From f2a0034150056a6e5be0bf5ebc4490b94a6a7079 Mon Sep 17 00:00:00 2001 From: anhefti Date: Wed, 6 Dec 2023 09:01:22 +0100 Subject: [PATCH] prepare for improved user privilege system --- .../gbl/api/authorization/Privilege.java | 71 ++++--------------- .../gbl/api/authorization/RoleTypeKey.java | 56 +++++++++++++++ .../sebserver/gbl/model/user/UserInfo.java | 9 +++ .../remote/webservice/auth/CurrentUser.java | 2 +- .../impl/AuthorizationServiceImpl.java | 4 +- 5 files changed, 83 insertions(+), 59 deletions(-) create mode 100644 src/main/java/ch/ethz/seb/sebserver/gbl/api/authorization/RoleTypeKey.java diff --git a/src/main/java/ch/ethz/seb/sebserver/gbl/api/authorization/Privilege.java b/src/main/java/ch/ethz/seb/sebserver/gbl/api/authorization/Privilege.java index f46fdaa3..2b8668f5 100644 --- a/src/main/java/ch/ethz/seb/sebserver/gbl/api/authorization/Privilege.java +++ b/src/main/java/ch/ethz/seb/sebserver/gbl/api/authorization/Privilege.java @@ -17,7 +17,6 @@ import com.fasterxml.jackson.annotation.JsonCreator; import com.fasterxml.jackson.annotation.JsonProperty; import ch.ethz.seb.sebserver.gbl.Constants; -import ch.ethz.seb.sebserver.gbl.api.EntityType; import ch.ethz.seb.sebserver.gbl.model.user.UserAccount; import ch.ethz.seb.sebserver.gbl.model.user.UserInfo; import ch.ethz.seb.sebserver.gbl.model.user.UserRole; @@ -110,13 +109,21 @@ public final class Privilege { final Long institutionId, final String ownerId) { - return this.hasBasePrivilege(privilegeType) - || ((institutionId != null) && - (this.hasInstitutionalPrivilege(privilegeType) - && userInstitutionId.longValue() == institutionId - .longValue()) - || (this.hasOwnershipPrivilege(privilegeType) - && isOwner(ownerId, userId))); + // Has base privilege? + if (this.hasBasePrivilege(privilegeType)) { + return true; + } + + // has institutional privilege? + if ((institutionId != null) + && (this.hasInstitutionalPrivilege(privilegeType) + && userInstitutionId.longValue() == institutionId.longValue())) { + return true; + } + + // has owner privilege? + return this.hasOwnershipPrivilege(privilegeType) && isOwner(ownerId, userId); + } private boolean isOwner(final String ownerId, final String userId) { @@ -135,54 +142,6 @@ public final class Privilege { + ", ownershipPrivilege=" + this.ownershipPrivilege + "]"; } - /** A key that combines UserRole EntityType identity */ - public static final class RoleTypeKey { - - @JsonProperty("entityType") - public final EntityType entityType; - @JsonProperty("userRole") - public final UserRole userRole; - - @JsonCreator - public RoleTypeKey( - @JsonProperty("entityType") final EntityType type, - @JsonProperty("userRole") final UserRole role) { - - this.entityType = type; - this.userRole = role; - } - - @Override - public int hashCode() { - final int prime = 31; - int result = 1; - result = prime * result + ((this.userRole == null) ? 0 : this.userRole.hashCode()); - result = prime * result + ((this.entityType == null) ? 0 : this.entityType.hashCode()); - return result; - } - - @Override - public boolean equals(final Object obj) { - if (this == obj) - return true; - if (obj == null) - return false; - if (getClass() != obj.getClass()) - return false; - final RoleTypeKey other = (RoleTypeKey) obj; - if (this.userRole != other.userRole) - return false; - if (this.entityType != other.entityType) - return false; - return true; - } - - @Override - public String toString() { - return "RoleTypeKey [entityType=" + this.entityType + ", userRole=" + this.userRole + "]"; - } - } - /** Checks if the current user has role based edit access to a specified user account. *

* If user account has UserRole.SEB_SERVER_ADMIN this always gives true diff --git a/src/main/java/ch/ethz/seb/sebserver/gbl/api/authorization/RoleTypeKey.java b/src/main/java/ch/ethz/seb/sebserver/gbl/api/authorization/RoleTypeKey.java new file mode 100644 index 00000000..fbc49c85 --- /dev/null +++ b/src/main/java/ch/ethz/seb/sebserver/gbl/api/authorization/RoleTypeKey.java @@ -0,0 +1,56 @@ +package ch.ethz.seb.sebserver.gbl.api.authorization; + +import ch.ethz.seb.sebserver.gbl.api.EntityType; +import ch.ethz.seb.sebserver.gbl.model.user.UserRole; +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.annotation.JsonProperty; + +/** + * A key that combines UserRole EntityType identity + */ +public final class RoleTypeKey { + + @JsonProperty("entityType") + public final EntityType entityType; + @JsonProperty("userRole") + public final UserRole userRole; + + @JsonCreator + public RoleTypeKey( + @JsonProperty("entityType") final EntityType type, + @JsonProperty("userRole") final UserRole role) { + + this.entityType = type; + this.userRole = role; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((this.userRole == null) ? 0 : this.userRole.hashCode()); + result = prime * result + ((this.entityType == null) ? 0 : this.entityType.hashCode()); + return result; + } + + @Override + public boolean equals(final Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + final RoleTypeKey other = (RoleTypeKey) obj; + if (this.userRole != other.userRole) + return false; + if (this.entityType != other.entityType) + return false; + return true; + } + + @Override + public String toString() { + return "RoleTypeKey [entityType=" + this.entityType + ", userRole=" + this.userRole + "]"; + } +} diff --git a/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/UserInfo.java b/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/UserInfo.java index 264c4822..c8bef2dc 100644 --- a/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/UserInfo.java +++ b/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/UserInfo.java @@ -10,6 +10,7 @@ package ch.ethz.seb.sebserver.gbl.model.user; import java.io.Serializable; import java.util.*; +import java.util.function.Function; import java.util.stream.Collectors; import javax.validation.constraints.Email; @@ -17,6 +18,7 @@ import javax.validation.constraints.NotEmpty; import javax.validation.constraints.NotNull; import javax.validation.constraints.Size; +import ch.ethz.seb.sebserver.gbl.api.authorization.RoleTypeKey; import com.fasterxml.jackson.annotation.*; import org.apache.commons.lang3.BooleanUtils; import org.apache.commons.lang3.StringUtils; @@ -111,6 +113,9 @@ public final class UserInfo implements UserAccount, Serializable { @JsonProperty(ATTR_ENTITY_PRIVILEGES) @JsonInclude(JsonInclude.Include.NON_EMPTY) public final Collection entityPrivileges; + @JsonIgnore + public final Map entityPrivilegeMap; + @JsonProperty(ATTR_FEATURE_PRIVILEGES) @JsonInclude(JsonInclude.Include.NON_EMPTY) public final Collection featurePrivileges; @@ -143,6 +148,10 @@ public final class UserInfo implements UserAccount, Serializable { this.timeZone = timeZone; this.roles = Utils.immutableSetOf(roles); this.entityPrivileges = Utils.immutableCollectionOf(entityPrivileges); + this.entityPrivilegeMap = Utils.immutableMapOf( + this.entityPrivileges.stream().collect(Collectors.toMap( + e -> new EntityKey(e.entityId, e.entityType), + Function.identity()))); this.featurePrivileges = Utils.immutableCollectionOf(featurePrivileges); } diff --git a/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/CurrentUser.java b/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/CurrentUser.java index cb0d8dc3..51b3f9d2 100644 --- a/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/CurrentUser.java +++ b/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/CurrentUser.java @@ -28,7 +28,7 @@ import ch.ethz.seb.sebserver.gbl.Constants; import ch.ethz.seb.sebserver.gbl.api.API; import ch.ethz.seb.sebserver.gbl.api.EntityType; import ch.ethz.seb.sebserver.gbl.api.authorization.Privilege; -import ch.ethz.seb.sebserver.gbl.api.authorization.Privilege.RoleTypeKey; +import ch.ethz.seb.sebserver.gbl.api.authorization.RoleTypeKey; import ch.ethz.seb.sebserver.gbl.api.authorization.PrivilegeType; import ch.ethz.seb.sebserver.gbl.model.GrantEntity; import ch.ethz.seb.sebserver.gbl.model.user.UserInfo; diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/impl/AuthorizationServiceImpl.java b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/impl/AuthorizationServiceImpl.java index dc4fef82..849837be 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/impl/AuthorizationServiceImpl.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/impl/AuthorizationServiceImpl.java @@ -21,7 +21,7 @@ import org.springframework.stereotype.Service; import ch.ethz.seb.sebserver.gbl.api.EntityType; import ch.ethz.seb.sebserver.gbl.api.authorization.Privilege; -import ch.ethz.seb.sebserver.gbl.api.authorization.Privilege.RoleTypeKey; +import ch.ethz.seb.sebserver.gbl.api.authorization.RoleTypeKey; import ch.ethz.seb.sebserver.gbl.api.authorization.PrivilegeType; import ch.ethz.seb.sebserver.gbl.model.user.UserRole; import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile; @@ -36,7 +36,7 @@ public class AuthorizationServiceImpl implements AuthorizationService { private final UserService userService; /** Map of role based grants for specified entity types. */ - private final Map privileges = new HashMap<>(); + private final Map privileges = new HashMap<>(); public AuthorizationServiceImpl(final UserService userService) { this.userService = userService;