Search in sources :

Example 6 with IPermissionTargetProvider

use of org.apereo.portal.permission.target.IPermissionTargetProvider in project uPortal by Jasig.

the class PortletPermissionsCachePrimer method primeCache.

public void primeCache() {
    if (executor.getActiveCount() != 0) {
        log.warn("Skipping this run becasue there are active threads in the executor, signifying the previous run is not complete");
        return;
    }
    log.info("STARTING PortletPermissionsCachePrimer.primeCache()...");
    final long timestamp = System.currentTimeMillis();
    /*
         * This task is pretty effort-intensive and may take in excess of a
         * minute to run in a single thread.  Going to use a divide-and-conquer
         * approach.
         */
    final Map<NodeWalker, Future<NodeWalkerReport>> futures = new HashMap<>();
    final IEntityGroup rootGroup = GroupService.getRootGroup(IPerson.class);
    for (Map.Entry<String, Set<String>> y : permissionsMap.entrySet()) {
        final IPermissionOwner owner = permissionOwnerDao.getPermissionOwner(y.getKey());
        for (String s : y.getValue()) {
            final IPermissionActivity activity = permissionOwnerDao.getPermissionActivity(y.getKey(), s);
            final IPermissionTargetProvider targetProvider = targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey());
            final NodeWalker walker = new NodeWalker(rootGroup, owner, activity, targetProvider);
            final Future<NodeWalkerReport> future = this.executor.submit(walker);
            futures.put(walker, future);
        }
    }
    int totalCombinations = 0;
    for (Map.Entry<NodeWalker, Future<NodeWalkerReport>> y : futures.entrySet()) {
        try {
            final NodeWalkerReport report = y.getValue().get();
            totalCombinations += report.getCombinationCount();
            log.debug("NodeWalker '{}' processed {} combinations in {}ms", y.getKey(), report.getCombinationCount(), report.getDuration());
        } catch (InterruptedException | ExecutionException e) {
            log.error("NodeWalker '{}' failed", y.getKey());
        }
    }
    log.info("COMPLETED PortletPermissionsCachePrimer.primeCache();  processed {} total combinations in {}ms", totalCombinations, Long.toString(System.currentTimeMillis() - timestamp));
}
Also used : IPermissionActivity(org.apereo.portal.permission.IPermissionActivity) HashSet(java.util.HashSet) Set(java.util.Set) HashMap(java.util.HashMap) IEntityGroup(org.apereo.portal.groups.IEntityGroup) IPermissionTargetProvider(org.apereo.portal.permission.target.IPermissionTargetProvider) Future(java.util.concurrent.Future) ExecutionException(java.util.concurrent.ExecutionException) HashMap(java.util.HashMap) Map(java.util.Map) IPermissionOwner(org.apereo.portal.permission.IPermissionOwner)

Example 7 with IPermissionTargetProvider

use of org.apereo.portal.permission.target.IPermissionTargetProvider in project uPortal by Jasig.

the class PermissionsRESTControllerTest method testGetTargetsEmpty.

@Test
public void testGetTargetsEmpty() throws Exception {
    Long activityId = 2L;
    String query = "activity1";
    IPermissionActivity activity = Mockito.mock(IPermissionActivity.class);
    activity.setDescription("Course Activity");
    activity.setFname("john");
    activity.setName("activity1");
    IPermissionTargetProvider provider = Mockito.mock(IPermissionTargetProvider.class);
    activity.setTargetProviderKey("providerKey");
    Mockito.when(permissionOwnerDao.getPermissionActivity(activityId)).thenReturn(activity);
    Mockito.when(targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey())).thenReturn(provider);
    ModelAndView modelAndView = permissionsRESTController.getTargets(activityId, query, req, res);
    Collection<IPermissionTarget> targets = (Collection<IPermissionTarget>) modelAndView.getModel().get("targets");
    Assert.assertEquals(200, res.getStatus());
    Assert.assertTrue(targets.isEmpty());
}
Also used : IPermissionActivity(org.apereo.portal.permission.IPermissionActivity) IPermissionTarget(org.apereo.portal.permission.target.IPermissionTarget) IPermissionTargetProvider(org.apereo.portal.permission.target.IPermissionTargetProvider) ModelAndView(org.springframework.web.servlet.ModelAndView) Collection(java.util.Collection) Test(org.junit.Test)

Example 8 with IPermissionTargetProvider

use of org.apereo.portal.permission.target.IPermissionTargetProvider in project uPortal by Jasig.

the class AuthorizationImpl method doesPrincipalHavePermission.

/**
 * Answers if the owner has given the principal permission to perform the activity on the
 * target, as evaluated by the policy. Params <code>policy</code>, <code>owner</code> and <code>
 * activity</code> must be non-null.
 *
 * @return boolean
 * @param principal IAuthorizationPrincipal
 * @param owner java.lang.String
 * @param activity java.lang.String
 * @param target java.lang.String
 * @exception AuthorizationException indicates authorization information could not be retrieved.
 */
@Override
@RequestCache
public boolean doesPrincipalHavePermission(IAuthorizationPrincipal principal, String owner, String activity, String target, IPermissionPolicy policy) throws AuthorizationException {
    final CacheKeyBuilder<Serializable, Serializable> cacheKeyBuilder = CacheKey.builder(AuthorizationImpl.class.getName());
    final String username = principal.getKey();
    if (IPerson.class.equals(principal.getType())) {
        cacheKeyBuilder.addTag(UsernameTaggedCacheEntryPurger.createCacheEntryTag(username));
    }
    cacheKeyBuilder.addAll(policy.getClass(), username, principal.getType(), owner, activity, target);
    final CacheKey key = cacheKeyBuilder.build();
    final Element element = this.doesPrincipalHavePermissionCache.get(key);
    if (element != null) {
        return (Boolean) element.getValue();
    }
    // fail closed
    boolean rslt = false;
    /*
         * Convert to (strongly-typed) Java objects based on interfaces in
         * o.j.p.permission before we make the actual check with IPermissionPolicy;
         * parameters that communicate something of the nature of the things they
         * represent helps us make the check(s) more intelligently.  This objects
         * were retro-fitted to IPermissionPolicy in uP 4.3;  perhaps we should do
         * the same to IAuthorizationService itself?
         */
    final IPermissionOwner ipOwner = permissionOwnerDao.getPermissionOwner(owner);
    final IPermissionActivity ipActivity = permissionOwnerDao.getPermissionActivity(owner, activity);
    if (ipActivity != null) {
        final IPermissionTargetProvider targetProvider = targetProviderRegistry.getTargetProvider(ipActivity.getTargetProviderKey());
        final IPermissionTarget ipTarget = targetProvider.getTarget(target);
        rslt = policy.doesPrincipalHavePermission(this, principal, ipOwner, ipActivity, ipTarget);
    } else {
        /*
             * This circumstance means that a piece of the fundamental Permissions data expected by
             * the code is missing in the database.  It normally happens when a newer version of the
             * uPortal code is run against an existing database, and a required data update was
             * overlooked.  This condition is not great, but probably not catastrophic;  it means
             * that no one will (or can) have the new permission.  This method returns false.
             *
             * Administrators, however, have permission to do anything, including this unknown
             * activity.  It's most common in uPortal for only Administrators to have access to
             * exotic activities, so in most cases this omission is a wash.
             *
             * We need to log a WARNing, but this method is invoked a lot, and we don't want to do
             * it incessantly.
             */
        final Long now = System.currentTimeMillis();
        final String missingDataTrackerKey = owner + ":" + activity;
        final Long lastLogMessageTime = missingDataLogTracker.get(missingDataTrackerKey);
        if (lastLogMessageTime == null || lastLogMessageTime < now - MISSING_DATA_LOG_PERIOD_MILLIS) {
            logger.warn("Activity '{}' is not defined for owner '{}';  only admins will be " + "able to access this function;  this warning usually means that expected data " + "was not imported", activity, owner);
            missingDataLogTracker.put(missingDataTrackerKey, now);
        }
        // This pass becomes a check for superuser (Portal Administrators)
        rslt = doesPrincipalHavePermission(principal, IPermission.PORTAL_SYSTEM, IPermission.ALL_PERMISSIONS_ACTIVITY, IPermission.ALL_TARGET, policy);
    }
    this.doesPrincipalHavePermissionCache.put(new Element(key, rslt));
    return rslt;
}
Also used : IPermissionActivity(org.apereo.portal.permission.IPermissionActivity) Serializable(java.io.Serializable) Element(net.sf.ehcache.Element) IPermissionTarget(org.apereo.portal.permission.target.IPermissionTarget) IPermissionTargetProvider(org.apereo.portal.permission.target.IPermissionTargetProvider) CacheKey(org.apereo.portal.utils.cache.CacheKey) IPermissionOwner(org.apereo.portal.permission.IPermissionOwner) RequestCache(org.apereo.portal.concurrency.caching.RequestCache)

Aggregations

IPermissionActivity (org.apereo.portal.permission.IPermissionActivity)8 IPermissionTargetProvider (org.apereo.portal.permission.target.IPermissionTargetProvider)8 IPermissionTarget (org.apereo.portal.permission.target.IPermissionTarget)7 IPermissionOwner (org.apereo.portal.permission.IPermissionOwner)5 ModelAndView (org.springframework.web.servlet.ModelAndView)3 Collection (java.util.Collection)2 HashMap (java.util.HashMap)2 Map (java.util.Map)2 Test (org.junit.Test)2 Serializable (java.io.Serializable)1 ArrayList (java.util.ArrayList)1 HashSet (java.util.HashSet)1 Set (java.util.Set)1 TreeSet (java.util.TreeSet)1 ExecutionException (java.util.concurrent.ExecutionException)1 Future (java.util.concurrent.Future)1 Element (net.sf.ehcache.Element)1 Principal (org.apereo.portal.api.Principal)1 PrincipalImpl (org.apereo.portal.api.PrincipalImpl)1 RequestCache (org.apereo.portal.concurrency.caching.RequestCache)1