Example 6 with IPermissionActivity
use of org.apereo.portal.permission.IPermissionActivity in project uPortal by Jasig.
the class PermissionsRESTControllerTest method testGetActivitiesEmpty.
@Test
public void testGetActivitiesEmpty() {
String query = "activity1";
Mockito.when(permissionOwnerDao.getAllPermissionOwners()).thenReturn(Collections.EMPTY_LIST);
ModelAndView modelAndView = permissionsRESTController.getActivities(query);
List<IPermissionActivity> activities = (List<IPermissionActivity>) modelAndView.getModel().get("activities");
Assert.assertTrue(activities.isEmpty());
Assert.assertEquals(200, res.getStatus());
}
Also used :
IPermissionActivity(org.apereo.portal.permission.IPermissionActivity)
ModelAndView(org.springframework.web.servlet.ModelAndView)
ArrayList(java.util.ArrayList)
List(java.util.List)
Test(org.junit.Test)
Example 7 with IPermissionActivity
use of org.apereo.portal.permission.IPermissionActivity in project uPortal by Jasig.
the class PermissionsRESTController method getPermissionForPrincipal.
private JsonPermission getPermissionForPrincipal(UniquePermission permission, JsonEntityBean entity) {
JsonPermission perm = new JsonPermission();
perm.setOwnerKey(permission.getOwner());
perm.setActivityKey(permission.getActivity());
perm.setTargetKey(permission.getIdentifier());
perm.setPrincipalKey(entity.getId());
perm.setPrincipalName(entity.getName());
perm.setInherited(permission.isInherited());
try {
IPermissionOwner owner = permissionOwnerDao.getPermissionOwner(permission.getOwner());
if (owner != null) {
perm.setOwnerName(owner.getName());
}
IPermissionActivity activity = permissionOwnerDao.getPermissionActivity(permission.getOwner(), permission.getActivity());
if (activity != null) {
perm.setActivityName(activity.getName());
IPermissionTargetProvider targetProvider = targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey());
if (targetProvider != null) {
IPermissionTarget target = targetProvider.getTarget(permission.getIdentifier());
if (target != null) {
perm.setTargetName(target.getName());
}
}
}
} catch (RuntimeException e) {
log.warn("Exception while adding permission", e);
}
return perm;
}
Also used :
IPermissionActivity(org.apereo.portal.permission.IPermissionActivity)
IPermissionTarget(org.apereo.portal.permission.target.IPermissionTarget)
IPermissionTargetProvider(org.apereo.portal.permission.target.IPermissionTargetProvider)
IPermissionOwner(org.apereo.portal.permission.IPermissionOwner)
Example 8 with IPermissionActivity
use of org.apereo.portal.permission.IPermissionActivity in project uPortal by Jasig.
the class PermissionsRESTController method getPermissionOnTarget.
private JsonPermission getPermissionOnTarget(UniquePermission permission, JsonEntityBean entity) {
JsonPermission perm = new JsonPermission();
perm.setOwnerKey(permission.getOwner());
perm.setActivityKey(permission.getActivity());
perm.setTargetKey(entity.getId());
perm.setTargetName(entity.getName());
perm.setInherited(permission.isInherited());
try {
IPermissionOwner owner = permissionOwnerDao.getPermissionOwner(permission.getOwner());
if (owner != null) {
perm.setOwnerName(owner.getName());
} else {
perm.setOwnerName(permission.getOwner());
}
IPermissionActivity activity = permissionOwnerDao.getPermissionActivity(permission.getOwner(), permission.getActivity());
if (activity != null) {
perm.setActivityName(activity.getName());
} else {
perm.setActivityName(permission.getActivity());
}
JsonEntityBean principal = groupListHelper.getEntityForPrincipal(permission.getIdentifier());
if (principal != null) {
perm.setPrincipalKey(principal.getId());
perm.setPrincipalName(principal.getName());
}
} catch (RuntimeException e) {
log.warn("Exception while adding permission", e);
}
return perm;
}
Also used :
IPermissionActivity(org.apereo.portal.permission.IPermissionActivity)
JsonEntityBean(org.apereo.portal.layout.dlm.remoting.JsonEntityBean)
IPermissionOwner(org.apereo.portal.permission.IPermissionOwner)
Example 9 with IPermissionActivity
use of org.apereo.portal.permission.IPermissionActivity in project uPortal by Jasig.
the class AnyUnblockedGrantPermissionPolicy method doesPrincipalHavePermission.
@Override
public boolean doesPrincipalHavePermission(IAuthorizationService service, IAuthorizationPrincipal principal, IPermissionOwner owner, IPermissionActivity activity, IPermissionTarget target) throws AuthorizationException {
/*
* The API states that the service, owner, and activity arguments must
* not be null. If for some reason they are null, log and fail closed.
* In our case, the principal and target must also be non-null.
*/
if (service == null || principal == null || owner == null || activity == null || target == null) {
log.error("Null argument to AnyUnblockedGrantPermissionPolicy doesPrincipalHavePermission() method " + "should not be possible. This is indicative of a potentially serious bug in the permissions " + "and authorization infrastructure; service='{}', principal='{}', owner='{}', activity='{}', " + "target='{}'", service, principal, owner, activity, target, new AuthorizationException("Null argument"));
// fail closed
return false;
}
// Is this user a super-user? (Should this logic be moved to AuthorizationImpl?)
final IPermissionActivity allPermissionsActivity = permissionOwnerDao.getPermissionActivity(IPermission.PORTAL_SYSTEM, IPermission.ALL_PERMISSIONS_ACTIVITY);
if (!activity.equals(allPermissionsActivity)) {
// NOTE: Must check to avoid infinite recursion
final IPermissionOwner allPermissionsOwner = permissionOwnerDao.getPermissionOwner(IPermission.PORTAL_SYSTEM);
final IPermissionTarget allPermissionsTarget = targetProviderRegistry.getTargetProvider(allPermissionsActivity.getTargetProviderKey()).getTarget(IPermission.ALL_TARGET);
if (doesPrincipalHavePermission(service, principal, allPermissionsOwner, allPermissionsActivity, allPermissionsTarget)) {
// Stop checking; just return true
return true;
}
}
/*
* uPortal uses a few "special" targets that signal permission to
* perform the specified activity over an entire class of targets;
* see if one of those applies in this case.
*/
IPermissionTarget collectiveTarget = // The "collective noun" representing a class of thing
null;
switch(target.getTargetType()) {
case PORTLET:
collectiveTarget = targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey()).getTarget(IPermission.ALL_PORTLETS_TARGET);
break;
case CATEGORY:
collectiveTarget = targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey()).getTarget(IPermission.ALL_CATEGORIES_TARGET);
break;
case GROUP:
collectiveTarget = targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey()).getTarget(IPermission.ALL_GROUPS_TARGET);
break;
default:
}
/*
* NOTE: Cannot generalize to a collective target if we are already on
* the collective target, else StackOverflowError.
*/
if (collectiveTarget != null && !collectiveTarget.equals(target)) {
if (doesPrincipalHavePermission(service, principal, owner, activity, collectiveTarget)) {
/*
* There is a collective for this class of target,
* and the user DOES have this special permission
*/
return true;
}
}
// Search ourselves and all ancestors for an unblocked GRANT.
boolean rslt;
try {
// Track groups we've already explored to avoid infinite loop
final Set<IGroupMember> seenGroups = new HashSet<>();
rslt = hasUnblockedPathToGrantWithCache(service, principal, owner, activity, target, seenGroups);
} catch (Exception e) {
log.error("Error searching for unblocked path to grant for principal [" + principal + "]", e);
// fail closed
return false;
}
if (log.isTraceEnabled()) {
if (rslt) {
log.trace("Principal '{}' is granted permission to perform activity " + "'{}' on target '{}' under permission owning system '{}' " + "because this principal has an unblocked path to a GRANT.", principal, activity.getFname(), target.getKey(), owner.getFname());
} else {
log.trace("Principal '{}' is denied permission to perform activity '{}' " + "on target '{}' under permission owning system '{}' because this " + "principal does not have an unblocked path to a GRANT.", principal, activity.getFname(), target.getKey(), owner.getFname());
}
}
return rslt;
}
Also used :
IPermissionActivity(org.apereo.portal.permission.IPermissionActivity)
IGroupMember(org.apereo.portal.groups.IGroupMember)
AuthorizationException(org.apereo.portal.AuthorizationException)
IPermissionTarget(org.apereo.portal.permission.target.IPermissionTarget)
AuthorizationException(org.apereo.portal.AuthorizationException)
GroupsException(org.apereo.portal.groups.GroupsException)
IPermissionOwner(org.apereo.portal.permission.IPermissionOwner)
HashSet(java.util.HashSet)
Example 10 with IPermissionActivity
use of org.apereo.portal.permission.IPermissionActivity in project uPortal by Jasig.
the class JpaPermissionOwnerDao method getOrCreatePermissionActivity.
@Override
@PortalTransactional
public IPermissionActivity getOrCreatePermissionActivity(IPermissionOwner owner, String name, String fname, String targetProviderKey) {
IPermissionActivity activity = getPermissionActivity(owner.getId(), fname);
if (activity == null) {
activity = new PermissionActivityImpl(name, fname, targetProviderKey);
owner.getActivities().add(activity);
}
return activity;
}
Also used :
IPermissionActivity(org.apereo.portal.permission.IPermissionActivity)
Aggregations
IPermissionActivity (org.apereo.portal.permission.IPermissionActivity)19
IPermissionOwner (org.apereo.portal.permission.IPermissionOwner)11
IPermissionTarget (org.apereo.portal.permission.target.IPermissionTarget)9
IPermissionTargetProvider (org.apereo.portal.permission.target.IPermissionTargetProvider)9
ModelAndView (org.springframework.web.servlet.ModelAndView)8
ArrayList (java.util.ArrayList)6
Test (org.junit.Test)4
PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)4
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)4
Collection (java.util.Collection)2
HashMap (java.util.HashMap)2
HashSet (java.util.HashSet)2
List (java.util.List)2
Map (java.util.Map)2
TreeSet (java.util.TreeSet)2
Element (net.sf.ehcache.Element)2
IEntityGroup (org.apereo.portal.groups.IEntityGroup)2
IGroupMember (org.apereo.portal.groups.IGroupMember)2
JsonEntityBean (org.apereo.portal.layout.dlm.remoting.JsonEntityBean)2
IPermission (org.apereo.portal.security.IPermission)2
