AdminEvaluator.java example

Explorer
uPortal-master
/**
 * Licensed to Apereo under one or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information regarding copyright ownership. Apereo
 * licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use
 * this file except in compliance with the License. You may obtain a copy of the License at the
 * following location:
 *
 * <p>http://www.apache.org/licenses/LICENSE-2.0
 *
 * <p>Unless required by applicable law or agreed to in writing, software distributed under the
 * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
 * express or implied. See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apereo.portal.security;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apereo.portal.groups.GroupsException;
import org.apereo.portal.groups.IEntityGroup;
import org.apereo.portal.groups.IGroupMember;
import org.apereo.portal.services.AuthorizationService;
import org.apereo.portal.services.GroupService;

/**
 * Provides single location for housing knowledge of the various ways to determine if a user is an
 * administrator or is in any administrative sub-group.
 *
 * @deprecated The few things this class controls should be converted to proper permissions.
 */
@Deprecated
public class AdminEvaluator {

    public static final String PORTAL_ADMINISTRATORS_DISTINGUISHED_GROUP = IPerson.DISTINGUISHED_GROUP + ".PortalAdministrators";


    private static final Log cLog = LogFactory.getLog(AdminEvaluator.class);

    /**
     * Determines if the passed-in IPerson represents a user that is a member of the administrator
     * group or any of its sub groups.
     *
     * @param p
     * @return
     */
    public static boolean isAdmin(IPerson p) {
        IAuthorizationPrincipal iap =
                AuthorizationService.instance()
                        .newPrincipal(
                                p.getEntityIdentifier().getKey(),
                                p.getEntityIdentifier().getType());

        return isAdmin(iap);
    }

    /**
     * Determines if the passed-in authorization principal represents a user that is a member of the
     * administrator group or any of its sub groups.
     */
    public static boolean isAdmin(IAuthorizationPrincipal ap) {
        IGroupMember member = AuthorizationService.instance().getGroupMember(ap);
        return isAdmin(member);
    }

    /**
     * Determines if the passed-in group member represents a user that is a member of the
     * administrator group or any of its sub groups.
     */
    public static boolean isAdmin(IGroupMember member) {
        IEntityGroup adminGroup = null;

        try {
            adminGroup = GroupService.getDistinguishedGroup(PORTAL_ADMINISTRATORS_DISTINGUISHED_GROUP);
        } catch (GroupsException ge) {
            // cannot determine whether or not the user is an admin.
            cLog.error(
                    "Administrative group not found, cannot determine "
                            + "user's admininstrative membership.",
                    ge);
        }

        return (null != adminGroup && adminGroup.deepContains(member));
    }
}