Search in sources :

Example 1 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class EntityService method getPrincipalForEntity.

public IAuthorizationPrincipal getPrincipalForEntity(Entity entity) {
    // attempt to determine the entity type class for this principal
    if (entity == null) {
        return null;
    }
    Class entityType;
    if (entity.getEntityType().equals(EntityEnum.GROUP.toString())) {
        entityType = IEntityGroup.class;
    } else {
        entityType = EntityEnum.getEntityEnum(entity.getEntityType()).getClazz();
    }
    // construct an authorization principal for this JsonEntityBean
    AuthorizationServiceFacade authService = AuthorizationServiceFacade.instance();
    IAuthorizationPrincipal p = authService.newPrincipal(entity.getId(), entityType);
    return p;
}
Also used : AuthorizationServiceFacade(org.apereo.portal.services.AuthorizationServiceFacade) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)

Example 2 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class ApiPermissionsService method getAssignmentsForPerson.

@Override
public Set<Assignment> getAssignmentsForPerson(String username, boolean includeInherited) {
    Set<Assignment> rslt = new HashSet<Assignment>();
    if (StringUtils.isBlank(username)) {
        return null;
    }
    IAuthorizationPrincipal authP = this.authorizationService.newPrincipal(username, EntityEnum.PERSON.getClazz());
    // first get the permissions explicitly set for this principal
    IPermission[] directPermissions = permissionStore.select(null, authP.getPrincipalString(), null, null, null);
    for (IPermission permission : directPermissions) {
        if (authP.hasPermission(permission.getOwner(), permission.getActivity(), permission.getTarget())) {
            Assignment a = createAssignment(permission, authP, false);
            if (a != null) {
                rslt.add(a);
            }
        }
    }
    if (includeInherited) {
        IGroupMember member = GroupService.getGroupMember(authP.getKey(), authP.getType());
        for (IEntityGroup parent : member.getAncestorGroups()) {
            IAuthorizationPrincipal parentPrincipal = this.authorizationService.newPrincipal(parent);
            IPermission[] parentPermissions = permissionStore.select(null, parentPrincipal.getPrincipalString(), null, null, null);
            for (IPermission permission : parentPermissions) {
                if (authP.hasPermission(permission.getOwner(), permission.getActivity(), permission.getTarget())) {
                    Assignment a = createAssignment(permission, authP, true);
                    if (a != null) {
                        rslt.add(a);
                    }
                }
            }
        }
    }
    return rslt;
}
Also used : IEntityGroup(org.apereo.portal.groups.IEntityGroup) IGroupMember(org.apereo.portal.groups.IGroupMember) IPermission(org.apereo.portal.security.IPermission) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal) HashSet(java.util.HashSet)

Example 3 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class ChannelListController method getRegistry43.

/*
     * Private methods that support the 4.3 version of the API
     */
/**
 * Gathers and organizes the response based on the specified rootCategory and the permissions of
 * the specified user.
 */
private Map<String, SortedSet<?>> getRegistry43(WebRequest request, IPerson user, PortletCategory rootCategory, boolean includeUncategorized) {
    /*
         * This collection of all the portlets in the portal is for the sake of
         * tracking which ones are uncategorized.  They will be added to the
         * output if includeUncategorized=true.
         */
    Set<IPortletDefinition> portletsNotYetCategorized = includeUncategorized ? new HashSet<IPortletDefinition>(portletDefinitionRegistry.getAllPortletDefinitions()) : new HashSet<// Not necessary to fetch them if we're not
    IPortletDefinition>();
    // tracking them
    // construct a new channel registry
    Map<String, SortedSet<?>> rslt = new TreeMap<String, SortedSet<?>>();
    SortedSet<PortletCategoryBean> categories = new TreeSet<PortletCategoryBean>();
    // add the root category and all its children to the registry
    final Locale locale = getUserLocale(user);
    categories.add(preparePortletCategoryBean(request, rootCategory, portletsNotYetCategorized, user, locale));
    if (includeUncategorized) {
        /*
             * uPortal historically has provided for a convention that portlets not in any category
             * may potentially be viewed by users but may not be subscribed to.
             *
             * As of uPortal 4.2, the logic below now takes any portlets the user has BROWSE access to
             * that have not already been identified as belonging to a category and adds them to a category
             * called Uncategorized.
             */
        EntityIdentifier ei = user.getEntityIdentifier();
        IAuthorizationPrincipal ap = AuthorizationServiceFacade.instance().newPrincipal(ei.getKey(), ei.getType());
        Set<PortletDefinitionBean> marketplacePortlets = new HashSet<>();
        for (IPortletDefinition portlet : portletsNotYetCategorized) {
            if (authorizationService.canPrincipalBrowse(ap, portlet)) {
                PortletDefinitionBean pdb = preparePortletDefinitionBean(request, portlet, locale);
                marketplacePortlets.add(pdb);
            }
        }
        // construct a new channel category bean for this category
        final String uncName = messageSource.getMessage(UNCATEGORIZED, new Object[] {}, locale);
        final String uncDescription = messageSource.getMessage(UNCATEGORIZED_DESC, new Object[] {}, locale);
        PortletCategory pc = new PortletCategory(// Use of this String for Id matches earlier version of API
        uncName);
        pc.setName(uncName);
        pc.setDescription(uncDescription);
        PortletCategoryBean unc = PortletCategoryBean.fromPortletCategory(pc, null, marketplacePortlets);
        // Add even if no portlets in category
        categories.add(unc);
    }
    rslt.put("categories", categories);
    return rslt;
}
Also used : Locale(java.util.Locale) EntityIdentifier(org.apereo.portal.EntityIdentifier) TreeMap(java.util.TreeMap) SortedSet(java.util.SortedSet) PortletDefinitionBean(org.apereo.portal.layout.dlm.remoting.registry.v43.PortletDefinitionBean) PortletCategoryBean(org.apereo.portal.layout.dlm.remoting.registry.v43.PortletCategoryBean) TreeSet(java.util.TreeSet) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal) IPortletDefinition(org.apereo.portal.portlet.om.IPortletDefinition) HashSet(java.util.HashSet) PortletCategory(org.apereo.portal.portlet.om.PortletCategory)

Example 4 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class PermissionsRESTController method getAssignmentsOnTarget.

@PreAuthorize("hasPermission('ALL', 'java.lang.String', new org.apereo.portal.spring.security.evaluator.AuthorizableActivity('UP_PERMISSIONS', 'VIEW_PERMISSIONS'))")
@RequestMapping("/assignments/target/{target}.json")
public ModelAndView getAssignmentsOnTarget(@PathVariable("target") String target, @RequestParam(value = "includeInherited", required = false) boolean includeInherited, HttpServletRequest request, HttpServletResponse response) {
    Set<UniquePermission> directAssignments = new HashSet<UniquePermission>();
    // first get the permissions explicitly set for this principal
    IPermission[] directPermissions = permissionStore.select(null, null, null, target, null);
    for (IPermission permission : directPermissions) {
        directAssignments.add(new UniquePermission(permission.getOwner(), permission.getActivity(), permission.getPrincipal(), false));
    }
    JsonEntityBean entity = groupListHelper.getEntityForPrincipal(target);
    Set<UniquePermission> inheritedAssignments = new HashSet<UniquePermission>();
    List<JsonPermission> permissions = new ArrayList<JsonPermission>();
    if (entity != null) {
        IAuthorizationPrincipal p = this.authorizationService.newPrincipal(entity.getId(), entity.getEntityType().getClazz());
        if (includeInherited) {
            IGroupMember member = GroupService.getGroupMember(p.getKey(), p.getType());
            for (IEntityGroup parent : member.getAncestorGroups()) {
                IAuthorizationPrincipal parentPrincipal = this.authorizationService.newPrincipal(parent);
                IPermission[] parentPermissions = permissionStore.select(null, null, null, parentPrincipal.getKey(), null);
                for (IPermission permission : parentPermissions) {
                    inheritedAssignments.add(new UniquePermission(permission.getOwner(), permission.getActivity(), permission.getPrincipal(), true));
                }
            }
        }
        for (UniquePermission permission : directAssignments) {
            JsonEntityBean e = groupListHelper.getEntityForPrincipal(permission.getIdentifier());
            Class<?> clazz;
            EntityEnum entityType = EntityEnum.getEntityEnum(e.getEntityTypeAsString());
            if (entityType.isGroup()) {
                clazz = IEntityGroup.class;
            } else {
                clazz = entityType.getClazz();
            }
            IAuthorizationPrincipal principal = this.authorizationService.newPrincipal(e.getId(), clazz);
            if (principal.hasPermission(permission.getOwner(), permission.getActivity(), p.getKey())) {
                permissions.add(getPermissionOnTarget(permission, entity));
            }
        }
        for (UniquePermission permission : inheritedAssignments) {
            JsonEntityBean e = groupListHelper.getEntityForPrincipal(permission.getIdentifier());
            Class<?> clazz;
            EntityEnum entityType = EntityEnum.getEntityEnum(e.getEntityTypeAsString());
            if (entityType.isGroup()) {
                clazz = IEntityGroup.class;
            } else {
                clazz = entityType.getClazz();
            }
            IAuthorizationPrincipal principal = this.authorizationService.newPrincipal(e.getId(), clazz);
            if (principal.hasPermission(permission.getOwner(), permission.getActivity(), p.getKey())) {
                permissions.add(getPermissionOnTarget(permission, entity));
            }
        }
        Collections.sort(permissions);
    }
    ModelAndView mv = new ModelAndView();
    mv.addObject("assignments", permissions);
    mv.setViewName("json");
    return mv;
}
Also used : EntityEnum(org.apereo.portal.portlets.groupselector.EntityEnum) ArrayList(java.util.ArrayList) ModelAndView(org.springframework.web.servlet.ModelAndView) IEntityGroup(org.apereo.portal.groups.IEntityGroup) IGroupMember(org.apereo.portal.groups.IGroupMember) JsonEntityBean(org.apereo.portal.layout.dlm.remoting.JsonEntityBean) IPermission(org.apereo.portal.security.IPermission) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal) HashSet(java.util.HashSet) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 5 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class ApiPermissionsService method createAssignment.

/*
     * Implementation
     */
private Assignment createAssignment(IPermission permission, IAuthorizationPrincipal authP, boolean inherited) {
    Assignment rslt = null;
    try {
        // Owner
        IPermissionOwner owner = permissionOwnerDao.getPermissionOwner(permission.getOwner());
        Owner ownerImpl = new OwnerImpl(permission.getOwner(), owner.getName());
        // Activity
        IPermissionActivity activity = permissionOwnerDao.getPermissionActivity(permission.getOwner(), permission.getActivity());
        Activity activityImpl = new ActivityImpl(permission.getActivity(), activity.getName());
        // Principal
        Principal principalImpl = new PrincipalImpl(authP.getKey(), authP.getPrincipalString());
        // Target
        // default
        Target targetImpl = null;
        IPermissionTargetProvider targetProvider = targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey());
        IPermissionTarget target = targetProvider.getTarget(permission.getTarget());
        if (target != null) {
            targetImpl = new TargetImpl(permission.getTarget(), target.getName());
        }
        rslt = new AssignmentImpl(ownerImpl, activityImpl, principalImpl, targetImpl, inherited);
    } catch (Exception e) {
        log.warn("Exception while adding permission", e);
    }
    return rslt;
}
Also used : IPermissionActivity(org.apereo.portal.permission.IPermissionActivity) IPermissionOwner(org.apereo.portal.permission.IPermissionOwner) IPermissionActivity(org.apereo.portal.permission.IPermissionActivity) IPermissionTarget(org.apereo.portal.permission.target.IPermissionTarget) IPermissionTarget(org.apereo.portal.permission.target.IPermissionTarget) IPermissionTargetProvider(org.apereo.portal.permission.target.IPermissionTargetProvider) Principal(org.apereo.portal.api.Principal) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal) PrincipalImpl(org.apereo.portal.api.PrincipalImpl) IPermissionOwner(org.apereo.portal.permission.IPermissionOwner)

Aggregations

IAuthorizationPrincipal (org.apereo.portal.security.IAuthorizationPrincipal)93 EntityIdentifier (org.apereo.portal.EntityIdentifier)32 IPerson (org.apereo.portal.security.IPerson)21 ArrayList (java.util.ArrayList)20 IEntityGroup (org.apereo.portal.groups.IEntityGroup)19 IPortletDefinition (org.apereo.portal.portlet.om.IPortletDefinition)18 IGroupMember (org.apereo.portal.groups.IGroupMember)16 IPermission (org.apereo.portal.security.IPermission)16 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)16 HashSet (java.util.HashSet)14 JsonEntityBean (org.apereo.portal.layout.dlm.remoting.JsonEntityBean)10 EntityEnum (org.apereo.portal.portlets.groupselector.EntityEnum)10 ModelAndView (org.springframework.web.servlet.ModelAndView)10 PortletCategory (org.apereo.portal.portlet.om.PortletCategory)9 AuthorizationServiceFacade (org.apereo.portal.services.AuthorizationServiceFacade)8 HashMap (java.util.HashMap)6 Locale (java.util.Locale)5 IUserInstance (org.apereo.portal.user.IUserInstance)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 IUserLayoutManager (org.apereo.portal.layout.IUserLayoutManager)4