protected Role cloneRole(Role role, Set<String> roleNames, EntityManager em) { Role roleClone = metadata.create(Role.class); String newRoleName = generateName(role.getName(), roleNames); roleClone.setName(newRoleName); roleClone.setType(role.getType()); roleClone.setDefaultRole(role.getDefaultRole()); roleClone.setLocName(role.getLocName()); roleClone.setDescription(role.getDescription()); em.persist(roleClone); if (role.getPermissions() != null) { for (Permission permission : role.getPermissions()) { Permission permissionClone = clonePermission(permission, roleClone); em.persist(permissionClone); } } return roleClone; }
/** * INTERNAL */ public UserSession(UUID id, User user, Collection<Role> roles, Locale locale, boolean system) { this.id = id; this.user = user; this.system = system; for (Role role : roles) { this.roles.add(role.getName()); if (role.getType() != null) roleTypes.add(role.getType()); } this.locale = locale; if (user.getTimeZone() != null) this.timeZone = TimeZone.getTimeZone(user.getTimeZone()); //noinspection unchecked permissions = new Map[PermissionType.values().length]; for (int i = 0; i < permissions.length; i++) { permissions[i] = new HashMap<>(); } constraints = new HashMap<>(); attributes = new ConcurrentHashMap<>(); localAttributes = new ConcurrentHashMap<>(); }
/** * Apply security constraints for query to select reports available by roles and screen restrictions */ public void applySecurityPolicies(LoadContext lc, @Nullable String screen, @Nullable User user) { QueryTransformer transformer = queryTransformerFactory.transformer(lc.getQuery().getQueryString()); if (screen != null) { transformer.addWhereAsIs("r.screensIdx like :screen escape '\\'"); lc.getQuery().setParameter("screen", wrapIdxParameterForSearch(screen)); } if (user != null) { List<UserRole> userRoles = user.getUserRoles(); boolean superRole = userRoles.stream().anyMatch(userRole -> userRole.getRole().getType() == RoleType.SUPER); if (!superRole) { StringBuilder roleCondition = new StringBuilder("r.rolesIdx is null"); for (int i = 0; i < userRoles.size(); i++) { UserRole ur = userRoles.get(i); String paramName = "role" + (i + 1); roleCondition.append(" or r.rolesIdx like :").append(paramName).append(" escape '\\'"); lc.getQuery().setParameter(paramName, wrapIdxParameterForSearch(ur.getRole().getId().toString())); } transformer.addWhereAsIs(roleCondition.toString()); } } lc.getQuery().setQueryString(transformer.getResult()); }
public String generateMatchingRuleRolesAccessGroupColumn(AbstractCommonMatchingRule entity) { if (CUSTOM == entity.getRuleType()) return StringUtils.EMPTY; AbstractDbStoredMatchingRule dbStoredMatchingRule = ((AbstractDbStoredMatchingRule) entity); StringBuilder sb = new StringBuilder("Roles: "); for (Role role : ((AbstractDbStoredMatchingRule) entity).getRoles()) { sb.append(role.getName()); sb.append(";"); } sb.append("\n"); sb.append("Access group: "); sb.append(dbStoredMatchingRule.getAccessGroup() == null ? StringUtils.EMPTY : dbStoredMatchingRule.getAccessGroup().getName()); return sb.toString(); }
.withCaption(getMessage("actions.Copy")) .withHandler(event -> { userManagementService.copyRole(rolesTable.getSingleSelected().getId()); rolesDs.refresh(); }); if (DEFAULT_ROLE_PROPERTY.equals(e.getProperty())) { Role reloadedRole = dataManager.reload(e.getItem(), View.LOCAL); reloadedRole.setDefaultRole(e.getItem().getDefaultRole()); rolesDs.updateItem(reloadedRole); rolesDs.modifyItem(reloadedRole);
protected void compilePermissions(UserSession session, List<Role> roles) { for (Role role : roles) { if (RoleType.SUPER.equals(role.getType())) { // Don't waste memory, as the user with SUPER role has all permissions. return; } } for (Role role : roles) { for (Permission permission : role.getPermissions()) { PermissionType type = permission.getType(); if (type != null && permission.getValue() != null) { try { session.addPermission(type, permission.getTarget(), convertToExtendedEntityTarget(permission), permission.getValue()); } catch (Exception ignored) {} } } } defaultPermissionValuesConfig.getDefaultPermissionValues().forEach((target, permission) -> { if (session.getPermissionValue(permission.getType(), permission.getTarget()) == null) { session.addPermission(permission.getType(), permission.getTarget(), convertToExtendedEntityTarget(permission), permission.getValue()); } }); }
protected List<BIReport> applySecurityPolicies(User user, List<BIReport> reports) { if (user != null) { List<BIReport> filter = new ArrayList<>(); for (BIReport report : reports) { Set<BIReportRole> biReportRoles = report.getRoles(); if (biReportRoles == null || biReportRoles.size() == 0) { filter.add(report); } else { List<UserRole> userRoles = user.getUserRoles(); Set biRoles = biReportRoles.stream().map(BIReportRole::getRole).collect(Collectors.toSet()); userRoles.stream().filter(userRole -> { //noinspection CodeBlock2Expr return biRoles.contains(userRole.getRole()) || userRole.getRole().getType() == RoleType.SUPER; }).findFirst().ifPresent(userRole -> { //noinspection CodeBlock2Expr filter.add(report); }); } } return filter; } else { return reports; } } }
protected void storeIndexFields(Report report) { if (PersistenceHelper.isLoaded(report, "xml")) { StringBuilder entityTypes = new StringBuilder(IDX_SEPARATOR); if (report.getInputParameters() != null) { for (ReportInputParameter parameter : report.getInputParameters()) { if (isNotBlank(parameter.getEntityMetaClass())) { entityTypes.append(parameter.getEntityMetaClass()) .append(IDX_SEPARATOR); } } } report.setInputEntityTypesIdx(entityTypes.length() > 1 ? entityTypes.toString() : null); StringBuilder screens = new StringBuilder(IDX_SEPARATOR); if (report.getReportScreens() != null) { for (ReportScreen reportScreen : report.getReportScreens()) { screens.append(reportScreen.getScreenId()) .append(IDX_SEPARATOR); } } report.setScreensIdx(screens.length() > 1 ? screens.toString() : null); StringBuilder roles = new StringBuilder(IDX_SEPARATOR); if (report.getRoles() != null) { for (Role role : report.getRoles()) { roles.append(role.getId().toString()) .append(IDX_SEPARATOR); } } report.setRolesIdx(roles.length() > 1 ? roles.toString() : null); } }
private boolean hasDefaultRole(Set selected) { for (Object roleObj : selected) { UserRole role = (UserRole) roleObj; if (Boolean.TRUE.equals(role.getRole().getDefaultRole())) return true; } return false; } }
protected void addDefaultRoles(User user, EntityManager entityManager) { List<Role> defaultRoles = entityManager.createQuery( "select r from sec$Role r where r.defaultRole = true", Role.class) .getResultList(); if (user.getUserRoles() == null) user.setUserRoles(new ArrayList<>()); for (Role defaultRole : defaultRoles) { if (user.getUserRoles().stream().noneMatch(userRole -> userRole.getRole().equals(defaultRole))) { UserRole userRole = metadata.create(UserRole.class); userRole.setUser(user); userRole.setRole(defaultRole); entityManager.persist(userRole); user.getUserRoles().add(userRole); } } }
public void generateInsert() { setCopyButtonVisible(); scriptArea.setEditable(true); if (item instanceof Role) { View localView = metadata.getViewRepository().getView(Role.class, View.LOCAL); View roleView = new View(localView, Role.class, "role-export-view", true) .addProperty("permissions", metadata.getViewRepository().getView(Permission.class, View.LOCAL)); item = getDsContext().getDataSupplier().reload(item, roleView); StringBuilder result = new StringBuilder(); result.append(sqlGenerationService.generateInsertScript(item)).append("\n"); for (Permission permission : ((Role) item).getPermissions()) { result.append(sqlGenerationService.generateInsertScript(permission)).append("\n"); } scriptArea.setValue(result.toString()); } else { scriptArea.setValue(sqlGenerationService.generateInsertScript(item)); } showScriptArea(); }
@Override public Role copyRole(UUID roleId) { checkNotNullArgument(roleId, "Null access role id"); checkUpdatePermission(Role.class); Role clone; Transaction tx = persistence.getTransaction(); try { EntityManager em = persistence.getEntityManager(); Query roleNamesQuery = em.createQuery("select g.name from sec$Role g"); @SuppressWarnings("unchecked") Set<String> roleNames = new HashSet<>(roleNamesQuery.getResultList()); Role role = em.find(Role.class, roleId, ROLE_COPY_VIEW); if (role == null) throw new IllegalStateException("Unable to find specified role with id: " + roleId); clone = cloneRole(role, roleNames, em); clone.setDefaultRole(false); tx.commit(); } finally { tx.end(); } return clone; }
protected Collection<String> getExistingRoleNames() { User user = userDs.getItem(); Collection<String> existingRoleNames = new HashSet<>(); if (user.getUserRoles() != null) { for (UserRole userRole : user.getUserRoles()) { if (userRole.getRole() != null) existingRoleNames.add(userRole.getRole().getName()); } } return existingRoleNames; }
@Override public void actionPerform(Component component) { if (lookupRolesDs.getItem() != null && !rolesDs.containsItem(lookupRolesDs.getItem().getId())) { rolesDs.addItem(lookupRolesDs.getItem()); } }
for (UserRole oldUserRole : selectedUser.getUserRoles()) { Role oldRole = dataSupplier.reload(oldUserRole.getRole(), "_local"); if (BooleanUtils.isTrue(oldRole.getDefaultRole())) { continue;
protected void assignRoleUsers(Role role, Collection<User> items) { if (items == null) return; List<Entity> toCommit = new ArrayList<>(); for (User user : items) { LoadContext<UserRole> ctx = LoadContext.create(UserRole.class) .setView("user.edit") .setQuery(new LoadContext.Query("select ur from sec$UserRole ur where ur.user.id = :userId") .setParameter("userId", user.getId()) ); List<UserRole> userRoles = dataManager.loadList(ctx); boolean roleExist = false; for (UserRole userRole : userRoles) { if (role.equals(userRole.getRole())) { roleExist = true; break; } } if (!roleExist) { UserRole ur = metadata.create(UserRole.class); ur.setUser(user); ur.setRole(role); toCommit.add(ur); } } if (!toCommit.isEmpty()) { dataManager.commit(new CommitContext(toCommit)); } showNotification(getMessage("rolesAssigned.msg")); }
@Override protected void postInit() { setCaption(entityStates.isNew(getItem()) ? getMessage("createCaption") : formatMessage("editCaption", getItem().getName())); screensTabFrame.loadPermissions(); } }