Search in sources :

Example 91 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class PortletDefinitionImporterExporter method exportPermission.

private boolean exportPermission(IPortletDefinition def, ExternalPermissionDefinition permDef, List<String> groupList, List<String> userList) {
    final AuthorizationServiceFacade authService = AuthorizationServiceFacade.instance();
    final IPermissionManager pm = authService.newPermissionManager(permDef.getSystem());
    final String portletTargetId = PermissionHelper.permissionTargetIdForPortletDefinition(def);
    final IAuthorizationPrincipal[] principals = pm.getAuthorizedPrincipals(permDef.getActivity(), portletTargetId);
    boolean permAdded = false;
    for (IAuthorizationPrincipal principal : principals) {
        IGroupMember member = authService.getGroupMember(principal);
        if (member.isGroup()) {
            final EntityNameFinderService entityNameFinderService = EntityNameFinderService.instance();
            final IEntityNameFinder nameFinder = entityNameFinderService.getNameFinder(member.getType());
            try {
                groupList.add(nameFinder.getName(member.getKey()));
                permAdded = true;
            } catch (Exception e) {
                throw new RuntimeException("Could not find group name for entity: " + member.getKey(), e);
            }
        } else {
            if (userList != null) {
                userList.add(member.getKey());
                permAdded = true;
            }
        }
    }
    Collections.sort(groupList);
    if (userList != null) {
        Collections.sort(userList);
    }
    return permAdded;
}
Also used : IPermissionManager(org.apereo.portal.security.IPermissionManager) IGroupMember(org.apereo.portal.groups.IGroupMember) IEntityNameFinder(org.apereo.portal.groups.IEntityNameFinder) AuthorizationServiceFacade(org.apereo.portal.services.AuthorizationServiceFacade) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal) EntityNameFinderService(org.apereo.portal.services.EntityNameFinderService)

Example 92 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class ClassicMaxInactiveStrategy method calcMaxInactive.

@Override
public Integer calcMaxInactive(IPerson person) {
    assert person != null;
    IAuthorizationPrincipal principal = authorizationService.newPrincipal((String) person.getAttribute(IPerson.USERNAME), IPerson.class);
    IPermission[] permissions = authorizationService.getAllPermissionsForPrincipal(principal, IPermission.PORTAL_SYSTEM, MAX_INACTIVE_ATTR, null);
    assert permissions != null;
    if (permissions.length == 0) {
        // No max inactive permission set for this user
        log.info("No {} permissions apply to user '{}'", MAX_INACTIVE_ATTR, person.getAttribute(IPerson.USERNAME));
        return null;
    }
    Integer rulingGrant = null;
    Integer rulingDeny = null;
    for (IPermission p : permissions) {
        // First be sure the record applies currently...
        long now = System.currentTimeMillis();
        if (p.getEffective() != null && p.getEffective().getTime() > now) {
            // It's *TOO EARLY* for this record... move on.
            continue;
        }
        if (p.getExpires() != null && p.getExpires().getTime() < now) {
            // It's *TOO LATE* for this record... move on.
            continue;
        }
        if (p.getType().equals(IPermission.PERMISSION_TYPE_GRANT)) {
            try {
                Integer grantEntry = Integer.valueOf(p.getTarget());
                if (rulingGrant == null || grantEntry < 0 || /* Any negative number trumps all */
                rulingGrant < grantEntry) {
                    rulingGrant = grantEntry;
                }
            } catch (NumberFormatException nfe) {
                log.warn("Invalid MAX_INACTIVE permission grant '" + p.getTarget() + "';  target must be an integer value.");
            }
        } else if (p.getType().equals(IPermission.PERMISSION_TYPE_DENY)) {
            try {
                Integer denyEntry = Integer.valueOf(p.getTarget());
                if (rulingDeny == null || rulingDeny > denyEntry) {
                    rulingDeny = denyEntry;
                }
            } catch (NumberFormatException nfe) {
                log.warn("Invalid MAX_INACTIVE permission deny '" + p.getTarget() + "';  target must be an integer value.");
            }
        } else {
            log.warn("Unknown permission type:  " + p.getType());
        }
    }
    if (rulingDeny != null && rulingDeny < 0) {
        // Negative MaxInactiveInterval values mean the session never
        // times out, so a negative DENY is somewhat nonsensical... just
        // clear it.
        log.warn("A MAX_INACTIVE DENY entry improperly specified a negative target:  " + rulingDeny);
        rulingDeny = null;
    }
    if (rulingGrant != null || rulingDeny != null) {
        // We only want to intervene if there's some actual value
        // specified... otherwise we'll just let the container settings
        // govern.
        int maxInactive = rulingGrant != null ? rulingGrant : // If rulingGrant is null, rulingDeny won't be...
        0;
        if (rulingDeny != null) {
            // Applying DENY entries is tricky b/c GRANT entries may be negative...
            int limit = rulingDeny;
            if (maxInactive >= 0) {
                maxInactive = limit < maxInactive ? limit : maxInactive;
            } else {
                // The best grant was negative (unlimited), so go with limit...
                maxInactive = limit;
            }
        }
        return maxInactive;
    }
    return null;
}
Also used : IPermission(org.apereo.portal.security.IPermission) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)

Example 93 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class MarketplaceService method browseableNonEmptyPortletCategoriesFor.

@Override
public Set<PortletCategory> browseableNonEmptyPortletCategoriesFor(final IPerson user, final Set<PortletCategory> categories) {
    final IAuthorizationPrincipal principal = AuthorizationPrincipalHelper.principalFromUser(user);
    final Set<MarketplaceEntry> browseablePortlets = browseableMarketplaceEntriesFor(user, categories);
    final Set<PortletCategory> browseableCategories = new HashSet<PortletCategory>();
    // categories containing zero browseable portlets are excluded.
    for (final MarketplaceEntry entry : browseablePortlets) {
        IPortletDefinition portletDefinition = entry.getMarketplacePortletDefinition();
        for (final PortletCategory category : this.portletCategoryRegistry.getParentCategories(portletDefinition)) {
            final String categoryId = category.getId();
            if (mayBrowse(principal, categoryId)) {
                browseableCategories.add(category);
            } else {
                logger.trace("Portlet {} is browseable by {} but it is in category {} " + "which is not browseable by that user.  " + "This may be as intended, " + "or it may be that that portlet category ought to be more widely browseable.", portletDefinition, user, category);
            }
        }
    }
    logger.trace("These categories {} are browseable by {}.", browseableCategories, user);
    return browseableCategories;
}
Also used : MarketplaceEntry(org.apereo.portal.rest.layout.MarketplaceEntry) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal) PortletCategory(org.apereo.portal.portlet.om.PortletCategory) HashSet(java.util.HashSet) IPortletDefinition(org.apereo.portal.portlet.om.IPortletDefinition)

Aggregations

IAuthorizationPrincipal (org.apereo.portal.security.IAuthorizationPrincipal)93 EntityIdentifier (org.apereo.portal.EntityIdentifier)32 IPerson (org.apereo.portal.security.IPerson)21 ArrayList (java.util.ArrayList)20 IEntityGroup (org.apereo.portal.groups.IEntityGroup)19 IPortletDefinition (org.apereo.portal.portlet.om.IPortletDefinition)18 IGroupMember (org.apereo.portal.groups.IGroupMember)16 IPermission (org.apereo.portal.security.IPermission)16 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)16 HashSet (java.util.HashSet)14 JsonEntityBean (org.apereo.portal.layout.dlm.remoting.JsonEntityBean)10 EntityEnum (org.apereo.portal.portlets.groupselector.EntityEnum)10 ModelAndView (org.springframework.web.servlet.ModelAndView)10 PortletCategory (org.apereo.portal.portlet.om.PortletCategory)9 AuthorizationServiceFacade (org.apereo.portal.services.AuthorizationServiceFacade)8 HashMap (java.util.HashMap)6 Locale (java.util.Locale)5 IUserInstance (org.apereo.portal.user.IUserInstance)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 IUserLayoutManager (org.apereo.portal.layout.IUserLayoutManager)4