Examples with IAuthorizationPrincipal org.apereo.portal.security.IAuthorizationPrincipal used on opensource projects

Example 51 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class AbstractPermissionsController method isAuthorized.

/*
     * Protected API.
     */
protected final boolean isAuthorized(HttpServletRequest req) throws Exception {
    /*
         * This is sensitive data;  we must verify that the user
         * has the appropriate level of access to see it...
         */
    // STEP (1):  Is there an IPerson?
    final IPerson person = personManager.getPerson((HttpServletRequest) req);
    if (person != null) {
        // STEP (2):  Is the person authenticated?
        final ISecurityContext securityContext = person.getSecurityContext();
        if (securityContext != null && securityContext.isAuthenticated()) {
            // STEP (3):  Does this user have SUBSCRIBE permission for permissionsAdminChannel?
            IAuthorizationPrincipal principal = authorizationService.newPrincipal((String) person.getAttribute(IPerson.USERNAME), IPerson.class);
            final IPortletDefinition permissionsAdminPortlet = portletDefinitionRegistry.getPortletDefinitionByFname(PERMISSIONS_ADMIN_PORTLET_FNAME);
            if (permissionsAdminPortlet == null) {
                return false;
            }
            final String portletId = permissionsAdminPortlet.getPortletDefinitionId().getStringId();
            if (authorizationService.canPrincipalSubscribe(principal, portletId)) {
                return true;
            }
        }
    }
    return false;
}

Example 52 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class PermissionAssignmentMapController method updatePermission.

@RequestMapping(value = "/updatePermission", method = RequestMethod.GET)
public ModelAndView updatePermission(@RequestParam("principal") String principal, @RequestParam("assignment") String assignment, @RequestParam("principals[]") String[] principals, @RequestParam("owner") String owner, @RequestParam("activity") String activity, @RequestParam("target") String target, HttpServletRequest request, HttpServletResponse response) throws Exception {
    // ensure the current user is authorized to update and view permissions
    final IPerson currentUser = personManager.getPerson((HttpServletRequest) request);
    if (!permissionAdministrationHelper.canEditPermission(currentUser, target) || !permissionAdministrationHelper.canViewPermission(currentUser, target)) {
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        return null;
    }
    JsonEntityBean bean = groupListHelper.getEntityForPrincipal(principal);
    if (bean != null) {
        IAuthorizationPrincipal p = groupListHelper.getPrincipalForEntity(bean);
        IPermission[] directPermissions = permissionStore.select(owner, p.getPrincipalString(), activity, target, null);
        this.authorizationService.removePermissions(directPermissions);
        assignment = assignment.toUpperCase();
        if (assignment.equals(Assignment.Type.GRANT.toString()) || assignment.equals(Assignment.Type.DENY.toString())) {
            IPermission permission = new PermissionImpl(owner);
            permission.setActivity(activity);
            permission.setPrincipal(bean.getPrincipalString());
            permission.setTarget(target);
            permission.setType(assignment);
            this.authorizationService.addPermissions(new IPermission[] { permission });
        }
    } else {
        log.warn("Unable to resolve the following principal (will " + "be omitted from the list of assignments):  " + principal);
    }
    return getOwners(principals, owner, activity, target, request, response);
}

Example 53 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class PermissionAssignmentMapController method getOwners.

@RequestMapping(value = "/permissionAssignmentMap", method = RequestMethod.GET)
public ModelAndView getOwners(@RequestParam("principals[]") String[] principals, @RequestParam("owner") String owner, @RequestParam("activity") String activity, @RequestParam("target") String target, HttpServletRequest request, HttpServletResponse response) throws Exception {
    // ensure the current user is authorized to view permissions
    final IPerson currentUser = personManager.getPerson((HttpServletRequest) request);
    if (!permissionAdministrationHelper.canViewPermission(currentUser, target)) {
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        return null;
    }
    // Build the set of existing assignments
    List<Assignment> flatAssignmentsList = new ArrayList<Assignment>();
    for (String principal : principals) {
        JsonEntityBean bean = groupListHelper.getEntityForPrincipal(principal);
        if (bean != null) {
            IAuthorizationPrincipal p = groupListHelper.getPrincipalForEntity(bean);
            // first get the permissions explicitly set for this principal
            Assignment.Type type = getAssignmentType(p, owner, activity, target);
            flatAssignmentsList.add(new Assignment(principal, bean, type));
        } else {
            log.warn("Unable to resolve the following principal (will " + "be omitted from the list of assignments):  " + principal);
        }
    }
    List<Assignment> assignments = new ArrayList<Assignment>();
    for (Assignment a : flatAssignmentsList) {
        placeInHierarchy(a, assignments, owner, activity, target);
    }
    Map<String, Object> model = Collections.<String, Object>singletonMap("assignments", assignments);
    return new ModelAndView("jsonView", model);
}

Example 54 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class MarketplaceRESTController method marketplaceEntryFeed.

@RequestMapping(value = "/marketplace/entry/{fname}.json")
public ModelAndView marketplaceEntryFeed(HttpServletRequest request, HttpServletResponse response, @PathVariable String fname) {
    final IPerson user = personManager.getPerson(request);
    final IAuthorizationPrincipal principal = AuthorizationPrincipalHelper.principalFromUser(user);
    final MarketplacePortletDefinition marketplacePortletDefinition = marketplaceService.getOrCreateMarketplacePortletDefinitionIfTheFnameExists(fname);
    if (marketplacePortletDefinition != null && marketplaceService.mayBrowsePortlet(principal, marketplacePortletDefinition)) {
        MarketplaceEntry entry = new MarketplaceEntry(marketplacePortletDefinition, true, user);
        entry.setCanAdd(marketplaceService.mayAddPortlet(user, marketplacePortletDefinition));
        return new ModelAndView("json", "entry", entry);
    }
    response.setStatus(HttpServletResponse.SC_NO_CONTENT);
    return null;
}

Example 55 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class PortletAdministrationHelper method hasLifecyclePermission.

public boolean hasLifecyclePermission(IPerson person, PortletLifecycleState state, SortedSet<JsonEntityBean> categories) {
    EntityIdentifier ei = person.getEntityIdentifier();
    IAuthorizationPrincipal ap = authorizationService.newPrincipal(ei.getKey(), ei.getType());
    final String activity;
    switch(state) {
        case APPROVED:
            {
                activity = IPermission.PORTLET_MANAGER_APPROVED_ACTIVITY;
                break;
            }
        case CREATED:
            {
                activity = IPermission.PORTLET_MANAGER_CREATED_ACTIVITY;
                break;
            }
        case PUBLISHED:
            {
                activity = IPermission.PORTLET_MANAGER_ACTIVITY;
                break;
            }
        case EXPIRED:
            {
                activity = IPermission.PORTLET_MANAGER_EXPIRED_ACTIVITY;
                break;
            }
        case MAINTENANCE:
            {
                activity = IPermission.PORTLET_MANAGER_MAINTENANCE_ACTIVITY;
                break;
            }
        default:
            {
                throw new IllegalArgumentException("");
            }
    }
    if (ap.hasPermission(IPermission.PORTAL_PUBLISH, activity, IPermission.ALL_PORTLETS_TARGET)) {
        logger.debug("Found permission for category ALL_PORTLETS and lifecycle state " + state.toString());
        return true;
    }
    for (JsonEntityBean category : categories) {
        if (ap.canManage(state, category.getId())) {
            logger.debug("Found permission for category " + category.getName() + " and lifecycle state " + state.toString());
            return true;
        }
    }
    logger.debug("No permission for lifecycle state " + state.toString());
    return false;
}