Examples with IAuthorizationPrincipal org.apereo.portal.security.IAuthorizationPrincipal used on opensource projects

Example 76 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class PortletDefinitionImporterExporter method savePortletDefinition.

/**
 * Save a portlet definition.
 *
 * @param definition the portlet definition
 * @param categories the list of categories for the portlet
 * @param permissionMap a map of permission name -> list of groups who are granted that
 *     permission (Note: for now, only grant is supported and only for the FRAMEWORK_OWNER perm
 *     manager)
 */
private IPortletDefinition savePortletDefinition(IPortletDefinition definition, List<PortletCategory> categories, Map<ExternalPermissionDefinition, Set<IGroupMember>> permissionMap) {
    boolean newChannel = (definition.getPortletDefinitionId() == null);
    // save the channel
    definition = portletDefinitionDao.savePortletDefinition(definition);
    definition = portletDefinitionDao.getPortletDefinitionByFname(definition.getFName());
    final String defId = definition.getPortletDefinitionId().getStringId();
    final IEntity portletDefEntity = GroupService.getEntity(defId, IPortletDefinition.class);
    // The groups service needs to deal with concurrent modification better.
    synchronized (this.groupUpdateLock) {
        // Delete existing category memberships for this channel
        if (!newChannel) {
            for (IEntityGroup group : portletDefEntity.getAncestorGroups()) {
                group.removeChild(portletDefEntity);
                group.update();
            }
        }
        // For each category ID, add channel to category
        for (PortletCategory category : categories) {
            final IEntityGroup categoryGroup = GroupService.findGroup(category.getId());
            categoryGroup.addChild(portletDefEntity);
            categoryGroup.updateMembers();
        }
        // Set groups
        final AuthorizationServiceFacade authService = AuthorizationServiceFacade.instance();
        final String target = PermissionHelper.permissionTargetIdForPortletDefinition(definition);
        // Loop over the affected permission managers...
        Map<String, Collection<ExternalPermissionDefinition>> permissionsBySystem = getPermissionsBySystem(permissionMap.keySet());
        for (String system : permissionsBySystem.keySet()) {
            Collection<ExternalPermissionDefinition> systemPerms = permissionsBySystem.get(system);
            // get the permission manager for this system...
            final IUpdatingPermissionManager upm = authService.newUpdatingPermissionManager(system);
            final List<IPermission> permissions = new ArrayList<>();
            // add activity grants for each permission..
            for (ExternalPermissionDefinition permissionDef : systemPerms) {
                Set<IGroupMember> members = permissionMap.get(permissionDef);
                for (final IGroupMember member : members) {
                    final IAuthorizationPrincipal authPrincipal = authService.newPrincipal(member);
                    final IPermission permEntity = upm.newPermission(authPrincipal);
                    permEntity.setType(IPermission.PERMISSION_TYPE_GRANT);
                    permEntity.setActivity(permissionDef.getActivity());
                    permEntity.setTarget(target);
                    permissions.add(permEntity);
                }
            }
            // ones
            if (!newChannel) {
                for (ExternalPermissionDefinition permissionName : permissionMap.keySet()) {
                    IPermission[] oldPermissions = upm.getPermissions(permissionName.getActivity(), target);
                    upm.removePermissions(oldPermissions);
                }
            }
            upm.addPermissions(permissions.toArray(new IPermission[permissions.size()]));
        }
    }
    if (logger.isDebugEnabled()) {
        logger.debug("Portlet " + defId + " has been " + (newChannel ? "published" : "modified") + ".");
    }
    return definition;
}

Example 77 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class DynamicRespondrSkinViewController method displaySkinCssHeader.

/**
 * Display Skin CSS include based on skin's configuration values from portlet preferences.<br>
 * dynamic=false: load the pre-built css file from the skins directory and default skin name;
 * e.g. RELATIVE_ROOT/{defaultSkin}.css dynamic=true: Process the default skin less file if
 * needed at RELATIVE_ROOT/{defaultSkin}.less to create a customized skin css file
 * (RELATIVE_ROOT/skin-ID#.css to load.
 */
@RenderMapping
public ModelAndView displaySkinCssHeader(RenderRequest request, RenderResponse response, Model model) throws IOException {
    if (PortletRequest.RENDER_HEADERS.equals(request.getAttribute(PortletRequest.RENDER_PART))) {
        PortletPreferences prefs = request.getPreferences();
        Boolean enabled = Boolean.valueOf(prefs.getValue(DynamicRespondrSkinConstants.PREF_DYNAMIC, "false"));
        String skinName = prefs.getValue(DynamicRespondrSkinConstants.PREF_SKIN_NAME, DynamicRespondrSkinConstants.DEFAULT_SKIN_NAME);
        String cssUrl = enabled ? calculateDynamicSkinUrlPathToUse(request, skinName) : calculateDefaultSkinCssLocationInWebapp(skinName);
        model.addAttribute(DynamicRespondrSkinConstants.SKIN_CSS_URL_MODEL_ATTRIBUTE_NAME, cssUrl);
        return new ModelAndView("jsp/DynamicRespondrSkin/skinHeader");
    } else {
        // We need to know if this user can CONFIG this skin
        // Default
        boolean canAccessSkinConfig = false;
        final HttpServletRequest httpr = portalRequestUtils.getCurrentPortalRequest();
        final IPerson user = personManager.getPerson(httpr);
        final IAuthorizationPrincipal principal = AuthorizationPrincipalHelper.principalFromUser(user);
        final IPortletWindowId portletWindowId = portletWindowRegistry.getPortletWindowId(httpr, request.getWindowID());
        final IPortletWindow portletWindow = portletWindowRegistry.getPortletWindow(httpr, portletWindowId);
        final IPortletEntity portletEntity = portletWindow.getPortletEntity();
        if (principal.canConfigure(portletEntity.getPortletDefinitionId().toString())) {
            canAccessSkinConfig = true;
        }
        // RENDER_MARKUP
        return new ModelAndView("jsp/DynamicRespondrSkin/skinBody", DynamicRespondrSkinConstants.CAN_ACCESS_SKIN_CONFIG_MODEL_NAME, canAccessSkinConfig);
    }
}

Example 78 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class PopularPortletsController method buildEventCounts.

private List<PortletUsage> buildEventCounts(Integer days, IPerson user, Locale locale) {
    final DateTime end = new DateTime();
    final DateTime begin = end.minusDays(days);
    final IEntityGroup everyone = GroupService.getRootGroup(IPerson.class);
    final AggregatedGroupMapping group = aggregatedGroupLookupDao.getGroupMapping(everyone.getKey());
    final List<PortletLayoutAggregation> aggregations = portletLayoutDao.getAggregationsForAllPortlets(begin, end, AGGREGATION_INTERVAL, group);
    final EntityIdentifier ei = user.getEntityIdentifier();
    final AuthorizationServiceFacade authService = AuthorizationServiceFacade.instance();
    final IAuthorizationPrincipal ap = authService.newPrincipal(ei.getKey(), ei.getType());
    final Map<String, PortletUsage> resultBuilder = new HashMap<String, PortletUsage>();
    for (final PortletLayoutAggregation aggregation : aggregations) {
        final AggregatedPortletMapping portlet = aggregation.getPortletMapping();
        final String fname = portlet.getFname();
        PortletUsage portletUsage = resultBuilder.get(fname);
        if (portletUsage == null) {
            final IPortletDefinition portletDefinition = this.portletDefinitionDao.getPortletDefinitionByFname(fname);
            if (portletDefinition == null || !ap.canSubscribe(portletDefinition.getPortletDefinitionId().getStringId())) {
                // Skip portlets that no longer exist or cannot be subscribed to
                continue;
            }
            portletUsage = new PortletUsage(portletDefinition.getPortletDefinitionId().getLongId(), fname, portletDefinition.getTitle(locale.toString()), portletDefinition.getDescription(locale.toString()));
            resultBuilder.put(fname, portletUsage);
        }
        portletUsage.incrementCount(aggregation.getAddCount());
    }
    final ArrayList<PortletUsage> results = new ArrayList<PortletUsage>(resultBuilder.values());
    Collections.sort(results);
    return results;
}

Example 79 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class PortletAdministrationHelper method updatePermissions.

/*
     * Update permissions for a given owner, activity, and portlet definition combination. Adds new principals' permissions passed in and removes
     * principals' permissions if not in the list for the given activity.
     */
private void updatePermissions(IPortletDefinition def, Set<IGroupMember> newPrincipals, String owner, String activity) {
    final String portletTargetId = PermissionHelper.permissionTargetIdForPortletDefinition(def);
    final IUpdatingPermissionManager pm = authorizationService.newUpdatingPermissionManager(owner);
    /* Create the new permissions array */
    final List<IPermission> newPermissions = new ArrayList<>();
    for (final IGroupMember newPrincipal : newPrincipals) {
        final IAuthorizationPrincipal authorizationPrincipal = authorizationService.newPrincipal(newPrincipal);
        final IPermission permission = pm.newPermission(authorizationPrincipal);
        permission.setType(IPermission.PERMISSION_TYPE_GRANT);
        permission.setActivity(activity);
        permission.setTarget(portletTargetId);
        newPermissions.add(permission);
        logger.trace("In updatePermissions() - adding a new permission of: {}", permission);
    }
    /* Remove former permissions for this portlet / activity */
    final IPermission[] oldPermissions = pm.getPermissions(activity, portletTargetId);
    pm.removePermissions(oldPermissions);
    /* Add the new permissions */
    pm.addPermissions(newPermissions.toArray(new IPermission[newPermissions.size()]));
}

Example 80 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class PortletAdministrationHelper method shouldDisplayLayoutLink.

/**
 * Check if the link to the Fragment admin portlet should display in the status message.
 *
 * <p>Checks that the portlet is new, that the portlet has been published and that the user has
 * necessary permissions to go to the fragment admin page.
 *
 * @param person the person publishing/editing the portlet
 * @param form the portlet being editted
 * @param portletId the id of the saved portlet
 * @return true If all three conditions are met
 */
public boolean shouldDisplayLayoutLink(IPerson person, PortletDefinitionForm form, String portletId) {
    if (!form.isNew()) {
        return false;
    }
    // only include the "do layout" link for published portlets.
    if (form.getLifecycleState() != PortletLifecycleState.PUBLISHED) {
        return false;
    }
    // check that the user can edit at least 1 fragment.
    Map<String, String> layouts = fragmentAdminHelper.getAuthorizedDlmFragments(person.getUserName());
    if (layouts == null || layouts.isEmpty()) {
        return false;
    }
    // check that the user has subscribe priv.
    IAuthorizationPrincipal authPrincipal = authorizationService.newPrincipal(person.getUserName(), EntityEnum.PERSON.getClazz());
    return authPrincipal.canSubscribe(portletId);
}