Example 1 with IGroupMember
use of org.apereo.portal.groups.IGroupMember in project uPortal by Jasig.
the class ApiPermissionsService method getAssignmentsForPerson.
@Override
public Set<Assignment> getAssignmentsForPerson(String username, boolean includeInherited) {
Set<Assignment> rslt = new HashSet<Assignment>();
if (StringUtils.isBlank(username)) {
return null;
}
IAuthorizationPrincipal authP = this.authorizationService.newPrincipal(username, EntityEnum.PERSON.getClazz());
// first get the permissions explicitly set for this principal
IPermission[] directPermissions = permissionStore.select(null, authP.getPrincipalString(), null, null, null);
for (IPermission permission : directPermissions) {
if (authP.hasPermission(permission.getOwner(), permission.getActivity(), permission.getTarget())) {
Assignment a = createAssignment(permission, authP, false);
if (a != null) {
rslt.add(a);
}
}
}
if (includeInherited) {
IGroupMember member = GroupService.getGroupMember(authP.getKey(), authP.getType());
for (IEntityGroup parent : member.getAncestorGroups()) {
IAuthorizationPrincipal parentPrincipal = this.authorizationService.newPrincipal(parent);
IPermission[] parentPermissions = permissionStore.select(null, parentPrincipal.getPrincipalString(), null, null, null);
for (IPermission permission : parentPermissions) {
if (authP.hasPermission(permission.getOwner(), permission.getActivity(), permission.getTarget())) {
Assignment a = createAssignment(permission, authP, true);
if (a != null) {
rslt.add(a);
}
}
}
}
}
return rslt;
}
Also used :
IEntityGroup(org.apereo.portal.groups.IEntityGroup)
IGroupMember(org.apereo.portal.groups.IGroupMember)
IPermission(org.apereo.portal.security.IPermission)
IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)
HashSet(java.util.HashSet)
Example 2 with IGroupMember
use of org.apereo.portal.groups.IGroupMember in project uPortal by Jasig.
the class PermissionsRESTController method getAssignmentsOnTarget.
@PreAuthorize("hasPermission('ALL', 'java.lang.String', new org.apereo.portal.spring.security.evaluator.AuthorizableActivity('UP_PERMISSIONS', 'VIEW_PERMISSIONS'))")
@RequestMapping("/assignments/target/{target}.json")
public ModelAndView getAssignmentsOnTarget(@PathVariable("target") String target, @RequestParam(value = "includeInherited", required = false) boolean includeInherited, HttpServletRequest request, HttpServletResponse response) {
Set<UniquePermission> directAssignments = new HashSet<UniquePermission>();
// first get the permissions explicitly set for this principal
IPermission[] directPermissions = permissionStore.select(null, null, null, target, null);
for (IPermission permission : directPermissions) {
directAssignments.add(new UniquePermission(permission.getOwner(), permission.getActivity(), permission.getPrincipal(), false));
}
JsonEntityBean entity = groupListHelper.getEntityForPrincipal(target);
Set<UniquePermission> inheritedAssignments = new HashSet<UniquePermission>();
List<JsonPermission> permissions = new ArrayList<JsonPermission>();
if (entity != null) {
IAuthorizationPrincipal p = this.authorizationService.newPrincipal(entity.getId(), entity.getEntityType().getClazz());
if (includeInherited) {
IGroupMember member = GroupService.getGroupMember(p.getKey(), p.getType());
for (IEntityGroup parent : member.getAncestorGroups()) {
IAuthorizationPrincipal parentPrincipal = this.authorizationService.newPrincipal(parent);
IPermission[] parentPermissions = permissionStore.select(null, null, null, parentPrincipal.getKey(), null);
for (IPermission permission : parentPermissions) {
inheritedAssignments.add(new UniquePermission(permission.getOwner(), permission.getActivity(), permission.getPrincipal(), true));
}
}
}
for (UniquePermission permission : directAssignments) {
JsonEntityBean e = groupListHelper.getEntityForPrincipal(permission.getIdentifier());
Class<?> clazz;
EntityEnum entityType = EntityEnum.getEntityEnum(e.getEntityTypeAsString());
if (entityType.isGroup()) {
clazz = IEntityGroup.class;
} else {
clazz = entityType.getClazz();
}
IAuthorizationPrincipal principal = this.authorizationService.newPrincipal(e.getId(), clazz);
if (principal.hasPermission(permission.getOwner(), permission.getActivity(), p.getKey())) {
permissions.add(getPermissionOnTarget(permission, entity));
}
}
for (UniquePermission permission : inheritedAssignments) {
JsonEntityBean e = groupListHelper.getEntityForPrincipal(permission.getIdentifier());
Class<?> clazz;
EntityEnum entityType = EntityEnum.getEntityEnum(e.getEntityTypeAsString());
if (entityType.isGroup()) {
clazz = IEntityGroup.class;
} else {
clazz = entityType.getClazz();
}
IAuthorizationPrincipal principal = this.authorizationService.newPrincipal(e.getId(), clazz);
if (principal.hasPermission(permission.getOwner(), permission.getActivity(), p.getKey())) {
permissions.add(getPermissionOnTarget(permission, entity));
}
}
Collections.sort(permissions);
}
ModelAndView mv = new ModelAndView();
mv.addObject("assignments", permissions);
mv.setViewName("json");
return mv;
}
Also used :
EntityEnum(org.apereo.portal.portlets.groupselector.EntityEnum)
ArrayList(java.util.ArrayList)
ModelAndView(org.springframework.web.servlet.ModelAndView)
IEntityGroup(org.apereo.portal.groups.IEntityGroup)
IGroupMember(org.apereo.portal.groups.IGroupMember)
JsonEntityBean(org.apereo.portal.layout.dlm.remoting.JsonEntityBean)
IPermission(org.apereo.portal.security.IPermission)
IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)
HashSet(java.util.HashSet)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 3 with IGroupMember
use of org.apereo.portal.groups.IGroupMember in project uPortal by Jasig.
the class RDBMUserIdentityStore method addNewUser.
protected int addNewUser(final int newUID, final IPerson person, final TemplateUser templateUser) throws Exception {
// Copy template user's groups memberships
IGroupMember me = GroupService.getGroupMember(person.getEntityIdentifier());
IGroupMember template = GroupService.getEntity(templateUser.getUserName(), Class.forName("org.apereo.portal.security.IPerson"));
for (IEntityGroup eg : template.getParentGroups()) {
ILockableEntityGroup leg = getSafeLockableGroup(eg, me);
if (leg != null) {
addPersonToGroup(person, me, leg);
}
}
return this.transactionOperations.execute(new TransactionCallback<Integer>() {
@Override
public Integer doInTransaction(TransactionStatus status) {
return jdbcOperations.execute(new ConnectionCallback<Integer>() {
@Override
public Integer doInConnection(Connection con) throws SQLException, DataAccessException {
int uPortalUID = -1;
PreparedStatement queryStmt = null;
PreparedStatement insertStmt = null;
try {
// Add to UP_USER
String insert = "INSERT INTO UP_USER (USER_ID, USER_NAME, USER_DFLT_USR_ID, USER_DFLT_LAY_ID, NEXT_STRUCT_ID, LST_CHAN_UPDT_DT)" + "VALUES (?, ?, ?, ?, null, null)";
String userName = person.getUserName();
insertStmt = con.prepareStatement(insert);
insertStmt.setInt(1, newUID);
insertStmt.setString(2, userName);
insertStmt.setInt(3, templateUser.getUserId());
insertStmt.setInt(4, templateUser.getDefaultLayoutId());
if (log.isDebugEnabled())
log.debug("RDBMUserIdentityStore::addNewUser(USER_ID=" + newUID + ", USER_NAME=" + userName + ", USER_DFLT_USR_ID=" + templateUser.getUserId() + ", USER_DFLT_LAY_ID=" + templateUser.getDefaultLayoutId() + "): " + insert);
insertStmt.executeUpdate();
insertStmt.close();
insertStmt = null;
// Start copying...
ResultSet rs = null;
String query = null;
try {
// Add to UP_USER_PROFILE
query = "SELECT USER_ID, PROFILE_FNAME, PROFILE_NAME, DESCRIPTION, " + "STRUCTURE_SS_ID, THEME_SS_ID " + "FROM UP_USER_PROFILE " + "WHERE USER_ID=?";
queryStmt = con.prepareStatement(query);
queryStmt.setInt(1, templateUser.getUserId());
if (log.isDebugEnabled())
log.debug("RDBMUserIdentityStore::addNewUser(USER_ID=" + templateUser.getUserId() + "): " + query);
rs = queryStmt.executeQuery();
insert = "INSERT INTO UP_USER_PROFILE (USER_ID, PROFILE_ID, PROFILE_FNAME, PROFILE_NAME, DESCRIPTION, LAYOUT_ID, STRUCTURE_SS_ID, THEME_SS_ID) " + "VALUES(?, ?, ?, ?, ?, NULL, ?, ?)";
insertStmt = con.prepareStatement(insert);
while (rs.next()) {
int id = getNextKey();
String profileFname = rs.getString("PROFILE_FNAME");
String profileName = rs.getString("PROFILE_NAME");
String description = rs.getString("DESCRIPTION");
int structure = rs.getInt("STRUCTURE_SS_ID");
int theme = rs.getInt("THEME_SS_ID");
insertStmt.setInt(1, newUID);
insertStmt.setInt(2, id);
insertStmt.setString(3, profileFname);
insertStmt.setString(4, profileName);
insertStmt.setString(5, description);
insertStmt.setInt(6, structure);
insertStmt.setInt(7, theme);
if (log.isDebugEnabled())
log.debug("RDBMUserIdentityStore::addNewUser(USER_ID=" + newUID + ", PROFILE_FNAME=" + profileFname + ", PROFILE_NAME=" + profileName + ", DESCRIPTION=" + description + "): " + insert);
insertStmt.executeUpdate();
}
rs.close();
queryStmt.close();
if (insertStmt != null) {
insertStmt.close();
insertStmt = null;
}
// transaction
if (RDBMServices.getDbMetaData().supportsTransactions())
con.commit();
uPortalUID = newUID;
} finally {
try {
if (rs != null)
rs.close();
} catch (Exception e) {
}
}
} finally {
try {
if (queryStmt != null)
queryStmt.close();
} catch (Exception e) {
}
try {
if (insertStmt != null)
insertStmt.close();
} catch (Exception e) {
}
}
return uPortalUID;
}
});
}
});
}
Also used :
Connection(java.sql.Connection)
ILockableEntityGroup(org.apereo.portal.groups.ILockableEntityGroup)
TransactionStatus(org.springframework.transaction.TransactionStatus)
PreparedStatement(java.sql.PreparedStatement)
DataAccessException(org.springframework.dao.DataAccessException)
SQLException(java.sql.SQLException)
IEntityGroup(org.apereo.portal.groups.IEntityGroup)
IGroupMember(org.apereo.portal.groups.IGroupMember)
ResultSet(java.sql.ResultSet)
ConnectionCallback(org.springframework.jdbc.core.ConnectionCallback)
Example 4 with IGroupMember
use of org.apereo.portal.groups.IGroupMember in project uPortal by Jasig.
the class RDBMUserIdentityStore method updateUser.
protected void updateUser(final int userId, final IPerson person, final TemplateUser templateUser) throws Exception {
// Remove my existing group memberships
IGroupMember me = GroupService.getGroupMember(person.getEntityIdentifier());
for (IEntityGroup eg : me.getParentGroups()) {
ILockableEntityGroup leg = getSafeLockableGroup(eg, me);
if (leg != null) {
removePersonFromGroup(person, me, leg);
}
}
// Copy template user's groups memberships
IGroupMember template = GroupService.getEntity(templateUser.getUserName(), IPerson.class);
for (IEntityGroup eg : template.getParentGroups()) {
ILockableEntityGroup leg = getSafeLockableGroup(eg, me);
if (leg != null) {
addPersonToGroup(person, me, leg);
}
}
this.transactionOperations.execute(new TransactionCallback<Object>() {
@Override
public Object doInTransaction(TransactionStatus status) {
return jdbcOperations.execute(new ConnectionCallback<Object>() {
@Override
public Object doInConnection(Connection con) throws SQLException, DataAccessException {
PreparedStatement deleteStmt = null;
PreparedStatement queryStmt = null;
PreparedStatement insertStmt = null;
try {
// Update UP_USER
String update = "UPDATE UP_USER " + "SET USER_DFLT_USR_ID=?, " + "USER_DFLT_LAY_ID=?, " + "NEXT_STRUCT_ID=null " + "WHERE USER_ID=?";
insertStmt = con.prepareStatement(update);
insertStmt.setInt(1, templateUser.getUserId());
insertStmt.setInt(2, templateUser.getDefaultLayoutId());
insertStmt.setInt(3, userId);
if (log.isDebugEnabled())
log.debug("RDBMUserIdentityStore::addNewUser(): " + update);
insertStmt.executeUpdate();
insertStmt.close();
// Start copying...
ResultSet rs = null;
String delete = null;
String query = null;
String insert = null;
try {
// Update UP_USER_PROFILE
delete = "DELETE FROM UP_USER_PROFILE " + "WHERE USER_ID=?";
deleteStmt = con.prepareStatement(delete);
deleteStmt.setInt(1, userId);
if (log.isDebugEnabled())
log.debug("RDBMUserIdentityStore::updateUser(USER_ID=" + userId + "): " + delete);
deleteStmt.executeUpdate();
deleteStmt.close();
query = "SELECT USER_ID, PROFILE_FNAME, PROFILE_NAME, DESCRIPTION, " + "STRUCTURE_SS_ID, THEME_SS_ID " + "FROM UP_USER_PROFILE " + "WHERE USER_ID=?";
queryStmt = con.prepareStatement(query);
queryStmt.setInt(1, templateUser.getUserId());
if (log.isDebugEnabled())
log.debug("RDBMUserIdentityStore::updateUser(USER_ID=" + templateUser.getUserId() + "): " + query);
rs = queryStmt.executeQuery();
insert = "INSERT INTO UP_USER_PROFILE (USER_ID, PROFILE_ID, PROFILE_FNAME, PROFILE_NAME, DESCRIPTION, LAYOUT_ID, STRUCTURE_SS_ID, THEME_SS_ID) " + "VALUES(?, ?, ?, ?, ?, NULL, ?, ?)";
insertStmt = con.prepareStatement(insert);
while (rs.next()) {
int id = getNextKey();
String profileFname = rs.getString("PROFILE_FNAME");
String profileName = rs.getString("PROFILE_NAME");
String description = rs.getString("DESCRIPTION");
int structure = rs.getInt("STRUCTURE_SS_ID");
int theme = rs.getInt("THEME_SS_ID");
insertStmt.setInt(1, userId);
insertStmt.setInt(2, id);
insertStmt.setString(3, profileFname);
insertStmt.setString(4, profileName);
insertStmt.setString(5, description);
insertStmt.setInt(6, structure);
insertStmt.setInt(7, theme);
if (log.isDebugEnabled())
log.debug("RDBMUserIdentityStore::updateUser(USER_ID=" + userId + ", PROFILE_FNAME=" + profileFname + ", PROFILE_NAME=" + profileName + ", DESCRIPTION=" + description + "): " + insert);
insertStmt.executeUpdate();
}
rs.close();
queryStmt.close();
insertStmt.close();
// transaction
if (RDBMServices.getDbMetaData().supportsTransactions())
con.commit();
} finally {
try {
rs.close();
} catch (Exception e) {
}
}
} finally {
try {
deleteStmt.close();
} catch (Exception e) {
}
try {
queryStmt.close();
} catch (Exception e) {
}
try {
insertStmt.close();
} catch (Exception e) {
}
}
return null;
}
});
}
});
}
Also used :
Connection(java.sql.Connection)
ILockableEntityGroup(org.apereo.portal.groups.ILockableEntityGroup)
TransactionStatus(org.springframework.transaction.TransactionStatus)
PreparedStatement(java.sql.PreparedStatement)
DataAccessException(org.springframework.dao.DataAccessException)
SQLException(java.sql.SQLException)
IEntityGroup(org.apereo.portal.groups.IEntityGroup)
IGroupMember(org.apereo.portal.groups.IGroupMember)
ResultSet(java.sql.ResultSet)
SerializableObject(org.apereo.portal.utils.SerializableObject)
ConnectionCallback(org.springframework.jdbc.core.ConnectionCallback)
Example 5 with IGroupMember
use of org.apereo.portal.groups.IGroupMember in project uPortal by Jasig.
the class PortletDefinitionImporterExporter method savePortletDefinition.
/**
* Save a portlet definition.
*
* @param definition the portlet definition
* @param publisher the person publishing the portlet
* @param categories the list of categories for the portlet
* @param permissionMap a map of permission name -> list of groups who are granted that
* permission (Note: for now, only grant is supported and only for the FRAMEWORK_OWNER perm
* manager)
*/
private IPortletDefinition savePortletDefinition(IPortletDefinition definition, IPerson publisher, List<PortletCategory> categories, Map<ExternalPermissionDefinition, Set<IGroupMember>> permissionMap) {
boolean newChannel = (definition.getPortletDefinitionId() == null);
// save the channel
definition = portletDefinitionDao.savePortletDefinition(definition);
definition = portletDefinitionDao.getPortletDefinitionByFname(definition.getFName());
final String defId = definition.getPortletDefinitionId().getStringId();
final IEntity portletDefEntity = GroupService.getEntity(defId, IPortletDefinition.class);
//The groups service needs to deal with concurrent modification better.
synchronized (this.groupUpdateLock) {
// Delete existing category memberships for this channel
if (!newChannel) {
for (IEntityGroup group : portletDefEntity.getAncestorGroups()) {
group.removeChild(portletDefEntity);
group.update();
}
}
// For each category ID, add channel to category
for (PortletCategory category : categories) {
final IEntityGroup categoryGroup = GroupService.findGroup(category.getId());
categoryGroup.addChild(portletDefEntity);
categoryGroup.updateMembers();
}
// Set groups
final AuthorizationService authService = AuthorizationService.instance();
final String target = PermissionHelper.permissionTargetIdForPortletDefinition(definition);
// Loop over the affected permission managers...
Map<String, Collection<ExternalPermissionDefinition>> permissionsBySystem = getPermissionsBySystem(permissionMap.keySet());
for (String system : permissionsBySystem.keySet()) {
Collection<ExternalPermissionDefinition> systemPerms = permissionsBySystem.get(system);
// get the permission manager for this system...
final IUpdatingPermissionManager upm = authService.newUpdatingPermissionManager(system);
final List<IPermission> permissions = new ArrayList<>();
// add activity grants for each permission..
for (ExternalPermissionDefinition permissionDef : systemPerms) {
Set<IGroupMember> members = permissionMap.get(permissionDef);
for (final IGroupMember member : members) {
final IAuthorizationPrincipal authPrincipal = authService.newPrincipal(member);
final IPermission permEntity = upm.newPermission(authPrincipal);
permEntity.setType(IPermission.PERMISSION_TYPE_GRANT);
permEntity.setActivity(permissionDef.getActivity());
permEntity.setTarget(target);
permissions.add(permEntity);
}
}
// If modifying the channel, remove the existing permissions before adding the new ones
if (!newChannel) {
for (ExternalPermissionDefinition permissionName : permissionMap.keySet()) {
IPermission[] oldPermissions = upm.getPermissions(permissionName.getActivity(), target);
upm.removePermissions(oldPermissions);
}
}
upm.addPermissions(permissions.toArray(new IPermission[permissions.size()]));
}
}
if (logger.isDebugEnabled()) {
logger.debug("Portlet " + defId + " has been " + (newChannel ? "published" : "modified") + ".");
}
return definition;
}
Also used :
IEntity(org.apereo.portal.groups.IEntity)
ArrayList(java.util.ArrayList)
IEntityGroup(org.apereo.portal.groups.IEntityGroup)
IGroupMember(org.apereo.portal.groups.IGroupMember)
AuthorizationService(org.apereo.portal.services.AuthorizationService)
IPermission(org.apereo.portal.security.IPermission)
IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)
Collection(java.util.Collection)
ExternalPermissionDefinition(org.apereo.portal.io.xml.portlettype.ExternalPermissionDefinition)
PortletCategory(org.apereo.portal.portlet.om.PortletCategory)
IUpdatingPermissionManager(org.apereo.portal.security.IUpdatingPermissionManager)
Aggregations
IGroupMember (org.apereo.portal.groups.IGroupMember)58
IEntityGroup (org.apereo.portal.groups.IEntityGroup)33
HashSet (java.util.HashSet)20
IAuthorizationPrincipal (org.apereo.portal.security.IAuthorizationPrincipal)16
ArrayList (java.util.ArrayList)14
EntityIdentifier (org.apereo.portal.EntityIdentifier)13
EntityEnum (org.apereo.portal.portlets.groupselector.EntityEnum)13
JsonEntityBean (org.apereo.portal.layout.dlm.remoting.JsonEntityBean)10
IPermission (org.apereo.portal.security.IPermission)9
PortletCategory (org.apereo.portal.portlet.om.PortletCategory)7
GroupsException (org.apereo.portal.groups.GroupsException)6
IPerson (org.apereo.portal.security.IPerson)6
HashMap (java.util.HashMap)4
IEntity (org.apereo.portal.groups.IEntity)4
ExternalPermissionDefinition (org.apereo.portal.io.xml.portlettype.ExternalPermissionDefinition)4
Element (net.sf.ehcache.Element)3
IPortletDefinition (org.apereo.portal.portlet.om.IPortletDefinition)3
AuthorizationServiceFacade (org.apereo.portal.services.AuthorizationServiceFacade)3
GcGetMembers (edu.internet2.middleware.grouperClient.api.GcGetMembers)2
WsGetMembersResults (edu.internet2.middleware.grouperClient.ws.beans.WsGetMembersResults)2
