Search in sources :

Example 1 with IPermissionTargetProvider

use of org.apereo.portal.permission.target.IPermissionTargetProvider in project uPortal by Jasig.

the class ApiPermissionsService method createAssignment.

/*
     * Implementation
     */
private Assignment createAssignment(IPermission permission, IAuthorizationPrincipal authP, boolean inherited) {
    Assignment rslt = null;
    try {
        // Owner
        IPermissionOwner owner = permissionOwnerDao.getPermissionOwner(permission.getOwner());
        Owner ownerImpl = new OwnerImpl(permission.getOwner(), owner.getName());
        // Activity
        IPermissionActivity activity = permissionOwnerDao.getPermissionActivity(permission.getOwner(), permission.getActivity());
        Activity activityImpl = new ActivityImpl(permission.getActivity(), activity.getName());
        // Principal
        Principal principalImpl = new PrincipalImpl(authP.getKey(), authP.getPrincipalString());
        // Target
        // default
        Target targetImpl = null;
        IPermissionTargetProvider targetProvider = targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey());
        IPermissionTarget target = targetProvider.getTarget(permission.getTarget());
        if (target != null) {
            targetImpl = new TargetImpl(permission.getTarget(), target.getName());
        }
        rslt = new AssignmentImpl(ownerImpl, activityImpl, principalImpl, targetImpl, inherited);
    } catch (Exception e) {
        log.warn("Exception while adding permission", e);
    }
    return rslt;
}
Also used : IPermissionActivity(org.apereo.portal.permission.IPermissionActivity) IPermissionOwner(org.apereo.portal.permission.IPermissionOwner) IPermissionActivity(org.apereo.portal.permission.IPermissionActivity) IPermissionTarget(org.apereo.portal.permission.target.IPermissionTarget) IPermissionTarget(org.apereo.portal.permission.target.IPermissionTarget) IPermissionTargetProvider(org.apereo.portal.permission.target.IPermissionTargetProvider) Principal(org.apereo.portal.api.Principal) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal) PrincipalImpl(org.apereo.portal.api.PrincipalImpl) IPermissionOwner(org.apereo.portal.permission.IPermissionOwner)

Example 2 with IPermissionTargetProvider

use of org.apereo.portal.permission.target.IPermissionTargetProvider in project uPortal by Jasig.

the class PermissionsRESTController method getTargets.

/**
     * Return a list of targets defined for a particular IPermissionActivity matching the specified
     * search query.
     *
     * @param activityId
     * @param query
     * @param req
     * @param response
     * @return
     * @throws Exception
     */
@PreAuthorize("hasPermission('string', 'ALL', new org.apereo.portal.spring.security.evaluator.AuthorizableActivity('UP_PERMISSIONS', 'VIEW_PERMISSIONS'))")
@RequestMapping(value = "/permissions/{activity}/targets.json", method = RequestMethod.GET)
public ModelAndView getTargets(@PathVariable("activity") Long activityId, @RequestParam("q") String query, HttpServletRequest req, HttpServletResponse response) throws Exception {
    IPermissionActivity activity = permissionOwnerDao.getPermissionActivity(activityId);
    IPermissionTargetProvider provider = targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey());
    SortedSet<IPermissionTarget> matchingTargets = new TreeSet<IPermissionTarget>();
    // add matching results for this identifier provider to the set
    Collection<IPermissionTarget> targets = provider.searchTargets(query);
    for (IPermissionTarget target : targets) {
        if ((StringUtils.isNotBlank(target.getName()) && target.getName().toLowerCase().contains(query)) || target.getKey().toLowerCase().contains(query)) {
            matchingTargets.addAll(targets);
        }
    }
    ModelAndView mv = new ModelAndView();
    mv.addObject("targets", targets);
    mv.setViewName("json");
    return mv;
}
Also used : IPermissionActivity(org.apereo.portal.permission.IPermissionActivity) TreeSet(java.util.TreeSet) IPermissionTarget(org.apereo.portal.permission.target.IPermissionTarget) IPermissionTargetProvider(org.apereo.portal.permission.target.IPermissionTargetProvider) ModelAndView(org.springframework.web.servlet.ModelAndView) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 3 with IPermissionTargetProvider

use of org.apereo.portal.permission.target.IPermissionTargetProvider in project uPortal by Jasig.

the class PermissionsRESTController method getPermissionForPrincipal.

protected JsonPermission getPermissionForPrincipal(UniquePermission permission, JsonEntityBean entity) {
    JsonPermission perm = new JsonPermission();
    perm.setOwnerKey(permission.getOwner());
    perm.setActivityKey(permission.getActivity());
    perm.setTargetKey(permission.getIdentifier());
    perm.setPrincipalKey(entity.getId());
    perm.setPrincipalName(entity.getName());
    perm.setInherited(permission.isInherited());
    try {
        IPermissionOwner owner = permissionOwnerDao.getPermissionOwner(permission.getOwner());
        if (owner != null) {
            perm.setOwnerName(owner.getName());
        }
        IPermissionActivity activity = permissionOwnerDao.getPermissionActivity(permission.getOwner(), permission.getActivity());
        if (activity != null) {
            perm.setActivityName(activity.getName());
            IPermissionTargetProvider targetProvider = targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey());
            if (targetProvider != null) {
                IPermissionTarget target = targetProvider.getTarget(permission.getIdentifier());
                if (target != null) {
                    perm.setTargetName(target.getName());
                }
            }
        }
    } catch (RuntimeException e) {
        log.warn("Exception while adding permission", e);
    }
    return perm;
}
Also used : IPermissionActivity(org.apereo.portal.permission.IPermissionActivity) IPermissionTarget(org.apereo.portal.permission.target.IPermissionTarget) IPermissionTargetProvider(org.apereo.portal.permission.target.IPermissionTargetProvider) IPermissionOwner(org.apereo.portal.permission.IPermissionOwner)

Example 4 with IPermissionTargetProvider

use of org.apereo.portal.permission.target.IPermissionTargetProvider in project uPortal by Jasig.

the class PermissionsListController method marshall.

/*
     * Private Stuff.
     */
private List<Map<String, String>> marshall(IPermission[] data) {
    // Assertions.
    if (data == null) {
        String msg = "Argument 'data' cannot be null";
        throw new IllegalArgumentException(msg);
    }
    List<Map<String, String>> rslt = new ArrayList<Map<String, String>>(data.length);
    for (IPermission p : data) {
        JsonEntityBean bean = getEntityBean(p.getPrincipal());
        Map<String, String> entry = new HashMap<String, String>();
        entry.put("owner", p.getOwner());
        entry.put("principalType", bean.getEntityTypeAsString());
        entry.put("principalName", bean.getName());
        entry.put("principalKey", p.getPrincipal());
        entry.put("activity", p.getActivity());
        entry.put("target", p.getTarget());
        entry.put("permissionType", p.getType());
        /*
             *  Attempt to find a name for this target through the permission
             *  target provider registry.  If none can be found, just use
             *  the target key.
             */
        String targetName = null;
        try {
            // attempt to get the target provider for this activity
            IPermissionActivity activity = permissionOwnerDao.getPermissionActivity(p.getOwner(), p.getActivity());
            entry.put("activityName", activity.getName());
            IPermissionOwner owner = permissionOwnerDao.getPermissionOwner(p.getOwner());
            entry.put("ownerName", owner.getName());
            String providerKey = activity.getTargetProviderKey();
            IPermissionTargetProvider provider = targetProviderRegistry.getTargetProvider(providerKey);
            // get the target from the provider
            IPermissionTarget target = provider.getTarget(p.getTarget());
            targetName = target.getName();
        } catch (RuntimeException e) {
            // likely a result of a null activity or provider
            log.trace("Failed to resolve target name", e);
        }
        if (targetName == null) {
            targetName = p.getTarget();
        }
        entry.put("targetName", targetName);
        rslt.add(entry);
    }
    return rslt;
}
Also used : IPermissionActivity(org.apereo.portal.permission.IPermissionActivity) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) JsonEntityBean(org.apereo.portal.layout.dlm.remoting.JsonEntityBean) IPermission(org.apereo.portal.security.IPermission) IPermissionTarget(org.apereo.portal.permission.target.IPermissionTarget) IPermissionTargetProvider(org.apereo.portal.permission.target.IPermissionTargetProvider) HashMap(java.util.HashMap) Map(java.util.Map) IPermissionOwner(org.apereo.portal.permission.IPermissionOwner)

Example 5 with IPermissionTargetProvider

use of org.apereo.portal.permission.target.IPermissionTargetProvider in project uPortal by Jasig.

the class AuthorizationImpl method doesPrincipalHavePermission.

/**
     * Answers if the owner has given the principal permission to perform the activity on the
     * target, as evaluated by the policy. Params <code>policy</code>, <code>owner</code> and <code>
     * activity</code> must be non-null.
     *
     * @return boolean
     * @param principal IAuthorizationPrincipal
     * @param owner java.lang.String
     * @param activity java.lang.String
     * @param target java.lang.String
     * @exception AuthorizationException indicates authorization information could not be retrieved.
     */
@Override
@RequestCache
public boolean doesPrincipalHavePermission(IAuthorizationPrincipal principal, String owner, String activity, String target, IPermissionPolicy policy) throws AuthorizationException {
    final CacheKeyBuilder<Serializable, Serializable> cacheKeyBuilder = CacheKey.builder(AuthorizationImpl.class.getName());
    final String username = principal.getKey();
    if (IPerson.class.equals(principal.getType())) {
        cacheKeyBuilder.addTag(UsernameTaggedCacheEntryPurger.createCacheEntryTag(username));
    }
    cacheKeyBuilder.addAll(policy.getClass(), username, principal.getType(), owner, activity, target);
    final CacheKey key = cacheKeyBuilder.build();
    final Element element = this.doesPrincipalHavePermissionCache.get(key);
    if (element != null) {
        return (Boolean) element.getValue();
    }
    /*
         * Convert to (strongly-typed) Java objects based on interfaces in
         * o.j.p.permission before we make the actual check with IPermissionPolicy;
         * parameters that communicate something of the nature of the things they
         * represent helps us make the check(s) more intelligently.  This objects
         * were retro-fitted to IPermissionPolicy in uP 4.3;  perhaps we should do
         * the same to IAuthorizationService itself?
         */
    final IPermissionOwner ipOwner = permissionOwnerDao.getPermissionOwner(owner);
    final IPermissionActivity ipActivity = permissionOwnerDao.getPermissionActivity(owner, activity);
    if (ipActivity == null) {
        // Means needed data is missing;  much clearer than NPE
        String msg = "The following activity is not defined for owner '" + owner + "':  " + activity;
        throw new RuntimeException(msg);
    }
    final IPermissionTargetProvider targetProvider = targetProviderRegistry.getTargetProvider(ipActivity.getTargetProviderKey());
    final IPermissionTarget ipTarget = targetProvider.getTarget(target);
    final boolean doesPrincipalHavePermission = policy.doesPrincipalHavePermission(this, principal, ipOwner, ipActivity, ipTarget);
    this.doesPrincipalHavePermissionCache.put(new Element(key, doesPrincipalHavePermission));
    return doesPrincipalHavePermission;
}
Also used : IPermissionActivity(org.apereo.portal.permission.IPermissionActivity) Serializable(java.io.Serializable) Element(net.sf.ehcache.Element) IPermissionTarget(org.apereo.portal.permission.target.IPermissionTarget) IPermissionTargetProvider(org.apereo.portal.permission.target.IPermissionTargetProvider) CacheKey(org.apereo.portal.utils.cache.CacheKey) IPermissionOwner(org.apereo.portal.permission.IPermissionOwner) RequestCache(org.apereo.portal.concurrency.caching.RequestCache)

Aggregations

IPermissionActivity (org.apereo.portal.permission.IPermissionActivity)6 IPermissionTargetProvider (org.apereo.portal.permission.target.IPermissionTargetProvider)6 IPermissionOwner (org.apereo.portal.permission.IPermissionOwner)5 IPermissionTarget (org.apereo.portal.permission.target.IPermissionTarget)5 HashMap (java.util.HashMap)2 Map (java.util.Map)2 Serializable (java.io.Serializable)1 ArrayList (java.util.ArrayList)1 HashSet (java.util.HashSet)1 Set (java.util.Set)1 TreeSet (java.util.TreeSet)1 ExecutionException (java.util.concurrent.ExecutionException)1 Future (java.util.concurrent.Future)1 Element (net.sf.ehcache.Element)1 Principal (org.apereo.portal.api.Principal)1 PrincipalImpl (org.apereo.portal.api.PrincipalImpl)1 RequestCache (org.apereo.portal.concurrency.caching.RequestCache)1 IEntityGroup (org.apereo.portal.groups.IEntityGroup)1 JsonEntityBean (org.apereo.portal.layout.dlm.remoting.JsonEntityBean)1 IAuthorizationPrincipal (org.apereo.portal.security.IAuthorizationPrincipal)1