Search in sources :

Example 86 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project OpenOLAT by OpenOLAT.

the class OLATUpgrade_10_0_0 method processMap.

private void processMap(EPMapUpgrade map) {
    if (hasGroupsRelations(map)) {
        return;
    }
    Set<EPMapUpgradeToGroupRelation> relations = new HashSet<>();
    SecurityGroup ownerGroup = map.getOwnerGroup();
    if (ownerGroup != null) {
        // create default group
        RepositoryEntryUpgrade re = findMapRepoEntry(ownerGroup);
        if (re != null) {
            Group reGroup = repositoryEntryToGroupDAO.getDefaultGroup(re);
            if (reGroup != null) {
                relations.add(createDefaultGroup(map, reGroup));
            }
        }
        if (relations.isEmpty()) {
            Group group = groupDao.createGroup();
            relations.add(createDefaultGroup(map, group));
            processSecurityGroup(group, GroupRoles.owner.name(), ownerGroup);
        }
        // create policy -> relation
        List<Policy> policies = securityManager.getPoliciesOfResource(map.getOlatResource(), null);
        for (Policy policy : policies) {
            if (policy.getPermission().contains(Constants.PERMISSION_READ)) {
                EPMapUpgradeToGroupRelation policyRelation = processMapPolicy(policy, map);
                if (policyRelation != null) {
                    relations.add(policyRelation);
                }
            }
        }
        for (EPMapUpgradeToGroupRelation relation : relations) {
            dbInstance.getCurrentEntityManager().persist(relation);
        }
    }
}
Also used : Policy(org.olat.basesecurity.Policy) EPMapPolicy(org.olat.portfolio.manager.EPMapPolicy) RepositoryEntryUpgrade(org.olat.upgrade.model.RepositoryEntryUpgrade) Group(org.olat.basesecurity.Group) SecurityGroup(org.olat.basesecurity.SecurityGroup) EPMapUpgradeToGroupRelation(org.olat.upgrade.model.EPMapUpgradeToGroupRelation) SecurityGroup(org.olat.basesecurity.SecurityGroup) HashSet(java.util.HashSet)

Example 87 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project OpenOLAT by OpenOLAT.

the class RepositoryManagerTest method queryByTypeLimitAccess_withInstitution.

@Test
public void queryByTypeLimitAccess_withInstitution() {
    Identity id = JunitTestHelper.createAndPersistIdentityAsUser("qbtla-3-" + UUID.randomUUID().toString());
    RepositoryEntry re = JunitTestHelper.createAndPersistRepositoryEntry(true);
    BusinessGroup group = businessGroupService.createBusinessGroup(null, "qbtla-3", "tg", null, null, false, false, re);
    businessGroupRelationDao.addRole(id, group, GroupRoles.coach.name());
    dbInstance.commitAndCloseSession();
    // promote id to institution resource manager
    id.getUser().setProperty(UserConstants.INSTITUTIONALNAME, "openolat.org");
    userManager.updateUserFromIdentity(id);
    SecurityGroup institutionalResourceManagerGroup = securityManager.findSecurityGroupByName(Constants.GROUP_INST_ORES_MANAGER);
    securityManager.addIdentityToSecurityGroup(id, institutionalResourceManagerGroup);
    dbInstance.commitAndCloseSession();
    // check
    List<String> types = Collections.singletonList(re.getOlatResource().getResourceableTypeName());
    List<RepositoryEntry> entries = repositoryManager.queryByTypeLimitAccess(id, new Roles(false, false, false, false, false, true, false), types);
    Assert.assertNotNull(entries);
    Assert.assertFalse(entries.isEmpty());
    Assert.assertTrue(entries.contains(re));
    for (RepositoryEntry entry : entries) {
        if (!entry.equals(re)) {
            Assert.assertTrue(entry.getAccess() >= RepositoryEntry.ACC_USERS);
        }
    }
}
Also used : BusinessGroup(org.olat.group.BusinessGroup) GroupRoles(org.olat.basesecurity.GroupRoles) Roles(org.olat.core.id.Roles) Identity(org.olat.core.id.Identity) SecurityGroup(org.olat.basesecurity.SecurityGroup) Test(org.junit.Test)

Example 88 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project OpenOLAT by OpenOLAT.

the class ProjectBrokerManagerImpl method deleteProject.

/**
 * Delete a project and delete project-groups related to this project.
 * This method is cluster-save.
 * @see org.olat.course.nodes.projectbroker.service.ProjectBrokerManager#deleteProject(org.olat.course.nodes.projectbroker.datamodel.Project)
 */
public void deleteProject(final Project project, final boolean deleteGroup, final CourseEnvironment courseEnv, final CourseNode cNode) {
    logDebug("start deleteProject project=" + project);
    final Long projectBrokerId = project.getProjectBroker().getKey();
    OLATResourceable projectBrokerOres = OresHelper.createOLATResourceableInstance(this.getClass(), projectBrokerId);
    CoordinatorManager.getInstance().getCoordinator().getSyncer().doInSync(projectBrokerOres, new SyncerExecutor() {

        public void execute() {
            Project reloadedProject = (Project) dbInstance.loadObject(project, true);
            // delete first candidate-group, project-group will be deleted after deleting project
            SecurityGroup candidateGroup = reloadedProject.getCandidateGroup();
            if ((courseEnv != null) && (cNode != null)) {
                deleteAllAttachmentFilesOfProject(reloadedProject, courseEnv, cNode);
                deleteAllDropboxFilesOfProject(reloadedProject, courseEnv, cNode);
                deleteAllReturnboxFilesOfProject(reloadedProject, courseEnv, cNode);
            }
            dbInstance.deleteObject(reloadedProject);
            logInfo("deleteSecurityGroup(project.getCandidateGroup())=" + candidateGroup.getKey());
            securityManager.deleteSecurityGroup(candidateGroup);
            // invalide with removing from cache
            projectCache.remove(projectBrokerId.toString());
        }
    });
    if (deleteGroup) {
        logDebug("start deleteProjectGroupFor project=" + project);
        projectGroupManager.deleteProjectGroupFor(project);
    }
    logDebug("DONE deleteProjectGroupFor project=" + project);
}
Also used : Project(org.olat.course.nodes.projectbroker.datamodel.Project) OLATResourceable(org.olat.core.id.OLATResourceable) SyncerExecutor(org.olat.core.util.coordinate.SyncerExecutor) SecurityGroup(org.olat.basesecurity.SecurityGroup)

Example 89 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project OpenOLAT by OpenOLAT.

the class LDAPLoginManagerImpl method doBatchSyncDeletedUsers.

private void doBatchSyncDeletedUsers(LdapContext ctx, String sinceSentence) {
    // create User to Delete List
    List<Identity> deletedUserList = getIdentitysDeletedInLdap(ctx);
    // delete old users
    if (deletedUserList == null || deletedUserList.size() == 0) {
        log.info("LDAP batch sync: no users to delete" + sinceSentence);
    } else {
        if (ldapLoginModule.isDeleteRemovedLDAPUsersOnSync()) {
            // check if more not more than the defined percentages of
            // users managed in LDAP should be deleted
            // if they are over the percentage, they will not be deleted
            // by the sync job
            SecurityGroup ldapGroup = securityManager.findSecurityGroupByName(LDAPConstants.SECURITY_GROUP_LDAP);
            List<Identity> olatListIdentity = securityManager.getIdentitiesOfSecurityGroup(ldapGroup);
            if (olatListIdentity.isEmpty())
                log.info("No users managed by LDAP, can't delete users");
            else {
                int prozente = (int) (((float) deletedUserList.size() / (float) olatListIdentity.size()) * 100);
                if (prozente >= ldapLoginModule.getDeleteRemovedLDAPUsersPercentage()) {
                    log.info("LDAP batch sync: more than " + ldapLoginModule.getDeleteRemovedLDAPUsersPercentage() + "% of LDAP managed users should be deleted. Please use Admin Deletion Job. Or increase deleteRemovedLDAPUsersPercentage. " + prozente + "% tried to delete.");
                } else {
                    // delete users
                    deletIdentities(deletedUserList);
                    log.info("LDAP batch sync: " + deletedUserList.size() + " users deleted" + sinceSentence);
                }
            }
        } else {
            // Do nothing, only log users to logfile
            StringBuilder users = new StringBuilder();
            for (Identity toBeDeleted : deletedUserList) {
                users.append(toBeDeleted.getName()).append(',');
            }
            log.info("LDAP batch sync: " + deletedUserList.size() + " users detected as to be deleted" + sinceSentence + ". Automatic deleting is disabled in LDAPLoginModule, delete these users manually::[" + users.toString() + "]");
        }
    }
    dbInstance.commitAndCloseSession();
}
Also used : Identity(org.olat.core.id.Identity) SecurityGroup(org.olat.basesecurity.SecurityGroup)

Example 90 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project OpenOLAT by OpenOLAT.

the class LDAPLoginManagerImpl method deletIdentities.

/**
 * Delete all Identities in List and removes them from LDAPSecurityGroup
 *
 * @param identityList List of Identities to delete
 */
@Override
public void deletIdentities(List<Identity> identityList) {
    SecurityGroup secGroup = securityManager.findSecurityGroupByName(LDAPConstants.SECURITY_GROUP_LDAP);
    for (Identity identity : identityList) {
        securityManager.removeIdentityFromSecurityGroup(identity, secGroup);
        userDeletionManager.deleteIdentity(identity);
        dbInstance.intermediateCommit();
    }
}
Also used : SecurityGroup(org.olat.basesecurity.SecurityGroup) Identity(org.olat.core.id.Identity)

Aggregations

SecurityGroup (org.olat.basesecurity.SecurityGroup)142 Identity (org.olat.core.id.Identity)104 ArrayList (java.util.ArrayList)36 Test (org.junit.Test)24 BaseSecurity (org.olat.basesecurity.BaseSecurity)20 User (org.olat.core.id.User)20 CatalogEntry (org.olat.repository.CatalogEntry)18 RepositoryEntry (org.olat.repository.RepositoryEntry)16 Path (javax.ws.rs.Path)14 Date (java.util.Date)12 UserVO (org.olat.user.restapi.UserVO)10 URI (java.net.URI)8 Calendar (java.util.Calendar)8 HashMap (java.util.HashMap)8 HttpResponse (org.apache.http.HttpResponse)8 IdentitiesAddEvent (org.olat.admin.securitygroup.gui.IdentitiesAddEvent)8 UserPropertyHandler (org.olat.user.propertyhandlers.UserPropertyHandler)8 LDAPUser (org.olat.ldap.model.LDAPUser)7 HashSet (java.util.HashSet)6 NamingException (javax.naming.NamingException)6