Coverage Report

Coverage Report - org.kuali.student.common.ui.server.gwt.SecurityRpcGwtServlet

Classes in this File

Line Coverage

Branch Coverage

Complexity

SecurityRpcGwtServlet

0/38

0/6

1.5

 /**
  * Copyright 2010 The Kuali Foundation Licensed under the
  * Educational Community License, Version 2.0 (the "License"); you may
  * not use this file except in compliance with the License. You may
  * obtain a copy of the License at
  *
  * http://www.osedu.org/licenses/ECL-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an "AS IS"
  * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
  * or implied. See the License for the specific language governing
  * permissions and limitations under the License.
  */
 
 package org.kuali.student.common.ui.server.gwt;
 
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 
 import org.apache.log4j.Logger;
 import org.kuali.rice.kim.bo.role.dto.KimPermissionInfo;
 import org.kuali.rice.kim.bo.types.dto.AttributeSet;
 import org.kuali.rice.kim.service.IdentityManagementService;
 import org.kuali.student.common.rice.StudentIdentityConstants;
 import org.kuali.student.common.rice.authorization.PermissionType;
 import org.kuali.student.common.ui.client.service.SecurityRpcService;
 import org.kuali.student.common.ui.client.service.exceptions.OperationFailedException;
 import org.kuali.student.common.util.security.SecurityUtils;
 
 import com.google.gwt.user.server.rpc.RemoteServiceServlet;
 
 /**
  * This provides security RPC services to the GWT Application.  It should be noted that this
  * does not provide true client authorization as these calls can be easily manipulated by the
  * end user.  These calls are to be used to solely hide application components for
  * users which are not privileged to view them and the check is merely for visual display.
  * 
  * The real security checks are performed via security checks on the data RPC get/save
  * operations as well as masking/hiding of data returned to the browser.
  * 
  * @author Kuali Student Team
  *
  */
 public class SecurityRpcGwtServlet extends RemoteServiceServlet implements SecurityRpcService{
 
         final Logger LOG = Logger.getLogger(SecurityRpcGwtServlet.class);
         
         private static final long serialVersionUID = 1L;
     
         private IdentityManagementService permissionService;
        
         @Override
     public String getPrincipalUsername(){
             return SecurityUtils.getCurrentPrincipalName();
     }
 
         @Override
         public HashMap<String, Boolean> getScreenPermissions(ArrayList<String> screens) {
                 // TODO Auto-generated method stub
                 return null;
         }
          
         @Override
         public HashMap<String, Boolean> getPermissions(ArrayList<String> permissionNames) throws OperationFailedException{
                 String principalId = SecurityUtils.getCurrentPrincipalId();
                 
                 LOG.debug("Retreiving permissions for permission name: " + permissionNames + " for " + principalId);
                 
                 //FIXME: Is there a way to retrieve multiple permissions at once instead of calling isAuthorized multiple times?
                 HashMap<String,Boolean> permissions = new HashMap<String,Boolean>();
                 for (String permissionName:permissionNames){
                         boolean hasAccess = getPermissionService().isAuthorized(principalId, "KS-SYS", permissionName, null, null);
                         permissions.put(permissionName, hasAccess);
                 }
                                 
                 return permissions;
         }
         
         @Override
         public Boolean hasScreenPermission(String screenName) throws OperationFailedException {
                 String principalId = SecurityUtils.getCurrentPrincipalId();
                 
                 LOG.debug("Retreiving screen permission " + screenName + " for " + principalId);                
                         
         AttributeSet permDetails = new AttributeSet();
         permDetails.put(StudentIdentityConstants.SCREEN_COMPONENT, screenName);
         boolean hasAccess = false;
         hasAccess = getPermissionService().isAuthorizedByTemplateName(principalId, 
                                         PermissionType.USE_SCREEN.getPermissionNamespace(), 
                                         PermissionType.USE_SCREEN.getPermissionTemplateName(), permDetails, 
                                         permDetails);
 
         LOG.debug(principalId + " access : " + hasAccess);
         
                 return hasAccess;
         }
         
         
         @Override
         public Boolean hasPermissionByPermissionName(String permissionName)        throws OperationFailedException {                
                 String principalId = SecurityUtils.getCurrentPrincipalId();
                 
                 LOG.debug("Retreiving permissions for permission name: " + permissionName + " for " + principalId);
                 
                 //TODO: Do we need to worry about permission details when checking by permission name
                 boolean hasAccess = false;
                 hasAccess = getPermissionService().isAuthorized(principalId, "KS-SYS", permissionName, null, null);
                 
                 LOG.debug(principalId + " access : " + hasAccess);
                 
                 return hasAccess;
         }
 
         /**
          * This will return all permissions assigned to this user.
          * 
          * TODO: Need to determine if permission details are required.   
          */
         @SuppressWarnings("unchecked")
         @Override
         public ArrayList<String> getPermissionsByType(PermissionType permissionType) throws OperationFailedException {
                 ArrayList<String> matchingPermissions = new ArrayList<String>();
         
                 String principalId = SecurityUtils.getCurrentPrincipalId();
                 
                 LOG.debug("Retreiving permissions for template: " + permissionType.getPermissionTemplateName() + " for " + principalId);
  
                 List<KimPermissionInfo> permissions = (List<KimPermissionInfo>)getPermissionService().getAuthorizedPermissionsByTemplateName(
                                 principalId, permissionType.getPermissionNamespace(), permissionType.getPermissionTemplateName(), null, null);
                 
                 
                 for (KimPermissionInfo permissionInfo:permissions){
                         matchingPermissions.add(permissionInfo.getName());
                 }
                 
                 return matchingPermissions;
         }
         
         
         public void setPermissionService(IdentityManagementService permissionService) {
                 this.permissionService = permissionService;
         }
 
         public IdentityManagementService getPermissionService()throws OperationFailedException{
                 if(permissionService==null){
                 throw new OperationFailedException("Permission Service is unavailable");
         }
 
                 return permissionService;
         }
 
         
 }

1		/**
2		* Copyright 2010 The Kuali Foundation Licensed under the
3		* Educational Community License, Version 2.0 (the "License"); you may
4		* not use this file except in compliance with the License. You may
5		* obtain a copy of the License at
6		*
7		* http://www.osedu.org/licenses/ECL-2.0
8		*
9		* Unless required by applicable law or agreed to in writing,
10		* software distributed under the License is distributed on an "AS IS"
11		* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
12		* or implied. See the License for the specific language governing
13		* permissions and limitations under the License.
14		*/
15
16		package org.kuali.student.common.ui.server.gwt;
17
18		import java.util.ArrayList;
19		import java.util.HashMap;
20		import java.util.List;
21
22		import org.apache.log4j.Logger;
23		import org.kuali.rice.kim.bo.role.dto.KimPermissionInfo;
24		import org.kuali.rice.kim.bo.types.dto.AttributeSet;
25		import org.kuali.rice.kim.service.IdentityManagementService;
26		import org.kuali.student.common.rice.StudentIdentityConstants;
27		import org.kuali.student.common.rice.authorization.PermissionType;
28		import org.kuali.student.common.ui.client.service.SecurityRpcService;
29		import org.kuali.student.common.ui.client.service.exceptions.OperationFailedException;
30		import org.kuali.student.common.util.security.SecurityUtils;
31
32		import com.google.gwt.user.server.rpc.RemoteServiceServlet;
33
34		/**
35		* This provides security RPC services to the GWT Application. It should be noted that this
36		* does not provide true client authorization as these calls can be easily manipulated by the
37		* end user. These calls are to be used to solely hide application components for
38		* users which are not privileged to view them and the check is merely for visual display.
39		*
40		* The real security checks are performed via security checks on the data RPC get/save
41		* operations as well as masking/hiding of data returned to the browser.
42		*
43		* @author Kuali Student Team
44		*
45		*/
46	0	public class SecurityRpcGwtServlet extends RemoteServiceServlet implements SecurityRpcService{
47
48	0	final Logger LOG = Logger.getLogger(SecurityRpcGwtServlet.class);
49
50		private static final long serialVersionUID = 1L;
51
52		private IdentityManagementService permissionService;
53
54		@Override
55		public String getPrincipalUsername(){
56	0	return SecurityUtils.getCurrentPrincipalName();
57		}
58
59		@Override
60		public HashMap<String, Boolean> getScreenPermissions(ArrayList<String> screens) {
61		// TODO Auto-generated method stub
62	0	return null;
63		}
64
65		@Override
66		public HashMap<String, Boolean> getPermissions(ArrayList<String> permissionNames) throws OperationFailedException{
67	0	String principalId = SecurityUtils.getCurrentPrincipalId();
68
69	0	LOG.debug("Retreiving permissions for permission name: " + permissionNames + " for " + principalId);
70
71		//FIXME: Is there a way to retrieve multiple permissions at once instead of calling isAuthorized multiple times?
72	0	HashMap<String,Boolean> permissions = new HashMap<String,Boolean>();
73	0	for (String permissionName:permissionNames){
74	0	boolean hasAccess = getPermissionService().isAuthorized(principalId, "KS-SYS", permissionName, null, null);
75	0	permissions.put(permissionName, hasAccess);
76	0	}
77
78	0	return permissions;
79		}
80
81		@Override
82		public Boolean hasScreenPermission(String screenName) throws OperationFailedException {
83	0	String principalId = SecurityUtils.getCurrentPrincipalId();
84
85	0	LOG.debug("Retreiving screen permission " + screenName + " for " + principalId);
86
87	0	AttributeSet permDetails = new AttributeSet();
88	0	permDetails.put(StudentIdentityConstants.SCREEN_COMPONENT, screenName);
89	0	boolean hasAccess = false;
90	0	hasAccess = getPermissionService().isAuthorizedByTemplateName(principalId,
91		PermissionType.USE_SCREEN.getPermissionNamespace(),
92		PermissionType.USE_SCREEN.getPermissionTemplateName(), permDetails,
93		permDetails);
94
95	0	LOG.debug(principalId + " access : " + hasAccess);
96
97	0	return hasAccess;
98		}
99
100
101		@Override
102		public Boolean hasPermissionByPermissionName(String permissionName) throws OperationFailedException {
103	0	String principalId = SecurityUtils.getCurrentPrincipalId();
104
105	0	LOG.debug("Retreiving permissions for permission name: " + permissionName + " for " + principalId);
106
107		//TODO: Do we need to worry about permission details when checking by permission name
108	0	boolean hasAccess = false;
109	0	hasAccess = getPermissionService().isAuthorized(principalId, "KS-SYS", permissionName, null, null);
110
111	0	LOG.debug(principalId + " access : " + hasAccess);
112
113	0	return hasAccess;
114		}
115
116		/**
117		* This will return all permissions assigned to this user.
118		*
119		* TODO: Need to determine if permission details are required.
120		*/
121		@SuppressWarnings("unchecked")
122		@Override
123		public ArrayList<String> getPermissionsByType(PermissionType permissionType) throws OperationFailedException {
124	0	ArrayList<String> matchingPermissions = new ArrayList<String>();
125
126	0	String principalId = SecurityUtils.getCurrentPrincipalId();
127
128	0	LOG.debug("Retreiving permissions for template: " + permissionType.getPermissionTemplateName() + " for " + principalId);
129
130	0	List<KimPermissionInfo> permissions = (List<KimPermissionInfo>)getPermissionService().getAuthorizedPermissionsByTemplateName(
131		principalId, permissionType.getPermissionNamespace(), permissionType.getPermissionTemplateName(), null, null);
132
133
134	0	for (KimPermissionInfo permissionInfo:permissions){
135	0	matchingPermissions.add(permissionInfo.getName());
136		}
137
138	0	return matchingPermissions;
139		}
140
141
142		public void setPermissionService(IdentityManagementService permissionService) {
143	0	this.permissionService = permissionService;
144	0	}
145
146		public IdentityManagementService getPermissionService()throws OperationFailedException{
147	0	if(permissionService==null){
148	0	throw new OperationFailedException("Permission Service is unavailable");
149		}
150
151	0	return permissionService;
152		}
153
154
155		}