zervo/seb-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SEBSERV-83 SEBSERV-82

Browse source
This commit is contained in:
anhefti 2019-08-13 16:18:11 +02:00
parent 1e475c6699
commit fad7876fff
5 changed files with 18 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/AuthorizationService.java
View file

@ -181,7 +181,7 @@ public interface AuthorizationService {
throw new PermissionDeniedException( throw new PermissionDeniedException(
entityType, entityType,
privilegeType, privilegeType,
getUserService().getCurrentUser().getUserInfo().uuid); getUserService().getCurrentUser().getUserInfo());
} }
} }
@ -255,7 +255,7 @@ public interface AuthorizationService {
throw new PermissionDeniedException( throw new PermissionDeniedException(
type, type,
PrivilegeType.READ, PrivilegeType.READ,
currentUser.getUserInfo().uuid); currentUser.getUserInfo());
} }
} }

7
src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/PermissionDeniedException.java
View file

@ -11,6 +11,7 @@ package ch.ethz.seb.sebserver.webservice.servicelayer.authorization;
import ch.ethz.seb.sebserver.gbl.api.EntityType; import ch.ethz.seb.sebserver.gbl.api.EntityType;
import ch.ethz.seb.sebserver.gbl.api.authorization.PrivilegeType; import ch.ethz.seb.sebserver.gbl.api.authorization.PrivilegeType;
import ch.ethz.seb.sebserver.gbl.model.GrantEntity; import ch.ethz.seb.sebserver.gbl.model.GrantEntity;
import ch.ethz.seb.sebserver.gbl.model.user.UserAccount;
/** Permission denied exception that refers to the checked entity type, privilege and /** Permission denied exception that refers to the checked entity type, privilege and
* the user identifier of the user that did request the permission */ * the user identifier of the user that did request the permission */
@ -28,12 +29,12 @@ public class PermissionDeniedException extends RuntimeException {
public PermissionDeniedException( public PermissionDeniedException(
final EntityType entityType, final EntityType entityType,
final PrivilegeType grantType, final PrivilegeType grantType,
final String userId) { final UserAccount userAccount) {
super("No grant: " + grantType + " on type: " + entityType + " for user: " + userId); super("No grant: " + grantType + " on type: " + entityType + " for user: " + userAccount.getUsername());
this.entityType = entityType; this.entityType = entityType;
this.privilegeType = grantType; this.privilegeType = grantType;
this.userId = userId; this.userId = userAccount.getUsername();
} }
public PermissionDeniedException( public PermissionDeniedException(

6
src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/impl/AuthorizationServiceImpl.java
View file

@ -175,8 +175,8 @@ public class AuthorizationServiceImpl implements AuthorizationService {
// grants for SEB client connections // grants for SEB client connections
addPrivilege(EntityType.CLIENT_CONNECTION) addPrivilege(EntityType.CLIENT_CONNECTION)
.forRole(UserRole.SEB_SERVER_ADMIN) .forRole(UserRole.SEB_SERVER_ADMIN)
.withBasePrivilege(PrivilegeType.READ) .withInstitutionalPrivilege(PrivilegeType.READ)
.forRole(UserRole.INSTITUTIONAL_ADMIN) .andForRole(UserRole.INSTITUTIONAL_ADMIN)
.withInstitutionalPrivilege(PrivilegeType.READ) .withInstitutionalPrivilege(PrivilegeType.READ)
.andForRole(UserRole.EXAM_ADMIN) .andForRole(UserRole.EXAM_ADMIN)
.withInstitutionalPrivilege(PrivilegeType.READ) .withInstitutionalPrivilege(PrivilegeType.READ)
@ -184,8 +184,6 @@ public class AuthorizationServiceImpl implements AuthorizationService {
.withInstitutionalPrivilege(PrivilegeType.MODIFY) .withInstitutionalPrivilege(PrivilegeType.MODIFY)
.create(); .create();
// TODO other entities
// grants for user activity logs // grants for user activity logs
addPrivilege(EntityType.USER_ACTIVITY_LOG) addPrivilege(EntityType.USER_ACTIVITY_LOG)
.forRole(UserRole.SEB_SERVER_ADMIN) .forRole(UserRole.SEB_SERVER_ADMIN)

14
src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/api/ClientEventController.java
View file

@ -27,7 +27,6 @@ import ch.ethz.seb.sebserver.gbl.model.Page;
import ch.ethz.seb.sebserver.gbl.model.session.ClientConnection; import ch.ethz.seb.sebserver.gbl.model.session.ClientConnection;
import ch.ethz.seb.sebserver.gbl.model.session.ClientEvent; import ch.ethz.seb.sebserver.gbl.model.session.ClientEvent;
import ch.ethz.seb.sebserver.gbl.model.session.ExtendedClientEvent; import ch.ethz.seb.sebserver.gbl.model.session.ExtendedClientEvent;
import ch.ethz.seb.sebserver.gbl.model.user.UserRole;
import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile; import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
import ch.ethz.seb.sebserver.gbl.util.Result; import ch.ethz.seb.sebserver.gbl.util.Result;
import ch.ethz.seb.sebserver.webservice.datalayer.batis.mapper.ClientEventRecordDynamicSqlSupport; import ch.ethz.seb.sebserver.webservice.datalayer.batis.mapper.ClientEventRecordDynamicSqlSupport;
@ -127,7 +126,7 @@ public class ClientEventController extends ReadonlyEntityController<ClientEvent,
.byPK(entity.connectionId) .byPK(entity.connectionId)
.getOrThrow(); .getOrThrow();
checkRead(clientConnection.institutionId); this.authorization.checkRead(clientConnection);
return entity; return entity;
}); });
} }
@ -137,12 +136,11 @@ public class ClientEventController extends ReadonlyEntityController<ClientEvent,
return true; return true;
} }
private void checkRead(final Long institution) { private void checkRead(final Long institutionId) {
this.authorization.checkRole( this.authorization.check(
institution, PrivilegeType.READ,
EntityType.CLIENT_EVENT, EntityType.CLIENT_CONNECTION,
UserRole.EXAM_ADMIN, institutionId);
UserRole.EXAM_SUPPORTER);
} }
} }

8
src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/api/ReadonlyEntityController.java
View file

@ -71,7 +71,7 @@ public abstract class ReadonlyEntityController<T extends Entity, M extends Entit
throw new PermissionDeniedException( throw new PermissionDeniedException(
getGrantEntityType(), getGrantEntityType(),
PrivilegeType.MODIFY, PrivilegeType.MODIFY,
this.authorization.getUserService().getCurrentUser().uuid()); this.authorization.getUserService().getCurrentUser().getUserInfo());
} }
@Override @Override
@ -79,7 +79,7 @@ public abstract class ReadonlyEntityController<T extends Entity, M extends Entit
throw new PermissionDeniedException( throw new PermissionDeniedException(
getGrantEntityType(), getGrantEntityType(),
PrivilegeType.MODIFY, PrivilegeType.MODIFY,
this.authorization.getUserService().getCurrentUser().uuid()); this.authorization.getUserService().getCurrentUser().getUserInfo());
} }
@Override @Override
@ -87,7 +87,7 @@ public abstract class ReadonlyEntityController<T extends Entity, M extends Entit
throw new PermissionDeniedException( throw new PermissionDeniedException(
getGrantEntityType(), getGrantEntityType(),
PrivilegeType.WRITE, PrivilegeType.WRITE,
this.authorization.getUserService().getCurrentUser().uuid()); this.authorization.getUserService().getCurrentUser().getUserInfo());
} }
@Override @Override
@ -95,7 +95,7 @@ public abstract class ReadonlyEntityController<T extends Entity, M extends Entit
throw new PermissionDeniedException( throw new PermissionDeniedException(
getGrantEntityType(), getGrantEntityType(),
PrivilegeType.WRITE, PrivilegeType.WRITE,
this.authorization.getUserService().getCurrentUser().uuid()); this.authorization.getUserService().getCurrentUser().getUserInfo());
} }
} }