Examples with SecurityGroup org.olat.basesecurity.SecurityGroup used on opensource projects

Example 56 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.

the class CourseWebService method getAuthor.

/**
 * Get this specific author and owner of the course
 * @response.representation.200.qname {http://www.example.com}userVO
 * @response.representation.200.mediaType application/xml, application/json
 * @response.representation.200.doc The author
 * @response.representation.401.doc The roles of the authenticated user are not sufficient
 * @response.representation.404.doc The course not found or the user is not an onwer or author of the course
 * @param identityKey The user identifier
 * @param httpRequest The HTTP request
 * @return It returns an <code>UserVO</code>
 */
@GET
@Path("authors/{identityKey}")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
public Response getAuthor(@PathParam("identityKey") Long identityKey, @Context HttpServletRequest httpRequest) {
    if (!isAuthorEditor(course, httpRequest) && !isInstitutionalResourceManager(httpRequest)) {
        return Response.serverError().status(Status.UNAUTHORIZED).build();
    }
    RepositoryService repositoryService = CoreSpringFactory.getImpl(RepositoryService.class);
    RepositoryEntry repositoryEntry = course.getCourseEnvironment().getCourseGroupManager().getCourseEntry();
    BaseSecurity securityManager = BaseSecurityManager.getInstance();
    SecurityGroup authorGroup = securityManager.findSecurityGroupByName(Constants.GROUP_AUTHORS);
    Identity author = securityManager.loadIdentityByKey(identityKey, false);
    if (repositoryService.hasRole(author, repositoryEntry, GroupRoles.owner.name()) && securityManager.isIdentityInSecurityGroup(author, authorGroup)) {
        UserVO vo = UserVOFactory.get(author);
        return Response.ok(vo).build();
    }
    return Response.ok(author).build();
}

Example 57 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.

the class OLATUpgrade_10_0_0 method processMapPolicy.

private EPMapUpgradeToGroupRelation processMapPolicy(Policy policy, EPMapUpgrade element) {
    String permission = policy.getPermission();
    SecurityGroup secGroup = policy.getSecurityGroup();
    Group group;
    String role;
    if (permission.startsWith(EPMapPolicy.Type.user.name())) {
        group = groupDao.createGroup();
        processSecurityGroup(group, GroupRoles.participant.name(), secGroup);
        role = EPMapPolicy.Type.user.name();
    } else if (permission.startsWith(EPMapPolicy.Type.group.name())) {
        group = findGroupOfBusinessGroup(secGroup);
        role = EPMapPolicy.Type.group.name();
    } else if (permission.startsWith(EPMapPolicy.Type.invitation.name())) {
        InvitationUpgrade invitation = findInvitation(policy.getSecurityGroup());
        if (invitation == null) {
            return null;
        }
        group = invitation.getBaseGroup();
        role = EPMapPolicy.Type.invitation.name();
    } else if (permission.startsWith(EPMapPolicy.Type.allusers.name())) {
        group = groupDao.createGroup(EPMapPolicy.Type.allusers.name());
        role = EPMapPolicy.Type.allusers.name();
    } else {
        return null;
    }
    if (group == null) {
        log.error("Group not resolve for policy of map: " + element.getKey() + " and policy: " + policy.getKey());
        return null;
    }
    EPMapUpgradeToGroupRelation relation = new EPMapUpgradeToGroupRelation();
    relation.setDefaultGroup(false);
    relation.setCreationDate(new Date());
    relation.setEntry(element);
    relation.setValidTo(policy.getTo());
    relation.setValidFrom(policy.getFrom());
    relation.setGroup(group);
    relation.setRole(role);
    return relation;
}

Example 58 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.

the class OLATUpgrade_7_1_1 method createRepoEntrySecurityGroups.

private void createRepoEntrySecurityGroups(RepositoryEntryUpgrade entry) {
    BaseSecurity securityManager = BaseSecurityManager.getInstance();
    boolean save = false;
    if (entry.getTutorGroup() == null) {
        // security group for tutors / coaches
        SecurityGroup tutorGroup = securityManager.createAndPersistSecurityGroup();
        // member of this group may modify member's membership
        securityManager.createAndPersistPolicy(tutorGroup, Constants.PERMISSION_ACCESS, entry.getOlatResource());
        // members of this group are always tutors also
        securityManager.createAndPersistPolicy(tutorGroup, Constants.PERMISSION_HASROLE, Constants.ORESOURCE_TUTOR);
        entry.setTutorGroup(tutorGroup);
        securityManager.createAndPersistPolicy(entry.getTutorGroup(), Constants.PERMISSION_COACH, entry.getOlatResource());
        DBFactory.getInstance().commit();
        save = true;
    }
    if (entry.getParticipantGroup() == null) {
        // security group for participants
        SecurityGroup participantGroup = securityManager.createAndPersistSecurityGroup();
        // member of this group may modify member's membership
        securityManager.createAndPersistPolicy(participantGroup, Constants.PERMISSION_ACCESS, entry.getOlatResource());
        // members of this group are always participants also
        securityManager.createAndPersistPolicy(participantGroup, Constants.PERMISSION_HASROLE, Constants.ORESOURCE_PARTICIPANT);
        entry.setParticipantGroup(participantGroup);
        securityManager.createAndPersistPolicy(entry.getParticipantGroup(), Constants.PERMISSION_PARTI, entry.getOlatResource());
        DBFactory.getInstance().commit();
        save = true;
    }
    if (save) {
        DBFactory.getInstance().updateObject(entry);
    }
}

Example 59 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.

the class OLATUpgrade_7_1_1 method migrateRepoEntrySecurityGroups.

private void migrateRepoEntrySecurityGroups(RepositoryEntryUpgrade entry) {
    BaseSecurity securityManager = BaseSecurityManager.getInstance();
    List<BGContextImpl> contexts = findBGContextsForResource(entry.getOlatResource(), true, true);
    for (BGContextImpl context : contexts) {
        List<BusinessGroupUpgrade> groups = getGroupsOfBGContext(context);
        for (BusinessGroupUpgrade group : groups) {
            // migrate tutors
            if (group.getOwnerGroup() != null) {
                int count = 0;
                List<Identity> owners = securityManager.getIdentitiesOfSecurityGroup(group.getOwnerGroup());
                SecurityGroup tutorGroup = entry.getTutorGroup();
                for (Identity owner : owners) {
                    if (securityManager.isIdentityInSecurityGroup(owner, tutorGroup)) {
                        continue;
                    }
                    securityManager.addIdentityToSecurityGroup(owner, tutorGroup);
                    if (count++ % 20 == 0) {
                        DBFactory.getInstance().intermediateCommit();
                    }
                }
                DBFactory.getInstance().intermediateCommit();
            }
            // migrate participants
            if (group.getPartipiciantGroup() != null) {
                int count = 0;
                List<Identity> participants = securityManager.getIdentitiesOfSecurityGroup(group.getPartipiciantGroup());
                SecurityGroup participantGroup = entry.getParticipantGroup();
                for (Identity participant : participants) {
                    if (securityManager.isIdentityInSecurityGroup(participant, participantGroup)) {
                        continue;
                    }
                    securityManager.addIdentityToSecurityGroup(participant, participantGroup);
                    if (count++ % 20 == 0) {
                        DBFactory.getInstance().intermediateCommit();
                    }
                }
                DBFactory.getInstance().intermediateCommit();
            }
        }
    }
}

Example 60 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.

the class LDAPLoginManagerImpl method createAndPersistUser.

/**
 * Creates User in OLAT and ads user to LDAP securityGroup Required Attributes
 * have to be checked before this method.
 *
 * @param userAttributes Set of LDAP Attribute of User to be created
 */
@Override
public Identity createAndPersistUser(Attributes userAttributes) {
    // Get and Check Config
    String[] reqAttrs = syncConfiguration.checkRequestAttributes(userAttributes);
    if (reqAttrs != null) {
        log.warn("Can not create and persist user, the following attributes are missing::" + ArrayUtils.toString(reqAttrs), null);
        return null;
    }
    String uid = getAttributeValue(userAttributes.get(syncConfiguration.getOlatPropertyToLdapAttribute(LDAPConstants.LDAP_USER_IDENTIFYER)));
    String email = getAttributeValue(userAttributes.get(syncConfiguration.getOlatPropertyToLdapAttribute(UserConstants.EMAIL)));
    // Lookup user
    if (securityManager.findIdentityByNameCaseInsensitive(uid) != null) {
        log.error("Can't create user with username='" + uid + "', this username does already exist in OLAT database", null);
        return null;
    }
    if (!MailHelper.isValidEmailAddress(email)) {
        // needed to prevent possibly an AssertException in findIdentityByEmail breaking the sync!
        log.error("Cannot try to lookup user " + uid + " by email with an invalid email::" + email, null);
        return null;
    }
    if (!userManager.isEmailAllowed(email)) {
        log.error("Can't create user with email='" + email + "', a user with that email does already exist in OLAT database", null);
        return null;
    }
    // Create User (first and lastname is added in next step)
    User user = userManager.createUser(null, null, email);
    // Set User Property's (Iterates over Attributes and gets OLAT Property out
    // of olatexconfig.xml)
    NamingEnumeration<? extends Attribute> neAttr = userAttributes.getAll();
    try {
        while (neAttr.hasMore()) {
            Attribute attr = neAttr.next();
            String olatProperty = mapLdapAttributeToOlatProperty(attr.getID());
            if (!attr.getID().equalsIgnoreCase(syncConfiguration.getOlatPropertyToLdapAttribute(LDAPConstants.LDAP_USER_IDENTIFYER))) {
                String ldapValue = getAttributeValue(attr);
                if (olatProperty == null || ldapValue == null)
                    continue;
                user.setProperty(olatProperty, ldapValue);
            }
        }
        // Add static user properties from the configuration
        Map<String, String> staticProperties = syncConfiguration.getStaticUserProperties();
        if (staticProperties != null && staticProperties.size() > 0) {
            for (Entry<String, String> staticProperty : staticProperties.entrySet()) {
                user.setProperty(staticProperty.getKey(), staticProperty.getValue());
            }
        }
    } catch (NamingException e) {
        log.error("NamingException when trying to create and persist LDAP user with username::" + uid, e);
        return null;
    } catch (Exception e) {
        // catch any exception here to properly log error
        log.error("Unknown exception when trying to create and persist LDAP user with username::" + uid, e);
        return null;
    }
    // Create Identity
    Identity identity = securityManager.createAndPersistIdentityAndUser(uid, null, user, LDAPAuthenticationController.PROVIDER_LDAP, uid);
    // Add to SecurityGroup LDAP
    SecurityGroup secGroup = securityManager.findSecurityGroupByName(LDAPConstants.SECURITY_GROUP_LDAP);
    securityManager.addIdentityToSecurityGroup(identity, secGroup);
    // Add to SecurityGroup OLATUSERS
    secGroup = securityManager.findSecurityGroupByName(Constants.GROUP_OLATUSERS);
    securityManager.addIdentityToSecurityGroup(identity, secGroup);
    log.info("Created LDAP user username::" + uid);
    return identity;
}