use of org.olat.basesecurity.SecurityGroup in project OpenOLAT by OpenOLAT.
the class OLATUpgrade_10_0_0 method processMap.
private void processMap(EPMapUpgrade map) {
if (hasGroupsRelations(map)) {
return;
}
Set<EPMapUpgradeToGroupRelation> relations = new HashSet<>();
SecurityGroup ownerGroup = map.getOwnerGroup();
if (ownerGroup != null) {
// create default group
RepositoryEntryUpgrade re = findMapRepoEntry(ownerGroup);
if (re != null) {
Group reGroup = repositoryEntryToGroupDAO.getDefaultGroup(re);
if (reGroup != null) {
relations.add(createDefaultGroup(map, reGroup));
}
}
if (relations.isEmpty()) {
Group group = groupDao.createGroup();
relations.add(createDefaultGroup(map, group));
processSecurityGroup(group, GroupRoles.owner.name(), ownerGroup);
}
// create policy -> relation
List<Policy> policies = securityManager.getPoliciesOfResource(map.getOlatResource(), null);
for (Policy policy : policies) {
if (policy.getPermission().contains(Constants.PERMISSION_READ)) {
EPMapUpgradeToGroupRelation policyRelation = processMapPolicy(policy, map);
if (policyRelation != null) {
relations.add(policyRelation);
}
}
}
for (EPMapUpgradeToGroupRelation relation : relations) {
dbInstance.getCurrentEntityManager().persist(relation);
}
}
}
use of org.olat.basesecurity.SecurityGroup in project OpenOLAT by OpenOLAT.
the class RepositoryManagerTest method queryByTypeLimitAccess_withInstitution.
@Test
public void queryByTypeLimitAccess_withInstitution() {
Identity id = JunitTestHelper.createAndPersistIdentityAsUser("qbtla-3-" + UUID.randomUUID().toString());
RepositoryEntry re = JunitTestHelper.createAndPersistRepositoryEntry(true);
BusinessGroup group = businessGroupService.createBusinessGroup(null, "qbtla-3", "tg", null, null, false, false, re);
businessGroupRelationDao.addRole(id, group, GroupRoles.coach.name());
dbInstance.commitAndCloseSession();
// promote id to institution resource manager
id.getUser().setProperty(UserConstants.INSTITUTIONALNAME, "openolat.org");
userManager.updateUserFromIdentity(id);
SecurityGroup institutionalResourceManagerGroup = securityManager.findSecurityGroupByName(Constants.GROUP_INST_ORES_MANAGER);
securityManager.addIdentityToSecurityGroup(id, institutionalResourceManagerGroup);
dbInstance.commitAndCloseSession();
// check
List<String> types = Collections.singletonList(re.getOlatResource().getResourceableTypeName());
List<RepositoryEntry> entries = repositoryManager.queryByTypeLimitAccess(id, new Roles(false, false, false, false, false, true, false), types);
Assert.assertNotNull(entries);
Assert.assertFalse(entries.isEmpty());
Assert.assertTrue(entries.contains(re));
for (RepositoryEntry entry : entries) {
if (!entry.equals(re)) {
Assert.assertTrue(entry.getAccess() >= RepositoryEntry.ACC_USERS);
}
}
}
use of org.olat.basesecurity.SecurityGroup in project OpenOLAT by OpenOLAT.
the class ProjectBrokerManagerImpl method deleteProject.
/**
* Delete a project and delete project-groups related to this project.
* This method is cluster-save.
* @see org.olat.course.nodes.projectbroker.service.ProjectBrokerManager#deleteProject(org.olat.course.nodes.projectbroker.datamodel.Project)
*/
public void deleteProject(final Project project, final boolean deleteGroup, final CourseEnvironment courseEnv, final CourseNode cNode) {
logDebug("start deleteProject project=" + project);
final Long projectBrokerId = project.getProjectBroker().getKey();
OLATResourceable projectBrokerOres = OresHelper.createOLATResourceableInstance(this.getClass(), projectBrokerId);
CoordinatorManager.getInstance().getCoordinator().getSyncer().doInSync(projectBrokerOres, new SyncerExecutor() {
public void execute() {
Project reloadedProject = (Project) dbInstance.loadObject(project, true);
// delete first candidate-group, project-group will be deleted after deleting project
SecurityGroup candidateGroup = reloadedProject.getCandidateGroup();
if ((courseEnv != null) && (cNode != null)) {
deleteAllAttachmentFilesOfProject(reloadedProject, courseEnv, cNode);
deleteAllDropboxFilesOfProject(reloadedProject, courseEnv, cNode);
deleteAllReturnboxFilesOfProject(reloadedProject, courseEnv, cNode);
}
dbInstance.deleteObject(reloadedProject);
logInfo("deleteSecurityGroup(project.getCandidateGroup())=" + candidateGroup.getKey());
securityManager.deleteSecurityGroup(candidateGroup);
// invalide with removing from cache
projectCache.remove(projectBrokerId.toString());
}
});
if (deleteGroup) {
logDebug("start deleteProjectGroupFor project=" + project);
projectGroupManager.deleteProjectGroupFor(project);
}
logDebug("DONE deleteProjectGroupFor project=" + project);
}
use of org.olat.basesecurity.SecurityGroup in project OpenOLAT by OpenOLAT.
the class LDAPLoginManagerImpl method doBatchSyncDeletedUsers.
private void doBatchSyncDeletedUsers(LdapContext ctx, String sinceSentence) {
// create User to Delete List
List<Identity> deletedUserList = getIdentitysDeletedInLdap(ctx);
// delete old users
if (deletedUserList == null || deletedUserList.size() == 0) {
log.info("LDAP batch sync: no users to delete" + sinceSentence);
} else {
if (ldapLoginModule.isDeleteRemovedLDAPUsersOnSync()) {
// check if more not more than the defined percentages of
// users managed in LDAP should be deleted
// if they are over the percentage, they will not be deleted
// by the sync job
SecurityGroup ldapGroup = securityManager.findSecurityGroupByName(LDAPConstants.SECURITY_GROUP_LDAP);
List<Identity> olatListIdentity = securityManager.getIdentitiesOfSecurityGroup(ldapGroup);
if (olatListIdentity.isEmpty())
log.info("No users managed by LDAP, can't delete users");
else {
int prozente = (int) (((float) deletedUserList.size() / (float) olatListIdentity.size()) * 100);
if (prozente >= ldapLoginModule.getDeleteRemovedLDAPUsersPercentage()) {
log.info("LDAP batch sync: more than " + ldapLoginModule.getDeleteRemovedLDAPUsersPercentage() + "% of LDAP managed users should be deleted. Please use Admin Deletion Job. Or increase deleteRemovedLDAPUsersPercentage. " + prozente + "% tried to delete.");
} else {
// delete users
deletIdentities(deletedUserList);
log.info("LDAP batch sync: " + deletedUserList.size() + " users deleted" + sinceSentence);
}
}
} else {
// Do nothing, only log users to logfile
StringBuilder users = new StringBuilder();
for (Identity toBeDeleted : deletedUserList) {
users.append(toBeDeleted.getName()).append(',');
}
log.info("LDAP batch sync: " + deletedUserList.size() + " users detected as to be deleted" + sinceSentence + ". Automatic deleting is disabled in LDAPLoginModule, delete these users manually::[" + users.toString() + "]");
}
}
dbInstance.commitAndCloseSession();
}
use of org.olat.basesecurity.SecurityGroup in project OpenOLAT by OpenOLAT.
the class LDAPLoginManagerImpl method deletIdentities.
/**
* Delete all Identities in List and removes them from LDAPSecurityGroup
*
* @param identityList List of Identities to delete
*/
@Override
public void deletIdentities(List<Identity> identityList) {
SecurityGroup secGroup = securityManager.findSecurityGroupByName(LDAPConstants.SECURITY_GROUP_LDAP);
for (Identity identity : identityList) {
securityManager.removeIdentityFromSecurityGroup(identity, secGroup);
userDeletionManager.deleteIdentity(identity);
dbInstance.intermediateCommit();
}
}
Aggregations