Example 1 with Assignment
use of org.apereo.portal.portlets.permissionsadmin.Assignment in project uPortal by Jasig.
the class PermissionAssignmentMapController method getOwners.
@RequestMapping(value = "/permissionAssignmentMap", method = RequestMethod.GET)
public ModelAndView getOwners(@RequestParam("principals[]") String[] principals, @RequestParam("owner") String owner, @RequestParam("activity") String activity, @RequestParam("target") String target, HttpServletRequest request, HttpServletResponse response) throws Exception {
// ensure the current user is authorized to view permissions
final IPerson currentUser = personManager.getPerson((HttpServletRequest) request);
if (!permissionAdministrationHelper.canViewPermission(currentUser, target)) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return null;
}
// Build the set of existing assignments
List<Assignment> flatAssignmentsList = new ArrayList<Assignment>();
for (String principal : principals) {
JsonEntityBean bean = groupListHelper.getEntityForPrincipal(principal);
if (bean != null) {
IAuthorizationPrincipal p = groupListHelper.getPrincipalForEntity(bean);
// first get the permissions explicitly set for this principal
Assignment.Type type = getAssignmentType(p, owner, activity, target);
flatAssignmentsList.add(new Assignment(principal, bean, type));
} else {
log.warn("Unable to resolve the following principal (will " + "be omitted from the list of assignments): " + principal);
}
}
List<Assignment> assignments = new ArrayList<Assignment>();
for (Assignment a : flatAssignmentsList) {
placeInHierarchy(a, assignments, owner, activity, target);
}
Map<String, Object> model = Collections.<String, Object>singletonMap("assignments", assignments);
return new ModelAndView("jsonView", model);
}
Also used :
Assignment(org.apereo.portal.portlets.permissionsadmin.Assignment)
IPerson(org.apereo.portal.security.IPerson)
JsonEntityBean(org.apereo.portal.layout.dlm.remoting.JsonEntityBean)
ArrayList(java.util.ArrayList)
IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)
ModelAndView(org.springframework.web.servlet.ModelAndView)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 2 with Assignment
use of org.apereo.portal.portlets.permissionsadmin.Assignment in project uPortal by Jasig.
the class PermissionAssignmentMapController method placeInHierarchy.
private void placeInHierarchy(Assignment a, List<Assignment> hierarchy, String owner, String activity, String target) {
// Assertions.
if (a == null) {
String msg = "Argument 'a' [Assignment] cannot be null";
throw new IllegalArgumentException(msg);
}
if (hierarchy == null) {
String msg = "Argument 'hierarchy' cannot be null";
throw new IllegalArgumentException(msg);
}
// is already in the hierarchy somewhere...
for (Assignment root : hierarchy) {
Assignment duplicate = root.findDecendentOrSelfIfExists(a.getPrincipal());
if (duplicate != null) {
return;
}
}
// To proceed, we need to know about the containing
// groups (if any) for this principal...
IGroupMember member = null;
EntityEnum entityEnum = a.getPrincipal().getEntityType();
if (entityEnum.isGroup()) {
member = GroupService.findGroup(a.getPrincipal().getId());
} else {
member = GroupService.getGroupMember(a.getPrincipal().getId(), entityEnum.getClazz());
}
AuthorizationService authService = AuthorizationService.instance();
Iterator<?> it = GroupService.getCompositeGroupService().findParentGroups(member);
if (it.hasNext()) {
// This member must be nested within its parent(s)...
while (it.hasNext()) {
IEntityGroup group = (IEntityGroup) it.next();
EntityEnum beanType = EntityEnum.getEntityEnum(group.getLeafType(), true);
JsonEntityBean bean = new JsonEntityBean(group, beanType);
Assignment parent = null;
for (Assignment root : hierarchy) {
parent = root.findDecendentOrSelfIfExists(bean);
if (parent != null) {
// We found one...
parent.addChild(a);
break;
}
}
if (parent == null) {
// We weren't able to integrate this node into the existing
// hierarchy; we have to dig deeper, until we either (1)
// find a match, or (2) reach a root; type is INHERIT,
// unless (by chance) there's something specified in an
// entry on grantOrDenyMap.
IAuthorizationPrincipal principal = authService.newPrincipal(group);
Assignment.Type assignmentType = getAssignmentType(principal, owner, activity, target);
parent = new Assignment(principal.getPrincipalString(), bean, assignmentType);
parent.addChild(a);
placeInHierarchy(parent, hierarchy, owner, activity, target);
}
}
} else {
// This member is a root...
hierarchy.add(a);
}
}
Also used :
Assignment(org.apereo.portal.portlets.permissionsadmin.Assignment)
IEntityGroup(org.apereo.portal.groups.IEntityGroup)
IGroupMember(org.apereo.portal.groups.IGroupMember)
EntityEnum(org.apereo.portal.portlets.groupselector.EntityEnum)
JsonEntityBean(org.apereo.portal.layout.dlm.remoting.JsonEntityBean)
IAuthorizationService(org.apereo.portal.security.IAuthorizationService)
AuthorizationService(org.apereo.portal.services.AuthorizationService)
IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)
Aggregations
JsonEntityBean (org.apereo.portal.layout.dlm.remoting.JsonEntityBean)2
Assignment (org.apereo.portal.portlets.permissionsadmin.Assignment)2
IAuthorizationPrincipal (org.apereo.portal.security.IAuthorizationPrincipal)2
ArrayList (java.util.ArrayList)1
IEntityGroup (org.apereo.portal.groups.IEntityGroup)1
IGroupMember (org.apereo.portal.groups.IGroupMember)1
EntityEnum (org.apereo.portal.portlets.groupselector.EntityEnum)1
IAuthorizationService (org.apereo.portal.security.IAuthorizationService)1
IPerson (org.apereo.portal.security.IPerson)1
AuthorizationService (org.apereo.portal.services.AuthorizationService)1
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)1
ModelAndView (org.springframework.web.servlet.ModelAndView)1
