use of password.pwm.Permission in project pwm by pwm-project.
the class SessionManager method checkPermission.
public boolean checkPermission(final PwmApplication pwmApplication, final Permission permission) throws PwmUnrecoverableException {
final boolean devDebugMode = pwmApplication.getConfig().isDevDebugMode();
if (devDebugMode) {
LOGGER.trace(pwmSession.getLabel(), String.format("entering checkPermission(%s, %s, %s)", permission, pwmSession, pwmApplication));
}
if (!pwmSession.isAuthenticated()) {
if (devDebugMode) {
LOGGER.trace(pwmSession.getLabel(), "user is not authenticated, returning false for permission check");
}
return false;
}
Permission.PermissionStatus status = pwmSession.getUserSessionDataCacheBean().getPermission(permission);
if (status == Permission.PermissionStatus.UNCHECKED) {
if (devDebugMode) {
LOGGER.debug(pwmSession.getLabel(), String.format("checking permission %s for user %s", permission.toString(), pwmSession.getUserInfo().getUserIdentity().toDelimitedKey()));
}
final PwmSetting setting = permission.getPwmSetting();
final List<UserPermission> userPermission = pwmApplication.getConfig().readSettingAsUserPermission(setting);
final boolean result = LdapPermissionTester.testUserPermissions(pwmApplication, pwmSession.getLabel(), pwmSession.getUserInfo().getUserIdentity(), userPermission);
status = result ? Permission.PermissionStatus.GRANTED : Permission.PermissionStatus.DENIED;
pwmSession.getUserSessionDataCacheBean().setPermission(permission, status);
LOGGER.debug(pwmSession.getLabel(), String.format("permission %s for user %s is %s", permission.toString(), pwmSession.getUserInfo().getUserIdentity().toDelimitedKey(), status.toString()));
}
return status == Permission.PermissionStatus.GRANTED;
}
use of password.pwm.Permission in project pwm by pwm-project.
the class UserDebugDataReader method permissionMap.
private static Map<Permission, String> permissionMap(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final UserIdentity userIdentity) throws PwmUnrecoverableException {
final Map<Permission, String> results = new TreeMap<>();
for (final Permission permission : Permission.values()) {
final PwmSetting setting = permission.getPwmSetting();
if (!setting.isHidden() && !setting.getCategory().isHidden() && !setting.getCategory().hasProfiles()) {
final List<UserPermission> userPermission = pwmApplication.getConfig().readSettingAsUserPermission(permission.getPwmSetting());
final boolean result = LdapPermissionTester.testUserPermissions(pwmApplication, sessionLabel, userIdentity, userPermission);
results.put(permission, result ? Permission.PermissionStatus.GRANTED.toString() : Permission.PermissionStatus.DENIED.toString());
}
}
return Collections.unmodifiableMap(results);
}
use of password.pwm.Permission in project pwm by pwm-project.
the class UserDebugDataReader method readUserDebugData.
public static UserDebugDataBean readUserDebugData(final PwmApplication pwmApplication, final Locale locale, final SessionLabel sessionLabel, final UserIdentity userIdentity) throws PwmUnrecoverableException {
final UserInfo userInfo = UserInfoFactory.newUserInfoUsingProxy(pwmApplication, sessionLabel, userIdentity, locale);
final Map<Permission, String> permissions = UserDebugDataReader.permissionMap(pwmApplication, sessionLabel, userIdentity);
final Map<ProfileType, String> profiles = UserDebugDataReader.profileMap(pwmApplication, sessionLabel, userIdentity);
final PwmPasswordPolicy ldapPasswordPolicy = PasswordUtility.readLdapPasswordPolicy(pwmApplication, pwmApplication.getProxiedChaiUser(userIdentity));
final PwmPasswordPolicy configPasswordPolicy = PasswordUtility.determineConfiguredPolicyProfileForUser(pwmApplication, sessionLabel, userIdentity, locale);
boolean readablePassword = false;
try {
readablePassword = null != LdapOperationsHelper.readLdapPassword(pwmApplication, sessionLabel, userIdentity);
} catch (ChaiUnavailableException e) {
/* disregard */
}
final MacroMachine macroMachine = MacroMachine.forUser(pwmApplication, locale, sessionLabel, userIdentity);
final UserDebugDataBean userDebugData = UserDebugDataBean.builder().userInfo(userInfo).publicUserInfoBean(PublicUserInfoBean.fromUserInfoBean(userInfo, pwmApplication.getConfig(), locale, macroMachine)).permissions(permissions).profiles(profiles).ldapPasswordPolicy(ldapPasswordPolicy).configuredPasswordPolicy(configPasswordPolicy).passwordReadable(readablePassword).passwordWithinMinimumLifetime(userInfo.isWithinPasswordMinimumLifetime()).build();
return userDebugData;
}
Aggregations