private boolean hasDefaultRole(Set selected) { for (Object roleObj : selected) { UserRole role = (UserRole) roleObj; if (Boolean.TRUE.equals(role.getRole().getDefaultRole())) return true; } return false; } }
protected Collection<String> getExistingRoleNames() { User user = userDs.getItem(); Collection<String> existingRoleNames = new HashSet<>(); if (user.getUserRoles() != null) { for (UserRole userRole : user.getUserRoles()) { if (userRole.getRole() != null) existingRoleNames.add(userRole.getRole().getName()); } } return existingRoleNames; }
protected List<BIReport> applySecurityPolicies(User user, List<BIReport> reports) { if (user != null) { List<BIReport> filter = new ArrayList<>(); for (BIReport report : reports) { Set<BIReportRole> biReportRoles = report.getRoles(); if (biReportRoles == null || biReportRoles.size() == 0) { filter.add(report); } else { List<UserRole> userRoles = user.getUserRoles(); Set biRoles = biReportRoles.stream().map(BIReportRole::getRole).collect(Collectors.toSet()); userRoles.stream().filter(userRole -> { //noinspection CodeBlock2Expr return biRoles.contains(userRole.getRole()) || userRole.getRole().getType() == RoleType.SUPER; }).findFirst().ifPresent(userRole -> { //noinspection CodeBlock2Expr filter.add(report); }); } } return filter; } else { return reports; } } }
/** * INTERNAL */ public void clearPermissionsOnUser(UserSession session) { List<User> users = new ArrayList<>(); users.add(session.getUser()); if (session.getSubstitutedUser() != null) { users.add(session.getSubstitutedUser()); } for (User user : users) { if (entityStates.isDetached(user) && user.getUserRoles() != null) { for (UserRole userRole : user.getUserRoles()) { Role role = userRole.getRole(); if (userRole.getRole() != null && entityStates.isLoaded(role, "permissions")) { userRole.getRole().setPermissions(null); } } } } } }
/** * Create a new session and fill it with security data. Must be called inside a transaction. * @param sessionId target session id * @param user user instance * @param locale user locale * @param system create system session * @return new session instance */ public UserSession createSession(UUID sessionId, User user, Locale locale, boolean system) { List<Role> roles = new ArrayList<>(); for (UserRole userRole : user.getUserRoles()) { if (userRole.getRole() != null) { roles.add(userRole.getRole()); } } UserSession session = new UserSession(sessionId, user, roles, locale, system); compilePermissions(session, roles); if (user.getGroup() == null) throw new IllegalStateException("User is not in a Group"); compileConstraints(session, user.getGroup()); compileSessionAttributes(session, user.getGroup()); return session; }
/** * Create a new session from existing for another user and fill it with security data for that new user. * Must be called inside a transaction. * @param src existing session * @param user another user instance * @return new session with the same ID as existing */ public UserSession createSession(UserSession src, User user) { List<Role> roles = new ArrayList<>(); for (UserRole userRole : user.getUserRoles()) { if (userRole.getRole() != null) { roles.add(userRole.getRole()); } } UserSession session = new UserSession(src, user, roles, src.getLocale()); compilePermissions(session, roles); if (user.getGroup() == null) throw new IllegalStateException("User is not in a Group"); compileConstraints(session, user.getGroup()); compileSessionAttributes(session, user.getGroup()); return session; }
/** * Apply security constraints for query to select reports available by roles and screen restrictions */ public void applySecurityPolicies(LoadContext lc, @Nullable String screen, @Nullable User user) { QueryTransformer transformer = queryTransformerFactory.transformer(lc.getQuery().getQueryString()); if (screen != null) { transformer.addWhereAsIs("r.screensIdx like :screen escape '\\'"); lc.getQuery().setParameter("screen", wrapIdxParameterForSearch(screen)); } if (user != null) { List<UserRole> userRoles = user.getUserRoles(); boolean superRole = userRoles.stream().anyMatch(userRole -> userRole.getRole().getType() == RoleType.SUPER); if (!superRole) { StringBuilder roleCondition = new StringBuilder("r.rolesIdx is null"); for (int i = 0; i < userRoles.size(); i++) { UserRole ur = userRoles.get(i); String paramName = "role" + (i + 1); roleCondition.append(" or r.rolesIdx like :").append(paramName).append(" escape '\\'"); lc.getQuery().setParameter(paramName, wrapIdxParameterForSearch(ur.getRole().getId().toString())); } transformer.addWhereAsIs(roleCondition.toString()); } } lc.getQuery().setQueryString(transformer.getResult()); }
@Override public void actionPerform(Component component) { if (rolesDs.getItem() == null) return; Window window = openEditor("sec$Role.edit", rolesDs.getItem().getRole(), OpenType.THIS_TAB); window.addCloseListener(actionId -> { if (Window.COMMIT_ACTION_ID.equals(actionId)) { rolesDs.refresh(); } rolesTable.focus(); }); } }
protected void addDefaultRoles(User user, EntityManager entityManager) { List<Role> defaultRoles = entityManager.createQuery( "select r from sec$Role r where r.defaultRole = true", Role.class) .getResultList(); if (user.getUserRoles() == null) user.setUserRoles(new ArrayList<>()); for (Role defaultRole : defaultRoles) { if (user.getUserRoles().stream().noneMatch(userRole -> userRole.getRole().equals(defaultRole))) { UserRole userRole = metadata.create(UserRole.class); userRole.setUser(user); userRole.setRole(defaultRole); entityManager.persist(userRole); user.getUserRoles().add(userRole); } } }
public Integer getPermissionValue(User user, PermissionType permissionType, String target) { Integer result; List<Role> roles = new ArrayList<>(); Transaction tx = persistence.createTransaction(); try { EntityManager em = persistence.getEntityManager(); user = em.find(User.class, user.getId()); for (UserRole userRole : user.getUserRoles()) { if (userRole.getRole() != null) { roles.add(userRole.getRole()); } } UserSession session = new UserSession(uuidSource.createUuid(), user, roles, userSessionSource.getLocale(), false); compilePermissions(session, roles); result = session.getPermissionValue(permissionType, target); tx.commit(); } finally { tx.end(); } return result; }
List<UserRole> userRoles = new ArrayList<>(); for (UserRole oldUserRole : selectedUser.getUserRoles()) { Role oldRole = dataSupplier.reload(oldUserRole.getRole(), "_local"); if (BooleanUtils.isTrue(oldRole.getDefaultRole())) { continue;
protected void assignRoleUsers(Role role, Collection<User> items) { if (items == null) return; List<Entity> toCommit = new ArrayList<>(); for (User user : items) { LoadContext<UserRole> ctx = LoadContext.create(UserRole.class) .setView("user.edit") .setQuery(new LoadContext.Query("select ur from sec$UserRole ur where ur.user.id = :userId") .setParameter("userId", user.getId()) ); List<UserRole> userRoles = dataManager.loadList(ctx); boolean roleExist = false; for (UserRole userRole : userRoles) { if (role.equals(userRole.getRole())) { roleExist = true; break; } } if (!roleExist) { UserRole ur = metadata.create(UserRole.class); ur.setUser(user); ur.setRole(role); toCommit.add(ur); } } if (!toCommit.isEmpty()) { dataManager.commit(new CommitContext(toCommit)); } showNotification(getMessage("rolesAssigned.msg")); }
@Override protected void postInit() { activeField.setEnabled(!userManagementService.isAnonymousUser(getItem().getLogin())); setCaption(PersistenceHelper.isNew(getItem()) ? getMessage("createCaption") : formatMessage("editCaption", getItem().getLogin())); timeZoneLookup.setEnabled(!Boolean.TRUE.equals(getItem().getTimeZoneAuto())); // Do not show roles which are not allowed by security constraints LoadContext<Role> lc = new LoadContext<>(Role.class); lc.setQueryString("select r from sec$Role r"); lc.setView(View.MINIMAL); List<Role> allowedRoles = dataSupplier.loadList(lc); Collection<UserRole> userRoles = new ArrayList<>(rolesDs.getItems()); for (UserRole userRole : userRoles) { if (!allowedRoles.contains(userRole.getRole())) { rolesDs.excludeItem(userRole); } } if (BooleanUtils.isTrue(initCopy)) { initCopy(); } // if we add default roles, rolesDs becomes modified on setItem ((AbstractDatasource) rolesDs).setModified(false); }