null) {
            addPersonToGroup(person, me, leg);
        }
    }
    return this.transactionOperations.execute(new TransactionCallback<Integer>() {

        @Override
        public Integer doInTransaction(TransactionStatus status) {
            return jdbcOperations.execute(new ConnectionCallback<Integer>() {

                @Override
                public Integer doInConnection(Connection con) throws SQLException, DataAccessException {
                    int uPortalUID = -1;
                    PreparedStatement queryStmt = null;
                    PreparedStatement insertStmt = null;
                    try {
                        // Add to UP_USER
                        String insert = "INSERT INTO UP_USER (USER_ID, USER_NAME, USER_DFLT_USR_ID, USER_DFLT_LAY_ID, NEXT_STRUCT_ID, LST_CHAN_UPDT_DT)" + "VALUES (?, ?, ?, ?, null, null)";
                        String userName = person.getUserName();
                        insertStmt = con.prepareStatement(insert);
                        insertStmt.setInt(1, newUID);
                        insertStmt.setString(2, userName);
                        insertStmt.setInt(3, templateUser.getUserId());
                        insertStmt.setInt(4, templateUser.getDefaultLayoutId());
                        if (log.isDebugEnabled())
                            log.debug("RDBMUserIdentityStore::addNewUser(USER_ID=" + newUID + ", USER_NAME=" + userName + ", USER_DFLT_USR_ID=" + templateUser.getUserId() + ", USER_DFLT_LAY_ID=" + templateUser.getDefaultLayoutId() + "): " + insert);
                        insertStmt.executeUpdate();
                        insertStmt.close();
                        insertStmt = null;
                        // Start copying...
                        ResultSet rs = null;
                        String query = null;
                        try {
                            // Add to UP_USER_PROFILE
                            query = "SELECT USER_ID, PROFILE_FNAME, PROFILE_NAME, DESCRIPTION, " + "STRUCTURE_SS_ID, THEME_SS_ID " + "FROM UP_USER_PROFILE " + "WHERE USER_ID=?";
                            queryStmt = con.prepareStatement(query);
                            queryStmt.setInt(1, templateUser.getUserId());
                            if (log.isDebugEnabled())
                                log.debug("RDBMUserIdentityStore::addNewUser(USER_ID=" + templateUser.getUserId() + "): " + query);
                            rs = queryStmt.executeQuery();
                            insert = "INSERT INTO UP_USER_PROFILE (USER_ID, PROFILE_ID, PROFILE_FNAME, PROFILE_NAME, DESCRIPTION, LAYOUT_ID, STRUCTURE_SS_ID, THEME_SS_ID) " + "VALUES(?, ?, ?, ?, ?, NULL, ?, ?)";
                            insertStmt = con.prepareStatement(insert);
                            while (rs.next()) {
                                int id = getNextKey();
                                String profileFname = rs.getString("PROFILE_FNAME");
                                String profileName = rs.getString("PROFILE_NAME");
                                String description = rs.getString("DESCRIPTION");
                                int structure = rs.getInt("STRUCTURE_SS_ID");
                                int theme = rs.getInt("THEME_SS_ID");
                                insertStmt.setInt(1, newUID);
                                insertStmt.setInt(2, id);
                                insertStmt.setString(3, profileFname);
                                insertStmt.setString(4, profileName);
                                insertStmt.setString(5, description);
                                insertStmt.setInt(6, structure);
                                insertStmt.setInt(7, theme);
                                if (log.isDebugEnabled())
                                    log.debug("RDBMUserIdentityStore::addNewUser(USER_ID=" + newUID + ", PROFILE_FNAME=" + profileFname + ", PROFILE_NAME=" + profileName + ", DESCRIPTION=" + description + "): " + insert);
                                insertStmt.executeUpdate();
                            }
                            rs.close();
                            queryStmt.close();
                            if (insertStmt != null) {
                                insertStmt.close();
                                insertStmt = null;
                            }
                            // transaction
                            if (RDBMServices.getDbMetaData().supportsTransactions())
                                con.commit();
                            uPortalUID = newUID;
                        } finally {
                            try {
                                if (rs != null)
                                    rs.close();
                            } catch (Exception e) {
                            }
                        }
                    } finally {
                        try {
                            if (queryStmt != null)
                                queryStmt.close();
                        } catch (Exception e) {
                        }
                        try {
                            if (insertStmt != null)
                                insertStmt.close();
                        } catch (Exception e) {
                        }
                    }
                    return uPortalUID;
                }
            });
        }
    });
}
Also used : Connection(java.sql.Connection) ILockableEntityGroup(org.apereo.portal.groups.ILockableEntityGroup) TransactionStatus(org.springframework.transaction.TransactionStatus) PreparedStatement(java.sql.PreparedStatement) DataAccessException(org.springframework.dao.DataAccessException) SQLException(java.sql.SQLException) IEntityGroup(org.apereo.portal.groups.IEntityGroup) IGroupMember(org.apereo.portal.groups.IGroupMember) ResultSet(java.sql.ResultSet) ConnectionCallback(org.springframework.jdbc.core.ConnectionCallback)

Example 4 with IGroupMember

use of org.apereo.portal.groups.IGroupMember in project uPortal by Jasig.

the class RDBMUserIdentityStore method updateUser.

protected void updateUser(final int userId, final IPerson person, final TemplateUser templateUser) throws Exception {
    // Remove my existing group memberships
    IGroupMember me = GroupService.getGroupMember(person.getEntityIdentifier());
    for (IEntityGroup eg : me.getParentGroups()) {
        ILockableEntityGroup leg = getSafeLockableGroup(eg, me);
        if (leg != null) {
            removePersonFromGroup(person, me, leg);
        }
    }
    // Copy template user's groups memberships
    IGroupMember template = GroupService.getEntity(templateUser.getUserName(), IPerson.class);
    for (IEntityGroup eg : template.getParentGroups()) {
        ILockableEntityGroup leg = getSafeLockableGroup(eg, me);
        if (leg != null) {
            addPersonToGroup(person, me, leg);
        }
    }
    this.transactionOperations.execute(new TransactionCallback<Object>() {

        @Override
        public Object doInTransaction(TransactionStatus status) {
            return jdbcOperations.execute(new ConnectionCallback<Object>() {

                @Override
                public Object doInConnection(Connection con) throws SQLException, DataAccessException {
                    PreparedStatement deleteStmt = null;
                    PreparedStatement queryStmt = null;
                    PreparedStatement insertStmt = null;
                    try {
                        // Update UP_USER
                        String update = "UPDATE UP_USER " + "SET USER_DFLT_USR_ID=?, " + "USER_DFLT_LAY_ID=?, " + "NEXT_STRUCT_ID=null " + "WHERE USER_ID=?";
                        insertStmt = con.prepareStatement(update);
                        insertStmt.setInt(1, templateUser.getUserId());
                        insertStmt.setInt(2, templateUser.getDefaultLayoutId());
                        insertStmt.setInt(3, userId);
                        if (log.isDebugEnabled())
                            log.debug("RDBMUserIdentityStore::addNewUser(): " + update);
                        insertStmt.executeUpdate();
                        insertStmt.close();
                        // Start copying...
                        ResultSet rs = null;
                        String delete = null;
                        String query = null;
                        String insert = null;
                        try {
                            // Update UP_USER_PROFILE
                            delete = "DELETE FROM UP_USER_PROFILE " + "WHERE USER_ID=?";
                            deleteStmt = con.prepareStatement(delete);
                            deleteStmt.setInt(1, userId);
                            if (log.isDebugEnabled())
                                log.debug("RDBMUserIdentityStore::updateUser(USER_ID=" + userId + "): " + delete);
                            deleteStmt.executeUpdate();
                            deleteStmt.close();
                            query = "SELECT USER_ID, PROFILE_FNAME, PROFILE_NAME, DESCRIPTION, " + "STRUCTURE_SS_ID, THEME_SS_ID " + "FROM UP_USER_PROFILE " + "WHERE USER_ID=?";
                            queryStmt = con.prepareStatement(query);
                            queryStmt.setInt(1, templateUser.getUserId());
                            if (log.isDebugEnabled())
                                log.debug("RDBMUserIdentityStore::updateUser(USER_ID=" + templateUser.getUserId() + "): " + query);
                            rs = queryStmt.executeQuery();
                            insert = "INSERT INTO UP_USER_PROFILE (USER_ID, PROFILE_ID, PROFILE_FNAME, PROFILE_NAME, DESCRIPTION, LAYOUT_ID, STRUCTURE_SS_ID, THEME_SS_ID) " + "VALUES(?, ?, ?, ?, ?, NULL, ?, ?)";
                            insertStmt = con.prepareStatement(insert);
                            while (rs.next()) {
                                int id = getNextKey();
                                String profileFname = rs.getString("PROFILE_FNAME");
                                String profileName = rs.getString("PROFILE_NAME");
                                String description = rs.getString("DESCRIPTION");
                                int structure = rs.getInt("STRUCTURE_SS_ID");
                                int theme = rs.getInt("THEME_SS_ID");
                                insertStmt.setInt(1, userId);
                                insertStmt.setInt(2, id);
                                insertStmt.setString(3, profileFname);
                                insertStmt.setString(4, profileName);
                                insertStmt.setString(5, description);
                                insertStmt.setInt(6, structure);
                                insertStmt.setInt(7, theme);
                                if (log.isDebugEnabled())
                                    log.debug("RDBMUserIdentityStore::updateUser(USER_ID=" + userId + ", PROFILE_FNAME=" + profileFname + ", PROFILE_NAME=" + profileName + ", DESCRIPTION=" + description + "): " + insert);
                                insertStmt.executeUpdate();
                            }
                            rs.close();
                            queryStmt.close();
                            insertStmt.close();
                            // transaction
                            if (RDBMServices.getDbMetaData().supportsTransactions())
                                con.commit();
                        } finally {
                            try {
                                rs.close();
                            } catch (Exception e) {
                            }
                        }
                    } finally {
                        try {
                            deleteStmt.close();
                        } catch (Exception e) {
                        }
                        try {
                            queryStmt.close();
                        } catch (Exception e) {
                        }
                        try {
                            insertStmt.close();
                        } catch (Exception e) {
                        }
                    }
                    return null;
                }
            });
        }
    });
}
Also used : Connection(java.sql.Connection) ILockableEntityGroup(org.apereo.portal.groups.ILockableEntityGroup) TransactionStatus(org.springframework.transaction.TransactionStatus) PreparedStatement(java.sql.PreparedStatement) DataAccessException(org.springframework.dao.DataAccessException) SQLException(java.sql.SQLException) IEntityGroup(org.apereo.portal.groups.IEntityGroup) IGroupMember(org.apereo.portal.groups.IGroupMember) ResultSet(java.sql.ResultSet) SerializableObject(org.apereo.portal.utils.SerializableObject) ConnectionCallback(org.springframework.jdbc.core.ConnectionCallback)

Example 5 with IGroupMember

use of org.apereo.portal.groups.IGroupMember in project uPortal by Jasig.

the class PortletDefinitionImporterExporter method savePortletDefinition.

/**
     * Save a portlet definition.
     *
     * @param definition the portlet definition
     * @param publisher the person publishing the portlet
     * @param categories the list of categories for the portlet
     * @param permissionMap a map of permission name -> list of groups who are granted that
     *     permission (Note: for now, only grant is supported and only for the FRAMEWORK_OWNER perm
     *     manager)
     */
private IPortletDefinition savePortletDefinition(IPortletDefinition definition, IPerson publisher, List<PortletCategory> categories, Map<ExternalPermissionDefinition, Set<IGroupMember>> permissionMap) {
    boolean newChannel = (definition.getPortletDefinitionId() == null);
    // save the channel
    definition = portletDefinitionDao.savePortletDefinition(definition);
    definition = portletDefinitionDao.getPortletDefinitionByFname(definition.getFName());
    final String defId = definition.getPortletDefinitionId().getStringId();
    final IEntity portletDefEntity = GroupService.getEntity(defId, IPortletDefinition.class);
    //The groups service needs to deal with concurrent modification better.
    synchronized (this.groupUpdateLock) {
        // Delete existing category memberships for this channel
        if (!newChannel) {
            for (IEntityGroup group : portletDefEntity.getAncestorGroups()) {
                group.removeChild(portletDefEntity);
                group.update();
            }
        }
        // For each category ID, add channel to category
        for (PortletCategory category : categories) {
            final IEntityGroup categoryGroup = GroupService.findGroup(category.getId());
            categoryGroup.addChild(portletDefEntity);
            categoryGroup.updateMembers();
        }
        // Set groups
        final AuthorizationService authService = AuthorizationService.instance();
        final String target = PermissionHelper.permissionTargetIdForPortletDefinition(definition);
        // Loop over the affected permission managers...
        Map<String, Collection<ExternalPermissionDefinition>> permissionsBySystem = getPermissionsBySystem(permissionMap.keySet());
        for (String system : permissionsBySystem.keySet()) {
            Collection<ExternalPermissionDefinition> systemPerms = permissionsBySystem.get(system);
            // get the permission manager for this system...
            final IUpdatingPermissionManager upm = authService.newUpdatingPermissionManager(system);
            final List<IPermission> permissions = new ArrayList<>();
            // add activity grants for each permission..
            for (ExternalPermissionDefinition permissionDef : systemPerms) {
                Set<IGroupMember> members = permissionMap.get(permissionDef);
                for (final IGroupMember member : members) {
                    final IAuthorizationPrincipal authPrincipal = authService.newPrincipal(member);
                    final IPermission permEntity = upm.newPermission(authPrincipal);
                    permEntity.setType(IPermission.PERMISSION_TYPE_GRANT);
                    permEntity.setActivity(permissionDef.getActivity());
                    permEntity.setTarget(target);
                    permissions.add(permEntity);
                }
            }
            // If modifying the channel, remove the existing permissions before adding the new ones
            if (!newChannel) {
                for (ExternalPermissionDefinition permissionName : permissionMap.keySet()) {
                    IPermission[] oldPermissions = upm.getPermissions(permissionName.getActivity(), target);
                    upm.removePermissions(oldPermissions);
                }
            }
            upm.addPermissions(permissions.toArray(new IPermission[permissions.size()]));
        }
    }
    if (logger.isDebugEnabled()) {
        logger.debug("Portlet " + defId + " has been " + (newChannel ? "published" : "modified") + ".");
    }
    return definition;
}
Also used : IEntity(org.apereo.portal.groups.IEntity) ArrayList(java.util.ArrayList) IEntityGroup(org.apereo.portal.groups.IEntityGroup) IGroupMember(org.apereo.portal.groups.IGroupMember) AuthorizationService(org.apereo.portal.services.AuthorizationService) IPermission(org.apereo.portal.security.IPermission) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal) Collection(java.util.Collection) ExternalPermissionDefinition(org.apereo.portal.io.xml.portlettype.ExternalPermissionDefinition) PortletCategory(org.apereo.portal.portlet.om.PortletCategory) IUpdatingPermissionManager(org.apereo.portal.security.IUpdatingPermissionManager)

Aggregations

IGroupMember (org.apereo.portal.groups.IGroupMember)58 IEntityGroup (org.apereo.portal.groups.IEntityGroup)33 HashSet (java.util.HashSet)20 IAuthorizationPrincipal (org.apereo.portal.security.IAuthorizationPrincipal)16 ArrayList (java.util.ArrayList)14 EntityIdentifier (org.apereo.portal.EntityIdentifier)13 EntityEnum (org.apereo.portal.portlets.groupselector.EntityEnum)13 JsonEntityBean (org.apereo.portal.layout.dlm.remoting.JsonEntityBean)10 IPermission (org.apereo.portal.security.IPermission)9 PortletCategory (org.apereo.portal.portlet.om.PortletCategory)7 GroupsException (org.apereo.portal.groups.GroupsException)6 IPerson (org.apereo.portal.security.IPerson)6 HashMap (java.util.HashMap)4 IEntity (org.apereo.portal.groups.IEntity)4 ExternalPermissionDefinition (org.apereo.portal.io.xml.portlettype.ExternalPermissionDefinition)4 Element (net.sf.ehcache.Element)3 IPortletDefinition (org.apereo.portal.portlet.om.IPortletDefinition)3 AuthorizationServiceFacade (org.apereo.portal.services.AuthorizationServiceFacade)3 GcGetMembers (edu.internet2.middleware.grouperClient.api.GcGetMembers)2 WsGetMembersResults (edu.internet2.middleware.grouperClient.ws.beans.WsGetMembersResults)2