Examples with IAuthorizationPrincipal org.apereo.portal.security.IAuthorizationPrincipal used on opensource projects

Example 6 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class GroupListHelperImpl method getPrincipalForEntity.

@Override
public IAuthorizationPrincipal getPrincipalForEntity(JsonEntityBean entity) {
    if (entity == null) {
        throw new IllegalArgumentException("Parameter cannot be null.");
    }
    // attempt to determine the entity type class for this principal
    Class entityType;
    EntityEnum jsonType = entity.getEntityType();
    if (jsonType == null) {
        throw new IllegalArgumentException("Parameter's entityType cannot be null.");
    }
    if (jsonType.isGroup()) {
        entityType = IEntityGroup.class;
    } else {
        entityType = jsonType.getClazz();
    }
    // construct an authorization principal for this JsonEntityBean
    AuthorizationServiceFacade authService = AuthorizationServiceFacade.instance();
    IAuthorizationPrincipal p = authService.newPrincipal(entity.getId(), entityType);
    return p;
}

Example 7 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class UserAccountHelper method canDeleteUser.

public boolean canDeleteUser(IPerson currentUser, String target) {
    // first check to see if this is a local user
    if (!isLocalAccount(target)) {
        return false;
    }
    EntityIdentifier ei = currentUser.getEntityIdentifier();
    IAuthorizationPrincipal ap = AuthorizationServiceFacade.instance().newPrincipal(ei.getKey(), ei.getType());
    // TODO create new user editing permission
    return (ap.hasPermission("UP_USERS", "DELETE_USER", target));
}

Example 8 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class UserAccountHelper method updateAccount.

public void updateAccount(IPerson currentUser, PersonForm form) {
    ILocalAccountPerson account;
    // username
    if (form.getId() < 0) {
        account = accountDao.getPerson(form.getUsername());
        if (account == null) {
            /*
                 * Should there be a permissions check to verify
                 * the user is allowed to create new users?
                 */
            account = accountDao.createPerson(form.getUsername());
        }
    } else // otherwise, get the existing account from the database
    {
        account = accountDao.getPerson(form.getId());
    }
    /*
         * SANITY CHECK #1:  Is the user permitted to modify this account?
         * (Presumably this check was already made when the page was rendered,
         * but re-checking alleviates danger from cleverly-crafted HTTP
         * requests.)
         */
    if (!canEditUser(currentUser, account.getName())) {
        throw new RuntimeException("Current user " + currentUser.getName() + " does not have permissions to update person " + account.getName());
    }
    // Used w/ check #2
    EntityIdentifier ei = currentUser.getEntityIdentifier();
    IAuthorizationPrincipal ap = AuthorizationServiceFacade.instance().newPrincipal(ei.getKey(), ei.getType());
    // update the account attributes to match those specified in the form
    List<Preference> editableAttributes = getEditableUserAttributes(currentUser);
    for (Preference editableAttribute : editableAttributes) {
        String attributeName = editableAttribute.getName();
        /*
             * SANITY CHECK #2:  Should never fail since getEditableUserAttributes should return only
             * editable attribute names, but do this anyway just in case.
             */
        if (!ap.hasPermission("UP_USERS", "EDIT_USER_ATTRIBUTE", attributeName)) {
            throw new RuntimeException("Current user " + currentUser.getName() + " does not have permissions to edit attribute " + attributeName);
        }
        if (form.getAttributes().get(attributeName) == null || form.getAttributes().get(attributeName).isBlank()) {
            account.removeAttribute(attributeName);
        } else {
            account.setAttribute(attributeName, form.getAttributes().get(attributeName).getValue());
        }
    }
    // if a new password has been specified, update the account password
    if (StringUtils.isNotBlank(form.getPassword())) {
        account.setPassword(passwordService.encryptPassword(form.getPassword()));
        account.setLastPasswordChange(new Date());
        account.removeAttribute("loginToken");
    }
    accountDao.updateAccount(account);
    log.info("Account " + account.getName() + " successfully updated");
}

Example 9 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class GroupAdministrationHelper method canEditGroup.

public boolean canEditGroup(IPerson currentUser, String target) {
    EntityIdentifier ei = currentUser.getEntityIdentifier();
    IAuthorizationPrincipal ap = AuthorizationServiceFacade.instance().newPrincipal(ei.getKey(), ei.getType());
    return (ap.hasPermission(IPermission.PORTAL_GROUPS, IPermission.EDIT_GROUP_ACTIVITY, target));
}

Example 10 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class GroupAdministrationHelper method canViewGroup.

public boolean canViewGroup(IPerson currentUser, String target) {
    EntityIdentifier ei = currentUser.getEntityIdentifier();
    IAuthorizationPrincipal ap = AuthorizationServiceFacade.instance().newPrincipal(ei.getKey(), ei.getType());
    return (ap.hasPermission(IPermission.PORTAL_GROUPS, IPermission.VIEW_GROUP_ACTIVITY, target));
}