Examples with IAuthorizationPrincipal org.apereo.portal.security.IAuthorizationPrincipal used on opensource projects

Search in sources :

Example 16 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class AuthorizationTester method testDoesPrincipalHavePermission.

public void testDoesPrincipalHavePermission() throws Exception {
    print("***** ENTERING AuthorizationTester.testDoesPrincipalHavePermission() *****");
    String msg = null;
    IPermission testPermission = null;
    boolean testResult = false;
    int idx = 0;
    msg = "Creating authorizationPrincipal for student.";
    print(msg);
    IAuthorizationPrincipal prin = getService().newPrincipal("student", IPERSON_CLASS);
    assertNotNull(msg, prin);
    testPermission = (IPermission) testPermissions.get(0);
    msg = "Testing  " + testPermission + " (should be TRUE -- inherited from Everyone)";
    print(msg);
    testResult = prin.hasPermission(OWNER, TEST_ACTIVITY, testPermission.getTarget());
    assertTrue(msg, testResult);
    testPermission = (IPermission) testPermissions.get(1);
    msg = "Testing  " + testPermission + " (should be FALSE -- directly denied)";
    print(msg);
    testResult = prin.hasPermission(OWNER, TEST_ACTIVITY, testPermission.getTarget());
    assertTrue(msg, !testResult);
    msg = "Testing  the rest of the test permissions (should be TRUE).";
    print(msg);
    for (idx = 2; idx < NUMBER_TEST_PERMISSIONS; idx++) {
        testPermission = (IPermission) testPermissions.get(idx);
        testResult = prin.hasPermission(OWNER, TEST_ACTIVITY, testPermission.getTarget());
        assertTrue(msg, testResult);
    }
    print("***** LEAVING AuthorizationTester.testDoesPrincipalHavePermission() *****" + CR);
}
Also used : IPermission(org.apereo.portal.security.IPermission) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)

Example 17 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class GroupListHelperImpl method getPrincipalForEntity.

public IAuthorizationPrincipal getPrincipalForEntity(JsonEntityBean entity) {
    // attempt to determine the entity type class for this principal
    Class entityType;
    EntityEnum jsonType = entity.getEntityType();
    if (jsonType.isGroup()) {
        entityType = IEntityGroup.class;
    } else {
        entityType = jsonType.getClazz();
    }
    // construct an authorization principal for this JsonEntityBean
    AuthorizationService authService = AuthorizationService.instance();
    IAuthorizationPrincipal p = authService.newPrincipal(entity.getId(), entityType);
    return p;
}
Also used : EntityEnum(org.apereo.portal.portlets.groupselector.EntityEnum) AuthorizationService(org.apereo.portal.services.AuthorizationService) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)

Example 18 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class GroupListHelperImpl method getIndividualBestRootEntity.

@Override
public JsonEntityBean getIndividualBestRootEntity(final IPerson person, final String groupType, final String permissionOwner, final String[] permissionActivities) {
    if (log.isDebugEnabled()) {
        log.debug("Choosing best root group for user='" + person.getUserName() + "', groupType='" + groupType + "', permissionOwner='" + permissionOwner + "', permissionActivities='" + Arrays.toString(permissionActivities) + "'");
    }
    final IAuthorizationPrincipal principal = AuthorizationPrincipalHelper.principalFromUser(person);
    final JsonEntityBean canonicalRootGroup = getRootEntity(groupType);
    if (log.isDebugEnabled()) {
        log.debug("Found for groupType='" + groupType + "' the following canonicalRootGroup:  " + canonicalRootGroup);
    }
    /*
         *  First check the canonical root group for the applicable activities
         *  (NOTE: the uPortal permissions infrastructure handles checking of
         *  special, collective targets like "ALL_GROUPS" and "All_categories").
         */
    for (String activity : permissionActivities) {
        if (principal.hasPermission(permissionOwner, activity, canonicalRootGroup.getId())) {
            return canonicalRootGroup;
        }
    }
    // So much for the easy path -- see if the user has any records at all for this specific owner/activity
    // Default
    JsonEntityBean rslt = null;
    final List<IPermission> permissionsOfRelevantActivity = new ArrayList<IPermission>();
    for (String activity : permissionActivities) {
        permissionsOfRelevantActivity.addAll(Arrays.asList(principal.getAllPermissions(permissionOwner, activity, null)));
    }
    if (log.isDebugEnabled()) {
        log.debug("For user='" + person.getUserName() + "', groupType='" + groupType + "', permissionOwner='" + permissionOwner + "', permissionActivities='" + Arrays.toString(permissionActivities) + "' permissionsOfRelevantTypes.size()=" + permissionsOfRelevantActivity.size());
    }
    switch(permissionsOfRelevantActivity.size()) {
        case 0:
            // No problem -- user doesn't have any of this sort of permission (leave it null)
            break;
        default:
            // root group to send back.  With luck there aren't many matches.
            for (IPermission p : permissionsOfRelevantActivity) {
                IEntityGroup groupMember = GroupService.findGroup(p.getTarget());
                final JsonEntityBean candidate = getEntity(groupMember);
                // Pass on any matches of the wrong groupType...
                if (!candidate.getEntityTypeAsString().equalsIgnoreCase(groupType)) {
                    continue;
                }
                if (rslt == null) {
                    // First allowable selection;  run with this one
                    // unless/until we're forced to make a choice.
                    rslt = candidate;
                } else {
                    // the same rich hierarchy.
                    if (candidate.getChildren().size() > rslt.getChildren().size()) {
                        rslt = candidate;
                    }
                }
            }
            break;
    }
    if (log.isDebugEnabled()) {
        log.debug("Selected for user='" + person.getUserName() + "', groupType='" + groupType + "', permissionOwner='" + permissionOwner + "', permissionActivities='" + Arrays.toString(permissionActivities) + "' the following best root group:  " + rslt);
    }
    return rslt;
}
Also used : IEntityGroup(org.apereo.portal.groups.IEntityGroup) IPermission(org.apereo.portal.security.IPermission) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal) ArrayList(java.util.ArrayList)

Example 19 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class ApiPermissionsService method getAssignmentsForPerson.

@Override
public Set<Assignment> getAssignmentsForPerson(String username, boolean includeInherited) {
    Set<Assignment> rslt = new HashSet<Assignment>();
    IAuthorizationPrincipal authP = this.authorizationService.newPrincipal(username, EntityEnum.PERSON.getClazz());
    // first get the permissions explicitly set for this principal
    IPermission[] directPermissions = permissionStore.select(null, authP.getPrincipalString(), null, null, null);
    for (IPermission permission : directPermissions) {
        if (authP.hasPermission(permission.getOwner(), permission.getActivity(), permission.getTarget())) {
            Assignment a = createAssignment(permission, authP, false);
            if (a != null) {
                rslt.add(a);
            }
        }
    }
    if (includeInherited) {
        IGroupMember member = GroupService.getGroupMember(authP.getKey(), authP.getType());
        for (IEntityGroup parent : member.getAncestorGroups()) {
            IAuthorizationPrincipal parentPrincipal = this.authorizationService.newPrincipal(parent);
            IPermission[] parentPermissions = permissionStore.select(null, parentPrincipal.getPrincipalString(), null, null, null);
            for (IPermission permission : parentPermissions) {
                if (authP.hasPermission(permission.getOwner(), permission.getActivity(), permission.getTarget())) {
                    Assignment a = createAssignment(permission, authP, true);
                    if (a != null) {
                        rslt.add(a);
                    }
                }
            }
        }
    }
    return rslt;
}
Also used : IEntityGroup(org.apereo.portal.groups.IEntityGroup) IGroupMember(org.apereo.portal.groups.IGroupMember) IPermission(org.apereo.portal.security.IPermission) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal) HashSet(java.util.HashSet)

Example 20 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class ApiPermissionsService method createAssignment.

/*
     * Implementation
     */
private Assignment createAssignment(IPermission permission, IAuthorizationPrincipal authP, boolean inherited) {
    Assignment rslt = null;
    try {
        // Owner
        IPermissionOwner owner = permissionOwnerDao.getPermissionOwner(permission.getOwner());
        Owner ownerImpl = new OwnerImpl(permission.getOwner(), owner.getName());
        // Activity
        IPermissionActivity activity = permissionOwnerDao.getPermissionActivity(permission.getOwner(), permission.getActivity());
        Activity activityImpl = new ActivityImpl(permission.getActivity(), activity.getName());
        // Principal
        Principal principalImpl = new PrincipalImpl(authP.getKey(), authP.getPrincipalString());
        // Target
        // default
        Target targetImpl = null;
        IPermissionTargetProvider targetProvider = targetProviderRegistry.getTargetProvider(activity.getTargetProviderKey());
        IPermissionTarget target = targetProvider.getTarget(permission.getTarget());
        if (target != null) {
            targetImpl = new TargetImpl(permission.getTarget(), target.getName());
        }
        rslt = new AssignmentImpl(ownerImpl, activityImpl, principalImpl, targetImpl, inherited);
    } catch (Exception e) {
        log.warn("Exception while adding permission", e);
    }
    return rslt;
}
Also used : IPermissionActivity(org.apereo.portal.permission.IPermissionActivity) IPermissionOwner(org.apereo.portal.permission.IPermissionOwner) IPermissionActivity(org.apereo.portal.permission.IPermissionActivity) IPermissionTarget(org.apereo.portal.permission.target.IPermissionTarget) IPermissionTarget(org.apereo.portal.permission.target.IPermissionTarget) IPermissionTargetProvider(org.apereo.portal.permission.target.IPermissionTargetProvider) Principal(org.apereo.portal.api.Principal) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal) PrincipalImpl(org.apereo.portal.api.PrincipalImpl) IPermissionOwner(org.apereo.portal.permission.IPermissionOwner)

Aggregations

IAuthorizationPrincipal (org.apereo.portal.security.IAuthorizationPrincipal)83 EntityIdentifier (org.apereo.portal.EntityIdentifier)31 IPerson (org.apereo.portal.security.IPerson)21 ArrayList (java.util.ArrayList)17 IPortletDefinition (org.apereo.portal.portlet.om.IPortletDefinition)17 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)15 IEntityGroup (org.apereo.portal.groups.IEntityGroup)14 IPermission (org.apereo.portal.security.IPermission)13 IGroupMember (org.apereo.portal.groups.IGroupMember)12 HashSet (java.util.HashSet)11 AuthorizationService (org.apereo.portal.services.AuthorizationService)9 ModelAndView (org.springframework.web.servlet.ModelAndView)9 JsonEntityBean (org.apereo.portal.layout.dlm.remoting.JsonEntityBean)8 PortletCategory (org.apereo.portal.portlet.om.PortletCategory)7 EntityEnum (org.apereo.portal.portlets.groupselector.EntityEnum)7 HashMap (java.util.HashMap)5 Locale (java.util.Locale)4 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 AuthorizationException (org.apereo.portal.AuthorizationException)4 MarketplaceEntry (org.apereo.portal.rest.layout.MarketplaceEntry)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial