Examples with IPermission org.apereo.portal.security.IPermission used on opensource projects

Example 11 with IPermission

use of org.apereo.portal.security.IPermission in project uPortal by Jasig.

the class PermissionsRESTController method getAssignmentsOnTarget.

@PreAuthorize("hasPermission('string', 'ALL', new org.apereo.portal.spring.security.evaluator.AuthorizableActivity('UP_PERMISSIONS', 'VIEW_PERMISSIONS'))")
@RequestMapping("/assignments/target/{target}.json")
public ModelAndView getAssignmentsOnTarget(@PathVariable("target") String target, @RequestParam(value = "includeInherited", required = false) boolean includeInherited, HttpServletRequest request, HttpServletResponse response) {
    Set<UniquePermission> directAssignments = new HashSet<UniquePermission>();
    // first get the permissions explicitly set for this principal
    IPermission[] directPermissions = permissionStore.select(null, null, null, target, null);
    for (IPermission permission : directPermissions) {
        directAssignments.add(new UniquePermission(permission.getOwner(), permission.getActivity(), permission.getPrincipal(), false));
    }
    JsonEntityBean entity = groupListHelper.getEntityForPrincipal(target);
    IAuthorizationPrincipal p = this.authorizationService.newPrincipal(entity.getId(), entity.getEntityType().getClazz());
    Set<UniquePermission> inheritedAssignments = new HashSet<UniquePermission>();
    if (includeInherited) {
        IGroupMember member = GroupService.getGroupMember(p.getKey(), p.getType());
        for (IEntityGroup parent : member.getAncestorGroups()) {
            IAuthorizationPrincipal parentPrincipal = this.authorizationService.newPrincipal(parent);
            IPermission[] parentPermissions = permissionStore.select(null, null, null, parentPrincipal.getKey(), null);
            for (IPermission permission : parentPermissions) {
                inheritedAssignments.add(new UniquePermission(permission.getOwner(), permission.getActivity(), permission.getPrincipal(), true));
            }
        }
    }
    List<JsonPermission> permissions = new ArrayList<JsonPermission>();
    for (UniquePermission permission : directAssignments) {
        JsonEntityBean e = groupListHelper.getEntityForPrincipal(permission.getIdentifier());
        Class<?> clazz;
        EntityEnum entityType = EntityEnum.getEntityEnum(e.getEntityTypeAsString());
        if (entityType.isGroup()) {
            clazz = IEntityGroup.class;
        } else {
            clazz = entityType.getClazz();
        }
        IAuthorizationPrincipal principal = this.authorizationService.newPrincipal(e.getId(), clazz);
        if (principal.hasPermission(permission.getOwner(), permission.getActivity(), p.getKey())) {
            permissions.add(getPermissionOnTarget(permission, entity));
        }
    }
    for (UniquePermission permission : inheritedAssignments) {
        JsonEntityBean e = groupListHelper.getEntityForPrincipal(permission.getIdentifier());
        Class<?> clazz;
        EntityEnum entityType = EntityEnum.getEntityEnum(e.getEntityTypeAsString());
        if (entityType.isGroup()) {
            clazz = IEntityGroup.class;
        } else {
            clazz = entityType.getClazz();
        }
        IAuthorizationPrincipal principal = this.authorizationService.newPrincipal(e.getId(), clazz);
        if (principal.hasPermission(permission.getOwner(), permission.getActivity(), p.getKey())) {
            permissions.add(getPermissionOnTarget(permission, entity));
        }
    }
    Collections.sort(permissions);
    ModelAndView mv = new ModelAndView();
    mv.addObject("assignments", permissions);
    mv.setViewName("json");
    return mv;
}

Example 12 with IPermission

use of org.apereo.portal.security.IPermission in project uPortal by Jasig.

the class PermissionAssignmentMapController method deletePermission.

/**
     * Deletes a specific permission
     *
     * @param principal
     * @param assignment
     * @param owner
     * @param activity
     * @param target
     * @param request
     * @param response
     * @throws Exception
     */
@RequestMapping(value = "/deletePermission", method = RequestMethod.POST)
public void deletePermission(@RequestParam("principal") String principal, @RequestParam("owner") String owner, @RequestParam("activity") String activity, @RequestParam("target") String target, HttpServletRequest request, HttpServletResponse response) throws Exception {
    // ensure the current user is authorized to update and view permissions
    final IPerson currentUser = personManager.getPerson((HttpServletRequest) request);
    if (!permissionAdministrationHelper.canEditPermission(currentUser, target) || !permissionAdministrationHelper.canViewPermission(currentUser, target)) {
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        return;
    }
    JsonEntityBean bean = groupListHelper.getEntityForPrincipal(principal);
    if (bean != null) {
        IAuthorizationPrincipal p = groupListHelper.getPrincipalForEntity(bean);
        IPermission[] directPermissions = permissionStore.select(owner, p.getPrincipalString(), activity, target, null);
        this.authorizationService.removePermissions(directPermissions);
    } else {
        log.warn("Unable to resolve the following principal (will " + "be omitted from the list of assignments):  " + principal);
    }
    response.setStatus(HttpServletResponse.SC_OK);
    return;
}

Example 13 with IPermission

use of org.apereo.portal.security.IPermission in project uPortal by Jasig.

the class PortletDefinitionImporterExporter method savePortletDefinition.

/**
     * Save a portlet definition.
     *
     * @param definition the portlet definition
     * @param publisher the person publishing the portlet
     * @param categories the list of categories for the portlet
     * @param permissionMap a map of permission name -> list of groups who are granted that
     *     permission (Note: for now, only grant is supported and only for the FRAMEWORK_OWNER perm
     *     manager)
     */
private IPortletDefinition savePortletDefinition(IPortletDefinition definition, IPerson publisher, List<PortletCategory> categories, Map<ExternalPermissionDefinition, Set<IGroupMember>> permissionMap) {
    boolean newChannel = (definition.getPortletDefinitionId() == null);
    // save the channel
    definition = portletDefinitionDao.savePortletDefinition(definition);
    definition = portletDefinitionDao.getPortletDefinitionByFname(definition.getFName());
    final String defId = definition.getPortletDefinitionId().getStringId();
    final IEntity portletDefEntity = GroupService.getEntity(defId, IPortletDefinition.class);
    //The groups service needs to deal with concurrent modification better.
    synchronized (this.groupUpdateLock) {
        // Delete existing category memberships for this channel
        if (!newChannel) {
            for (IEntityGroup group : portletDefEntity.getAncestorGroups()) {
                group.removeChild(portletDefEntity);
                group.update();
            }
        }
        // For each category ID, add channel to category
        for (PortletCategory category : categories) {
            final IEntityGroup categoryGroup = GroupService.findGroup(category.getId());
            categoryGroup.addChild(portletDefEntity);
            categoryGroup.updateMembers();
        }
        // Set groups
        final AuthorizationService authService = AuthorizationService.instance();
        final String target = PermissionHelper.permissionTargetIdForPortletDefinition(definition);
        // Loop over the affected permission managers...
        Map<String, Collection<ExternalPermissionDefinition>> permissionsBySystem = getPermissionsBySystem(permissionMap.keySet());
        for (String system : permissionsBySystem.keySet()) {
            Collection<ExternalPermissionDefinition> systemPerms = permissionsBySystem.get(system);
            // get the permission manager for this system...
            final IUpdatingPermissionManager upm = authService.newUpdatingPermissionManager(system);
            final List<IPermission> permissions = new ArrayList<>();
            // add activity grants for each permission..
            for (ExternalPermissionDefinition permissionDef : systemPerms) {
                Set<IGroupMember> members = permissionMap.get(permissionDef);
                for (final IGroupMember member : members) {
                    final IAuthorizationPrincipal authPrincipal = authService.newPrincipal(member);
                    final IPermission permEntity = upm.newPermission(authPrincipal);
                    permEntity.setType(IPermission.PERMISSION_TYPE_GRANT);
                    permEntity.setActivity(permissionDef.getActivity());
                    permEntity.setTarget(target);
                    permissions.add(permEntity);
                }
            }
            // If modifying the channel, remove the existing permissions before adding the new ones
            if (!newChannel) {
                for (ExternalPermissionDefinition permissionName : permissionMap.keySet()) {
                    IPermission[] oldPermissions = upm.getPermissions(permissionName.getActivity(), target);
                    upm.removePermissions(oldPermissions);
                }
            }
            upm.addPermissions(permissions.toArray(new IPermission[permissions.size()]));
        }
    }
    if (logger.isDebugEnabled()) {
        logger.debug("Portlet " + defId + " has been " + (newChannel ? "published" : "modified") + ".");
    }
    return definition;
}

Example 14 with IPermission

use of org.apereo.portal.security.IPermission in project uPortal by Jasig.

the class PortletDefinitionImporterExporter method removePortletDefinition.

@Transactional
@Override
public void removePortletDefinition(IPortletDefinition portletDefinition, IPerson person) {
    IPortletDefinition portletDef = portletDefinitionDao.getPortletDefinition(portletDefinition.getPortletDefinitionId());
    // Delete existing category memberships for this portlet
    String portletDefinitionId = portletDefinition.getPortletDefinitionId().getStringId();
    IEntity channelDefEntity = GroupService.getEntity(portletDefinitionId, IPortletDefinition.class);
    for (IEntityGroup group : channelDefEntity.getAncestorGroups()) {
        group.removeChild(channelDefEntity);
        group.update();
    }
    // Delete permissions records that refer to this portlet
    AuthorizationService authService = AuthorizationService.instance();
    String target = PermissionHelper.permissionTargetIdForPortletDefinition(portletDefinition);
    IUpdatingPermissionManager upm = authService.newUpdatingPermissionManager(IPermission.PORTAL_SUBSCRIBE);
    IPermission[] oldPermissions = upm.getPermissionsForTarget(target);
    upm.removePermissions(oldPermissions);
    // Delete any ratings (incl. reviews) associated with the portlet
    marketplaceRatingDao.clearRatingsForPortlet(portletDef);
    //Delete the portlet itself.
    portletDefinitionDao.deletePortletDefinition(portletDef);
}

Example 15 with IPermission

use of org.apereo.portal.security.IPermission in project uPortal by Jasig.

the class PermissionsListController method marshall.

/*
     * Private Stuff.
     */
private List<Map<String, String>> marshall(IPermission[] data) {
    // Assertions.
    if (data == null) {
        String msg = "Argument 'data' cannot be null";
        throw new IllegalArgumentException(msg);
    }
    List<Map<String, String>> rslt = new ArrayList<Map<String, String>>(data.length);
    for (IPermission p : data) {
        JsonEntityBean bean = getEntityBean(p.getPrincipal());
        Map<String, String> entry = new HashMap<String, String>();
        entry.put("owner", p.getOwner());
        entry.put("principalType", bean.getEntityTypeAsString());
        entry.put("principalName", bean.getName());
        entry.put("principalKey", p.getPrincipal());
        entry.put("activity", p.getActivity());
        entry.put("target", p.getTarget());
        entry.put("permissionType", p.getType());
        /*
             *  Attempt to find a name for this target through the permission
             *  target provider registry.  If none can be found, just use
             *  the target key.
             */
        String targetName = null;
        try {
            // attempt to get the target provider for this activity
            IPermissionActivity activity = permissionOwnerDao.getPermissionActivity(p.getOwner(), p.getActivity());
            entry.put("activityName", activity.getName());
            IPermissionOwner owner = permissionOwnerDao.getPermissionOwner(p.getOwner());
            entry.put("ownerName", owner.getName());
            String providerKey = activity.getTargetProviderKey();
            IPermissionTargetProvider provider = targetProviderRegistry.getTargetProvider(providerKey);
            // get the target from the provider
            IPermissionTarget target = provider.getTarget(p.getTarget());
            targetName = target.getName();
        } catch (RuntimeException e) {
            // likely a result of a null activity or provider
            log.trace("Failed to resolve target name", e);
        }
        if (targetName == null) {
            targetName = p.getTarget();
        }
        entry.put("targetName", targetName);
        rslt.add(entry);
    }
    return rslt;
}