Example 41 with IGroupMember
use of org.apereo.portal.groups.IGroupMember in project uPortal by Jasig.
the class GrouperEntityGroupStore method findEntitiesForGroup.
/* (non-Javadoc)
* @see org.apereo.portal.groups.IEntityGroupStore#findEntitiesForGroup(org.apereo.portal.groups.IEntityGroup)
*/
@SuppressWarnings("unchecked")
public Iterator findEntitiesForGroup(IEntityGroup group) throws GroupsException {
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Searching Grouper for members of the group with key: " + group.getKey());
}
try {
// execute a search for members of the specified group
GcGetMembers getGroupsMembers = new GcGetMembers();
getGroupsMembers.addGroupName(group.getLocalKey());
getGroupsMembers.assignIncludeSubjectDetail(true);
WsGetMembersResults results = getGroupsMembers.execute();
if (results == null || results.getResults() == null || results.getResults().length == 0 || results.getResults()[0].getWsSubjects() == null) {
LOGGER.debug("No members found for Grouper group with key " + group.getLocalKey());
return Collections.<IGroupMember>emptyList().iterator();
}
WsSubject[] gInfos = results.getResults()[0].getWsSubjects();
final List<IGroupMember> members = new ArrayList<IGroupMember>(gInfos.length);
// add each result to the member list
for (WsSubject gInfo : gInfos) {
// if the member is not a group (aka person)
if (!StringUtils.equals(gInfo.getSourceId(), "g:gsa")) {
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("creating leaf member:" + gInfo.getId() + " and name: " + gInfo.getName() + " from group: " + group.getLocalKey());
}
// use the name instead of id as it shows better in the display
IGroupMember member = new EntityImpl(gInfo.getName(), IPerson.class);
members.add(member);
}
}
// return an iterator for the assembled group
return members.iterator();
} catch (Exception e) {
LOGGER.warn("Exception while attempting to retrieve " + "member entities of group with key " + group.getKey() + " from Grouper web services: " + e.getMessage());
return Collections.<IGroupMember>emptyList().iterator();
}
}
Also used :
IGroupMember(org.apereo.portal.groups.IGroupMember)
EntityImpl(org.apereo.portal.groups.EntityImpl)
ArrayList(java.util.ArrayList)
WsSubject(edu.internet2.middleware.grouperClient.ws.beans.WsSubject)
GcGetMembers(edu.internet2.middleware.grouperClient.api.GcGetMembers)
WsGetMembersResults(edu.internet2.middleware.grouperClient.ws.beans.WsGetMembersResults)
GroupsException(org.apereo.portal.groups.GroupsException)
Example 42 with IGroupMember
use of org.apereo.portal.groups.IGroupMember in project uPortal by Jasig.
the class AdHocGroupTester method test.
/*
* At some point, a person is being tested for group membership. During that test, the thread hits an ad hoc group
* tester. When that tester calls isDeepMemberOf, a test for group membership is triggered. During this call stack,
* the second call to the ad hoc group tester returns false. Assuming the group hierarchy is not itself recursive
* for the group containing the ad hoc group test, the test returns a usable value.
*
* If there is no caching and the second person object only exists for the recursive call, then the implementation
* works.
*
* Also, if the person object is cached and used twice, then the group key with the ad hoc tester is not added to
* the containing group keys during the recursion but is added (or not) after the test call returns positive.
*/
@Override
public boolean test(IPerson person) {
String personHash = person.getEntityIdentifier().getKey() + groupHash + Thread.currentThread().getId();
logger.debug("Entering test() for {}", personHash);
IEntityGroup entityGroup = findGroupByName(groupName);
if (entityGroup == null) {
logger.error("Group named '{}' in ad hoc group tester definition not found!!", groupName);
return false;
}
IGroupMember gmPerson = findPersonAsGroupMember(person);
if (currentTests.getQuiet(personHash) != null) {
logger.debug("Returning from test() for {} due to recursion for person = {}", personHash, person.toString());
// stop recursing
return false;
}
Element cacheEl = new Element(personHash, personHash);
currentTests.put(cacheEl);
// method that potentially recurs
boolean isPersonGroupMember = gmPerson.isDeepMemberOf(entityGroup);
currentTests.remove(personHash);
final boolean rslt = isPersonGroupMember ^ isNotTest;
logger.debug("Returning '{}' from test() for '{}' {} a (deep) member of '{}'", rslt, person.getUserName(), isNotTest ? "is not" : "is", entityGroup.getName());
return rslt;
}
Also used :
IEntityGroup(org.apereo.portal.groups.IEntityGroup)
IGroupMember(org.apereo.portal.groups.IGroupMember)
Element(net.sf.ehcache.Element)
Example 43 with IGroupMember
use of org.apereo.portal.groups.IGroupMember in project uPortal by Jasig.
the class PortletDefinitionImporterExporter method exportPermission.
private boolean exportPermission(IPortletDefinition def, ExternalPermissionDefinition permDef, List<String> groupList, List<String> userList) {
final AuthorizationServiceFacade authService = AuthorizationServiceFacade.instance();
final IPermissionManager pm = authService.newPermissionManager(permDef.getSystem());
final String portletTargetId = PermissionHelper.permissionTargetIdForPortletDefinition(def);
final IAuthorizationPrincipal[] principals = pm.getAuthorizedPrincipals(permDef.getActivity(), portletTargetId);
boolean permAdded = false;
for (IAuthorizationPrincipal principal : principals) {
IGroupMember member = authService.getGroupMember(principal);
if (member.isGroup()) {
final EntityNameFinderService entityNameFinderService = EntityNameFinderService.instance();
final IEntityNameFinder nameFinder = entityNameFinderService.getNameFinder(member.getType());
try {
groupList.add(nameFinder.getName(member.getKey()));
permAdded = true;
} catch (Exception e) {
throw new RuntimeException("Could not find group name for entity: " + member.getKey(), e);
}
} else {
if (userList != null) {
userList.add(member.getKey());
permAdded = true;
}
}
}
Collections.sort(groupList);
if (userList != null) {
Collections.sort(userList);
}
return permAdded;
}
Also used :
IPermissionManager(org.apereo.portal.security.IPermissionManager)
IGroupMember(org.apereo.portal.groups.IGroupMember)
IEntityNameFinder(org.apereo.portal.groups.IEntityNameFinder)
AuthorizationServiceFacade(org.apereo.portal.services.AuthorizationServiceFacade)
IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)
EntityNameFinderService(org.apereo.portal.services.EntityNameFinderService)
Example 44 with IGroupMember
use of org.apereo.portal.groups.IGroupMember in project uPortal by Jasig.
the class PortletDefinitionImporterExporter method savePortletDefinition.
/**
* Save a portlet definition.
*
* @param definition the portlet definition
* @param categories the list of categories for the portlet
* @param permissionMap a map of permission name -> list of groups who are granted that
* permission (Note: for now, only grant is supported and only for the FRAMEWORK_OWNER perm
* manager)
*/
private IPortletDefinition savePortletDefinition(IPortletDefinition definition, List<PortletCategory> categories, Map<ExternalPermissionDefinition, Set<IGroupMember>> permissionMap) {
boolean newChannel = (definition.getPortletDefinitionId() == null);
// save the channel
definition = portletDefinitionDao.savePortletDefinition(definition);
definition = portletDefinitionDao.getPortletDefinitionByFname(definition.getFName());
final String defId = definition.getPortletDefinitionId().getStringId();
final IEntity portletDefEntity = GroupService.getEntity(defId, IPortletDefinition.class);
// The groups service needs to deal with concurrent modification better.
synchronized (this.groupUpdateLock) {
// Delete existing category memberships for this channel
if (!newChannel) {
for (IEntityGroup group : portletDefEntity.getAncestorGroups()) {
group.removeChild(portletDefEntity);
group.update();
}
}
// For each category ID, add channel to category
for (PortletCategory category : categories) {
final IEntityGroup categoryGroup = GroupService.findGroup(category.getId());
categoryGroup.addChild(portletDefEntity);
categoryGroup.updateMembers();
}
// Set groups
final AuthorizationServiceFacade authService = AuthorizationServiceFacade.instance();
final String target = PermissionHelper.permissionTargetIdForPortletDefinition(definition);
// Loop over the affected permission managers...
Map<String, Collection<ExternalPermissionDefinition>> permissionsBySystem = getPermissionsBySystem(permissionMap.keySet());
for (String system : permissionsBySystem.keySet()) {
Collection<ExternalPermissionDefinition> systemPerms = permissionsBySystem.get(system);
// get the permission manager for this system...
final IUpdatingPermissionManager upm = authService.newUpdatingPermissionManager(system);
final List<IPermission> permissions = new ArrayList<>();
// add activity grants for each permission..
for (ExternalPermissionDefinition permissionDef : systemPerms) {
Set<IGroupMember> members = permissionMap.get(permissionDef);
for (final IGroupMember member : members) {
final IAuthorizationPrincipal authPrincipal = authService.newPrincipal(member);
final IPermission permEntity = upm.newPermission(authPrincipal);
permEntity.setType(IPermission.PERMISSION_TYPE_GRANT);
permEntity.setActivity(permissionDef.getActivity());
permEntity.setTarget(target);
permissions.add(permEntity);
}
}
// ones
if (!newChannel) {
for (ExternalPermissionDefinition permissionName : permissionMap.keySet()) {
IPermission[] oldPermissions = upm.getPermissions(permissionName.getActivity(), target);
upm.removePermissions(oldPermissions);
}
}
upm.addPermissions(permissions.toArray(new IPermission[permissions.size()]));
}
}
if (logger.isDebugEnabled()) {
logger.debug("Portlet " + defId + " has been " + (newChannel ? "published" : "modified") + ".");
}
return definition;
}
Also used :
IEntity(org.apereo.portal.groups.IEntity)
ArrayList(java.util.ArrayList)
IEntityGroup(org.apereo.portal.groups.IEntityGroup)
IGroupMember(org.apereo.portal.groups.IGroupMember)
AuthorizationServiceFacade(org.apereo.portal.services.AuthorizationServiceFacade)
IPermission(org.apereo.portal.security.IPermission)
IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)
Collection(java.util.Collection)
ExternalPermissionDefinition(org.apereo.portal.io.xml.portlettype.ExternalPermissionDefinition)
PortletCategory(org.apereo.portal.portlet.om.PortletCategory)
IUpdatingPermissionManager(org.apereo.portal.security.IUpdatingPermissionManager)
Example 45 with IGroupMember
use of org.apereo.portal.groups.IGroupMember in project uPortal by Jasig.
the class PortletDefinitionImporterExporter method importData.
@Transactional
@Override
public void importData(ExternalPortletDefinition portletRep) {
final IPortletDefinition def = portletDefinitionUnmarshaller.unmarshall(portletRep);
final List<PortletCategory> categories = new ArrayList<>();
for (String categoryName : portletRep.getCategories()) {
// Import/Export function, thus the group search is case sensitive.
EntityIdentifier[] cats = GroupService.searchForGroups(categoryName, IGroupConstants.SearchMethod.DISCRETE, IPortletDefinition.class);
PortletCategory category;
if (cats != null && cats.length > 0) {
category = portletCategoryRegistry.getPortletCategory(cats[0].getKey());
} else {
category = portletCategoryRegistry.getPortletCategory(categoryName);
}
if (category == null) {
throw new IllegalArgumentException("No category '" + categoryName + "' found when importing portlet: " + portletRep.getFname());
}
categories.add(category);
}
final String fname = portletRep.getFname();
final Map<ExternalPermissionDefinition, Set<IGroupMember>> permissions = new HashMap<>();
final Set<IGroupMember> subscribeMembers = toGroupMembers(portletRep.getGroups(), fname);
permissions.put(ExternalPermissionDefinition.SUBSCRIBE, subscribeMembers);
if (portletRep.getPermissions() != null && portletRep.getPermissions().getPermissions() != null) {
for (ExternalPermissionMemberList perm : portletRep.getPermissions().getPermissions()) {
Set<IGroupMember> members = toGroupMembers(perm.getGroups(), fname);
ExternalPermissionDefinition permDef = toExternalPermissionDefinition(perm.getSystem(), perm.getActivity());
if (permissions.containsKey(permDef)) {
permissions.get(permDef).addAll(members);
} else {
permissions.put(permDef, members);
}
}
}
savePortletDefinition(def, categories, permissions);
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
EntityIdentifier(org.apereo.portal.EntityIdentifier)
IGroupMember(org.apereo.portal.groups.IGroupMember)
ExternalPermissionDefinition(org.apereo.portal.io.xml.portlettype.ExternalPermissionDefinition)
IPortletDefinition(org.apereo.portal.portlet.om.IPortletDefinition)
PortletCategory(org.apereo.portal.portlet.om.PortletCategory)
Transactional(org.springframework.transaction.annotation.Transactional)
Aggregations
IGroupMember (org.apereo.portal.groups.IGroupMember)52
IEntityGroup (org.apereo.portal.groups.IEntityGroup)29
HashSet (java.util.HashSet)17
IAuthorizationPrincipal (org.apereo.portal.security.IAuthorizationPrincipal)14
ArrayList (java.util.ArrayList)12
EntityIdentifier (org.apereo.portal.EntityIdentifier)12
EntityEnum (org.apereo.portal.portlets.groupselector.EntityEnum)10
JsonEntityBean (org.apereo.portal.layout.dlm.remoting.JsonEntityBean)9
IPermission (org.apereo.portal.security.IPermission)8
PortletCategory (org.apereo.portal.portlet.om.PortletCategory)7
GroupsException (org.apereo.portal.groups.GroupsException)6
HashMap (java.util.HashMap)4
IEntity (org.apereo.portal.groups.IEntity)4
ExternalPermissionDefinition (org.apereo.portal.io.xml.portlettype.ExternalPermissionDefinition)4
IPerson (org.apereo.portal.security.IPerson)4
Element (net.sf.ehcache.Element)3
IPortletDefinition (org.apereo.portal.portlet.om.IPortletDefinition)3
AuthorizationServiceFacade (org.apereo.portal.services.AuthorizationServiceFacade)3
GcGetMembers (edu.internet2.middleware.grouperClient.api.GcGetMembers)2
WsGetMembersResults (edu.internet2.middleware.grouperClient.ws.beans.WsGetMembersResults)2
