/** * {@inheritDoc} */ public int compareTo(Object obj) { if (!(obj instanceof Role)) throw new ClassCastException(); // if the object are the same, say so if (obj == this) return 0; // sort based on (unique) id int compare = getId().compareTo(((Role) obj).getId()); return compare; }
try { siteRealm = authzGroupService.getAuthzGroup("/site/" + siteId); if (!siteRole.isAllowed(CommonsFunctions.POST_CREATE) || !siteRole.isAllowed(CommonsFunctions.POST_READ_ANY) || !siteRole.isAllowed(CommonsFunctions.POST_UPDATE_OWN) || !siteRole.isAllowed(CommonsFunctions.POST_DELETE_OWN) || !siteRole.isAllowed(CommonsFunctions.COMMENT_CREATE) || !siteRole.isAllowed(CommonsFunctions.COMMENT_READ_ANY) || !siteRole.isAllowed(CommonsFunctions.COMMENT_UPDATE_OWN) || !siteRole.isAllowed(CommonsFunctions.COMMENT_DELETE_OWN)) { siteRole.allowFunction(CommonsFunctions.POST_CREATE); siteRole.allowFunction(CommonsFunctions.POST_READ_ANY); siteRole.allowFunction(CommonsFunctions.POST_UPDATE_OWN); siteRole.allowFunction(CommonsFunctions.POST_DELETE_OWN); siteRole.allowFunction(CommonsFunctions.COMMENT_CREATE); siteRole.allowFunction(CommonsFunctions.COMMENT_READ_ANY); siteRole.allowFunction(CommonsFunctions.COMMENT_UPDATE_OWN); siteRole.allowFunction(CommonsFunctions.COMMENT_DELETE_OWN); authzGroupService.save(siteRealm); siteRole.getId() + " in site " + siteId, e); if (siteRole.isAllowed(AssignmentServiceConstants.SECURE_ADD_ASSIGNMENT_SUBMISSION)) { filteredFunctions.add(CommonsFunctions.POST_CREATE); filteredFunctions.add(CommonsFunctions.POST_READ_ANY); if (siteRole.isAllowed(AssignmentServiceConstants.SECURE_ADD_ASSIGNMENT)) { filteredFunctions.add(CommonsFunctions.POST_CREATE);
private void setFunc(Role role, String function, Boolean allow) { //m_log.debug("Setting " + function + " to " + allow.toString() + " for " + rolename + " in /site/" + ToolManager.getCurrentPlacement().getContext()); if (allow.booleanValue()) role.allowFunction(function); else role.disallowFunction(function); }
public Map<String, Set<String>> getSitePermissions(String siteId) { Map<String, Set<String>> perms = new HashMap(); String userId = getCurrentUserId(); if (userId == null) { throw new SecurityException("This action (perms) is not accessible to anon and there is no current user."); } try { Site site = siteService.getSite(siteId); for (Role role : site.getRoles()) { Set<String> functions = role.getAllowedFunctions(); perms.put(role.getId(), functions.stream().filter(f -> f.startsWith("commons")).collect(Collectors.toSet())); } } catch (Exception e) { log.error("Failed to get current site permissions.", e); } return perms; }
Role siteHelperRole = siteHelperAuthzGroup.getRole(siteRole.getId()); if (!siteRole.isAllowed(SiteService.SECURE_UPDATE_SITE)) { log.warn(userId + " attempted to update COMMONS permissions for site " + site.getTitle()); return false; role.allowFunction(function); } else { role.disallowFunction(function);
toAdd.add(new RoleAndDescription(role.getId(), role.getDescription(), role.isProviderOnly()));
public boolean isAllowedFunction(String function, Role role) { try { if (isCurrentUserAdmin()) { return true; } if (role == null) { return false; } return role.isAllowed(function); } catch (Exception e) { log.error("Caught exception while performing function test", e); } return false; }
if (anon != null && anon.getAllowedFunctions().contains("content.read"))
if (!role.isAllowed(AUTH_RESOURCE_READ)) role.allowFunction(AUTH_RESOURCE_READ); changed = true; if (role != null) if (role.isAllowed(AUTH_RESOURCE_READ)) role.disallowFunction(AUTH_RESOURCE_READ); if (role.allowsNoFunctions()) edit.removeRole(role.getId()); changed = true;
/** * @inheritDoc */ public void save(final AuthzGroup edit) { // pre-check the roles and functions to make sure they are all defined for (Iterator iRoles = ((BaseAuthzGroup) edit).m_roles.values().iterator(); iRoles.hasNext();) { Role role = (Role) iRoles.next(); // make sure the role name is defined / define it checkRoleName(role.getId()); for (Iterator iFunctions = role.getAllowedFunctions().iterator(); iFunctions.hasNext();) { String function = (String) iFunctions.next(); // make sure the role name is defined / define it checkFunctionName(function); } } // run our save code in a transaction that will restart on deadlock // if deadlock retry fails, or any other error occurs, a runtime error will be thrown m_sql.transact(new Runnable() { public void run() { saveTx(edit); } }, "azg:" + edit.getId()); // update with the provider refreshAuthzGroup((BaseAuthzGroup) edit); }
/** * {@inheritDoc} */ public Set getUsersIsAllowed(String lock) { if (m_lazy) baseAuthzGroupService.m_storage.completeGet(this); Set rv = new HashSet(); for (Iterator it = m_userGrants.entrySet().iterator(); it.hasNext();) { Map.Entry entry = (Map.Entry) it.next(); String user = (String) entry.getKey(); BaseMember grant = (BaseMember) entry.getValue(); if (grant.active && grant.role.isAllowed(lock)) { rv.add(user); } } return rv; }
/** * gets the name of the role idependant of the site it belongs to * * @return */ public String getRoleName() { return getSakaiRole().getId(); }
public Map<String, PollRolePerms> getRoles(String locationReference) { log.debug("Getting permRoles"); Map<String, PollRolePerms> perms = new HashMap<String, PollRolePerms>(); try { AuthzGroup group = authzGroupService.getAuthzGroup(locationReference); Set<Role> roles = group.getRoles(); Iterator<Role> i = roles.iterator(); while (i.hasNext()) { Role role = (Role)i.next(); String name = role.getId(); log.debug("Adding element for " + name); perms.put(name, new PollRolePerms(name, role.isAllowed(PollListManager.PERMISSION_VOTE), role.isAllowed(PollListManager.PERMISSION_ADD), role.isAllowed(PollListManager.PERMISSION_DELETE_OWN), role.isAllowed(PollListManager.PERMISSION_DELETE_ANY), role.isAllowed(PollListManager.PERMISSION_EDIT_OWN), role.isAllowed(PollListManager.PERMISSION_EDIT_ANY) )); } } catch (Exception e) { e.printStackTrace(); } return perms; }
for (Iterator iFunctions = role.getAllowedFunctions().iterator(); iFunctions.hasNext();) toAdd.add(new RoleAndFunction(role.getId(), function));
/** * {@inheritDoc} */ public boolean isAllowed(String user, String lock) { if (m_lazy) baseAuthzGroupService.m_storage.completeGet(this); // consider a role granted BaseMember grant = (BaseMember) m_userGrants.get(user); if ((grant != null) && (grant.active)) { if (grant.role.isAllowed(lock)) return true; } Set<String> userRoles = baseAuthzGroupService.getEmptyRoles(user); for (String userRole: userRoles) { Role role = (Role) m_roles.get(userRole); if (role != null) { if (role.isAllowed(lock)) return true; } } return false; }
private boolean hasPredefinedViewPermisson(Member member) { /* * just assume student role has the signup.view permission and could add * more roles to exclude */ return STUDENT_ROLE_ID.equalsIgnoreCase(member.getRole().getId()); }
/** * {@inheritDoc} * @see org.sakaiproject.content.api.ContentHostingService#getRoleViews(String) */ public Set<String> getRoleViews(final String id) { String ref = getReference(id); LinkedHashSet<String> roleIds = new LinkedHashSet<String>(); AuthzGroup realm = null; try { realm = m_authzGroupService.getAuthzGroup(ref); } catch (GroupNotDefinedException e) { // if there is no authz group then no roles can have been defined. return roleIds; } Set<Role> roles = realm.getRoles(); for (Role role : roles) { if(role.isAllowed(AUTH_RESOURCE_READ)) { roleIds.add(role.getId()); } } return roleIds; }
public boolean isRoleAllowedInRealm(String roleId, String realmId, String permission) { try { AuthzGroup group = authzGroupService.getAuthzGroup(realmId); Role role = group.getRole(roleId); return role.isAllowed(permission); } catch (GroupNotDefinedException e) { // TODO Auto-generated catch block e.printStackTrace(); } return false; }