/* (non-Javadoc)
   * @see edu.internet2.middleware.grouper.ui.RepositoryBrowser#getParentStems(edu.internet2.middleware.grouper.ui.GroupOrStem)
   */
  public List getParentStems(GroupOrStem groupOrStem) throws Exception {
    List path = new ArrayList();
    if (groupOrStem == null) return path;
    Map map = GrouperHelper.group2Map(s, groupOrStem);

    Stem curStem = null;
    String endPoint = GrouperHelper.NS_ROOT;

    boolean isEndPointReached = false;
    if (isHidePreRootNode()) {
      endPoint = getRootNode();
      if (map.get("name").equals(endPoint)) isEndPointReached = true;
    }

    while (!isEndPointReached
        && !"".equals(map.get("stem"))
        && !GrouperHelper.NS_ROOT.equals(map.get("stem"))) {
      curStem = StemFinder.findByName(s, (String) map.get("stem"), true);
      if (curStem != null) {
        map = GrouperHelper.stem2Map(s, curStem);
        path.add(0, map);
        if (curStem.getName().equals(endPoint)) isEndPointReached = true;
      }
    }
    if (!isEndPointReached) {
      path.add(0, GrouperHelper.stem2Map(s, StemFinder.findRootStem(s)));
    }
    return path;
  }
  /**
   * remove objects not allowed to see privileges on
   *
   * @param groupsAndStems
   */
  public static void removeObjectsNotAllowedToSeePrivs(Set<?> groupsAndStems) {

    if (groupsAndStems == null) {
      return;
    }

    // subject who is making the query
    final Subject grouperSessionSubject = GrouperSession.staticGrouperSession().getSubject();

    Iterator<?> iterator = groupsAndStems.iterator();

    while (iterator.hasNext()) {
      Object groupOrStem = iterator.next();

      if (groupOrStem instanceof Group) {

        Group group = (Group) groupOrStem;
        if (!group.hasAdmin(grouperSessionSubject)) {
          iterator.remove();
        }
      } else if (groupOrStem instanceof Stem) {

        Stem stem = (Stem) groupOrStem;
        if (!stem.hasStem(grouperSessionSubject)) {
          iterator.remove();
        }

      } else {
        // this should never happen
        throw new RuntimeException(
            "Not expecting object of type: " + groupOrStem.getClass() + ", " + groupOrStem);
      }
    }
  }
Пример #3
0
  public void setUp() {

    super.setUp();

    // add etc:attribute:courses:courseType attribute
    Stem etcStem =
        StemFinder.findByName(GrouperSession.staticGrouperSession(), "etc:attribute", true);
    Stem coursesStem = etcStem.addChildStem("courses", "Courses");
    AttributeDef attributeDef =
        coursesStem.addChildAttributeDef("courseType", AttributeDefType.attr);
    attributeDef.setAssignToGroup(true);
    attributeDef.setMultiValued(true);
    attributeDef.setValueType(AttributeDefValueType.string);
    attributeDef.store();
    coursesStem.addChildAttributeDefName(attributeDef, "courseType", "courseType");
  }
Пример #4
0
  public Set getResults(GrouperSession s) throws QueryException {
    // note, no need for GrouperSession inverse of control
    GrouperSession.validate(s);
    Set results;

    if (ns.isRootStem()) {
      results =
          PrivilegeHelper.canViewGroups(
              s, GrouperDAOFactory.getFactory().getGroup().findAllByCreatedAfter(this.d));
    } else {
      results =
          PrivilegeHelper.canViewGroups(
              s,
              GrouperDAOFactory.getFactory()
                  .getGroup()
                  .findAllByCreatedAfter(this.d, getStringForScope(ns)));
    }
    return results;
  } // public Set getResults(s)
Пример #5
0
  /**
   * Check if subject has privilege.
   *
   * <p>
   *
   * @param i BeanShell interpreter.
   * @param stack BeanShell call stack.
   * @param name Check for privilege on this {@link Group} or {@link Stem}.
   * @param subjId Check if this {@link Subject} has privilege.
   * @param priv Check this {@link AccessPrivilege}.
   * @return True if succeeds.
   * @throws GrouperShellException
   * @since 0.0.1
   */
  public static boolean invoke(
      Interpreter i, CallStack stack, String name, String subjId, Privilege priv)
      throws GrouperShellException {
    GrouperShell.setOurCommand(i, true);
    try {
      GrouperSession s = GrouperShell.getSession(i);
      Subject subj = SubjectFinder.findByIdOrIdentifier(subjId, true);
      if (Privilege.isAccess(priv)) {
        Group g = GroupFinder.findByName(s, name, true);
        if (priv.equals(AccessPrivilege.ADMIN)) {
          return g.hasAdmin(subj);
        } else if (priv.equals(AccessPrivilege.OPTIN)) {
          return g.hasOptin(subj);
        } else if (priv.equals(AccessPrivilege.OPTOUT)) {
          return g.hasOptout(subj);
        } else if (priv.equals(AccessPrivilege.READ)) {
          return g.hasRead(subj);
        } else if (priv.equals(AccessPrivilege.UPDATE)) {
          return g.hasUpdate(subj);
        } else if (priv.equals(AccessPrivilege.GROUP_ATTR_READ)) {
          return g.hasGroupAttrRead(subj);
        } else if (priv.equals(AccessPrivilege.GROUP_ATTR_UPDATE)) {
          return g.hasGroupAttrUpdate(subj);
        } else if (priv.equals(AccessPrivilege.VIEW)) {
          return g.hasView(subj);
        } else {
          throw new RuntimeException("Not expecting privilege: " + priv);
        }
      } else if (Privilege.isNaming(priv)) {
        Stem ns = StemFinder.findByName(s, name, true);
        if (priv.equals(NamingPrivilege.CREATE)) {
          return ns.hasCreate(subj);
        } else if (priv.equals(NamingPrivilege.STEM_ATTR_READ)) {
          return ns.hasStemAttrRead(subj);
        } else if (priv.equals(NamingPrivilege.STEM_ATTR_UPDATE)) {
          return ns.hasStemAttrUpdate(subj);
        } else if (priv.equals(NamingPrivilege.STEM) || priv.equals(NamingPrivilege.STEM_ADMIN)) {
          return ns.hasStemAdmin(subj);
        } else {
          throw new RuntimeException("Not expecting privilege: " + priv);
        }
      } else if (Privilege.isAttributeDef(priv)) {
        AttributeDef attributeDef = AttributeDefFinder.findByName(name, true);
        if (priv.equals(AttributeDefPrivilege.ATTR_ADMIN)) {
          return attributeDef.getPrivilegeDelegate().hasAttrAdmin(subj);
        } else if (priv.equals(AttributeDefPrivilege.ATTR_OPTIN)) {
          return attributeDef.getPrivilegeDelegate().hasAttrOptin(subj);
        } else if (priv.equals(AttributeDefPrivilege.ATTR_OPTOUT)) {
          return attributeDef.getPrivilegeDelegate().hasAttrOptout(subj);
        } else if (priv.equals(AttributeDefPrivilege.ATTR_READ)) {
          return attributeDef.getPrivilegeDelegate().hasAttrRead(subj);
        } else if (priv.equals(AttributeDefPrivilege.ATTR_UPDATE)) {
          return attributeDef.getPrivilegeDelegate().hasAttrUpdate(subj);
        } else if (priv.equals(AttributeDefPrivilege.ATTR_DEF_ATTR_READ)) {
          return attributeDef.getPrivilegeDelegate().hasAttrDefAttrRead(subj);
        } else if (priv.equals(AttributeDefPrivilege.ATTR_DEF_ATTR_UPDATE)) {
          return attributeDef.getPrivilegeDelegate().hasAttrDefAttrUpdate(subj);
        } else if (priv.equals(AttributeDefPrivilege.ATTR_VIEW)) {
          return attributeDef.getPrivilegeDelegate().hasAttrView(subj);
        } else {
          throw new RuntimeException("Not expecting privilege: " + priv);
        }

      } else {
        throw new RuntimeException("Invalid privilege type: " + priv);
      }
    } catch (GroupNotFoundException eGNF) {
      GrouperShell.error(i, eGNF);
    } catch (StemNotFoundException eNSNF) {
      GrouperShell.error(i, eNSNF);
    } catch (SubjectNotFoundException eSNF) {
      GrouperShell.error(i, eSNF);
    } catch (SubjectNotUniqueException eSNU) {
      GrouperShell.error(i, eSNU);
    }
    return false;
  } // public static boolean invoke(i, stack, name, subjId, priv)
  /**
   * @see edu.internet2.middleware.grouper.ui.RepositoryBrowser#getChildren(java.lang.String, int,
   *     int, java.lang.StringBuffer, boolean, boolean)
   */
  public Set getChildren(
      String node,
      String listField,
      int start,
      int pageSize,
      StringBuffer totalCount,
      boolean isFlat,
      boolean isForAssignment,
      String omitForAssignment,
      String context,
      HttpServletRequest request)
      throws Exception {

    if (isFlat) return getFlatChildren(start, pageSize, totalCount, "flat", request);

    Set results = new LinkedHashSet();
    GroupOrStem groupOrStem = GroupOrStem.findByID(s, node);
    Group group = groupOrStem.getGroup();
    Stem stem = groupOrStem.getStem();
    if (listField == null || "".equals(listField)) listField = "members";
    Field field = FieldFinder.find(listField, true);
    List sortedChildren = null;
    int[] resultSizeArray = new int[1];
    int resultSize = 0;
    if (isForAssignment) {
      if (group != null) { // display immediate members

        Set<Membership> allChildren = new LinkedHashSet<Membership>();
        ResourceBundle resourceBundle = GrouperUiFilter.retrieveSessionMediaResourceBundle();
        String sortLimitString = resourceBundle.getString("comparator.sort.limit");
        int sortLimit = Integer.parseInt(sortLimitString);

        allChildren =
            MembershipFinder.internal_findAllImmediateByGroupAndFieldAndPage(
                group, field, start, pageSize, sortLimit, resultSizeArray);
        resultSize = resultSizeArray[0];
        sortedChildren =
            LowLevelGrouperCapableAction.sort(allChildren, request, context, resultSize, null);

        int groupList2SubjectStart = (start >= sortedChildren.size()) ? 0 : start;

        results.addAll(
            GrouperHelper.groupList2SubjectsMaps(
                s, sortedChildren, groupList2SubjectStart, pageSize));
        if (totalCount != null) {
          totalCount.setLength(0);
          totalCount.append(resultSize);
        }
        return results;
      }
    } else if (group != null) return results;
    Set<GroupAsMap> allChildren = new LinkedHashSet<GroupAsMap>();

    // must be stem
    String stemName = null;
    if (stem != null) {
      stemName = stem.getName();
    } else if (GrouperHelper.NS_ROOT.equals(node)) {
      stemName = node;
    } else {
      throw new RuntimeException(node + " is not recognised");
    }
    List<GroupAsMap> listOfMaps = getChildrenAsMaps(s, stemName, start, pageSize, resultSizeArray);

    if (this.pagedQuery()) {
      resultSize = resultSizeArray[0];
    }

    if (sortedQuery()) {
      listOfMaps = LowLevelGrouperCapableAction.sort(listOfMaps, request, context, -1, null);
    }

    allChildren.addAll(listOfMaps);
    // Map validStems  = GrouperHelper.getValidStems(s,browseMode);
    boolean addChild = false;
    int end = start + pageSize;

    Map child;
    String name;
    Iterator it = allChildren.iterator();
    int count = 0;
    while (it.hasNext()) {
      addChild = false;

      child = (Map) it.next();
      if (isForAssignment) {
        // Do not try to exclude current group - so what if someone tries to add an existing member?
        // Also becomes complicated if there are custom fields
        // if(omitForAssignment!=null && omitForAssignment.equals(child.get("id"))) {
        // addChild=false;
        // }else{
        addChild = true;
        // }
      } else {
        addChild = isValidChild(child);
      }
      if (addChild) {
        if (!this.pagedQuery()) {
          resultSize++;
        }

        if (this.pagedQuery() || (resultSize >= start && resultSize < end)) {
          results.add(child);
        }
      } else if (this.pagedQuery()) {
        resultSize--;
      }
    }
    if (totalCount != null) {
      totalCount.setLength(0);
      totalCount.append(resultSize);
    }
    return results;
  }
 /**
  * get child stems to show
  *
  * @param stem
  * @return the stems
  */
 public Set<Stem> getChildStems(Stem stem) {
   return stem.getChildStems();
 }
 /**
  * get child groups from a stem
  *
  * @param stem
  * @param scope
  * @return the set of groups
  */
 public Set<Group> getChildGroups(Stem stem, QueryOptions queryOptions) {
   return stem.getChildGroups();
 }