Example 26 with IGroupMember
use of org.apereo.portal.groups.IGroupMember in project uPortal by Jasig.
the class PermissionsRESTController method getPermissionsForEntity.
protected List<JsonPermission> getPermissionsForEntity(JsonEntityBean entity, boolean includeInherited) {
Set<UniquePermission> directAssignments = new HashSet<UniquePermission>();
IAuthorizationPrincipal p = this.authorizationService.newPrincipal(entity.getId(), entity.getEntityType().getClazz());
// first get the permissions explicitly set for this principal
IPermission[] directPermissions = permissionStore.select(null, p.getPrincipalString(), null, null, null);
for (IPermission permission : directPermissions) {
directAssignments.add(new UniquePermission(permission.getOwner(), permission.getActivity(), permission.getTarget(), false));
}
Set<UniquePermission> inheritedAssignments = new HashSet<UniquePermission>();
if (includeInherited) {
IGroupMember member = GroupService.getGroupMember(p.getKey(), p.getType());
for (IEntityGroup parent : member.getAncestorGroups()) {
IAuthorizationPrincipal parentPrincipal = this.authorizationService.newPrincipal(parent);
IPermission[] parentPermissions = permissionStore.select(null, parentPrincipal.getPrincipalString(), null, null, null);
for (IPermission permission : parentPermissions) {
inheritedAssignments.add(new UniquePermission(permission.getOwner(), permission.getActivity(), permission.getTarget(), true));
}
}
}
List<JsonPermission> rslt = new ArrayList<JsonPermission>();
for (UniquePermission permission : directAssignments) {
if (p.hasPermission(permission.getOwner(), permission.getActivity(), permission.getIdentifier())) {
rslt.add(getPermissionForPrincipal(permission, entity));
}
}
for (UniquePermission permission : inheritedAssignments) {
if (p.hasPermission(permission.getOwner(), permission.getActivity(), permission.getIdentifier())) {
rslt.add(getPermissionForPrincipal(permission, entity));
}
}
Collections.sort(rslt);
return rslt;
}
Also used :
IEntityGroup(org.apereo.portal.groups.IEntityGroup)
IGroupMember(org.apereo.portal.groups.IGroupMember)
IPermission(org.apereo.portal.security.IPermission)
IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)
ArrayList(java.util.ArrayList)
HashSet(java.util.HashSet)
Example 27 with IGroupMember
use of org.apereo.portal.groups.IGroupMember in project uPortal by Jasig.
the class PortletAdministrationHelper method addSubscribePermissionsToForm.
/*
* Add to the form SUBSCRIBE and BROWSE activity permissions, along with their principals,
* assigned to the portlet.
*/
private void addSubscribePermissionsToForm(IPortletDefinition def, PortletDefinitionForm form) {
final String portletTargetId = PermissionHelper.permissionTargetIdForPortletDefinition(def);
/* We are concerned with PORTAL_SUBSCRIBE system */
final IPermissionManager pm = authorizationService.newPermissionManager(IPermission.PORTAL_SUBSCRIBE);
for (String activity : PORTLET_SUBSCRIBE_ACTIVITIES) {
/* Obtain the principals that have permission for the activity on this portlet */
final IAuthorizationPrincipal[] principals = pm.getAuthorizedPrincipals(activity, portletTargetId);
for (IAuthorizationPrincipal principal : principals) {
JsonEntityBean principalBean;
// first assume this is a group
IEntityGroup group = GroupService.findGroup(principal.getKey());
if (group != null) {
// principal is a group
principalBean = new JsonEntityBean(group, EntityEnum.GROUP);
} else {
// not a group, so it must be a person
IGroupMember member = authorizationService.getGroupMember(principal);
principalBean = new JsonEntityBean(member, EntityEnum.PERSON);
// set the name
String name = groupListHelper.lookupEntityName(principalBean);
principalBean.setName(name);
}
/* Make sure we capture the principal just once*/
if (!form.getPrincipals().contains(principalBean)) {
form.addPrincipal(principalBean);
}
form.addPermission(principalBean.getTypeAndIdHash() + "_" + activity);
}
}
}
Also used :
IPermissionManager(org.apereo.portal.security.IPermissionManager)
IEntityGroup(org.apereo.portal.groups.IEntityGroup)
IGroupMember(org.apereo.portal.groups.IGroupMember)
JsonEntityBean(org.apereo.portal.layout.dlm.remoting.JsonEntityBean)
IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)
Example 28 with IGroupMember
use of org.apereo.portal.groups.IGroupMember in project uPortal by Jasig.
the class AnyUnblockedGrantPermissionPolicy method loadInCache.
/**
* Allows an outside actor to force this policy to evaluate and cache an authorization decision.
* Permissions checking can be expensive; a well-primed cache can make the task perform better.
* This method will create the cache entry whether it exists already or not, forcibly resetting
* the TTL.
*
* @since 4.3
*/
public void loadInCache(IAuthorizationService service, IAuthorizationPrincipal principal, IPermissionOwner owner, IPermissionActivity activity, IPermissionTarget target) {
final Set<IGroupMember> seenGroups = new HashSet<>();
final CacheTuple cacheTuple = new CacheTuple(principal.getPrincipalString(), owner.getFname(), activity.getFname(), target.getKey());
final boolean answer = hasUnblockedPathToGrant(service, principal, owner, activity, target, seenGroups);
Element element = new Element(cacheTuple, answer);
hasUnblockedGrantCache.put(element);
}
Also used :
IGroupMember(org.apereo.portal.groups.IGroupMember)
Element(net.sf.ehcache.Element)
HashSet(java.util.HashSet)
Example 29 with IGroupMember
use of org.apereo.portal.groups.IGroupMember in project uPortal by Jasig.
the class GroupListHelperImpl method getEntity.
/*
* (non-Javadoc)
* @see org.apereo.portal.layout.dlm.remoting.IGroupListHelper#getEntity(java.lang.String, java.lang.String, boolean)
*/
@Override
public JsonEntityBean getEntity(String entityType, String entityId, boolean populateChildren) {
// get the EntityEnum for the specified entity type
EntityEnum entityEnum = EntityEnum.getEntityEnum(entityType);
if (entityEnum == null) {
throw new IllegalArgumentException(String.format("Parameter entityType has an unknown value of [%s]", entityType));
}
// to locate it
if (entityEnum.isGroup()) {
// attempt to find the entity
IEntityGroup entity = GroupService.findGroup(entityId);
if (entity == null) {
return null;
} else {
JsonEntityBean jsonBean = new JsonEntityBean(entity, entityEnum);
if (populateChildren) {
Iterator<IGroupMember> members = entity.getChildren().iterator();
jsonBean = populateChildren(jsonBean, members);
}
if (jsonBean.getEntityType().isGroup() || EntityEnum.PERSON.equals(jsonBean.getEntityType())) {
IAuthorizationPrincipal principal = getPrincipalForEntity(jsonBean);
jsonBean.setPrincipalString(principal.getPrincipalString());
}
return jsonBean;
}
} else // otherwise use the getGroupMember method
{
IGroupMember entity = GroupService.getGroupMember(entityId, entityEnum.getClazz());
if (entity == null || entity instanceof IEntityGroup) {
return null;
}
JsonEntityBean jsonBean = new JsonEntityBean(entity, entityEnum);
// the group member interface doesn't include the entity name, so
// we'll need to look that up manually
jsonBean.setName(lookupEntityName(jsonBean));
if (EntityEnum.GROUP.equals(jsonBean.getEntityType()) || EntityEnum.PERSON.equals(jsonBean.getEntityType())) {
IAuthorizationPrincipal principal = getPrincipalForEntity(jsonBean);
jsonBean.setPrincipalString(principal.getPrincipalString());
}
return jsonBean;
}
}
Also used :
IEntityGroup(org.apereo.portal.groups.IEntityGroup)
IGroupMember(org.apereo.portal.groups.IGroupMember)
EntityEnum(org.apereo.portal.portlets.groupselector.EntityEnum)
IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)
Example 30 with IGroupMember
use of org.apereo.portal.groups.IGroupMember in project uPortal by Jasig.
the class GroupListHelperImpl method populateChildren.
/**
* Populates the children of the JsonEntityBean. Creates new JsonEntityBeans for the known types
* (person, group, or category), and adds them as children to the current bean.
*
* @param jsonBean Entity bean to which the children are added
* @param children An Iterator containing IGroupMember elements. Usually obtained from
* entity.getMembers().
* @return jsonBean with the children populated
*/
private JsonEntityBean populateChildren(JsonEntityBean jsonBean, Iterator<IGroupMember> children) {
while (children.hasNext()) {
IGroupMember member = children.next();
// add the entity bean to the list of children
JsonEntityBean jsonChild = getEntity(member);
jsonBean.addChild(jsonChild);
}
// mark this entity bean as having had it's child list initialized
jsonBean.setChildrenInitialized(true);
return jsonBean;
}
Also used :
IGroupMember(org.apereo.portal.groups.IGroupMember)
Aggregations
IGroupMember (org.apereo.portal.groups.IGroupMember)52
IEntityGroup (org.apereo.portal.groups.IEntityGroup)29
HashSet (java.util.HashSet)17
IAuthorizationPrincipal (org.apereo.portal.security.IAuthorizationPrincipal)14
ArrayList (java.util.ArrayList)12
EntityIdentifier (org.apereo.portal.EntityIdentifier)12
EntityEnum (org.apereo.portal.portlets.groupselector.EntityEnum)10
JsonEntityBean (org.apereo.portal.layout.dlm.remoting.JsonEntityBean)9
IPermission (org.apereo.portal.security.IPermission)8
PortletCategory (org.apereo.portal.portlet.om.PortletCategory)7
GroupsException (org.apereo.portal.groups.GroupsException)6
HashMap (java.util.HashMap)4
IEntity (org.apereo.portal.groups.IEntity)4
ExternalPermissionDefinition (org.apereo.portal.io.xml.portlettype.ExternalPermissionDefinition)4
IPerson (org.apereo.portal.security.IPerson)4
Element (net.sf.ehcache.Element)3
IPortletDefinition (org.apereo.portal.portlet.om.IPortletDefinition)3
AuthorizationServiceFacade (org.apereo.portal.services.AuthorizationServiceFacade)3
GcGetMembers (edu.internet2.middleware.grouperClient.api.GcGetMembers)2
WsGetMembersResults (edu.internet2.middleware.grouperClient.ws.beans.WsGetMembersResults)2
