use of org.apereo.portal.layout.dlm.remoting.JsonEntityBean in project uPortal by Jasig.
the class PortletAdministrationHelper method savePortletRegistration.
/**
* Persist a new or edited PortletDefinition from a form, replacing existing values.
*
* @param publisher {@code IPerson} that requires permission to save this definition
* @param form form data to persist
* @return new {@code PortletDefinitionForm} for this portlet ID
*/
public PortletDefinitionForm savePortletRegistration(IPerson publisher, PortletDefinitionForm form) throws Exception {
// is made when the user enters the lifecycle-selection step in the wizard.)
if (!hasLifecyclePermission(publisher, form.getLifecycleState(), form.getCategories())) {
logger.warn("User '" + publisher.getUserName() + "' attempted to save the following portlet without the selected MANAGE permission: " + form);
throw new SecurityException("Not Authorized");
}
if (!form.isNew()) {
// User must have the previous lifecycle permission
// in AT LEAST ONE previous category as well
IPortletDefinition def = this.portletDefinitionRegistry.getPortletDefinition(form.getId());
Set<PortletCategory> categories = portletCategoryRegistry.getParentCategories(def);
SortedSet<JsonEntityBean> categoryBeans = new TreeSet<>();
for (PortletCategory cat : categories) {
categoryBeans.add(new JsonEntityBean(cat));
}
if (!hasLifecyclePermission(publisher, def.getLifecycleState(), categoryBeans)) {
logger.warn("User '" + publisher.getUserName() + "' attempted to save the following portlet without the previous MANAGE permission: " + form);
throw new SecurityException("Not Authorized");
}
}
if (form.isNew() || portletDefinitionRegistry.getPortletDefinition(form.getId()).getType().getId() != form.getTypeId()) {
// User must have access to the selected CPD if s/he selected it in this interaction
final int selectedTypeId = form.getTypeId();
final PortletPublishingDefinition cpd = portletPublishingDefinitionDao.getChannelPublishingDefinition(selectedTypeId);
final Map<IPortletType, PortletPublishingDefinition> allowableCpds = this.getAllowableChannelPublishingDefinitions(publisher);
if (!allowableCpds.containsValue(cpd)) {
logger.warn("User '" + publisher.getUserName() + "' attempted to administer the following portlet without the selected " + IPermission.PORTLET_MANAGER_SELECT_PORTLET_TYPE + " permission: " + form);
throw new SecurityException("Not Authorized");
}
}
// create the principal array from the form's principal list -- only principals with permissions
final Set<IGroupMember> subscribePrincipalSet = new HashSet<>(form.getPrincipals().size());
final Set<IGroupMember> browsePrincipalSet = new HashSet<>(form.getPrincipals().size());
for (JsonEntityBean bean : form.getPrincipals()) {
final String subscribePerm = bean.getTypeAndIdHash() + "_" + IPermission.PORTLET_SUBSCRIBER_ACTIVITY;
final String browsePerm = bean.getTypeAndIdHash() + "_" + IPermission.PORTLET_BROWSE_ACTIVITY;
final EntityEnum entityEnum = bean.getEntityType();
final IGroupMember principal = entityEnum.isGroup() ? (GroupService.findGroup(bean.getId())) : (GroupService.getGroupMember(bean.getId(), entityEnum.getClazz()));
if (form.getPermissions().contains(subscribePerm)) {
subscribePrincipalSet.add(principal);
}
if (form.getPermissions().contains(browsePerm)) {
browsePrincipalSet.add(principal);
}
}
// create the category list from the form's category bean list
List<PortletCategory> categories = new ArrayList<>();
for (JsonEntityBean category : form.getCategories()) {
String id = category.getId();
String iCatID = id.startsWith("cat") ? id.substring(3) : id;
categories.add(portletCategoryRegistry.getPortletCategory(iCatID));
}
final IPortletType portletType = portletTypeRegistry.getPortletType(form.getTypeId());
if (portletType == null) {
throw new IllegalArgumentException("No IPortletType exists for ID " + form.getTypeId());
}
IPortletDefinition portletDef;
if (form.getId() == null) {
portletDef = new PortletDefinitionImpl(portletType, form.getFname(), form.getName(), form.getTitle(), form.getApplicationId(), form.getPortletName(), form.isFramework());
} else {
portletDef = portletDefinitionRegistry.getPortletDefinition(form.getId());
portletDef.setType(portletType);
portletDef.setFName(form.getFname());
portletDef.setName(form.getName());
portletDef.setTitle(form.getTitle());
portletDef.getPortletDescriptorKey().setWebAppName(form.getApplicationId());
portletDef.getPortletDescriptorKey().setPortletName(form.getPortletName());
portletDef.getPortletDescriptorKey().setFrameworkPortlet(form.isFramework());
}
portletDef.setDescription(form.getDescription());
portletDef.setTimeout(form.getTimeout());
// portletDef reflect the state of the form, in case any have changed.
for (String key : form.getParameters().keySet()) {
String value = form.getParameters().get(key).getValue();
if (!StringUtils.isBlank(value)) {
portletDef.addParameter(key, value);
}
}
portletDef.addParameter(IPortletDefinition.EDITABLE_PARAM, Boolean.toString(form.isEditable()));
portletDef.addParameter(IPortletDefinition.CONFIGURABLE_PARAM, Boolean.toString(form.isConfigurable()));
portletDef.addParameter(IPortletDefinition.HAS_HELP_PARAM, Boolean.toString(form.isHasHelp()));
portletDef.addParameter(IPortletDefinition.HAS_ABOUT_PARAM, Boolean.toString(form.isHasAbout()));
// Now add portlet preferences
List<IPortletPreference> preferenceList = new ArrayList<>();
for (String key : form.getPortletPreferences().keySet()) {
List<String> prefValues = form.getPortletPreferences().get(key).getValue();
if (prefValues != null && prefValues.size() > 0) {
String[] values = prefValues.toArray(new String[prefValues.size()]);
BooleanAttribute readOnly = form.getPortletPreferenceReadOnly().get(key);
preferenceList.add(new PortletPreferenceImpl(key, readOnly.getValue(), values));
}
}
portletDef.setPortletPreferences(preferenceList);
// Lastly update the PortletDefinition's lifecycle state & lifecycle-related metadata
updateLifecycleState(form, portletDef, publisher);
// The final parameter of IGroupMembers is used to set the initial SUBSCRIBE permission set
portletPublishingService.savePortletDefinition(portletDef, publisher, categories, new ArrayList<>(subscribePrincipalSet));
//updatePermissions(portletDef, subscribePrincipalSet, IPermission.PORTLET_SUBSCRIBER_ACTIVITY);
updatePermissions(portletDef, browsePrincipalSet, IPermission.PORTLET_BROWSE_ACTIVITY);
return this.createPortletDefinitionForm(publisher, portletDef.getPortletDefinitionId().getStringId());
}
use of org.apereo.portal.layout.dlm.remoting.JsonEntityBean in project uPortal by Jasig.
the class EntityTargetProviderImpl method searchTargets.
/*
* (non-Javadoc)
* @see org.apereo.portal.permission.target.IPermissionTargetProvider#searchTargets(java.lang.String)
*/
public Collection<IPermissionTarget> searchTargets(String term) {
// Initialize a new collection of matching targets. We use a HashSet
// implementation here to prevent duplicate target entries.
Collection<IPermissionTarget> matching = new HashSet<IPermissionTarget>();
/*
* Attempt to find matching entities for each allowed entity type.
* Any matching entities will be added to our collection.
*/
for (TargetType targetType : allowedTargetTypes) {
Set<JsonEntityBean> entities = groupListHelper.search(targetType.toString(), term);
for (JsonEntityBean entity : entities) {
IPermissionTarget target = new PermissionTargetImpl(entity.getId(), entity.getName(), targetType);
matching.add(target);
}
}
if (IPermission.ALL_CATEGORIES_TARGET.contains(term)) {
matching.add(ALL_CATEGORIES_TARGET);
} else if (IPermission.ALL_PORTLETS_TARGET.contains(term)) {
matching.add(ALL_PORTLETS_TARGET);
} else if (IPermission.ALL_GROUPS_TARGET.contains(term)) {
matching.add(ALL_GROUPS_TARGET);
}
// return the list of matching targets
return matching;
}
use of org.apereo.portal.layout.dlm.remoting.JsonEntityBean in project uPortal by Jasig.
the class PortalPermissionEvaluator method hasPermission.
@Override
public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
if (authorizationService == null) {
authorizationService = AuthorizationService.instance();
}
final IAuthorizationPrincipal principal = getAuthorizationPrincipal(authentication);
String targetId = null;
if (targetDomainObject instanceof String) {
// Assume it already represents a valid uPortal permission target
targetId = (String) targetDomainObject;
} else if (targetDomainObject instanceof JsonEntityBean) {
// JsonEntityBean objects now have a targetString member
targetId = ((JsonEntityBean) targetDomainObject).getTargetString();
}
// if the permission is already an AuthorizableActivity, go ahead and
// use it
AuthorizableActivity activity = null;
if (permission instanceof AuthorizableActivity) {
activity = (AuthorizableActivity) permission;
} else // translate it into a permission relevant to the provided target
if (permission instanceof String) {
String activityName = (String) permission;
activity = getViewActivity(activityName, (JsonEntityBean) targetDomainObject);
} else {
throw new RuntimeException("Unable to determine permission target id for type " + targetDomainObject.getClass());
}
if (activity != null) {
final boolean hasPermission = principal.hasPermission(activity.getOwnerFname(), activity.getActivityFname(), targetId);
return hasPermission;
} else {
return false;
}
}
use of org.apereo.portal.layout.dlm.remoting.JsonEntityBean in project uPortal by Jasig.
the class GroupAdministrationHelper method updateGroupMembers.
/**
* Update the members of an existing group in the group store.
*
* @param groupForm Form representing the new group configuration
* @param updater Updating user
*/
public void updateGroupMembers(GroupForm groupForm, IPerson updater) {
if (!canEditGroup(updater, groupForm.getKey())) {
throw new RuntimeAuthorizationException(updater, IPermission.EDIT_GROUP_ACTIVITY, groupForm.getKey());
}
if (log.isDebugEnabled()) {
log.debug("Updating group members for group form [" + groupForm.toString() + "]");
}
// find the current version of this group entity
IEntityGroup group = GroupService.findGroup(groupForm.getKey());
// clear the current group membership list
for (IGroupMember child : group.getChildren()) {
group.removeChild(child);
}
// to the group
for (JsonEntityBean child : groupForm.getMembers()) {
EntityEnum type = EntityEnum.getEntityEnum(child.getEntityTypeAsString());
if (type.isGroup()) {
IEntityGroup member = GroupService.findGroup(child.getId());
group.addChild(member);
} else {
IGroupMember member = GroupService.getGroupMember(child.getId(), type.getClazz());
group.addChild(member);
}
}
// save the group, updating both its basic information and group
// membership
group.updateMembers();
}
use of org.apereo.portal.layout.dlm.remoting.JsonEntityBean in project uPortal by Jasig.
the class PrincipalsRESTController method getPrincipals.
/**
* Return a JSON view of the uPortal principals matching the supplied query string.
*
* @param query
* @param request
* @param response
* @return
* @throws Exception
*/
@PreAuthorize("hasPermission('string', 'REST', new org.apereo.portal.spring.security.evaluator.AuthorizableActivity('UP_PERMISSIONS', 'VIEW_PERMISSIONS'))")
@RequestMapping(value = "/permissions/principals.json", method = RequestMethod.GET)
public ModelAndView getPrincipals(@RequestParam(value = "q") String query, HttpServletRequest request, HttpServletResponse response) throws Exception {
/*
* Add groups and people matching the search query to the JSON model
*/
ModelAndView mv = new ModelAndView();
List<JsonEntityBean> groups = new ArrayList<JsonEntityBean>();
groups.addAll(listHelper.search(EntityEnum.GROUP.toString(), query));
Collections.sort(groups);
mv.addObject("groups", groups);
List<JsonEntityBean> people = new ArrayList<JsonEntityBean>();
people.addAll(listHelper.search(EntityEnum.PERSON.toString(), query));
Collections.sort(people);
mv.addObject("people", people);
mv.setViewName("json");
return mv;
}
Aggregations