Search in sources :

Example 36 with JsonEntityBean

use of org.apereo.portal.layout.dlm.remoting.JsonEntityBean in project uPortal by Jasig.

the class PortletAdministrationHelper method savePortletRegistration.

/**
 * Persist a new or edited PortletDefinition from a form, replacing existing values.
 *
 * @param publisher {@code IPerson} that requires permission to save this definition
 * @param form form data to persist
 * @return new {@code PortletDefinitionForm} for this portlet ID
 */
public PortletDefinitionForm savePortletRegistration(IPerson publisher, PortletDefinitionForm form) throws Exception {
    logger.trace("In savePortletRegistration() - for: {}", form.getPortletName());
    // is made when the user enters the lifecycle-selection step in the wizard.)
    if (!hasLifecyclePermission(publisher, form.getLifecycleState(), form.getCategories())) {
        logger.warn("User '" + publisher.getUserName() + "' attempted to save the following portlet without the selected MANAGE permission:  " + form);
        throw new SecurityException("Not Authorized");
    }
    if (!form.isNew()) {
        // User must have the previous lifecycle permission
        // in AT LEAST ONE previous category as well
        IPortletDefinition def = this.portletDefinitionRegistry.getPortletDefinition(form.getId());
        Set<PortletCategory> categories = portletCategoryRegistry.getParentCategories(def);
        SortedSet<JsonEntityBean> categoryBeans = new TreeSet<>();
        for (PortletCategory cat : categories) {
            categoryBeans.add(new JsonEntityBean(cat));
        }
        if (!hasLifecyclePermission(publisher, def.getLifecycleState(), categoryBeans)) {
            logger.warn("User '" + publisher.getUserName() + "' attempted to save the following portlet without the previous MANAGE permission:  " + form);
            throw new SecurityException("Not Authorized");
        }
    }
    if (form.isNew() || portletDefinitionRegistry.getPortletDefinition(form.getId()).getType().getId() != form.getTypeId()) {
        // User must have access to the selected CPD if s/he selected it in this interaction
        final int selectedTypeId = form.getTypeId();
        final PortletPublishingDefinition cpd = portletPublishingDefinitionDao.getChannelPublishingDefinition(selectedTypeId);
        final Map<IPortletType, PortletPublishingDefinition> allowableCpds = this.getAllowableChannelPublishingDefinitions(publisher);
        if (!allowableCpds.containsValue(cpd)) {
            logger.warn("User '" + publisher.getUserName() + "' attempted to administer the following portlet without the selected " + IPermission.PORTLET_MANAGER_SELECT_PORTLET_TYPE + " permission:  " + form);
            throw new SecurityException("Not Authorized");
        }
    }
    // create the principal array from the form's principal list -- only principals with
    // permissions
    final Set<IGroupMember> subscribePrincipalSet = new HashSet<>(form.getPrincipals().size());
    final Set<IGroupMember> browsePrincipalSet = new HashSet<>(form.getPrincipals().size());
    final Set<IGroupMember> configurePrincipalSet = new HashSet<>(form.getPrincipals().size());
    for (JsonEntityBean bean : form.getPrincipals()) {
        final String subscribePerm = bean.getTypeAndIdHash() + "_" + IPermission.PORTLET_SUBSCRIBER_ACTIVITY;
        final String browsePerm = bean.getTypeAndIdHash() + "_" + IPermission.PORTLET_BROWSE_ACTIVITY;
        final String configurePerm = bean.getTypeAndIdHash() + "_" + IPermission.PORTLET_MODE_CONFIG;
        final EntityEnum entityEnum = bean.getEntityType();
        final IGroupMember principal = entityEnum.isGroup() ? (GroupService.findGroup(bean.getId())) : (GroupService.getGroupMember(bean.getId(), entityEnum.getClazz()));
        if (form.getPermissions().contains(subscribePerm)) {
            logger.info("In savePortletRegistration() - Found a subscribePerm for principal: {}", principal);
            subscribePrincipalSet.add(principal);
        }
        if (form.getPermissions().contains(browsePerm)) {
            logger.info("In savePortletRegistration() - Found a browsePerm for principal: {}", principal);
            browsePrincipalSet.add(principal);
        }
        if (form.getPermissions().contains(configurePerm)) {
            logger.info("In savePortletRegistration() - Found a configurePerm for principal: {}", principal);
            configurePrincipalSet.add(principal);
        }
    }
    // create the category list from the form's category bean list
    List<PortletCategory> categories = new ArrayList<>();
    for (JsonEntityBean category : form.getCategories()) {
        String id = category.getId();
        String iCatID = id.startsWith("cat") ? id.substring(3) : id;
        categories.add(portletCategoryRegistry.getPortletCategory(iCatID));
    }
    final IPortletType portletType = portletTypeRegistry.getPortletType(form.getTypeId());
    if (portletType == null) {
        throw new IllegalArgumentException("No IPortletType exists for ID " + form.getTypeId());
    }
    IPortletDefinition portletDef;
    if (form.getId() == null) {
        portletDef = new PortletDefinitionImpl(portletType, form.getFname(), form.getName(), form.getTitle(), form.getApplicationId(), form.getPortletName(), form.isFramework());
    } else {
        portletDef = portletDefinitionRegistry.getPortletDefinition(form.getId());
        portletDef.setType(portletType);
        portletDef.setFName(form.getFname());
        portletDef.setName(form.getName());
        portletDef.setTitle(form.getTitle());
        portletDef.getPortletDescriptorKey().setWebAppName(form.getApplicationId());
        portletDef.getPortletDescriptorKey().setPortletName(form.getPortletName());
        portletDef.getPortletDescriptorKey().setFrameworkPortlet(form.isFramework());
    }
    portletDef.setDescription(form.getDescription());
    portletDef.setTimeout(form.getTimeout());
    // portletDef reflect the state of the form, in case any have changed.
    for (String key : form.getParameters().keySet()) {
        String value = form.getParameters().get(key).getValue();
        if (!StringUtils.isBlank(value)) {
            portletDef.addParameter(key, value);
        }
    }
    portletDef.addParameter(IPortletDefinition.EDITABLE_PARAM, Boolean.toString(form.isEditable()));
    portletDef.addParameter(IPortletDefinition.CONFIGURABLE_PARAM, Boolean.toString(form.isConfigurable()));
    portletDef.addParameter(IPortletDefinition.HAS_HELP_PARAM, Boolean.toString(form.isHasHelp()));
    portletDef.addParameter(IPortletDefinition.HAS_ABOUT_PARAM, Boolean.toString(form.isHasAbout()));
    // Now add portlet preferences
    List<IPortletPreference> preferenceList = new ArrayList<>();
    for (String key : form.getPortletPreferences().keySet()) {
        List<String> prefValues = form.getPortletPreferences().get(key).getValue();
        if (prefValues != null && prefValues.size() > 0) {
            String[] values = prefValues.toArray(new String[prefValues.size()]);
            BooleanAttribute readOnly = form.getPortletPreferenceReadOnly().get(key);
            preferenceList.add(new PortletPreferenceImpl(key, readOnly.getValue(), values));
        }
    }
    portletDef.setPortletPreferences(preferenceList);
    // Lastly update the PortletDefinition's lifecycle state & lifecycle-related metadata
    updateLifecycleState(form, portletDef, publisher);
    // The final parameter of IGroupMembers is used to set the initial SUBSCRIBE permission set
    portletPublishingService.savePortletDefinition(portletDef, publisher, categories, new ArrayList<>(subscribePrincipalSet));
    // updatePermissions(portletDef, subscribePrincipalSet,
    // IPermission.PORTLET_SUBSCRIBER_ACTIVITY);
    updatePermissions(portletDef, browsePrincipalSet, IPermission.PORTAL_SUBSCRIBE, IPermission.PORTLET_BROWSE_ACTIVITY);
    updatePermissions(portletDef, configurePrincipalSet, IPermission.PORTAL_PUBLISH, IPermission.PORTLET_MODE_CONFIG);
    return this.createPortletDefinitionForm(publisher, portletDef.getPortletDefinitionId().getStringId());
}
Also used : BooleanAttribute(org.apereo.portal.portlets.BooleanAttribute) EntityEnum(org.apereo.portal.portlets.groupselector.EntityEnum) IPortletPreference(org.apereo.portal.portlet.om.IPortletPreference) ArrayList(java.util.ArrayList) PortletPublishingDefinition(org.apereo.portal.portletpublishing.xml.PortletPublishingDefinition) TreeSet(java.util.TreeSet) PortletPreferenceImpl(org.apereo.portal.portlet.dao.jpa.PortletPreferenceImpl) IPortletDefinition(org.apereo.portal.portlet.om.IPortletDefinition) PortletCategory(org.apereo.portal.portlet.om.PortletCategory) HashSet(java.util.HashSet) IGroupMember(org.apereo.portal.groups.IGroupMember) JsonEntityBean(org.apereo.portal.layout.dlm.remoting.JsonEntityBean) IPortletType(org.apereo.portal.portlet.om.IPortletType) PortletDefinitionImpl(org.apereo.portal.portlet.dao.jpa.PortletDefinitionImpl)

Example 37 with JsonEntityBean

use of org.apereo.portal.layout.dlm.remoting.JsonEntityBean in project uPortal by Jasig.

the class PortletAdministrationHelper method addPrincipalPermissionsToForm.

/*
     * Add to the form SUBSCRIBE, BROWSE, and CONFIGURE activity permissions, along with their principals,
     * assigned to the portlet.
     */
private void addPrincipalPermissionsToForm(IPortletDefinition def, PortletDefinitionForm form) {
    final String portletTargetId = PermissionHelper.permissionTargetIdForPortletDefinition(def);
    final Set<JsonEntityBean> principalBeans = new HashSet<>();
    Map<String, IPermissionManager> permManagers = new HashMap<>();
    for (PortletPermissionsOnForm perm : PortletPermissionsOnForm.values()) {
        if (!permManagers.containsKey(perm.getOwner())) {
            permManagers.put(perm.getOwner(), authorizationService.newPermissionManager(perm.getOwner()));
        }
        final IPermissionManager pm = permManagers.get(perm.getOwner());
        /* Obtain the principals that have permission for the activity on this portlet */
        final IAuthorizationPrincipal[] principals = pm.getAuthorizedPrincipals(perm.getActivity(), portletTargetId);
        for (IAuthorizationPrincipal principal : principals) {
            JsonEntityBean principalBean;
            // first assume this is a group
            final IEntityGroup group = GroupService.findGroup(principal.getKey());
            if (group != null) {
                // principal is a group
                principalBean = new JsonEntityBean(group, EntityEnum.GROUP);
            } else {
                // not a group, so it must be a person
                final IGroupMember member = authorizationService.getGroupMember(principal);
                principalBean = new JsonEntityBean(member, EntityEnum.PERSON);
                // set the name
                final String name = groupListHelper.lookupEntityName(principalBean);
                principalBean.setName(name);
            }
            principalBeans.add(principalBean);
            form.addPermission(principalBean.getTypeAndIdHash() + "_" + perm.getActivity());
        }
    }
    form.setPrincipals(principalBeans, false);
}
Also used : IPermissionManager(org.apereo.portal.security.IPermissionManager) IEntityGroup(org.apereo.portal.groups.IEntityGroup) IGroupMember(org.apereo.portal.groups.IGroupMember) JsonEntityBean(org.apereo.portal.layout.dlm.remoting.JsonEntityBean) HashMap(java.util.HashMap) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal) HashSet(java.util.HashSet)

Example 38 with JsonEntityBean

use of org.apereo.portal.layout.dlm.remoting.JsonEntityBean in project uPortal by Jasig.

the class EntityTargetProviderImpl method searchTargets.

/*
     * (non-Javadoc)
     * @see org.apereo.portal.permission.target.IPermissionTargetProvider#searchTargets(java.lang.String)
     */
@Override
public Collection<IPermissionTarget> searchTargets(String term) {
    // Initialize a new collection of matching targets.  We use a HashSet
    // implementation here to prevent duplicate target entries.
    Collection<IPermissionTarget> matching = new HashSet<IPermissionTarget>();
    /*
         * Attempt to find matching entities for each allowed entity type.
         * Any matching entities will be added to our collection.
         */
    for (TargetType targetType : allowedTargetTypes) {
        Set<JsonEntityBean> entities = groupListHelper.search(targetType.toString(), term);
        for (JsonEntityBean entity : entities) {
            IPermissionTarget target = new PermissionTargetImpl(entity.getId(), entity.getName(), targetType);
            matching.add(target);
        }
    }
    if (IPermission.ALL_CATEGORIES_TARGET.contains(term)) {
        matching.add(ALL_CATEGORIES_TARGET);
    } else if (IPermission.ALL_PORTLETS_TARGET.contains(term)) {
        matching.add(ALL_PORTLETS_TARGET);
    } else if (IPermission.ALL_GROUPS_TARGET.contains(term)) {
        matching.add(ALL_GROUPS_TARGET);
    }
    // return the list of matching targets
    return matching;
}
Also used : JsonEntityBean(org.apereo.portal.layout.dlm.remoting.JsonEntityBean) TargetType(org.apereo.portal.permission.target.IPermissionTarget.TargetType) HashSet(java.util.HashSet)

Example 39 with JsonEntityBean

use of org.apereo.portal.layout.dlm.remoting.JsonEntityBean in project uPortal by Jasig.

the class PortalPermissionEvaluator method hasPermission.

@Override
public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
    if (authorizationServiceFacade == null) {
        authorizationServiceFacade = AuthorizationServiceFacade.instance();
    }
    final IAuthorizationPrincipal principal = getAuthorizationPrincipal(authentication);
    String targetId = null;
    if (targetDomainObject instanceof String) {
        // Assume it already represents a valid uPortal permission target
        targetId = (String) targetDomainObject;
    } else if (targetDomainObject instanceof JsonEntityBean) {
        // JsonEntityBean objects now have a targetString member
        targetId = ((JsonEntityBean) targetDomainObject).getTargetString();
    }
    // if the permission is already an AuthorizableActivity, go ahead and
    // use it
    AuthorizableActivity activity = null;
    if (permission instanceof AuthorizableActivity) {
        activity = (AuthorizableActivity) permission;
    } else // translate it into a permission relevant to the provided target
    if (permission instanceof String) {
        String activityName = (String) permission;
        activity = getViewActivity(activityName, (JsonEntityBean) targetDomainObject);
    } else {
        throw new RuntimeException("Unable to determine permission target id for type " + targetDomainObject.getClass());
    }
    logger.trace("In hasPermission() - principal=[{}], owner=[{}], activity=[{}], targetId=[{}] ", principal, activity.getOwnerFname(), activity.getActivityFname(), targetId);
    if (activity != null) {
        final boolean hasPermission = principal.hasPermission(activity.getOwnerFname(), activity.getActivityFname(), targetId);
        return hasPermission;
    } else {
        return false;
    }
}
Also used : JsonEntityBean(org.apereo.portal.layout.dlm.remoting.JsonEntityBean) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)

Example 40 with JsonEntityBean

use of org.apereo.portal.layout.dlm.remoting.JsonEntityBean in project uPortal by Jasig.

the class UserAccountHelper method getParentGroups.

public List<JsonEntityBean> getParentGroups(String target) {
    IGroupMember member = GroupService.getEntity(target, IPerson.class);
    List<JsonEntityBean> parents = new ArrayList<>();
    for (IEntityGroup ancestor : member.getAncestorGroups()) {
        parents.add(groupListHelper.getEntity(ancestor));
    }
    Collections.sort(parents);
    return parents;
}
Also used : IEntityGroup(org.apereo.portal.groups.IEntityGroup) IGroupMember(org.apereo.portal.groups.IGroupMember) JsonEntityBean(org.apereo.portal.layout.dlm.remoting.JsonEntityBean) ArrayList(java.util.ArrayList)

Aggregations

JsonEntityBean (org.apereo.portal.layout.dlm.remoting.JsonEntityBean)86 Test (org.junit.Test)53 EntityEnum (org.apereo.portal.portlets.groupselector.EntityEnum)13 ModelAndView (org.springframework.web.servlet.ModelAndView)10 IEntityGroup (org.apereo.portal.groups.IEntityGroup)9 IGroupMember (org.apereo.portal.groups.IGroupMember)9 IAuthorizationPrincipal (org.apereo.portal.security.IAuthorizationPrincipal)9 ArrayList (java.util.ArrayList)7 HashSet (java.util.HashSet)7 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)7 IPermission (org.apereo.portal.security.IPermission)4 PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)4 List (java.util.List)3 IPermissionTarget (org.apereo.portal.permission.target.IPermissionTarget)3 PortletCategory (org.apereo.portal.portlet.om.PortletCategory)3 IPerson (org.apereo.portal.security.IPerson)3 Collection (java.util.Collection)2 HashMap (java.util.HashMap)2 GroupListHelperImpl (org.apereo.portal.layout.dlm.remoting.GroupListHelperImpl)2 IPermissionActivity (org.apereo.portal.permission.IPermissionActivity)2