Examples with IAuthorizationPrincipal org.apereo.portal.security.IAuthorizationPrincipal used on opensource projects

Example 31 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class PortletsRESTController method getRenderedPortlet.

/**
     * Provides a single, fully-rendered portlet. NOTE: Access to this API enpoint requires only
     * <code>IPermission.PORTAL_SUBSCRIBE</code> permission.
     */
@RequestMapping(value = "/v4-3/portlet/{fname}.html", method = RequestMethod.GET)
@ResponseBody
public String getRenderedPortlet(HttpServletRequest req, HttpServletResponse res, @PathVariable String fname) throws Exception {
    // Does the portlet exist in the registry?
    final IPortletDefinition portletDef = portletDefinitionRegistry.getPortletDefinitionByFname(fname);
    if (portletDef == null) {
        res.setStatus(HttpServletResponse.SC_NOT_FOUND);
        return "Portlet not found";
    }
    // Is the user permitted to access it?
    final IAuthorizationPrincipal ap = getAuthorizationPrincipal(req);
    if (!ap.canRender(portletDef.getPortletDefinitionId().getStringId())) {
        res.setStatus(HttpServletResponse.SC_FORBIDDEN);
        return "Access denied";
    }
    // Proceed...
    try {
        final IPortletWindow portletWindow = portletWindowRegistry.getOrCreateDefaultPortletWindow(req, portletDef.getPortletDefinitionId());
        final String rslt = portletExecutionManager.getPortletOutput(portletWindow.getPortletWindowId(), req, res);
        return rslt;
    } catch (Exception e) {
        logger.error("Failed to render the requested portlet '{}'", fname, e);
        res.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        return "Internal error";
    }
}

Example 32 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class SubscribableTabsRESTController method getSubscriptionList.

@RequestMapping(value = "/subscribableTabs.json", method = RequestMethod.GET)
public ModelAndView getSubscriptionList(HttpServletRequest request) {
    Map<String, Object> model = new HashMap<String, Object>();
    /** Retrieve the IPerson and IAuthorizationPrincipal for the currently authenticated user */
    IUserInstance userInstance = userInstanceManager.getUserInstance(request);
    IPerson person = userInstance.getPerson();
    AuthorizationService authService = AuthorizationService.instance();
    IAuthorizationPrincipal principal = authService.newPrincipal(person.getUserName(), IPerson.class);
    /**
         * Build a collection of owner IDs for the fragments to which the authenticated user is
         * subscribed
         */
    // get the list of current subscriptions for this user
    List<IUserFragmentSubscription> subscriptions = userFragmentSubscriptionDao.getUserFragmentInfo(person);
    // transform it into the set of owners
    Set<String> subscribedOwners = new HashSet<String>();
    for (IUserFragmentSubscription subscription : subscriptions) {
        if (subscription.isActive()) {
            subscribedOwners.add(subscription.getFragmentOwner());
        }
    }
    /**
         * Iterate through the list of all currently defined DLM fragments and determine if the
         * current user has permissions to subscribe to each. Any subscribable fragments will be
         * transformed into a JSON-friendly bean and added to the model.
         */
    final List<SubscribableFragment> jsonFragments = new ArrayList<SubscribableFragment>();
    // get the list of fragment definitions from DLM
    final List<FragmentDefinition> fragmentDefinitions = configurationLoader.getFragments();
    final Locale locale = RequestContextUtils.getLocale(request);
    // iterate through the list
    for (FragmentDefinition fragmentDefinition : fragmentDefinitions) {
        if (isSubscribable(fragmentDefinition, principal)) {
            String owner = fragmentDefinition.getOwnerId();
            // this fragment
            if (principal.hasPermission("UP_FRAGMENT", "FRAGMENT_SUBSCRIBE", owner)) {
                // create a JSON fragment bean and add it to our list
                boolean subscribed = subscribedOwners.contains(owner);
                final String name = getMessage("fragment." + owner + ".name", fragmentDefinition.getName(), locale);
                final String description = getMessage("fragment." + owner + ".description", fragmentDefinition.getDescription(), locale);
                SubscribableFragment jsonFragment = new SubscribableFragment(name, description, owner, subscribed);
                jsonFragments.add(jsonFragment);
            }
        }
    }
    model.put("fragments", jsonFragments);
    return new ModelAndView("json", model);
}

Example 33 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class ImportExportController method exportEntity.

@RequestMapping(value = "/entity/{entityType}/{entityId}", method = RequestMethod.GET)
public void exportEntity(@PathVariable("entityId") String entityId, @PathVariable("entityType") String entityType, @RequestParam(value = "download", required = false) boolean download, @RequestParam(value = "format", defaultValue = "XML", required = false) String formatType, HttpServletRequest request, HttpServletResponse response) throws IOException, JSONException {
    final IPerson person = personManager.getPerson(request);
    final EntityIdentifier ei = person.getEntityIdentifier();
    final IAuthorizationPrincipal ap = AuthorizationService.instance().newPrincipal(ei.getKey(), ei.getType());
    // object type, return a 401 error code
    if (!ap.hasPermission(IPermission.PORTAL_SYSTEM, IPermission.EXPORT_ACTIVITY, entityType)) {
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        return;
    }
    //Export the data into a string buffer
    final StringWriter exportBuffer = new StringWriter();
    final String fileName = portalDataHandlerService.exportData(entityType, entityId, new StreamResult(exportBuffer));
    final PrintWriter responseWriter = response.getWriter();
    if (download) {
        response.setHeader("Content-Disposition", "attachment; filename=\"" + fileName + "." + entityType + "." + formatType.toLowerCase() + "\"");
    }
    if ("XML".equalsIgnoreCase(formatType)) {
        responseWriter.print(exportBuffer.getBuffer());
    } else if ("JSON".equalsIgnoreCase(formatType)) {
        JSONObject json = XML.toJSONObject(exportBuffer.getBuffer().toString());
        responseWriter.print(json);
    } else {
        response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
        return;
    }
}

Example 34 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class MarketplaceRESTController method getPortletRatings.

/** @since 5.0 */
@RequestMapping(value = "/v5-0/marketplace/{fname}/ratings", method = RequestMethod.GET)
public ModelAndView getPortletRatings(HttpServletRequest request, @PathVariable String fname) {
    // TODO:  This method should send 404 or 403 in appropriate circumstances
    Validate.notNull(fname, "Please supply a portlet to get rating for - should not be null");
    IPortletDefinition marketplacePortletDefinition = (IPortletDefinition) marketplaceService.getOrCreateMarketplacePortletDefinitionIfTheFnameExists(fname);
    final IPerson user = personManager.getPerson(request);
    final IAuthorizationPrincipal principal = AuthorizationPrincipalHelper.principalFromUser(user);
    if (principal.canManage(marketplacePortletDefinition.getPortletDefinitionId().getStringId())) {
        Set<IMarketplaceRating> portletRatings = marketplaceRatingDAO.getRatingsByFname(fname);
        if (portletRatings != null) {
            List<MarketplaceEntryRating> ratingResults = new ArrayList<>();
            for (IMarketplaceRating imr : portletRatings) {
                ratingResults.add(new MarketplaceEntryRating(imr.getRating(), imr.getReview()));
            }
            return new ModelAndView("json", "ratings", ratingResults);
        }
    }
    return new ModelAndView("json", "ratings", null);
}

Example 35 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class PermissionsRESTController method getAssignmentsOnTarget.

@PreAuthorize("hasPermission('string', 'ALL', new org.apereo.portal.spring.security.evaluator.AuthorizableActivity('UP_PERMISSIONS', 'VIEW_PERMISSIONS'))")
@RequestMapping("/assignments/target/{target}.json")
public ModelAndView getAssignmentsOnTarget(@PathVariable("target") String target, @RequestParam(value = "includeInherited", required = false) boolean includeInherited, HttpServletRequest request, HttpServletResponse response) {
    Set<UniquePermission> directAssignments = new HashSet<UniquePermission>();
    // first get the permissions explicitly set for this principal
    IPermission[] directPermissions = permissionStore.select(null, null, null, target, null);
    for (IPermission permission : directPermissions) {
        directAssignments.add(new UniquePermission(permission.getOwner(), permission.getActivity(), permission.getPrincipal(), false));
    }
    JsonEntityBean entity = groupListHelper.getEntityForPrincipal(target);
    IAuthorizationPrincipal p = this.authorizationService.newPrincipal(entity.getId(), entity.getEntityType().getClazz());
    Set<UniquePermission> inheritedAssignments = new HashSet<UniquePermission>();
    if (includeInherited) {
        IGroupMember member = GroupService.getGroupMember(p.getKey(), p.getType());
        for (IEntityGroup parent : member.getAncestorGroups()) {
            IAuthorizationPrincipal parentPrincipal = this.authorizationService.newPrincipal(parent);
            IPermission[] parentPermissions = permissionStore.select(null, null, null, parentPrincipal.getKey(), null);
            for (IPermission permission : parentPermissions) {
                inheritedAssignments.add(new UniquePermission(permission.getOwner(), permission.getActivity(), permission.getPrincipal(), true));
            }
        }
    }
    List<JsonPermission> permissions = new ArrayList<JsonPermission>();
    for (UniquePermission permission : directAssignments) {
        JsonEntityBean e = groupListHelper.getEntityForPrincipal(permission.getIdentifier());
        Class<?> clazz;
        EntityEnum entityType = EntityEnum.getEntityEnum(e.getEntityTypeAsString());
        if (entityType.isGroup()) {
            clazz = IEntityGroup.class;
        } else {
            clazz = entityType.getClazz();
        }
        IAuthorizationPrincipal principal = this.authorizationService.newPrincipal(e.getId(), clazz);
        if (principal.hasPermission(permission.getOwner(), permission.getActivity(), p.getKey())) {
            permissions.add(getPermissionOnTarget(permission, entity));
        }
    }
    for (UniquePermission permission : inheritedAssignments) {
        JsonEntityBean e = groupListHelper.getEntityForPrincipal(permission.getIdentifier());
        Class<?> clazz;
        EntityEnum entityType = EntityEnum.getEntityEnum(e.getEntityTypeAsString());
        if (entityType.isGroup()) {
            clazz = IEntityGroup.class;
        } else {
            clazz = entityType.getClazz();
        }
        IAuthorizationPrincipal principal = this.authorizationService.newPrincipal(e.getId(), clazz);
        if (principal.hasPermission(permission.getOwner(), permission.getActivity(), p.getKey())) {
            permissions.add(getPermissionOnTarget(permission, entity));
        }
    }
    Collections.sort(permissions);
    ModelAndView mv = new ModelAndView();
    mv.addObject("assignments", permissions);
    mv.setViewName("json");
    return mv;
}