use of org.apereo.portal.permission.target.IPermissionTargetProvider in project uPortal by Jasig.
the class ApiPermissionsService method createAssignment.
/*
* Implementation
*/
private Assignment createAssignment(IPermission permission, IAuthorizationPrincipal authP, boolean inherited) {
Assignment rslt = null;
try {
// Owner
IPermissionOwner owner = permissionOwnerDao.getPermissionOwner(permission.getOwner());
Owner ownerImpl = new OwnerImpl(permission.getOwner(), owner.getName());
// Activity
IPermissionActivity activity = permissionOwnerDao.getPermissionActivity(permission.getOwner(), permission.getActivity());
Activity activityImpl = new ActivityImpl(permission.getActivity(), activity.getName());
// Principal
Principal principalImpl = new PrincipalImpl(authP.getKey(), authP.getPrincipalString());
// Target
// default
Target targetImpl = null;
IPermissionTargetProvider targetProvider = targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey());
IPermissionTarget target = targetProvider.getTarget(permission.getTarget());
if (target != null) {
targetImpl = new TargetImpl(permission.getTarget(), target.getName());
}
rslt = new AssignmentImpl(ownerImpl, activityImpl, principalImpl, targetImpl, inherited);
} catch (Exception e) {
log.warn("Exception while adding permission", e);
}
return rslt;
}
use of org.apereo.portal.permission.target.IPermissionTargetProvider in project uPortal by Jasig.
the class PermissionsRESTController method getTargets.
/**
* Return a list of targets defined for a particular IPermissionActivity matching the specified
* search query.
*
* @param activityId
* @param query
* @param req
* @param response
* @return
* @throws Exception
*/
@PreAuthorize("hasPermission('string', 'ALL', new org.apereo.portal.spring.security.evaluator.AuthorizableActivity('UP_PERMISSIONS', 'VIEW_PERMISSIONS'))")
@RequestMapping(value = "/permissions/{activity}/targets.json", method = RequestMethod.GET)
public ModelAndView getTargets(@PathVariable("activity") Long activityId, @RequestParam("q") String query, HttpServletRequest req, HttpServletResponse response) throws Exception {
IPermissionActivity activity = permissionOwnerDao.getPermissionActivity(activityId);
IPermissionTargetProvider provider = targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey());
SortedSet<IPermissionTarget> matchingTargets = new TreeSet<IPermissionTarget>();
// add matching results for this identifier provider to the set
Collection<IPermissionTarget> targets = provider.searchTargets(query);
for (IPermissionTarget target : targets) {
if ((StringUtils.isNotBlank(target.getName()) && target.getName().toLowerCase().contains(query)) || target.getKey().toLowerCase().contains(query)) {
matchingTargets.addAll(targets);
}
}
ModelAndView mv = new ModelAndView();
mv.addObject("targets", targets);
mv.setViewName("json");
return mv;
}
use of org.apereo.portal.permission.target.IPermissionTargetProvider in project uPortal by Jasig.
the class PermissionsRESTController method getPermissionForPrincipal.
protected JsonPermission getPermissionForPrincipal(UniquePermission permission, JsonEntityBean entity) {
JsonPermission perm = new JsonPermission();
perm.setOwnerKey(permission.getOwner());
perm.setActivityKey(permission.getActivity());
perm.setTargetKey(permission.getIdentifier());
perm.setPrincipalKey(entity.getId());
perm.setPrincipalName(entity.getName());
perm.setInherited(permission.isInherited());
try {
IPermissionOwner owner = permissionOwnerDao.getPermissionOwner(permission.getOwner());
if (owner != null) {
perm.setOwnerName(owner.getName());
}
IPermissionActivity activity = permissionOwnerDao.getPermissionActivity(permission.getOwner(), permission.getActivity());
if (activity != null) {
perm.setActivityName(activity.getName());
IPermissionTargetProvider targetProvider = targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey());
if (targetProvider != null) {
IPermissionTarget target = targetProvider.getTarget(permission.getIdentifier());
if (target != null) {
perm.setTargetName(target.getName());
}
}
}
} catch (RuntimeException e) {
log.warn("Exception while adding permission", e);
}
return perm;
}
use of org.apereo.portal.permission.target.IPermissionTargetProvider in project uPortal by Jasig.
the class PermissionsListController method marshall.
/*
* Private Stuff.
*/
private List<Map<String, String>> marshall(IPermission[] data) {
// Assertions.
if (data == null) {
String msg = "Argument 'data' cannot be null";
throw new IllegalArgumentException(msg);
}
List<Map<String, String>> rslt = new ArrayList<Map<String, String>>(data.length);
for (IPermission p : data) {
JsonEntityBean bean = getEntityBean(p.getPrincipal());
Map<String, String> entry = new HashMap<String, String>();
entry.put("owner", p.getOwner());
entry.put("principalType", bean.getEntityTypeAsString());
entry.put("principalName", bean.getName());
entry.put("principalKey", p.getPrincipal());
entry.put("activity", p.getActivity());
entry.put("target", p.getTarget());
entry.put("permissionType", p.getType());
/*
* Attempt to find a name for this target through the permission
* target provider registry. If none can be found, just use
* the target key.
*/
String targetName = null;
try {
// attempt to get the target provider for this activity
IPermissionActivity activity = permissionOwnerDao.getPermissionActivity(p.getOwner(), p.getActivity());
entry.put("activityName", activity.getName());
IPermissionOwner owner = permissionOwnerDao.getPermissionOwner(p.getOwner());
entry.put("ownerName", owner.getName());
String providerKey = activity.getTargetProviderKey();
IPermissionTargetProvider provider = targetProviderRegistry.getTargetProvider(providerKey);
// get the target from the provider
IPermissionTarget target = provider.getTarget(p.getTarget());
targetName = target.getName();
} catch (RuntimeException e) {
// likely a result of a null activity or provider
log.trace("Failed to resolve target name", e);
}
if (targetName == null) {
targetName = p.getTarget();
}
entry.put("targetName", targetName);
rslt.add(entry);
}
return rslt;
}
use of org.apereo.portal.permission.target.IPermissionTargetProvider in project uPortal by Jasig.
the class AuthorizationImpl method doesPrincipalHavePermission.
/**
* Answers if the owner has given the principal permission to perform the activity on the
* target, as evaluated by the policy. Params <code>policy</code>, <code>owner</code> and <code>
* activity</code> must be non-null.
*
* @return boolean
* @param principal IAuthorizationPrincipal
* @param owner java.lang.String
* @param activity java.lang.String
* @param target java.lang.String
* @exception AuthorizationException indicates authorization information could not be retrieved.
*/
@Override
@RequestCache
public boolean doesPrincipalHavePermission(IAuthorizationPrincipal principal, String owner, String activity, String target, IPermissionPolicy policy) throws AuthorizationException {
final CacheKeyBuilder<Serializable, Serializable> cacheKeyBuilder = CacheKey.builder(AuthorizationImpl.class.getName());
final String username = principal.getKey();
if (IPerson.class.equals(principal.getType())) {
cacheKeyBuilder.addTag(UsernameTaggedCacheEntryPurger.createCacheEntryTag(username));
}
cacheKeyBuilder.addAll(policy.getClass(), username, principal.getType(), owner, activity, target);
final CacheKey key = cacheKeyBuilder.build();
final Element element = this.doesPrincipalHavePermissionCache.get(key);
if (element != null) {
return (Boolean) element.getValue();
}
/*
* Convert to (strongly-typed) Java objects based on interfaces in
* o.j.p.permission before we make the actual check with IPermissionPolicy;
* parameters that communicate something of the nature of the things they
* represent helps us make the check(s) more intelligently. This objects
* were retro-fitted to IPermissionPolicy in uP 4.3; perhaps we should do
* the same to IAuthorizationService itself?
*/
final IPermissionOwner ipOwner = permissionOwnerDao.getPermissionOwner(owner);
final IPermissionActivity ipActivity = permissionOwnerDao.getPermissionActivity(owner, activity);
if (ipActivity == null) {
// Means needed data is missing; much clearer than NPE
String msg = "The following activity is not defined for owner '" + owner + "': " + activity;
throw new RuntimeException(msg);
}
final IPermissionTargetProvider targetProvider = targetProviderRegistry.getTargetProvider(ipActivity.getTargetProviderKey());
final IPermissionTarget ipTarget = targetProvider.getTarget(target);
final boolean doesPrincipalHavePermission = policy.doesPrincipalHavePermission(this, principal, ipOwner, ipActivity, ipTarget);
this.doesPrincipalHavePermissionCache.put(new Element(key, doesPrincipalHavePermission));
return doesPrincipalHavePermission;
}
Aggregations