@Override public ActionsPanel<A> getActions(final IModel<A> model) { final ActionsPanel<A> panel = super.getActions(model); panel.add(new ActionLink<A>() { private static final long serialVersionUID = -7978723352517770644L; @Override public void onClick(final AjaxRequestTarget target, final A ignore) { send(AnySelectionDirectoryPanel.this, Broadcast.BUBBLE, new ItemSelection<>(target, model.getObject())); } }, ActionType.SELECT, AnyEntitlement.READ.getFor(type)); return panel; }
@Transactional(readOnly = true) @Override public Pair<Integer, List<AnyObjectTO>> search( final SearchCond searchCond, final int page, final int size, final List<OrderByClause> orderBy, final String realm, final boolean details) { if (searchCond.hasAnyTypeCond() == null) { throw new UnsupportedOperationException("Need to specify " + AnyType.class.getSimpleName()); } Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(AnyEntitlement.SEARCH.getFor(searchCond.hasAnyTypeCond())), realm); int count = searchDAO.count(effectiveRealms, searchCond, AnyTypeKind.ANY_OBJECT); List<AnyObject> matching = searchDAO.search( effectiveRealms, searchCond, page, size, orderBy, AnyTypeKind.ANY_OBJECT); List<AnyObjectTO> result = matching.stream(). map(anyObject -> binder.getAnyObjectTO(anyObject, details)).collect(Collectors.toList()); return Pair.of(count, result); }
@Override protected void securityChecks(final AnyObject anyObject) { Map<String, Set<String>> authorizations = AuthContextUtils.getAuthorizations(); Set<String> authRealms = authorizations.containsKey(AnyEntitlement.READ.getFor(anyObject.getType().getKey())) ? authorizations.get(AnyEntitlement.READ.getFor(anyObject.getType().getKey())) : Collections.emptySet(); boolean authorized = authRealms.stream(). anyMatch(realm -> anyObject.getRealm().getFullPath().startsWith(realm)); if (!authorized) { authorized = findDynRealms(anyObject.getKey()).stream(). filter(dynRealm -> authRealms.contains(dynRealm)). count() > 0; } if (authRealms.isEmpty() || !authorized) { throw new DelegatedAdministrationException( anyObject.getRealm().getFullPath(), AnyTypeKind.ANY_OBJECT.name(), anyObject.getKey()); } }
public ProvisioningResult<AnyObjectTO> create(final AnyObjectTO anyObjectTO, final boolean nullPriorityAsync) { Pair<AnyObjectTO, List<LogicActions>> before = beforeCreate(anyObjectTO); if (before.getLeft().getRealm() == null) { throw SyncopeClientException.build(ClientExceptionType.InvalidRealm); } if (before.getLeft().getType() == null) { throw SyncopeClientException.build(ClientExceptionType.InvalidAnyType); } Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(AnyEntitlement.CREATE.getFor(before.getLeft().getType())), before.getLeft().getRealm()); securityChecks(effectiveRealms, before.getLeft().getRealm(), null); Pair<String, List<PropagationStatus>> created = provisioningManager.create(before.getLeft(), nullPriorityAsync); return afterCreate(binder.getAnyObjectTO(created.getKey()), created.getRight(), before.getRight()); }
@Override public ProvisioningResult<AnyObjectTO> delete(final String key, final boolean nullPriorityAsync) { AnyObjectTO anyObject = binder.getAnyObjectTO(key); Pair<AnyObjectTO, List<LogicActions>> before = beforeDelete(anyObject); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(AnyEntitlement.DELETE.getFor(before.getLeft().getType())), before.getLeft().getRealm()); securityChecks(effectiveRealms, before.getLeft().getRealm(), before.getLeft().getKey()); List<PropagationStatus> statuses = provisioningManager.delete(before.getLeft().getKey(), nullPriorityAsync); AnyObjectTO anyObjectTO = new AnyObjectTO(); anyObjectTO.setKey(before.getLeft().getKey()); return afterDelete(anyObjectTO, statuses, before.getRight()); }
@Override public ActionsPanel<Serializable> getHeader(final String componentId) { final ActionsPanel<Serializable> panel = super.getHeader(componentId); panel.add(new ActionLink<Serializable>() { private static final long serialVersionUID = -7978723352517770644L; @Override public void onClick(final AjaxRequestTarget target, final Serializable ignore) { target.add(displayAttributeModal.setContent(new AnyObjectDisplayAttributesModalPanel<>( displayAttributeModal, page.getPageReference(), pSchemaNames, dSchemaNames, type))); displayAttributeModal.addSubmitButton(); displayAttributeModal.header(new ResourceModel("any.attr.display")); displayAttributeModal.show(true); } @Override protected boolean statusCondition(final Serializable modelObject) { return wizardInModal; } }, ActionType.CHANGE_VIEW, AnyEntitlement.READ.getFor(type)).hideLabel(); return panel; }
@Override public AnyObjectTO link(final String key, final Collection<String> resources) { // security checks AnyObjectTO anyObjectTO = binder.getAnyObjectTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(AnyEntitlement.UPDATE.getFor(anyObjectTO.getType())), anyObjectTO.getRealm()); securityChecks(effectiveRealms, anyObjectTO.getRealm(), anyObjectTO.getKey()); AnyObjectPatch patch = new AnyObjectPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(resource).build()). collect(Collectors.toList())); return binder.getAnyObjectTO(provisioningManager.link(patch)); }
@Override public ProvisioningResult<AnyObjectTO> unassign( final String key, final Collection<String> resources, final boolean nullPriorityAsync) { // security checks AnyObjectTO anyObjectTO = binder.getAnyObjectTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(AnyEntitlement.UPDATE.getFor(anyObjectTO.getType())), anyObjectTO.getRealm()); securityChecks(effectiveRealms, anyObjectTO.getRealm(), anyObjectTO.getKey()); AnyObjectPatch patch = new AnyObjectPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.DELETE).value(resource).build()). collect(Collectors.toList())); return update(patch, nullPriorityAsync); }
@Override public AnyObjectTO unlink(final String key, final Collection<String> resources) { // security checks AnyObjectTO anyObjectTO = binder.getAnyObjectTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(AnyEntitlement.UPDATE.getFor(anyObjectTO.getType())), anyObjectTO.getRealm()); securityChecks(effectiveRealms, anyObjectTO.getRealm(), anyObjectTO.getKey()); AnyObjectPatch patch = new AnyObjectPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.DELETE).value(resource).build()). collect(Collectors.toList())); return binder.getAnyObjectTO(provisioningManager.unlink(patch)); }
@Override public ProvisioningResult<AnyObjectTO> update( final AnyObjectPatch anyObjectPatch, final boolean nullPriorityAsync) { AnyObjectTO anyObjectTO = binder.getAnyObjectTO(anyObjectPatch.getKey()); Set<String> dynRealmsBefore = new HashSet<>(anyObjectTO.getDynRealms()); Pair<AnyObjectPatch, List<LogicActions>> before = beforeUpdate(anyObjectPatch, anyObjectTO.getRealm()); String realm = before.getLeft().getRealm() != null && StringUtils.isNotBlank(before.getLeft().getRealm().getValue()) ? before.getLeft().getRealm().getValue() : anyObjectTO.getRealm(); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(AnyEntitlement.UPDATE.getFor(anyObjectTO.getType())), realm); boolean authDynRealms = securityChecks(effectiveRealms, realm, before.getLeft().getKey()); Pair<AnyObjectPatch, List<PropagationStatus>> updated = provisioningManager.update(anyObjectPatch, nullPriorityAsync); return afterUpdate( binder.getAnyObjectTO(updated.getLeft().getKey()), updated.getRight(), before.getRight(), authDynRealms, dynRealmsBefore); }
@Override public ProvisioningResult<AnyObjectTO> assign( final String key, final Collection<String> resources, final boolean changepwd, final String password, final boolean nullPriorityAsync) { // security checks AnyObjectTO anyObjectTO = binder.getAnyObjectTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(AnyEntitlement.UPDATE.getFor(anyObjectTO.getType())), anyObjectTO.getRealm()); securityChecks(effectiveRealms, anyObjectTO.getRealm(), anyObjectTO.getKey()); AnyObjectPatch patch = new AnyObjectPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(resource).build()). collect(Collectors.toList())); return update(patch, nullPriorityAsync); }
target.add(Relationships.this); }, ActionType.CREATE, AnyEntitlement.UPDATE.getFor(anyTO.getType())).hideLabel();
@Override public ProvisioningResult<AnyObjectTO> deprovision( final String key, final Collection<String> resources, final boolean nullPriorityAsync) { // security checks AnyObjectTO anyObjectTO = binder.getAnyObjectTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(AnyEntitlement.UPDATE.getFor(anyObjectTO.getType())), anyObjectTO.getRealm()); securityChecks(effectiveRealms, anyObjectTO.getRealm(), anyObjectTO.getKey()); List<PropagationStatus> statuses = provisioningManager.deprovision(key, resources, nullPriorityAsync); ProvisioningResult<AnyObjectTO> result = new ProvisioningResult<>(); result.setEntity(binder.getAnyObjectTO(key)); result.getPropagationStatuses().addAll(statuses); return result; }
@Override public ProvisioningResult<AnyObjectTO> provision( final String key, final Collection<String> resources, final boolean changePwd, final String password, final boolean nullPriorityAsync) { // security checks AnyObjectTO anyObjectTO = binder.getAnyObjectTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(AnyEntitlement.UPDATE.getFor(anyObjectTO.getType())), anyObjectTO.getRealm()); securityChecks(effectiveRealms, anyObjectTO.getRealm(), anyObjectTO.getKey()); List<PropagationStatus> statuses = provisioningManager.provision(key, resources, nullPriorityAsync); ProvisioningResult<AnyObjectTO> result = new ProvisioningResult<>(); result.setEntity(binder.getAnyObjectTO(key)); result.getPropagationStatuses().addAll(statuses); return result; }
pageRef)).build(id); MetaDataRoleAuthorizationStrategy.authorize( panel, WebPage.RENDER, AnyEntitlement.SEARCH.getFor(anyTypeTO.getKey())); break;