/** @inheritDoc */ protected List<User> getRecipients(Event event) { // get the resource reference Reference ref = EntityManager.newReference(event.getResource()); // use either the configured site, or if not configured, the site (context) of the resource String siteId = (getSite() != null) ? getSite() : ref.getContext(); // if the site is published, use the list of users who can SITE_VISIT the site, // else use the list of users who can SITE_VISIT_UNP the site. try { Site site = SiteService.getSite(siteId); String ability = SiteService.SITE_VISIT; if (!site.isPublished()) { ability = SiteService.SITE_VISIT_UNPUBLISHED; } // get the list of users who can do the right kind of visit List<User> users = SecurityService.unlockUsers(ability, ref.getReference()); // get the list of users who have the appropriate access to the resource if (getResourceAbility() != null) { List<User> users2 = SecurityService.unlockUsers(getResourceAbility(), ref.getReference()); // find intersection of users and user2 users.retainAll(users2); } // only use direct site members for the base list of users refineToSiteMembers(users, site); // add any other users addSpecialRecipients(users, ref); return users; } catch (Exception any) { return new Vector<User>(); } }
public boolean equals(Object o) { if (this == o) { return true; } if (!(o instanceof ReferenceHolder)) { return false; } final ReferenceHolder referenceHolder = (ReferenceHolder) o; if (base != null ? !base.getReference().equals(referenceHolder.base.getReference()) : referenceHolder.base != null) { return false; } return true; }
/** {@inheritDoc} */ public Collection getEntityAuthzGroups(Reference ref, String userId) { // permission convert Collection rv = new Vector(); try { // for 2.3 // Site site = SiteService.getSite(ref.getContext()); // Collection groups = site.getGroups(); // // if ((SecurityService.isSuperUser())) // { // return groups; // } // // Collection groupRefs = new Vector(); // for (Iterator i = groups.iterator(); i.hasNext();) // { // Group group = (Group) i.next(); // groupRefs.add(group.getReference()); // } // // for (Iterator i = groups.iterator(); i.hasNext();) // { // Group group = (Group) i.next(); // rv.add(group); // } // // ref.addSiteContextAuthzGroup(rv); if (SYLLABUS.equals(ref.getSubType())) { rv.add(ref.getReference()); ref.addSiteContextAuthzGroup(rv); } } catch (Exception e) { logger.error("SyllabusServiceImpl:getEntityAuthzGroups - " + e); e.printStackTrace(); } return rv; }
public String initializeAction(Reference reference) { return BaseInteractionAction.getInitializationId( reference.getReference(), this.getTypeId(), this.getId()); }
private String getSiteReference(String siteContext) { final Reference ref = entityManager.newReference(siteService.siteReference(siteContext)); return ref.getReference(); }
/** * build the context. * * @return The name of the template to use. */ public static String buildHelperContext( VelocityPortlet portlet, Context context, RunData rundata, SessionState state) { // in state is the realm id context.put("thelp", rb); String realmId = (String) state.getAttribute(STATE_REALM_ID); // in state is the realm to use for roles - if not, use realmId String realmRolesId = (String) state.getAttribute(STATE_REALM_ROLES_ID); context.put("viewRealmId", realmRolesId); // get the realm locked for editing AuthzGroup edit = (AuthzGroup) state.getAttribute(STATE_REALM_EDIT); if (edit == null) { if (AuthzGroupService.allowUpdate(realmId)) { try { edit = AuthzGroupService.getAuthzGroup(realmId); state.setAttribute(STATE_REALM_EDIT, edit); } catch (GroupNotDefinedException e) { try { // we can create the realm edit = AuthzGroupService.addAuthzGroup(realmId); state.setAttribute(STATE_REALM_EDIT, edit); } catch (GroupIdInvalidException ee) { M_log.warn("PermissionsAction.buildHelperContext: addRealm: " + ee); cleanupState(state); return null; } catch (GroupAlreadyDefinedException ee) { M_log.warn("PermissionsAction.buildHelperContext: addRealm: " + ee); cleanupState(state); return null; } catch (AuthzPermissionException ee) { M_log.warn("PermissionsAction.buildHelperContext: addRealm: " + ee); cleanupState(state); return null; } } } // no permission else { M_log.warn("PermissionsAction.buildHelperContext: no permission: " + realmId); cleanupState(state); return null; } } AuthzGroup viewEdit = null; // check wither the current realm id is of site group type if (realmId.indexOf(SiteService.REFERENCE_ROOT) != -1) { String siteId = realmId.replaceAll(SiteService.REFERENCE_ROOT + "/", ""); context.put("siteRef", realmId); if (state.getAttribute(STATE_GROUP_AWARE) != null && ((Boolean) state.getAttribute(STATE_GROUP_AWARE)).booleanValue()) { // only show groups for group-aware tools try { Site site = SiteService.getSite(siteId); Collection groups = site.getGroups(); if (groups != null && !groups.isEmpty()) { Iterator iGroups = groups.iterator(); for (; iGroups.hasNext(); ) { Group group = (Group) iGroups.next(); // need to either have realm update permission on the group level or better at the // site level if (!AuthzGroupService.allowUpdate(group.getReference())) { iGroups.remove(); } } context.put("groups", groups); } } catch (Exception siteException) { M_log.warn( "PermissionsAction.buildHelperContext: getsite of realm id = " + realmId + siteException); } } // get the realm locked for editing viewEdit = (AuthzGroup) state.getAttribute(STATE_VIEW_REALM_EDIT); if (viewEdit == null) { if (AuthzGroupService.allowUpdate(realmRolesId) || AuthzGroupService.allowUpdate(SiteService.siteReference(siteId))) { try { viewEdit = AuthzGroupService.getAuthzGroup(realmRolesId); state.setAttribute(STATE_VIEW_REALM_EDIT, viewEdit); } catch (GroupNotDefinedException e) { M_log.warn( "PermissionsAction.buildHelperContext: getRealm with id= " + realmRolesId + " : " + e); cleanupState(state); return null; } } // no permission else { M_log.warn("PermissionsAction.buildHelperContext: no permission: " + realmId); cleanupState(state); return null; } } } // in state is the prefix for abilities to present String prefix = (String) state.getAttribute(STATE_PREFIX); // in state is the list of abilities we will present List functions = (List) state.getAttribute(STATE_ABILITIES); if (functions == null) { // get all functions prefixed with our prefix functions = FunctionManager.getRegisteredFunctions(prefix); } if (functions != null && !functions.isEmpty()) { List<String> nFunctions = new Vector<String>(); if (!realmRolesId.equals(realmId)) { // editing groups within site, need to filter out those permissions only applicable to site // level for (Iterator iFunctions = functions.iterator(); iFunctions.hasNext(); ) { String function = (String) iFunctions.next(); if (function.indexOf("all.groups") == -1) { nFunctions.add(function); } } } else { nFunctions.addAll(functions); } state.setAttribute(STATE_ABILITIES, nFunctions); context.put("abilities", nFunctions); // get function description from passed in HashMap // output permission descriptions Map<String, String> functionDescriptions = (Map<String, String>) state.getAttribute(STATE_PERMISSION_DESCRIPTIONS); if (functionDescriptions != null) { Set keySet = functionDescriptions.keySet(); for (Object function : functions) { String desc = (String) function; String descKey = PermissionsHelper.PREFIX_PERMISSION_DESCRIPTION + function; if (keySet.contains(descKey)) { // use function description desc = (String) functionDescriptions.get(descKey); } functionDescriptions.put((String) function, desc); } context.put("functionDescriptions", functionDescriptions); } } // in state is the description of the edit String description = (String) state.getAttribute(STATE_DESCRIPTION); // the list of roles List roles = (List) state.getAttribute(STATE_ROLES); if (roles == null) { // get the roles from the edit, unless another is specified AuthzGroup roleRealm = viewEdit != null ? viewEdit : edit; if (realmRolesId != null) { try { roleRealm = AuthzGroupService.getAuthzGroup(realmRolesId); } catch (Exception e) { M_log.warn( "PermissionsHelperAction.buildHelperContext: getRolesRealm: " + realmRolesId + " : " + e); } } roles = new Vector(); roles.addAll(roleRealm.getRoles()); Collections.sort(roles); state.setAttribute(STATE_ROLES, roles); } // the abilities not including this realm for each role Map rolesAbilities = (Map) state.getAttribute(STATE_ROLE_ABILITIES); if (rolesAbilities == null) { rolesAbilities = new Hashtable(); state.setAttribute(STATE_ROLE_ABILITIES, rolesAbilities); // get this resource's role Realms,those that refine the role definitions, but not it's own Reference ref = EntityManager.newReference(viewEdit != null ? viewEdit.getId() : edit.getId()); Collection realms = ref.getAuthzGroups(); realms.remove(ref.getReference()); for (Iterator iRoles = roles.iterator(); iRoles.hasNext(); ) { Role role = (Role) iRoles.next(); Set locks = AuthzGroupService.getAllowedFunctions(role.getId(), realms); rolesAbilities.put(role.getId(), locks); } } context.put("realm", viewEdit != null ? viewEdit : edit); context.put("prefix", prefix); context.put("description", description); if (roles.size() > 0) { context.put("roles", roles); } context.put("rolesAbilities", rolesAbilities); // make sure observers are disabled VelocityPortletPaneledAction.disableObservers(state); return TEMPLATE_MAIN; }
private void writeObject(java.io.ObjectOutputStream out) throws IOException { out.writeObject(base.getReference()); }