SEBSERV-8 #added java doc and finished model
This commit is contained in:
anhefti
parent
7498ede28e
commit
bae30aeb87
10 changed files with 300 additions and 180 deletions
|
|
@ -8,49 +8,70 @@
|
|||
|
||||
package ch.ethz.seb.sebserver.gbl.model.user;
|
||||
|
||||
import java.util.Set;
|
||||
import com.fasterxml.jackson.annotation.JsonProperty;
|
||||
|
||||
import org.joda.time.DateTime;
|
||||
import ch.ethz.seb.sebserver.gbl.model.Domain.USER;
|
||||
|
||||
/** TODO what filter criteria do we need? */
|
||||
public final class UserFilter {
|
||||
|
||||
public final Set<Long> institutionIds;
|
||||
public final String name;
|
||||
public final String username;
|
||||
public final String email;
|
||||
public final DateTime creationDateFrom;
|
||||
public final DateTime creationDateTo;
|
||||
public final Set<Long> createdById;
|
||||
@JsonProperty(USER.ATTR_ACTIVE)
|
||||
public final Boolean active;
|
||||
public final Set<String> locales;
|
||||
public final Set<String> timeZones;
|
||||
public final Set<String> roles;
|
||||
@JsonProperty(USER.ATTR_INSTITUTION_ID)
|
||||
public final Long institutionId;
|
||||
@JsonProperty(USER.ATTR_NAME)
|
||||
public final String name;
|
||||
@JsonProperty(USER.ATTR_USER_NAME)
|
||||
public final String userName;
|
||||
@JsonProperty(USER.ATTR_EMAIL)
|
||||
public final String email;
|
||||
@JsonProperty(USER.ATTR_LOCALE)
|
||||
public final String locale;
|
||||
|
||||
public UserFilter(
|
||||
final Set<Long> institutionIds,
|
||||
final String name,
|
||||
final String username,
|
||||
final String email,
|
||||
final DateTime creationDateFrom,
|
||||
final DateTime creationDateTo,
|
||||
final Set<Long> createdById,
|
||||
final Boolean active,
|
||||
final Set<String> locales,
|
||||
final Set<String> timeZones,
|
||||
final Set<String> roles) {
|
||||
@JsonProperty(USER.ATTR_INSTITUTION_ID) final Long institutionId,
|
||||
@JsonProperty(USER.ATTR_NAME) final String name,
|
||||
@JsonProperty(USER.ATTR_USER_NAME) final String userName,
|
||||
@JsonProperty(USER.ATTR_EMAIL) final String email,
|
||||
@JsonProperty(USER.ATTR_ACTIVE) final Boolean active,
|
||||
@JsonProperty(USER.ATTR_LOCALE) final String locale) {
|
||||
|
||||
this.institutionIds = institutionIds;
|
||||
this.institutionId = institutionId;
|
||||
this.name = name;
|
||||
this.username = username;
|
||||
this.userName = userName;
|
||||
this.email = email;
|
||||
this.creationDateFrom = creationDateFrom;
|
||||
this.creationDateTo = creationDateTo;
|
||||
this.createdById = createdById;
|
||||
this.active = active;
|
||||
this.locales = locales;
|
||||
this.timeZones = timeZones;
|
||||
this.roles = roles;
|
||||
this.locale = locale;
|
||||
}
|
||||
|
||||
public Long getInstitutionId() {
|
||||
return this.institutionId;
|
||||
}
|
||||
|
||||
public String getName() {
|
||||
return this.name;
|
||||
}
|
||||
|
||||
public String getUserName() {
|
||||
return this.userName;
|
||||
}
|
||||
|
||||
public String getEmail() {
|
||||
return this.email;
|
||||
}
|
||||
|
||||
public Boolean getActive() {
|
||||
return this.active;
|
||||
}
|
||||
|
||||
public String getLocale() {
|
||||
return this.locale;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "UserFilter [institutionId=" + this.institutionId + ", name=" + this.name + ", userName=" + this.userName
|
||||
+ ", email="
|
||||
+ this.email + ", active=" + this.active + ", locale=" + this.locale + "]";
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@ public final class UserInfo implements Entity, Serializable {
|
|||
@NotNull
|
||||
@Size(min = 3, max = 255, message = "userInfo:username:size:{min}:{max}:${validatedValue}")
|
||||
@JsonProperty(USER.ATTR_USER_NAME)
|
||||
public final String username;
|
||||
public final String userName;
|
||||
|
||||
/** E-mail address of the user */
|
||||
@Email(message = "userInfo:email:email:_:_:${validatedValue}")
|
||||
|
|
@ -93,7 +93,7 @@ public final class UserInfo implements Entity, Serializable {
|
|||
@JsonProperty(USER.ATTR_UUID) final String uuid,
|
||||
@JsonProperty(USER.ATTR_INSTITUTION_ID) final Long institutionId,
|
||||
@JsonProperty(USER.ATTR_NAME) final String name,
|
||||
@JsonProperty(USER.ATTR_USER_NAME) final String username,
|
||||
@JsonProperty(USER.ATTR_USER_NAME) final String userName,
|
||||
@JsonProperty(USER.ATTR_EMAIL) final String email,
|
||||
@JsonProperty(USER.ATTR_ACTIVE) final Boolean active,
|
||||
@JsonProperty(USER.ATTR_LOCALE) final Locale locale,
|
||||
|
|
@ -103,7 +103,7 @@ public final class UserInfo implements Entity, Serializable {
|
|||
this.uuid = uuid;
|
||||
this.institutionId = institutionId;
|
||||
this.name = name;
|
||||
this.username = username;
|
||||
this.userName = userName;
|
||||
this.email = email;
|
||||
this.active = BooleanUtils.isTrue(active);
|
||||
this.locale = locale;
|
||||
|
|
@ -130,8 +130,8 @@ public final class UserInfo implements Entity, Serializable {
|
|||
return this.name;
|
||||
}
|
||||
|
||||
public String getUsername() {
|
||||
return this.username;
|
||||
public String getUserName() {
|
||||
return this.userName;
|
||||
}
|
||||
|
||||
public String getEmail() {
|
||||
|
|
@ -187,8 +187,8 @@ public final class UserInfo implements Entity, Serializable {
|
|||
@Override
|
||||
public String toString() {
|
||||
return "UserInfo [uuid=" + this.uuid + ", institutionId=" + this.institutionId + ", name=" + this.name
|
||||
+ ", username="
|
||||
+ this.username + ", email=" + this.email + ", active=" + this.active + ", locale=" + this.locale
|
||||
+ ", userName="
|
||||
+ this.userName + ", email=" + this.email + ", active=" + this.active + ", locale=" + this.locale
|
||||
+ ", timeZone=" + this.timeZone
|
||||
+ ", roles=" + this.roles + "]";
|
||||
}
|
||||
|
|
@ -202,7 +202,7 @@ public final class UserInfo implements Entity, Serializable {
|
|||
userInfo.getUuid(),
|
||||
userInfo.getInstitutionId(),
|
||||
userInfo.getName(),
|
||||
userInfo.getUsername(),
|
||||
userInfo.getUserName(),
|
||||
userInfo.getEmail(),
|
||||
userInfo.getActive(),
|
||||
userInfo.getLocale(),
|
||||
|
|
|
|||
|
|
@ -10,16 +10,26 @@ package ch.ethz.seb.sebserver.webservice.servicelayer.authorization;
|
|||
|
||||
import ch.ethz.seb.sebserver.gbl.model.EntityType;
|
||||
|
||||
/** Defines a authorization grant rule for a specified EntityType.
|
||||
*
|
||||
* If there is the need for a specialized authorization grant rule for a specified EntityType, just
|
||||
* create an implementation of this interface for a specified EntityType as a normal Spring Component
|
||||
* and the AuthorizationGrantService will automatically collect it on initialization and use it for
|
||||
* the specified EntityType instead of the default implementation. */
|
||||
public interface AuthorizationGrantRule {
|
||||
|
||||
/** The EntityType of the authorization grant rule implementation.
|
||||
* This is used by the AuthorizationGrantService on initialization.
|
||||
*
|
||||
* @return the authorization grant rule implementation */
|
||||
EntityType entityType();
|
||||
|
||||
/** Implements a authorization grant rule check for a given entity, user and grant type.
|
||||
*
|
||||
* @param entity the GrantEntity instance to check the grant rule on
|
||||
* @param user the SEBServerUser instance to check the grant rule on
|
||||
* @param grantType the GrantType to check
|
||||
* @return true if a given user has a given grant-type on a given entity, false otherwise */
|
||||
boolean hasGrant(GrantEntity entity, SEBServerUser user, GrantType grantType);
|
||||
|
||||
// boolean hasReadGrant(GrantEntity entity, SEBServerUser user);
|
||||
//
|
||||
// boolean hasModifyGrant(GrantEntity entity, SEBServerUser user);
|
||||
//
|
||||
// boolean hasWriteGrant(GrantEntity entity, SEBServerUser user);
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,12 +25,19 @@ import ch.ethz.seb.sebserver.gbl.model.user.UserRole;
|
|||
import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
|
||||
import ch.ethz.seb.sebserver.webservice.servicelayer.authorization.RoleTypeGrant.RoleTypeKey;
|
||||
|
||||
/** A service to check authorization grants for a given user for entity-types and -instances
|
||||
*
|
||||
* If there is one or more GrantEntity objects within an authenticated user-request, this service
|
||||
* can be used check the authenticated user access grant within the object. Check if a given user
|
||||
* has write, modify or even read-only rights on an entity instance or on an entity type. */
|
||||
@Lazy
|
||||
@Service
|
||||
@WebServiceProfile
|
||||
public class AuthorizationGrantService {
|
||||
|
||||
/** Map of role based grants for specified entity types. */
|
||||
private final Map<RoleTypeGrant.RoleTypeKey, RoleTypeGrant> grants = new HashMap<>();
|
||||
/** Map of collected AuthorizationGrantRule exceptions */
|
||||
private final Map<EntityType, AuthorizationGrantRule> exceptionalRules =
|
||||
new EnumMap<>(EntityType.class);
|
||||
|
||||
|
|
@ -48,6 +55,7 @@ public class AuthorizationGrantService {
|
|||
}
|
||||
}
|
||||
|
||||
/** Initialize the (hard-coded) grants */
|
||||
@PostConstruct
|
||||
public void init() {
|
||||
// grants for institution
|
||||
|
|
@ -100,6 +108,16 @@ public class AuthorizationGrantService {
|
|||
// TODO other entities
|
||||
}
|
||||
|
||||
/** Checks if a given user has a specified grant for a given entity-type
|
||||
*
|
||||
* NOTE: within this method only base-privileges for a given entity-type are checked
|
||||
* there is no institutional or ownership grant check because this information lays on an entity-instance
|
||||
* rather then the entity-type.
|
||||
*
|
||||
* @param entityType the entity type
|
||||
* @param grantType the grant type to check
|
||||
* @param principal an authorization Principal instance to extract the user from
|
||||
* @return true if a given user has a specified grant for a given entity-type. False otherwise */
|
||||
public boolean hasTypeGrant(final EntityType entityType, final GrantType grantType, final Principal principal) {
|
||||
final SEBServerUser user = this.currentUserService.extractFromPrincipal(principal);
|
||||
for (final UserRole role : user.getUserRoles()) {
|
||||
|
|
@ -112,10 +130,22 @@ public class AuthorizationGrantService {
|
|||
return false;
|
||||
}
|
||||
|
||||
public boolean hasGrant(final GrantEntity entity, final GrantType type, final Principal principal) {
|
||||
return hasGrant(entity, type, this.currentUserService.extractFromPrincipal(principal));
|
||||
/** Checks if a given user has specified grant for a given entity-instance
|
||||
*
|
||||
* @param entity the entity-instance
|
||||
* @param grantType the grant type to check
|
||||
* @param principal an authorization Principal instance to extract the user from
|
||||
* @return true if a given user has a specified grant for a given entity-instance. False otherwise */
|
||||
public boolean hasGrant(final GrantEntity entity, final GrantType grantType, final Principal principal) {
|
||||
return hasGrant(entity, grantType, this.currentUserService.extractFromPrincipal(principal));
|
||||
}
|
||||
|
||||
/** Checks if a given user has specified grant for a given entity-instance
|
||||
*
|
||||
* @param entity the entity-instance
|
||||
* @param grantType the grant type to check
|
||||
* @param user a SEBServerUser instance to check grant for
|
||||
* @return true if a given user has a specified grant for a given entity-instance. False otherwise */
|
||||
public boolean hasGrant(final GrantEntity entity, final GrantType grantType, final SEBServerUser user) {
|
||||
final AuthorizationGrantRule authorizationGrantRule = getGrantRule(entity.entityType());
|
||||
if (authorizationGrantRule == null) {
|
||||
|
|
@ -125,14 +155,26 @@ public class AuthorizationGrantService {
|
|||
return authorizationGrantRule.hasGrant(entity, user, grantType);
|
||||
}
|
||||
|
||||
/** Closure to get a grant check predicate to filter a several entity-instances within the same grant
|
||||
*
|
||||
* @param entityType the EntityType for the grant check filter
|
||||
* @param grantType the GrantType for the grant check filter
|
||||
* @param principal an authorization Principal instance to extract the user from
|
||||
* @return A filter predicate working on the given attributes to check user grants */
|
||||
public <T extends GrantEntity> Predicate<T> getGrantFilter(
|
||||
final EntityType entityType,
|
||||
final GrantType type,
|
||||
final GrantType grantType,
|
||||
final Principal principal) {
|
||||
|
||||
return getGrantFilter(entityType, type, this.currentUserService.extractFromPrincipal(principal));
|
||||
return getGrantFilter(entityType, grantType, this.currentUserService.extractFromPrincipal(principal));
|
||||
}
|
||||
|
||||
/** Closure to get a grant check predicate to filter a several entity-instances within the same grant
|
||||
*
|
||||
* @param entityType the EntityType for the grant check filter
|
||||
* @param grantType the GrantType for the grant check filter
|
||||
* @param user a SEBServerUser instance to check grant for
|
||||
* @return A filter predicate working on the given attributes to check user grants */
|
||||
public <T extends GrantEntity> Predicate<T> getGrantFilter(
|
||||
final EntityType entityType,
|
||||
final GrantType grantType,
|
||||
|
|
@ -153,6 +195,52 @@ public class AuthorizationGrantService {
|
|||
return new GrantRuleBuilder(entityType);
|
||||
}
|
||||
|
||||
/** This is the default (or base) implementation of a AuthorizationGrantRule.
|
||||
*
|
||||
* The rule is: go over all user-roles of the given user and for each user-role check
|
||||
* if there is base-privilege on the given entity-type for the given grant type.
|
||||
* if true return true
|
||||
* if false; check if there is a given institutional-privilege on the given
|
||||
* entity-instance for the given grant type.
|
||||
* if true return true
|
||||
* if false; check if there is a given ownership-privilege on the given
|
||||
* entity-instance for the given grant type.
|
||||
* if true return true
|
||||
* if false return false */
|
||||
private final class BaseTypeGrantRule implements AuthorizationGrantRule {
|
||||
|
||||
private final EntityType type;
|
||||
private final Map<UserRole, RoleTypeGrant> grants;
|
||||
|
||||
public BaseTypeGrantRule(final EntityType type) {
|
||||
this.type = type;
|
||||
this.grants = new EnumMap<>(UserRole.class);
|
||||
for (final UserRole role : UserRole.values()) {
|
||||
this.grants.put(role,
|
||||
AuthorizationGrantService.this.grants.get(new RoleTypeKey(type, role)));
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public EntityType entityType() {
|
||||
return this.type;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean hasGrant(final GrantEntity entity, final SEBServerUser user, final GrantType grantType) {
|
||||
for (final UserRole role : user.getUserRoles()) {
|
||||
final RoleTypeGrant roleTypeGrant = this.grants.get(role);
|
||||
if (roleTypeGrant != null && roleTypeGrant.hasPrivilege(user, entity, grantType)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/** Implements a GrantRuleBuilder for internal use and to make the code more readable.
|
||||
* See init (PostConstruct) */
|
||||
private final class GrantRuleBuilder {
|
||||
private final EntityType entityType;
|
||||
private UserRole userRole;
|
||||
|
|
@ -203,38 +291,4 @@ public class AuthorizationGrantService {
|
|||
}
|
||||
}
|
||||
|
||||
private final class BaseTypeGrantRule implements AuthorizationGrantRule {
|
||||
|
||||
private final EntityType type;
|
||||
private final Map<UserRole, RoleTypeGrant> grants;
|
||||
|
||||
public BaseTypeGrantRule(final EntityType type) {
|
||||
this.type = type;
|
||||
this.grants = new EnumMap<>(UserRole.class);
|
||||
for (final UserRole role : UserRole.values()) {
|
||||
this.grants.put(role,
|
||||
AuthorizationGrantService.this.grants.get(new RoleTypeKey(type, role)));
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public EntityType entityType() {
|
||||
return this.type;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean hasGrant(final GrantEntity entity, final SEBServerUser user, final GrantType grantType) {
|
||||
for (final UserRole role : user.getUserRoles()) {
|
||||
final RoleTypeGrant roleTypeGrant = this.grants.get(role);
|
||||
if (roleTypeGrant != null) {
|
||||
if (roleTypeGrant.hasPrivilege(user, entity, grantType)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,6 +23,7 @@ import org.springframework.stereotype.Service;
|
|||
|
||||
import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
|
||||
|
||||
/** A service to get the authenticated user from current request */
|
||||
@Lazy
|
||||
@Service
|
||||
@WebServiceProfile
|
||||
|
|
|
|||
|
|
@ -1,76 +0,0 @@
|
|||
/*
|
||||
* Copyright (c) 2018 ETH Zürich, Educational Development and Technology (LET)
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
package ch.ethz.seb.sebserver.webservice.servicelayer.authorization;
|
||||
|
||||
/** A privilege consisting of a overall grant type, a institutional grant type and a owner grant type.
|
||||
*
|
||||
* The overallGrantType defines the grant type independent of an institutional relation as well as an owner
|
||||
* relation. The institutionalGrantType defines the grant type specific to the institutional relation of an entity.
|
||||
* And the ownerGrantType defines the grant type specific to the ownership of an entity
|
||||
*
|
||||
* For example with a privilege of:
|
||||
* overallGrantType = READ_ONLY
|
||||
* institutionalGrantType = MODIFY
|
||||
* ownerGrantType = WRITE
|
||||
*
|
||||
* A user with such a privilege is granted to see all type of specified entities independent of institutional relation
|
||||
* or ownership, is able to modify all type of specified entities within its own institution and is able to create or
|
||||
* delete owned entities. */
|
||||
public final class Privilege {
|
||||
|
||||
public final GrantType overallGrantType;
|
||||
public final GrantType institutionalGrantType;
|
||||
public final GrantType ownerGrantType;
|
||||
|
||||
public Privilege(
|
||||
final GrantType overallGrantType,
|
||||
final GrantType institutionalGrantType,
|
||||
final GrantType ownerGrantType) {
|
||||
|
||||
this.overallGrantType = overallGrantType;
|
||||
this.institutionalGrantType = institutionalGrantType;
|
||||
this.ownerGrantType = ownerGrantType;
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
final int prime = 31;
|
||||
int result = 1;
|
||||
result = prime * result + ((this.institutionalGrantType == null) ? 0 : this.institutionalGrantType.hashCode());
|
||||
result = prime * result + ((this.overallGrantType == null) ? 0 : this.overallGrantType.hashCode());
|
||||
result = prime * result + ((this.ownerGrantType == null) ? 0 : this.ownerGrantType.hashCode());
|
||||
return result;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(final Object obj) {
|
||||
if (this == obj)
|
||||
return true;
|
||||
if (obj == null)
|
||||
return false;
|
||||
if (getClass() != obj.getClass())
|
||||
return false;
|
||||
final Privilege other = (Privilege) obj;
|
||||
if (this.institutionalGrantType != other.institutionalGrantType)
|
||||
return false;
|
||||
if (this.overallGrantType != other.overallGrantType)
|
||||
return false;
|
||||
if (this.ownerGrantType != other.ownerGrantType)
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "Privilege [overallGrantType=" + this.overallGrantType + ", institutionalGrantType="
|
||||
+ this.institutionalGrantType
|
||||
+ ", ownerGrantType=" + this.ownerGrantType + "]";
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -11,26 +11,42 @@ package ch.ethz.seb.sebserver.webservice.servicelayer.authorization;
|
|||
import ch.ethz.seb.sebserver.gbl.model.EntityType;
|
||||
import ch.ethz.seb.sebserver.gbl.model.user.UserRole;
|
||||
|
||||
/** Defines a grant for a specified role and entity-type. */
|
||||
public final class RoleTypeGrant {
|
||||
|
||||
/** Defines a RoleTypeKey that is the combined identity of
|
||||
* a UserRole and a EntityType the RoleTypeGrant is applying for */
|
||||
public final RoleTypeKey roleTypeKey;
|
||||
/** Defines a base-privilege grant type that defines the overall access for entity-type */
|
||||
public final GrantType basePrivilege;
|
||||
/** Defines an institutional grant type that defines the institutional restricted access for a
|
||||
* entity-instance */
|
||||
public final GrantType institutionalPrivilege;
|
||||
public final GrantType ownerPrivilege;
|
||||
/** Defines an ownership grant type that defines the ownership restricted access for a entity-instance */
|
||||
public final GrantType ownershipPrivilege;
|
||||
|
||||
public RoleTypeGrant(
|
||||
final GrantType basePrivilege,
|
||||
final GrantType institutionalPrivilege,
|
||||
final GrantType ownerPrivilege,
|
||||
final GrantType ownershipPrivilege,
|
||||
final EntityType type,
|
||||
final UserRole role) {
|
||||
|
||||
this.roleTypeKey = new RoleTypeKey(type, role);
|
||||
this.basePrivilege = basePrivilege;
|
||||
this.institutionalPrivilege = institutionalPrivilege;
|
||||
this.ownerPrivilege = ownerPrivilege;
|
||||
this.ownershipPrivilege = ownershipPrivilege;
|
||||
}
|
||||
|
||||
/** Checks if a given user has specified grant type for a given entity-instance.
|
||||
* Checks all privileges in the order of: basePrivilege, institutionalPrivilege and ownershipPrivilege
|
||||
*
|
||||
*
|
||||
* @param user SEBServerUser instance to check institutional grant
|
||||
* @param entity entity-instance to check institutional grant
|
||||
* @param grantType the GrantType to check on all privileges if one matches
|
||||
* @return true if one privilege of this RoleTypeGrant matches the implicit grant type check for a given user and
|
||||
* entity instance */
|
||||
public boolean hasPrivilege(
|
||||
final SEBServerUser user,
|
||||
final GrantEntity entity,
|
||||
|
|
@ -38,13 +54,35 @@ public final class RoleTypeGrant {
|
|||
|
||||
return hasBasePrivilege(grantType) ||
|
||||
hasInstitutionalPrivilege(user, entity, grantType) ||
|
||||
hasOwnerPrivilege(user, entity, grantType);
|
||||
hasOwnershipPrivilege(user, entity, grantType);
|
||||
}
|
||||
|
||||
/** Checks the base privilege on given grantType by using the hasImplicit
|
||||
* function of this basePrivilege.
|
||||
*
|
||||
* Implicit in this case means: if the basePrivilege is of type GrantType.WRITE,
|
||||
* GrantType.MODIFY and GrantType.READ_ONLY are implicitly included.
|
||||
* If the basePrivilege is of type GrantType.MODIFY, the GrantType.READ_ONLY are implicitly included
|
||||
* and so on.
|
||||
*
|
||||
* @param grantType the GrantType to check on basePrivilege
|
||||
* @return true if the basePrivilege includes the given grantType */
|
||||
public boolean hasBasePrivilege(final GrantType grantType) {
|
||||
return this.basePrivilege.hasImplicit(grantType);
|
||||
}
|
||||
|
||||
/** Checks the institutional privilege on given grantType by using the hasImplicit
|
||||
* function of this institutionalPrivilege.
|
||||
*
|
||||
* Implicit in this case means: if the institutionalPrivilege is of type GrantType.WRITE,
|
||||
* GrantType.MODIFY and GrantType.READ_ONLY are implicitly included.
|
||||
* If the institutionalPrivilege is of type GrantType.MODIFY, the GrantType.READ_ONLY are implicitly included
|
||||
* and so on.
|
||||
*
|
||||
* @param grantType the GrantType to check on institutionalPrivilege
|
||||
* @param user SEBServerUser instance to check institutional grant
|
||||
* @param entity entity-instance to check institutional grant
|
||||
* @return true if the institutionalPrivilege includes the given grantType */
|
||||
public boolean hasInstitutionalPrivilege(
|
||||
final SEBServerUser user,
|
||||
final GrantEntity entity,
|
||||
|
|
@ -54,15 +92,61 @@ public final class RoleTypeGrant {
|
|||
user.institutionId().longValue() == entity.institutionId().longValue();
|
||||
}
|
||||
|
||||
public boolean hasOwnerPrivilege(
|
||||
/** Checks the ownership privilege on given grantType by using the hasImplicit
|
||||
* function of this ownershipPrivilege.
|
||||
*
|
||||
* Implicit in this case means: if the ownershipPrivilege is of type GrantType.WRITE,
|
||||
* GrantType.MODIFY and GrantType.READ_ONLY are implicitly included.
|
||||
* If the ownershipPrivilege is of type GrantType.MODIFY, the GrantType.READ_ONLY are implicitly included
|
||||
* and so on.
|
||||
*
|
||||
* @param grantType the GrantType to check on ownershipPrivilege
|
||||
* @param user SEBServerUser instance to check ownership grant
|
||||
* @param entity entity-instance to check ownership grant
|
||||
* @return true if the ownershipPrivilege includes the given grantType */
|
||||
public boolean hasOwnershipPrivilege(
|
||||
final SEBServerUser user,
|
||||
final GrantEntity entity,
|
||||
final GrantType grantType) {
|
||||
|
||||
return this.ownerPrivilege.hasImplicit(grantType) &&
|
||||
return this.ownershipPrivilege.hasImplicit(grantType) &&
|
||||
user.uuid().equals(entity.ownerUUID());
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
final int prime = 31;
|
||||
int result = 1;
|
||||
result = prime * result + ((this.roleTypeKey == null) ? 0 : this.roleTypeKey.hashCode());
|
||||
return result;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(final Object obj) {
|
||||
if (this == obj)
|
||||
return true;
|
||||
if (obj == null)
|
||||
return false;
|
||||
if (getClass() != obj.getClass())
|
||||
return false;
|
||||
final RoleTypeGrant other = (RoleTypeGrant) obj;
|
||||
if (this.roleTypeKey == null) {
|
||||
if (other.roleTypeKey != null)
|
||||
return false;
|
||||
} else if (!this.roleTypeKey.equals(other.roleTypeKey))
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "RoleTypeGrant [roleTypeKey=" + this.roleTypeKey + ", basePrivilege=" + this.basePrivilege
|
||||
+ ", institutionalPrivilege=" + this.institutionalPrivilege + ", ownershipPrivilege="
|
||||
+ this.ownershipPrivilege
|
||||
+ "]";
|
||||
}
|
||||
|
||||
/** A key that combines UserRole EntityType identity */
|
||||
static final class RoleTypeKey {
|
||||
|
||||
public final EntityType entityType;
|
||||
|
|
@ -97,6 +181,11 @@ public final class RoleTypeGrant {
|
|||
return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "RoleTypeKey [entityType=" + this.entityType + ", userRole=" + this.userRole + "]";
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ public final class SEBServerUser implements UserDetails, CredentialsContainer {
|
|||
|
||||
@Override
|
||||
public String getUsername() {
|
||||
return this.userInfo.username;
|
||||
return this.userInfo.userName;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -8,8 +8,7 @@
|
|||
|
||||
package ch.ethz.seb.sebserver.webservice.servicelayer.dao.impl;
|
||||
|
||||
import static org.mybatis.dynamic.sql.SqlBuilder.isEqualTo;
|
||||
import static org.mybatis.dynamic.sql.SqlBuilder.isNotEqualTo;
|
||||
import static org.mybatis.dynamic.sql.SqlBuilder.*;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
|
|
@ -106,13 +105,7 @@ public class UserDaoImpl implements UserDAO {
|
|||
.build()
|
||||
.execute();
|
||||
|
||||
if (records == null) {
|
||||
return Result.of(Collections.emptyList());
|
||||
}
|
||||
|
||||
return Result.of(records.stream()
|
||||
.map(record -> UserInfo.fromRecord(record, getRoles(record)))
|
||||
.collect(Collectors.toList()));
|
||||
return fromRecords(records);
|
||||
|
||||
} catch (final Exception e) {
|
||||
final String errorMessage = "Unexpected error while trying to get all active users: ";
|
||||
|
|
@ -150,8 +143,25 @@ public class UserDaoImpl implements UserDAO {
|
|||
@Override
|
||||
@Transactional(readOnly = true)
|
||||
public Result<Collection<UserInfo>> all(final UserFilter filter) {
|
||||
// TODO Auto-generated method stub
|
||||
return null;
|
||||
try {
|
||||
|
||||
final List<UserRecord> records = this.userRecordMapper.selectByExample().where(
|
||||
UserRecordDynamicSqlSupport.active,
|
||||
isNotEqualTo(BooleanUtils.toInteger(filter.active)))
|
||||
.and(UserRecordDynamicSqlSupport.institutionId, isEqualToWhenPresent(filter.institutionId))
|
||||
.and(UserRecordDynamicSqlSupport.name, isLikeWhenPresent(filter.name))
|
||||
.and(UserRecordDynamicSqlSupport.userName, isLikeWhenPresent(filter.userName))
|
||||
.and(UserRecordDynamicSqlSupport.locale, isLikeWhenPresent(filter.locale))
|
||||
.build()
|
||||
.execute();
|
||||
|
||||
return fromRecords(records);
|
||||
|
||||
} catch (final Exception e) {
|
||||
final String errorMessage = "Unexpected error while trying to get fitered users: ";
|
||||
log.error(errorMessage + " filter: {}", filter, e);
|
||||
return Result.ofRuntimeError(errorMessage);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -184,6 +194,16 @@ public class UserDaoImpl implements UserDAO {
|
|||
return Result.ofError(new RuntimeException("TODO"));
|
||||
}
|
||||
|
||||
private Result<Collection<UserInfo>> fromRecords(final List<UserRecord> records) {
|
||||
if (records == null) {
|
||||
return Result.of(Collections.emptyList());
|
||||
}
|
||||
|
||||
return Result.of(records.stream()
|
||||
.map(record -> UserInfo.fromRecord(record, getRoles(record)))
|
||||
.collect(Collectors.toList()));
|
||||
}
|
||||
|
||||
private Result<UserInfo> updateUser(final UserMod userMod) {
|
||||
final UserInfo userInfo = userMod.getUserInfo();
|
||||
return recordByUUID(userInfo.uuid)
|
||||
|
|
@ -202,7 +222,7 @@ public class UserDaoImpl implements UserDAO {
|
|||
null,
|
||||
null,
|
||||
userInfo.name,
|
||||
userInfo.username,
|
||||
userInfo.userName,
|
||||
(changePWD) ? userMod.getNewPassword() : null,
|
||||
userInfo.email,
|
||||
userInfo.locale.toLanguageTag(),
|
||||
|
|
@ -231,7 +251,7 @@ public class UserDaoImpl implements UserDAO {
|
|||
userInfo.institutionId,
|
||||
UUID.randomUUID().toString(),
|
||||
userInfo.name,
|
||||
userInfo.username,
|
||||
userInfo.userName,
|
||||
userMod.getNewPassword(),
|
||||
userInfo.email,
|
||||
userInfo.locale.toLanguageTag(),
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ public class AuthorizationGrantServiceTest {
|
|||
private Principal principal;
|
||||
|
||||
@Test
|
||||
@SuppressWarnings("unused")
|
||||
public void testInit() {
|
||||
try {
|
||||
final AuthorizationGrantService service = getTestServiceWithUserWithRoles();
|
||||
|
|
|
|||
Loading…
Reference in a new issue