Examples with IPortletEntity org.apereo.portal.portlet.om.IPortletEntity used on opensource projects

Example 21 with IPortletEntity

use of org.apereo.portal.portlet.om.IPortletEntity in project uPortal by Jasig.

the class PortletRendererImpl method enforceConfigPermission.

/**
     * Enforces config mode access control. If requesting user does not have CONFIG permission, and
     * the PortletWindow specifies config mode, throws AuthorizationException. Otherwise does
     * nothing.
     *
     * @param httpServletRequest the non-null current HttpServletRequest (for determining requesting
     *     user)
     * @param portletWindow a non-null portlet window that might be in config mode
     * @throws AuthorizationException if the user is not permitted to access config mode yet portlet
     *     window specifies config mode
     * @throws java.lang.IllegalArgumentException if the request or window are null
     * @since 4.0.13.1, 4.0.14, 4.1.
     */
protected void enforceConfigPermission(final HttpServletRequest httpServletRequest, final IPortletWindow portletWindow) {
    Validate.notNull(httpServletRequest, "Servlet request must not be null to determine remote user.");
    Validate.notNull(portletWindow, "Portlet window must not be null to determine its mode.");
    final PortletMode portletMode = portletWindow.getPortletMode();
    if (portletMode != null) {
        if (IPortletRenderer.CONFIG.equals(portletMode)) {
            final IPerson person = this.personManager.getPerson(httpServletRequest);
            final EntityIdentifier ei = person.getEntityIdentifier();
            final AuthorizationService authorizationService = AuthorizationService.instance();
            final IAuthorizationPrincipal ap = authorizationService.newPrincipal(ei.getKey(), ei.getType());
            final IPortletEntity portletEntity = portletWindow.getPortletEntity();
            final IPortletDefinition portletDefinition = portletEntity.getPortletDefinition();
            if (!ap.canConfigure(portletDefinition.getPortletDefinitionId().getStringId())) {
                logger.error("User {} attempted to use portlet {} in {} but lacks permission to use that mode.  " + "THIS MAY BE AN ATTEMPT TO EXPLOIT A HISTORICAL SECURITY FLAW.  " + "You should probably figure out who this user is and why they are trying to access " + "unauthorized portlet modes.", person.getUserName(), portletDefinition.getFName(), portletMode);
                throw new AuthorizationException(person.getUserName() + " does not have permission to render '" + portletDefinition.getFName() + "' in " + portletMode + " PortletMode.");
            }
        }
    }
}

Example 22 with IPortletEntity

use of org.apereo.portal.portlet.om.IPortletEntity in project uPortal by Jasig.

the class PortalUrlProviderImpl method verifyPortletWindowId.

/**
     * Verify the requested portlet window corresponds to a node in the user's layout and return the
     * corresponding layout node id
     */
protected String verifyPortletWindowId(HttpServletRequest request, IPortletWindowId portletWindowId) {
    final IUserInstance userInstance = this.userInstanceManager.getUserInstance(request);
    final IUserPreferencesManager preferencesManager = userInstance.getPreferencesManager();
    final IUserLayoutManager userLayoutManager = preferencesManager.getUserLayoutManager();
    final IPortletWindow portletWindow = this.portletWindowRegistry.getPortletWindow(request, portletWindowId);
    final IPortletWindowId delegationParentWindowId = portletWindow.getDelegationParentId();
    if (delegationParentWindowId != null) {
        return verifyPortletWindowId(request, delegationParentWindowId);
    }
    final IPortletEntity portletEntity = portletWindow.getPortletEntity();
    final String channelSubscribeId = portletEntity.getLayoutNodeId();
    final IUserLayoutNodeDescription node = userLayoutManager.getNode(channelSubscribeId);
    if (node == null) {
        throw new IllegalArgumentException("No layout node exists for id " + channelSubscribeId + " of window " + portletWindowId);
    }
    return node.getId();
}

Example 23 with IPortletEntity

use of org.apereo.portal.portlet.om.IPortletEntity in project uPortal by Jasig.

the class PortletWorkerFactoryImpl method getPortletFname.

protected String getPortletFname(HttpServletRequest request, IPortletWindowId portletWindowId) {
    final IPortletWindow portletWindow = this.portletWindowRegistry.getPortletWindow(request, portletWindowId);
    final IPortletEntity portletEntity = portletWindow.getPortletEntity();
    final IPortletDefinition portletDefinition = portletEntity.getPortletDefinition();
    return portletDefinition.getFName();
}

Example 24 with IPortletEntity

use of org.apereo.portal.portlet.om.IPortletEntity in project uPortal by Jasig.

the class TransientPortletEntityDao method createPortletEntity.

/* (non-Javadoc)
     * @see org.apereo.portal.portlet.dao.IPortletEntityDao#createPortletEntity(org.apereo.portal.portlet.om.IPortletDefinitionId, java.lang.String, int)
     */
@Override
public IPortletEntity createPortletEntity(IPortletDefinitionId portletDefinitionId, String layoutNodeId, int userId) {
    if (layoutNodeId.startsWith(TransientUserLayoutManagerWrapper.SUBSCRIBE_PREFIX)) {
        final String transientLayoutNodeId = layoutNodeId;
        layoutNodeId = this.getPersistentLayoutNodeId(portletDefinitionId);
        final IPortletEntity portletEntity = this.delegatePortletEntityDao.createPortletEntity(portletDefinitionId, layoutNodeId, userId);
        return new TransientPortletEntity(portletEntity, transientLayoutNodeId);
    }
    return this.delegatePortletEntityDao.createPortletEntity(portletDefinitionId, layoutNodeId, userId);
}

Example 25 with IPortletEntity

use of org.apereo.portal.portlet.om.IPortletEntity in project uPortal by Jasig.

the class PortletDelegationLocatorImpl method createRequestDispatcher.

/* (non-Javadoc)
     * @see org.apereo.portal.api.portlet.PortletDelegationLocator#createRequestDispatcher(org.apereo.portal.portlet.om.IPortletDefinitionId)
     */
@Override
public PortletDelegationDispatcher createRequestDispatcher(PortletRequest portletRequest, IPortletDefinitionId delegatePortletDefinitionId) {
    final HttpServletRequest request = this.portalRequestUtils.getPortletHttpRequest(portletRequest);
    final String windowID = portletRequest.getWindowID();
    final IPortletWindowId parentPortletWindowId = this.portletWindowRegistry.getPortletWindowId(request, windowID);
    final IPortletEntity delegatePortletEntity = this.portletEntityRegistry.getOrCreateDelegatePortletEntity(request, parentPortletWindowId, delegatePortletDefinitionId);
    final IPortletEntityId delegatePortletEntityId = delegatePortletEntity.getPortletEntityId();
    final IPortletWindow delegatePortletWindow = this.portletWindowRegistry.createDelegatePortletWindow(request, delegatePortletEntityId, parentPortletWindowId);
    final IPerson person = this.personManager.getPerson(request);
    final int userId = person.getID();
    return new PortletDelegationDispatcherImpl(delegatePortletWindow, userId, portalRequestUtils, personManager, portletRenderer, portalUrlProvider, portletDelegationManager);
}