/**
   * Get the list of authorized apps for the user based on the user's LEA.
   *
   * <p>No additional filtering is done on the results. E.g. if a user is a non-admin, the admin
   * apps will still show up in the list, or if an app is disabled it will still show up.
   *
   * @param principal
   * @return list of app IDs, or null if it couldn't be determined
   */
  @SuppressWarnings("unchecked")
  public boolean isAuthorizedForApp(Entity app, SLIPrincipal principal) {

    if (principal.isAdminRealmAuthenticated()) {
      return isAdminVisible(app);
    } else {
      if (isAutoAuthorized(app)) {
        return true;
      } else if (!isOperatorApproved(app)) {
        return false;
      } else {
        Set<String> edOrgs = helper.locateDirectEdorgs(principal.getEntity());
        NeutralQuery appAuthCollQuery = new NeutralQuery();
        appAuthCollQuery.addCriteria(new NeutralCriteria("applicationId", "=", app.getEntityId()));
        appAuthCollQuery.addCriteria(
            new NeutralCriteria("edorgs.authorizedEdorg", NeutralCriteria.CRITERIA_IN, edOrgs));
        Entity authorizedApps = repo.findOne("applicationAuthorization", appAuthCollQuery);
        if (authorizedApps != null) {
          if (isAutoApproved(app)) {
            return true;
          } else {
            // query approved edorgs
            List<String> approvedDistricts =
                new ArrayList<String>((List<String>) app.getBody().get("authorized_ed_orgs"));
            List<String> myDistricts = helper.getDistricts(edOrgs);
            approvedDistricts.retainAll(myDistricts);
            return !approvedDistricts.isEmpty();
          }
        }
      }
    }
    return false;
  }
コード例 #2
0
  @Override
  public SLIPrincipal locate(
      String tenantId, String externalUserId, String userType, String clientId) {
    LOG.info("Locating user {}@{} of type: {}", new Object[] {externalUserId, tenantId, userType});
    SLIPrincipal user = new SLIPrincipal(externalUserId + "@" + tenantId);
    user.setExternalId(externalUserId);
    user.setTenantId(tenantId);
    user.setUserType(userType);

    TenantContext.setTenantId(tenantId);

    if (EntityNames.STUDENT.equals(userType)) {
      NeutralQuery neutralQuery =
          new NeutralQuery(
              new NeutralCriteria(
                  ParameterConstants.STUDENT_UNIQUE_STATE_ID,
                  NeutralCriteria.OPERATOR_EQUAL,
                  externalUserId));
      neutralQuery.setOffset(0);
      neutralQuery.setLimit(1);
      user.setEntity(repo.findOne(EntityNames.STUDENT, neutralQuery, true));
    } else if (EntityNames.PARENT.equals(userType)) {
      NeutralQuery neutralQuery =
          new NeutralQuery(
              new NeutralCriteria(
                  ParameterConstants.PARENT_UNIQUE_STATE_ID,
                  NeutralCriteria.OPERATOR_EQUAL,
                  externalUserId));
      neutralQuery.setOffset(0);
      neutralQuery.setLimit(1);
      user.setEntity(repo.findOne(EntityNames.PARENT, neutralQuery, true));
    } else if (isStaff(userType)) {

      NeutralQuery neutralQuery = new NeutralQuery();
      neutralQuery.setOffset(0);
      neutralQuery.setLimit(1);
      neutralQuery.addCriteria(
          new NeutralCriteria(
              ParameterConstants.STAFF_UNIQUE_STATE_ID,
              NeutralCriteria.OPERATOR_EQUAL,
              externalUserId));

      Iterable<Entity> staff = repo.findAll(EntityNames.STAFF, neutralQuery);

      if (staff != null && staff.iterator().hasNext()) {
        Entity entity = staff.iterator().next();
        Set<String> edorgs = edorgHelper.locateDirectEdorgs(entity);
        if (edorgs.size() == 0) {
          LOG.warn("User {} is not currently associated to a school/edorg", user.getId());
          throw new APIAccessDeniedException(
              "User is not currently associated to a school/edorg", user, clientId);
        }
        user.setEntity(entity);
      }
    }

    if (user.getEntity() == null) {
      LOG.warn("Failed to locate user {} in the datastore", user.getId());
      Entity entity =
          new MongoEntity(
              "user",
              SLIPrincipal.NULL_ENTITY_ID,
              new HashMap<String, Object>(),
              new HashMap<String, Object>());
      user.setEntity(entity);
    } else {
      LOG.info(
          "Matched user: {}@{} -> {}",
          new Object[] {externalUserId, tenantId, user.getEntity().getEntityId()});
    }

    return user;
  }