use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.
the class EntityService method getPrincipalForEntity.
public IAuthorizationPrincipal getPrincipalForEntity(Entity entity) {
// attempt to determine the entity type class for this principal
if (entity == null) {
return null;
}
Class entityType;
if (entity.getEntityType().equals(EntityEnum.GROUP.toString())) {
entityType = IEntityGroup.class;
} else {
entityType = EntityEnum.getEntityEnum(entity.getEntityType()).getClazz();
}
// construct an authorization principal for this JsonEntityBean
AuthorizationServiceFacade authService = AuthorizationServiceFacade.instance();
IAuthorizationPrincipal p = authService.newPrincipal(entity.getId(), entityType);
return p;
}
use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.
the class ApiPermissionsService method getAssignmentsForPerson.
@Override
public Set<Assignment> getAssignmentsForPerson(String username, boolean includeInherited) {
Set<Assignment> rslt = new HashSet<Assignment>();
if (StringUtils.isBlank(username)) {
return null;
}
IAuthorizationPrincipal authP = this.authorizationService.newPrincipal(username, EntityEnum.PERSON.getClazz());
// first get the permissions explicitly set for this principal
IPermission[] directPermissions = permissionStore.select(null, authP.getPrincipalString(), null, null, null);
for (IPermission permission : directPermissions) {
if (authP.hasPermission(permission.getOwner(), permission.getActivity(), permission.getTarget())) {
Assignment a = createAssignment(permission, authP, false);
if (a != null) {
rslt.add(a);
}
}
}
if (includeInherited) {
IGroupMember member = GroupService.getGroupMember(authP.getKey(), authP.getType());
for (IEntityGroup parent : member.getAncestorGroups()) {
IAuthorizationPrincipal parentPrincipal = this.authorizationService.newPrincipal(parent);
IPermission[] parentPermissions = permissionStore.select(null, parentPrincipal.getPrincipalString(), null, null, null);
for (IPermission permission : parentPermissions) {
if (authP.hasPermission(permission.getOwner(), permission.getActivity(), permission.getTarget())) {
Assignment a = createAssignment(permission, authP, true);
if (a != null) {
rslt.add(a);
}
}
}
}
}
return rslt;
}
use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.
the class ChannelListController method getRegistry43.
/*
* Private methods that support the 4.3 version of the API
*/
/**
* Gathers and organizes the response based on the specified rootCategory and the permissions of
* the specified user.
*/
private Map<String, SortedSet<?>> getRegistry43(WebRequest request, IPerson user, PortletCategory rootCategory, boolean includeUncategorized) {
/*
* This collection of all the portlets in the portal is for the sake of
* tracking which ones are uncategorized. They will be added to the
* output if includeUncategorized=true.
*/
Set<IPortletDefinition> portletsNotYetCategorized = includeUncategorized ? new HashSet<IPortletDefinition>(portletDefinitionRegistry.getAllPortletDefinitions()) : new HashSet<// Not necessary to fetch them if we're not
IPortletDefinition>();
// tracking them
// construct a new channel registry
Map<String, SortedSet<?>> rslt = new TreeMap<String, SortedSet<?>>();
SortedSet<PortletCategoryBean> categories = new TreeSet<PortletCategoryBean>();
// add the root category and all its children to the registry
final Locale locale = getUserLocale(user);
categories.add(preparePortletCategoryBean(request, rootCategory, portletsNotYetCategorized, user, locale));
if (includeUncategorized) {
/*
* uPortal historically has provided for a convention that portlets not in any category
* may potentially be viewed by users but may not be subscribed to.
*
* As of uPortal 4.2, the logic below now takes any portlets the user has BROWSE access to
* that have not already been identified as belonging to a category and adds them to a category
* called Uncategorized.
*/
EntityIdentifier ei = user.getEntityIdentifier();
IAuthorizationPrincipal ap = AuthorizationServiceFacade.instance().newPrincipal(ei.getKey(), ei.getType());
Set<PortletDefinitionBean> marketplacePortlets = new HashSet<>();
for (IPortletDefinition portlet : portletsNotYetCategorized) {
if (authorizationService.canPrincipalBrowse(ap, portlet)) {
PortletDefinitionBean pdb = preparePortletDefinitionBean(request, portlet, locale);
marketplacePortlets.add(pdb);
}
}
// construct a new channel category bean for this category
final String uncName = messageSource.getMessage(UNCATEGORIZED, new Object[] {}, locale);
final String uncDescription = messageSource.getMessage(UNCATEGORIZED_DESC, new Object[] {}, locale);
PortletCategory pc = new PortletCategory(// Use of this String for Id matches earlier version of API
uncName);
pc.setName(uncName);
pc.setDescription(uncDescription);
PortletCategoryBean unc = PortletCategoryBean.fromPortletCategory(pc, null, marketplacePortlets);
// Add even if no portlets in category
categories.add(unc);
}
rslt.put("categories", categories);
return rslt;
}
use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.
the class PermissionsRESTController method getAssignmentsOnTarget.
@PreAuthorize("hasPermission('ALL', 'java.lang.String', new org.apereo.portal.spring.security.evaluator.AuthorizableActivity('UP_PERMISSIONS', 'VIEW_PERMISSIONS'))")
@RequestMapping("/assignments/target/{target}.json")
public ModelAndView getAssignmentsOnTarget(@PathVariable("target") String target, @RequestParam(value = "includeInherited", required = false) boolean includeInherited, HttpServletRequest request, HttpServletResponse response) {
Set<UniquePermission> directAssignments = new HashSet<UniquePermission>();
// first get the permissions explicitly set for this principal
IPermission[] directPermissions = permissionStore.select(null, null, null, target, null);
for (IPermission permission : directPermissions) {
directAssignments.add(new UniquePermission(permission.getOwner(), permission.getActivity(), permission.getPrincipal(), false));
}
JsonEntityBean entity = groupListHelper.getEntityForPrincipal(target);
Set<UniquePermission> inheritedAssignments = new HashSet<UniquePermission>();
List<JsonPermission> permissions = new ArrayList<JsonPermission>();
if (entity != null) {
IAuthorizationPrincipal p = this.authorizationService.newPrincipal(entity.getId(), entity.getEntityType().getClazz());
if (includeInherited) {
IGroupMember member = GroupService.getGroupMember(p.getKey(), p.getType());
for (IEntityGroup parent : member.getAncestorGroups()) {
IAuthorizationPrincipal parentPrincipal = this.authorizationService.newPrincipal(parent);
IPermission[] parentPermissions = permissionStore.select(null, null, null, parentPrincipal.getKey(), null);
for (IPermission permission : parentPermissions) {
inheritedAssignments.add(new UniquePermission(permission.getOwner(), permission.getActivity(), permission.getPrincipal(), true));
}
}
}
for (UniquePermission permission : directAssignments) {
JsonEntityBean e = groupListHelper.getEntityForPrincipal(permission.getIdentifier());
Class<?> clazz;
EntityEnum entityType = EntityEnum.getEntityEnum(e.getEntityTypeAsString());
if (entityType.isGroup()) {
clazz = IEntityGroup.class;
} else {
clazz = entityType.getClazz();
}
IAuthorizationPrincipal principal = this.authorizationService.newPrincipal(e.getId(), clazz);
if (principal.hasPermission(permission.getOwner(), permission.getActivity(), p.getKey())) {
permissions.add(getPermissionOnTarget(permission, entity));
}
}
for (UniquePermission permission : inheritedAssignments) {
JsonEntityBean e = groupListHelper.getEntityForPrincipal(permission.getIdentifier());
Class<?> clazz;
EntityEnum entityType = EntityEnum.getEntityEnum(e.getEntityTypeAsString());
if (entityType.isGroup()) {
clazz = IEntityGroup.class;
} else {
clazz = entityType.getClazz();
}
IAuthorizationPrincipal principal = this.authorizationService.newPrincipal(e.getId(), clazz);
if (principal.hasPermission(permission.getOwner(), permission.getActivity(), p.getKey())) {
permissions.add(getPermissionOnTarget(permission, entity));
}
}
Collections.sort(permissions);
}
ModelAndView mv = new ModelAndView();
mv.addObject("assignments", permissions);
mv.setViewName("json");
return mv;
}
use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.
the class ApiPermissionsService method createAssignment.
/*
* Implementation
*/
private Assignment createAssignment(IPermission permission, IAuthorizationPrincipal authP, boolean inherited) {
Assignment rslt = null;
try {
// Owner
IPermissionOwner owner = permissionOwnerDao.getPermissionOwner(permission.getOwner());
Owner ownerImpl = new OwnerImpl(permission.getOwner(), owner.getName());
// Activity
IPermissionActivity activity = permissionOwnerDao.getPermissionActivity(permission.getOwner(), permission.getActivity());
Activity activityImpl = new ActivityImpl(permission.getActivity(), activity.getName());
// Principal
Principal principalImpl = new PrincipalImpl(authP.getKey(), authP.getPrincipalString());
// Target
// default
Target targetImpl = null;
IPermissionTargetProvider targetProvider = targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey());
IPermissionTarget target = targetProvider.getTarget(permission.getTarget());
if (target != null) {
targetImpl = new TargetImpl(permission.getTarget(), target.getName());
}
rslt = new AssignmentImpl(ownerImpl, activityImpl, principalImpl, targetImpl, inherited);
} catch (Exception e) {
log.warn("Exception while adding permission", e);
}
return rslt;
}
Aggregations