edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2SubjectPermission Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of grouper-ui Show documentation
Show all versions of grouper-ui Show documentation
Internet2 Groups Management User Interface
package edu.internet2.middleware.grouper.grouperUi.serviceLogic;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Comparator;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import edu.internet2.middleware.grouperClient.collections.MultiKey;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import edu.emory.mathcs.backport.java.util.Collections;
import edu.internet2.middleware.grouper.Group;
import edu.internet2.middleware.grouper.GroupFinder;
import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.Member;
import edu.internet2.middleware.grouper.MemberFinder;
import edu.internet2.middleware.grouper.Membership;
import edu.internet2.middleware.grouper.attr.AttributeDef;
import edu.internet2.middleware.grouper.attr.AttributeDefName;
import edu.internet2.middleware.grouper.attr.AttributeDefValueType;
import edu.internet2.middleware.grouper.attr.assign.AttributeAssign;
import edu.internet2.middleware.grouper.attr.assign.AttributeAssignAction;
import edu.internet2.middleware.grouper.attr.assign.AttributeAssignResult;
import edu.internet2.middleware.grouper.attr.assign.AttributeAssignType;
import edu.internet2.middleware.grouper.attr.finder.AttributeAssignFinder;
import edu.internet2.middleware.grouper.attr.finder.AttributeDefFinder;
import edu.internet2.middleware.grouper.attr.finder.AttributeDefNameFinder;
import edu.internet2.middleware.grouper.attr.value.AttributeAssignValue;
import edu.internet2.middleware.grouper.exception.LimitInvalidException;
import edu.internet2.middleware.grouper.group.TypeOfGroup;
import edu.internet2.middleware.grouper.grouperUi.beans.api.GuiAttributeAssign;
import edu.internet2.middleware.grouper.grouperUi.beans.api.GuiAttributeDef;
import edu.internet2.middleware.grouper.grouperUi.beans.api.GuiAttributeDefName;
import edu.internet2.middleware.grouper.grouperUi.beans.api.GuiGroup;
import edu.internet2.middleware.grouper.grouperUi.beans.api.GuiMember;
import edu.internet2.middleware.grouper.grouperUi.beans.api.GuiPermissionEntry;
import edu.internet2.middleware.grouper.grouperUi.beans.api.GuiPermissionEntryActionsContainer;
import edu.internet2.middleware.grouper.grouperUi.beans.dojo.DojoComboLogic;
import edu.internet2.middleware.grouper.grouperUi.beans.dojo.DojoComboQueryLogicBase;
import edu.internet2.middleware.grouper.grouperUi.beans.json.GuiResponseJs;
import edu.internet2.middleware.grouper.grouperUi.beans.json.GuiScreenAction;
import edu.internet2.middleware.grouper.grouperUi.beans.json.GuiScreenAction.GuiMessageType;
import edu.internet2.middleware.grouper.grouperUi.beans.permissionUpdate.PermissionUpdateRequestContainer;
import edu.internet2.middleware.grouper.grouperUi.beans.ui.GrouperRequestContainer;
import edu.internet2.middleware.grouper.grouperUi.beans.ui.PermissionContainer;
import edu.internet2.middleware.grouper.grouperUi.beans.ui.TextContainer;
import edu.internet2.middleware.grouper.misc.GrouperDAOFactory;
import edu.internet2.middleware.grouper.permissions.PermissionAllowed;
import edu.internet2.middleware.grouper.permissions.PermissionEntry;
import edu.internet2.middleware.grouper.permissions.PermissionEntry.PermissionType;
import edu.internet2.middleware.grouper.permissions.PermissionEntryUtils;
import edu.internet2.middleware.grouper.permissions.PermissionFinder;
import edu.internet2.middleware.grouper.permissions.PermissionHeuristic;
import edu.internet2.middleware.grouper.permissions.PermissionHeuristicBetter;
import edu.internet2.middleware.grouper.permissions.PermissionHeuristics;
import edu.internet2.middleware.grouper.permissions.PermissionProcessor;
import edu.internet2.middleware.grouper.permissions.PermissionRoleDelegate;
import edu.internet2.middleware.grouper.permissions.limits.PermissionLimitBean;
import edu.internet2.middleware.grouper.permissions.limits.PermissionLimitDocumentation;
import edu.internet2.middleware.grouper.permissions.role.Role;
import edu.internet2.middleware.grouper.privs.PrivilegeHelper;
import edu.internet2.middleware.grouper.ui.GrouperUiFilter;
import edu.internet2.middleware.grouper.ui.exceptions.ControllerDone;
import edu.internet2.middleware.grouper.ui.exceptions.NoSessionException;
import edu.internet2.middleware.grouper.ui.tags.TagUtils;
import edu.internet2.middleware.grouper.ui.tags.menu.DhtmlxMenu;
import edu.internet2.middleware.grouper.ui.tags.menu.DhtmlxMenuItem;
import edu.internet2.middleware.grouper.ui.util.GrouperUiUtils;
import edu.internet2.middleware.grouper.ui.util.HttpContentType;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.subject.Subject;
/**
* @author vsachdeva
*/
public class UiV2SubjectPermission {
/** logger */
private static final Log LOG = GrouperUtil.getLog(UiV2SubjectPermission.class);
/**
* show permissions screen for a subject
* @param request
* @param response
*/
public void subjectPermission(HttpServletRequest request, HttpServletResponse response) {
final Subject loggedInSubject = GrouperUiFilter.retrieveSubjectLoggedIn();
GrouperSession grouperSession = null;
try {
grouperSession = GrouperSession.start(loggedInSubject);
Subject subject = UiV2Subject.retrieveSubjectHelper(request, true);
Member member = MemberFinder.findBySubject(grouperSession, subject, true);
final GuiResponseJs guiResponseJs = GuiResponseJs.retrieveGuiResponseJs();
PermissionContainer permissionContainer = GrouperRequestContainer.retrieveFromRequestOrCreate().getPermissionContainer();
permissionContainer.setGuiMember(new GuiMember(member));
guiResponseJs.addAction(GuiScreenAction.newInnerHtmlFromJsp("#grouperMainContentDivId",
"/WEB-INF/grouperUi2/subjectPermissions/subjectPermission.jsp"));
memberViewPermissionsHelper(request, response, member);
} finally {
GrouperSession.stopQuietly(grouperSession);
}
}
/**
* save permission assignment in the database.
* @param request
* @param response
*/
public void assignSubjectPermissionSubmit(final HttpServletRequest request, final HttpServletResponse response) {
final Subject loggedInSubject = GrouperUiFilter.retrieveSubjectLoggedIn();
GrouperSession grouperSession = null;
Subject subjectToAssignPermissionTo = null;
try {
grouperSession = GrouperSession.start(loggedInSubject);
subjectToAssignPermissionTo = UiV2Subject.retrieveSubjectHelper(request, true);
if (subjectToAssignPermissionTo == null) {
return;
}
Member member = MemberFinder.findBySubject(grouperSession, subjectToAssignPermissionTo, true);
GuiResponseJs guiResponseJs = GuiResponseJs.retrieveGuiResponseJs();
String permissionDefId = request.getParameter("permissionDefComboName");
String permissionDefNameId = request.getParameter("permissionResourceNameComboName");
String actionId = request.getParameter("permissionActionComboName");
String roleId = request.getParameter("subjectRoleComboName");
String permissionAllowed = request.getParameter("permissionAddAllowed[]");
AttributeDef attributeDef = null;
if (!StringUtils.isBlank(permissionDefId)) {
attributeDef = AttributeDefFinder.findById(permissionDefId, false);
}
AttributeDefName attributeDefName = null;
if (!StringUtils.isBlank(permissionDefNameId)) {
attributeDefName = AttributeDefNameFinder.findById(permissionDefNameId, false);
}
if (attributeDefName == null) {
guiResponseJs.addAction(GuiScreenAction.newValidationMessage(GuiMessageType.error,
"#permissionResourceNameComboErrorId",
TextContainer.retrieveFromRequest().getText().get("subjectAssignPermissionInvalidPermissionResourceNameError")));
return;
}
if (attributeDef != null && !attributeDefName.getAttributeDef().getId().equals(attributeDef.getId())) {
guiResponseJs.addAction(GuiScreenAction.newValidationMessage(GuiMessageType.error,
"#permissionResourceNameComboErrorId",
TextContainer.retrieveFromRequest().getText().get("subjectAssignPermissionInvalidPermissionResourceNameError")));
return;
}
if (StringUtils.isBlank(actionId)) {
guiResponseJs.addAction(GuiScreenAction.newValidationMessage(GuiMessageType.error,
"#permissionActionComboErrorId",
TextContainer.retrieveFromRequest().getText().get("subjectAssignPermissionBlankActionError")));
return;
}
if (StringUtils.isBlank(roleId)) {
guiResponseJs.addAction(GuiScreenAction.newValidationMessage(GuiMessageType.error,
"#subjectRoleComboErrorId",
TextContainer.retrieveFromRequest().getText().get("subjectAssignPermissionBlankRoleError")));
return;
}
Group role = GroupFinder.findByUuid(grouperSession, roleId, false);
if (role == null) {
guiResponseJs.addAction(GuiScreenAction.newValidationMessage(GuiMessageType.error,
"#subjectRoleComboErrorId",
TextContainer.retrieveFromRequest().getText().get("subjectAssignPermissionBlankRoleError")));
return;
}
if (role.getTypeOfGroup() != TypeOfGroup.role) {
guiResponseJs.addAction(GuiScreenAction.newValidationMessage(GuiMessageType.error,
"#subjectRoleComboErrorId",
TextContainer.retrieveFromRequest().getText().get("subjectAssignPermissionGroupNotTypeRoleError")));
return;
}
PermissionAllowed permAllowed = null;
try {
permAllowed = PermissionAllowed.valueOf(permissionAllowed);
} catch(Exception e) {
throw new RuntimeException("Permission allowed value is not valid.");
}
Set allowedActions = attributeDefName.getAttributeDef().getAttributeDefActionDelegate().allowedActions();
AttributeAssignAction attributeAssignAction = null;
for (AttributeAssignAction assignAction: allowedActions) {
if (assignAction.getId().equals(actionId)) {
attributeAssignAction = assignAction;
break;
}
}
if (attributeAssignAction == null) {
guiResponseJs.addAction(GuiScreenAction.newValidationMessage(GuiMessageType.error,
"#permissionActionComboErrorId",
TextContainer.retrieveFromRequest().getText().get("subjectAssignPermissionInvalidActionError")));
return;
}
Set memberships = GrouperUtil.nonNull(((Group)role).getMemberships(Group.getDefaultList(), GrouperUtil.toSet(member)));
//we just need one
if (GrouperUtil.length(memberships) == 0) {
guiResponseJs.addAction(GuiScreenAction.newValidationMessage(GuiMessageType.error,
"#subjectRoleComboErrorId",
TextContainer.retrieveFromRequest().getText().get("subjectAssignPermissionSubjectNotMemberOfRole")));
return;
}
PermissionRoleDelegate permissionRoleDelegate = role.getPermissionRoleDelegate();
permissionRoleDelegate.assignSubjectRolePermission(attributeAssignAction.getName(), attributeDefName, member, permAllowed);
PermissionContainer permissionContainer = GrouperRequestContainer.retrieveFromRequestOrCreate().getPermissionContainer();
permissionContainer.setGuiMember(new GuiMember(member));
guiResponseJs.addAction(GuiScreenAction.newScript("guiV2link('operation=UiV2SubjectPermission.subjectPermission&subjectId=" + subjectToAssignPermissionTo.getId() + "')"));
//lets show a success message on the new screen
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.success,
TextContainer.retrieveFromRequest().getText().get("subjectAssignPermissionSuccess")));
} finally {
GrouperSession.stopQuietly(grouperSession);
}
}
/**
* assign limit
* @param request
* @param response
*/
public void assignLimitSubmit(final HttpServletRequest request, final HttpServletResponse response) {
final Subject loggedInSubject = GrouperUiFilter.retrieveSubjectLoggedIn();
GrouperSession grouperSession = null;
try {
grouperSession = GrouperSession.start(loggedInSubject);
Subject subject = UiV2Subject.retrieveSubjectHelper(request, true);
if (subject == null) {
return;
}
GuiResponseJs guiResponseJs = GuiResponseJs.retrieveGuiResponseJs();
String permissionAssignTypeString = request.getParameter("permissionAssignType");
if (StringUtils.isBlank(permissionAssignTypeString)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionAssign.requiredOwnerType")));
return;
}
PermissionType permissionAssignType = PermissionType.valueOfIgnoreCase(permissionAssignTypeString, false);
if (permissionAssignType == null) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionAssign.requiredOwnerType")));
return;
}
PermissionUpdateRequestContainer permissionUpdateRequestContainer = PermissionUpdateRequestContainer.retrieveFromRequestOrCreate();
permissionUpdateRequestContainer.setPermissionType(permissionAssignType);
String permissionAssignmentId = request.getParameter("permissionAssignmentId");
AttributeAssign permissionAssign = AttributeAssignFinder.findById(permissionAssignmentId, true);
//get current state
Role role = null;
{
String roleId = permissionAssign.getOwnerGroupId();
role = GroupFinder.findByUuid(grouperSession, roleId, true);
if (!((Group)role).hasGroupAttrUpdate(loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorCantManageRole")));
return;
}
}
Member member = permissionAssign.getOwnerMember();
AttributeDef attributeDef = null;
AttributeDefName attributeDefName = null;
{
String attributeDefNameId = permissionAssign.getAttributeDefNameId();
attributeDefName = AttributeDefNameFinder.findById(attributeDefNameId, true);
attributeDef = attributeDefName.getAttributeDef();
if (!PrivilegeHelper.canAttrUpdate(GrouperSession.staticGrouperSession(), attributeDef, loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorCantEditAttributeDef")));
return;
}
}
String limitId = request.getParameter("limitResourceNameComboName");
if (StringUtils.isBlank(limitId)) {
guiResponseJs.addAction(GuiScreenAction.newValidationMessage(GuiMessageType.error,
"#limitResourceNameComboErrorId",
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorLimitNameIsRequired")));
return;
}
AttributeDefName limitName = AttributeDefNameFinder.findById(limitId, false);
if (limitName == null) {
guiResponseJs.addAction(GuiScreenAction.newValidationMessage(GuiMessageType.error,
"#limitResourceNameComboErrorId",
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorLimitNameIsRequired")));
return;
}
AttributeDef limitDef = limitName.getAttributeDef();
if (!PrivilegeHelper.canAttrUpdate(GrouperSession.staticGrouperSession(), limitDef, loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorCantEditLimit")));
return;
}
String screenMessage = TagUtils.navResourceString("simplePermissionUpdate.addLimitSuccess");
AttributeAssignResult attributeAssignResult = null;
if (limitDef.isMultiAssignable()) {
attributeAssignResult = permissionAssign.getAttributeDelegate().addAttribute(limitName);
} else {
attributeAssignResult = permissionAssign.getAttributeDelegate().assignAttribute(limitName);
if (!attributeAssignResult.isChanged()) {
screenMessage = TagUtils.navResourceString("simplePermissionUpdate.addLimitAlreadyAssigned");
}
}
String addLimitValue = request.getParameter("addLimitValue");
if (!StringUtils.isBlank(addLimitValue)) {
AttributeAssign limitAssign = attributeAssignResult.getAttributeAssign();
try {
AttributeAssignValue attributeAssignValue = new AttributeAssignValue();
attributeAssignValue.setAttributeAssignId(limitAssign.getId());
if (!assignLimitValueAndValidate(guiResponseJs, limitDef, null, attributeAssignValue, addLimitValue)) {
//had trouble with value, dont do the limit
limitAssign.delete();
return;
}
screenMessage = screenMessage + "
" + TagUtils.navResourceString("simplePermissionUpdate.addLimitValueSuccess");
} catch (Exception e) {
LOG.info("Error assigning value: " + addLimitValue + ", to assignment: " + limitAssign.getId(), e);
try {
//had trouble with value, dont do the limit
limitAssign.delete();
} catch (Exception e2) {
LOG.error("Cant clean up assignment", e2);
}
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.addLimitValueError") +
" " + e.getClass().getSimpleName() + ": " + GrouperUiUtils.escapeHtml(e.getMessage(), true)));
return;
}
}
guiResponseJs.addAction(GuiScreenAction.newInnerHtmlFromJsp("#grouperMainContentDivId",
"/WEB-INF/grouperUi2/subjectPermissions/subjectPermission.jsp"));
memberViewPermissionsHelper(request, response, member);
//lets show a message on the new screen
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.success, screenMessage));
} finally {
GrouperSession.stopQuietly(grouperSession);
}
}
/**
* assign a limit value to the limit value object, and validate that ok
* @param guiResponseJs
* @param limitAssign
* @param limitDef
* @param limitAssignValueId for logging, could be null on insert
* @param limitAssignValues
* @param attributeAssignValue
* @param valueToEdit
* @return true if ok, false if not ok
*/
private boolean assignLimitValueAndValidate(GuiResponseJs guiResponseJs,AttributeDef limitDef, String limitAssignValueId,
AttributeAssignValue attributeAssignValue, String valueToEdit) {
try {
attributeAssignValue.assignValue(valueToEdit);
attributeAssignValue.saveOrUpdate();
} catch (LimitInvalidException lie) {
PermissionLimitDocumentation error = lie.getPermissionLimitDocumentation();
if (error != null) {
String documentation = TagUtils.navResourceString(error.getDocumentationKey());
for (int i=0; i> permissionEntryLimitBeanMap = permissionFinder.findPermissionsAndLimits();
//lets keep track of all limits for documentation
{
for (Set permissionLimitBeanSet : GrouperUtil.nonNull(permissionEntryLimitBeanMap).values()) {
for (PermissionLimitBean permissionLimitBean : GrouperUtil.nonNull(permissionLimitBeanSet)) {
permissionUpdateRequestContainer.getAllLimitsOnScreen().add(permissionLimitBean.getLimitAssign().getAttributeDefName());
}
}
//lets sort the limits on screen
List attributeDefNameList = new ArrayList(permissionUpdateRequestContainer.getAllLimitsOnScreen());
Collections.sort(attributeDefNameList, new Comparator() {
@Override
public int compare(AttributeDefName o1, AttributeDefName o2) {
return StringUtils.defaultString(o1.getDisplayExtension()).compareTo(StringUtils.defaultString(o2.getDisplayExtension()));
}
});
permissionUpdateRequestContainer.getAllLimitsOnScreen().clear();
permissionUpdateRequestContainer.getAllLimitsOnScreen().addAll(attributeDefNameList);
}
Set permissionEntriesFromDb = permissionEntryLimitBeanMap.keySet();
List guiPermissionEntryActionsContainers = new ArrayList();
//lets link the set of actions (alphabetized), to a GuiPermissionEntryActionsContainer
Map actionsToPermissionsEntryActionsContainer
= new HashMap();
//lets link the attribute def id to a GuiPermissionEntryActionsContainer to save time since the attributeDefId has the same set of actions
Map attributeDefIdToPermissionsEntryActionsContainer
= new HashMap();
//we need all actions so the screen knows how many columns etc
Set allActionsSet = new TreeSet();
//process the permissions to group up the GuiPermissionEntryActionsContainers
for (PermissionEntry permissionEntry : permissionEntriesFromDb) {
String attributeDefId = permissionEntry.getAttributeDefId();
//see if we are all set
GuiPermissionEntryActionsContainer guiPermissionEntryActionsContainer
= attributeDefIdToPermissionsEntryActionsContainer.get(attributeDefId);
if (guiPermissionEntryActionsContainer == null) {
//if we havent done this id yet
//see if we have the actions taken care of
AttributeDef currentAttributeDef = permissionEntry.getAttributeDef();
List actions = null;
actions = new ArrayList(currentAttributeDef.getAttributeDefActionDelegate().allowedActionStrings());
Collections.sort(actions);
allActionsSet.addAll(actions);
Object[] actionsArray = actions.toArray();
MultiKey actionsKey = new MultiKey(actionsArray);
//lets see if these actions are there
guiPermissionEntryActionsContainer = actionsToPermissionsEntryActionsContainer.get(actionsKey);
if (guiPermissionEntryActionsContainer == null) {
guiPermissionEntryActionsContainer = new GuiPermissionEntryActionsContainer();
guiPermissionEntryActionsContainer.setPermissionType(PermissionType.role_subject);
guiPermissionEntryActionsContainer.setRawPermissionEntries(new ArrayList());
guiPermissionEntryActionsContainer.setActions(actions);
guiPermissionEntryActionsContainers.add(guiPermissionEntryActionsContainer);
actionsToPermissionsEntryActionsContainer.put(actionsKey, guiPermissionEntryActionsContainer);
}
attributeDefIdToPermissionsEntryActionsContainer.put(attributeDefId, guiPermissionEntryActionsContainer);
}
guiPermissionEntryActionsContainer.getRawPermissionEntries().add(permissionEntry);
}
List allActionsList = new ArrayList(allActionsSet);
permissionUpdateRequestContainer.setAllActions(allActionsList);
for (GuiPermissionEntryActionsContainer guiPermissionEntryActionsContainer : guiPermissionEntryActionsContainers) {
guiPermissionEntryActionsContainer.processRawEntries(permissionEntryLimitBeanMap);
}
permissionUpdateRequestContainer.setGuiPermissionEntryActionsContainers(guiPermissionEntryActionsContainers);
PermissionContainer permissionContainer = GrouperRequestContainer.retrieveFromRequestOrCreate().getPermissionContainer();
permissionContainer.setGuiMember(new GuiMember(member));
guiResponseJs.addAction(GuiScreenAction.newInnerHtmlFromJsp("#viewPermissions",
"/WEB-INF/grouperUi2/subjectPermissions/subjectViewPermissions.jsp"));
}
/**
* save updated permission assignment
* @param request
* @param response
*/
public void permissionEditSubmit(HttpServletRequest request, HttpServletResponse response) {
final Subject loggedInSubject = GrouperUiFilter.retrieveSubjectLoggedIn();
PermissionUpdateRequestContainer permissionUpdateRequestContainer = PermissionUpdateRequestContainer.retrieveFromRequestOrCreate();
GrouperSession grouperSession = null;
try {
grouperSession = GrouperSession.start(loggedInSubject);
Subject subject = UiV2Subject.retrieveSubjectHelper(request, true);
if (subject == null) {
return;
}
Member member = MemberFinder.findBySubject(grouperSession, subject, false);
GuiResponseJs guiResponseJs = GuiResponseJs.retrieveGuiResponseJs();
String permissionAssignTypeString = request.getParameter("permissionAssignType");
if (StringUtils.isBlank(permissionAssignTypeString)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionAssign.requiredOwnerType")));
return;
}
PermissionType permissionAssignType = PermissionType.valueOfIgnoreCase(permissionAssignTypeString, false);
if (permissionAssignType == null) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionAssign.requiredOwnerType")));
return;
}
permissionUpdateRequestContainer.setPermissionType(permissionAssignType);
String permissionAssignmentId = request.getParameter("permissionAssignmentId");
AttributeAssign attributeAssign = AttributeAssignFinder.findById(permissionAssignmentId, true);
//get current state
Role role = null;
{
String roleId = attributeAssign.getOwnerGroupId();
role = GroupFinder.findByUuid(grouperSession, roleId, true);
if (!((Group)role).hasGroupAttrUpdate(loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorCantManageRole")));
return;
}
}
AttributeDef attributeDef = null;
AttributeDefName attributeDefName = null;
{
String attributeDefNameId = attributeAssign.getAttributeDefNameId();
attributeDefName = AttributeDefNameFinder.findById(attributeDefNameId, true);
attributeDef = attributeDefName.getAttributeDef();
if (!PrivilegeHelper.canAttrUpdate(GrouperSession.staticGrouperSession(), attributeDef, loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorCantEditAttributeDef")));
return;
}
}
{
String enabledDate = request.getParameter("enabledDate");
if (StringUtils.isBlank(enabledDate) ) {
attributeAssign.setEnabledTime(null);
} else {
Timestamp enabledTimestamp = GrouperUtil.stringToTimestampTimeRequiredLocalDateTime(enabledDate);
attributeAssign.setEnabledTime(enabledTimestamp);
}
}
{
String disabledDate = request.getParameter("disabledDate");
if (StringUtils.isBlank(disabledDate) ) {
attributeAssign.setDisabledTime(null);
} else {
Timestamp disabledTimestamp = GrouperUtil.stringToTimestampTimeRequiredLocalDateTime(disabledDate);
attributeAssign.setDisabledTime(disabledTimestamp);
}
}
attributeAssign.saveOrUpdate();
guiResponseJs.addAction(GuiScreenAction.newInnerHtmlFromJsp("#grouperMainContentDivId",
"/WEB-INF/grouperUi2/subjectPermissions/subjectPermission.jsp"));
//go to the view permissions screen
memberViewPermissionsHelper(request, response, member);
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.success,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.assignEditSuccess")));
} finally {
GrouperSession.stopQuietly(grouperSession);
}
}
/**
* submit the add value limit screen
* @param request
* @param response
*/
public void limitAddValueSubmit(HttpServletRequest request, HttpServletResponse response) {
final Subject loggedInSubject = GrouperUiFilter.retrieveSubjectLoggedIn();
GrouperSession grouperSession = null;
try {
grouperSession = GrouperSession.start(loggedInSubject);
Subject subject = UiV2Subject.retrieveSubjectHelper(request, true);
if (subject == null) {
return;
}
Member member = MemberFinder.findBySubject(grouperSession, subject, false);
GuiResponseJs guiResponseJs = GuiResponseJs.retrieveGuiResponseJs();
String limitAssignId = request.getParameter("limitAssignId");
if (StringUtils.isBlank(limitAssignId)) {
throw new RuntimeException("Why is limitAssignId blank???");
}
AttributeAssign limitAssign = GrouperDAOFactory.getFactory().getAttributeAssign().findById(limitAssignId, true, false);
//now we need to check security
if (!PrivilegeHelper.canAttrUpdate(grouperSession, limitAssign.getAttributeDef(), loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionAssign.editLimitNotAllowed")));
return;
}
Role role = null;
{
String roleId = limitAssign.getOwnerAttributeAssign().getOwnerGroupId();
role = GroupFinder.findByUuid(grouperSession, roleId, true);
if (!((Group)role).hasGroupAttrUpdate(loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorCantManageRole")));
return;
}
}
{
String valueToAdd = request.getParameter("valueToAdd");
if (StringUtils.isBlank(valueToAdd) ) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.addLimitValueRequired")));
return;
}
limitAssign.getValueDelegate().addValue(valueToAdd);
}
guiResponseJs.addAction(GuiScreenAction.newInnerHtmlFromJsp("#grouperMainContentDivId",
"/WEB-INF/grouperUi2/subjectPermissions/subjectPermission.jsp"));
memberViewPermissionsHelper(request, response, member);
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.success,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.limitAddValueSuccess")));
} finally {
GrouperSession.stopQuietly(grouperSession);
}
}
/**
* edit assigned limit to permission
* @param request
* @param response
*/
public void permissionLimitEditSubmit(HttpServletRequest request, HttpServletResponse response) {
final Subject loggedInSubject = GrouperUiFilter.retrieveSubjectLoggedIn();
GrouperSession grouperSession = null;
try {
grouperSession = GrouperSession.start(loggedInSubject);
Subject subject = UiV2Subject.retrieveSubjectHelper(request, true);
if (subject == null) {
return;
}
GuiResponseJs guiResponseJs = GuiResponseJs.retrieveGuiResponseJs();
String limitAssignId = request.getParameter("limitAssignId");
if (StringUtils.isBlank(limitAssignId)) {
throw new RuntimeException("Why is limitAssignId blank???");
}
AttributeAssign limitAssign = GrouperDAOFactory.getFactory().getAttributeAssign().findById(limitAssignId, true, false);
//now we need to check security
if (!PrivilegeHelper.canAttrUpdate(grouperSession, limitAssign.getAttributeDef(), loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionAssign.editLimitNotAllowed")));
return;
}
Role role = null;
{
String roleId = limitAssign.getOwnerAttributeAssign().getOwnerGroupId();
role = GroupFinder.findByUuid(grouperSession, roleId, true);
if (!((Group)role).hasGroupAttrUpdate(loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorCantManageRole")));
return;
}
}
{
String enabledDate = request.getParameter("enabledDate");
if (StringUtils.isBlank(enabledDate) ) {
limitAssign.setEnabledTime(null);
} else {
Timestamp enabledTimestamp = GrouperUtil.stringToTimestampTimeRequiredLocalDateTime(enabledDate);
limitAssign.setEnabledTime(enabledTimestamp);
}
}
{
String disabledDate = request.getParameter("disabledDate");
if (StringUtils.isBlank(disabledDate) ) {
limitAssign.setDisabledTime(null);
} else {
Timestamp disabledTimestamp = GrouperUtil.stringToTimestampTimeRequiredLocalDateTime(disabledDate);
limitAssign.setDisabledTime(disabledTimestamp);
}
}
limitAssign.saveOrUpdate();
guiResponseJs.addAction(GuiScreenAction.newInnerHtmlFromJsp("#grouperMainContentDivId",
"/WEB-INF/grouperUi2/subjectPermissions/subjectPermission.jsp"));
memberViewPermissionsHelper(request, response, limitAssign.getOwnerAttributeAssign().getOwnerMember());
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.success,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.assignEditSuccess")));
} finally {
GrouperSession.stopQuietly(grouperSession);
}
}
/**
* delete a limit assigned to permission
* @param request
* @param response
*/
public void limitDelete(HttpServletRequest request, HttpServletResponse response) {
final Subject loggedInSubject = GrouperUiFilter.retrieveSubjectLoggedIn();
GrouperSession grouperSession = null;
try {
grouperSession = GrouperSession.start(loggedInSubject);
String limitAssignId = retrieveLimitAssignId(request);
GuiResponseJs guiResponseJs = GuiResponseJs.retrieveGuiResponseJs();
if (StringUtils.isBlank(limitAssignId)) {
throw new RuntimeException("Why is limitAssignId blank???");
}
AttributeAssign limitAssign = AttributeAssignFinder.findById(limitAssignId, true);
limitAssign.delete();
AttributeDef limitAttributeDef = null;
AttributeDefName limitAttributeDefName = null;
{
String attributeDefNameId = limitAssign.getAttributeDefNameId();
limitAttributeDefName = AttributeDefNameFinder.findById(attributeDefNameId, true);
limitAttributeDef = limitAttributeDefName.getAttributeDef();
if (!PrivilegeHelper.canAttrUpdate(GrouperSession.staticGrouperSession(), limitAttributeDef, loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorCantEditAttributeDef")));
return;
}
}
AttributeAssign permissionAssign = limitAssign.getOwnerAttributeAssign();
//get current state
Role role = null;
{
String roleId = permissionAssign.getOwnerGroupId();
role = GroupFinder.findByUuid(grouperSession, roleId, true);
if (!((Group)role).hasGroupAttrUpdate(loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorCantManageRole")));
return;
}
}
AttributeDef permissionDef = permissionAssign.getAttributeDef();
if (!permissionDef.getPrivilegeDelegate().canAttrUpdate(loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorCantEditLimit")));
return;
}
Member member = permissionAssign.getOwnerMember();
memberViewPermissionsHelper(request, response, member);
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.success,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.deleteLimitSuccessMessage")));
} finally {
GrouperSession.stopQuietly(grouperSession);
}
}
/**
* delete a limit assignment value
* @param request
* @param response
*/
public void limitValueDelete(HttpServletRequest request, HttpServletResponse response) {
final Subject loggedInSubject = GrouperUiFilter.retrieveSubjectLoggedIn();
GrouperSession grouperSession = null;
try {
grouperSession = GrouperSession.start(loggedInSubject);
GuiResponseJs guiResponseJs = GuiResponseJs.retrieveGuiResponseJs();
String[] limitAssignValues = retrieveLimitAssignValueId(request);
String limitAssignId = limitAssignValues[0];
if (StringUtils.isBlank(limitAssignId)) {
throw new RuntimeException("Why is limitAssignId blank???");
}
AttributeAssign limitAssign = AttributeAssignFinder.findById(limitAssignId, true);
//now we need to check security
if (!PrivilegeHelper.canAttrUpdate(grouperSession, limitAssign.getAttributeDef(), loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionAssign.editLimitNotAllowed")));
return;
}
Role role = null;
{
String roleId = limitAssign.getOwnerAttributeAssign().getOwnerGroupId();
role = GroupFinder.findByUuid(grouperSession, roleId, true);
if (!((Group)role).hasGroupAttrUpdate(loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorCantManageRole")));
return;
}
}
String limitAssignValueId = limitAssignValues[1];
if (StringUtils.isBlank(limitAssignValueId)) {
throw new RuntimeException("Why is limitAssignValueId blank???");
}
AttributeAssignValue attributeAssignValue = GrouperDAOFactory.getFactory().getAttributeAssignValue().findById(limitAssignValueId, true);
limitAssign.getValueDelegate().deleteValue(attributeAssignValue);
memberViewPermissionsHelper(request, response, limitAssign.getOwnerAttributeAssign().getOwnerMember());
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.success,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.limitValueSuccessDelete")));
} finally {
GrouperSession.stopQuietly(grouperSession);
}
}
/**
* edit a limit value
* @param request
* @param response
*/
public void limitValueEdit(HttpServletRequest request, HttpServletResponse response) {
final Subject loggedInSubject = GrouperUiFilter.retrieveSubjectLoggedIn();
GrouperSession grouperSession = null;
try {
grouperSession = GrouperSession.start(loggedInSubject);
GuiResponseJs guiResponseJs = GuiResponseJs.retrieveGuiResponseJs();
String[] limitAssignValues = retrieveLimitAssignValueId(request);
String limitAssignId = limitAssignValues[0];
if (StringUtils.isBlank(limitAssignId)) {
throw new RuntimeException("Why is limitAssignId blank???");
}
AttributeAssign limitAssign = AttributeAssignFinder.findById(limitAssignId, true);
//now we need to check security
if (!PrivilegeHelper.canAttrUpdate(grouperSession, limitAssign.getAttributeDef(), loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionAssign.editLimitNotAllowed")));
return;
}
{
Role role = null;
String roleId = limitAssign.getOwnerAttributeAssign().getOwnerGroupId();
role = GroupFinder.findByUuid(grouperSession, roleId, true);
if (!((Group)role).hasGroupAttrUpdate(loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorCantManageRole")));
return;
}
}
String limitAssignValueId = limitAssignValues[1];
if (StringUtils.isBlank(limitAssignValueId)) {
throw new RuntimeException("Why is limitAssignValueId blank???");
}
AttributeAssignValue attributeAssignValue = GrouperDAOFactory.getFactory().getAttributeAssignValue().findById(limitAssignValueId, true);
PermissionUpdateRequestContainer permissionUpdateRequestContainer = PermissionUpdateRequestContainer.retrieveFromRequestOrCreate();
permissionUpdateRequestContainer.setAttributeAssignValue(attributeAssignValue);
AttributeAssignType attributeAssignType = limitAssign.getAttributeAssignType();
AttributeAssign underlyingAssignment = limitAssign.getOwnerAttributeAssign();
AttributeAssignType underlyingAttributeAssignType = underlyingAssignment.getAttributeAssignType();
//set the type to underlying, so that the labels are correct
GuiAttributeAssign guiUnderlyingAttributeAssign = new GuiAttributeAssign();
guiUnderlyingAttributeAssign.setAttributeAssign(underlyingAssignment);
permissionUpdateRequestContainer.setGuiAttributeAssign(guiUnderlyingAttributeAssign);
GuiAttributeAssign guiAttributeAssignAssign = new GuiAttributeAssign();
guiAttributeAssignAssign.setAttributeAssign(limitAssign);
permissionUpdateRequestContainer.setGuiAttributeAssignAssign(guiAttributeAssignAssign);
permissionUpdateRequestContainer.setAttributeAssignType(underlyingAttributeAssignType);
permissionUpdateRequestContainer.setAttributeAssignAssignType(attributeAssignType);
guiResponseJs.addAction(GuiScreenAction.newInnerHtmlFromJsp("#subjectPermission",
"/WEB-INF/grouperUi2/subjectPermissions/permissionLimitValueEdit.jsp"));
} finally {
GrouperSession.stopQuietly(grouperSession);
}
}
/**
* submit the edit value screen
* @param request
* @param response
*/
public void limitValueEditSubmit(HttpServletRequest request, HttpServletResponse response) {
final Subject loggedInSubject = GrouperUiFilter.retrieveSubjectLoggedIn();
GrouperSession grouperSession = null;
try {
grouperSession = GrouperSession.start(loggedInSubject);
Subject subject = UiV2Subject.retrieveSubjectHelper(request, true);
if (subject == null) {
return;
}
GuiResponseJs guiResponseJs = GuiResponseJs.retrieveGuiResponseJs();
String limitAssignId = request.getParameter("limitAssignId");
if (StringUtils.isBlank(limitAssignId)) {
throw new RuntimeException("Why is limitAssignId blank???");
}
AttributeAssign limitAssign = AttributeAssignFinder.findById(limitAssignId, true);
//now we need to check security
AttributeDef limitDef = limitAssign.getAttributeDef();
if (!PrivilegeHelper.canAttrUpdate(grouperSession, limitDef, loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionAssign.editLimitNotAllowed")));
return;
}
Role role = null;
{
String roleId = limitAssign.getOwnerAttributeAssign().getOwnerGroupId();
role = GroupFinder.findByUuid(grouperSession, roleId, true);
if (!((Group)role).hasGroupAttrUpdate(loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorCantManageRole")));
return;
}
}
String limitAssignValueId = request.getParameter("limitAssignValueId");
if (StringUtils.isBlank(limitAssignValueId)) {
throw new RuntimeException("Why is limitAssignValueId blank???");
}
Set limitAssignValues = limitAssign.getValueDelegate().retrieveValues();
AttributeAssignValue attributeAssignValue = null;
for (AttributeAssignValue current : limitAssignValues) {
if (StringUtils.equals(limitAssignValueId, current.getId())) {
attributeAssignValue = current;
break;
}
}
//should never happen
if (attributeAssignValue == null) {
throw new RuntimeException("Why can value not be found? " + limitAssignValueId);
}
guiResponseJs.addAction(GuiScreenAction.newCloseModal());
{
String valueToEdit = request.getParameter("valueToEdit");
if (StringUtils.isBlank(valueToEdit) ) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.editLimitValueRequired")));
return;
}
if (!assignLimitValueAndValidate(guiResponseJs, limitDef,
limitAssignValueId, attributeAssignValue, valueToEdit)) {
return;
}
}
guiResponseJs.addAction(GuiScreenAction.newInnerHtmlFromJsp("#grouperMainContentDivId",
"/WEB-INF/grouperUi2/subjectPermissions/subjectPermission.jsp"));
memberViewPermissionsHelper(request, response, limitAssign.getOwnerAttributeAssign().getOwnerMember());
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.success,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.limitEditValueSuccess")));
} finally {
GrouperSession.stopQuietly(grouperSession);
}
}
/**
* make the structure of the limit value menu for the new ui
* @param httpServletRequest
* @param httpServletResponse
*/
public void limitValueMenuStructure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
DhtmlxMenu dhtmlxMenu = new DhtmlxMenu();
{
DhtmlxMenuItem editLimitMenuItem = new DhtmlxMenuItem();
editLimitMenuItem.setId("editLimitValue");
editLimitMenuItem.setText(TagUtils.navResourceString("simplePermissionAssign.limitMenuEditValue"));
editLimitMenuItem.setTooltip(TagUtils.navResourceString("simplePermissionAssign.limitMenuEditValueTooltip"));
dhtmlxMenu.addDhtmlxItem(editLimitMenuItem);
}
{
DhtmlxMenuItem deleteLimitMenuItem = new DhtmlxMenuItem();
deleteLimitMenuItem.setId("deleteLimitValue");
deleteLimitMenuItem.setText(TagUtils.navResourceString("simplePermissionAssign.limitMenuDeleteValue"));
deleteLimitMenuItem.setTooltip(TagUtils.navResourceString("simplePermissionAssign.limitMenuDeleteValueTooltip"));
dhtmlxMenu.addDhtmlxItem(deleteLimitMenuItem);
}
GrouperUiUtils.printToScreen("\n" +
dhtmlxMenu.toXml(), HttpContentType.TEXT_XML, false, false);
throw new ControllerDone();
}
/**
* handle a click or select from the limit menu
* @param httpServletRequest
* @param httpServletResponse
*/
public void limitValueMenu(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
String menuItemId = httpServletRequest.getParameter("menuItemId");
if (StringUtils.equals(menuItemId, "editLimitValue")) {
limitValueEdit(httpServletRequest, httpServletResponse);
} else if (StringUtils.equals(menuItemId, "deleteLimitValue")) {
limitValueDelete(httpServletRequest, httpServletResponse);
} else {
throw new RuntimeException("Unexpected menu id: '" + menuItemId + "'");
}
}
/**
* submit permissions button was pressed on the view permissions screen
* @param request
* @param response
*/
public void saveMultiplePermissionSubmit(HttpServletRequest request, HttpServletResponse response) {
final Subject loggedInSubject = GrouperUiFilter.retrieveSubjectLoggedIn();
GrouperSession grouperSession = null;
AttributeDef attributeDef = null;
try {
grouperSession = GrouperSession.start(loggedInSubject);
Subject subject = UiV2Subject.retrieveSubjectHelper(request, true);
if (subject == null) {
return;
}
GuiResponseJs guiResponseJs = GuiResponseJs.retrieveGuiResponseJs();
String permissionAssignTypeString = request.getParameter("permissionAssignType");
if (StringUtils.isBlank(permissionAssignTypeString)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionAssign.requiredOwnerType")));
return;
}
PermissionType permissionAssignType = PermissionType.valueOfIgnoreCase(permissionAssignTypeString, false);
if (permissionAssignType == null) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionAssign.requiredOwnerType")));
return;
}
StringBuilder message = new StringBuilder();
Pattern pattern = Pattern.compile("^previousState__(.*)__(.*)__(.*)__(.*)$");
Enumeration> enumeration = request.getParameterNames();
Role role = null;
//process all params submitted
while (enumeration != null && enumeration.hasMoreElements()) {
String paramName = (String)enumeration.nextElement();
Matcher matcher = pattern.matcher(paramName);
if (matcher.matches()) {
//lets get the previous state
boolean previousChecked = GrouperUtil.booleanValue(request.getParameter(paramName));
//get current state
String roleId = matcher.group(1);
String memberId = matcher.group(2);
String attributeDefNameId = matcher.group(3);
String action = matcher.group(4);
String currentStateString = request.getParameter("permissionCheckbox__" + roleId + "__" + memberId + "__" + attributeDefNameId + "__" + action);
boolean currentChecked = GrouperUtil.booleanValue(currentStateString, false);
//if they dont match, do something about it
if (previousChecked != currentChecked) {
if (message.length() > 0) {
message.append("
");
}
if (role == null) {
role = GroupFinder.findByUuid(grouperSession, roleId, true);
if (!((Group)role).hasGroupAttrUpdate(loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorCantManageRole")));
return;
}
}
Member member = null;
{
if (permissionAssignType == PermissionType.role_subject) {
member = MemberFinder.findByUuid(grouperSession, memberId, true);
}
}
AttributeDefName attributeDefName = null;
{
attributeDefName = AttributeDefNameFinder.findById(attributeDefNameId, true);
attributeDef = attributeDefName.getAttributeDef();
if (!PrivilegeHelper.canAttrUpdate(GrouperSession.staticGrouperSession(), attributeDef, loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorCantEditAttributeDef")));
return;
}
}
GuiMember guiMember = permissionAssignType == PermissionType.role_subject ? new GuiMember(member) : null;
String subjectScreenLabel = permissionAssignType == PermissionType.role_subject ? guiMember.getGuiSubject().getScreenLabel() : null;
if (currentChecked) {
if (permissionAssignType == PermissionType.role) {
AttributeAssignResult attributeAssignResult = role.getPermissionRoleDelegate().assignRolePermission(action, attributeDefName, PermissionAllowed.ALLOWED);
if (attributeAssignResult.isChanged()) {
//simplePermissionUpdate.permissionAllowRole = Success: Role: {0} can now perform action: {1} on permission resource: {2}
message.append(
GrouperUiUtils.message("simplePermissionUpdate.permissionAllowRole", false, true,
new Object[]{role.getDisplayExtension(), action, attributeDefName.getDisplayExtension()}));
} else {
throw new RuntimeException("Why was this not changed????");
}
} else if (permissionAssignType == PermissionType.role_subject) {
AttributeAssignResult attributeAssignResult = role.getPermissionRoleDelegate().assignSubjectRolePermission(action, attributeDefName, member, PermissionAllowed.ALLOWED);
if (attributeAssignResult.isChanged()) {
//simplePermissionUpdate.permissionAllowRoleSubject = Success: Subject: {0} can now perform action: {1} on permission resource: {2} in the context of role: {3}
message.append(
GrouperUiUtils.message("simplePermissionUpdate.permissionAllowRoleSubject", false, true,
new Object[]{subjectScreenLabel, action, attributeDefName.getDisplayExtension(), role.getDisplayExtension()}));
} else {
throw new RuntimeException("Why was this not changed????");
}
} else {
throw new RuntimeException("Not expecting permission type: " + permissionAssignType);
}
} else {
if (permissionAssignType == PermissionType.role) {
AttributeAssignResult attributeAssignResult = role.getPermissionRoleDelegate().removeRolePermission(action, attributeDefName);
if (attributeAssignResult.isChanged()) {
//simplePermissionUpdate.permissionRevokeRole = Success: Role: {0} can no longer perform action: {1} on permission resource: {2}
message.append(
GrouperUiUtils.message("simplePermissionUpdate.permissionRevokeRole", false, true,
new Object[]{role.getDisplayExtension(), action, attributeDefName.getDisplayExtension()}));
} else {
throw new RuntimeException("Why was this not changed????");
}
} else if (permissionAssignType == PermissionType.role_subject) {
AttributeAssignResult attributeAssignResult = role.getPermissionRoleDelegate().removeSubjectRolePermission(action, attributeDefName, member);
if (attributeAssignResult.isChanged()) {
//simplePermissionUpdate.permissionAllowRoleSubject = Success: Subject: {0} can now perform action: {1} on permission resource: {2} in the context of role: {3}
message.append(
GrouperUiUtils.message("simplePermissionUpdate.permissionRevokeRoleSubject", false, true,
new Object[]{subjectScreenLabel, action, attributeDefName.getDisplayExtension(), role.getDisplayExtension()}));
} else {
throw new RuntimeException("Why was this not changed????");
}
} else {
throw new RuntimeException("Not expecting permission type: " + permissionAssignType);
}
}
}
}
}
memberViewPermissionsHelper(request, response, MemberFinder.findBySubject(grouperSession, subject, false));
if (message.length() > 0) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.success, message.toString()));
} else {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.info,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.noPermissionChangesDetected")));
}
} finally {
GrouperSession.stopQuietly(grouperSession);
}
}
/**
* red cross or green checkbox image was clicked on the permissions view screen.
* @param request
* @param response
*/
public void permissionPanelImageClick(HttpServletRequest request, HttpServletResponse response) {
final Subject loggedInSubject = GrouperUiFilter.retrieveSubjectLoggedIn();
GrouperSession grouperSession = null;
AttributeDef attributeDef = null;
try {
grouperSession = GrouperSession.start(loggedInSubject);
GuiResponseJs guiResponseJs = GuiResponseJs.retrieveGuiResponseJs();
String guiPermissionId = request.getParameter("guiPermissionId");
if (StringUtils.isBlank(guiPermissionId)) {
throw new RuntimeException("Why is guiPermissionId blank????");
}
String permissionAssignTypeString = request.getParameter("permissionAssignType");
if (StringUtils.isBlank(permissionAssignTypeString)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionAssign.requiredOwnerType")));
return;
}
PermissionType permissionType = PermissionType.valueOfIgnoreCase(permissionAssignTypeString, false);
if (permissionType == null) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionAssign.requiredOwnerType")));
return;
}
//
Pattern pattern = Pattern.compile("^(.*)__(.*)__(.*)__(.*)$");
Matcher matcher = pattern.matcher(guiPermissionId);
if (!matcher.matches()) {
throw new RuntimeException("Why does guiPermissionId not match? " + guiPermissionId);
}
//get current state
Role role = null;
{
String roleId = matcher.group(1);
role = GroupFinder.findByUuid(grouperSession, roleId, true);
if (!((Group)role).hasGroupAttrUpdate(loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorCantManageRole")));
return;
}
}
Member member = null;
{
if (permissionType == PermissionType.role_subject) {
String memberId = matcher.group(2);
member = MemberFinder.findByUuid(grouperSession, memberId, true);
}
}
AttributeDefName attributeDefName = null;
{
String attributeDefNameId = matcher.group(3);
attributeDefName = AttributeDefNameFinder.findById(attributeDefNameId, true);
attributeDef = attributeDefName.getAttributeDef();
if (!PrivilegeHelper.canAttrUpdate(GrouperSession.staticGrouperSession(), attributeDef, loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorCantEditAttributeDef")));
return;
}
}
String action = matcher.group(4);
String allowString = request.getParameter("allow");
if (StringUtils.isBlank(allowString)) {
throw new RuntimeException("Why is allow blank????");
}
boolean allow = GrouperUtil.booleanValue(allowString);
String subjectScreenLabel = null;
if (permissionType == PermissionType.role_subject) {
GuiMember guiMember = new GuiMember(member);
subjectScreenLabel = guiMember.getGuiSubject().getScreenLabel();
}
if (allow) {
if (permissionType == PermissionType.role) {
AttributeAssignResult attributeAssignResult = role.getPermissionRoleDelegate().assignRolePermission(action, attributeDefName, PermissionAllowed.ALLOWED);
if (attributeAssignResult.isChanged()) {
//simplePermissionUpdate.permissionAllowRole = Success: Role: {0} can now perform action: {1} on permission resource: {2}
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.success, GrouperUiUtils.message("simplePermissionUpdate.permissionAllowRole", false, true,
new Object[]{role.getDisplayExtension(), action, attributeDefName.getDisplayExtension()})));
} else {
throw new RuntimeException("Why was this not changed????");
}
} else if (permissionType == PermissionType.role_subject) {
AttributeAssignResult attributeAssignResult = role.getPermissionRoleDelegate().assignSubjectRolePermission(action, attributeDefName, member, PermissionAllowed.ALLOWED);
if (attributeAssignResult.isChanged()) {
//simplePermissionUpdate.permissionAllowRoleSubject = Success: Subject: {0} can now perform action: {1} on permission resource: {2} in the context of role: {3}
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.success, GrouperUiUtils.message("simplePermissionUpdate.permissionAllowRoleSubject", false, true,
new Object[]{subjectScreenLabel, action, attributeDefName.getDisplayExtension(), role.getDisplayExtension()})));
} else {
throw new RuntimeException("Why was this not changed????");
}
} else {
throw new RuntimeException("Not expecting permission type: " + permissionType);
}
} else {
if (permissionType == PermissionType.role) {
AttributeAssignResult attributeAssignResult = role.getPermissionRoleDelegate().removeRolePermission(action, attributeDefName);
if (attributeAssignResult.isChanged()) {
//simplePermissionUpdate.permissionRevokeRole = Success: Role: {0} can no longer perform action: {1} on permission resource: {2}
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.success, GrouperUiUtils.message("simplePermissionUpdate.permissionRevokeRole", false, true,
new Object[]{role.getDisplayExtension(), action, attributeDefName.getDisplayExtension()})));
} else {
throw new RuntimeException("Why was this not changed????");
}
} else if (permissionType == PermissionType.role_subject) {
AttributeAssignResult attributeAssignResult = role.getPermissionRoleDelegate().removeSubjectRolePermission(action, attributeDefName, member);
if (attributeAssignResult.isChanged()) {
//simplePermissionUpdate.permissionAllowRoleSubject = Success: Subject: {0} can now perform action: {1} on permission resource: {2} in the context of role: {3}
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.success, GrouperUiUtils.message("simplePermissionUpdate.permissionRevokeRoleSubject", false, true,
new Object[]{subjectScreenLabel, action, attributeDefName.getDisplayExtension(), role.getDisplayExtension()})));
} else {
throw new RuntimeException("Why was this not changed????");
}
} else {
throw new RuntimeException("Not expecting permission type: " + permissionType);
}
}
memberViewPermissionsHelper(request, response, member);
} finally {
GrouperSession.stopQuietly(grouperSession);
}
}
/**
* make the structure of the attribute assignment for new ui for subject permissions screeen
* @param httpServletRequest
* @param httpServletResponse
*/
public void assignmentMenuStructure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
DhtmlxMenu dhtmlxMenu = new DhtmlxMenu();
{
DhtmlxMenuItem addLimitMenuItem = new DhtmlxMenuItem();
addLimitMenuItem.setId("addLimit");
addLimitMenuItem.setText(TagUtils.navResourceString("simplePermissionAssign.addLimit"));
addLimitMenuItem.setTooltip(TagUtils.navResourceString("simplePermissionAssign.addLimitTooltip"));
dhtmlxMenu.addDhtmlxItem(addLimitMenuItem);
}
{
DhtmlxMenuItem analyzeAssignmentMenuItem = new DhtmlxMenuItem();
analyzeAssignmentMenuItem.setId("analyzeAssignment");
analyzeAssignmentMenuItem.setText(TagUtils.navResourceString("simplePermissionAssign.assignMenuAnalyzeAssignment"));
analyzeAssignmentMenuItem.setTooltip(TagUtils.navResourceString("simplePermissionAssign.assignMenuAnalyzeAssignmentTooltip"));
dhtmlxMenu.addDhtmlxItem(analyzeAssignmentMenuItem);
}
{
DhtmlxMenuItem editAssignmentMenuItem = new DhtmlxMenuItem();
editAssignmentMenuItem.setId("editAssignment");
editAssignmentMenuItem.setText(TagUtils.navResourceString("simplePermissionAssign.editAssignment"));
editAssignmentMenuItem.setTooltip(TagUtils.navResourceString("simplePermissionAssign.editAssignmentTooltip"));
dhtmlxMenu.addDhtmlxItem(editAssignmentMenuItem);
}
GrouperUiUtils.printToScreen("\n" +
dhtmlxMenu.toXml(), HttpContentType.TEXT_XML, false, false);
throw new ControllerDone();
}
/**
* handle a click or select from the assignment menu
* @param httpServletRequest
* @param httpServletResponse
*/
public void assignmentMenu(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
String menuItemId = httpServletRequest.getParameter("menuItemId");
if (StringUtils.equals(menuItemId, "editAssignment")) {
this.assignmentMenuEditAssignment();
} else if (StringUtils.equals(menuItemId, "analyzeAssignment")) {
assignmentMenuAnalyzeAssignment();
} else if (StringUtils.equals(menuItemId, "addLimit")) {
this.assignmentMenuAddLimit();
} else {
throw new RuntimeException("Unexpected menu id: '" + menuItemId + "'");
}
}
/**
* make the structure of the limit menu on subject permissions screen
* @param httpServletRequest
* @param httpServletResponse
*/
public void limitMenuStructure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
DhtmlxMenu dhtmlxMenu = new DhtmlxMenu();
{
DhtmlxMenuItem addValueMenuItem = new DhtmlxMenuItem();
addValueMenuItem.setId("addValue");
addValueMenuItem.setText(TagUtils.navResourceString("simplePermissionAssign.limitMenuAddValue"));
addValueMenuItem.setTooltip(TagUtils.navResourceString("simplePermissionAssign.limitMenuAddValueTooltip"));
dhtmlxMenu.addDhtmlxItem(addValueMenuItem);
}
{
DhtmlxMenuItem editLimitMenuItem = new DhtmlxMenuItem();
editLimitMenuItem.setId("editLimit");
editLimitMenuItem.setText(TagUtils.navResourceString("simplePermissionAssign.limitMenuEditLimit"));
editLimitMenuItem.setTooltip(TagUtils.navResourceString("simplePermissionAssign.limitMenuEditLimitTooltip"));
dhtmlxMenu.addDhtmlxItem(editLimitMenuItem);
}
{
DhtmlxMenuItem deleteLimitMenuItem = new DhtmlxMenuItem();
deleteLimitMenuItem.setId("deleteLimit");
deleteLimitMenuItem.setText(TagUtils.navResourceString("simplePermissionAssign.limitMenuDeleteLimit"));
deleteLimitMenuItem.setTooltip(TagUtils.navResourceString("simplePermissionAssign.limitMenuDeleteLimitTooltip"));
dhtmlxMenu.addDhtmlxItem(deleteLimitMenuItem);
}
GrouperUiUtils.printToScreen("\n" +
dhtmlxMenu.toXml(), HttpContentType.TEXT_XML, false, false);
throw new ControllerDone();
}
/**
* handle a click or select from the limit menu
* @param httpServletRequest
* @param httpServletResponse
*/
public void limitMenu(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
String menuItemId = httpServletRequest.getParameter("menuItemId");
if (StringUtils.equals(menuItemId, "addValue")) {
limitMenuAddValue(httpServletRequest);
} else if (StringUtils.equals(menuItemId, "editLimit")) {
assignLimitEdit(httpServletRequest);
} else if (StringUtils.equals(menuItemId, "deleteLimit")) {
limitDelete(httpServletRequest, httpServletResponse);
}
else {
throw new RuntimeException("Unexpected menu id: '" + menuItemId + "'");
}
}
/**
* add a value
* @param request - HttpServletRequest
*/
public void limitMenuAddValue(HttpServletRequest request) {
GuiResponseJs guiResponseJs = GuiResponseJs.retrieveGuiResponseJs();
String limitAssignId = retrieveLimitAssignId(request);
final Subject loggedInSubject = GrouperUiFilter.retrieveSubjectLoggedIn();
GrouperSession grouperSession = null;
AttributeAssign limitAssign = null;
try {
grouperSession = GrouperSession.start(loggedInSubject);
limitAssign = AttributeAssignFinder.findById(limitAssignId, true);
PermissionUpdateRequestContainer permissionUpdateRequestContainer = PermissionUpdateRequestContainer.retrieveFromRequestOrCreate();
AttributeAssignType limitAssignType = limitAssign.getAttributeAssignType();
AttributeAssign underlyingPermissionAssignment = limitAssign.getOwnerAttributeAssign();
AttributeAssignType underlyingPermissionAssignType = underlyingPermissionAssignment.getAttributeAssignType();
//set the type to underlying, so that the labels are correct
GuiAttributeAssign guiUnderlyingAttributeAssign = new GuiAttributeAssign();
guiUnderlyingAttributeAssign.setAttributeAssign(underlyingPermissionAssignment);
permissionUpdateRequestContainer.setGuiAttributeAssign(guiUnderlyingAttributeAssign);
GuiAttributeAssign guiAttributeAssignAssign = new GuiAttributeAssign();
guiAttributeAssignAssign.setAttributeAssign(limitAssign);
permissionUpdateRequestContainer.setGuiAttributeAssignAssign(guiAttributeAssignAssign);
permissionUpdateRequestContainer.setAttributeAssignType(underlyingPermissionAssignType);
permissionUpdateRequestContainer.setAttributeAssignAssignType(limitAssignType);
guiResponseJs.addAction(GuiScreenAction.newInnerHtmlFromJsp("#subjectPermission",
"/WEB-INF/grouperUi2/subjectPermissions/permissionLimitAddValue.jsp"));
} catch (ControllerDone cd) {
throw cd;
} catch (NoSessionException nse) {
throw nse;
} catch (RuntimeException re) {
throw new RuntimeException("Error addValue menu item: "
+ ", " + re.getMessage(), re);
} finally {
GrouperSession.stopQuietly(grouperSession);
}
}
/**
* edit an attribute assignment
* @param httpServletRequest
* @param httpServletResponse
*/
public void assignLimitEdit(HttpServletRequest httpServletRequest) {
final Subject loggedInSubject = GrouperUiFilter.retrieveSubjectLoggedIn();
PermissionUpdateRequestContainer permissionUpdateRequestContainer = PermissionUpdateRequestContainer.retrieveFromRequestOrCreate();
GrouperSession grouperSession = null;
try {
grouperSession = GrouperSession.start(loggedInSubject);
GuiResponseJs guiResponseJs = GuiResponseJs.retrieveGuiResponseJs();
String limitAssignId = retrieveLimitAssignId(httpServletRequest);
AttributeAssign limitAssign = AttributeAssignFinder.findById(limitAssignId, true);
//we need the type so we know how to display it
AttributeAssignType attributeAssignType = limitAssign.getAttributeAssignType();
if (!attributeAssignType.isAssignmentOnAssignment()) {
throw new RuntimeException("Why would an editable limit not be an assignment on assignment? " + attributeAssignType);
}
AttributeAssign underlyingAssignment = limitAssign.getOwnerAttributeAssign();
AttributeAssignType underlyingAttributeAssignType = underlyingAssignment.getAttributeAssignType();
//set the type to underlying, so that the labels are correct
GuiAttributeAssign guiUnderlyingAttributeAssign = new GuiAttributeAssign();
guiUnderlyingAttributeAssign.setAttributeAssign(underlyingAssignment);
permissionUpdateRequestContainer.setGuiAttributeAssign(guiUnderlyingAttributeAssign);
GuiAttributeAssign guiAttributeAssignAssign = new GuiAttributeAssign();
guiAttributeAssignAssign.setAttributeAssign(limitAssign);
permissionUpdateRequestContainer.setGuiAttributeAssignAssign(guiAttributeAssignAssign);
permissionUpdateRequestContainer.setAttributeAssignType(underlyingAttributeAssignType);
permissionUpdateRequestContainer.setAttributeAssignAssignType(attributeAssignType);
guiResponseJs.addAction(GuiScreenAction.newInnerHtmlFromJsp("#subjectPermission",
"/WEB-INF/grouperUi2/subjectPermissions/permissionLimitEdit.jsp"));
} finally {
GrouperSession.stopQuietly(grouperSession);
}
}
/**
* analyze assignment
*/
public void assignmentMenuAnalyzeAssignment() {
GuiResponseJs guiResponseJs = GuiResponseJs.retrieveGuiResponseJs();
PermissionUpdateRequestContainer permissionUpdateRequestContainer = PermissionUpdateRequestContainer.retrieveFromRequestOrCreate();
//lets see which subject we are dealing with:
HttpServletRequest httpServletRequest = GrouperUiFilter.retrieveHttpServletRequest();
String menuIdOfMenuTarget = httpServletRequest.getParameter("menuIdOfMenuTarget");
if (StringUtils.isBlank(menuIdOfMenuTarget)) {
throw new RuntimeException("Missing id of menu target");
}
if (!menuIdOfMenuTarget.startsWith("permissionMenuButton_")) {
throw new RuntimeException("Invalid id of menu target: '" + menuIdOfMenuTarget + "'");
}
String guiPermissionId = GrouperUtil.prefixOrSuffix(menuIdOfMenuTarget, "permissionMenuButton_", false);
final Subject loggedInSubject = GrouperUiFilter.retrieveSubjectLoggedIn();
GrouperSession grouperSession = null;
try {
grouperSession = GrouperSession.start(loggedInSubject);
//
Pattern pattern = Pattern.compile("^(.*)__(.*)__(.*)__(.*)__(.*)$");
Matcher matcher = pattern.matcher(guiPermissionId);
if (!matcher.matches()) {
throw new RuntimeException("Why does guiPermissionId not match? " + guiPermissionId);
}
//get current state
Role role = null;
{
String roleId = matcher.group(1);
role = GroupFinder.findByUuid(grouperSession, roleId, true);
if (!((Group)role).hasAdmin(loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorCantManageRole")));
return;
}
}
String permissionTypeString = matcher.group(5);
PermissionType permissionType = PermissionType.valueOfIgnoreCase(permissionTypeString, true);
permissionUpdateRequestContainer.setPermissionType(permissionType);
Member member = null;
{
if (permissionType == PermissionType.role_subject) {
String memberId = matcher.group(2);
member = MemberFinder.findByUuid(grouperSession, memberId, true);
}
}
AttributeDef attributeDef = null;
AttributeDefName attributeDefName = null;
{
String attributeDefNameId = matcher.group(3);
attributeDefName = AttributeDefNameFinder.findById(attributeDefNameId, true);
attributeDef = attributeDefName.getAttributeDef();
if (!PrivilegeHelper.canAttrUpdate(GrouperSession.staticGrouperSession(), attributeDef, loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorCantEditAttributeDef")));
return;
}
}
String action = matcher.group(4);
//get all the assignments
Set permissionEntries = null;
if (permissionType == PermissionType.role_subject) {
permissionEntries = GrouperDAOFactory.getFactory()
.getPermissionEntry().findPermissions(null, attributeDefName.getId(), role.getId(), member.getUuid(), action, null);
} else if (permissionType == PermissionType.role) {
permissionEntries = GrouperDAOFactory.getFactory()
.getPermissionEntry().findRolePermissions(null, attributeDefName.getId(), role.getId(), action, null);
} else {
throw new RuntimeException("Invalid permissionType: " + permissionType);
}
if (GrouperUtil.length(permissionEntries) == 0) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.analyzeNoPermissionFound")));
return;
}
PermissionEntry permissionEntry = null;
List permissionEntriesList = new ArrayList();
Iterator iterator = permissionEntries.iterator();
while (iterator.hasNext()) {
PermissionEntry current = iterator.next();
//find the immediate one
if (current.isImmediate(permissionType)) {
permissionEntry = current;
iterator.remove();
//move this to the front of the list
permissionEntriesList.add(permissionEntry);
break;
}
}
//add the rest
permissionEntriesList.addAll(permissionEntries);
PermissionEntryUtils.orderByAndSetFriendlyHeuristic(permissionEntriesList);
GuiPermissionEntry guiPermissionEntry = new GuiPermissionEntry();
permissionEntry = permissionEntriesList.get(0);
Group ownerGroup = GroupFinder.findByUuid(grouperSession, permissionEntry.getRoleId(), true);
guiPermissionEntry.setPermissionEntry(permissionEntry);
guiPermissionEntry.setPermissionType(permissionType);
GuiGroup guiRole = new GuiGroup(ownerGroup);
guiPermissionEntry.setGuiRole(guiRole);
guiPermissionEntry.setGuiAttributeDefName(new GuiAttributeDefName(permissionEntry.getAttributeDefName()));
guiPermissionEntry.setGuiAttributeDef(new GuiAttributeDef(permissionEntry.getAttributeDef()));
List rawGuiPermissionEntries = new ArrayList();
boolean isFirst = true;
PermissionHeuristics firstHeuristics = permissionEntriesList.get(0).getPermissionHeuristics();
String isBetterThan = GrouperUiUtils.message("simplePermissionAssign.analyzeIsBetterThan", false);
for (PermissionEntry current : permissionEntriesList) {
Group currentOwnerGroup = GroupFinder.findByUuid(grouperSession, current.getRoleId(), true);
GuiGroup currentGuiRole = new GuiGroup(currentOwnerGroup);
GuiPermissionEntry guiCurrent = new GuiPermissionEntry();
guiCurrent.setPermissionEntry(current);
guiCurrent.setGuiRole(currentGuiRole);
guiCurrent.setGuiAttributeDefName(new GuiAttributeDefName(permissionEntry.getAttributeDefName()));
guiCurrent.setGuiAttributeDef(new GuiAttributeDef(permissionEntry.getAttributeDef()));
rawGuiPermissionEntries.add(guiCurrent);
if (!isFirst) {
PermissionHeuristics currentHeuristics = current.getPermissionHeuristics();
PermissionHeuristicBetter permissionHeuristicBetter = firstHeuristics.whyBetterThanArg(currentHeuristics);
String compareWithBest = null;
if (permissionHeuristicBetter == null) {
//they are equivalent
compareWithBest = GrouperUiUtils.message("simplePermissionAssign.analyzeType.same", false);
} else {
PermissionHeuristic firstHeuristic = permissionHeuristicBetter.getThisPermissionHeuristic();
String firstMessage = null;
if (firstHeuristic.getDepth() == 0) {
firstMessage = GrouperUiUtils.message("simplePermissionAssign.analyzeType."
+ firstHeuristic.getPermissionHeuristicType().name() + ".0", false);
} else {
firstMessage = GrouperUiUtils.message("simplePermissionAssign.analyzeType."
+ firstHeuristic.getPermissionHeuristicType().name(), false, false, Integer.toString(firstHeuristic.getDepth()));
}
PermissionHeuristic currentHeuristic = permissionHeuristicBetter.getOtherPermissionHeuristic();
String secondMessage = null;
if (currentHeuristic == null) {
//disallow
secondMessage = GrouperUiUtils.message("simplePermissionAssign.analyzeType.disallow", false);
} else {
if (currentHeuristic.getDepth() == 0) {
secondMessage = GrouperUiUtils.message("simplePermissionAssign.analyzeType."
+ currentHeuristic.getPermissionHeuristicType().name() + ".0", false);
} else {
secondMessage = GrouperUiUtils.message("simplePermissionAssign.analyzeType."
+ currentHeuristic.getPermissionHeuristicType().name(), false, false, Integer.toString(currentHeuristic.getDepth()));
}
}
compareWithBest = firstMessage + " " + isBetterThan + " " + secondMessage;
}
guiCurrent.setCompareWithBest(StringUtils.capitalize(compareWithBest));
}
isFirst = false;
}
guiPermissionEntry.setRawGuiPermissionEntries(rawGuiPermissionEntries);
guiPermissionEntry.processRawEntries();
permissionUpdateRequestContainer.setGuiPermissionEntry(guiPermissionEntry);
guiResponseJs.addAction(GuiScreenAction.newInnerHtmlFromJsp("#subjectPermission",
"/WEB-INF/grouperUi2/subjectPermissions/permissionAnalyze.jsp"));
} catch (ControllerDone cd) {
throw cd;
} catch (NoSessionException nse) {
throw nse;
} catch (RuntimeException re) {
throw new RuntimeException("Error editAssignment menu item: " + menuIdOfMenuTarget
+ ", " + re.getMessage(), re);
} finally {
GrouperSession.stopQuietly(grouperSession);
}
}
/**
* edit the enabled disabled
*/
public void assignmentMenuEditAssignment() {
GuiResponseJs guiResponseJs = GuiResponseJs.retrieveGuiResponseJs();
PermissionUpdateRequestContainer permissionUpdateRequestContainer = PermissionUpdateRequestContainer.retrieveFromRequestOrCreate();
//lets see which subject we are dealing with:
HttpServletRequest httpServletRequest = GrouperUiFilter.retrieveHttpServletRequest();
String menuIdOfMenuTarget = httpServletRequest.getParameter("menuIdOfMenuTarget");
if (StringUtils.isBlank(menuIdOfMenuTarget)) {
throw new RuntimeException("Missing id of menu target");
}
if (!menuIdOfMenuTarget.startsWith("permissionMenuButton_")) {
throw new RuntimeException("Invalid id of menu target: '" + menuIdOfMenuTarget + "'");
}
String guiPermissionId = GrouperUtil.prefixOrSuffix(menuIdOfMenuTarget, "permissionMenuButton_", false);
final Subject loggedInSubject = GrouperUiFilter.retrieveSubjectLoggedIn();
GrouperSession grouperSession = null;
try {
grouperSession = GrouperSession.start(loggedInSubject);
//
Pattern pattern = Pattern.compile("^(.*)__(.*)__(.*)__(.*)__(.*)$");
Matcher matcher = pattern.matcher(guiPermissionId);
if (!matcher.matches()) {
throw new RuntimeException("Why does guiPermissionId not match? " + guiPermissionId);
}
//get current state
Role role = null;
{
String roleId = matcher.group(1);
role = GroupFinder.findByUuid(grouperSession, roleId, true);
if (!((Group)role).hasAdmin(loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorCantManageRole")));
return;
}
}
String permissionTypeString = matcher.group(5);
PermissionType permissionType = PermissionType.valueOfIgnoreCase(permissionTypeString, true);
permissionUpdateRequestContainer.setPermissionType(permissionType);
Member member = null;
{
if (permissionType == PermissionType.role_subject) {
String memberId = matcher.group(2);
member = MemberFinder.findByUuid(grouperSession, memberId, true);
}
}
AttributeDef attributeDef = null;
AttributeDefName attributeDefName = null;
{
String attributeDefNameId = matcher.group(3);
attributeDefName = AttributeDefNameFinder.findById(attributeDefNameId, true);
attributeDef = attributeDefName.getAttributeDef();
if (!PrivilegeHelper.canAttrUpdate(GrouperSession.staticGrouperSession(), attributeDef, loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorCantEditAttributeDef")));
return;
}
}
String action = matcher.group(4);
//get the assignment
PermissionFinder permissionFinder = new PermissionFinder().addAction(action).addRoleId(role.getId()).addPermissionNameId(attributeDefName.getId());
if (permissionType == PermissionType.role_subject) {
permissionFinder.addMemberId(member.getUuid());
}
permissionFinder.assignPermissionType(permissionType);
permissionFinder.assignImmediateOnly(true);
PermissionEntry permissionEntry = permissionFinder.findPermission(false);
if (permissionEntry == null) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.noImmediatePermissionFound")));
return;
}
Group ownerGroup = GroupFinder.findByUuid(grouperSession, permissionEntry.getRoleId(), true);
GuiPermissionEntry guiPermissionEntry = new GuiPermissionEntry();
guiPermissionEntry.setPermissionEntry(permissionEntry);
guiPermissionEntry.setPermissionType(permissionType);
GuiGroup guiRole = new GuiGroup(ownerGroup);
guiPermissionEntry.setGuiRole(guiRole);
guiPermissionEntry.setGuiAttributeDefName(new GuiAttributeDefName(permissionEntry.getAttributeDefName()));
guiPermissionEntry.setGuiAttributeDef(new GuiAttributeDef(permissionEntry.getAttributeDef()));
permissionUpdateRequestContainer.setGuiPermissionEntry(guiPermissionEntry);
guiResponseJs.addAction(GuiScreenAction.newInnerHtmlFromJsp("#subjectPermission",
"/WEB-INF/grouperUi2/subjectPermissions/subjectPermissionEdit.jsp"));
} catch (ControllerDone cd) {
throw cd;
} catch (NoSessionException nse) {
throw nse;
} catch (RuntimeException re) {
throw new RuntimeException("Error editAssignment menu item: " + menuIdOfMenuTarget
+ ", " + re.getMessage(), re);
} finally {
GrouperSession.stopQuietly(grouperSession);
}
}
/**
* add a limit on an assignment
*/
public void assignmentMenuAddLimit() {
GuiResponseJs guiResponseJs = GuiResponseJs.retrieveGuiResponseJs();
PermissionUpdateRequestContainer permissionUpdateRequestContainer = PermissionUpdateRequestContainer.retrieveFromRequestOrCreate();
//lets see which subject we are dealing with:
HttpServletRequest httpServletRequest = GrouperUiFilter.retrieveHttpServletRequest();
String menuIdOfMenuTarget = httpServletRequest.getParameter("menuIdOfMenuTarget");
if (StringUtils.isBlank(menuIdOfMenuTarget)) {
throw new RuntimeException("Missing id of menu target");
}
if (!menuIdOfMenuTarget.startsWith("permissionMenuButton_")) {
throw new RuntimeException("Invalid id of menu target: '" + menuIdOfMenuTarget + "'");
}
String guiPermissionId = GrouperUtil.prefixOrSuffix(menuIdOfMenuTarget, "permissionMenuButton_", false);
final Subject loggedInSubject = GrouperUiFilter.retrieveSubjectLoggedIn();
GrouperSession grouperSession = null;
try {
grouperSession = GrouperSession.start(loggedInSubject);
//
Pattern pattern = Pattern.compile("^(.*)__(.*)__(.*)__(.*)__(.*)$");
Matcher matcher = pattern.matcher(guiPermissionId);
if (!matcher.matches()) {
throw new RuntimeException("Why does guiPermissionId not match? " + guiPermissionId);
}
//get current state
Role role = null;
{
String roleId = matcher.group(1);
role = GroupFinder.findByUuid(grouperSession, roleId, true);
if (!((Group)role).hasAdmin(loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorCantManageRole")));
return;
}
}
String permissionTypeString = matcher.group(5);
PermissionType permissionType = PermissionType.valueOfIgnoreCase(permissionTypeString, true);
permissionUpdateRequestContainer.setPermissionType(permissionType);
Member member = null;
{
if (permissionType == PermissionType.role_subject) {
String memberId = matcher.group(2);
member = MemberFinder.findByUuid(grouperSession, memberId, true);
}
}
AttributeDef attributeDef = null;
AttributeDefName attributeDefName = null;
{
String attributeDefNameId = matcher.group(3);
attributeDefName = AttributeDefNameFinder.findById(attributeDefNameId, true);
attributeDef = attributeDefName.getAttributeDef();
if (!PrivilegeHelper.canAttrUpdate(GrouperSession.staticGrouperSession(), attributeDef, loggedInSubject)) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.errorCantEditAttributeDef")));
return;
}
}
String action = matcher.group(4);
//get the assignment
PermissionFinder permissionFinder = new PermissionFinder().addAction(action).addRoleId(role.getId()).addPermissionNameId(attributeDefName.getId());
if (permissionType == PermissionType.role_subject) {
permissionFinder.addMemberId(member.getUuid());
}
permissionFinder.assignPermissionType(permissionType);
permissionFinder.assignImmediateOnly(true);
PermissionEntry permissionEntry = permissionFinder.findPermission(false);
if (permissionEntry == null || permissionEntry.isDisallowed()) {
guiResponseJs.addAction(GuiScreenAction.newMessage(GuiMessageType.error,
TextContainer.retrieveFromRequest().getText().get("simplePermissionUpdate.noImmediatePermissionFoundForLimit")));
return;
}
GuiPermissionEntry guiPermissionEntry = new GuiPermissionEntry();
String ownerGroupId = permissionEntry.getRole().getId();
Group ownerGroup = GroupFinder.findByUuid(grouperSession, ownerGroupId, true);
GuiGroup guiRole = new GuiGroup(ownerGroup);
guiPermissionEntry.setGuiRole(guiRole);
guiPermissionEntry.setPermissionEntry(permissionEntry);
guiPermissionEntry.setPermissionType(permissionType);
guiPermissionEntry.setGuiAttributeDefName(new GuiAttributeDefName(permissionEntry.getAttributeDefName()));
permissionUpdateRequestContainer.setGuiPermissionEntry(guiPermissionEntry);
guiResponseJs.addAction(GuiScreenAction.newInnerHtmlFromJsp("#subjectPermission",
"/WEB-INF/grouperUi2/subjectPermissions/permissionAddLimit.jsp"));
return;
} catch (ControllerDone cd) {
throw cd;
} catch (NoSessionException nse) {
throw nse;
} catch (RuntimeException re) {
throw new RuntimeException("Error addLimit menu item: " + menuIdOfMenuTarget
+ ", " + re.getMessage(), re);
} finally {
GrouperSession.stopQuietly(grouperSession);
}
}
private String[] retrieveLimitAssignValueId(HttpServletRequest httpServletRequest) {
String menuIdOfMenuTarget = httpServletRequest.getParameter("menuIdOfMenuTarget");
if (StringUtils.isBlank(menuIdOfMenuTarget)) {
throw new RuntimeException("Missing id of menu target");
}
if (!menuIdOfMenuTarget.startsWith("limitAssignValueButton_")) {
throw new RuntimeException("Invalid id of menu target: '" + menuIdOfMenuTarget + "'");
}
String[] values = menuIdOfMenuTarget.split("_");
if (values.length != 3) {
throw new RuntimeException("Invalid id of menu target");
}
return new String[] {values[1], values[2]};
}
public void permissionActionNameFilter(final HttpServletRequest request, final HttpServletResponse response) {
//run the combo logic
DojoComboLogic.logic(request, response, new DojoComboQueryLogicBase() {
/**
*/
@Override
public AttributeAssignAction lookup(HttpServletRequest request, GrouperSession grouperSession, String query) {
String permissionDefId = request.getParameter("permissionDefComboName");
String permissionDefNameId = request.getParameter("permissionResourceNameComboName");
if (StringUtils.isBlank(permissionDefId) && StringUtils.isBlank(permissionDefNameId)) {
return null;
}
AttributeDef attributeDef = null;
if (StringUtils.isNotBlank(permissionDefId)) {
attributeDef = AttributeDefFinder.findById(permissionDefId, false);
if (attributeDef == null) {
throw new RuntimeException("given attribute def id "+permissionDefId+" is not valid.");
}
}
if (attributeDef == null && StringUtils.isNotBlank(permissionDefNameId)) {
AttributeDefName attributeDefName = AttributeDefNameFinder.findById(permissionDefNameId, false);
if (attributeDefName == null) {
throw new RuntimeException("given attribute def name id "+permissionDefNameId+" is not valid.");
}
attributeDef = attributeDefName.getAttributeDef();
}
return attributeDef.getAttributeDefActionDelegate().findAction(query, false);
}
/**
*
*/
@Override
public Collection search(HttpServletRequest request, GrouperSession grouperSession, String query) {
String permissionDefId = request.getParameter("permissionDefComboName");
String permissionDefNameId = request.getParameter("permissionResourceNameComboName");
if (StringUtils.isBlank(permissionDefId) && StringUtils.isBlank(permissionDefNameId)) {
return new ArrayList();
}
AttributeDef attributeDef = null;
if (StringUtils.isNotBlank(permissionDefId)) {
attributeDef = AttributeDefFinder.findById(permissionDefId, false);
if (attributeDef == null) {
throw new RuntimeException("given attribute def id "+permissionDefId+" is not valid.");
}
}
if (attributeDef == null && StringUtils.isNotBlank(permissionDefNameId)) {
AttributeDefName attributeDefName = AttributeDefNameFinder.findById(permissionDefNameId, false);
if (attributeDefName == null) {
throw new RuntimeException("given attribute def name id "+permissionDefNameId+" is not valid.");
}
attributeDef = attributeDefName.getAttributeDef();
}
List actions = new ArrayList();
Set availableActions = attributeDef.getAttributeDefActionDelegate().allowedActions();
if (!StringUtils.isBlank(query)) {
String searchTerm = query.toLowerCase();
for (AttributeAssignAction action : availableActions) {
if (action.getName().toLowerCase().contains(searchTerm)) {
actions.add(action);
}
}
}
return actions;
}
/**
*
* @param t
* @return
*/
@Override
public String retrieveId(GrouperSession grouperSession, AttributeAssignAction action) {
return action.getId();
}
/**
*
*/
@Override
public String retrieveLabel(GrouperSession grouperSession, AttributeAssignAction action) {
return action.getName();
}
/**
*
*/
@Override
public String retrieveHtmlLabel(GrouperSession grouperSession, AttributeAssignAction action) {
//description could be null?
String label = GrouperUiUtils.escapeHtml(action.getName(), true);
String htmlLabel = " " + label;
return htmlLabel;
}
@Override
public String initialValidationError(HttpServletRequest localRequest, GrouperSession grouperSession) {
String permissionDefId = request.getParameter("permissionDefComboName");
String permissionDefNameId = request.getParameter("permissionResourceNameComboName");
if (StringUtils.isBlank(permissionDefId) && StringUtils.isBlank(permissionDefNameId)) {
return TextContainer.retrieveFromRequest().getText().get("groupAssignPermissionErrorNoPermDefOrResource");
}
return null;
}
});
}
/**
* @param httpServletRequest
* @return limitAssignId from request
*/
private String retrieveLimitAssignId(HttpServletRequest httpServletRequest) {
String menuIdOfMenuTarget = httpServletRequest.getParameter("menuIdOfMenuTarget");
if (StringUtils.isBlank(menuIdOfMenuTarget)) {
throw new RuntimeException("Missing id of menu target");
}
if (!menuIdOfMenuTarget.startsWith("limitMenuButton_")) {
throw new RuntimeException("Invalid id of menu target: '" + menuIdOfMenuTarget + "'");
}
String limitAssignId = GrouperUtil.prefixOrSuffix(menuIdOfMenuTarget, "limitMenuButton_", false);
return limitAssignId;
}
}