use of password.pwm.config.value.data.UserPermission in project pwm by pwm-project.
the class UserDebugDataReader method permissionMap.
private static Map<Permission, String> permissionMap(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final UserIdentity userIdentity) throws PwmUnrecoverableException {
final Map<Permission, String> results = new TreeMap<>();
for (final Permission permission : Permission.values()) {
final PwmSetting setting = permission.getPwmSetting();
if (!setting.isHidden() && !setting.getCategory().isHidden() && !setting.getCategory().hasProfiles()) {
final List<UserPermission> userPermission = pwmApplication.getConfig().readSettingAsUserPermission(permission.getPwmSetting());
final boolean result = LdapPermissionTester.testUserPermissions(pwmApplication, sessionLabel, userIdentity, userPermission);
results.put(permission, result ? Permission.PermissionStatus.GRANTED.toString() : Permission.PermissionStatus.DENIED.toString());
}
}
return Collections.unmodifiableMap(results);
}
use of password.pwm.config.value.data.UserPermission in project pwm by pwm-project.
the class UserPermissionValue method toDebugString.
public String toDebugString(final Locale locale) {
if (values != null && !values.isEmpty()) {
final StringBuilder sb = new StringBuilder();
int counter = 0;
for (final UserPermission userPermission : values) {
sb.append("UserPermission");
if (values.size() > 1) {
sb.append(counter);
}
sb.append("-");
sb.append(userPermission.getType() == null ? UserPermission.Type.ldapQuery.toString() : userPermission.getType().toString());
sb.append(": [");
sb.append("Profile:").append(userPermission.getLdapProfileID() == null ? "All" : userPermission.getLdapProfileID());
sb.append(" Base:").append(userPermission.getLdapBase() == null ? Display.getLocalizedMessage(locale, Display.Value_NotApplicable, null) : userPermission.getLdapBase());
if (userPermission.getLdapQuery() != null) {
sb.append(" Query:").append(userPermission.getLdapQuery());
}
sb.append("]");
counter++;
if (counter != values.size()) {
sb.append("\n");
}
}
return sb.toString();
} else {
return "";
}
}
use of password.pwm.config.value.data.UserPermission in project pwm by pwm-project.
the class ChallengeProfile method readChallengeProfileFromConfig.
public static ChallengeProfile readChallengeProfileFromConfig(final String profileID, final Locale locale, final StoredConfiguration storedConfiguration) {
final int minRandomRequired = (int) Configuration.JavaTypeConverter.valueToLong(storedConfiguration.readSetting(PwmSetting.CHALLENGE_MIN_RANDOM_REQUIRED, profileID));
ChallengeSet readChallengeSet = null;
try {
readChallengeSet = readChallengeSet(profileID, locale, storedConfiguration, PwmSetting.CHALLENGE_REQUIRED_CHALLENGES, PwmSetting.CHALLENGE_RANDOM_CHALLENGES, minRandomRequired);
} catch (PwmOperationalException e) {
LOGGER.trace("configured challengeSet for profile '" + profileID + "' is not valid: " + e.getMessage());
}
ChallengeSet readHelpdeskChallengeSet = null;
try {
readHelpdeskChallengeSet = readChallengeSet(profileID, locale, storedConfiguration, PwmSetting.CHALLENGE_HELPDESK_REQUIRED_CHALLENGES, PwmSetting.CHALLENGE_HELPDESK_RANDOM_CHALLENGES, 1);
} catch (PwmOperationalException e) {
LOGGER.trace("discarding configured helpdesk challengeSet for profile '" + profileID + "' issue: " + e.getMessage());
}
final int minRandomSetup = (int) Configuration.JavaTypeConverter.valueToLong(storedConfiguration.readSetting(PwmSetting.CHALLENGE_MIN_RANDOM_SETUP, profileID));
final int minHelpdeskRandomSetup = (int) Configuration.JavaTypeConverter.valueToLong(storedConfiguration.readSetting(PwmSetting.CHALLENGE_HELPDESK_MIN_RANDOM_SETUP, profileID));
final List<UserPermission> userPermissions = (List<UserPermission>) storedConfiguration.readSetting(PwmSetting.CHALLENGE_POLICY_QUERY_MATCH, profileID).toNativeObject();
return new ChallengeProfile(profileID, locale, readChallengeSet, readHelpdeskChallengeSet, minRandomSetup, minHelpdeskRandomSetup, userPermissions);
}
use of password.pwm.config.value.data.UserPermission in project pwm by pwm-project.
the class LDAPPermissionCalculator method figureRecord.
private Collection<PermissionRecord> figureRecord(final PwmSetting pwmSetting, final String profile) throws PwmUnrecoverableException {
final List<PermissionRecord> permissionRecords = new ArrayList<>();
final Collection<LDAPPermissionInfo> permissionInfos = figurePermissionInfos(pwmSetting, profile);
if (permissionInfos == null) {
return Collections.emptyList();
}
for (final LDAPPermissionInfo permissionInfo : permissionInfos) {
switch(pwmSetting.getSyntax()) {
case STRING:
{
final String attrName = (String) storedConfiguration.readSetting(pwmSetting, profile).toNativeObject();
if (attrName != null && !attrName.trim().isEmpty()) {
permissionRecords.add(new PermissionRecord(attrName, pwmSetting, profile, permissionInfo.getAccess(), permissionInfo.getActor()));
}
}
break;
case FORM:
{
final List<FormConfiguration> formItems = (List<FormConfiguration>) storedConfiguration.readSetting(pwmSetting, profile).toNativeObject();
if (formItems != null) {
for (final FormConfiguration formConfiguration : formItems) {
final String attrName = formConfiguration.getName();
if (attrName != null && !attrName.trim().isEmpty()) {
permissionRecords.add(new PermissionRecord(attrName, pwmSetting, profile, permissionInfo.getAccess(), permissionInfo.getActor()));
}
}
}
}
break;
case ACTION:
{
final List<ActionConfiguration> actionItems = (List<ActionConfiguration>) storedConfiguration.readSetting(pwmSetting, profile).toNativeObject();
if (actionItems != null) {
for (final ActionConfiguration actionConfiguration : actionItems) {
if (actionConfiguration.getType() == ActionConfiguration.Type.ldap) {
final String attrName = actionConfiguration.getAttributeName();
if (attrName != null && !attrName.trim().isEmpty()) {
permissionRecords.add(new PermissionRecord(attrName, pwmSetting, profile, permissionInfo.getAccess(), permissionInfo.getActor()));
}
}
}
}
}
break;
case STRING_ARRAY:
{
final List<String> strings = (List<String>) storedConfiguration.readSetting(pwmSetting, profile).toNativeObject();
for (final String attrName : strings) {
if (attrName != null && !attrName.trim().isEmpty()) {
permissionRecords.add(new PermissionRecord(attrName, pwmSetting, profile, permissionInfo.getAccess(), permissionInfo.getActor()));
}
}
}
break;
case USER_PERMISSION:
{
final List<UserPermission> userPermissions = (List<UserPermission>) storedConfiguration.readSetting(pwmSetting, profile).toNativeObject();
if (configuration.getLdapProfiles() != null && !configuration.getLdapProfiles().isEmpty()) {
for (final LdapProfile ldapProfile : configuration.getLdapProfiles().values()) {
final String groupAttribute = ldapProfile.readSettingAsString(PwmSetting.LDAP_USER_GROUP_ATTRIBUTE);
if (groupAttribute != null && !groupAttribute.trim().isEmpty()) {
for (final UserPermission userPermission : userPermissions) {
if (userPermission.getType() == UserPermission.Type.ldapGroup) {
permissionRecords.add(new PermissionRecord(groupAttribute, pwmSetting, profile, permissionInfo.getAccess(), permissionInfo.getActor()));
}
}
}
}
}
}
break;
default:
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, "no ldap permission record reader handler for setting " + pwmSetting.getKey()));
}
}
return permissionRecords;
}
use of password.pwm.config.value.data.UserPermission in project pwm by pwm-project.
the class UserInfoReader method isRequiresNewPassword.
@Override
public boolean isRequiresNewPassword() throws PwmUnrecoverableException {
final PasswordStatus passwordStatus = selfCachedReference.getPasswordStatus();
final List<UserPermission> updateProfilePermission = pwmApplication.getConfig().readSettingAsUserPermission(PwmSetting.QUERY_MATCH_CHANGE_PASSWORD);
if (!LdapPermissionTester.testUserPermissions(pwmApplication, sessionLabel, userIdentity, updateProfilePermission)) {
LOGGER.debug(sessionLabel, "checkPassword: " + userIdentity.toString() + " user does not have permission to change password");
return false;
}
if (passwordStatus.isExpired()) {
LOGGER.debug(sessionLabel, "checkPassword: password is expired, marking new password as required");
return true;
}
if (passwordStatus.isPreExpired()) {
LOGGER.debug(sessionLabel, "checkPassword: password is pre-expired, marking new password as required");
return true;
}
if (passwordStatus.isWarnPeriod()) {
LOGGER.debug(sessionLabel, "checkPassword: password is within warn period, marking new password as required");
return true;
}
if (passwordStatus.isViolatesPolicy()) {
LOGGER.debug(sessionLabel, "checkPassword: current password violates password policy, marking new password as required");
return true;
}
return false;
}
Aggregations