Examples with IPermission org.apereo.portal.security.IPermission used on opensource projects

Search in sources :

Example 26 with IPermission

use of org.apereo.portal.security.IPermission in project uPortal by Jasig.

the class PermissionsRESTController method getAssignmentsOnTarget.

@PreAuthorize("hasPermission('ALL', 'java.lang.String', new org.apereo.portal.spring.security.evaluator.AuthorizableActivity('UP_PERMISSIONS', 'VIEW_PERMISSIONS'))")
@RequestMapping("/assignments/target/{target}.json")
public ModelAndView getAssignmentsOnTarget(@PathVariable("target") String target, @RequestParam(value = "includeInherited", required = false) boolean includeInherited) {
    Set<UniquePermission> directAssignments = new HashSet<>();
    // first get the permissions explicitly set for this principal
    IPermission[] directPermissions = permissionStore.select(null, null, null, target, null);
    for (IPermission permission : directPermissions) {
        directAssignments.add(new UniquePermission(permission.getOwner(), permission.getActivity(), permission.getPrincipal(), false));
    }
    JsonEntityBean entity = groupListHelper.getEntityForPrincipal(target);
    Set<UniquePermission> inheritedAssignments = new HashSet<>();
    List<JsonPermission> permissions = new ArrayList<>();
    if (entity != null) {
        IAuthorizationPrincipal p = this.authorizationService.newPrincipal(entity.getId(), entity.getEntityType().getClazz());
        if (includeInherited) {
            IGroupMember member = GroupService.getGroupMember(p.getKey(), p.getType());
            for (IEntityGroup parent : member.getAncestorGroups()) {
                IAuthorizationPrincipal parentPrincipal = this.authorizationService.newPrincipal(parent);
                IPermission[] parentPermissions = permissionStore.select(null, null, null, parentPrincipal.getKey(), null);
                for (IPermission permission : parentPermissions) {
                    inheritedAssignments.add(new UniquePermission(permission.getOwner(), permission.getActivity(), permission.getPrincipal(), true));
                }
            }
        }
        for (UniquePermission permission : directAssignments) {
            JsonEntityBean e = groupListHelper.getEntityForPrincipal(permission.getIdentifier());
            Class<?> clazz;
            EntityEnum entityType = EntityEnum.getEntityEnum(e.getEntityTypeAsString());
            if (entityType.isGroup()) {
                clazz = IEntityGroup.class;
            } else {
                clazz = entityType.getClazz();
            }
            IAuthorizationPrincipal principal = this.authorizationService.newPrincipal(e.getId(), clazz);
            if (principal.hasPermission(permission.getOwner(), permission.getActivity(), p.getKey())) {
                permissions.add(getPermissionOnTarget(permission, entity));
            }
        }
        for (UniquePermission permission : inheritedAssignments) {
            JsonEntityBean e = groupListHelper.getEntityForPrincipal(permission.getIdentifier());
            Class<?> clazz;
            EntityEnum entityType = EntityEnum.getEntityEnum(e.getEntityTypeAsString());
            if (entityType.isGroup()) {
                clazz = IEntityGroup.class;
            } else {
                clazz = entityType.getClazz();
            }
            IAuthorizationPrincipal principal = this.authorizationService.newPrincipal(e.getId(), clazz);
            if (principal.hasPermission(permission.getOwner(), permission.getActivity(), p.getKey())) {
                permissions.add(getPermissionOnTarget(permission, entity));
            }
        }
        Collections.sort(permissions);
    }
    ModelAndView mv = new ModelAndView();
    mv.addObject("assignments", permissions);
    mv.setViewName("json");
    return mv;
}
Also used : EntityEnum(org.apereo.portal.portlets.groupselector.EntityEnum) ArrayList(java.util.ArrayList) ModelAndView(org.springframework.web.servlet.ModelAndView) IEntityGroup(org.apereo.portal.groups.IEntityGroup) IGroupMember(org.apereo.portal.groups.IGroupMember) JsonEntityBean(org.apereo.portal.layout.dlm.remoting.JsonEntityBean) IPermission(org.apereo.portal.security.IPermission) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal) HashSet(java.util.HashSet) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 27 with IPermission

use of org.apereo.portal.security.IPermission in project uPortal by Jasig.

the class PermissionsListController method marshall.

/*
     * Private Stuff.
     */
private List<Map<String, String>> marshall(IPermission[] data) {
    // Assertions.
    if (data == null) {
        String msg = "Argument 'data' cannot be null";
        throw new IllegalArgumentException(msg);
    }
    List<Map<String, String>> rslt = new ArrayList<Map<String, String>>(data.length);
    for (IPermission p : data) {
        JsonEntityBean bean = getEntityBean(p.getPrincipal());
        Map<String, String> entry = new HashMap<String, String>();
        entry.put("owner", p.getOwner());
        entry.put("principalType", bean.getEntityTypeAsString());
        entry.put("principalName", bean.getName());
        entry.put("principalKey", p.getPrincipal());
        entry.put("activity", p.getActivity());
        entry.put("target", p.getTarget());
        entry.put("permissionType", p.getType());
        /*
             *  Attempt to find a name for this target through the permission
             *  target provider registry.  If none can be found, just use
             *  the target key.
             */
        String targetName = null;
        try {
            // attempt to get the target provider for this activity
            IPermissionActivity activity = permissionOwnerDao.getPermissionActivity(p.getOwner(), p.getActivity());
            entry.put("activityName", activity.getName());
            IPermissionOwner owner = permissionOwnerDao.getPermissionOwner(p.getOwner());
            entry.put("ownerName", owner.getName());
            String providerKey = activity.getTargetProviderKey();
            IPermissionTargetProvider provider = targetProviderRegistry.getTargetProvider(providerKey);
            // get the target from the provider
            IPermissionTarget target = provider.getTarget(p.getTarget());
            targetName = target.getName();
        } catch (RuntimeException e) {
            // likely a result of a null activity or provider
            log.trace("Failed to resolve target name", e);
        }
        if (targetName == null) {
            targetName = p.getTarget();
        }
        entry.put("targetName", targetName);
        rslt.add(entry);
    }
    return rslt;
}
Also used : IPermissionActivity(org.apereo.portal.permission.IPermissionActivity) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) JsonEntityBean(org.apereo.portal.layout.dlm.remoting.JsonEntityBean) IPermission(org.apereo.portal.security.IPermission) IPermissionTarget(org.apereo.portal.permission.target.IPermissionTarget) IPermissionTargetProvider(org.apereo.portal.permission.target.IPermissionTargetProvider) HashMap(java.util.HashMap) Map(java.util.Map) IPermissionOwner(org.apereo.portal.permission.IPermissionOwner)

Example 28 with IPermission

use of org.apereo.portal.security.IPermission in project uPortal by Jasig.

the class PortletAdministrationHelper method updatePermissions.

/*
     * Update permissions for a given owner, activity, and portlet definition combination. Adds new principals' permissions passed in and removes
     * principals' permissions if not in the list for the given activity.
     */
private void updatePermissions(IPortletDefinition def, Set<IGroupMember> newPrincipals, String owner, String activity) {
    final String portletTargetId = PermissionHelper.permissionTargetIdForPortletDefinition(def);
    final IUpdatingPermissionManager pm = authorizationService.newUpdatingPermissionManager(owner);
    /* Create the new permissions array */
    final List<IPermission> newPermissions = new ArrayList<>();
    for (final IGroupMember newPrincipal : newPrincipals) {
        final IAuthorizationPrincipal authorizationPrincipal = authorizationService.newPrincipal(newPrincipal);
        final IPermission permission = pm.newPermission(authorizationPrincipal);
        permission.setType(IPermission.PERMISSION_TYPE_GRANT);
        permission.setActivity(activity);
        permission.setTarget(portletTargetId);
        newPermissions.add(permission);
        logger.trace("In updatePermissions() - adding a new permission of: {}", permission);
    }
    /* Remove former permissions for this portlet / activity */
    final IPermission[] oldPermissions = pm.getPermissions(activity, portletTargetId);
    pm.removePermissions(oldPermissions);
    /* Add the new permissions */
    pm.addPermissions(newPermissions.toArray(new IPermission[newPermissions.size()]));
}
Also used : IGroupMember(org.apereo.portal.groups.IGroupMember) IPermission(org.apereo.portal.security.IPermission) ArrayList(java.util.ArrayList) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal) IUpdatingPermissionManager(org.apereo.portal.security.IUpdatingPermissionManager)

Example 29 with IPermission

use of org.apereo.portal.security.IPermission in project uPortal by Jasig.

the class PortletDefinitionImporterExporter method savePortletDefinition.

/**
 * Save a portlet definition.
 *
 * @param definition the portlet definition
 * @param categories the list of categories for the portlet
 * @param permissionMap a map of permission name -> list of groups who are granted that
 *     permission (Note: for now, only grant is supported and only for the FRAMEWORK_OWNER perm
 *     manager)
 */
private IPortletDefinition savePortletDefinition(IPortletDefinition definition, List<PortletCategory> categories, Map<ExternalPermissionDefinition, Set<IGroupMember>> permissionMap) {
    boolean newChannel = (definition.getPortletDefinitionId() == null);
    // save the channel
    definition = portletDefinitionDao.savePortletDefinition(definition);
    definition = portletDefinitionDao.getPortletDefinitionByFname(definition.getFName());
    final String defId = definition.getPortletDefinitionId().getStringId();
    final IEntity portletDefEntity = GroupService.getEntity(defId, IPortletDefinition.class);
    // The groups service needs to deal with concurrent modification better.
    synchronized (this.groupUpdateLock) {
        // Delete existing category memberships for this channel
        if (!newChannel) {
            for (IEntityGroup group : portletDefEntity.getAncestorGroups()) {
                group.removeChild(portletDefEntity);
                group.update();
            }
        }
        // For each category ID, add channel to category
        for (PortletCategory category : categories) {
            final IEntityGroup categoryGroup = GroupService.findGroup(category.getId());
            categoryGroup.addChild(portletDefEntity);
            categoryGroup.updateMembers();
        }
        // Set groups
        final AuthorizationServiceFacade authService = AuthorizationServiceFacade.instance();
        final String target = PermissionHelper.permissionTargetIdForPortletDefinition(definition);
        // Loop over the affected permission managers...
        Map<String, Collection<ExternalPermissionDefinition>> permissionsBySystem = getPermissionsBySystem(permissionMap.keySet());
        for (String system : permissionsBySystem.keySet()) {
            Collection<ExternalPermissionDefinition> systemPerms = permissionsBySystem.get(system);
            // get the permission manager for this system...
            final IUpdatingPermissionManager upm = authService.newUpdatingPermissionManager(system);
            final List<IPermission> permissions = new ArrayList<>();
            // add activity grants for each permission..
            for (ExternalPermissionDefinition permissionDef : systemPerms) {
                Set<IGroupMember> members = permissionMap.get(permissionDef);
                for (final IGroupMember member : members) {
                    final IAuthorizationPrincipal authPrincipal = authService.newPrincipal(member);
                    final IPermission permEntity = upm.newPermission(authPrincipal);
                    permEntity.setType(IPermission.PERMISSION_TYPE_GRANT);
                    permEntity.setActivity(permissionDef.getActivity());
                    permEntity.setTarget(target);
                    permissions.add(permEntity);
                }
            }
            // ones
            if (!newChannel) {
                for (ExternalPermissionDefinition permissionName : permissionMap.keySet()) {
                    IPermission[] oldPermissions = upm.getPermissions(permissionName.getActivity(), target);
                    upm.removePermissions(oldPermissions);
                }
            }
            upm.addPermissions(permissions.toArray(new IPermission[permissions.size()]));
        }
    }
    if (logger.isDebugEnabled()) {
        logger.debug("Portlet " + defId + " has been " + (newChannel ? "published" : "modified") + ".");
    }
    return definition;
}
Also used : IEntity(org.apereo.portal.groups.IEntity) ArrayList(java.util.ArrayList) IEntityGroup(org.apereo.portal.groups.IEntityGroup) IGroupMember(org.apereo.portal.groups.IGroupMember) AuthorizationServiceFacade(org.apereo.portal.services.AuthorizationServiceFacade) IPermission(org.apereo.portal.security.IPermission) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal) Collection(java.util.Collection) ExternalPermissionDefinition(org.apereo.portal.io.xml.portlettype.ExternalPermissionDefinition) PortletCategory(org.apereo.portal.portlet.om.PortletCategory) IUpdatingPermissionManager(org.apereo.portal.security.IUpdatingPermissionManager)

Example 30 with IPermission

use of org.apereo.portal.security.IPermission in project uPortal by Jasig.

the class ClassicMaxInactiveStrategy method calcMaxInactive.

@Override
public Integer calcMaxInactive(IPerson person) {
    assert person != null;
    IAuthorizationPrincipal principal = authorizationService.newPrincipal((String) person.getAttribute(IPerson.USERNAME), IPerson.class);
    IPermission[] permissions = authorizationService.getAllPermissionsForPrincipal(principal, IPermission.PORTAL_SYSTEM, MAX_INACTIVE_ATTR, null);
    assert permissions != null;
    if (permissions.length == 0) {
        // No max inactive permission set for this user
        log.info("No {} permissions apply to user '{}'", MAX_INACTIVE_ATTR, person.getAttribute(IPerson.USERNAME));
        return null;
    }
    Integer rulingGrant = null;
    Integer rulingDeny = null;
    for (IPermission p : permissions) {
        // First be sure the record applies currently...
        long now = System.currentTimeMillis();
        if (p.getEffective() != null && p.getEffective().getTime() > now) {
            // It's *TOO EARLY* for this record... move on.
            continue;
        }
        if (p.getExpires() != null && p.getExpires().getTime() < now) {
            // It's *TOO LATE* for this record... move on.
            continue;
        }
        if (p.getType().equals(IPermission.PERMISSION_TYPE_GRANT)) {
            try {
                Integer grantEntry = Integer.valueOf(p.getTarget());
                if (rulingGrant == null || grantEntry < 0 || /* Any negative number trumps all */
                rulingGrant < grantEntry) {
                    rulingGrant = grantEntry;
                }
            } catch (NumberFormatException nfe) {
                log.warn("Invalid MAX_INACTIVE permission grant '" + p.getTarget() + "';  target must be an integer value.");
            }
        } else if (p.getType().equals(IPermission.PERMISSION_TYPE_DENY)) {
            try {
                Integer denyEntry = Integer.valueOf(p.getTarget());
                if (rulingDeny == null || rulingDeny > denyEntry) {
                    rulingDeny = denyEntry;
                }
            } catch (NumberFormatException nfe) {
                log.warn("Invalid MAX_INACTIVE permission deny '" + p.getTarget() + "';  target must be an integer value.");
            }
        } else {
            log.warn("Unknown permission type:  " + p.getType());
        }
    }
    if (rulingDeny != null && rulingDeny < 0) {
        // Negative MaxInactiveInterval values mean the session never
        // times out, so a negative DENY is somewhat nonsensical... just
        // clear it.
        log.warn("A MAX_INACTIVE DENY entry improperly specified a negative target:  " + rulingDeny);
        rulingDeny = null;
    }
    if (rulingGrant != null || rulingDeny != null) {
        // We only want to intervene if there's some actual value
        // specified... otherwise we'll just let the container settings
        // govern.
        int maxInactive = rulingGrant != null ? rulingGrant : // If rulingGrant is null, rulingDeny won't be...
        0;
        if (rulingDeny != null) {
            // Applying DENY entries is tricky b/c GRANT entries may be negative...
            int limit = rulingDeny;
            if (maxInactive >= 0) {
                maxInactive = limit < maxInactive ? limit : maxInactive;
            } else {
                // The best grant was negative (unlimited), so go with limit...
                maxInactive = limit;
            }
        }
        return maxInactive;
    }
    return null;
}
Also used : IPermission(org.apereo.portal.security.IPermission) IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)

Aggregations

IPermission (org.apereo.portal.security.IPermission)33 IAuthorizationPrincipal (org.apereo.portal.security.IAuthorizationPrincipal)16 ArrayList (java.util.ArrayList)11 IEntityGroup (org.apereo.portal.groups.IEntityGroup)10 IGroupMember (org.apereo.portal.groups.IGroupMember)9 HashSet (java.util.HashSet)6 Date (java.util.Date)5 JsonEntityBean (org.apereo.portal.layout.dlm.remoting.JsonEntityBean)5 AuthorizationException (org.apereo.portal.AuthorizationException)4 IPerson (org.apereo.portal.security.IPerson)4 IUpdatingPermissionManager (org.apereo.portal.security.IUpdatingPermissionManager)4 Test (org.junit.Test)4 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)4 LocalDateTime (java.time.LocalDateTime)3 IEntity (org.apereo.portal.groups.IEntity)3 Collection (java.util.Collection)2 ExternalPermissionDefinition (org.apereo.portal.io.xml.portlettype.ExternalPermissionDefinition)2 IPermissionActivity (org.apereo.portal.permission.IPermissionActivity)2 IPortletDefinition (org.apereo.portal.portlet.om.IPortletDefinition)2 PortletCategory (org.apereo.portal.portlet.om.PortletCategory)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial