Search in sources :

Example 6 with IPermissionTarget

use of org.apereo.portal.permission.target.IPermissionTarget in project uPortal by Jasig.

the class AuthorizationImpl method doesPrincipalHavePermission.

/**
     * Answers if the owner has given the principal permission to perform the activity on the
     * target, as evaluated by the policy. Params <code>policy</code>, <code>owner</code> and <code>
     * activity</code> must be non-null.
     *
     * @return boolean
     * @param principal IAuthorizationPrincipal
     * @param owner java.lang.String
     * @param activity java.lang.String
     * @param target java.lang.String
     * @exception AuthorizationException indicates authorization information could not be retrieved.
     */
@Override
@RequestCache
public boolean doesPrincipalHavePermission(IAuthorizationPrincipal principal, String owner, String activity, String target, IPermissionPolicy policy) throws AuthorizationException {
    final CacheKeyBuilder<Serializable, Serializable> cacheKeyBuilder = CacheKey.builder(AuthorizationImpl.class.getName());
    final String username = principal.getKey();
    if (IPerson.class.equals(principal.getType())) {
        cacheKeyBuilder.addTag(UsernameTaggedCacheEntryPurger.createCacheEntryTag(username));
    }
    cacheKeyBuilder.addAll(policy.getClass(), username, principal.getType(), owner, activity, target);
    final CacheKey key = cacheKeyBuilder.build();
    final Element element = this.doesPrincipalHavePermissionCache.get(key);
    if (element != null) {
        return (Boolean) element.getValue();
    }
    /*
         * Convert to (strongly-typed) Java objects based on interfaces in
         * o.j.p.permission before we make the actual check with IPermissionPolicy;
         * parameters that communicate something of the nature of the things they
         * represent helps us make the check(s) more intelligently.  This objects
         * were retro-fitted to IPermissionPolicy in uP 4.3;  perhaps we should do
         * the same to IAuthorizationService itself?
         */
    final IPermissionOwner ipOwner = permissionOwnerDao.getPermissionOwner(owner);
    final IPermissionActivity ipActivity = permissionOwnerDao.getPermissionActivity(owner, activity);
    if (ipActivity == null) {
        // Means needed data is missing;  much clearer than NPE
        String msg = "The following activity is not defined for owner '" + owner + "':  " + activity;
        throw new RuntimeException(msg);
    }
    final IPermissionTargetProvider targetProvider = targetProviderRegistry.getTargetProvider(ipActivity.getTargetProviderKey());
    final IPermissionTarget ipTarget = targetProvider.getTarget(target);
    final boolean doesPrincipalHavePermission = policy.doesPrincipalHavePermission(this, principal, ipOwner, ipActivity, ipTarget);
    this.doesPrincipalHavePermissionCache.put(new Element(key, doesPrincipalHavePermission));
    return doesPrincipalHavePermission;
}
Also used : IPermissionActivity(org.apereo.portal.permission.IPermissionActivity) Serializable(java.io.Serializable) Element(net.sf.ehcache.Element) IPermissionTarget(org.apereo.portal.permission.target.IPermissionTarget) IPermissionTargetProvider(org.apereo.portal.permission.target.IPermissionTargetProvider) CacheKey(org.apereo.portal.utils.cache.CacheKey) IPermissionOwner(org.apereo.portal.permission.IPermissionOwner) RequestCache(org.apereo.portal.concurrency.caching.RequestCache)

Aggregations

IPermissionActivity (org.apereo.portal.permission.IPermissionActivity)6 IPermissionTarget (org.apereo.portal.permission.target.IPermissionTarget)6 IPermissionOwner (org.apereo.portal.permission.IPermissionOwner)5 IPermissionTargetProvider (org.apereo.portal.permission.target.IPermissionTargetProvider)5 Serializable (java.io.Serializable)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 Map (java.util.Map)1 TreeSet (java.util.TreeSet)1 Element (net.sf.ehcache.Element)1 AuthorizationException (org.apereo.portal.AuthorizationException)1 Principal (org.apereo.portal.api.Principal)1 PrincipalImpl (org.apereo.portal.api.PrincipalImpl)1 RequestCache (org.apereo.portal.concurrency.caching.RequestCache)1 GroupsException (org.apereo.portal.groups.GroupsException)1 IGroupMember (org.apereo.portal.groups.IGroupMember)1 JsonEntityBean (org.apereo.portal.layout.dlm.remoting.JsonEntityBean)1 IAuthorizationPrincipal (org.apereo.portal.security.IAuthorizationPrincipal)1 IPermission (org.apereo.portal.security.IPermission)1