Search in sources :

Example 1 with Permission

use of password.pwm.Permission in project pwm by pwm-project.

the class SessionManager method checkPermission.

public boolean checkPermission(final PwmApplication pwmApplication, final Permission permission) throws PwmUnrecoverableException {
    final boolean devDebugMode = pwmApplication.getConfig().isDevDebugMode();
    if (devDebugMode) {
        LOGGER.trace(pwmSession.getLabel(), String.format("entering checkPermission(%s, %s, %s)", permission, pwmSession, pwmApplication));
    }
    if (!pwmSession.isAuthenticated()) {
        if (devDebugMode) {
            LOGGER.trace(pwmSession.getLabel(), "user is not authenticated, returning false for permission check");
        }
        return false;
    }
    Permission.PermissionStatus status = pwmSession.getUserSessionDataCacheBean().getPermission(permission);
    if (status == Permission.PermissionStatus.UNCHECKED) {
        if (devDebugMode) {
            LOGGER.debug(pwmSession.getLabel(), String.format("checking permission %s for user %s", permission.toString(), pwmSession.getUserInfo().getUserIdentity().toDelimitedKey()));
        }
        final PwmSetting setting = permission.getPwmSetting();
        final List<UserPermission> userPermission = pwmApplication.getConfig().readSettingAsUserPermission(setting);
        final boolean result = LdapPermissionTester.testUserPermissions(pwmApplication, pwmSession.getLabel(), pwmSession.getUserInfo().getUserIdentity(), userPermission);
        status = result ? Permission.PermissionStatus.GRANTED : Permission.PermissionStatus.DENIED;
        pwmSession.getUserSessionDataCacheBean().setPermission(permission, status);
        LOGGER.debug(pwmSession.getLabel(), String.format("permission %s for user %s is %s", permission.toString(), pwmSession.getUserInfo().getUserIdentity().toDelimitedKey(), status.toString()));
    }
    return status == Permission.PermissionStatus.GRANTED;
}
Also used : PwmSetting(password.pwm.config.PwmSetting) Permission(password.pwm.Permission) UserPermission(password.pwm.config.value.data.UserPermission) UserPermission(password.pwm.config.value.data.UserPermission)

Example 2 with Permission

use of password.pwm.Permission in project pwm by pwm-project.

the class UserDebugDataReader method permissionMap.

private static Map<Permission, String> permissionMap(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final UserIdentity userIdentity) throws PwmUnrecoverableException {
    final Map<Permission, String> results = new TreeMap<>();
    for (final Permission permission : Permission.values()) {
        final PwmSetting setting = permission.getPwmSetting();
        if (!setting.isHidden() && !setting.getCategory().isHidden() && !setting.getCategory().hasProfiles()) {
            final List<UserPermission> userPermission = pwmApplication.getConfig().readSettingAsUserPermission(permission.getPwmSetting());
            final boolean result = LdapPermissionTester.testUserPermissions(pwmApplication, sessionLabel, userIdentity, userPermission);
            results.put(permission, result ? Permission.PermissionStatus.GRANTED.toString() : Permission.PermissionStatus.DENIED.toString());
        }
    }
    return Collections.unmodifiableMap(results);
}
Also used : PwmSetting(password.pwm.config.PwmSetting) Permission(password.pwm.Permission) UserPermission(password.pwm.config.value.data.UserPermission) TreeMap(java.util.TreeMap) UserPermission(password.pwm.config.value.data.UserPermission)

Example 3 with Permission

use of password.pwm.Permission in project pwm by pwm-project.

the class UserDebugDataReader method readUserDebugData.

public static UserDebugDataBean readUserDebugData(final PwmApplication pwmApplication, final Locale locale, final SessionLabel sessionLabel, final UserIdentity userIdentity) throws PwmUnrecoverableException {
    final UserInfo userInfo = UserInfoFactory.newUserInfoUsingProxy(pwmApplication, sessionLabel, userIdentity, locale);
    final Map<Permission, String> permissions = UserDebugDataReader.permissionMap(pwmApplication, sessionLabel, userIdentity);
    final Map<ProfileType, String> profiles = UserDebugDataReader.profileMap(pwmApplication, sessionLabel, userIdentity);
    final PwmPasswordPolicy ldapPasswordPolicy = PasswordUtility.readLdapPasswordPolicy(pwmApplication, pwmApplication.getProxiedChaiUser(userIdentity));
    final PwmPasswordPolicy configPasswordPolicy = PasswordUtility.determineConfiguredPolicyProfileForUser(pwmApplication, sessionLabel, userIdentity, locale);
    boolean readablePassword = false;
    try {
        readablePassword = null != LdapOperationsHelper.readLdapPassword(pwmApplication, sessionLabel, userIdentity);
    } catch (ChaiUnavailableException e) {
    /* disregard */
    }
    final MacroMachine macroMachine = MacroMachine.forUser(pwmApplication, locale, sessionLabel, userIdentity);
    final UserDebugDataBean userDebugData = UserDebugDataBean.builder().userInfo(userInfo).publicUserInfoBean(PublicUserInfoBean.fromUserInfoBean(userInfo, pwmApplication.getConfig(), locale, macroMachine)).permissions(permissions).profiles(profiles).ldapPasswordPolicy(ldapPasswordPolicy).configuredPasswordPolicy(configPasswordPolicy).passwordReadable(readablePassword).passwordWithinMinimumLifetime(userInfo.isWithinPasswordMinimumLifetime()).build();
    return userDebugData;
}
Also used : ProfileType(password.pwm.config.profile.ProfileType) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy) Permission(password.pwm.Permission) UserPermission(password.pwm.config.value.data.UserPermission) MacroMachine(password.pwm.util.macro.MacroMachine) UserInfo(password.pwm.ldap.UserInfo)

Aggregations

Permission (password.pwm.Permission)3 UserPermission (password.pwm.config.value.data.UserPermission)3 PwmSetting (password.pwm.config.PwmSetting)2 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)1 TreeMap (java.util.TreeMap)1 ProfileType (password.pwm.config.profile.ProfileType)1 PwmPasswordPolicy (password.pwm.config.profile.PwmPasswordPolicy)1 UserInfo (password.pwm.ldap.UserInfo)1 MacroMachine (password.pwm.util.macro.MacroMachine)1