protected void initPerunSession() throws InternalErrorException { if (perunSession == null) { perunSession = perun.getPerunSession(new PerunPrincipal( dispatcherProperties.getProperty("perun.principal.name"), dispatcherProperties.getProperty("perun.principal.extSourceName"), dispatcherProperties.getProperty("perun.principal.extSourceType")), new PerunClient()); } }
@Override public String getConsolidatorToken(PerunSession sess) throws PerunException { Map<String, Object> value = new HashMap<String, Object>(); String actor = sess.getPerunPrincipal().getActor(); String extSourceName = sess.getPerunPrincipal().getExtSourceName(); String extSourceType = sess.getPerunPrincipal().getExtSourceType(); Integer extSourceLoa = sess.getPerunPrincipal().getExtSourceLoa(); User user = sess.getPerunPrincipal().getUser(); value.put("actor", actor); value.put("extSourceName", extSourceName); value.put("extSourceType", extSourceType); value.put("extSourceLoa", extSourceLoa); value.put("user", user); value.put("additionalInformation", sess.getPerunPrincipal().getAdditionalInformations()); // create token from actual properties String token = registrarManager.getMailManager().getMessageAuthenticationCode(System.currentTimeMillis() + actor + extSourceName + extSourceType + extSourceLoa); requestCache.putIfAbsent(token, value); return token; }
@Override public List<Application> getApplicationsForUser(PerunSession sess) { try { PerunPrincipal pp = sess.getPerunPrincipal(); if (pp.getUser() != null) { return jdbc.query(APP_SELECT + " where user_id=? or (a.created_by=? and extsourcename=?) order by a.id desc", APP_MAPPER, pp.getUserId(), pp.getActor(), pp.getExtSourceName()); } else { // sort by ID which respect latest applications return jdbc.query(APP_SELECT + " where a.created_by=? and extsourcename=? order by a.id desc", APP_MAPPER, pp.getActor(), pp.getExtSourceName()); } } catch (EmptyResultDataAccessException ex) { return new ArrayList<Application>(); } }
@Override public void deleteAuthorship(PerunSession sess, Authorship authorship) throws InternalErrorException, CabinetException, PrivilegeException { if (!AuthzResolver.isAuthorized(sess, Role.PERUNADMIN) && !authorship.getCreatedBy().equalsIgnoreCase(sess.getPerunPrincipal().getActor()) && !authorship.getUserId().equals(sess.getPerunPrincipal().getUser().getId()) && authorship.getCreatedByUid() != sess.getPerunPrincipal().getUserId()) { throw new PrivilegeException("You are not allowed to delete authorships you didn't created or which doesn't concern you."); } getAuthorshipManagerBl().deleteAuthorship(sess, authorship); }
if (sess.getPerunPrincipal().getUser() != null) { return new ArrayList<Identity>(); perun.getUsersManager().getUserByExtSourceNameAndExtLogin(registrarSession, sess.getPerunPrincipal().getExtSourceName(), sess.getPerunPrincipal().getActor()); return new ArrayList<Identity>(); } catch (Exception ex) { attrNames.add("urn:perun:user:attribute-def:def:organization"); mail = sess.getPerunPrincipal().getAdditionalInformations().get("mail"); name = sess.getPerunPrincipal().getAdditionalInformations().get("cn"); name = sess.getPerunPrincipal().getAdditionalInformations().get("displayName");
@Override public void deleteThanks(PerunSession sess, Thanks thanks) throws InternalErrorException, CabinetException, PrivilegeException { if (!AuthzResolver.isAuthorized(sess, Role.PERUNADMIN) && (!thanks.getCreatedBy().equalsIgnoreCase(sess.getPerunPrincipal().getActor())) && (thanks.getCreatedByUid() !=(sess.getPerunPrincipal().getUserId()))) { throw new PrivilegeException("deleteThanks"); } getThanksManagerBl().deleteThanks(sess, thanks); }
if (sess.getPerunPrincipal().getUser() != null) { if (sess.getPerunPrincipal().getUser() != null && groupName != null && !groupName.isEmpty()) { List<Identity> similarUsers = getConsolidatorManager().checkForSimilarUsers(sess); if (similarUsers != null && !similarUsers.isEmpty()) { log.debug("Similar users found for {} / {}: {}", sess.getPerunPrincipal().getActor(), sess.getPerunPrincipal().getExtSourceName(), similarUsers);
if (Objects.equals(sess.getPerunPrincipal().getUser(), app.getUser())) { pass = true; } else { if (Objects.equals(app.getCreatedBy(), sess.getPerunPrincipal().getActor()) && Objects.equals(app.getExtSourceName(), sess.getPerunPrincipal().getExtSourceName()) && Objects.equals(app.getExtSourceType(), sess.getPerunPrincipal().getExtSourceType()) ) { pass = true;
User user = sess.getPerunPrincipal().getUser(); String actor = sess.getPerunPrincipal().getActor(); String extSourceName = sess.getPerunPrincipal().getExtSourceName(); int extSourceLoa = sess.getPerunPrincipal().getExtSourceLoa();
params.put("delegatedLogin", perunPrincipal.getActor()); params.put("delegatedExtSourceName", perunPrincipal.getExtSourceName()); params.put("delegatedExtSourceType", perunPrincipal.getExtSourceType());
@Override public List<Identity> checkForSimilarUsers(PerunSession sess, List<ApplicationFormItemData> formItems) throws PerunException { if (sess.getPerunPrincipal().getUser() != null || formItems == null) { return new ArrayList<Identity>(); } Set<RichUser> res = new HashSet<RichUser>(); List<String> attrNames = new ArrayList<String>(); attrNames.add("urn:perun:user:attribute-def:def:preferredMail"); attrNames.add("urn:perun:user:attribute-def:def:organization"); for (ApplicationFormItemData item : formItems) { String value = item.getValue(); if (item.getFormItem().getType().equals(ApplicationFormItem.Type.VALIDATED_EMAIL)) { // search by email if (value != null && !value.isEmpty()) res.addAll(perun.getUsersManager().findRichUsersWithAttributesByExactMatch(registrarSession, value, attrNames)); } if (Objects.equals(item.getFormItem().getPerunDestinationAttribute(), "urn:perun:user:attribute-def:core:displayName")) { // search by name if (value != null && !value.isEmpty()) res.addAll(perun.getUsersManager().findRichUsersWithAttributesByExactMatch(registrarSession, value, attrNames)); } } return convertToIdentities(new ArrayList<RichUser>(res)); }
/** * Forcefully marks application as VERIFIED * (only if was in NEW state before) * * @param sess session info to use for modified_by * @param appId ID of application to verify. */ private void markApplicationVerified(PerunSession sess, int appId) { try { if (jdbc.update("update application set state=?, modified_at=" + Compatibility.getSysdate() + ", modified_by=? where id=? and state=?", AppState.VERIFIED.toString(), sess.getPerunPrincipal().getActor(), appId, AppState.NEW.toString()) > 0) { log.info("Application {} marked as VERIFIED", appId); } else { log.info("Application {} not marked VERIFIED, was not in state NEW", appId); } } catch (InternalErrorException ex) { log.error("Application {} NOT marked as VERIFIED due to error {}", appId, ex); } }
if (application.getUser() == null && session.getPerunPrincipal().getUser() != null) { application.setUser(session.getPerunPrincipal().getUser()); map.putAll(session.getPerunPrincipal().getAdditionalInformations()); String additionalAttrs = BeansUtils.attributeValueToString(map, LinkedHashMap.class.getName()); application.setFedInfo(additionalAttrs);
&& !AuthzResolver.isAuthorized(sess, Role.VOOBSERVER, app.getVo()) && !AuthzResolver.hasRole(sess.getPerunPrincipal(), Role.RPC) && !(app.getCreatedBy().equals(sess.getPerunPrincipal().getActor()) && app.getExtSourceName().equals(sess.getPerunPrincipal().getExtSourceName()))) { throw new PrivilegeException(sess, "getApplicationById"); && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, app.getGroup()) && !AuthzResolver.hasRole(sess.getPerunPrincipal(), Role.RPC) && !(app.getCreatedBy().equals(sess.getPerunPrincipal().getActor()) && app.getExtSourceName().equals(sess.getPerunPrincipal().getExtSourceName()))) { throw new PrivilegeException(sess, "getApplicationById");
@Override public Category createCategory(PerunSession sess, Category category) throws InternalErrorException, CabinetException { try { // Set the new Category id int newId = Utils.getNewId(jdbc, "cabinet_categories_id_seq"); jdbc.update("insert into cabinet_categories (id, name, rank, created_by_uid, modified_by_uid)" + " values (?,?,?,?,?)", newId, category.getName(), category.getRank(), sess.getPerunPrincipal().getUserId(), sess.getPerunPrincipal().getUserId()); category.setId(newId); } catch (RuntimeException e) { throw new InternalErrorException(e); } return category; }
@Override public void deletePublication(PerunSession sess, Publication publication) throws CabinetException, InternalErrorException, PrivilegeException { if (!AuthzResolver.isAuthorized(sess, Role.PERUNADMIN) && !publication.getCreatedBy().equalsIgnoreCase(sess.getPerunPrincipal().getActor()) && publication.getCreatedByUid() != sess.getPerunPrincipal().getUserId()) { // not perun admin or author of record throw new PrivilegeException("You are not allowed to delete publications you didn't created. If you wish, you can remove yourself from authors instead."); } getPublicationManagerBl().deletePublication(sess, publication); }
if (sess.getPerunPrincipal().getUser() != null) { if (!sess.getPerunPrincipal().getUser().equals(app.getUser())) throw new PrivilegeException("checkForSimilarUsers"); } else { if (!sess.getPerunPrincipal().getExtSourceName().equals(app.getExtSourceName()) && !sess.getPerunPrincipal().getActor().equals(app.getCreatedBy())) throw new PrivilegeException("checkForSimilarUsers"); if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, app.getVo()) && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, app.getGroup())) { if (sess.getPerunPrincipal().getUser() != null) { if (!sess.getPerunPrincipal().getUser().equals(app.getUser())) throw new PrivilegeException("checkForSimilarUsers"); } else { if (!sess.getPerunPrincipal().getExtSourceName().equals(app.getExtSourceName()) && !sess.getPerunPrincipal().getActor().equals(app.getCreatedBy())) throw new PrivilegeException("checkForSimilarUsers");
public Response process(PerunSession session, String path, String params) throws SCIMException { if (session.getPerunPrincipal().getUser() == null) { throw new SCIMException("invalid_user");
public void updateApplicationUser(PerunSession sess, Application app) throws InternalErrorException { jdbc.update("update application set user_id=?, modified_at=" + Compatibility.getSysdate() + ", modified_by=? where id=?", (app.getUser() != null) ? app.getUser().getId() : null, sess.getPerunPrincipal().getActor(), app.getId()); }
@Override public PublicationSystem createPublicationSystem(PerunSession session, PublicationSystem ps) throws InternalErrorException { try { // Set the new PS id int newId = Utils.getNewId(jdbc, "cabinet_pub_sys_id_seq"); jdbc.update("insert into cabinet_publication_systems (id, friendlyName, type, url, username, password, loginNamespace, created_by_uid, modified_by_uid)" + " values (?,?,?,?,?,?,?,?,?)", newId, ps.getFriendlyName(), ps.getType(), ps.getUrl(), ps.getUsername(), ps.getPassword(), ps.getLoginNamespace(), session.getPerunPrincipal().getUserId(), session.getPerunPrincipal().getUserId()); ps.setId(newId); } catch (RuntimeException e) { throw new InternalErrorException(e); } return ps; }