Exemplo n.º 1
0
  public void saveMedia(String agent, String mediaLocation) {
    try {

      SecurityService.pushAdvisor(
          new SecurityAdvisor() {
            public SecurityAdvice isAllowed(String userId, String function, String reference) {
              return SecurityAdvice.ALLOWED;
            }
          });
      File media = new File(mediaLocation);
      byte[] mediaByte = getMediaStream(mediaLocation);
      String mimeType = MimeTypesLocator.getInstance().getContentType(media);

      String fullname = media.getName().trim();
      String collectionId = getPrivateCollection();
      currentItem.setImageMapSrc("/access/content" + collectionId + fullname);

      ResourcePropertiesEdit resourceProperties =
          AssessmentService.getContentHostingService().newResourceProperties();
      resourceProperties.addProperty(ResourceProperties.PROP_DISPLAY_NAME, fullname);

      AssessmentService.getContentHostingService()
          .addResource(
              collectionId + fullname,
              mimeType,
              mediaByte,
              resourceProperties,
              NotificationService.NOTI_NONE);
    } catch (Exception e) {
      log.warn(e);
    } finally {
      SecurityService.popAdvisor();
    }
  }
  private void getSiteParticipantList(String siteId, HttpServletResponse res) {
    // get the user id
    String userId = SessionManager.getCurrentSessionUserId();

    if (userId == null) {
      // fail the request, user not logged in yet.
      log.warn(
          this
              + " HttpAccess for printing participant of site id ="
              + siteId
              + " without user loggin. ");
    } else {
      String siteReference = SiteService.siteReference(siteId);
      // check whether the user has permission to view the site roster or is super user
      if (SecurityService.unlock(userId, SiteService.SECURE_VIEW_ROSTER, siteReference)
          || SecurityService.isSuperUser()) {
        print_participant(siteId);
      } else {
        log.warn(
            this
                + " HttpAccess for printing participant of site id ="
                + siteId
                + " with user id = "
                + userId
                + ": user does not have permission to view roster. ");
      }
    }
  }
  /**
   * Retrieve the list of pages in this site, checking to see if the user has permission to see the
   * page - by checking the permissions of tools on the page.
   *
   * @param site
   * @return
   */
  public List getPermittedPagesInOrder(Site site) {
    // Get all of the pages
    List pages = site.getOrderedPages();
    boolean siteUpdate = SecurityService.unlock("site.upd", site.getReference());

    List newPages = new ArrayList();

    for (Iterator i = pages.iterator(); i.hasNext(); ) {
      // check if current user has permission to see page
      SitePage p = (SitePage) i.next();
      List pTools = p.getTools();
      Iterator iPt = pTools.iterator();

      boolean allowPage = false;
      while (iPt.hasNext()) {
        ToolConfiguration placement = (ToolConfiguration) iPt.next();

        boolean thisTool = allowTool(site, placement);
        boolean unHidden = siteUpdate || !isHidden(placement);
        if (thisTool && unHidden) allowPage = true;
      }
      if (allowPage) newPages.add(p);
    }

    PageFilter pageFilter = portal.getPageFilter();

    if (pageFilter != null) {
      newPages = pageFilter.filter(newPages, site);
    }
    return newPages;
  }
Exemplo n.º 4
0
 /** Setup a security advisor. */
 public void pushAdvisor() {
   // setup a security advisor
   SecurityService.pushAdvisor(
       new SecurityAdvisor() {
         public SecurityAdvice isAllowed(String userId, String function, String reference) {
           return SecurityAdvice.ALLOWED;
         }
       });
 }
Exemplo n.º 5
0
  public void doPresence(
      HttpServletRequest req,
      HttpServletResponse res,
      Session session,
      String siteId,
      String toolContextPath,
      String toolPathInfo)
      throws ToolException, IOException {
    // permission check - visit the site
    Site site = null;
    try {
      Set<SecurityAdvisor> advisors =
          (Set<SecurityAdvisor>) session.getAttribute("sitevisit.security.advisor");
      if (advisors != null) {
        for (SecurityAdvisor advisor : advisors) {
          SecurityService.pushAdvisor(advisor);
          // session.removeAttribute("sitevisit.security.advisor");
        }
      }
      site = SiteService.getSiteVisit(siteId);
    } catch (IdUnusedException e) {
      portal.doError(req, res, session, Portal.ERROR_WORKSITE);
      return;
    } catch (PermissionException e) {
      // if not logged in, give them a chance
      if (session.getUserId() == null) {
        portal.doLogin(req, res, session, req.getPathInfo(), false);
      } else {
        portal.doError(req, res, session, Portal.ERROR_WORKSITE);
      }
      return;
    }

    // get the skin for the site
    String skin = site.getSkin();

    // find the tool registered for this
    ActiveTool tool = ActiveToolManager.getActiveTool("sakai.presence");
    if (tool == null) {
      portal.doError(req, res, session, Portal.ERROR_WORKSITE);
      return;
    }

    // form a placement based on the site and the fact that this is that
    // site's presence...
    // Note: the placement is transient, but will always have the same id
    // and context based on the siteId
    Placement placement =
        new org.sakaiproject.util.Placement(
            siteId + "-presence", tool.getId(), tool, null, siteId, null);

    portal.forwardTool(tool, req, res, placement, skin, toolContextPath, toolPathInfo);
  }
 /**
  * Establish a security advisor to allow the "embedded" azg work to occur with no need for
  * additional security permissions.
  */
 protected void enableSecurityAdvisorToGetAnnouncement() {
   // put in a security advisor so we can do our podcast work without need
   // of further permissions
   SecurityService.pushAdvisor(
       new SecurityAdvisor() {
         public SecurityAdvice isAllowed(String userId, String function, String reference) {
           if (function.equals(AnnouncementService.SECURE_ANNC_READ)
               || function.equals(ContentHostingService.AUTH_RESOURCE_READ)) // SAK-23300
           return SecurityAdvice.ALLOWED;
           else return SecurityAdvice.PASS;
         }
       });
 }
Exemplo n.º 7
0
  /** @inheritDoc */
  protected List<User> getRecipients(Event event) {
    // get the resource reference
    Reference ref = EntityManager.newReference(event.getResource());

    // use either the configured site, or if not configured, the site (context) of the resource
    String siteId = (getSite() != null) ? getSite() : ref.getContext();

    // if the site is published, use the list of users who can SITE_VISIT the site,
    // else use the list of users who can SITE_VISIT_UNP the site.
    try {
      Site site = SiteService.getSite(siteId);
      String ability = SiteService.SITE_VISIT;
      if (!site.isPublished()) {
        ability = SiteService.SITE_VISIT_UNPUBLISHED;
      }

      // get the list of users who can do the right kind of visit
      List<User> users = SecurityService.unlockUsers(ability, ref.getReference());

      // get the list of users who have the appropriate access to the resource
      if (getResourceAbility() != null) {
        List<User> users2 = SecurityService.unlockUsers(getResourceAbility(), ref.getReference());

        // find intersection of users and user2
        users.retainAll(users2);
      }

      // only use direct site members for the base list of users
      refineToSiteMembers(users, site);

      // add any other users
      addSpecialRecipients(users, ref);

      return users;
    } catch (Exception any) {
      return new Vector<User>();
    }
  }
  /**
   * @see
   *     org.sakaiproject.api.common.edu.person.SakaiPersonManager#delete(org.sakaiproject.api.common.edu.person.SakaiPerson)
   */
  public void delete(final SakaiPerson sakaiPerson) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("delete(SakaiPerson " + sakaiPerson + ")");
    }
    if (sakaiPerson == null)
      throw new IllegalArgumentException("Illegal sakaiPerson argument passed!");

    String ref = getReference(sakaiPerson);

    // only someone with the appropriate permissions can delete
    if (!SecurityService.unlock("user.del", ref)) {
      throw new SecurityException("You do not have permission to delete this sakaiPerson.");
    }

    LOG.debug("getHibernateTemplate().delete(sakaiPerson);");
    getHibernateTemplate().delete(sakaiPerson);
    eventTrackingService.post(eventTrackingService.newEvent("profile.delete", ref, true));
  }
Exemplo n.º 9
0
  /**
   * Method to check if a tool is visible for a user in a site, based on KNL-428
   *
   * @param site
   * @param toolConfig
   * @return
   */
  private boolean isToolVisible(Site site, ToolConfiguration toolConfig) {

    // no way to check, so allow access. It's then up to the tool to control permissions
    if (site == null || toolConfig == null) {
      return true;
    }

    String toolPermissionsStr = toolConfig.getConfig().getProperty("functions.require");

    // no special permissions required, it's visible
    if (toolPermissionsStr == null || toolPermissionsStr.trim().length() == 0) {
      return true;
    }

    // check each set, if multiple permissions in the set, must have all.
    String[] toolPermissionsSets = toolPermissionsStr.split("\\|");
    for (int i = 0; i < toolPermissionsSets.length; i++) {
      String[] requiredPermissions = toolPermissionsSets[i].split(",");
      boolean allowed = true;
      for (int j = 0; j < requiredPermissions.length; j++) {
        // since all in a set are required, if we are missing just one permission, set false, break
        // and continue to check next set
        // as that set may override and allow access
        if (!SecurityService.unlock(requiredPermissions[j].trim(), site.getReference())) {
          allowed = false;
          break;
        }
      }
      // if allowed, we have matched the entire set so are satisfied
      // otherwise we will check the next set
      if (allowed) {
        return true;
      }
    }

    // no sets were completely matched
    return false;
  }
Exemplo n.º 10
0
 public boolean getIsAdmin() {
   String context = "!admin";
   return SecurityService.unlock("site.upd", "/site/" + context);
 }
 /** remove recent add SecurityAdvisor from stack */
 protected void disableSecurityAdvisor() {
   SecurityService.popAdvisor();
 }
Exemplo n.º 12
0
  /**
   * Produce a page and/or a tool list doPage = true is best for the tabs-based portal and for RSS -
   * these think in terms of pages doPage = false is best for the portlet-style - it unrolls all of
   * the tools unless a page is marked as a popup. If the page is a popup - it is left a page and
   * marked as such. restTools = true - generate resetting tool URLs.
   *
   * @see
   *     org.sakaiproject.portal.api.PortalSiteHelper#pageListToMap(javax.servlet.http.HttpServletRequest,
   *     boolean, org.sakaiproject.site.api.Site, org.sakaiproject.site.api.SitePage,
   *     java.lang.String, java.lang.String, boolean, boolean, boolean)
   */
  public Map pageListToMap(
      HttpServletRequest req,
      boolean loggedIn,
      Site site,
      SitePage page,
      String toolContextPath,
      String portalPrefix,
      boolean doPages,
      boolean resetTools,
      boolean includeSummary) {

    Map<String, Object> theMap = new HashMap<String, Object>();

    String pageUrl =
        Web.returnUrl(
            req, "/" + portalPrefix + "/" + Web.escapeUrl(getSiteEffectiveId(site)) + "/page/");
    String toolUrl =
        Web.returnUrl(req, "/" + portalPrefix + "/" + Web.escapeUrl(getSiteEffectiveId(site)));
    if (resetTools) {
      toolUrl = toolUrl + "/tool-reset/";
    } else {
      toolUrl = toolUrl + "/tool/";
    }

    String pagePopupUrl = Web.returnUrl(req, "/page/");
    boolean showHelp = ServerConfigurationService.getBoolean("display.help.menu", true);
    String iconUrl = "";
    try {
      if (site.getIconUrlFull() != null) iconUrl = new URI(site.getIconUrlFull()).toString();
    } catch (URISyntaxException uex) {
      log.debug("Icon URL is invalid: " + site.getIconUrlFull());
    }

    boolean published = site.isPublished();
    String type = site.getType();

    theMap.put("siteId", site.getId());
    theMap.put("pageNavPublished", Boolean.valueOf(published));
    theMap.put("pageNavType", type);
    theMap.put("pageNavIconUrl", iconUrl);
    String htmlInclude = site.getProperties().getProperty(PROP_HTML_INCLUDE);
    if (htmlInclude != null) theMap.put("siteHTMLInclude", htmlInclude);

    // theMap.put("pageNavSitToolsHead",
    // Web.escapeHtml(rb.getString("sit_toolshead")));

    // order the pages based on their tools and the tool order for the
    // site type
    // List pages = site.getOrderedPages();
    List pages = getPermittedPagesInOrder(site);

    List<Map> l = new ArrayList<Map>();

    String addMoreToolsUrl = null;
    for (Iterator i = pages.iterator(); i.hasNext(); ) {

      SitePage p = (SitePage) i.next();
      // check if current user has permission to see page
      // we will draw page button if it have permission to see at least
      // one tool on the page
      List<ToolConfiguration> pTools = p.getTools();
      ToolConfiguration firstTool = null;
      String toolsOnPage = null;

      boolean current = (page != null && p.getId().equals(page.getId()) && !p.isPopUp());
      String alias = lookupPageToAlias(site.getId(), p);
      String pagerefUrl = pageUrl + Web.escapeUrl((alias != null) ? alias : p.getId());

      if (doPages || p.isPopUp()) {
        Map<String, Object> m = new HashMap<String, Object>();
        StringBuffer desc = new StringBuffer();

        boolean hidden = false;
        if (pTools != null && pTools.size() > 0) {
          firstTool = pTools.get(0);
          hidden = true; // Only set the page to hidden when we have tools that might un-hide it.
          Iterator<ToolConfiguration> tools = pTools.iterator();
          // get the tool descriptions for this page, typically only one per page, execpt for the
          // Home page
          int tCount = 0;
          while (tools.hasNext()) {
            ToolConfiguration t = tools.next();
            if (hidden && !isHidden(t)) {
              hidden = false;
            }
            if (tCount > 0) {
              desc.append(" | ");
            }
            if (t.getTool() == null) continue;
            desc.append(t.getTool().getDescription());
            tCount++;
            if ("sakai.siteinfo".equals(t.getToolId())) {
              addMoreToolsUrl =
                  Web.returnUrl(
                      req,
                      "/site/"
                          + Web.escapeUrl(site.getId())
                          + "/page/"
                          + Web.escapeUrl(p.getId())
                          + "?sakai_action=doMenu_edit_site_tools&panel=Shortcut");
            }
          }
          // Won't work with mutliple tools per page
          if (tCount > 1) addMoreToolsUrl = null;
        }

        boolean siteUpdate = SecurityService.unlock("site.upd", site.getReference());
        if (!siteUpdate) addMoreToolsUrl = null;

        if (!ServerConfigurationService.getBoolean("portal.experimental.addmoretools", false))
          addMoreToolsUrl = null;

        m.put("isPage", Boolean.valueOf(true));
        m.put("current", Boolean.valueOf(current));
        m.put("ispopup", Boolean.valueOf(p.isPopUp()));
        m.put("pagePopupUrl", pagePopupUrl);
        m.put("pageTitle", Web.escapeHtml(p.getTitle()));
        m.put("jsPageTitle", Web.escapeJavascript(p.getTitle()));
        m.put("pageId", Web.escapeUrl(p.getId()));
        m.put("jsPageId", Web.escapeJavascript(p.getId()));
        m.put("pageRefUrl", pagerefUrl);

        // TODO: Should have Web.escapeHtmlAttribute()
        String description = desc.toString().replace("\"", "&quot;");
        m.put("description", description);
        m.put("hidden", Boolean.valueOf(hidden));
        // toolsOnPage is always null
        // if (toolsOnPage != null) m.put("toolsOnPage", toolsOnPage);
        if (includeSummary) summarizePage(m, site, p);
        if (firstTool != null) {
          String menuClass = firstTool.getToolId();
          menuClass = "icon-" + menuClass.replace('.', '-');
          m.put("menuClass", menuClass);
          Properties tmp = firstTool.getConfig();
          if (tmp != null) {
            String mc = tmp.getProperty(PROP_MENU_CLASS);
            if (mc != null && mc.length() > 0) m.put("menuClassOverride", mc);
          }
        } else {
          m.put("menuClass", "icon-default-tool");
        }
        m.put("pageProps", createPageProps(p));
        // this is here to allow the tool reorder to work
        m.put("_sitePage", p);
        l.add(m);
        continue;
      }

      // Loop through the tools again and Unroll the tools
      Iterator iPt = pTools.iterator();

      while (iPt.hasNext()) {
        ToolConfiguration placement = (ToolConfiguration) iPt.next();

        Tool tool = placement.getTool();
        if (tool != null) {
          String toolrefUrl = toolUrl + Web.escapeUrl(placement.getId());

          Map<String, Object> m = new HashMap<String, Object>();
          m.put("isPage", Boolean.valueOf(false));
          m.put("toolId", Web.escapeUrl(placement.getId()));
          m.put("jsToolId", Web.escapeJavascript(placement.getId()));
          m.put("toolRegistryId", placement.getToolId());
          m.put("toolTitle", Web.escapeHtml(placement.getTitle()));
          m.put("jsToolTitle", Web.escapeJavascript(placement.getTitle()));
          m.put("toolrefUrl", toolrefUrl);
          String menuClass = placement.getToolId();
          menuClass = "icon-" + menuClass.replace('.', '-');
          m.put("menuClass", menuClass);
          Properties tmp = placement.getConfig();
          if (tmp != null) {
            String mc = tmp.getProperty(PROP_MENU_CLASS);
            if (mc != null && mc.length() > 0) m.put("menuClassOverride", mc);
          }
          // this is here to allow the tool reorder to work if requried.
          m.put("_placement", placement);
          l.add(m);
        }
      }
    }
    PageFilter pageFilter = portal.getPageFilter();
    if (pageFilter != null) {
      l = pageFilter.filterPlacements(l, site);
    }

    if (addMoreToolsUrl != null) {
      theMap.put("pageNavAddMoreToolsUrl", addMoreToolsUrl);
      theMap.put("pageNavCanAddMoreTools", true);
    } else {
      theMap.put("pageNavCanAddMoreTools", false);
    }

    theMap.put("pageNavTools", l);
    theMap.put(
        "pageMaxIfSingle",
        ServerConfigurationService.getBoolean("portal.experimental.maximizesinglepage", false));
    theMap.put("pageNavToolsCount", Integer.valueOf(l.size()));

    String helpUrl = ServerConfigurationService.getHelpUrl(null);
    theMap.put("pageNavShowHelp", Boolean.valueOf(showHelp));
    theMap.put("pageNavHelpUrl", helpUrl);
    theMap.put("helpMenuClass", "icon-sakai-help");
    theMap.put("subsiteClass", "icon-sakai-subsite");

    // theMap.put("pageNavSitContentshead",
    // Web.escapeHtml(rb.getString("sit_contentshead")));

    // Display presence? Global property display.users.present may be always / never / true / false
    // If true or false, the value may be overriden by the site property display-users-present
    // which may be true or false.

    boolean showPresence;
    String globalShowPresence =
        ServerConfigurationService.getString("display.users.present", "true");

    if ("never".equals(globalShowPresence)) {
      showPresence = false;
    } else if ("always".equals(globalShowPresence)) {
      showPresence = true;
    } else {
      String showPresenceSite = site.getProperties().getProperty("display-users-present");

      if (showPresenceSite == null) {
        showPresence = Boolean.valueOf(globalShowPresence).booleanValue();
      } else {
        showPresence = Boolean.valueOf(showPresenceSite).booleanValue();
      }
    }

    // Check to see if this is a my workspace site, and if so, whether presence is disabled
    if (showPresence
        && SiteService.isUserSite(site.getId())
        && !ServerConfigurationService.getBoolean("display.users.present.myworkspace", false))
      showPresence = false;

    String presenceUrl = Web.returnUrl(req, "/presence/" + Web.escapeUrl(site.getId()));

    // theMap.put("pageNavSitPresenceTitle",
    // Web.escapeHtml(rb.getString("sit_presencetitle")));
    // theMap.put("pageNavSitPresenceFrameTitle",
    // Web.escapeHtml(rb.getString("sit_presenceiframetit")));
    theMap.put("pageNavShowPresenceLoggedIn", Boolean.valueOf(showPresence && loggedIn));
    theMap.put("pageNavPresenceUrl", presenceUrl);

    // Retrieve whether or not we are to put presence in a frame
    theMap.put(
        "pageNavPresenceIframe",
        Boolean.valueOf(
            ServerConfigurationService.getBoolean("display.users.present.iframe", false)));
    theMap.put(
        "sakaiPresenceTimeDelay",
        Integer.valueOf(
            ServerConfigurationService.getInt("display.users.present.time.delay", 3000)));

    return theMap;
  }
Exemplo n.º 13
0
 // permission convert
 public boolean checkPermission(String lock, String reference) {
   return SecurityService.unlock(lock, reference);
 }
Exemplo n.º 14
0
 /** Remove our security advisor. */
 public void popAdvisor() {
   SecurityService.popAdvisor();
 }
Exemplo n.º 15
0
  public void doTool(
      HttpServletRequest req,
      HttpServletResponse res,
      Session session,
      String placementId,
      String toolContextPath,
      String toolPathInfo)
      throws ToolException, IOException {

    if (portal.redirectIfLoggedOut(res)) return;

    // find the tool from some site
    ToolConfiguration siteTool = SiteService.findTool(placementId);
    if (siteTool == null) {
      portal.doError(req, res, session, Portal.ERROR_WORKSITE);
      return;
    }

    // Reset the tool state if requested
    if ("true".equals(req.getParameter(portalService.getResetStateParam()))
        || "true".equals(portalService.getResetState())) {
      Session s = SessionManager.getCurrentSession();
      ToolSession ts = s.getToolSession(placementId);
      ts.clearAttributes();
    }

    // find the tool registered for this
    ActiveTool tool = ActiveToolManager.getActiveTool(siteTool.getToolId());
    if (tool == null) {
      portal.doError(req, res, session, Portal.ERROR_WORKSITE);
      return;
    }

    // permission check - visit the site (unless the tool is configured to
    // bypass)
    Site site = null;
    if (tool.getAccessSecurity() == Tool.AccessSecurity.PORTAL) {
      try {
        Set<SecurityAdvisor> advisors =
            (Set<SecurityAdvisor>) session.getAttribute("sitevisit.security.advisor");
        if (advisors != null) {
          for (SecurityAdvisor advisor : advisors) {
            SecurityService.pushAdvisor(advisor);
            // session.removeAttribute("sitevisit.security.advisor");
          }
        }
        site = SiteService.getSiteVisit(siteTool.getSiteId());
      } catch (IdUnusedException e) {
        portal.doError(req, res, session, Portal.ERROR_WORKSITE);
        return;
      } catch (PermissionException e) {
        // if not logged in, give them a chance
        if (session.getUserId() == null) {
          portal.doLogin(req, res, session, req.getPathInfo(), false);
        } else {
          portal.doError(req, res, session, Portal.ERROR_WORKSITE);
        }
        return;
      }
    }

    // Check to see if the tool is visible
    if (!isToolVisible(site, siteTool)) {
      portal.doError(req, res, session, Portal.ERROR_WORKSITE);
      return;
    }

    if (portal.isPortletPlacement(siteTool)) {

      String siteType = portal.calcSiteType(siteTool.getSiteId());

      // form a context sensitive title
      String title =
          ServerConfigurationService.getString("ui.service")
              + " : "
              + site.getTitle()
              + " : "
              + siteTool.getTitle();

      PortalRenderContext rcontext =
          portal.startPageContext(siteType, title, siteTool.getSkin(), req);

      Map m = portal.includeTool(res, req, siteTool);
      rcontext.put("tool", m);

      portal.sendResponse(rcontext, res, "tool", null);

    } else {
      portal.forwardTool(
          tool, req, res, siteTool, siteTool.getSkin(), toolContextPath, toolPathInfo);
    }
  }
  /** @see SakaiPersonManager#save(SakaiPerson) */
  public void save(SakaiPerson sakaiPerson) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("save(SakaiPerson " + sakaiPerson + ")");
    }
    if (sakaiPerson == null)
      throw new IllegalArgumentException("Illegal sakaiPerson argument passed!");
    if (!isSupportedType(sakaiPerson.getTypeUuid()))
      throw new IllegalArgumentException("The sakaiPerson argument contains an invalid Type!");

    // AuthZ
    // Only superusers can update system records
    if (getSystemMutableType().getUuid().equals(sakaiPerson.getTypeUuid())
        && !SecurityService.isSuperUser()) {
      throw new IllegalAccessError("System mutable records cannot be updated.");
    }

    // if it is a user mutable record, ensure the user is updating their own record
    // this can be overriden with a security advisor so the admin user to allow access
    if (!SecurityService.unlock(
        UserDirectoryService.ADMIN_ID,
        SakaiPerson.PROFILE_SAVE_PERMISSION,
        sakaiPerson.getAgentUuid())) {

      if (!StringUtils.equals(SessionManager.getCurrentSessionUserId(), sakaiPerson.getAgentUuid())
          && !SecurityService.isSuperUser()) {
        // AuthZ - Ensure the current user is updating their own record
        if (!StringUtils.equals(
            SessionManager.getCurrentSessionUserId(), sakaiPerson.getAgentUuid())) {
          throw new IllegalAccessError("You do not have permissions to update this record!");
        }
      }
    }

    // store record
    if (!(sakaiPerson instanceof SakaiPersonImpl)) {
      // TODO support alternate implementations of SakaiPerson
      // copy bean properties into new SakaiPersonImpl with beanutils?
      throw new UnsupportedOperationException("Unknown SakaiPerson implementation found!");
    } else {
      // update lastModifiedDate
      SakaiPersonImpl spi = (SakaiPersonImpl) sakaiPerson;
      persistableHelper.modifyPersistableFields(spi);
      // if the repository path is set save if there
      if (photoService.overRidesDefault()) {
        photoService.savePhoto(spi.getJpegPhoto(), spi.getAgentUuid());
        spi.setJpegPhoto(null);
      }

      // use update(..) method to ensure someone does not try to insert a
      // prototype.
      getHibernateTemplate().update(spi);

      // set the event
      String ref = getReference(spi);
      LOG.debug("got ref of: " + ref + " about to set events");

      eventTrackingService.post(eventTrackingService.newEvent("profile.update", ref, true));

      LOG.debug("User record updated for Id :-" + spi.getAgentUuid());
      // update the account too -only if not system profile
      if (serverConfigurationService.getBoolean("profile.updateUser", false)
          && spi.getTypeUuid().equals(this.userMutableType.getUuid())) {
        try {
          UserEdit userEdit = null;
          userEdit = userDirectoryService.editUser(spi.getAgentUuid());
          userEdit.setFirstName(spi.getGivenName());
          userEdit.setLastName(spi.getSurname());
          userEdit.setEmail(spi.getMail());
          userDirectoryService.commitEdit(userEdit);
          LOG.debug("Saved user object");
        } catch (Exception e) {
          e.printStackTrace();
        }
      }
    }
  }