From bae30aeb87919f89c3f47aa5f768f5ca88fa1d5d Mon Sep 17 00:00:00 2001 From: anhefti Date: Tue, 4 Dec 2018 13:08:55 +0100 Subject: [PATCH] SEBSERV-8 #added java doc and finished model --- .../sebserver/gbl/model/user/UserFilter.java | 85 +++++++----- .../sebserver/gbl/model/user/UserInfo.java | 16 +-- .../authorization/AuthorizationGrantRule.java | 22 ++- .../AuthorizationGrantService.java | 130 +++++++++++++----- .../authorization/CurrentUserService.java | 1 + .../servicelayer/authorization/Privilege.java | 76 ---------- .../authorization/RoleTypeGrant.java | 101 +++++++++++++- .../authorization/SEBServerUser.java | 2 +- .../servicelayer/dao/impl/UserDaoImpl.java | 46 +++++-- .../AuthorizationGrantServiceTest.java | 1 + 10 files changed, 300 insertions(+), 180 deletions(-) delete mode 100644 src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/Privilege.java diff --git a/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/UserFilter.java b/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/UserFilter.java index 739ae615..f59a8cfe 100644 --- a/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/UserFilter.java +++ b/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/UserFilter.java @@ -8,49 +8,70 @@ package ch.ethz.seb.sebserver.gbl.model.user; -import java.util.Set; +import com.fasterxml.jackson.annotation.JsonProperty; -import org.joda.time.DateTime; +import ch.ethz.seb.sebserver.gbl.model.Domain.USER; -/** TODO what filter criteria do we need? */ public final class UserFilter { - public final Set institutionIds; - public final String name; - public final String username; - public final String email; - public final DateTime creationDateFrom; - public final DateTime creationDateTo; - public final Set createdById; + @JsonProperty(USER.ATTR_ACTIVE) public final Boolean active; - public final Set locales; - public final Set timeZones; - public final Set roles; + @JsonProperty(USER.ATTR_INSTITUTION_ID) + public final Long institutionId; + @JsonProperty(USER.ATTR_NAME) + public final String name; + @JsonProperty(USER.ATTR_USER_NAME) + public final String userName; + @JsonProperty(USER.ATTR_EMAIL) + public final String email; + @JsonProperty(USER.ATTR_LOCALE) + public final String locale; public UserFilter( - final Set institutionIds, - final String name, - final String username, - final String email, - final DateTime creationDateFrom, - final DateTime creationDateTo, - final Set createdById, - final Boolean active, - final Set locales, - final Set timeZones, - final Set roles) { + @JsonProperty(USER.ATTR_INSTITUTION_ID) final Long institutionId, + @JsonProperty(USER.ATTR_NAME) final String name, + @JsonProperty(USER.ATTR_USER_NAME) final String userName, + @JsonProperty(USER.ATTR_EMAIL) final String email, + @JsonProperty(USER.ATTR_ACTIVE) final Boolean active, + @JsonProperty(USER.ATTR_LOCALE) final String locale) { - this.institutionIds = institutionIds; + this.institutionId = institutionId; this.name = name; - this.username = username; + this.userName = userName; this.email = email; - this.creationDateFrom = creationDateFrom; - this.creationDateTo = creationDateTo; - this.createdById = createdById; this.active = active; - this.locales = locales; - this.timeZones = timeZones; - this.roles = roles; + this.locale = locale; + } + + public Long getInstitutionId() { + return this.institutionId; + } + + public String getName() { + return this.name; + } + + public String getUserName() { + return this.userName; + } + + public String getEmail() { + return this.email; + } + + public Boolean getActive() { + return this.active; + } + + public String getLocale() { + return this.locale; + } + + @Override + public String toString() { + return "UserFilter [institutionId=" + this.institutionId + ", name=" + this.name + ", userName=" + this.userName + + ", email=" + + this.email + ", active=" + this.active + ", locale=" + this.locale + "]"; } } diff --git a/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/UserInfo.java b/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/UserInfo.java index 1a1726a9..f94f13e1 100644 --- a/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/UserInfo.java +++ b/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/UserInfo.java @@ -61,7 +61,7 @@ public final class UserInfo implements Entity, Serializable { @NotNull @Size(min = 3, max = 255, message = "userInfo:username:size:{min}:{max}:${validatedValue}") @JsonProperty(USER.ATTR_USER_NAME) - public final String username; + public final String userName; /** E-mail address of the user */ @Email(message = "userInfo:email:email:_:_:${validatedValue}") @@ -93,7 +93,7 @@ public final class UserInfo implements Entity, Serializable { @JsonProperty(USER.ATTR_UUID) final String uuid, @JsonProperty(USER.ATTR_INSTITUTION_ID) final Long institutionId, @JsonProperty(USER.ATTR_NAME) final String name, - @JsonProperty(USER.ATTR_USER_NAME) final String username, + @JsonProperty(USER.ATTR_USER_NAME) final String userName, @JsonProperty(USER.ATTR_EMAIL) final String email, @JsonProperty(USER.ATTR_ACTIVE) final Boolean active, @JsonProperty(USER.ATTR_LOCALE) final Locale locale, @@ -103,7 +103,7 @@ public final class UserInfo implements Entity, Serializable { this.uuid = uuid; this.institutionId = institutionId; this.name = name; - this.username = username; + this.userName = userName; this.email = email; this.active = BooleanUtils.isTrue(active); this.locale = locale; @@ -130,8 +130,8 @@ public final class UserInfo implements Entity, Serializable { return this.name; } - public String getUsername() { - return this.username; + public String getUserName() { + return this.userName; } public String getEmail() { @@ -187,8 +187,8 @@ public final class UserInfo implements Entity, Serializable { @Override public String toString() { return "UserInfo [uuid=" + this.uuid + ", institutionId=" + this.institutionId + ", name=" + this.name - + ", username=" - + this.username + ", email=" + this.email + ", active=" + this.active + ", locale=" + this.locale + + ", userName=" + + this.userName + ", email=" + this.email + ", active=" + this.active + ", locale=" + this.locale + ", timeZone=" + this.timeZone + ", roles=" + this.roles + "]"; } @@ -202,7 +202,7 @@ public final class UserInfo implements Entity, Serializable { userInfo.getUuid(), userInfo.getInstitutionId(), userInfo.getName(), - userInfo.getUsername(), + userInfo.getUserName(), userInfo.getEmail(), userInfo.getActive(), userInfo.getLocale(), diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/AuthorizationGrantRule.java b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/AuthorizationGrantRule.java index 48072d2c..5affd248 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/AuthorizationGrantRule.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/AuthorizationGrantRule.java @@ -10,16 +10,26 @@ package ch.ethz.seb.sebserver.webservice.servicelayer.authorization; import ch.ethz.seb.sebserver.gbl.model.EntityType; +/** Defines a authorization grant rule for a specified EntityType. + * + * If there is the need for a specialized authorization grant rule for a specified EntityType, just + * create an implementation of this interface for a specified EntityType as a normal Spring Component + * and the AuthorizationGrantService will automatically collect it on initialization and use it for + * the specified EntityType instead of the default implementation. */ public interface AuthorizationGrantRule { + /** The EntityType of the authorization grant rule implementation. + * This is used by the AuthorizationGrantService on initialization. + * + * @return the authorization grant rule implementation */ EntityType entityType(); + /** Implements a authorization grant rule check for a given entity, user and grant type. + * + * @param entity the GrantEntity instance to check the grant rule on + * @param user the SEBServerUser instance to check the grant rule on + * @param grantType the GrantType to check + * @return true if a given user has a given grant-type on a given entity, false otherwise */ boolean hasGrant(GrantEntity entity, SEBServerUser user, GrantType grantType); -// boolean hasReadGrant(GrantEntity entity, SEBServerUser user); -// -// boolean hasModifyGrant(GrantEntity entity, SEBServerUser user); -// -// boolean hasWriteGrant(GrantEntity entity, SEBServerUser user); - } diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/AuthorizationGrantService.java b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/AuthorizationGrantService.java index aa15e55e..4c0cf704 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/AuthorizationGrantService.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/AuthorizationGrantService.java @@ -25,12 +25,19 @@ import ch.ethz.seb.sebserver.gbl.model.user.UserRole; import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile; import ch.ethz.seb.sebserver.webservice.servicelayer.authorization.RoleTypeGrant.RoleTypeKey; +/** A service to check authorization grants for a given user for entity-types and -instances + * + * If there is one or more GrantEntity objects within an authenticated user-request, this service + * can be used check the authenticated user access grant within the object. Check if a given user + * has write, modify or even read-only rights on an entity instance or on an entity type. */ @Lazy @Service @WebServiceProfile public class AuthorizationGrantService { + /** Map of role based grants for specified entity types. */ private final Map grants = new HashMap<>(); + /** Map of collected AuthorizationGrantRule exceptions */ private final Map exceptionalRules = new EnumMap<>(EntityType.class); @@ -48,6 +55,7 @@ public class AuthorizationGrantService { } } + /** Initialize the (hard-coded) grants */ @PostConstruct public void init() { // grants for institution @@ -100,6 +108,16 @@ public class AuthorizationGrantService { // TODO other entities } + /** Checks if a given user has a specified grant for a given entity-type + * + * NOTE: within this method only base-privileges for a given entity-type are checked + * there is no institutional or ownership grant check because this information lays on an entity-instance + * rather then the entity-type. + * + * @param entityType the entity type + * @param grantType the grant type to check + * @param principal an authorization Principal instance to extract the user from + * @return true if a given user has a specified grant for a given entity-type. False otherwise */ public boolean hasTypeGrant(final EntityType entityType, final GrantType grantType, final Principal principal) { final SEBServerUser user = this.currentUserService.extractFromPrincipal(principal); for (final UserRole role : user.getUserRoles()) { @@ -112,10 +130,22 @@ public class AuthorizationGrantService { return false; } - public boolean hasGrant(final GrantEntity entity, final GrantType type, final Principal principal) { - return hasGrant(entity, type, this.currentUserService.extractFromPrincipal(principal)); + /** Checks if a given user has specified grant for a given entity-instance + * + * @param entity the entity-instance + * @param grantType the grant type to check + * @param principal an authorization Principal instance to extract the user from + * @return true if a given user has a specified grant for a given entity-instance. False otherwise */ + public boolean hasGrant(final GrantEntity entity, final GrantType grantType, final Principal principal) { + return hasGrant(entity, grantType, this.currentUserService.extractFromPrincipal(principal)); } + /** Checks if a given user has specified grant for a given entity-instance + * + * @param entity the entity-instance + * @param grantType the grant type to check + * @param user a SEBServerUser instance to check grant for + * @return true if a given user has a specified grant for a given entity-instance. False otherwise */ public boolean hasGrant(final GrantEntity entity, final GrantType grantType, final SEBServerUser user) { final AuthorizationGrantRule authorizationGrantRule = getGrantRule(entity.entityType()); if (authorizationGrantRule == null) { @@ -125,14 +155,26 @@ public class AuthorizationGrantService { return authorizationGrantRule.hasGrant(entity, user, grantType); } + /** Closure to get a grant check predicate to filter a several entity-instances within the same grant + * + * @param entityType the EntityType for the grant check filter + * @param grantType the GrantType for the grant check filter + * @param principal an authorization Principal instance to extract the user from + * @return A filter predicate working on the given attributes to check user grants */ public Predicate getGrantFilter( final EntityType entityType, - final GrantType type, + final GrantType grantType, final Principal principal) { - return getGrantFilter(entityType, type, this.currentUserService.extractFromPrincipal(principal)); + return getGrantFilter(entityType, grantType, this.currentUserService.extractFromPrincipal(principal)); } + /** Closure to get a grant check predicate to filter a several entity-instances within the same grant + * + * @param entityType the EntityType for the grant check filter + * @param grantType the GrantType for the grant check filter + * @param user a SEBServerUser instance to check grant for + * @return A filter predicate working on the given attributes to check user grants */ public Predicate getGrantFilter( final EntityType entityType, final GrantType grantType, @@ -153,6 +195,52 @@ public class AuthorizationGrantService { return new GrantRuleBuilder(entityType); } + /** This is the default (or base) implementation of a AuthorizationGrantRule. + * + * The rule is: go over all user-roles of the given user and for each user-role check + * if there is base-privilege on the given entity-type for the given grant type. + * if true return true + * if false; check if there is a given institutional-privilege on the given + * entity-instance for the given grant type. + * if true return true + * if false; check if there is a given ownership-privilege on the given + * entity-instance for the given grant type. + * if true return true + * if false return false */ + private final class BaseTypeGrantRule implements AuthorizationGrantRule { + + private final EntityType type; + private final Map grants; + + public BaseTypeGrantRule(final EntityType type) { + this.type = type; + this.grants = new EnumMap<>(UserRole.class); + for (final UserRole role : UserRole.values()) { + this.grants.put(role, + AuthorizationGrantService.this.grants.get(new RoleTypeKey(type, role))); + } + } + + @Override + public EntityType entityType() { + return this.type; + } + + @Override + public boolean hasGrant(final GrantEntity entity, final SEBServerUser user, final GrantType grantType) { + for (final UserRole role : user.getUserRoles()) { + final RoleTypeGrant roleTypeGrant = this.grants.get(role); + if (roleTypeGrant != null && roleTypeGrant.hasPrivilege(user, entity, grantType)) { + return true; + } + } + + return false; + } + } + + /** Implements a GrantRuleBuilder for internal use and to make the code more readable. + * See init (PostConstruct) */ private final class GrantRuleBuilder { private final EntityType entityType; private UserRole userRole; @@ -203,38 +291,4 @@ public class AuthorizationGrantService { } } - private final class BaseTypeGrantRule implements AuthorizationGrantRule { - - private final EntityType type; - private final Map grants; - - public BaseTypeGrantRule(final EntityType type) { - this.type = type; - this.grants = new EnumMap<>(UserRole.class); - for (final UserRole role : UserRole.values()) { - this.grants.put(role, - AuthorizationGrantService.this.grants.get(new RoleTypeKey(type, role))); - } - } - - @Override - public EntityType entityType() { - return this.type; - } - - @Override - public boolean hasGrant(final GrantEntity entity, final SEBServerUser user, final GrantType grantType) { - for (final UserRole role : user.getUserRoles()) { - final RoleTypeGrant roleTypeGrant = this.grants.get(role); - if (roleTypeGrant != null) { - if (roleTypeGrant.hasPrivilege(user, entity, grantType)) { - return true; - } - } - } - - return false; - } - } - } diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/CurrentUserService.java b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/CurrentUserService.java index 3c019e1d..66131204 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/CurrentUserService.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/CurrentUserService.java @@ -23,6 +23,7 @@ import org.springframework.stereotype.Service; import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile; +/** A service to get the authenticated user from current request */ @Lazy @Service @WebServiceProfile diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/Privilege.java b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/Privilege.java deleted file mode 100644 index 9e09c9fc..00000000 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/Privilege.java +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (c) 2018 ETH Zürich, Educational Development and Technology (LET) - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - */ - -package ch.ethz.seb.sebserver.webservice.servicelayer.authorization; - -/** A privilege consisting of a overall grant type, a institutional grant type and a owner grant type. - * - * The overallGrantType defines the grant type independent of an institutional relation as well as an owner - * relation. The institutionalGrantType defines the grant type specific to the institutional relation of an entity. - * And the ownerGrantType defines the grant type specific to the ownership of an entity - * - * For example with a privilege of: - * overallGrantType = READ_ONLY - * institutionalGrantType = MODIFY - * ownerGrantType = WRITE - * - * A user with such a privilege is granted to see all type of specified entities independent of institutional relation - * or ownership, is able to modify all type of specified entities within its own institution and is able to create or - * delete owned entities. */ -public final class Privilege { - - public final GrantType overallGrantType; - public final GrantType institutionalGrantType; - public final GrantType ownerGrantType; - - public Privilege( - final GrantType overallGrantType, - final GrantType institutionalGrantType, - final GrantType ownerGrantType) { - - this.overallGrantType = overallGrantType; - this.institutionalGrantType = institutionalGrantType; - this.ownerGrantType = ownerGrantType; - } - - @Override - public int hashCode() { - final int prime = 31; - int result = 1; - result = prime * result + ((this.institutionalGrantType == null) ? 0 : this.institutionalGrantType.hashCode()); - result = prime * result + ((this.overallGrantType == null) ? 0 : this.overallGrantType.hashCode()); - result = prime * result + ((this.ownerGrantType == null) ? 0 : this.ownerGrantType.hashCode()); - return result; - } - - @Override - public boolean equals(final Object obj) { - if (this == obj) - return true; - if (obj == null) - return false; - if (getClass() != obj.getClass()) - return false; - final Privilege other = (Privilege) obj; - if (this.institutionalGrantType != other.institutionalGrantType) - return false; - if (this.overallGrantType != other.overallGrantType) - return false; - if (this.ownerGrantType != other.ownerGrantType) - return false; - return true; - } - - @Override - public String toString() { - return "Privilege [overallGrantType=" + this.overallGrantType + ", institutionalGrantType=" - + this.institutionalGrantType - + ", ownerGrantType=" + this.ownerGrantType + "]"; - } - -} diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/RoleTypeGrant.java b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/RoleTypeGrant.java index 9f96c6c2..d8026145 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/RoleTypeGrant.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/RoleTypeGrant.java @@ -11,26 +11,42 @@ package ch.ethz.seb.sebserver.webservice.servicelayer.authorization; import ch.ethz.seb.sebserver.gbl.model.EntityType; import ch.ethz.seb.sebserver.gbl.model.user.UserRole; +/** Defines a grant for a specified role and entity-type. */ public final class RoleTypeGrant { + /** Defines a RoleTypeKey that is the combined identity of + * a UserRole and a EntityType the RoleTypeGrant is applying for */ public final RoleTypeKey roleTypeKey; + /** Defines a base-privilege grant type that defines the overall access for entity-type */ public final GrantType basePrivilege; + /** Defines an institutional grant type that defines the institutional restricted access for a + * entity-instance */ public final GrantType institutionalPrivilege; - public final GrantType ownerPrivilege; + /** Defines an ownership grant type that defines the ownership restricted access for a entity-instance */ + public final GrantType ownershipPrivilege; public RoleTypeGrant( final GrantType basePrivilege, final GrantType institutionalPrivilege, - final GrantType ownerPrivilege, + final GrantType ownershipPrivilege, final EntityType type, final UserRole role) { this.roleTypeKey = new RoleTypeKey(type, role); this.basePrivilege = basePrivilege; this.institutionalPrivilege = institutionalPrivilege; - this.ownerPrivilege = ownerPrivilege; + this.ownershipPrivilege = ownershipPrivilege; } + /** Checks if a given user has specified grant type for a given entity-instance. + * Checks all privileges in the order of: basePrivilege, institutionalPrivilege and ownershipPrivilege + * + * + * @param user SEBServerUser instance to check institutional grant + * @param entity entity-instance to check institutional grant + * @param grantType the GrantType to check on all privileges if one matches + * @return true if one privilege of this RoleTypeGrant matches the implicit grant type check for a given user and + * entity instance */ public boolean hasPrivilege( final SEBServerUser user, final GrantEntity entity, @@ -38,13 +54,35 @@ public final class RoleTypeGrant { return hasBasePrivilege(grantType) || hasInstitutionalPrivilege(user, entity, grantType) || - hasOwnerPrivilege(user, entity, grantType); + hasOwnershipPrivilege(user, entity, grantType); } + /** Checks the base privilege on given grantType by using the hasImplicit + * function of this basePrivilege. + * + * Implicit in this case means: if the basePrivilege is of type GrantType.WRITE, + * GrantType.MODIFY and GrantType.READ_ONLY are implicitly included. + * If the basePrivilege is of type GrantType.MODIFY, the GrantType.READ_ONLY are implicitly included + * and so on. + * + * @param grantType the GrantType to check on basePrivilege + * @return true if the basePrivilege includes the given grantType */ public boolean hasBasePrivilege(final GrantType grantType) { return this.basePrivilege.hasImplicit(grantType); } + /** Checks the institutional privilege on given grantType by using the hasImplicit + * function of this institutionalPrivilege. + * + * Implicit in this case means: if the institutionalPrivilege is of type GrantType.WRITE, + * GrantType.MODIFY and GrantType.READ_ONLY are implicitly included. + * If the institutionalPrivilege is of type GrantType.MODIFY, the GrantType.READ_ONLY are implicitly included + * and so on. + * + * @param grantType the GrantType to check on institutionalPrivilege + * @param user SEBServerUser instance to check institutional grant + * @param entity entity-instance to check institutional grant + * @return true if the institutionalPrivilege includes the given grantType */ public boolean hasInstitutionalPrivilege( final SEBServerUser user, final GrantEntity entity, @@ -54,15 +92,61 @@ public final class RoleTypeGrant { user.institutionId().longValue() == entity.institutionId().longValue(); } - public boolean hasOwnerPrivilege( + /** Checks the ownership privilege on given grantType by using the hasImplicit + * function of this ownershipPrivilege. + * + * Implicit in this case means: if the ownershipPrivilege is of type GrantType.WRITE, + * GrantType.MODIFY and GrantType.READ_ONLY are implicitly included. + * If the ownershipPrivilege is of type GrantType.MODIFY, the GrantType.READ_ONLY are implicitly included + * and so on. + * + * @param grantType the GrantType to check on ownershipPrivilege + * @param user SEBServerUser instance to check ownership grant + * @param entity entity-instance to check ownership grant + * @return true if the ownershipPrivilege includes the given grantType */ + public boolean hasOwnershipPrivilege( final SEBServerUser user, final GrantEntity entity, final GrantType grantType) { - return this.ownerPrivilege.hasImplicit(grantType) && + return this.ownershipPrivilege.hasImplicit(grantType) && user.uuid().equals(entity.ownerUUID()); } + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((this.roleTypeKey == null) ? 0 : this.roleTypeKey.hashCode()); + return result; + } + + @Override + public boolean equals(final Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + final RoleTypeGrant other = (RoleTypeGrant) obj; + if (this.roleTypeKey == null) { + if (other.roleTypeKey != null) + return false; + } else if (!this.roleTypeKey.equals(other.roleTypeKey)) + return false; + return true; + } + + @Override + public String toString() { + return "RoleTypeGrant [roleTypeKey=" + this.roleTypeKey + ", basePrivilege=" + this.basePrivilege + + ", institutionalPrivilege=" + this.institutionalPrivilege + ", ownershipPrivilege=" + + this.ownershipPrivilege + + "]"; + } + + /** A key that combines UserRole EntityType identity */ static final class RoleTypeKey { public final EntityType entityType; @@ -97,6 +181,11 @@ public final class RoleTypeGrant { return false; return true; } + + @Override + public String toString() { + return "RoleTypeKey [entityType=" + this.entityType + ", userRole=" + this.userRole + "]"; + } } } diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/SEBServerUser.java b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/SEBServerUser.java index c8289d76..5e6e8480 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/SEBServerUser.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/SEBServerUser.java @@ -66,7 +66,7 @@ public final class SEBServerUser implements UserDetails, CredentialsContainer { @Override public String getUsername() { - return this.userInfo.username; + return this.userInfo.userName; } @Override diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/dao/impl/UserDaoImpl.java b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/dao/impl/UserDaoImpl.java index 8b2f33a0..30be5155 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/dao/impl/UserDaoImpl.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/dao/impl/UserDaoImpl.java @@ -8,8 +8,7 @@ package ch.ethz.seb.sebserver.webservice.servicelayer.dao.impl; -import static org.mybatis.dynamic.sql.SqlBuilder.isEqualTo; -import static org.mybatis.dynamic.sql.SqlBuilder.isNotEqualTo; +import static org.mybatis.dynamic.sql.SqlBuilder.*; import java.util.Collection; import java.util.Collections; @@ -106,13 +105,7 @@ public class UserDaoImpl implements UserDAO { .build() .execute(); - if (records == null) { - return Result.of(Collections.emptyList()); - } - - return Result.of(records.stream() - .map(record -> UserInfo.fromRecord(record, getRoles(record))) - .collect(Collectors.toList())); + return fromRecords(records); } catch (final Exception e) { final String errorMessage = "Unexpected error while trying to get all active users: "; @@ -150,8 +143,25 @@ public class UserDaoImpl implements UserDAO { @Override @Transactional(readOnly = true) public Result> all(final UserFilter filter) { - // TODO Auto-generated method stub - return null; + try { + + final List records = this.userRecordMapper.selectByExample().where( + UserRecordDynamicSqlSupport.active, + isNotEqualTo(BooleanUtils.toInteger(filter.active))) + .and(UserRecordDynamicSqlSupport.institutionId, isEqualToWhenPresent(filter.institutionId)) + .and(UserRecordDynamicSqlSupport.name, isLikeWhenPresent(filter.name)) + .and(UserRecordDynamicSqlSupport.userName, isLikeWhenPresent(filter.userName)) + .and(UserRecordDynamicSqlSupport.locale, isLikeWhenPresent(filter.locale)) + .build() + .execute(); + + return fromRecords(records); + + } catch (final Exception e) { + final String errorMessage = "Unexpected error while trying to get fitered users: "; + log.error(errorMessage + " filter: {}", filter, e); + return Result.ofRuntimeError(errorMessage); + } } @Override @@ -184,6 +194,16 @@ public class UserDaoImpl implements UserDAO { return Result.ofError(new RuntimeException("TODO")); } + private Result> fromRecords(final List records) { + if (records == null) { + return Result.of(Collections.emptyList()); + } + + return Result.of(records.stream() + .map(record -> UserInfo.fromRecord(record, getRoles(record))) + .collect(Collectors.toList())); + } + private Result updateUser(final UserMod userMod) { final UserInfo userInfo = userMod.getUserInfo(); return recordByUUID(userInfo.uuid) @@ -202,7 +222,7 @@ public class UserDaoImpl implements UserDAO { null, null, userInfo.name, - userInfo.username, + userInfo.userName, (changePWD) ? userMod.getNewPassword() : null, userInfo.email, userInfo.locale.toLanguageTag(), @@ -231,7 +251,7 @@ public class UserDaoImpl implements UserDAO { userInfo.institutionId, UUID.randomUUID().toString(), userInfo.name, - userInfo.username, + userInfo.userName, userMod.getNewPassword(), userInfo.email, userInfo.locale.toLanguageTag(), diff --git a/src/test/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/AuthorizationGrantServiceTest.java b/src/test/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/AuthorizationGrantServiceTest.java index 9032b97f..7bd782a3 100644 --- a/src/test/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/AuthorizationGrantServiceTest.java +++ b/src/test/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/AuthorizationGrantServiceTest.java @@ -32,6 +32,7 @@ public class AuthorizationGrantServiceTest { private Principal principal; @Test + @SuppressWarnings("unused") public void testInit() { try { final AuthorizationGrantService service = getTestServiceWithUserWithRoles();