Examples with SecurityGroup org.olat.basesecurity.SecurityGroup used on opensource projects

Example 66 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.

the class LDAPLoginModule method init.

/**
 * @see org.olat.core.configuration.Initializable#init()
 */
@Override
public void init() {
    // Check if LDAP is enabled
    if (!isLDAPEnabled()) {
        log.info("LDAP login is disabled");
        return;
    }
    log.info("Starting LDAP module");
    // Create LDAP Security Group if not existing. Used to identify users that
    // have to be synced with LDAP
    SecurityGroup ldapGroup = securityManager.findSecurityGroupByName(LDAPConstants.SECURITY_GROUP_LDAP);
    if (ldapGroup == null) {
        ldapGroup = securityManager.createAndPersistNamedSecurityGroup(LDAPConstants.SECURITY_GROUP_LDAP);
    }
    // check for valid configuration
    if (!checkConfigParameterIsNotEmpty(ldapUrl))
        return;
    if (!checkConfigParameterIsNotEmpty(systemDN))
        return;
    if (!checkConfigParameterIsNotEmpty(systemPW))
        return;
    if (syncConfiguration.getLdapBases() == null || syncConfiguration.getLdapBases().isEmpty()) {
        log.error("Missing configuration 'ldapBases'. Add at least one LDAP Base to the this configuration in olatextconfig.xml first. Disabling LDAP");
        setEnableLDAPLogins(false);
        return;
    }
    if (syncConfiguration.getLdapUserFilter() != null) {
        if (!syncConfiguration.getLdapUserFilter().startsWith("(") || !syncConfiguration.getLdapUserFilter().endsWith(")")) {
            log.error("Wrong configuration 'ldapUserFilter'. Set filter to emtpy value or enclose filter in brackets like '(objectClass=person)'. Disabling LDAP");
            setEnableLDAPLogins(false);
            return;
        }
    }
    if (!checkConfigParameterIsNotEmpty(syncConfiguration.getLdapUserCreatedTimestampAttribute())) {
        return;
    }
    if (!checkConfigParameterIsNotEmpty(syncConfiguration.getLdapUserLastModifiedTimestampAttribute())) {
        return;
    }
    if (syncConfiguration.getUserAttributeMap() == null || syncConfiguration.getUserAttributeMap().isEmpty()) {
        log.error("Missing configuration 'userAttrMap'. Add at least the email propery to the this configuration in olatextconfig.xml first. Disabling LDAP");
        setEnableLDAPLogins(false);
        return;
    }
    if (syncConfiguration.getRequestAttributes() == null || syncConfiguration.getRequestAttributes().isEmpty()) {
        log.error("Missing configuration 'reqAttr'. Add at least the email propery to the this configuration in olatextconfig.xml first. Disabling LDAP");
        setEnableLDAPLogins(false);
        return;
    }
    // check if OLAT user properties is defined in olat_userconfig.xml, if not disable the LDAP module
    if (!syncConfiguration.checkIfOlatPropertiesExists(syncConfiguration.getUserAttributeMap())) {
        log.error("Invalid LDAP OLAT properties mapping configuration (userAttrMap). Disabling LDAP");
        setEnableLDAPLogins(false);
        return;
    }
    if (!syncConfiguration.checkIfOlatPropertiesExists(syncConfiguration.getRequestAttributes())) {
        log.error("Invalid LDAP OLAT properties mapping configuration (reqAttr). Disabling LDAP");
        setEnableLDAPLogins(false);
        return;
    }
    if (syncConfiguration.getSyncOnlyOnCreateProperties() != null && !syncConfiguration.checkIfStaticOlatPropertiesExists(syncConfiguration.getSyncOnlyOnCreateProperties())) {
        log.error("Invalid LDAP OLAT syncOnlyOnCreateProperties configuration. Disabling LDAP");
        setEnableLDAPLogins(false);
        return;
    }
    if (syncConfiguration.getStaticUserProperties() != null && !syncConfiguration.checkIfStaticOlatPropertiesExists(syncConfiguration.getStaticUserProperties().keySet())) {
        log.error("Invalid static OLAT properties configuration (staticUserProperties). Disabling LDAP");
        setEnableLDAPLogins(false);
        return;
    }
    // check SSL certifications, throws Startup Exception if certificate is not found
    if (isSslEnabled()) {
        if (!checkServerCertValidity(0)) {
            log.error("LDAP enabled but no valid server certificate found. Please fix!");
        } else if (!checkServerCertValidity(30)) {
            log.warn("Server Certificate will expire in less than 30 days.");
        }
    }
    // Start LDAP cron sync job
    if (isLdapSyncCronSync()) {
        initCronSyncJob();
    } else {
        log.info("LDAP cron sync is disabled");
    }
    // OK, everything finished checkes passed
    log.info("LDAP login is enabled");
}

Example 67 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.

the class QuestionItemDAO method removeAuthors.

public void removeAuthors(List<Identity> authors, QuestionItemShort item) {
    QuestionItemImpl lockedItem = loadForUpdate(item);
    SecurityGroup secGroup = lockedItem.getOwnerGroup();
    for (Identity author : authors) {
        if (securityManager.isIdentityInSecurityGroup(author, secGroup)) {
            securityManager.removeIdentityFromSecurityGroup(author, secGroup);
        }
    }
    dbInstance.commit();
}

Example 68 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.

the class MembersOverviewIdentitiesController method loadModel.

private void loadModel(List<String> keys) {
    oks = new ArrayList<Identity>();
    List<String> isanonymous = new ArrayList<>();
    notfounds = new ArrayList<>();
    SecurityGroup anonymousSecGroup = securityManager.findSecurityGroupByName(Constants.GROUP_ANONYMOUS);
    for (String identityKey : keys) {
        Identity ident = securityManager.loadIdentityByKey(Long.parseLong(identityKey));
        if (ident == null) {
            // not found, add to not-found-list
            notfounds.add(identityKey);
        } else if (securityManager.isIdentityInSecurityGroup(ident, anonymousSecGroup)) {
            isanonymous.add(identityKey);
        } else if (!PersistenceHelper.containsPersistable(oks, ident)) {
            oks.add(ident);
        }
    }
}

Example 69 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.

the class UsermanagerUserSearchForm method findIdentitiesFromSearchForm.

/**
 * @return List of identities that match the criterias from the search form
 */
private List<Identity> findIdentitiesFromSearchForm() {
    // get user attributes from form
    String login = searchform.getStringValue("login");
    // when searching for deleted users, add wildcard to match with backup prefix
    if (searchform.getStatus().equals(Identity.STATUS_DELETED)) {
        login = "*" + login;
    }
    Integer status = null;
    // get user fields from form
    // build user fields search map
    Map<String, String> userPropertiesSearch = new HashMap<String, String>();
    for (UserPropertyHandler userPropertyHandler : searchform.getPropertyHandlers()) {
        if (userPropertyHandler == null)
            continue;
        FormItem ui = searchform.getItem(userPropertyHandler.getName());
        String uiValue = userPropertyHandler.getStringValue(ui);
        if (userPropertyHandler.getName().startsWith("genericCheckboxProperty") && ui instanceof MultipleSelectionElement) {
            if (!"false".equals(uiValue)) {
                // ignore false for the search
                userPropertiesSearch.put(userPropertyHandler.getName(), uiValue);
            }
        } else if (StringHelper.containsNonWhitespace(uiValue)) {
            // when searching for deleted users, add wildcard to match with backup prefix
            if (userPropertyHandler instanceof EmailProperty && searchform.getStatus().equals(Identity.STATUS_DELETED)) {
                uiValue = "*" + uiValue;
            }
            userPropertiesSearch.put(userPropertyHandler.getName(), uiValue);
        }
    }
    if (userPropertiesSearch.isEmpty())
        userPropertiesSearch = null;
    // get group memberships from form
    List<SecurityGroup> groupsList = new ArrayList<SecurityGroup>();
    if (searchform.getRole("admin")) {
        SecurityGroup group = securityManager.findSecurityGroupByName(Constants.GROUP_ADMIN);
        groupsList.add(group);
    }
    if (searchform.getRole("author")) {
        SecurityGroup group = securityManager.findSecurityGroupByName(Constants.GROUP_AUTHORS);
        groupsList.add(group);
    }
    if (searchform.getRole("groupmanager")) {
        SecurityGroup group = securityManager.findSecurityGroupByName(Constants.GROUP_GROUPMANAGERS);
        groupsList.add(group);
    }
    if (searchform.getRole("usermanager")) {
        SecurityGroup group = securityManager.findSecurityGroupByName(Constants.GROUP_USERMANAGERS);
        groupsList.add(group);
    }
    if (searchform.getRole("oresmanager")) {
        SecurityGroup group = securityManager.findSecurityGroupByName(Constants.GROUP_INST_ORES_MANAGER);
        groupsList.add(group);
    }
    if (searchform.getRole("poolmanager")) {
        SecurityGroup group = securityManager.findSecurityGroupByName(Constants.GROUP_POOL_MANAGER);
        groupsList.add(group);
    }
    status = searchform.getStatus();
    SecurityGroup[] groups = groupsList.toArray(new SecurityGroup[groupsList.size()]);
    // no permissions in this form so far
    PermissionOnResourceable[] permissionOnResources = null;
    String[] authProviders = searchform.getAuthProviders();
    // get date constraints from form
    Date createdBefore = searchform.getBeforeDate();
    Date createdAfter = searchform.getAfterDate();
    Date userLoginBefore = searchform.getUserLoginBefore();
    Date userLoginAfter = searchform.getUserLoginAfter();
    // now perform power search
    List<Identity> myIdentities = securityManager.getIdentitiesByPowerSearch((login.equals("") ? null : login), userPropertiesSearch, true, groups, permissionOnResources, authProviders, createdAfter, createdBefore, userLoginAfter, userLoginBefore, status);
    return myIdentities;
}

Example 70 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project openolat by klemens.

the class SystemRegistrationManager method getRegistrationPropertiesMessage.

public Map<String, String> getRegistrationPropertiesMessage() {
    Map<String, String> msgProperties = new HashMap<String, String>();
    boolean website = registrationModule.isPublishWebsite();
    boolean notify = registrationModule.isNotifyReleases();
    // OLAT version
    msgProperties.put("appName", Settings.getApplicationName());
    msgProperties.put("version", Settings.getFullVersionInfo());
    // Location
    msgProperties.put("location", registrationModule.getLocation());
    msgProperties.put("locationCSV", registrationModule.getLocationCoordinates());
    // System config
    msgProperties.put("instantMessagingEnabled", String.valueOf(CoreSpringFactory.getImpl(InstantMessagingModule.class).isEnabled()));
    msgProperties.put("enabledLanguages", CoreSpringFactory.getImpl(I18nModule.class).getEnabledLanguageKeys().toString());
    msgProperties.put("clusterEnabled", clusterMode);
    msgProperties.put("debuggingEnabled", String.valueOf(Settings.isDebuging()));
    // Course counts
    int allCourses = repositoryManager.countByTypeLimitAccess(CourseModule.ORES_TYPE_COURSE, RepositoryEntry.ACC_OWNERS);
    int publishedCourses = repositoryManager.countByTypeLimitAccess(CourseModule.ORES_TYPE_COURSE, RepositoryEntry.ACC_USERS);
    msgProperties.put("courses", String.valueOf(allCourses));
    msgProperties.put("coursesPublished", String.valueOf(publishedCourses));
    // User counts
    SecurityGroup olatuserGroup = securityManager.findSecurityGroupByName(Constants.GROUP_OLATUSERS);
    int users = securityManager.countIdentitiesOfSecurityGroup(olatuserGroup);
    long disabled = securityManager.countIdentitiesByPowerSearch(null, null, true, null, null, null, null, null, null, null, Identity.STATUS_LOGIN_DENIED);
    msgProperties.put("usersEnabled", String.valueOf(users - disabled));
    PermissionOnResourceable[] permissions = { new PermissionOnResourceable(Constants.PERMISSION_HASROLE, Constants.ORESOURCE_AUTHOR) };
    long authors = securityManager.countIdentitiesByPowerSearch(null, null, true, null, permissions, null, null, null, null, null, null);
    msgProperties.put("authors", String.valueOf(authors));
    // Activity
    Calendar lastLoginLimit = Calendar.getInstance();
    // -1 - 6 = -7 for last week
    lastLoginLimit.add(Calendar.DAY_OF_YEAR, -6);
    Long activeUsersLastWeek = securityManager.countUniqueUserLoginsSince(lastLoginLimit.getTime());
    msgProperties.put("activeUsersLastWeek", String.valueOf(activeUsersLastWeek));
    lastLoginLimit = Calendar.getInstance();
    lastLoginLimit.add(Calendar.MONTH, -1);
    Long activeUsersLastMonth = securityManager.countUniqueUserLoginsSince(lastLoginLimit.getTime());
    msgProperties.put("activeUsersLastMonth", String.valueOf(activeUsersLastMonth));
    // Groups
    SearchBusinessGroupParams params = new SearchBusinessGroupParams();
    int groups = businessGroupService.countBusinessGroups(params, null);
    msgProperties.put("buddyGroups", String.valueOf(groups));
    msgProperties.put("learningGroups", String.valueOf(groups));
    msgProperties.put("rightGroups", String.valueOf(groups));
    msgProperties.put("groups", String.valueOf(groups));
    // URL
    msgProperties.put("url", Settings.getServerContextPathURI());
    msgProperties.put("publishWebsite", String.valueOf(website));
    // Description
    String desc = registrationModule.getWebsiteDescription();
    msgProperties.put("description", desc);
    if (notify) {
        // Email
        String email = registrationModule.getEmail();
        msgProperties.put("email", email);
    }
    return msgProperties;
}