SEBSERV-83 SEBSERV-82
This commit is contained in:
anhefti
parent
1e475c6699
commit
fad7876fff
5 changed files with 18 additions and 21 deletions
|
|
@ -181,7 +181,7 @@ public interface AuthorizationService {
|
|||
throw new PermissionDeniedException(
|
||||
entityType,
|
||||
privilegeType,
|
||||
getUserService().getCurrentUser().getUserInfo().uuid);
|
||||
getUserService().getCurrentUser().getUserInfo());
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -255,7 +255,7 @@ public interface AuthorizationService {
|
|||
throw new PermissionDeniedException(
|
||||
type,
|
||||
PrivilegeType.READ,
|
||||
currentUser.getUserInfo().uuid);
|
||||
currentUser.getUserInfo());
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ package ch.ethz.seb.sebserver.webservice.servicelayer.authorization;
|
|||
import ch.ethz.seb.sebserver.gbl.api.EntityType;
|
||||
import ch.ethz.seb.sebserver.gbl.api.authorization.PrivilegeType;
|
||||
import ch.ethz.seb.sebserver.gbl.model.GrantEntity;
|
||||
import ch.ethz.seb.sebserver.gbl.model.user.UserAccount;
|
||||
|
||||
/** Permission denied exception that refers to the checked entity type, privilege and
|
||||
* the user identifier of the user that did request the permission */
|
||||
|
|
@ -28,12 +29,12 @@ public class PermissionDeniedException extends RuntimeException {
|
|||
public PermissionDeniedException(
|
||||
final EntityType entityType,
|
||||
final PrivilegeType grantType,
|
||||
final String userId) {
|
||||
final UserAccount userAccount) {
|
||||
|
||||
super("No grant: " + grantType + " on type: " + entityType + " for user: " + userId);
|
||||
super("No grant: " + grantType + " on type: " + entityType + " for user: " + userAccount.getUsername());
|
||||
this.entityType = entityType;
|
||||
this.privilegeType = grantType;
|
||||
this.userId = userId;
|
||||
this.userId = userAccount.getUsername();
|
||||
}
|
||||
|
||||
public PermissionDeniedException(
|
||||
|
|
|
|||
|
|
@ -175,8 +175,8 @@ public class AuthorizationServiceImpl implements AuthorizationService {
|
|||
// grants for SEB client connections
|
||||
addPrivilege(EntityType.CLIENT_CONNECTION)
|
||||
.forRole(UserRole.SEB_SERVER_ADMIN)
|
||||
.withBasePrivilege(PrivilegeType.READ)
|
||||
.forRole(UserRole.INSTITUTIONAL_ADMIN)
|
||||
.withInstitutionalPrivilege(PrivilegeType.READ)
|
||||
.andForRole(UserRole.INSTITUTIONAL_ADMIN)
|
||||
.withInstitutionalPrivilege(PrivilegeType.READ)
|
||||
.andForRole(UserRole.EXAM_ADMIN)
|
||||
.withInstitutionalPrivilege(PrivilegeType.READ)
|
||||
|
|
@ -184,8 +184,6 @@ public class AuthorizationServiceImpl implements AuthorizationService {
|
|||
.withInstitutionalPrivilege(PrivilegeType.MODIFY)
|
||||
.create();
|
||||
|
||||
// TODO other entities
|
||||
|
||||
// grants for user activity logs
|
||||
addPrivilege(EntityType.USER_ACTIVITY_LOG)
|
||||
.forRole(UserRole.SEB_SERVER_ADMIN)
|
||||
|
|
|
|||
|
|
@ -27,7 +27,6 @@ import ch.ethz.seb.sebserver.gbl.model.Page;
|
|||
import ch.ethz.seb.sebserver.gbl.model.session.ClientConnection;
|
||||
import ch.ethz.seb.sebserver.gbl.model.session.ClientEvent;
|
||||
import ch.ethz.seb.sebserver.gbl.model.session.ExtendedClientEvent;
|
||||
import ch.ethz.seb.sebserver.gbl.model.user.UserRole;
|
||||
import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
|
||||
import ch.ethz.seb.sebserver.gbl.util.Result;
|
||||
import ch.ethz.seb.sebserver.webservice.datalayer.batis.mapper.ClientEventRecordDynamicSqlSupport;
|
||||
|
|
@ -127,7 +126,7 @@ public class ClientEventController extends ReadonlyEntityController<ClientEvent,
|
|||
.byPK(entity.connectionId)
|
||||
.getOrThrow();
|
||||
|
||||
checkRead(clientConnection.institutionId);
|
||||
this.authorization.checkRead(clientConnection);
|
||||
return entity;
|
||||
});
|
||||
}
|
||||
|
|
@ -137,12 +136,11 @@ public class ClientEventController extends ReadonlyEntityController<ClientEvent,
|
|||
return true;
|
||||
}
|
||||
|
||||
private void checkRead(final Long institution) {
|
||||
this.authorization.checkRole(
|
||||
institution,
|
||||
EntityType.CLIENT_EVENT,
|
||||
UserRole.EXAM_ADMIN,
|
||||
UserRole.EXAM_SUPPORTER);
|
||||
private void checkRead(final Long institutionId) {
|
||||
this.authorization.check(
|
||||
PrivilegeType.READ,
|
||||
EntityType.CLIENT_CONNECTION,
|
||||
institutionId);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -71,7 +71,7 @@ public abstract class ReadonlyEntityController<T extends Entity, M extends Entit
|
|||
throw new PermissionDeniedException(
|
||||
getGrantEntityType(),
|
||||
PrivilegeType.MODIFY,
|
||||
this.authorization.getUserService().getCurrentUser().uuid());
|
||||
this.authorization.getUserService().getCurrentUser().getUserInfo());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -79,7 +79,7 @@ public abstract class ReadonlyEntityController<T extends Entity, M extends Entit
|
|||
throw new PermissionDeniedException(
|
||||
getGrantEntityType(),
|
||||
PrivilegeType.MODIFY,
|
||||
this.authorization.getUserService().getCurrentUser().uuid());
|
||||
this.authorization.getUserService().getCurrentUser().getUserInfo());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -87,7 +87,7 @@ public abstract class ReadonlyEntityController<T extends Entity, M extends Entit
|
|||
throw new PermissionDeniedException(
|
||||
getGrantEntityType(),
|
||||
PrivilegeType.WRITE,
|
||||
this.authorization.getUserService().getCurrentUser().uuid());
|
||||
this.authorization.getUserService().getCurrentUser().getUserInfo());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -95,7 +95,7 @@ public abstract class ReadonlyEntityController<T extends Entity, M extends Entit
|
|||
throw new PermissionDeniedException(
|
||||
getGrantEntityType(),
|
||||
PrivilegeType.WRITE,
|
||||
this.authorization.getUserService().getCurrentUser().uuid());
|
||||
this.authorization.getUserService().getCurrentUser().getUserInfo());
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue