Examples with IPermissionOwner org.apereo.portal.permission.IPermissionOwner used on opensource projects

Example 1 with IPermissionOwner

use of org.apereo.portal.permission.IPermissionOwner in project uPortal by Jasig.

the class JpaPermissionOwnerDao method getOrCreatePermissionOwner.

@Override
@PortalTransactional
public IPermissionOwner getOrCreatePermissionOwner(String name, String fname) {
    IPermissionOwner owner = getPermissionOwner(fname);
    if (owner == null) {
        owner = new PermissionOwnerImpl(name, fname);
        this.getEntityManager().persist(owner);
    }
    return owner;
}

Example 2 with IPermissionOwner

use of org.apereo.portal.permission.IPermissionOwner in project uPortal by Jasig.

the class AnyUnblockedGrantPermissionPolicy method doesPrincipalHavePermission.

public boolean doesPrincipalHavePermission(IAuthorizationService service, IAuthorizationPrincipal principal, IPermissionOwner owner, IPermissionActivity activity, IPermissionTarget target) throws AuthorizationException {
    /*
         * The API states that the service, owner, and activity arguments must
         * not be null. If for some reason they are null, log and fail closed.
         * In our case, the principal and target must also be non-null.
         */
    if (service == null || principal == null || owner == null || activity == null || target == null) {
        log.error("Null argument to AnyUnblockedGrantPermissionPolicy doesPrincipalHavePermission() method " + "should not be possible.  This is indicative of a potentially serious bug in the permissions " + "and authorization infrastructure;  service='{}', principal='{}', owner='{}', activity='{}', " + "target='{}'", service, principal, owner, activity, target);
        // fail closed
        return false;
    }
    // Is this user a super-user?  (Should this logic be moved to AuthorizationImpl?)
    final IPermissionActivity allPermissionsActivity = permissionOwnerDao.getPermissionActivity(IPermission.PORTAL_SYSTEM, IPermission.ALL_PERMISSIONS_ACTIVITY);
    if (!activity.equals(allPermissionsActivity)) {
        // NOTE:  Must check to avoid infinite recursion
        final IPermissionOwner allPermissionsOwner = permissionOwnerDao.getPermissionOwner(IPermission.PORTAL_SYSTEM);
        final IPermissionTarget allPermissionsTarget = targetProviderRegistry.getTargetProvider(allPermissionsActivity.getTargetProviderKey()).getTarget(IPermission.ALL_TARGET);
        if (doesPrincipalHavePermission(service, principal, allPermissionsOwner, allPermissionsActivity, allPermissionsTarget)) {
            // Stop checking;  just return true
            return true;
        }
    }
    /*
         * uPortal uses a few "special" targets that signal permission to
         * perform the specified activity over an entire class of targets;
         * see if one of those applies in this case.
         */
    IPermissionTarget collectiveTarget = // The "collective noun" representing a class of thing
    null;
    switch(target.getTargetType()) {
        case PORTLET:
            collectiveTarget = targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey()).getTarget(IPermission.ALL_PORTLETS_TARGET);
            break;
        case CATEGORY:
            collectiveTarget = targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey()).getTarget(IPermission.ALL_CATEGORIES_TARGET);
            break;
        case GROUP:
            collectiveTarget = targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey()).getTarget(IPermission.ALL_GROUPS_TARGET);
            break;
        default:
    }
    /*
         * NOTE:  Cannot generalize to a collective target if we are already on
         * the collective target, else StackOverflowError.
         */
    if (collectiveTarget != null && !collectiveTarget.equals(target)) {
        if (doesPrincipalHavePermission(service, principal, owner, activity, collectiveTarget)) {
            /*
                 * There is a collective for this class of target,
                 * and the user DOES have this special permission
                 */
            return true;
        }
    }
    // Search ourselves and all ancestors for an unblocked GRANT.
    boolean rslt;
    try {
        // Track groups we've already explored to avoid infinite loop
        final Set<IGroupMember> seenGroups = new HashSet<>();
        rslt = hasUnblockedPathToGrantWithCache(service, principal, owner, activity, target, seenGroups);
    } catch (Exception e) {
        log.error("Error searching for unblocked path to grant for principal [" + principal + "]", e);
        // fail closed
        return false;
    }
    if (log.isTraceEnabled()) {
        if (rslt) {
            log.trace("Principal '{}' is granted permission to perform activity " + "'{}' on target '{}' under permission owning system '{}' " + "because this principal has an unblocked path to a GRANT.", principal, activity.getFname(), target.getKey(), owner.getFname());
        } else {
            log.trace("Principal '{}' is denied permission to perform activity '{}' " + "on target '{}' under permission owning system '{}' because this " + "principal does not have an unblocked path to a GRANT.", principal, activity.getFname(), target.getKey(), owner.getFname());
        }
    }
    return rslt;
}

Example 3 with IPermissionOwner

use of org.apereo.portal.permission.IPermissionOwner in project uPortal by Jasig.

the class ApiPermissionsService method createAssignment.

/*
     * Implementation
     */
private Assignment createAssignment(IPermission permission, IAuthorizationPrincipal authP, boolean inherited) {
    Assignment rslt = null;
    try {
        // Owner
        IPermissionOwner owner = permissionOwnerDao.getPermissionOwner(permission.getOwner());
        Owner ownerImpl = new OwnerImpl(permission.getOwner(), owner.getName());
        // Activity
        IPermissionActivity activity = permissionOwnerDao.getPermissionActivity(permission.getOwner(), permission.getActivity());
        Activity activityImpl = new ActivityImpl(permission.getActivity(), activity.getName());
        // Principal
        Principal principalImpl = new PrincipalImpl(authP.getKey(), authP.getPrincipalString());
        // Target
        // default
        Target targetImpl = null;
        IPermissionTargetProvider targetProvider = targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey());
        IPermissionTarget target = targetProvider.getTarget(permission.getTarget());
        if (target != null) {
            targetImpl = new TargetImpl(permission.getTarget(), target.getName());
        }
        rslt = new AssignmentImpl(ownerImpl, activityImpl, principalImpl, targetImpl, inherited);
    } catch (Exception e) {
        log.warn("Exception while adding permission", e);
    }
    return rslt;
}

Example 4 with IPermissionOwner

use of org.apereo.portal.permission.IPermissionOwner in project uPortal by Jasig.

the class PermissionsRESTController method getPermissionOnTarget.

protected JsonPermission getPermissionOnTarget(UniquePermission permission, JsonEntityBean entity) {
    JsonPermission perm = new JsonPermission();
    perm.setOwnerKey(permission.getOwner());
    perm.setActivityKey(permission.getActivity());
    perm.setTargetKey(entity.getId());
    perm.setTargetName(entity.getName());
    perm.setInherited(permission.isInherited());
    try {
        IPermissionOwner owner = permissionOwnerDao.getPermissionOwner(permission.getOwner());
        if (owner != null) {
            perm.setOwnerName(owner.getName());
        } else {
            perm.setOwnerName(permission.getOwner());
        }
        IPermissionActivity activity = permissionOwnerDao.getPermissionActivity(permission.getOwner(), permission.getActivity());
        if (activity != null) {
            perm.setActivityName(activity.getName());
        } else {
            perm.setActivityName(permission.getActivity());
        }
        JsonEntityBean principal = groupListHelper.getEntityForPrincipal(permission.getIdentifier());
        if (principal != null) {
            perm.setPrincipalKey(principal.getId());
            perm.setPrincipalName(principal.getName());
        }
    } catch (RuntimeException e) {
        log.warn("Exception while adding permission", e);
    }
    return perm;
}

Example 5 with IPermissionOwner

use of org.apereo.portal.permission.IPermissionOwner in project uPortal by Jasig.

the class PermissionsRESTController method getActivities.

/**
     * Provide a list of all registered IPermissionActivities. If an optional search string is
     * provided, the returned list will be restricted to activities matching the query.
     *
     * @param query optional search query
     * @param request
     * @param response
     * @return
     * @throws Exception
     */
@PreAuthorize("hasPermission('string', 'ALL', new org.apereo.portal.spring.security.evaluator.AuthorizableActivity('UP_PERMISSIONS', 'VIEW_PERMISSIONS'))")
@RequestMapping(value = "/permissions/activities.json", method = RequestMethod.GET)
public ModelAndView getActivities(@RequestParam(value = "q", required = false) String query, HttpServletRequest request, HttpServletResponse response) throws Exception {
    if (StringUtils.isNotBlank(query)) {
        query = query.toLowerCase();
    }
    List<IPermissionActivity> activities = new ArrayList<IPermissionActivity>();
    Collection<IPermissionOwner> owners = permissionOwnerDao.getAllPermissionOwners();
    for (IPermissionOwner owner : owners) {
        for (IPermissionActivity activity : owner.getActivities()) {
            if (StringUtils.isBlank(query) || activity.getName().toLowerCase().contains(query)) {
                activities.add(activity);
            }
        }
    }
    Collections.sort(activities);
    ModelAndView mv = new ModelAndView();
    mv.addObject("activities", activities);
    mv.setViewName("json");
    return mv;
}