public Role getRole(String id) { return getAzg().getRole(id); }
public Set getRoles() { return getAzg().getRoles(); }
public Set getUsers() { return getAzg().getUsers(); }
Set rolesAllowSubmission = group.getRolesIsAllowed(SECURE_ADD_ASSIGNMENT_SUBMISSION); Set rolesAllowAllSite = group.getRolesIsAllowed(SECURE_ALL_GROUPS); rolesAllowSubmission.removeAll(rolesAllowAllSite); rv.addAll(group.getUsersHasRole((String) iRoles.next()));
/** * Update the site security based on the values in the AuthzGroup, if it is a site AuthzGroup. * * @param azGroup * The AuthzGroup. */ protected void updateSiteSecurity(AuthzGroup azGroup) { // Special code for the site service Reference ref = entityManager().newReference(azGroup.getId()); if (SiteService.APPLICATION_ID.equals(ref.getType()) && SiteService.SITE_SUBTYPE.equals(ref.getSubType())) { // collect the users Set updUsers = azGroup.getUsersIsAllowed(SiteService.SECURE_UPDATE_SITE); Set unpUsers = azGroup.getUsersIsAllowed(SiteService.SITE_VISIT_UNPUBLISHED); Set visitUsers = azGroup.getUsersIsAllowed(SiteService.SITE_VISIT); siteService.setSiteSecurity(ref.getId(), updUsers, unpUsers, visitUsers); } }
String roleName = azGroup.getMaintainRole(); if ((roleName != null) && (userId != null)) if (azGroup.getRole(roleName) == null) azGroup.addRole(roleName); azGroup.addMember(userId, roleName, true, false);
AuthzGroup group = groupsIt.next(); groupsProcessed++; if (group.getProviderGroupId() != null && group.getProviderGroupId().length() > 0) { if (System.currentTimeMillis() - group.getModifiedDate().getTime() > refreshAge) { try { AuthzGroup groupToRefresh = authzGroupService.getAuthzGroup(group.getId()); authzGroupService.save(groupToRefresh); groupsUpdated++; } catch (GroupNotDefinedException e) { log.warn("Failed to update group ("+ group.getReference()+ "), maybe deleted while processing"); } catch (AuthzPermissionException e) { log.error("Lack of permission to update group: "+ group.getReference()); throw new JobExecutionException(e); groupsTooNew++; if (log.isDebugEnabled()) { log.debug("Ignored group as it has been updated too recently: "+ group.getReference()); groupsNoProvider++; if (log.isDebugEnabled()) { log.debug("Ignored group as it doesn't have any provided groups: "+ group.getReference());
AuthzGroup group = groupsIt.next(); groupsProcessed++; if (group.getProviderGroupId() != null && group.getProviderGroupId().length() > 0) { if (System.currentTimeMillis() - group.getModifiedTime().getTime() > refreshAge) { try { AuthzGroup groupToRefresh = authzGroupService.getAuthzGroup(group.getId()); authzGroupService.save(groupToRefresh); groupsUpdated++; } catch (GroupNotDefinedException e) { log.warn("Failed to update group ("+ group.getReference()+ "), maybe deleted while processing"); } catch (AuthzPermissionException e) { log.error("Lack of permission to update group: "+ group.getReference()); throw new JobExecutionException(e); groupsTooNew++; if (log.isDebugEnabled()) { log.debug("Ignored group as it has been updated too recently: "+ group.getReference()); groupsNoProvider++; if (log.isDebugEnabled()) { log.debug("Ignored group as it doesn't have any provided groups: "+ group.getReference());
/** * {@inheritDoc} */ public boolean equals(Object obj) { if (!(obj instanceof AuthzGroup)) return false; return ((AuthzGroup) obj).getId().equals(getId()); }
stack.push(realmNode); roles.addAll(realm.getRoles()); users.addAll(realm.getUsersHasRole(role.getId())); for (int j = 0; j < users.size(); j++)
private boolean isUserInGroup(String groupId, String agentId) { String realmId = "/site/" + siteId + "/group/" + groupId; boolean isMember = false; try { AuthzGroup group = authzGroupService.getAuthzGroup(realmId); if (group.getUserRole(agentId) != null) isMember = true; } catch (Exception e) { return false; // this isn't a group } return isMember; }
for (Iterator<Role> i = m_azg.getRoles().iterator(); i.hasNext();) m_azg.removeRole(role.getId()); Set<Role> currentRoles = m_azg.getRoles(); for (Iterator<Role> j = parentSiteRoles.iterator(); j.hasNext();) try m_azg.addRole(roleId, role); log.warn("getAzg: role id " + roleId + " already used in group " + m_azg.getReference() + rException.getMessage());
BaseMember grant = (BaseMember) azGroup.getMember(user); if (grant == null) if (grant.getRole().getId().equals(azGroup.getMaintainRole())) Set maintainers = azGroup.getUsersHasRole(azGroup.getMaintainRole()); if (maintainers.size() <= 1)
Role role = edit.getRole(roleId); if (role == null) role = edit.addRole(roleId); Role role = edit.getRole(roleId); if (role != null) edit.removeRole(role.getId()); changed = true; if (edit.isEmpty()) delete = true;
Set<Role> allGroupRoles = azg.getRoles(); roles = new HashSet<String>(); for (Role role : allGroupRoles) { Set<Role> azgRoles = azg.getRoles(); for (Role role : azgRoles) { if (AuthzGroupService.ANON_ROLE.equals(role.getId())) { svRolesFinal.retainAll(roles); Set<Member> members = azg.getMembers(); if (members != null && !members.isEmpty()) { for (String perm : permissions) {
authzGroupAdvisor.groupUpdate(azGroup, userId, azGroup.getMember(userId).getRole().getId()); } catch (Exception e) { log.error("Advisor error during removeMemberFromGroup()", e); eventTrackingService().post(eventTrackingService().newEvent(SECURE_UNJOIN_AUTHZ_GROUP, azGroup.getReference(), true)); BaseAuthzGroup updatedRealm = (BaseAuthzGroup) m_storage.get(azGroup.getId()); updateSiteSecurity(updatedRealm);
/** * {@inheritDoc} */ public void removeAuthzGroup(AuthzGroup azGroup) throws AuthzPermissionException { // check security (throws if not permitted) unlock(SECURE_REMOVE_AUTHZ_GROUP, azGroup.getReference()); // allow any advisors to make last minute changes for (AuthzGroupAdvisor authzGroupAdvisor : authzGroupAdvisors) { try { authzGroupAdvisor.remove(azGroup); } catch (Exception e) { log.error("Advisor error during removeAuthzGroup()", e); } } // KNL-1230 handle removal of authzgroups by processing caching changes try { ((SakaiSecurity) securityService()).notifyRealmRemoved(azGroup.getId()); } catch (Exception e) { log.warn("Failure while trying to notify SS about realm removal for AZG(" + azGroup.getId() + "): " + e, e); } // End KNL-1230 // complete the azGroup m_storage.remove(azGroup); // track it eventTrackingService().post(eventTrackingService().newEvent(SECURE_REMOVE_AUTHZ_GROUP, azGroup.getReference(), true)); // close the azGroup object ((BaseAuthzGroup) azGroup).closeEdit(); // clear any site security based on this (if a site) azGroup removeSiteSecurity(azGroup); }