Examples with IAuthorizationPrincipal org.apereo.portal.security.IAuthorizationPrincipal used on opensource projects

Example 56 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class PortletAdministrationHelper method addSubscribePermissionsToForm.

/*
     * Add to the form SUBSCRIBE and BROWSE activity permissions, along with their principals,
     * assigned to the portlet.
     */
private void addSubscribePermissionsToForm(IPortletDefinition def, PortletDefinitionForm form) {
    final String portletTargetId = PermissionHelper.permissionTargetIdForPortletDefinition(def);
    /* We are concerned with PORTAL_SUBSCRIBE system */
    final IPermissionManager pm = authorizationService.newPermissionManager(IPermission.PORTAL_SUBSCRIBE);
    for (String activity : PORTLET_SUBSCRIBE_ACTIVITIES) {
        /* Obtain the principals that have permission for the activity on this portlet */
        final IAuthorizationPrincipal[] principals = pm.getAuthorizedPrincipals(activity, portletTargetId);
        for (IAuthorizationPrincipal principal : principals) {
            JsonEntityBean principalBean;
            // first assume this is a group
            IEntityGroup group = GroupService.findGroup(principal.getKey());
            if (group != null) {
                // principal is a group
                principalBean = new JsonEntityBean(group, EntityEnum.GROUP);
            } else {
                // not a group, so it must be a person
                IGroupMember member = authorizationService.getGroupMember(principal);
                principalBean = new JsonEntityBean(member, EntityEnum.PERSON);
                // set the name
                String name = groupListHelper.lookupEntityName(principalBean);
                principalBean.setName(name);
            }
            /* Make sure we capture the principal just once*/
            if (!form.getPrincipals().contains(principalBean)) {
                form.addPrincipal(principalBean);
            }
            form.addPermission(principalBean.getTypeAndIdHash() + "_" + activity);
        }
    }
}

Example 57 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class GroupListHelperImpl method getEntity.

/*
     * (non-Javadoc)
     * @see org.apereo.portal.layout.dlm.remoting.IGroupListHelper#getEntity(org.apereo.portal.groups.IGroupMember)
     */
@Override
public JsonEntityBean getEntity(IGroupMember member) {
    // get the type of this member entity
    EntityEnum entityEnum = getEntityType(member);
    // construct a new entity bean for this entity
    JsonEntityBean entity;
    if (entityEnum.isGroup()) {
        entity = new JsonEntityBean((IEntityGroup) member, entityEnum);
    } else {
        entity = new JsonEntityBean(member, entityEnum);
    }
    // if the name hasn't been set yet, look up the entity name
    if (entity.getName() == null) {
        entity.setName(lookupEntityName(entity));
    }
    if (EntityEnum.GROUP.equals(entity.getEntityType()) || EntityEnum.PERSON.equals(entity.getEntityType())) {
        IAuthorizationPrincipal principal = getPrincipalForEntity(entity);
        entity.setPrincipalString(principal.getPrincipalString());
    }
    return entity;
}

Example 58 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class GroupListHelperImpl method getEntity.

/*
     * (non-Javadoc)
     * @see org.apereo.portal.layout.dlm.remoting.IGroupListHelper#getEntity(java.lang.String, java.lang.String, boolean)
     */
@Override
public JsonEntityBean getEntity(String entityType, String entityId, boolean populateChildren) {
    // get the EntityEnum for the specified entity type
    EntityEnum entityEnum = EntityEnum.getEntityEnum(entityType);
    if (entityEnum == null) {
        throw new IllegalArgumentException(String.format("Parameter entityType has an unknown value of [%s]", entityType));
    }
    // to locate it
    if (entityEnum.isGroup()) {
        // attempt to find the entity
        IEntityGroup entity = GroupService.findGroup(entityId);
        if (entity == null) {
            return null;
        } else {
            JsonEntityBean jsonBean = new JsonEntityBean(entity, entityEnum);
            if (populateChildren) {
                Iterator<IGroupMember> members = entity.getChildren().iterator();
                jsonBean = populateChildren(jsonBean, members);
            }
            if (jsonBean.getEntityType().isGroup() || EntityEnum.PERSON.equals(jsonBean.getEntityType())) {
                IAuthorizationPrincipal principal = getPrincipalForEntity(jsonBean);
                jsonBean.setPrincipalString(principal.getPrincipalString());
            }
            return jsonBean;
        }
    } else // otherwise use the getGroupMember method
    {
        IGroupMember entity = GroupService.getGroupMember(entityId, entityEnum.getClazz());
        if (entity == null || entity instanceof IEntityGroup) {
            return null;
        }
        JsonEntityBean jsonBean = new JsonEntityBean(entity, entityEnum);
        // the group member interface doesn't include the entity name, so
        // we'll need to look that up manually
        jsonBean.setName(lookupEntityName(jsonBean));
        if (EntityEnum.GROUP.equals(jsonBean.getEntityType()) || EntityEnum.PERSON.equals(jsonBean.getEntityType())) {
            IAuthorizationPrincipal principal = getPrincipalForEntity(jsonBean);
            jsonBean.setPrincipalString(principal.getPrincipalString());
        }
        return jsonBean;
    }
}

Example 59 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class UserAccountHelper method canEditUser.

public boolean canEditUser(IPerson currentUser, String target) {
    // first check to see if this is a local user
    if (!isLocalAccount(target)) {
        return false;
    }
    EntityIdentifier ei = currentUser.getEntityIdentifier();
    IAuthorizationPrincipal ap = AuthorizationServiceFacade.instance().newPrincipal(ei.getKey(), ei.getType());
    // edit their own account
    if (currentUser.getName().equals(target) && ap.hasPermission("UP_USERS", "EDIT_USER", "SELF")) {
        return true;
    } else // otherwise determine if the user has permission to edit the account
    if (ap.hasPermission("UP_USERS", "EDIT_USER", target)) {
        return true;
    } else {
        return false;
    }
}

Example 60 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class UserAccountHelper method getEditableUserAttributes.

/**
 * Returns the collection of attributes that the specified currentUser can edit.
 *
 * @param currentUser
 * @return
 */
public List<Preference> getEditableUserAttributes(IPerson currentUser) {
    EntityIdentifier ei = currentUser.getEntityIdentifier();
    IAuthorizationPrincipal ap = AuthorizationServiceFacade.instance().newPrincipal(ei.getKey(), ei.getType());
    List<Preference> allowedAttributes = new ArrayList<Preference>();
    for (Preference attr : accountEditAttributes) {
        if (ap.hasPermission("UP_USERS", "EDIT_USER_ATTRIBUTE", attr.getName())) {
            allowedAttributes.add(attr);
        }
    }
    return allowedAttributes;
}