use of org.apereo.portal.permission.target.IPermissionTargetProvider in project uPortal by Jasig.
the class PortletPermissionsCachePrimer method primeCache.
public void primeCache() {
if (executor.getActiveCount() != 0) {
log.warn("Skipping this run becasue there are active threads in the executor, signifying the previous run is not complete");
return;
}
log.info("STARTING PortletPermissionsCachePrimer.primeCache()...");
final long timestamp = System.currentTimeMillis();
/*
* This task is pretty effort-intensive and may take in excess of a
* minute to run in a single thread. Going to use a divide-and-conquer
* approach.
*/
final Map<NodeWalker, Future<NodeWalkerReport>> futures = new HashMap<>();
final IEntityGroup rootGroup = GroupService.getRootGroup(IPerson.class);
for (Map.Entry<String, Set<String>> y : permissionsMap.entrySet()) {
final IPermissionOwner owner = permissionOwnerDao.getPermissionOwner(y.getKey());
for (String s : y.getValue()) {
final IPermissionActivity activity = permissionOwnerDao.getPermissionActivity(y.getKey(), s);
final IPermissionTargetProvider targetProvider = targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey());
final NodeWalker walker = new NodeWalker(rootGroup, owner, activity, targetProvider);
final Future<NodeWalkerReport> future = this.executor.submit(walker);
futures.put(walker, future);
}
}
int totalCombinations = 0;
for (Map.Entry<NodeWalker, Future<NodeWalkerReport>> y : futures.entrySet()) {
try {
final NodeWalkerReport report = y.getValue().get();
totalCombinations += report.getCombinationCount();
log.debug("NodeWalker '{}' processed {} combinations in {}ms", y.getKey(), report.getCombinationCount(), report.getDuration());
} catch (InterruptedException | ExecutionException e) {
log.error("NodeWalker '{}' failed", y.getKey());
}
}
log.info("COMPLETED PortletPermissionsCachePrimer.primeCache(); processed {} total combinations in {}ms", totalCombinations, Long.toString(System.currentTimeMillis() - timestamp));
}
use of org.apereo.portal.permission.target.IPermissionTargetProvider in project uPortal by Jasig.
the class PermissionsRESTControllerTest method testGetTargetsEmpty.
@Test
public void testGetTargetsEmpty() throws Exception {
Long activityId = 2L;
String query = "activity1";
IPermissionActivity activity = Mockito.mock(IPermissionActivity.class);
activity.setDescription("Course Activity");
activity.setFname("john");
activity.setName("activity1");
IPermissionTargetProvider provider = Mockito.mock(IPermissionTargetProvider.class);
activity.setTargetProviderKey("providerKey");
Mockito.when(permissionOwnerDao.getPermissionActivity(activityId)).thenReturn(activity);
Mockito.when(targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey())).thenReturn(provider);
ModelAndView modelAndView = permissionsRESTController.getTargets(activityId, query, req, res);
Collection<IPermissionTarget> targets = (Collection<IPermissionTarget>) modelAndView.getModel().get("targets");
Assert.assertEquals(200, res.getStatus());
Assert.assertTrue(targets.isEmpty());
}
use of org.apereo.portal.permission.target.IPermissionTargetProvider in project uPortal by Jasig.
the class AuthorizationImpl method doesPrincipalHavePermission.
/**
* Answers if the owner has given the principal permission to perform the activity on the
* target, as evaluated by the policy. Params <code>policy</code>, <code>owner</code> and <code>
* activity</code> must be non-null.
*
* @return boolean
* @param principal IAuthorizationPrincipal
* @param owner java.lang.String
* @param activity java.lang.String
* @param target java.lang.String
* @exception AuthorizationException indicates authorization information could not be retrieved.
*/
@Override
@RequestCache
public boolean doesPrincipalHavePermission(IAuthorizationPrincipal principal, String owner, String activity, String target, IPermissionPolicy policy) throws AuthorizationException {
final CacheKeyBuilder<Serializable, Serializable> cacheKeyBuilder = CacheKey.builder(AuthorizationImpl.class.getName());
final String username = principal.getKey();
if (IPerson.class.equals(principal.getType())) {
cacheKeyBuilder.addTag(UsernameTaggedCacheEntryPurger.createCacheEntryTag(username));
}
cacheKeyBuilder.addAll(policy.getClass(), username, principal.getType(), owner, activity, target);
final CacheKey key = cacheKeyBuilder.build();
final Element element = this.doesPrincipalHavePermissionCache.get(key);
if (element != null) {
return (Boolean) element.getValue();
}
// fail closed
boolean rslt = false;
/*
* Convert to (strongly-typed) Java objects based on interfaces in
* o.j.p.permission before we make the actual check with IPermissionPolicy;
* parameters that communicate something of the nature of the things they
* represent helps us make the check(s) more intelligently. This objects
* were retro-fitted to IPermissionPolicy in uP 4.3; perhaps we should do
* the same to IAuthorizationService itself?
*/
final IPermissionOwner ipOwner = permissionOwnerDao.getPermissionOwner(owner);
final IPermissionActivity ipActivity = permissionOwnerDao.getPermissionActivity(owner, activity);
if (ipActivity != null) {
final IPermissionTargetProvider targetProvider = targetProviderRegistry.getTargetProvider(ipActivity.getTargetProviderKey());
final IPermissionTarget ipTarget = targetProvider.getTarget(target);
rslt = policy.doesPrincipalHavePermission(this, principal, ipOwner, ipActivity, ipTarget);
} else {
/*
* This circumstance means that a piece of the fundamental Permissions data expected by
* the code is missing in the database. It normally happens when a newer version of the
* uPortal code is run against an existing database, and a required data update was
* overlooked. This condition is not great, but probably not catastrophic; it means
* that no one will (or can) have the new permission. This method returns false.
*
* Administrators, however, have permission to do anything, including this unknown
* activity. It's most common in uPortal for only Administrators to have access to
* exotic activities, so in most cases this omission is a wash.
*
* We need to log a WARNing, but this method is invoked a lot, and we don't want to do
* it incessantly.
*/
final Long now = System.currentTimeMillis();
final String missingDataTrackerKey = owner + ":" + activity;
final Long lastLogMessageTime = missingDataLogTracker.get(missingDataTrackerKey);
if (lastLogMessageTime == null || lastLogMessageTime < now - MISSING_DATA_LOG_PERIOD_MILLIS) {
logger.warn("Activity '{}' is not defined for owner '{}'; only admins will be " + "able to access this function; this warning usually means that expected data " + "was not imported", activity, owner);
missingDataLogTracker.put(missingDataTrackerKey, now);
}
// This pass becomes a check for superuser (Portal Administrators)
rslt = doesPrincipalHavePermission(principal, IPermission.PORTAL_SYSTEM, IPermission.ALL_PERMISSIONS_ACTIVITY, IPermission.ALL_TARGET, policy);
}
this.doesPrincipalHavePermissionCache.put(new Element(key, rslt));
return rslt;
}
Aggregations