Java Code Examples for org.wso2.carbon.user.core.util.UserCoreUtil#optimizePermissions()

The following examples show how to use org.wso2.carbon.user.core.util.UserCoreUtil#optimizePermissions() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ManagementPermissionUtil.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up 
public static Permission[] getRoleUIPermissions(String roleName, String[] rawPermissions)
		throws UserAdminException {
	Permission[] permissions;
	if (ArrayUtils.isEmpty(rawPermissions)) {
		return new Permission[0];
	}

	String[] optimizedList = UserCoreUtil.optimizePermissions(rawPermissions);
	permissions = new Permission[optimizedList.length];
	int i = 0;
	for (String path : optimizedList) {
		permissions[i++] = new Permission(path, UserMgtConstants.EXECUTE_ACTION);
	}

	return permissions;
}
Example 2
Source File: UserRealmProxy.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up 
public void setRoleUIPermission(String roleName, String[] rawResources)
        throws UserAdminException {
    try {
        if (((AbstractUserStoreManager) realm.getUserStoreManager()).isOthersSharedRole(roleName)) {
            throw new UserAdminException("Logged in user is not authorized to assign " +
                    "permissions to a role belong to another tenant");
        }
        if (realm.getRealmConfiguration().getAdminRoleName().equalsIgnoreCase(roleName)) {
            String msg = "UI permissions of Admin is not allowed to change";
            log.error(msg);
            throw new UserAdminException(msg);
        }

        String loggedInUserName = addPrimaryDomainIfNotExists(getLoggedInUser());
        String adminUser = addPrimaryDomainIfNotExists(realm.getRealmConfiguration().getAdminUserName());
        if (rawResources != null &&
                !adminUser.equalsIgnoreCase(loggedInUserName)) {
            Arrays.sort(rawResources);
            if (Arrays.binarySearch(rawResources, PERMISSION_ADMIN) > -1 ||
                    Arrays.binarySearch(rawResources, "/permission/protected") > -1 ||
                    Arrays.binarySearch(rawResources, PERMISSION) > -1) {
                log.warn("An attempt to Assign admin permission for role by user : " +
                        loggedInUserName);
                throw new UserStoreException("Can not assign Admin for permission role");
            }
        }

        String[] optimizedList = UserCoreUtil.optimizePermissions(rawResources);
        AuthorizationManager authMan = realm.getAuthorizationManager();
        authMan.clearRoleActionOnAllResources(roleName, UserMgtConstants.EXECUTE_ACTION);
        for (String path : optimizedList) {
            authMan.authorizeRole(roleName, path, UserMgtConstants.EXECUTE_ACTION);
        }
    } catch (UserStoreException e) {
        log.error(e.getMessage(), e);
        throw new UserAdminException(e.getMessage(), e);
    }
}
Example 3
Source File: UserRealmProxy.java    From carbon-identity-framework with Apache License 2.0 4 votes vote down vote up 
public void setRoleUIPermission(String roleName, String[] rawResources)
        throws UserAdminException {

    Permission[] permissions = null;
    UserStoreManager userStoreManager = null;
    try {
        if (((AbstractUserStoreManager) realm.getUserStoreManager()).isOthersSharedRole(roleName)) {
            throw new UserAdminException("Logged in user is not authorized to assign " +
                    "permissions to a role belong to another tenant");
        }
        if (realm.getRealmConfiguration().getAdminRoleName().equalsIgnoreCase(roleName)) {
            String msg = "UI permissions of Admin is not allowed to change";
            log.error(msg);
            throw new UserAdminException(msg);
        }

        String loggedInUserName = addPrimaryDomainIfNotExists(getLoggedInUser());
        String adminUser = addPrimaryDomainIfNotExists(realm.getRealmConfiguration().getAdminUserName());
        if (rawResources != null &&
                !adminUser.equalsIgnoreCase(loggedInUserName)) {
            Arrays.sort(rawResources);
            if (Arrays.binarySearch(rawResources, PERMISSION_ADMIN) > -1 ||
                    Arrays.binarySearch(rawResources, "/permission/protected") > -1 ||
                    Arrays.binarySearch(rawResources, PERMISSION) > -1) {
                log.warn("An attempt to Assign admin permission for role by user : " +
                        loggedInUserName);
                throw new UserStoreException("Can not assign Admin for permission role");
            }
        }

        String[] optimizedList = UserCoreUtil.optimizePermissions(rawResources);
        AuthorizationManager authMan = realm.getAuthorizationManager();
        authMan.clearRoleActionOnAllResources(roleName, UserMgtConstants.EXECUTE_ACTION);

        permissions = new Permission[optimizedList.length];
        for (int i = 0; i < optimizedList.length; i++) {
            authMan.authorizeRole(roleName, optimizedList[i], UserMgtConstants.EXECUTE_ACTION);
            permissions[i] = new Permission(optimizedList[i], UserMgtConstants.EXECUTE_ACTION);
        }

        userStoreManager = realm.getUserStoreManager();
        ManagementPermissionUtil.handlePostUpdatePermissionsOfRole(roleName, permissions, userStoreManager);
    } catch (UserStoreException e) {
        ManagementPermissionUtil
                .handleOnUpdatePermissionsOfRoleFailure(e.getMessage(), roleName, permissions, userStoreManager);
        log.error(e.getMessage(), e);
        throw new UserAdminException(e.getMessage(), e);
    }
}