public void initializeCurrentRoles() {
String realmid = getSiteRealmID();
try {
arole = m_realmService.getAuthzGroup(realmid);
} catch (Exception e) {
log.debug("Exception: OptionsBean.initializeCurrentRoles(), " + e.getMessage());
}
for (Iterator i = arole.getRoles().iterator(); i.hasNext(); ) {
Role r = (Role) i.next();
String rolename = r.getId();
Configuration c = new Configuration();
c.setId(num_role_id);
c.setRoleId(rolename);
c.setRealmid(getSiteRealmID());
c.setSingular(rolename);
c.setPlural(rolename + "s");
c.setSingularNew(getConfigParam("role" + (num_role_id + 1) + "singular"));
c.setPluralNew(getConfigParam("role" + (num_role_id + 1) + "plural"));
renamedRoles.add(c);
num_role_id++;
num_roles_renamed++;
if (isGroupAwareRoleInSettings(rolename)) {
setGroupAwareRoleExist(true);
}
}
}
/**
* Does this resource support public view? (Support for the conversion)
*
* @param ref The resource reference
* @return true if this resource supports public view, false if not.
*/
protected boolean getPubView(String ref) {
// get the realm
try {
AuthzGroup realm = AuthzGroupService.getAuthzGroup(ref);
// if the announcement realm has "pubview" role, then the announcement is publicly viewable
Role pubview = realm.getRole("pubview");
if (pubview != null) return true;
// if the announcement realm has the anonymous role and the anonymous
// role contains content.read then the announcement is publicly viewable.
// (Because the AuthzGroupService converts pubview role (in a realm)
// to just .anon role with content.read function)
Role anon = realm.getRole(".anon");
if (anon != null && anon.getAllowedFunctions().contains("content.read")) {
return true;
}
return false;
// Set anon = realm.getAnonRoles();
// if (!anon.contains(pubview))
// return false;
//
// Set auth = realm.getAuthRoles();
// if (!auth.contains(pubview))
// return false;
} catch (GroupNotDefinedException e) {
// if no realm, no pub view
return false;
}
}
private boolean isSiteMember(String uid) {
AuthzGroup realm;
try {
realm = AuthzGroupService.getAuthzGroup("/site/" + getCurrentSiteId());
return realm.getUsers().contains(uid);
} catch (GroupNotDefinedException e) {
LOG.error("IdUnusedException:", e);
}
return false;
}
private List getSiteMembers() {
List siteMembers = new ArrayList();
try {
AuthzGroup realm = AuthzGroupService.getAuthzGroup("/site/" + getCurrentSiteId());
siteMembers = new ArrayList(realm.getUsers());
} catch (GroupNotDefinedException e) {
LOG.error("GroupNotDefinedException:", e);
}
return siteMembers;
}
/**
* Fetch the user role in the current site
*
* @throws IdUnusedException, SessionDataException
* @return Role
* @throws GroupNotDefinedException
*/
private String getUserRole()
throws IdUnusedException, SessionDataException, GroupNotDefinedException {
AuthzGroup group;
Role role;
group = AuthzGroupService.getAuthzGroup("/site/" + getSiteId());
if (group == null) {
throw new SessionDataException("No current group");
}
role = group.getUserRole(this.getUserId());
if (role == null) {
throw new SessionDataException("No current role");
}
return role.getId();
}
public String getGroupAwareRole() {
String gar = ServerConfigurationService.getString("mailtool.group.aware.role");
String[] gartokens = gar.split(",");
try {
arole = m_realmService.getAuthzGroup(m_realmid);
} catch (Exception e) {
log.debug("Exception: OptionsBean.getEmailRoles(), " + e.getMessage());
}
for (Iterator i = arole.getRoles().iterator(); i.hasNext(); ) {
Role r = (Role) i.next();
String rolename = r.getId();
for (int t = 0; t < gartokens.length; t++) {
if (gartokens[t].trim().equals(rolename.trim())) return rolename;
}
}
return groupAwareRoleDefault;
}
/** check if group-aware role exist in the site */
public void checkifGroupAwareRoleExist() {
String realmid = getSiteRealmID();
try {
arole = m_realmService.getAuthzGroup(realmid);
} catch (Exception e) {
log.debug("Exception: OptionsBean.checkifGroupAwareRoleExist(), " + e.getMessage());
}
for (Iterator i = arole.getRoles().iterator(); i.hasNext(); ) {
Role r = (Role) i.next();
String rolename = r.getId();
if (isGroupAwareRoleInSettings(rolename)) {
setGroupAwareRoleExist(true);
break;
} else if (getGroupAwareRole().equals(rolename)) {
setGroupAwareRoleExist(true);
break;
}
}
}
/**
* build the context.
*
* @return The name of the template to use.
*/
public static String buildHelperContext(
VelocityPortlet portlet, Context context, RunData rundata, SessionState state) {
// in state is the realm id
context.put("thelp", rb);
String realmId = (String) state.getAttribute(STATE_REALM_ID);
// in state is the realm to use for roles - if not, use realmId
String realmRolesId = (String) state.getAttribute(STATE_REALM_ROLES_ID);
context.put("viewRealmId", realmRolesId);
// get the realm locked for editing
AuthzGroup edit = (AuthzGroup) state.getAttribute(STATE_REALM_EDIT);
if (edit == null) {
if (AuthzGroupService.allowUpdate(realmId)) {
try {
edit = AuthzGroupService.getAuthzGroup(realmId);
state.setAttribute(STATE_REALM_EDIT, edit);
} catch (GroupNotDefinedException e) {
try {
// we can create the realm
edit = AuthzGroupService.addAuthzGroup(realmId);
state.setAttribute(STATE_REALM_EDIT, edit);
} catch (GroupIdInvalidException ee) {
M_log.warn("PermissionsAction.buildHelperContext: addRealm: " + ee);
cleanupState(state);
return null;
} catch (GroupAlreadyDefinedException ee) {
M_log.warn("PermissionsAction.buildHelperContext: addRealm: " + ee);
cleanupState(state);
return null;
} catch (AuthzPermissionException ee) {
M_log.warn("PermissionsAction.buildHelperContext: addRealm: " + ee);
cleanupState(state);
return null;
}
}
}
// no permission
else {
M_log.warn("PermissionsAction.buildHelperContext: no permission: " + realmId);
cleanupState(state);
return null;
}
}
AuthzGroup viewEdit = null;
// check wither the current realm id is of site group type
if (realmId.indexOf(SiteService.REFERENCE_ROOT) != -1) {
String siteId = realmId.replaceAll(SiteService.REFERENCE_ROOT + "/", "");
context.put("siteRef", realmId);
if (state.getAttribute(STATE_GROUP_AWARE) != null
&& ((Boolean) state.getAttribute(STATE_GROUP_AWARE)).booleanValue()) {
// only show groups for group-aware tools
try {
Site site = SiteService.getSite(siteId);
Collection groups = site.getGroups();
if (groups != null && !groups.isEmpty()) {
Iterator iGroups = groups.iterator();
for (; iGroups.hasNext(); ) {
Group group = (Group) iGroups.next();
// need to either have realm update permission on the group level or better at the
// site level
if (!AuthzGroupService.allowUpdate(group.getReference())) {
iGroups.remove();
}
}
context.put("groups", groups);
}
} catch (Exception siteException) {
M_log.warn(
"PermissionsAction.buildHelperContext: getsite of realm id = "
+ realmId
+ siteException);
}
}
// get the realm locked for editing
viewEdit = (AuthzGroup) state.getAttribute(STATE_VIEW_REALM_EDIT);
if (viewEdit == null) {
if (AuthzGroupService.allowUpdate(realmRolesId)
|| AuthzGroupService.allowUpdate(SiteService.siteReference(siteId))) {
try {
viewEdit = AuthzGroupService.getAuthzGroup(realmRolesId);
state.setAttribute(STATE_VIEW_REALM_EDIT, viewEdit);
} catch (GroupNotDefinedException e) {
M_log.warn(
"PermissionsAction.buildHelperContext: getRealm with id= "
+ realmRolesId
+ " : "
+ e);
cleanupState(state);
return null;
}
}
// no permission
else {
M_log.warn("PermissionsAction.buildHelperContext: no permission: " + realmId);
cleanupState(state);
return null;
}
}
}
// in state is the prefix for abilities to present
String prefix = (String) state.getAttribute(STATE_PREFIX);
// in state is the list of abilities we will present
List functions = (List) state.getAttribute(STATE_ABILITIES);
if (functions == null) {
// get all functions prefixed with our prefix
functions = FunctionManager.getRegisteredFunctions(prefix);
}
if (functions != null && !functions.isEmpty()) {
List<String> nFunctions = new Vector<String>();
if (!realmRolesId.equals(realmId)) {
// editing groups within site, need to filter out those permissions only applicable to site
// level
for (Iterator iFunctions = functions.iterator(); iFunctions.hasNext(); ) {
String function = (String) iFunctions.next();
if (function.indexOf("all.groups") == -1) {
nFunctions.add(function);
}
}
} else {
nFunctions.addAll(functions);
}
state.setAttribute(STATE_ABILITIES, nFunctions);
context.put("abilities", nFunctions);
// get function description from passed in HashMap
// output permission descriptions
Map<String, String> functionDescriptions =
(Map<String, String>) state.getAttribute(STATE_PERMISSION_DESCRIPTIONS);
if (functionDescriptions != null) {
Set keySet = functionDescriptions.keySet();
for (Object function : functions) {
String desc = (String) function;
String descKey = PermissionsHelper.PREFIX_PERMISSION_DESCRIPTION + function;
if (keySet.contains(descKey)) {
// use function description
desc = (String) functionDescriptions.get(descKey);
}
functionDescriptions.put((String) function, desc);
}
context.put("functionDescriptions", functionDescriptions);
}
}
// in state is the description of the edit
String description = (String) state.getAttribute(STATE_DESCRIPTION);
// the list of roles
List roles = (List) state.getAttribute(STATE_ROLES);
if (roles == null) {
// get the roles from the edit, unless another is specified
AuthzGroup roleRealm = viewEdit != null ? viewEdit : edit;
if (realmRolesId != null) {
try {
roleRealm = AuthzGroupService.getAuthzGroup(realmRolesId);
} catch (Exception e) {
M_log.warn(
"PermissionsHelperAction.buildHelperContext: getRolesRealm: "
+ realmRolesId
+ " : "
+ e);
}
}
roles = new Vector();
roles.addAll(roleRealm.getRoles());
Collections.sort(roles);
state.setAttribute(STATE_ROLES, roles);
}
// the abilities not including this realm for each role
Map rolesAbilities = (Map) state.getAttribute(STATE_ROLE_ABILITIES);
if (rolesAbilities == null) {
rolesAbilities = new Hashtable();
state.setAttribute(STATE_ROLE_ABILITIES, rolesAbilities);
// get this resource's role Realms,those that refine the role definitions, but not it's own
Reference ref =
EntityManager.newReference(viewEdit != null ? viewEdit.getId() : edit.getId());
Collection realms = ref.getAuthzGroups();
realms.remove(ref.getReference());
for (Iterator iRoles = roles.iterator(); iRoles.hasNext(); ) {
Role role = (Role) iRoles.next();
Set locks = AuthzGroupService.getAllowedFunctions(role.getId(), realms);
rolesAbilities.put(role.getId(), locks);
}
}
context.put("realm", viewEdit != null ? viewEdit : edit);
context.put("prefix", prefix);
context.put("description", description);
if (roles.size() > 0) {
context.put("roles", roles);
}
context.put("rolesAbilities", rolesAbilities);
// make sure observers are disabled
VelocityPortletPaneledAction.disableObservers(state);
return TEMPLATE_MAIN;
}
public List /* EmailGroup */ getEmailGroupsByType(String roletypefilter) {
List /* EmailGroup */ thegroups = new ArrayList();
List emailroles = this.getEmailRoles();
for (Iterator i = emailroles.iterator(); i.hasNext(); ) {
EmailRole emailrole = (EmailRole) i.next();
if (emailrole.roletype.equals("role") && roletypefilter.equals("role")) {
String realmid = emailrole.getRealmid();
AuthzGroup therealm = null;
try {
therealm = m_realmService.getAuthzGroup(realmid);
} catch (GroupNotDefinedException e1) {
log.debug("GroupNotDefinedException: Mailtool.getEmailGroups() #1, ", e1);
return thegroups;
} catch (Exception e2) {
log.debug("Exception: Mailtool.getEmailGroups() #1, " + e2.getMessage());
return thegroups;
}
Set users = therealm.getUsersHasRole(emailrole.getRoleid());
List /* EmailUser */ mailusers = new ArrayList();
for (Iterator j = users.iterator(); j.hasNext(); ) {
String userid = (String) j.next();
try {
User theuser = m_userDirectoryService.getUser(userid);
String firstname_for_display = "";
String lastname_for_display = "";
if (theuser.getFirstName().trim().equals("")) {
if (theuser.getEmail().trim().equals("") && theuser.getLastName().trim().equals(""))
firstname_for_display = theuser.getDisplayId(); // fix for SAK-7539
else firstname_for_display = theuser.getEmail(); // fix for SAK-7356
} else {
firstname_for_display = theuser.getFirstName();
}
lastname_for_display = theuser.getLastName();
EmailUser emailuser =
new EmailUser(
theuser.getId(),
firstname_for_display,
lastname_for_display,
theuser.getEmail());
mailusers.add(emailuser);
} catch (Exception e) {
log.debug("Exception: OptionsBean.getEmailGroupsByType() #2, " + e.getMessage());
}
}
Collections.sort(mailusers);
EmailGroup thegroup = new EmailGroup(emailrole, mailusers);
thegroups.add(thegroup);
} else if (emailrole.roletype.equals("group") && roletypefilter.equals("group")) {
String sid = getSiteID();
Site currentSite = null;
try {
currentSite = siteService.getSite(sid);
} catch (IdUnusedException e1) {
log.debug("IdUnusedException: Mailtool.getEmailGroups() #3, ", e1);
return thegroups;
} catch (Exception e2) {
log.debug("Exception: Mailtool.getEmailGroups() #3, " + e2.getMessage());
return thegroups;
}
Collection groups = currentSite.getGroups();
Group agroup = null;
for (Iterator groupIterator = groups.iterator(); groupIterator.hasNext(); ) {
agroup = (Group) groupIterator.next();
String groupname = agroup.getTitle();
if (emailrole.getRoleid().equals(groupname)) break;
}
Set users2 = agroup.getUsersHasRole(groupAwareRoleFound);
List mailusers2 = new ArrayList();
for (Iterator k = users2.iterator(); k.hasNext(); ) {
String userid2 = (String) k.next();
try {
User theuser2 = m_userDirectoryService.getUser(userid2);
String firstname_for_display = "";
String lastname_for_display = "";
if (theuser2.getFirstName().trim().equals("")) {
if (theuser2.getEmail().trim().equals("") && theuser2.getLastName().trim().equals(""))
firstname_for_display = theuser2.getDisplayId(); // fix for SAK-7539
else firstname_for_display = theuser2.getEmail(); // fix for SAK-7356
} else {
firstname_for_display = theuser2.getFirstName();
}
lastname_for_display = theuser2.getLastName();
EmailUser emailuser2 =
new EmailUser(
theuser2.getId(),
firstname_for_display,
lastname_for_display,
theuser2.getEmail());
mailusers2.add(emailuser2);
} catch (Exception e) {
log.debug("Exception: OptionsBean.getEmailGroupsByType() #3-1, " + e.getMessage());
}
}
Collections.sort(mailusers2);
EmailGroup thegroup2 = new EmailGroup(emailrole, mailusers2);
thegroups.add(thegroup2);
} // else
else if (emailrole.roletype.equals("section") && roletypefilter.equals("section")) {
String sid = getSiteID();
Site currentSite = null;
try {
currentSite = siteService.getSite(sid);
} catch (IdUnusedException e1) {
log.debug("IdUnusedException: Mailtool.getEmailGroups() #4, ", e1);
return thegroups;
} catch (Exception e2) {
log.debug("Exception: Mailtool.getEmailGroups() #4, " + e2.getMessage());
return thegroups;
}
Collection groups = currentSite.getGroups();
Group agroup = null;
for (Iterator groupIterator = groups.iterator(); groupIterator.hasNext(); ) {
agroup = (Group) groupIterator.next();
String groupname = agroup.getTitle();
if (emailrole.getRoleid().equals(groupname)) break;
}
Set users2 = agroup.getUsersHasRole(groupAwareRoleFound);
List mailusers2 = new ArrayList();
for (Iterator k = users2.iterator(); k.hasNext(); ) {
String userid2 = (String) k.next();
try {
User theuser2 = m_userDirectoryService.getUser(userid2);
String firstname_for_display = "";
String lastname_for_display = "";
if (theuser2.getFirstName().trim().equals("")) {
if (theuser2.getEmail().trim().equals("") && theuser2.getLastName().trim().equals(""))
firstname_for_display = theuser2.getDisplayId(); // fix for SAK-7539
else firstname_for_display = theuser2.getEmail(); // fix for SAK-7356
} else {
firstname_for_display = theuser2.getFirstName();
}
lastname_for_display = theuser2.getLastName();
EmailUser emailuser2 =
new EmailUser(
theuser2.getId(),
firstname_for_display,
lastname_for_display,
theuser2.getEmail());
mailusers2.add(emailuser2);
} catch (Exception e) {
log.debug("Exception: OptionsBean.getEmailGroupsByType() #4-1, " + e.getMessage());
}
}
Collections.sort(mailusers2);
EmailGroup thegroup2 = new EmailGroup(emailrole, mailusers2);
thegroups.add(thegroup2);
} // else
else if (emailrole.roletype.equals("role_groupaware")
&& roletypefilter.equals("role_groupaware")) {
String realmid = emailrole.getRealmid();
AuthzGroup therealm = null;
try {
therealm = m_realmService.getAuthzGroup(realmid);
} catch (GroupNotDefinedException e1) {
log.debug("GroupNotDefinedException: Mailtool.getEmailGroupsByType() #5, ", e1);
return thegroups;
} catch (Exception e2) {
log.debug("Exception: Mailtool.getEmailGroupsByType() #5, " + e2.getMessage());
return thegroups;
}
Set users = therealm.getUsersHasRole(emailrole.getRoleid());
List /* EmailUser */ mailusers = new ArrayList();
for (Iterator j = users.iterator(); j.hasNext(); ) {
String userid = (String) j.next();
try {
User theuser = m_userDirectoryService.getUser(userid);
String firstname_for_display = "";
String lastname_for_display = "";
if (theuser.getFirstName().trim().equals("")) {
if (theuser.getEmail().trim().equals("") && theuser.getLastName().trim().equals(""))
firstname_for_display = theuser.getDisplayId(); // fix for SAK-7539
else firstname_for_display = theuser.getEmail(); // fix for SAK-7356
} else {
firstname_for_display = theuser.getFirstName();
}
lastname_for_display = theuser.getLastName();
EmailUser emailuser =
new EmailUser(
theuser.getId(),
firstname_for_display,
lastname_for_display,
theuser.getEmail());
mailusers.add(emailuser);
} catch (Exception e) {
log.debug("Exception: OptionsBean.getEmailGroupsByType() #5-1, " + e.getMessage());
}
}
Collections.sort(mailusers);
EmailGroup thegroup = new EmailGroup(emailrole, mailusers);
thegroups.add(thegroup);
} // else
}
return thegroups;
}
public List /* EmailRole */ getEmailRoles() {
List /* EmailRole */ theroles = new ArrayList();
List allgroups = new ArrayList();
List allsections = new ArrayList();
for (int i = 1; i < (NUMBER_ROLES + 1); i++) {
String rolerealm = this.getConfigParam("role" + i + "realmid");
String rolename = this.getConfigParam("role" + i + "id");
String rolesingular = this.getConfigParam("role" + i + "singular");
String roleplural = this.getConfigParam("role" + i + "plural");
if ((rolerealm != null && rolerealm != "")
&& (rolename != null && rolename != "")
&& (rolesingular != null && rolesingular != "")
&& (roleplural != null && roleplural != "")) {
EmailRole emailrole = null;
// if (isGroupAwareRoleInSettings(rolename)){
if (getGroupAwareRole().equals(rolename)) {
emailrole =
new EmailRole(rolerealm, rolename, rolesingular, roleplural, "role_groupaware");
num_groupawarerole++;
} else emailrole = new EmailRole(rolerealm, rolename, rolesingular, roleplural, "role");
theroles.add(emailrole);
already_configured = true;
}
} // for
if (already_configured == false) {
try {
arole = m_realmService.getAuthzGroup(m_realmid);
} catch (Exception e) {
log.debug("Exception: OptionsBean.getEmailRoles()1, " + e.getMessage());
}
for (Iterator i = arole.getRoles().iterator(); i.hasNext(); ) {
Role r = (Role) i.next();
String rolename = r.getId();
String singular = "";
String plural = "";
if (rolename.equals("maintain")) {
singular = rolename;
plural = rolename + "ers";
} else if (rolename.equals("access")) {
singular = rolename;
plural = rolename + " users";
} else {
singular = rolename;
plural = rolename + "s";
}
EmailRole emailrole = null;
// if (isGroupAwareRoleInSettings(rolename)){
if (getGroupAwareRole().equals(rolename)) {
emailrole =
new EmailRole("/site/" + m_siteid, rolename, singular, plural, "role_groupaware");
num_groupawarerole++;
} else emailrole = new EmailRole("/site/" + m_siteid, rolename, singular, plural, "role");
theroles.add(emailrole);
}
}
// adding groups as roles
try {
currentSite = siteService.getSite(m_siteid);
} catch (Exception e) {
log.debug("Exception: OptionsBean.getEmailRoles()2, " + e.getMessage());
// If currentSite is Null then will be NPE, prefer to return early.
return theroles;
}
Collection groups = currentSite.getGroups();
for (Iterator groupIterator = groups.iterator(); groupIterator.hasNext(); ) {
Group currentGroup = (Group) groupIterator.next();
String groupname = currentGroup.getTitle();
String groupid = currentGroup.getProviderGroupId(); // ???????????????????????????????
// EmailRole emailrole2=new EmailRole("/site/"+siteid, groupname, groupname, groupname);
EmailRole emailrole2 = null;
if (currentGroup.getProperties().getProperty("sections_category") != null) {
emailrole2 = new EmailRole(groupid, groupname, groupname, groupname, "section");
allsections.add(emailrole2);
num_sections++;
} else {
emailrole2 = new EmailRole(groupid, groupname, groupname, groupname, "group");
allgroups.add(emailrole2);
num_groups++;
}
}
theroles.addAll(allgroups); // for sorted list in side-by-side view & scrolling list view
theroles.addAll(allsections); // for sorted list ...
return theroles;
}
/**
* Access (find if needed) the azg from the AuthzGroupService that implements my grouping.
*
* @return My azg.
*/
protected AuthzGroup getAzg() {
if (m_azg == null) {
try {
m_azg = AuthzGroupService.getAuthzGroup(getReference());
} catch (GroupNotDefinedException e) {
try {
// create the group's azg, but don't store it yet (that happens if save is called)
// use a template, but assign no user any maintain role
// find the template for the new azg
String groupAzgTemplate = siteService.groupAzgTemplate(m_site);
AuthzGroup template = null;
try {
template = AuthzGroupService.getAuthzGroup(groupAzgTemplate);
} catch (Exception e1) {
try {
// if the template is not defined, try the fall back template
template = AuthzGroupService.getAuthzGroup("!group.template");
} catch (Exception e2) {
}
}
m_azg = AuthzGroupService.newAuthzGroup(getReference(), template, null);
m_azgChanged = true;
if (m_site != null) {
try {
// remove all roles that is not in parent site realm
Set<Role> parentSiteRoles = m_site.getRoles();
for (Iterator<Role> i = m_azg.getRoles().iterator(); i.hasNext(); ) {
Role role = (Role) i.next();
if (!parentSiteRoles.contains(role)) {
m_azg.removeRole(role.getId());
}
}
// add all new roles from parent site realm
Set<Role> currentRoles = m_azg.getRoles();
for (Iterator<Role> j = parentSiteRoles.iterator(); j.hasNext(); ) {
Role role = (Role) j.next();
if (currentRoles == null || !currentRoles.contains(role)) {
String roleId = role.getId();
try {
m_azg.addRole(roleId, role);
} catch (RoleAlreadyDefinedException rException) {
M_log.warn(
"getAzg: role id "
+ roleId
+ " already used in group "
+ m_azg.getReference()
+ rException.getMessage());
}
}
}
} catch (Exception e1) {
M_log.warn(
"getAzg: cannot access realm of " + m_site.getReference() + e1.getMessage());
}
}
} catch (Throwable t) {
M_log.warn("getAzg: " + t);
}
}
}
return m_azg;
}