/** * Does this resource support public view? (Support for the conversion) * * @param ref The resource reference * @return true if this resource supports public view, false if not. */ protected boolean getPubView(String ref) { // get the realm try { AuthzGroup realm = AuthzGroupService.getAuthzGroup(ref); // if the announcement realm has "pubview" role, then the announcement is publicly viewable Role pubview = realm.getRole("pubview"); if (pubview != null) return true; // if the announcement realm has the anonymous role and the anonymous // role contains content.read then the announcement is publicly viewable. // (Because the AuthzGroupService converts pubview role (in a realm) // to just .anon role with content.read function) Role anon = realm.getRole(".anon"); if (anon != null && anon.getAllowedFunctions().contains("content.read")) { return true; } return false; // Set anon = realm.getAnonRoles(); // if (!anon.contains(pubview)) // return false; // // Set auth = realm.getAuthRoles(); // if (!auth.contains(pubview)) // return false; } catch (GroupNotDefinedException e) { // if no realm, no pub view return false; } }
public void initializeCurrentRoles() { String realmid = getSiteRealmID(); try { arole = m_realmService.getAuthzGroup(realmid); } catch (Exception e) { log.debug("Exception: OptionsBean.initializeCurrentRoles(), " + e.getMessage()); } for (Iterator i = arole.getRoles().iterator(); i.hasNext(); ) { Role r = (Role) i.next(); String rolename = r.getId(); Configuration c = new Configuration(); c.setId(num_role_id); c.setRoleId(rolename); c.setRealmid(getSiteRealmID()); c.setSingular(rolename); c.setPlural(rolename + "s"); c.setSingularNew(getConfigParam("role" + (num_role_id + 1) + "singular")); c.setPluralNew(getConfigParam("role" + (num_role_id + 1) + "plural")); renamedRoles.add(c); num_role_id++; num_roles_renamed++; if (isGroupAwareRoleInSettings(rolename)) { setGroupAwareRoleExist(true); } } }
/** Handle the eventSubmit_doSave command to save the edited permissions. */ public void doSave(RunData data) { SessionState state = ((JetspeedRunData) data).getPortletSessionState(((JetspeedRunData) data).getJs_peid()); // only save the view realm's roles AuthzGroup edit = (AuthzGroup) state.getAttribute(STATE_VIEW_REALM_EDIT); if (edit == null) { edit = (AuthzGroup) state.getAttribute(STATE_REALM_EDIT); } if (edit != null) { // read the form, updating the edit readForm(data, edit, state); // commit the change try { AuthzGroupService.save(edit); } catch (GroupNotDefinedException e) { addAlert( state, rb.getFormattedMessage( "alert_sitegroupnotdefined", new Object[] {edit.getReference()})); } catch (AuthzPermissionException e) { addAlert( state, rb.getFormattedMessage("alert_permission", new Object[] {edit.getReference()})); } } // clean up state cleanupState(state); }
private boolean isSiteMember(String uid) { AuthzGroup realm; try { realm = AuthzGroupService.getAuthzGroup("/site/" + getCurrentSiteId()); return realm.getUsers().contains(uid); } catch (GroupNotDefinedException e) { LOG.error("IdUnusedException:", e); } return false; }
private List getSiteMembers() { List siteMembers = new ArrayList(); try { AuthzGroup realm = AuthzGroupService.getAuthzGroup("/site/" + getCurrentSiteId()); siteMembers = new ArrayList(realm.getUsers()); } catch (GroupNotDefinedException e) { LOG.error("GroupNotDefinedException:", e); } return siteMembers; }
/** * Fetch the user role in the current site * * @throws IdUnusedException, SessionDataException * @return Role * @throws GroupNotDefinedException */ private String getUserRole() throws IdUnusedException, SessionDataException, GroupNotDefinedException { AuthzGroup group; Role role; group = AuthzGroupService.getAuthzGroup("/site/" + getSiteId()); if (group == null) { throw new SessionDataException("No current group"); } role = group.getUserRole(this.getUserId()); if (role == null) { throw new SessionDataException("No current role"); } return role.getId(); }
public String getGroupAwareRole() { String gar = ServerConfigurationService.getString("mailtool.group.aware.role"); String[] gartokens = gar.split(","); try { arole = m_realmService.getAuthzGroup(m_realmid); } catch (Exception e) { log.debug("Exception: OptionsBean.getEmailRoles(), " + e.getMessage()); } for (Iterator i = arole.getRoles().iterator(); i.hasNext(); ) { Role r = (Role) i.next(); String rolename = r.getId(); for (int t = 0; t < gartokens.length; t++) { if (gartokens[t].trim().equals(rolename.trim())) return rolename; } } return groupAwareRoleDefault; }
/** check if group-aware role exist in the site */ public void checkifGroupAwareRoleExist() { String realmid = getSiteRealmID(); try { arole = m_realmService.getAuthzGroup(realmid); } catch (Exception e) { log.debug("Exception: OptionsBean.checkifGroupAwareRoleExist(), " + e.getMessage()); } for (Iterator i = arole.getRoles().iterator(); i.hasNext(); ) { Role r = (Role) i.next(); String rolename = r.getId(); if (isGroupAwareRoleInSettings(rolename)) { setGroupAwareRoleExist(true); break; } else if (getGroupAwareRole().equals(rolename)) { setGroupAwareRoleExist(true); break; } } }
/** * build the context. * * @return The name of the template to use. */ public static String buildHelperContext( VelocityPortlet portlet, Context context, RunData rundata, SessionState state) { // in state is the realm id context.put("thelp", rb); String realmId = (String) state.getAttribute(STATE_REALM_ID); // in state is the realm to use for roles - if not, use realmId String realmRolesId = (String) state.getAttribute(STATE_REALM_ROLES_ID); context.put("viewRealmId", realmRolesId); // get the realm locked for editing AuthzGroup edit = (AuthzGroup) state.getAttribute(STATE_REALM_EDIT); if (edit == null) { if (AuthzGroupService.allowUpdate(realmId)) { try { edit = AuthzGroupService.getAuthzGroup(realmId); state.setAttribute(STATE_REALM_EDIT, edit); } catch (GroupNotDefinedException e) { try { // we can create the realm edit = AuthzGroupService.addAuthzGroup(realmId); state.setAttribute(STATE_REALM_EDIT, edit); } catch (GroupIdInvalidException ee) { M_log.warn("PermissionsAction.buildHelperContext: addRealm: " + ee); cleanupState(state); return null; } catch (GroupAlreadyDefinedException ee) { M_log.warn("PermissionsAction.buildHelperContext: addRealm: " + ee); cleanupState(state); return null; } catch (AuthzPermissionException ee) { M_log.warn("PermissionsAction.buildHelperContext: addRealm: " + ee); cleanupState(state); return null; } } } // no permission else { M_log.warn("PermissionsAction.buildHelperContext: no permission: " + realmId); cleanupState(state); return null; } } AuthzGroup viewEdit = null; // check wither the current realm id is of site group type if (realmId.indexOf(SiteService.REFERENCE_ROOT) != -1) { String siteId = realmId.replaceAll(SiteService.REFERENCE_ROOT + "/", ""); context.put("siteRef", realmId); if (state.getAttribute(STATE_GROUP_AWARE) != null && ((Boolean) state.getAttribute(STATE_GROUP_AWARE)).booleanValue()) { // only show groups for group-aware tools try { Site site = SiteService.getSite(siteId); Collection groups = site.getGroups(); if (groups != null && !groups.isEmpty()) { Iterator iGroups = groups.iterator(); for (; iGroups.hasNext(); ) { Group group = (Group) iGroups.next(); // need to either have realm update permission on the group level or better at the // site level if (!AuthzGroupService.allowUpdate(group.getReference())) { iGroups.remove(); } } context.put("groups", groups); } } catch (Exception siteException) { M_log.warn( "PermissionsAction.buildHelperContext: getsite of realm id = " + realmId + siteException); } } // get the realm locked for editing viewEdit = (AuthzGroup) state.getAttribute(STATE_VIEW_REALM_EDIT); if (viewEdit == null) { if (AuthzGroupService.allowUpdate(realmRolesId) || AuthzGroupService.allowUpdate(SiteService.siteReference(siteId))) { try { viewEdit = AuthzGroupService.getAuthzGroup(realmRolesId); state.setAttribute(STATE_VIEW_REALM_EDIT, viewEdit); } catch (GroupNotDefinedException e) { M_log.warn( "PermissionsAction.buildHelperContext: getRealm with id= " + realmRolesId + " : " + e); cleanupState(state); return null; } } // no permission else { M_log.warn("PermissionsAction.buildHelperContext: no permission: " + realmId); cleanupState(state); return null; } } } // in state is the prefix for abilities to present String prefix = (String) state.getAttribute(STATE_PREFIX); // in state is the list of abilities we will present List functions = (List) state.getAttribute(STATE_ABILITIES); if (functions == null) { // get all functions prefixed with our prefix functions = FunctionManager.getRegisteredFunctions(prefix); } if (functions != null && !functions.isEmpty()) { List<String> nFunctions = new Vector<String>(); if (!realmRolesId.equals(realmId)) { // editing groups within site, need to filter out those permissions only applicable to site // level for (Iterator iFunctions = functions.iterator(); iFunctions.hasNext(); ) { String function = (String) iFunctions.next(); if (function.indexOf("all.groups") == -1) { nFunctions.add(function); } } } else { nFunctions.addAll(functions); } state.setAttribute(STATE_ABILITIES, nFunctions); context.put("abilities", nFunctions); // get function description from passed in HashMap // output permission descriptions Map<String, String> functionDescriptions = (Map<String, String>) state.getAttribute(STATE_PERMISSION_DESCRIPTIONS); if (functionDescriptions != null) { Set keySet = functionDescriptions.keySet(); for (Object function : functions) { String desc = (String) function; String descKey = PermissionsHelper.PREFIX_PERMISSION_DESCRIPTION + function; if (keySet.contains(descKey)) { // use function description desc = (String) functionDescriptions.get(descKey); } functionDescriptions.put((String) function, desc); } context.put("functionDescriptions", functionDescriptions); } } // in state is the description of the edit String description = (String) state.getAttribute(STATE_DESCRIPTION); // the list of roles List roles = (List) state.getAttribute(STATE_ROLES); if (roles == null) { // get the roles from the edit, unless another is specified AuthzGroup roleRealm = viewEdit != null ? viewEdit : edit; if (realmRolesId != null) { try { roleRealm = AuthzGroupService.getAuthzGroup(realmRolesId); } catch (Exception e) { M_log.warn( "PermissionsHelperAction.buildHelperContext: getRolesRealm: " + realmRolesId + " : " + e); } } roles = new Vector(); roles.addAll(roleRealm.getRoles()); Collections.sort(roles); state.setAttribute(STATE_ROLES, roles); } // the abilities not including this realm for each role Map rolesAbilities = (Map) state.getAttribute(STATE_ROLE_ABILITIES); if (rolesAbilities == null) { rolesAbilities = new Hashtable(); state.setAttribute(STATE_ROLE_ABILITIES, rolesAbilities); // get this resource's role Realms,those that refine the role definitions, but not it's own Reference ref = EntityManager.newReference(viewEdit != null ? viewEdit.getId() : edit.getId()); Collection realms = ref.getAuthzGroups(); realms.remove(ref.getReference()); for (Iterator iRoles = roles.iterator(); iRoles.hasNext(); ) { Role role = (Role) iRoles.next(); Set locks = AuthzGroupService.getAllowedFunctions(role.getId(), realms); rolesAbilities.put(role.getId(), locks); } } context.put("realm", viewEdit != null ? viewEdit : edit); context.put("prefix", prefix); context.put("description", description); if (roles.size() > 0) { context.put("roles", roles); } context.put("rolesAbilities", rolesAbilities); // make sure observers are disabled VelocityPortletPaneledAction.disableObservers(state); return TEMPLATE_MAIN; }
public List /* EmailGroup */ getEmailGroupsByType(String roletypefilter) { List /* EmailGroup */ thegroups = new ArrayList(); List emailroles = this.getEmailRoles(); for (Iterator i = emailroles.iterator(); i.hasNext(); ) { EmailRole emailrole = (EmailRole) i.next(); if (emailrole.roletype.equals("role") && roletypefilter.equals("role")) { String realmid = emailrole.getRealmid(); AuthzGroup therealm = null; try { therealm = m_realmService.getAuthzGroup(realmid); } catch (GroupNotDefinedException e1) { log.debug("GroupNotDefinedException: Mailtool.getEmailGroups() #1, ", e1); return thegroups; } catch (Exception e2) { log.debug("Exception: Mailtool.getEmailGroups() #1, " + e2.getMessage()); return thegroups; } Set users = therealm.getUsersHasRole(emailrole.getRoleid()); List /* EmailUser */ mailusers = new ArrayList(); for (Iterator j = users.iterator(); j.hasNext(); ) { String userid = (String) j.next(); try { User theuser = m_userDirectoryService.getUser(userid); String firstname_for_display = ""; String lastname_for_display = ""; if (theuser.getFirstName().trim().equals("")) { if (theuser.getEmail().trim().equals("") && theuser.getLastName().trim().equals("")) firstname_for_display = theuser.getDisplayId(); // fix for SAK-7539 else firstname_for_display = theuser.getEmail(); // fix for SAK-7356 } else { firstname_for_display = theuser.getFirstName(); } lastname_for_display = theuser.getLastName(); EmailUser emailuser = new EmailUser( theuser.getId(), firstname_for_display, lastname_for_display, theuser.getEmail()); mailusers.add(emailuser); } catch (Exception e) { log.debug("Exception: OptionsBean.getEmailGroupsByType() #2, " + e.getMessage()); } } Collections.sort(mailusers); EmailGroup thegroup = new EmailGroup(emailrole, mailusers); thegroups.add(thegroup); } else if (emailrole.roletype.equals("group") && roletypefilter.equals("group")) { String sid = getSiteID(); Site currentSite = null; try { currentSite = siteService.getSite(sid); } catch (IdUnusedException e1) { log.debug("IdUnusedException: Mailtool.getEmailGroups() #3, ", e1); return thegroups; } catch (Exception e2) { log.debug("Exception: Mailtool.getEmailGroups() #3, " + e2.getMessage()); return thegroups; } Collection groups = currentSite.getGroups(); Group agroup = null; for (Iterator groupIterator = groups.iterator(); groupIterator.hasNext(); ) { agroup = (Group) groupIterator.next(); String groupname = agroup.getTitle(); if (emailrole.getRoleid().equals(groupname)) break; } Set users2 = agroup.getUsersHasRole(groupAwareRoleFound); List mailusers2 = new ArrayList(); for (Iterator k = users2.iterator(); k.hasNext(); ) { String userid2 = (String) k.next(); try { User theuser2 = m_userDirectoryService.getUser(userid2); String firstname_for_display = ""; String lastname_for_display = ""; if (theuser2.getFirstName().trim().equals("")) { if (theuser2.getEmail().trim().equals("") && theuser2.getLastName().trim().equals("")) firstname_for_display = theuser2.getDisplayId(); // fix for SAK-7539 else firstname_for_display = theuser2.getEmail(); // fix for SAK-7356 } else { firstname_for_display = theuser2.getFirstName(); } lastname_for_display = theuser2.getLastName(); EmailUser emailuser2 = new EmailUser( theuser2.getId(), firstname_for_display, lastname_for_display, theuser2.getEmail()); mailusers2.add(emailuser2); } catch (Exception e) { log.debug("Exception: OptionsBean.getEmailGroupsByType() #3-1, " + e.getMessage()); } } Collections.sort(mailusers2); EmailGroup thegroup2 = new EmailGroup(emailrole, mailusers2); thegroups.add(thegroup2); } // else else if (emailrole.roletype.equals("section") && roletypefilter.equals("section")) { String sid = getSiteID(); Site currentSite = null; try { currentSite = siteService.getSite(sid); } catch (IdUnusedException e1) { log.debug("IdUnusedException: Mailtool.getEmailGroups() #4, ", e1); return thegroups; } catch (Exception e2) { log.debug("Exception: Mailtool.getEmailGroups() #4, " + e2.getMessage()); return thegroups; } Collection groups = currentSite.getGroups(); Group agroup = null; for (Iterator groupIterator = groups.iterator(); groupIterator.hasNext(); ) { agroup = (Group) groupIterator.next(); String groupname = agroup.getTitle(); if (emailrole.getRoleid().equals(groupname)) break; } Set users2 = agroup.getUsersHasRole(groupAwareRoleFound); List mailusers2 = new ArrayList(); for (Iterator k = users2.iterator(); k.hasNext(); ) { String userid2 = (String) k.next(); try { User theuser2 = m_userDirectoryService.getUser(userid2); String firstname_for_display = ""; String lastname_for_display = ""; if (theuser2.getFirstName().trim().equals("")) { if (theuser2.getEmail().trim().equals("") && theuser2.getLastName().trim().equals("")) firstname_for_display = theuser2.getDisplayId(); // fix for SAK-7539 else firstname_for_display = theuser2.getEmail(); // fix for SAK-7356 } else { firstname_for_display = theuser2.getFirstName(); } lastname_for_display = theuser2.getLastName(); EmailUser emailuser2 = new EmailUser( theuser2.getId(), firstname_for_display, lastname_for_display, theuser2.getEmail()); mailusers2.add(emailuser2); } catch (Exception e) { log.debug("Exception: OptionsBean.getEmailGroupsByType() #4-1, " + e.getMessage()); } } Collections.sort(mailusers2); EmailGroup thegroup2 = new EmailGroup(emailrole, mailusers2); thegroups.add(thegroup2); } // else else if (emailrole.roletype.equals("role_groupaware") && roletypefilter.equals("role_groupaware")) { String realmid = emailrole.getRealmid(); AuthzGroup therealm = null; try { therealm = m_realmService.getAuthzGroup(realmid); } catch (GroupNotDefinedException e1) { log.debug("GroupNotDefinedException: Mailtool.getEmailGroupsByType() #5, ", e1); return thegroups; } catch (Exception e2) { log.debug("Exception: Mailtool.getEmailGroupsByType() #5, " + e2.getMessage()); return thegroups; } Set users = therealm.getUsersHasRole(emailrole.getRoleid()); List /* EmailUser */ mailusers = new ArrayList(); for (Iterator j = users.iterator(); j.hasNext(); ) { String userid = (String) j.next(); try { User theuser = m_userDirectoryService.getUser(userid); String firstname_for_display = ""; String lastname_for_display = ""; if (theuser.getFirstName().trim().equals("")) { if (theuser.getEmail().trim().equals("") && theuser.getLastName().trim().equals("")) firstname_for_display = theuser.getDisplayId(); // fix for SAK-7539 else firstname_for_display = theuser.getEmail(); // fix for SAK-7356 } else { firstname_for_display = theuser.getFirstName(); } lastname_for_display = theuser.getLastName(); EmailUser emailuser = new EmailUser( theuser.getId(), firstname_for_display, lastname_for_display, theuser.getEmail()); mailusers.add(emailuser); } catch (Exception e) { log.debug("Exception: OptionsBean.getEmailGroupsByType() #5-1, " + e.getMessage()); } } Collections.sort(mailusers); EmailGroup thegroup = new EmailGroup(emailrole, mailusers); thegroups.add(thegroup); } // else } return thegroups; }
public List /* EmailRole */ getEmailRoles() { List /* EmailRole */ theroles = new ArrayList(); List allgroups = new ArrayList(); List allsections = new ArrayList(); for (int i = 1; i < (NUMBER_ROLES + 1); i++) { String rolerealm = this.getConfigParam("role" + i + "realmid"); String rolename = this.getConfigParam("role" + i + "id"); String rolesingular = this.getConfigParam("role" + i + "singular"); String roleplural = this.getConfigParam("role" + i + "plural"); if ((rolerealm != null && rolerealm != "") && (rolename != null && rolename != "") && (rolesingular != null && rolesingular != "") && (roleplural != null && roleplural != "")) { EmailRole emailrole = null; // if (isGroupAwareRoleInSettings(rolename)){ if (getGroupAwareRole().equals(rolename)) { emailrole = new EmailRole(rolerealm, rolename, rolesingular, roleplural, "role_groupaware"); num_groupawarerole++; } else emailrole = new EmailRole(rolerealm, rolename, rolesingular, roleplural, "role"); theroles.add(emailrole); already_configured = true; } } // for if (already_configured == false) { try { arole = m_realmService.getAuthzGroup(m_realmid); } catch (Exception e) { log.debug("Exception: OptionsBean.getEmailRoles()1, " + e.getMessage()); } for (Iterator i = arole.getRoles().iterator(); i.hasNext(); ) { Role r = (Role) i.next(); String rolename = r.getId(); String singular = ""; String plural = ""; if (rolename.equals("maintain")) { singular = rolename; plural = rolename + "ers"; } else if (rolename.equals("access")) { singular = rolename; plural = rolename + " users"; } else { singular = rolename; plural = rolename + "s"; } EmailRole emailrole = null; // if (isGroupAwareRoleInSettings(rolename)){ if (getGroupAwareRole().equals(rolename)) { emailrole = new EmailRole("/site/" + m_siteid, rolename, singular, plural, "role_groupaware"); num_groupawarerole++; } else emailrole = new EmailRole("/site/" + m_siteid, rolename, singular, plural, "role"); theroles.add(emailrole); } } // adding groups as roles try { currentSite = siteService.getSite(m_siteid); } catch (Exception e) { log.debug("Exception: OptionsBean.getEmailRoles()2, " + e.getMessage()); // If currentSite is Null then will be NPE, prefer to return early. return theroles; } Collection groups = currentSite.getGroups(); for (Iterator groupIterator = groups.iterator(); groupIterator.hasNext(); ) { Group currentGroup = (Group) groupIterator.next(); String groupname = currentGroup.getTitle(); String groupid = currentGroup.getProviderGroupId(); // ??????????????????????????????? // EmailRole emailrole2=new EmailRole("/site/"+siteid, groupname, groupname, groupname); EmailRole emailrole2 = null; if (currentGroup.getProperties().getProperty("sections_category") != null) { emailrole2 = new EmailRole(groupid, groupname, groupname, groupname, "section"); allsections.add(emailrole2); num_sections++; } else { emailrole2 = new EmailRole(groupid, groupname, groupname, groupname, "group"); allgroups.add(emailrole2); num_groups++; } } theroles.addAll(allgroups); // for sorted list in side-by-side view & scrolling list view theroles.addAll(allsections); // for sorted list ... return theroles; }
/** * Access (find if needed) the azg from the AuthzGroupService that implements my grouping. * * @return My azg. */ protected AuthzGroup getAzg() { if (m_azg == null) { try { m_azg = AuthzGroupService.getAuthzGroup(getReference()); } catch (GroupNotDefinedException e) { try { // create the group's azg, but don't store it yet (that happens if save is called) // use a template, but assign no user any maintain role // find the template for the new azg String groupAzgTemplate = siteService.groupAzgTemplate(m_site); AuthzGroup template = null; try { template = AuthzGroupService.getAuthzGroup(groupAzgTemplate); } catch (Exception e1) { try { // if the template is not defined, try the fall back template template = AuthzGroupService.getAuthzGroup("!group.template"); } catch (Exception e2) { } } m_azg = AuthzGroupService.newAuthzGroup(getReference(), template, null); m_azgChanged = true; if (m_site != null) { try { // remove all roles that is not in parent site realm Set<Role> parentSiteRoles = m_site.getRoles(); for (Iterator<Role> i = m_azg.getRoles().iterator(); i.hasNext(); ) { Role role = (Role) i.next(); if (!parentSiteRoles.contains(role)) { m_azg.removeRole(role.getId()); } } // add all new roles from parent site realm Set<Role> currentRoles = m_azg.getRoles(); for (Iterator<Role> j = parentSiteRoles.iterator(); j.hasNext(); ) { Role role = (Role) j.next(); if (currentRoles == null || !currentRoles.contains(role)) { String roleId = role.getId(); try { m_azg.addRole(roleId, role); } catch (RoleAlreadyDefinedException rException) { M_log.warn( "getAzg: role id " + roleId + " already used in group " + m_azg.getReference() + rException.getMessage()); } } } } catch (Exception e1) { M_log.warn( "getAzg: cannot access realm of " + m_site.getReference() + e1.getMessage()); } } } catch (Throwable t) { M_log.warn("getAzg: " + t); } } } return m_azg; }