use of org.apereo.portal.layout.dlm.remoting.JsonEntityBean in project uPortal by Jasig.
the class PortletAdministrationHelper method savePortletRegistration.
/**
* Persist a new or edited PortletDefinition from a form, replacing existing values.
*
* @param publisher {@code IPerson} that requires permission to save this definition
* @param form form data to persist
* @return new {@code PortletDefinitionForm} for this portlet ID
*/
public PortletDefinitionForm savePortletRegistration(IPerson publisher, PortletDefinitionForm form) throws Exception {
logger.trace("In savePortletRegistration() - for: {}", form.getPortletName());
// is made when the user enters the lifecycle-selection step in the wizard.)
if (!hasLifecyclePermission(publisher, form.getLifecycleState(), form.getCategories())) {
logger.warn("User '" + publisher.getUserName() + "' attempted to save the following portlet without the selected MANAGE permission: " + form);
throw new SecurityException("Not Authorized");
}
if (!form.isNew()) {
// User must have the previous lifecycle permission
// in AT LEAST ONE previous category as well
IPortletDefinition def = this.portletDefinitionRegistry.getPortletDefinition(form.getId());
Set<PortletCategory> categories = portletCategoryRegistry.getParentCategories(def);
SortedSet<JsonEntityBean> categoryBeans = new TreeSet<>();
for (PortletCategory cat : categories) {
categoryBeans.add(new JsonEntityBean(cat));
}
if (!hasLifecyclePermission(publisher, def.getLifecycleState(), categoryBeans)) {
logger.warn("User '" + publisher.getUserName() + "' attempted to save the following portlet without the previous MANAGE permission: " + form);
throw new SecurityException("Not Authorized");
}
}
if (form.isNew() || portletDefinitionRegistry.getPortletDefinition(form.getId()).getType().getId() != form.getTypeId()) {
// User must have access to the selected CPD if s/he selected it in this interaction
final int selectedTypeId = form.getTypeId();
final PortletPublishingDefinition cpd = portletPublishingDefinitionDao.getChannelPublishingDefinition(selectedTypeId);
final Map<IPortletType, PortletPublishingDefinition> allowableCpds = this.getAllowableChannelPublishingDefinitions(publisher);
if (!allowableCpds.containsValue(cpd)) {
logger.warn("User '" + publisher.getUserName() + "' attempted to administer the following portlet without the selected " + IPermission.PORTLET_MANAGER_SELECT_PORTLET_TYPE + " permission: " + form);
throw new SecurityException("Not Authorized");
}
}
// create the principal array from the form's principal list -- only principals with
// permissions
final Set<IGroupMember> subscribePrincipalSet = new HashSet<>(form.getPrincipals().size());
final Set<IGroupMember> browsePrincipalSet = new HashSet<>(form.getPrincipals().size());
final Set<IGroupMember> configurePrincipalSet = new HashSet<>(form.getPrincipals().size());
for (JsonEntityBean bean : form.getPrincipals()) {
final String subscribePerm = bean.getTypeAndIdHash() + "_" + IPermission.PORTLET_SUBSCRIBER_ACTIVITY;
final String browsePerm = bean.getTypeAndIdHash() + "_" + IPermission.PORTLET_BROWSE_ACTIVITY;
final String configurePerm = bean.getTypeAndIdHash() + "_" + IPermission.PORTLET_MODE_CONFIG;
final EntityEnum entityEnum = bean.getEntityType();
final IGroupMember principal = entityEnum.isGroup() ? (GroupService.findGroup(bean.getId())) : (GroupService.getGroupMember(bean.getId(), entityEnum.getClazz()));
if (form.getPermissions().contains(subscribePerm)) {
logger.info("In savePortletRegistration() - Found a subscribePerm for principal: {}", principal);
subscribePrincipalSet.add(principal);
}
if (form.getPermissions().contains(browsePerm)) {
logger.info("In savePortletRegistration() - Found a browsePerm for principal: {}", principal);
browsePrincipalSet.add(principal);
}
if (form.getPermissions().contains(configurePerm)) {
logger.info("In savePortletRegistration() - Found a configurePerm for principal: {}", principal);
configurePrincipalSet.add(principal);
}
}
// create the category list from the form's category bean list
List<PortletCategory> categories = new ArrayList<>();
for (JsonEntityBean category : form.getCategories()) {
String id = category.getId();
String iCatID = id.startsWith("cat") ? id.substring(3) : id;
categories.add(portletCategoryRegistry.getPortletCategory(iCatID));
}
final IPortletType portletType = portletTypeRegistry.getPortletType(form.getTypeId());
if (portletType == null) {
throw new IllegalArgumentException("No IPortletType exists for ID " + form.getTypeId());
}
IPortletDefinition portletDef;
if (form.getId() == null) {
portletDef = new PortletDefinitionImpl(portletType, form.getFname(), form.getName(), form.getTitle(), form.getApplicationId(), form.getPortletName(), form.isFramework());
} else {
portletDef = portletDefinitionRegistry.getPortletDefinition(form.getId());
portletDef.setType(portletType);
portletDef.setFName(form.getFname());
portletDef.setName(form.getName());
portletDef.setTitle(form.getTitle());
portletDef.getPortletDescriptorKey().setWebAppName(form.getApplicationId());
portletDef.getPortletDescriptorKey().setPortletName(form.getPortletName());
portletDef.getPortletDescriptorKey().setFrameworkPortlet(form.isFramework());
}
portletDef.setDescription(form.getDescription());
portletDef.setTimeout(form.getTimeout());
// portletDef reflect the state of the form, in case any have changed.
for (String key : form.getParameters().keySet()) {
String value = form.getParameters().get(key).getValue();
if (!StringUtils.isBlank(value)) {
portletDef.addParameter(key, value);
}
}
portletDef.addParameter(IPortletDefinition.EDITABLE_PARAM, Boolean.toString(form.isEditable()));
portletDef.addParameter(IPortletDefinition.CONFIGURABLE_PARAM, Boolean.toString(form.isConfigurable()));
portletDef.addParameter(IPortletDefinition.HAS_HELP_PARAM, Boolean.toString(form.isHasHelp()));
portletDef.addParameter(IPortletDefinition.HAS_ABOUT_PARAM, Boolean.toString(form.isHasAbout()));
// Now add portlet preferences
List<IPortletPreference> preferenceList = new ArrayList<>();
for (String key : form.getPortletPreferences().keySet()) {
List<String> prefValues = form.getPortletPreferences().get(key).getValue();
if (prefValues != null && prefValues.size() > 0) {
String[] values = prefValues.toArray(new String[prefValues.size()]);
BooleanAttribute readOnly = form.getPortletPreferenceReadOnly().get(key);
preferenceList.add(new PortletPreferenceImpl(key, readOnly.getValue(), values));
}
}
portletDef.setPortletPreferences(preferenceList);
// Lastly update the PortletDefinition's lifecycle state & lifecycle-related metadata
updateLifecycleState(form, portletDef, publisher);
// The final parameter of IGroupMembers is used to set the initial SUBSCRIBE permission set
portletPublishingService.savePortletDefinition(portletDef, publisher, categories, new ArrayList<>(subscribePrincipalSet));
// updatePermissions(portletDef, subscribePrincipalSet,
// IPermission.PORTLET_SUBSCRIBER_ACTIVITY);
updatePermissions(portletDef, browsePrincipalSet, IPermission.PORTAL_SUBSCRIBE, IPermission.PORTLET_BROWSE_ACTIVITY);
updatePermissions(portletDef, configurePrincipalSet, IPermission.PORTAL_PUBLISH, IPermission.PORTLET_MODE_CONFIG);
return this.createPortletDefinitionForm(publisher, portletDef.getPortletDefinitionId().getStringId());
}
use of org.apereo.portal.layout.dlm.remoting.JsonEntityBean in project uPortal by Jasig.
the class PortletAdministrationHelper method addPrincipalPermissionsToForm.
/*
* Add to the form SUBSCRIBE, BROWSE, and CONFIGURE activity permissions, along with their principals,
* assigned to the portlet.
*/
private void addPrincipalPermissionsToForm(IPortletDefinition def, PortletDefinitionForm form) {
final String portletTargetId = PermissionHelper.permissionTargetIdForPortletDefinition(def);
final Set<JsonEntityBean> principalBeans = new HashSet<>();
Map<String, IPermissionManager> permManagers = new HashMap<>();
for (PortletPermissionsOnForm perm : PortletPermissionsOnForm.values()) {
if (!permManagers.containsKey(perm.getOwner())) {
permManagers.put(perm.getOwner(), authorizationService.newPermissionManager(perm.getOwner()));
}
final IPermissionManager pm = permManagers.get(perm.getOwner());
/* Obtain the principals that have permission for the activity on this portlet */
final IAuthorizationPrincipal[] principals = pm.getAuthorizedPrincipals(perm.getActivity(), portletTargetId);
for (IAuthorizationPrincipal principal : principals) {
JsonEntityBean principalBean;
// first assume this is a group
final IEntityGroup group = GroupService.findGroup(principal.getKey());
if (group != null) {
// principal is a group
principalBean = new JsonEntityBean(group, EntityEnum.GROUP);
} else {
// not a group, so it must be a person
final IGroupMember member = authorizationService.getGroupMember(principal);
principalBean = new JsonEntityBean(member, EntityEnum.PERSON);
// set the name
final String name = groupListHelper.lookupEntityName(principalBean);
principalBean.setName(name);
}
principalBeans.add(principalBean);
form.addPermission(principalBean.getTypeAndIdHash() + "_" + perm.getActivity());
}
}
form.setPrincipals(principalBeans, false);
}
use of org.apereo.portal.layout.dlm.remoting.JsonEntityBean in project uPortal by Jasig.
the class EntityTargetProviderImpl method searchTargets.
/*
* (non-Javadoc)
* @see org.apereo.portal.permission.target.IPermissionTargetProvider#searchTargets(java.lang.String)
*/
@Override
public Collection<IPermissionTarget> searchTargets(String term) {
// Initialize a new collection of matching targets. We use a HashSet
// implementation here to prevent duplicate target entries.
Collection<IPermissionTarget> matching = new HashSet<IPermissionTarget>();
/*
* Attempt to find matching entities for each allowed entity type.
* Any matching entities will be added to our collection.
*/
for (TargetType targetType : allowedTargetTypes) {
Set<JsonEntityBean> entities = groupListHelper.search(targetType.toString(), term);
for (JsonEntityBean entity : entities) {
IPermissionTarget target = new PermissionTargetImpl(entity.getId(), entity.getName(), targetType);
matching.add(target);
}
}
if (IPermission.ALL_CATEGORIES_TARGET.contains(term)) {
matching.add(ALL_CATEGORIES_TARGET);
} else if (IPermission.ALL_PORTLETS_TARGET.contains(term)) {
matching.add(ALL_PORTLETS_TARGET);
} else if (IPermission.ALL_GROUPS_TARGET.contains(term)) {
matching.add(ALL_GROUPS_TARGET);
}
// return the list of matching targets
return matching;
}
use of org.apereo.portal.layout.dlm.remoting.JsonEntityBean in project uPortal by Jasig.
the class PortalPermissionEvaluator method hasPermission.
@Override
public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
if (authorizationServiceFacade == null) {
authorizationServiceFacade = AuthorizationServiceFacade.instance();
}
final IAuthorizationPrincipal principal = getAuthorizationPrincipal(authentication);
String targetId = null;
if (targetDomainObject instanceof String) {
// Assume it already represents a valid uPortal permission target
targetId = (String) targetDomainObject;
} else if (targetDomainObject instanceof JsonEntityBean) {
// JsonEntityBean objects now have a targetString member
targetId = ((JsonEntityBean) targetDomainObject).getTargetString();
}
// if the permission is already an AuthorizableActivity, go ahead and
// use it
AuthorizableActivity activity = null;
if (permission instanceof AuthorizableActivity) {
activity = (AuthorizableActivity) permission;
} else // translate it into a permission relevant to the provided target
if (permission instanceof String) {
String activityName = (String) permission;
activity = getViewActivity(activityName, (JsonEntityBean) targetDomainObject);
} else {
throw new RuntimeException("Unable to determine permission target id for type " + targetDomainObject.getClass());
}
logger.trace("In hasPermission() - principal=[{}], owner=[{}], activity=[{}], targetId=[{}] ", principal, activity.getOwnerFname(), activity.getActivityFname(), targetId);
if (activity != null) {
final boolean hasPermission = principal.hasPermission(activity.getOwnerFname(), activity.getActivityFname(), targetId);
return hasPermission;
} else {
return false;
}
}
use of org.apereo.portal.layout.dlm.remoting.JsonEntityBean in project uPortal by Jasig.
the class UserAccountHelper method getParentGroups.
public List<JsonEntityBean> getParentGroups(String target) {
IGroupMember member = GroupService.getEntity(target, IPerson.class);
List<JsonEntityBean> parents = new ArrayList<>();
for (IEntityGroup ancestor : member.getAncestorGroups()) {
parents.add(groupListHelper.getEntity(ancestor));
}
Collections.sort(parents);
return parents;
}
Aggregations