Search in sources :

Example 1 with JsonEntityBean

use of org.apereo.portal.layout.dlm.remoting.JsonEntityBean in project uPortal by Jasig.

the class PortletAdministrationHelper method savePortletRegistration.

/**
     * Persist a new or edited PortletDefinition from a form, replacing existing values.
     *
     * @param publisher {@code IPerson} that requires permission to save this definition
     * @param form form data to persist
     * @return new {@code PortletDefinitionForm} for this portlet ID
     */
public PortletDefinitionForm savePortletRegistration(IPerson publisher, PortletDefinitionForm form) throws Exception {
    // is made when the user enters the lifecycle-selection step in the wizard.)
    if (!hasLifecyclePermission(publisher, form.getLifecycleState(), form.getCategories())) {
        logger.warn("User '" + publisher.getUserName() + "' attempted to save the following portlet without the selected MANAGE permission:  " + form);
        throw new SecurityException("Not Authorized");
    }
    if (!form.isNew()) {
        // User must have the previous lifecycle permission
        // in AT LEAST ONE previous category as well
        IPortletDefinition def = this.portletDefinitionRegistry.getPortletDefinition(form.getId());
        Set<PortletCategory> categories = portletCategoryRegistry.getParentCategories(def);
        SortedSet<JsonEntityBean> categoryBeans = new TreeSet<>();
        for (PortletCategory cat : categories) {
            categoryBeans.add(new JsonEntityBean(cat));
        }
        if (!hasLifecyclePermission(publisher, def.getLifecycleState(), categoryBeans)) {
            logger.warn("User '" + publisher.getUserName() + "' attempted to save the following portlet without the previous MANAGE permission:  " + form);
            throw new SecurityException("Not Authorized");
        }
    }
    if (form.isNew() || portletDefinitionRegistry.getPortletDefinition(form.getId()).getType().getId() != form.getTypeId()) {
        // User must have access to the selected CPD if s/he selected it in this interaction
        final int selectedTypeId = form.getTypeId();
        final PortletPublishingDefinition cpd = portletPublishingDefinitionDao.getChannelPublishingDefinition(selectedTypeId);
        final Map<IPortletType, PortletPublishingDefinition> allowableCpds = this.getAllowableChannelPublishingDefinitions(publisher);
        if (!allowableCpds.containsValue(cpd)) {
            logger.warn("User '" + publisher.getUserName() + "' attempted to administer the following portlet without the selected " + IPermission.PORTLET_MANAGER_SELECT_PORTLET_TYPE + " permission:  " + form);
            throw new SecurityException("Not Authorized");
        }
    }
    // create the principal array from the form's principal list -- only principals with permissions
    final Set<IGroupMember> subscribePrincipalSet = new HashSet<>(form.getPrincipals().size());
    final Set<IGroupMember> browsePrincipalSet = new HashSet<>(form.getPrincipals().size());
    for (JsonEntityBean bean : form.getPrincipals()) {
        final String subscribePerm = bean.getTypeAndIdHash() + "_" + IPermission.PORTLET_SUBSCRIBER_ACTIVITY;
        final String browsePerm = bean.getTypeAndIdHash() + "_" + IPermission.PORTLET_BROWSE_ACTIVITY;
        final EntityEnum entityEnum = bean.getEntityType();
        final IGroupMember principal = entityEnum.isGroup() ? (GroupService.findGroup(bean.getId())) : (GroupService.getGroupMember(bean.getId(), entityEnum.getClazz()));
        if (form.getPermissions().contains(subscribePerm)) {
            subscribePrincipalSet.add(principal);
        }
        if (form.getPermissions().contains(browsePerm)) {
            browsePrincipalSet.add(principal);
        }
    }
    // create the category list from the form's category bean list
    List<PortletCategory> categories = new ArrayList<>();
    for (JsonEntityBean category : form.getCategories()) {
        String id = category.getId();
        String iCatID = id.startsWith("cat") ? id.substring(3) : id;
        categories.add(portletCategoryRegistry.getPortletCategory(iCatID));
    }
    final IPortletType portletType = portletTypeRegistry.getPortletType(form.getTypeId());
    if (portletType == null) {
        throw new IllegalArgumentException("No IPortletType exists for ID " + form.getTypeId());
    }
    IPortletDefinition portletDef;
    if (form.getId() == null) {
        portletDef = new PortletDefinitionImpl(portletType, form.getFname(), form.getName(), form.getTitle(), form.getApplicationId(), form.getPortletName(), form.isFramework());
    } else {
        portletDef = portletDefinitionRegistry.getPortletDefinition(form.getId());
        portletDef.setType(portletType);
        portletDef.setFName(form.getFname());
        portletDef.setName(form.getName());
        portletDef.setTitle(form.getTitle());
        portletDef.getPortletDescriptorKey().setWebAppName(form.getApplicationId());
        portletDef.getPortletDescriptorKey().setPortletName(form.getPortletName());
        portletDef.getPortletDescriptorKey().setFrameworkPortlet(form.isFramework());
    }
    portletDef.setDescription(form.getDescription());
    portletDef.setTimeout(form.getTimeout());
    // portletDef reflect the state of the form, in case any have changed.
    for (String key : form.getParameters().keySet()) {
        String value = form.getParameters().get(key).getValue();
        if (!StringUtils.isBlank(value)) {
            portletDef.addParameter(key, value);
        }
    }
    portletDef.addParameter(IPortletDefinition.EDITABLE_PARAM, Boolean.toString(form.isEditable()));
    portletDef.addParameter(IPortletDefinition.CONFIGURABLE_PARAM, Boolean.toString(form.isConfigurable()));
    portletDef.addParameter(IPortletDefinition.HAS_HELP_PARAM, Boolean.toString(form.isHasHelp()));
    portletDef.addParameter(IPortletDefinition.HAS_ABOUT_PARAM, Boolean.toString(form.isHasAbout()));
    // Now add portlet preferences
    List<IPortletPreference> preferenceList = new ArrayList<>();
    for (String key : form.getPortletPreferences().keySet()) {
        List<String> prefValues = form.getPortletPreferences().get(key).getValue();
        if (prefValues != null && prefValues.size() > 0) {
            String[] values = prefValues.toArray(new String[prefValues.size()]);
            BooleanAttribute readOnly = form.getPortletPreferenceReadOnly().get(key);
            preferenceList.add(new PortletPreferenceImpl(key, readOnly.getValue(), values));
        }
    }
    portletDef.setPortletPreferences(preferenceList);
    // Lastly update the PortletDefinition's lifecycle state & lifecycle-related metadata
    updateLifecycleState(form, portletDef, publisher);
    // The final parameter of IGroupMembers is used to set the initial SUBSCRIBE permission set
    portletPublishingService.savePortletDefinition(portletDef, publisher, categories, new ArrayList<>(subscribePrincipalSet));
    //updatePermissions(portletDef, subscribePrincipalSet, IPermission.PORTLET_SUBSCRIBER_ACTIVITY);
    updatePermissions(portletDef, browsePrincipalSet, IPermission.PORTLET_BROWSE_ACTIVITY);
    return this.createPortletDefinitionForm(publisher, portletDef.getPortletDefinitionId().getStringId());
}
Also used : BooleanAttribute(org.apereo.portal.portlets.BooleanAttribute) EntityEnum(org.apereo.portal.portlets.groupselector.EntityEnum) IPortletPreference(org.apereo.portal.portlet.om.IPortletPreference) ArrayList(java.util.ArrayList) PortletPublishingDefinition(org.apereo.portal.portletpublishing.xml.PortletPublishingDefinition) TreeSet(java.util.TreeSet) PortletPreferenceImpl(org.apereo.portal.portlet.dao.jpa.PortletPreferenceImpl) IPortletDefinition(org.apereo.portal.portlet.om.IPortletDefinition) PortletCategory(org.apereo.portal.portlet.om.PortletCategory) HashSet(java.util.HashSet) IGroupMember(org.apereo.portal.groups.IGroupMember) JsonEntityBean(org.apereo.portal.layout.dlm.remoting.JsonEntityBean) IPortletType(org.apereo.portal.portlet.om.IPortletType) PortletDefinitionImpl(org.apereo.portal.portlet.dao.jpa.PortletDefinitionImpl)

Example 2 with JsonEntityBean

use of org.apereo.portal.layout.dlm.remoting.JsonEntityBean in project uPortal by Jasig.

the class EntityTargetProviderImpl method searchTargets.

/*
     * (non-Javadoc)
     * @see org.apereo.portal.permission.target.IPermissionTargetProvider#searchTargets(java.lang.String)
     */
public Collection<IPermissionTarget> searchTargets(String term) {
    // Initialize a new collection of matching targets.  We use a HashSet
    // implementation here to prevent duplicate target entries.
    Collection<IPermissionTarget> matching = new HashSet<IPermissionTarget>();
    /*
         * Attempt to find matching entities for each allowed entity type.
         * Any matching entities will be added to our collection.
         */
    for (TargetType targetType : allowedTargetTypes) {
        Set<JsonEntityBean> entities = groupListHelper.search(targetType.toString(), term);
        for (JsonEntityBean entity : entities) {
            IPermissionTarget target = new PermissionTargetImpl(entity.getId(), entity.getName(), targetType);
            matching.add(target);
        }
    }
    if (IPermission.ALL_CATEGORIES_TARGET.contains(term)) {
        matching.add(ALL_CATEGORIES_TARGET);
    } else if (IPermission.ALL_PORTLETS_TARGET.contains(term)) {
        matching.add(ALL_PORTLETS_TARGET);
    } else if (IPermission.ALL_GROUPS_TARGET.contains(term)) {
        matching.add(ALL_GROUPS_TARGET);
    }
    // return the list of matching targets
    return matching;
}
Also used : JsonEntityBean(org.apereo.portal.layout.dlm.remoting.JsonEntityBean) TargetType(org.apereo.portal.permission.target.IPermissionTarget.TargetType) HashSet(java.util.HashSet)

Example 3 with JsonEntityBean

use of org.apereo.portal.layout.dlm.remoting.JsonEntityBean in project uPortal by Jasig.

the class PortalPermissionEvaluator method hasPermission.

@Override
public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
    if (authorizationService == null) {
        authorizationService = AuthorizationService.instance();
    }
    final IAuthorizationPrincipal principal = getAuthorizationPrincipal(authentication);
    String targetId = null;
    if (targetDomainObject instanceof String) {
        // Assume it already represents a valid uPortal permission target
        targetId = (String) targetDomainObject;
    } else if (targetDomainObject instanceof JsonEntityBean) {
        // JsonEntityBean objects now have a targetString member
        targetId = ((JsonEntityBean) targetDomainObject).getTargetString();
    }
    // if the permission is already an AuthorizableActivity, go ahead and
    // use it
    AuthorizableActivity activity = null;
    if (permission instanceof AuthorizableActivity) {
        activity = (AuthorizableActivity) permission;
    } else // translate it into a permission relevant to the provided target
    if (permission instanceof String) {
        String activityName = (String) permission;
        activity = getViewActivity(activityName, (JsonEntityBean) targetDomainObject);
    } else {
        throw new RuntimeException("Unable to determine permission target id for type " + targetDomainObject.getClass());
    }
    if (activity != null) {
        final boolean hasPermission = principal.hasPermission(activity.getOwnerFname(), activity.getActivityFname(), targetId);
        return hasPermission;
    } else {
        return false;
    }
}
Also used : JsonEntityBean(org.apereo.portal.layout.dlm.remoting.JsonEntityBean) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)

Example 4 with JsonEntityBean

use of org.apereo.portal.layout.dlm.remoting.JsonEntityBean in project uPortal by Jasig.

the class GroupAdministrationHelper method updateGroupMembers.

/**
     * Update the members of an existing group in the group store.
     *
     * @param groupForm Form representing the new group configuration
     * @param updater Updating user
     */
public void updateGroupMembers(GroupForm groupForm, IPerson updater) {
    if (!canEditGroup(updater, groupForm.getKey())) {
        throw new RuntimeAuthorizationException(updater, IPermission.EDIT_GROUP_ACTIVITY, groupForm.getKey());
    }
    if (log.isDebugEnabled()) {
        log.debug("Updating group members for group form [" + groupForm.toString() + "]");
    }
    // find the current version of this group entity
    IEntityGroup group = GroupService.findGroup(groupForm.getKey());
    // clear the current group membership list
    for (IGroupMember child : group.getChildren()) {
        group.removeChild(child);
    }
    // to the group
    for (JsonEntityBean child : groupForm.getMembers()) {
        EntityEnum type = EntityEnum.getEntityEnum(child.getEntityTypeAsString());
        if (type.isGroup()) {
            IEntityGroup member = GroupService.findGroup(child.getId());
            group.addChild(member);
        } else {
            IGroupMember member = GroupService.getGroupMember(child.getId(), type.getClazz());
            group.addChild(member);
        }
    }
    // save the group, updating both its basic information and group
    // membership
    group.updateMembers();
}
Also used : IEntityGroup(org.apereo.portal.groups.IEntityGroup) IGroupMember(org.apereo.portal.groups.IGroupMember) RuntimeAuthorizationException(org.apereo.portal.security.RuntimeAuthorizationException) EntityEnum(org.apereo.portal.portlets.groupselector.EntityEnum) JsonEntityBean(org.apereo.portal.layout.dlm.remoting.JsonEntityBean)

Example 5 with JsonEntityBean

use of org.apereo.portal.layout.dlm.remoting.JsonEntityBean in project uPortal by Jasig.

the class PrincipalsRESTController method getPrincipals.

/**
     * Return a JSON view of the uPortal principals matching the supplied query string.
     *
     * @param query
     * @param request
     * @param response
     * @return
     * @throws Exception
     */
@PreAuthorize("hasPermission('string', 'REST', new org.apereo.portal.spring.security.evaluator.AuthorizableActivity('UP_PERMISSIONS', 'VIEW_PERMISSIONS'))")
@RequestMapping(value = "/permissions/principals.json", method = RequestMethod.GET)
public ModelAndView getPrincipals(@RequestParam(value = "q") String query, HttpServletRequest request, HttpServletResponse response) throws Exception {
    /*
         *  Add groups and people matching the search query to the JSON model
         */
    ModelAndView mv = new ModelAndView();
    List<JsonEntityBean> groups = new ArrayList<JsonEntityBean>();
    groups.addAll(listHelper.search(EntityEnum.GROUP.toString(), query));
    Collections.sort(groups);
    mv.addObject("groups", groups);
    List<JsonEntityBean> people = new ArrayList<JsonEntityBean>();
    people.addAll(listHelper.search(EntityEnum.PERSON.toString(), query));
    Collections.sort(people);
    mv.addObject("people", people);
    mv.setViewName("json");
    return mv;
}
Also used : JsonEntityBean(org.apereo.portal.layout.dlm.remoting.JsonEntityBean) ModelAndView(org.springframework.web.servlet.ModelAndView) ArrayList(java.util.ArrayList) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

JsonEntityBean (org.apereo.portal.layout.dlm.remoting.JsonEntityBean)23 IEntityGroup (org.apereo.portal.groups.IEntityGroup)8 IGroupMember (org.apereo.portal.groups.IGroupMember)8 IAuthorizationPrincipal (org.apereo.portal.security.IAuthorizationPrincipal)8 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)7 ArrayList (java.util.ArrayList)6 EntityEnum (org.apereo.portal.portlets.groupselector.EntityEnum)5 ModelAndView (org.springframework.web.servlet.ModelAndView)5 HashSet (java.util.HashSet)4 IPermission (org.apereo.portal.security.IPermission)4 PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)4 IPerson (org.apereo.portal.security.IPerson)3 IPermissionActivity (org.apereo.portal.permission.IPermissionActivity)2 IPermissionOwner (org.apereo.portal.permission.IPermissionOwner)2 IPortletDefinition (org.apereo.portal.portlet.om.IPortletDefinition)2 PortletCategory (org.apereo.portal.portlet.om.PortletCategory)2 Assignment (org.apereo.portal.portlets.permissionsadmin.Assignment)2 RuntimeAuthorizationException (org.apereo.portal.security.RuntimeAuthorizationException)2 HashMap (java.util.HashMap)1 Map (java.util.Map)1