use of org.apereo.portal.services.AuthorizationServiceFacade in project uPortal by Jasig.
the class GroupListHelperImpl method getPrincipalForEntity.
@Override
public IAuthorizationPrincipal getPrincipalForEntity(JsonEntityBean entity) {
if (entity == null) {
throw new IllegalArgumentException("Parameter cannot be null.");
}
// attempt to determine the entity type class for this principal
Class entityType;
EntityEnum jsonType = entity.getEntityType();
if (jsonType == null) {
throw new IllegalArgumentException("Parameter's entityType cannot be null.");
}
if (jsonType.isGroup()) {
entityType = IEntityGroup.class;
} else {
entityType = jsonType.getClazz();
}
// construct an authorization principal for this JsonEntityBean
AuthorizationServiceFacade authService = AuthorizationServiceFacade.instance();
IAuthorizationPrincipal p = authService.newPrincipal(entity.getId(), entityType);
return p;
}
use of org.apereo.portal.services.AuthorizationServiceFacade in project uPortal by Jasig.
the class EntityService method getPrincipalForEntity.
public IAuthorizationPrincipal getPrincipalForEntity(Entity entity) {
// attempt to determine the entity type class for this principal
if (entity == null) {
return null;
}
Class entityType;
if (entity.getEntityType().equals(EntityEnum.GROUP.toString())) {
entityType = IEntityGroup.class;
} else {
entityType = EntityEnum.getEntityEnum(entity.getEntityType()).getClazz();
}
// construct an authorization principal for this JsonEntityBean
AuthorizationServiceFacade authService = AuthorizationServiceFacade.instance();
IAuthorizationPrincipal p = authService.newPrincipal(entity.getId(), entityType);
return p;
}
use of org.apereo.portal.services.AuthorizationServiceFacade in project uPortal by Jasig.
the class PortletDefinitionImporterExporter method removePortletDefinition.
@Transactional
@Override
public void removePortletDefinition(IPortletDefinition portletDefinition, IPerson person) {
IPortletDefinition portletDef = portletDefinitionDao.getPortletDefinition(portletDefinition.getPortletDefinitionId());
// Delete existing category memberships for this portlet
String portletDefinitionId = portletDefinition.getPortletDefinitionId().getStringId();
IEntity channelDefEntity = GroupService.getEntity(portletDefinitionId, IPortletDefinition.class);
for (IEntityGroup group : channelDefEntity.getAncestorGroups()) {
group.removeChild(channelDefEntity);
group.update();
}
// Delete permissions records that refer to this portlet
AuthorizationServiceFacade authService = AuthorizationServiceFacade.instance();
String target = PermissionHelper.permissionTargetIdForPortletDefinition(portletDefinition);
IUpdatingPermissionManager upm = authService.newUpdatingPermissionManager(IPermission.PORTAL_SUBSCRIBE);
IPermission[] oldPermissions = upm.getPermissionsForTarget(target);
upm.removePermissions(oldPermissions);
// Delete any ratings (incl. reviews) associated with the portlet
marketplaceRatingDao.clearRatingsForPortlet(portletDef);
// Delete the portlet itself.
portletDefinitionDao.deletePortletDefinition(portletDef);
}
use of org.apereo.portal.services.AuthorizationServiceFacade in project uPortal by Jasig.
the class ILFBuilder method constructILF.
public static Document constructILF(Document PLF, List<Document> sequence, IPerson person) {
if (LOG.isDebugEnabled()) {
LOG.debug("Constructing ILF for IPerson='" + person + "'");
}
// first construct the destination document and root element. The root
// element should be a complete copy of the PLF's root including its
// node identifier in the new document. This requires the use of
// the implementation class to set the identifier for that node
// in the document.
Document result = DocumentFactory.getThreadDocument();
Element plfLayout = PLF.getDocumentElement();
Element ilfLayout = (Element) result.importNode(plfLayout, false);
result.appendChild(ilfLayout);
Element plfRoot = (Element) plfLayout.getFirstChild();
Element ilfRoot = (Element) result.importNode(plfRoot, false);
ilfLayout.appendChild(ilfRoot);
if (ilfRoot.getAttribute(Constants.ATT_ID) != null)
ilfRoot.setIdAttribute(Constants.ATT_ID, true);
// build the auth principal for determining if pushed channels can be
// used by this user
EntityIdentifier ei = person.getEntityIdentifier();
AuthorizationServiceFacade authS = AuthorizationServiceFacade.instance();
IAuthorizationPrincipal ap = authS.newPrincipal(ei.getKey(), ei.getType());
for (final Document document : sequence) {
mergeFragment(document, result, ap);
}
return result;
}
use of org.apereo.portal.services.AuthorizationServiceFacade in project uPortal by Jasig.
the class PortletRendererImpl method enforceConfigPermission.
/**
* Enforces config mode access control. If requesting user does not have CONFIG permission, and
* the PortletWindow specifies config mode, throws AuthorizationException. Otherwise does
* nothing.
*
* @param httpServletRequest the non-null current HttpServletRequest (for determining requesting
* user)
* @param portletWindow a non-null portlet window that might be in config mode
* @throws AuthorizationException if the user is not permitted to access config mode yet portlet
* window specifies config mode
* @throws java.lang.IllegalArgumentException if the request or window are null
* @since 4.0.13.1, 4.0.14, 4.1.
*/
protected void enforceConfigPermission(final HttpServletRequest httpServletRequest, final IPortletWindow portletWindow) {
Validate.notNull(httpServletRequest, "Servlet request must not be null to determine remote user.");
Validate.notNull(portletWindow, "Portlet window must not be null to determine its mode.");
final PortletMode portletMode = portletWindow.getPortletMode();
if (portletMode != null) {
if (IPortletRenderer.CONFIG.equals(portletMode)) {
final IPerson person = this.personManager.getPerson(httpServletRequest);
final EntityIdentifier ei = person.getEntityIdentifier();
final AuthorizationServiceFacade authorizationServiceFacade = AuthorizationServiceFacade.instance();
final IAuthorizationPrincipal ap = authorizationServiceFacade.newPrincipal(ei.getKey(), ei.getType());
final IPortletEntity portletEntity = portletWindow.getPortletEntity();
final IPortletDefinition portletDefinition = portletEntity.getPortletDefinition();
if (!ap.canConfigure(portletDefinition.getPortletDefinitionId().getStringId())) {
logger.error("User {} attempted to use portlet {} in {} but lacks permission to use that mode. " + "THIS MAY BE AN ATTEMPT TO EXPLOIT A HISTORICAL SECURITY FLAW. " + "You should probably figure out who this user is and why they are trying to access " + "unauthorized portlet modes.", person.getUserName(), portletDefinition.getFName(), portletMode);
throw new AuthorizationException(person.getUserName() + " does not have permission to render '" + portletDefinition.getFName() + "' in " + portletMode + " PortletMode.");
}
}
}
}
Aggregations