use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.
the class PortletDefinitionImporterExporter method exportPermission.
private boolean exportPermission(IPortletDefinition def, ExternalPermissionDefinition permDef, List<String> groupList, List<String> userList) {
final AuthorizationServiceFacade authService = AuthorizationServiceFacade.instance();
final IPermissionManager pm = authService.newPermissionManager(permDef.getSystem());
final String portletTargetId = PermissionHelper.permissionTargetIdForPortletDefinition(def);
final IAuthorizationPrincipal[] principals = pm.getAuthorizedPrincipals(permDef.getActivity(), portletTargetId);
boolean permAdded = false;
for (IAuthorizationPrincipal principal : principals) {
IGroupMember member = authService.getGroupMember(principal);
if (member.isGroup()) {
final EntityNameFinderService entityNameFinderService = EntityNameFinderService.instance();
final IEntityNameFinder nameFinder = entityNameFinderService.getNameFinder(member.getType());
try {
groupList.add(nameFinder.getName(member.getKey()));
permAdded = true;
} catch (Exception e) {
throw new RuntimeException("Could not find group name for entity: " + member.getKey(), e);
}
} else {
if (userList != null) {
userList.add(member.getKey());
permAdded = true;
}
}
}
Collections.sort(groupList);
if (userList != null) {
Collections.sort(userList);
}
return permAdded;
}
use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.
the class ClassicMaxInactiveStrategy method calcMaxInactive.
@Override
public Integer calcMaxInactive(IPerson person) {
assert person != null;
IAuthorizationPrincipal principal = authorizationService.newPrincipal((String) person.getAttribute(IPerson.USERNAME), IPerson.class);
IPermission[] permissions = authorizationService.getAllPermissionsForPrincipal(principal, IPermission.PORTAL_SYSTEM, MAX_INACTIVE_ATTR, null);
assert permissions != null;
if (permissions.length == 0) {
// No max inactive permission set for this user
log.info("No {} permissions apply to user '{}'", MAX_INACTIVE_ATTR, person.getAttribute(IPerson.USERNAME));
return null;
}
Integer rulingGrant = null;
Integer rulingDeny = null;
for (IPermission p : permissions) {
// First be sure the record applies currently...
long now = System.currentTimeMillis();
if (p.getEffective() != null && p.getEffective().getTime() > now) {
// It's *TOO EARLY* for this record... move on.
continue;
}
if (p.getExpires() != null && p.getExpires().getTime() < now) {
// It's *TOO LATE* for this record... move on.
continue;
}
if (p.getType().equals(IPermission.PERMISSION_TYPE_GRANT)) {
try {
Integer grantEntry = Integer.valueOf(p.getTarget());
if (rulingGrant == null || grantEntry < 0 || /* Any negative number trumps all */
rulingGrant < grantEntry) {
rulingGrant = grantEntry;
}
} catch (NumberFormatException nfe) {
log.warn("Invalid MAX_INACTIVE permission grant '" + p.getTarget() + "'; target must be an integer value.");
}
} else if (p.getType().equals(IPermission.PERMISSION_TYPE_DENY)) {
try {
Integer denyEntry = Integer.valueOf(p.getTarget());
if (rulingDeny == null || rulingDeny > denyEntry) {
rulingDeny = denyEntry;
}
} catch (NumberFormatException nfe) {
log.warn("Invalid MAX_INACTIVE permission deny '" + p.getTarget() + "'; target must be an integer value.");
}
} else {
log.warn("Unknown permission type: " + p.getType());
}
}
if (rulingDeny != null && rulingDeny < 0) {
// Negative MaxInactiveInterval values mean the session never
// times out, so a negative DENY is somewhat nonsensical... just
// clear it.
log.warn("A MAX_INACTIVE DENY entry improperly specified a negative target: " + rulingDeny);
rulingDeny = null;
}
if (rulingGrant != null || rulingDeny != null) {
// We only want to intervene if there's some actual value
// specified... otherwise we'll just let the container settings
// govern.
int maxInactive = rulingGrant != null ? rulingGrant : // If rulingGrant is null, rulingDeny won't be...
0;
if (rulingDeny != null) {
// Applying DENY entries is tricky b/c GRANT entries may be negative...
int limit = rulingDeny;
if (maxInactive >= 0) {
maxInactive = limit < maxInactive ? limit : maxInactive;
} else {
// The best grant was negative (unlimited), so go with limit...
maxInactive = limit;
}
}
return maxInactive;
}
return null;
}
use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.
the class MarketplaceService method browseableNonEmptyPortletCategoriesFor.
@Override
public Set<PortletCategory> browseableNonEmptyPortletCategoriesFor(final IPerson user, final Set<PortletCategory> categories) {
final IAuthorizationPrincipal principal = AuthorizationPrincipalHelper.principalFromUser(user);
final Set<MarketplaceEntry> browseablePortlets = browseableMarketplaceEntriesFor(user, categories);
final Set<PortletCategory> browseableCategories = new HashSet<PortletCategory>();
// categories containing zero browseable portlets are excluded.
for (final MarketplaceEntry entry : browseablePortlets) {
IPortletDefinition portletDefinition = entry.getMarketplacePortletDefinition();
for (final PortletCategory category : this.portletCategoryRegistry.getParentCategories(portletDefinition)) {
final String categoryId = category.getId();
if (mayBrowse(principal, categoryId)) {
browseableCategories.add(category);
} else {
logger.trace("Portlet {} is browseable by {} but it is in category {} " + "which is not browseable by that user. " + "This may be as intended, " + "or it may be that that portlet category ought to be more widely browseable.", portletDefinition, user, category);
}
}
}
logger.trace("These categories {} are browseable by {}.", browseableCategories, user);
return browseableCategories;
}
Aggregations