public void init() { log.info("Initializing Lesson Builder Tool"); // for debugging I'd like to be able to reload, so avoid duplicates List<String> registered = FunctionManager.getRegisteredFunctions(SimplePage.PERMISSION_LESSONBUILDER_PREFIX); if (registered == null || !registered.contains(SimplePage.PERMISSION_LESSONBUILDER_UPDATE)) FunctionManager.registerFunction(SimplePage.PERMISSION_LESSONBUILDER_UPDATE); if (registered == null || !registered.contains(SimplePage.PERMISSION_LESSONBUILDER_READ)) FunctionManager.registerFunction(SimplePage.PERMISSION_LESSONBUILDER_READ); if (registered == null || !registered.contains(SimplePage.PERMISSION_LESSONBUILDER_SEE_ALL)) FunctionManager.registerFunction(SimplePage.PERMISSION_LESSONBUILDER_SEE_ALL); try { // hibernate will do the tables, but we need this for the indices if (autoDdl) { sqlService.ddl(this.getClass().getClassLoader(), "simplepage"); log.info("Completed Lesson Builder DDL"); } } catch (Exception e) { log.warn("Unable to DDL Lesson Builder", e); } }
public void init() { LOG.info("init()"); // register functions FunctionManager.registerFunction(PERMISSION_UMEM_VIEW); }
/** * build the context. * * @return The name of the template to use. */ public static String buildHelperContext( VelocityPortlet portlet, Context context, RunData rundata, SessionState state) { // in state is the realm id context.put("thelp", rb); String realmId = (String) state.getAttribute(STATE_REALM_ID); // in state is the realm to use for roles - if not, use realmId String realmRolesId = (String) state.getAttribute(STATE_REALM_ROLES_ID); context.put("viewRealmId", realmRolesId); // get the realm locked for editing AuthzGroup edit = (AuthzGroup) state.getAttribute(STATE_REALM_EDIT); if (edit == null) { if (AuthzGroupService.allowUpdate(realmId)) { try { edit = AuthzGroupService.getAuthzGroup(realmId); state.setAttribute(STATE_REALM_EDIT, edit); } catch (GroupNotDefinedException e) { try { // we can create the realm edit = AuthzGroupService.addAuthzGroup(realmId); state.setAttribute(STATE_REALM_EDIT, edit); } catch (GroupIdInvalidException ee) { M_log.warn("PermissionsAction.buildHelperContext: addRealm: " + ee); cleanupState(state); return null; } catch (GroupAlreadyDefinedException ee) { M_log.warn("PermissionsAction.buildHelperContext: addRealm: " + ee); cleanupState(state); return null; } catch (AuthzPermissionException ee) { M_log.warn("PermissionsAction.buildHelperContext: addRealm: " + ee); cleanupState(state); return null; } } } // no permission else { M_log.warn("PermissionsAction.buildHelperContext: no permission: " + realmId); cleanupState(state); return null; } } AuthzGroup viewEdit = null; // check wither the current realm id is of site group type if (realmId.indexOf(SiteService.REFERENCE_ROOT) != -1) { String siteId = realmId.replaceAll(SiteService.REFERENCE_ROOT + "/", ""); context.put("siteRef", realmId); if (state.getAttribute(STATE_GROUP_AWARE) != null && ((Boolean) state.getAttribute(STATE_GROUP_AWARE)).booleanValue()) { // only show groups for group-aware tools try { Site site = SiteService.getSite(siteId); Collection groups = site.getGroups(); if (groups != null && !groups.isEmpty()) { Iterator iGroups = groups.iterator(); for (; iGroups.hasNext(); ) { Group group = (Group) iGroups.next(); // need to either have realm update permission on the group level or better at the // site level if (!AuthzGroupService.allowUpdate(group.getReference())) { iGroups.remove(); } } context.put("groups", groups); } } catch (Exception siteException) { M_log.warn( "PermissionsAction.buildHelperContext: getsite of realm id = " + realmId + siteException); } } // get the realm locked for editing viewEdit = (AuthzGroup) state.getAttribute(STATE_VIEW_REALM_EDIT); if (viewEdit == null) { if (AuthzGroupService.allowUpdate(realmRolesId) || AuthzGroupService.allowUpdate(SiteService.siteReference(siteId))) { try { viewEdit = AuthzGroupService.getAuthzGroup(realmRolesId); state.setAttribute(STATE_VIEW_REALM_EDIT, viewEdit); } catch (GroupNotDefinedException e) { M_log.warn( "PermissionsAction.buildHelperContext: getRealm with id= " + realmRolesId + " : " + e); cleanupState(state); return null; } } // no permission else { M_log.warn("PermissionsAction.buildHelperContext: no permission: " + realmId); cleanupState(state); return null; } } } // in state is the prefix for abilities to present String prefix = (String) state.getAttribute(STATE_PREFIX); // in state is the list of abilities we will present List functions = (List) state.getAttribute(STATE_ABILITIES); if (functions == null) { // get all functions prefixed with our prefix functions = FunctionManager.getRegisteredFunctions(prefix); } if (functions != null && !functions.isEmpty()) { List<String> nFunctions = new Vector<String>(); if (!realmRolesId.equals(realmId)) { // editing groups within site, need to filter out those permissions only applicable to site // level for (Iterator iFunctions = functions.iterator(); iFunctions.hasNext(); ) { String function = (String) iFunctions.next(); if (function.indexOf("all.groups") == -1) { nFunctions.add(function); } } } else { nFunctions.addAll(functions); } state.setAttribute(STATE_ABILITIES, nFunctions); context.put("abilities", nFunctions); // get function description from passed in HashMap // output permission descriptions Map<String, String> functionDescriptions = (Map<String, String>) state.getAttribute(STATE_PERMISSION_DESCRIPTIONS); if (functionDescriptions != null) { Set keySet = functionDescriptions.keySet(); for (Object function : functions) { String desc = (String) function; String descKey = PermissionsHelper.PREFIX_PERMISSION_DESCRIPTION + function; if (keySet.contains(descKey)) { // use function description desc = (String) functionDescriptions.get(descKey); } functionDescriptions.put((String) function, desc); } context.put("functionDescriptions", functionDescriptions); } } // in state is the description of the edit String description = (String) state.getAttribute(STATE_DESCRIPTION); // the list of roles List roles = (List) state.getAttribute(STATE_ROLES); if (roles == null) { // get the roles from the edit, unless another is specified AuthzGroup roleRealm = viewEdit != null ? viewEdit : edit; if (realmRolesId != null) { try { roleRealm = AuthzGroupService.getAuthzGroup(realmRolesId); } catch (Exception e) { M_log.warn( "PermissionsHelperAction.buildHelperContext: getRolesRealm: " + realmRolesId + " : " + e); } } roles = new Vector(); roles.addAll(roleRealm.getRoles()); Collections.sort(roles); state.setAttribute(STATE_ROLES, roles); } // the abilities not including this realm for each role Map rolesAbilities = (Map) state.getAttribute(STATE_ROLE_ABILITIES); if (rolesAbilities == null) { rolesAbilities = new Hashtable(); state.setAttribute(STATE_ROLE_ABILITIES, rolesAbilities); // get this resource's role Realms,those that refine the role definitions, but not it's own Reference ref = EntityManager.newReference(viewEdit != null ? viewEdit.getId() : edit.getId()); Collection realms = ref.getAuthzGroups(); realms.remove(ref.getReference()); for (Iterator iRoles = roles.iterator(); iRoles.hasNext(); ) { Role role = (Role) iRoles.next(); Set locks = AuthzGroupService.getAllowedFunctions(role.getId(), realms); rolesAbilities.put(role.getId(), locks); } } context.put("realm", viewEdit != null ? viewEdit : edit); context.put("prefix", prefix); context.put("description", description); if (roles.size() > 0) { context.put("roles", roles); } context.put("rolesAbilities", rolesAbilities); // make sure observers are disabled VelocityPortletPaneledAction.disableObservers(state); return TEMPLATE_MAIN; }