Example 1 with RuntimeAuthorizationException
use of org.apereo.portal.security.RuntimeAuthorizationException in project uPortal by Jasig.
the class GroupAdministrationHelper method updateGroupMembers.
/**
* Update the members of an existing group in the group store.
*
* @param groupForm Form representing the new group configuration
* @param updater Updating user
*/
public void updateGroupMembers(GroupForm groupForm, IPerson updater) {
if (!canEditGroup(updater, groupForm.getKey())) {
throw new RuntimeAuthorizationException(updater, IPermission.EDIT_GROUP_ACTIVITY, groupForm.getKey());
}
if (log.isDebugEnabled()) {
log.debug("Updating group members for group form [" + groupForm.toString() + "]");
}
// find the current version of this group entity
IEntityGroup group = GroupService.findGroup(groupForm.getKey());
// clear the current group membership list
for (IGroupMember child : group.getChildren()) {
group.removeChild(child);
}
// to the group
for (JsonEntityBean child : groupForm.getMembers()) {
EntityEnum type = EntityEnum.getEntityEnum(child.getEntityTypeAsString());
if (type.isGroup()) {
IEntityGroup member = GroupService.findGroup(child.getId());
group.addChild(member);
} else {
IGroupMember member = GroupService.getGroupMember(child.getId(), type.getClazz());
group.addChild(member);
}
}
// save the group, updating both its basic information and group
// membership
group.updateMembers();
}
Also used :
IEntityGroup(org.apereo.portal.groups.IEntityGroup)
IGroupMember(org.apereo.portal.groups.IGroupMember)
RuntimeAuthorizationException(org.apereo.portal.security.RuntimeAuthorizationException)
EntityEnum(org.apereo.portal.portlets.groupselector.EntityEnum)
JsonEntityBean(org.apereo.portal.layout.dlm.remoting.JsonEntityBean)
Example 2 with RuntimeAuthorizationException
use of org.apereo.portal.security.RuntimeAuthorizationException in project uPortal by Jasig.
the class PagsRESTController method updatePagsGroup.
@RequestMapping(value = "/v4-3/pags/{pagsGroupName}.json", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.PUT)
@ResponseBody
public String updatePagsGroup(HttpServletRequest req, HttpServletResponse res, @PathVariable("pagsGroupName") String pagsGroupName, @RequestBody String json) {
res.setContentType(MediaType.APPLICATION_JSON_VALUE);
/*
* This step is necessary; the incoming URLs will sometimes have '+'
* characters for spaces, and the @PathVariable magic doesn't convert them.
*/
String name;
try {
name = URLDecoder.decode(pagsGroupName, "UTF-8");
} catch (UnsupportedEncodingException e) {
res.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return "{ 'error': '" + e.toString() + "' }";
}
IPersonAttributesGroupDefinition inpt;
try {
inpt = objectMapper.readValue(json, PersonAttributesGroupDefinitionImpl.class);
} catch (Exception e) {
res.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
// should be escaped
return "{ 'error': '" + e.toString() + "' }";
}
if (inpt == null) {
res.setStatus(HttpServletResponse.SC_NOT_FOUND);
return "{ 'error': 'Not found' }";
}
if (!name.equals(inpt.getName())) {
res.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return "{ 'error': 'Group name in URL parameter must match name in JSON payload' }";
}
IPerson person = personManager.getPerson(req);
IPersonAttributesGroupDefinition rslt;
try {
IPersonAttributesGroupDefinition currentDef = pagsService.getPagsDefinitionByName(person, name);
if (currentDef == null) {
res.setStatus(HttpServletResponse.SC_NOT_FOUND);
return "{ 'error': 'Not found' }";
}
/*
* Copy over the information being passed in to the JPA-managed
* instance; the following do not support updates (currently):
* - Name
* - Members
*/
currentDef.setDescription(inpt.getDescription());
// little purpose and could be removed.
for (IPersonAttributesGroupTestGroupDefinition testGroupDef : inpt.getTestGroups()) {
// NOTE: The deserializer handles testDef --> testGroupDef
testGroupDef.setGroup(currentDef);
}
currentDef.setTestGroups(inpt.getTestGroups());
rslt = pagsService.updatePagsDefinition(person, currentDef);
} catch (IllegalArgumentException iae) {
res.setStatus(HttpServletResponse.SC_NOT_FOUND);
// should be escaped
return "{ 'error': '" + iae.getMessage() + "' }";
} catch (RuntimeAuthorizationException rae) {
res.setStatus(HttpServletResponse.SC_FORBIDDEN);
return "{ 'error': 'not authorized' }";
} catch (Exception e) {
res.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return "{ 'error': '" + e.toString() + "' }";
}
return respondPagsGroupJson(res, rslt, person, HttpServletResponse.SC_ACCEPTED);
}
Also used :
IPerson(org.apereo.portal.security.IPerson)
RuntimeAuthorizationException(org.apereo.portal.security.RuntimeAuthorizationException)
IPersonAttributesGroupDefinition(org.apereo.portal.groups.pags.dao.IPersonAttributesGroupDefinition)
IPersonAttributesGroupTestGroupDefinition(org.apereo.portal.groups.pags.dao.IPersonAttributesGroupTestGroupDefinition)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
PersonAttributesGroupDefinitionImpl(org.apereo.portal.groups.pags.dao.jpa.PersonAttributesGroupDefinitionImpl)
RuntimeAuthorizationException(org.apereo.portal.security.RuntimeAuthorizationException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
ResponseBody(org.springframework.web.bind.annotation.ResponseBody)
Example 3 with RuntimeAuthorizationException
use of org.apereo.portal.security.RuntimeAuthorizationException in project uPortal by Jasig.
the class PagsService method createPagsDefinition.
/**
* Verifies permissions and that the group doesn't already exist (case insensitive)
*/
public IPersonAttributesGroupDefinition createPagsDefinition(IPerson person, IEntityGroup parent, String groupName, String description) {
// What's the target of the upcoming permissions check?
String target = parent != null ? parent.getEntityIdentifier().getKey() : IPermission.ALL_GROUPS_TARGET;
// Verify permission
if (!hasPermission(person, IPermission.CREATE_GROUP_ACTIVITY, target)) {
throw new RuntimeAuthorizationException(person, IPermission.CREATE_GROUP_ACTIVITY, target);
}
// VALIDATION STEP: The group name & description are allowable
if (StringUtils.isBlank(groupName)) {
throw new IllegalArgumentException("Specified groupName is blank: " + groupName);
}
if (!GROUP_NAME_VALIDATOR_PATTERN.matcher(groupName).matches()) {
throw new IllegalArgumentException("Specified groupName is too long, too short, or contains invalid characters: " + groupName);
}
if (!StringUtils.isBlank(description)) {
// Blank description is allowable
if (!GROUP_DESC_VALIDATOR_PATTERN.matcher(description).matches()) {
throw new IllegalArgumentException("Specified description is too long or contains invalid characters: " + description);
}
}
// VALIDATION STEP: We don't have a group by that name already
EntityIdentifier[] people = GroupService.searchForGroups(groupName, IGroupConstants.SearchMethod.DISCRETE_CI, IPerson.class);
EntityIdentifier[] portlets = GroupService.searchForGroups(groupName, IGroupConstants.SearchMethod.DISCRETE_CI, IPortletDefinition.class);
if (people.length != 0 || portlets.length != 0) {
throw new IllegalArgumentException("Specified groupName already in use: " + groupName);
}
IPersonAttributesGroupDefinition rslt = pagsGroupDefDao.createPersonAttributesGroupDefinition(groupName, description);
if (parent != null) {
// Should refactor this switch to instead choose a service and invoke a method on it
switch(parent.getServiceName().toString()) {
case SERVICE_NAME_LOCAL:
IEntityGroup member = GroupService.findGroup(rslt.getCompositeEntityIdentifierForGroup().getKey());
if (member == null) {
String msg = "The specified group was created, but is not present in the store: " + rslt.getName();
throw new RuntimeException(msg);
}
parent.addChild(member);
parent.updateMembers();
break;
case SERVICE_NAME_PAGS:
IPersonAttributesGroupDefinition parentDef = getPagsGroupDefByName(parent.getName());
Set<IPersonAttributesGroupDefinition> members = new HashSet<>(parentDef.getMembers());
members.add(rslt);
parentDef.setMembers(members);
pagsGroupDefDao.updatePersonAttributesGroupDefinition(parentDef);
break;
default:
String msg = "The specified group service does not support adding members: " + parent.getServiceName();
throw new UnsupportedOperationException(msg);
}
}
return rslt;
}
Also used :
IEntityGroup(org.apereo.portal.groups.IEntityGroup)
RuntimeAuthorizationException(org.apereo.portal.security.RuntimeAuthorizationException)
EntityIdentifier(org.apereo.portal.EntityIdentifier)
HashSet(java.util.HashSet)
Example 4 with RuntimeAuthorizationException
use of org.apereo.portal.security.RuntimeAuthorizationException in project uPortal by Jasig.
the class GroupAdministrationHelper method deleteGroup.
/**
* Delete a group from the group store
*
* @param key key of the group to be deleted
* @param user performing the delete operation
*/
public void deleteGroup(String key, IPerson deleter) {
if (!canDeleteGroup(deleter, key)) {
throw new RuntimeAuthorizationException(deleter, IPermission.DELETE_GROUP_ACTIVITY, key);
}
log.info("Deleting group with key " + key);
// find the current version of this group entity
IEntityGroup group = GroupService.findGroup(key);
// groups
for (IEntityGroup parent : group.getParentGroups()) {
parent.removeChild(group);
parent.updateMembers();
}
// delete the group
group.delete();
}
Also used :
IEntityGroup(org.apereo.portal.groups.IEntityGroup)
RuntimeAuthorizationException(org.apereo.portal.security.RuntimeAuthorizationException)
Example 5 with RuntimeAuthorizationException
use of org.apereo.portal.security.RuntimeAuthorizationException in project uPortal by Jasig.
the class GroupAdministrationHelper method updateGroupDetails.
/**
* Update the title and description of an existing group in the group store.
*
* @param groupForm Form representing the new group configuration
* @param updater Updating user
*/
public void updateGroupDetails(GroupForm groupForm, IPerson updater) {
if (!canEditGroup(updater, groupForm.getKey())) {
throw new RuntimeAuthorizationException(updater, IPermission.EDIT_GROUP_ACTIVITY, groupForm.getKey());
}
if (log.isDebugEnabled()) {
log.debug("Updating group for group form [" + groupForm.toString() + "]");
}
// find the current version of this group entity
IEntityGroup group = GroupService.findGroup(groupForm.getKey());
group.setName(groupForm.getName());
group.setDescription(groupForm.getDescription());
// save the group, updating both its basic information and group
// membership
group.update();
}
Also used :
IEntityGroup(org.apereo.portal.groups.IEntityGroup)
RuntimeAuthorizationException(org.apereo.portal.security.RuntimeAuthorizationException)
Aggregations
RuntimeAuthorizationException (org.apereo.portal.security.RuntimeAuthorizationException)7
IEntityGroup (org.apereo.portal.groups.IEntityGroup)6
UnsupportedEncodingException (java.io.UnsupportedEncodingException)2
EntityIdentifier (org.apereo.portal.EntityIdentifier)2
IGroupMember (org.apereo.portal.groups.IGroupMember)2
IPersonAttributesGroupDefinition (org.apereo.portal.groups.pags.dao.IPersonAttributesGroupDefinition)2
IPersonAttributesGroupTestGroupDefinition (org.apereo.portal.groups.pags.dao.IPersonAttributesGroupTestGroupDefinition)2
PersonAttributesGroupDefinitionImpl (org.apereo.portal.groups.pags.dao.jpa.PersonAttributesGroupDefinitionImpl)2
JsonEntityBean (org.apereo.portal.layout.dlm.remoting.JsonEntityBean)2
EntityEnum (org.apereo.portal.portlets.groupselector.EntityEnum)2
IPerson (org.apereo.portal.security.IPerson)2
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)2
ResponseBody (org.springframework.web.bind.annotation.ResponseBody)2
HashSet (java.util.HashSet)1
