mirror of
https://github.com/sismics/docs.git
synced 2024-11-25 15:17:57 +01:00
Closes #82: Add role to groups
This commit is contained in:
parent
6598b585a2
commit
5a41e9555e
@ -173,7 +173,7 @@ public class GroupDao {
|
||||
Map<String, Object> parameterMap = new HashMap<String, Object>();
|
||||
List<String> criteriaList = new ArrayList<String>();
|
||||
|
||||
StringBuilder sb = new StringBuilder("select g.GRP_ID_C as c0, g.GRP_NAME_C as c1, g.GRP_IDPARENT_C as c2, gp.GRP_NAME_C as c3 ");
|
||||
StringBuilder sb = new StringBuilder("select g.GRP_ID_C as c0, g.GRP_NAME_C as c1, g.GRP_IDPARENT_C as c2, gp.GRP_NAME_C as c3, g.GRP_IDROLE_C ");
|
||||
if (criteria.getUserId() != null) {
|
||||
sb.append(" , ug.UGP_ID_C ");
|
||||
}
|
||||
@ -213,7 +213,8 @@ public class GroupDao {
|
||||
.setId((String) o[i++])
|
||||
.setName((String) o[i++])
|
||||
.setParentId((String) o[i++])
|
||||
.setParentName((String) o[i++]);
|
||||
.setParentName((String) o[i++])
|
||||
.setRoleId((String) o[i++]);
|
||||
groupDtoList.add(groupDto);
|
||||
if (criteria.getUserId() != null && o[i++] != null) {
|
||||
userGroupDtoList.add(groupDto);
|
||||
|
@ -16,17 +16,17 @@ public class RoleBaseFunctionDao {
|
||||
/**
|
||||
* Find the set of base functions of a role.
|
||||
*
|
||||
* @param roleId Role ID
|
||||
* @param roleIdSet Set of role ID
|
||||
* @return Set of base functions
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
public Set<String> findByRoleId(String roleId) {
|
||||
public Set<String> findByRoleId(Set<String> roleIdSet) {
|
||||
EntityManager em = ThreadLocalContext.get().getEntityManager();
|
||||
StringBuilder sb = new StringBuilder("select rbf.RBF_IDBASEFUNCTION_C from T_ROLE_BASE_FUNCTION rbf, T_ROLE r");
|
||||
sb.append(" where rbf.RBF_IDROLE_C = :roleId and rbf.RBF_DELETEDATE_D is null");
|
||||
sb.append(" where rbf.RBF_IDROLE_C in (:roleIdSet) and rbf.RBF_DELETEDATE_D is null");
|
||||
sb.append(" and r.ROL_ID_C = rbf.RBF_IDROLE_C and r.ROL_DELETEDATE_D is null");
|
||||
Query q = em.createNativeQuery(sb.toString());
|
||||
q.setParameter("roleId", roleId);
|
||||
q.setParameter("roleIdSet", roleIdSet);
|
||||
return Sets.newHashSet(q.getResultList());
|
||||
}
|
||||
}
|
||||
|
@ -26,6 +26,11 @@ public class GroupDto {
|
||||
*/
|
||||
private String parentName;
|
||||
|
||||
/**
|
||||
* Role ID.
|
||||
*/
|
||||
private String roleId;
|
||||
|
||||
public String getId() {
|
||||
return id;
|
||||
}
|
||||
@ -62,6 +67,15 @@ public class GroupDto {
|
||||
return this;
|
||||
}
|
||||
|
||||
public String getRoleId() {
|
||||
return roleId;
|
||||
}
|
||||
|
||||
public GroupDto setRoleId(String roleId) {
|
||||
this.roleId = roleId;
|
||||
return this;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(Object obj) {
|
||||
return id.equals(((GroupDto) obj).getId());
|
||||
|
@ -36,6 +36,12 @@ public class Group implements Loggable {
|
||||
@Column(name = "GRP_NAME_C", nullable = false, length = 50)
|
||||
private String name;
|
||||
|
||||
/**
|
||||
* Role ID.
|
||||
*/
|
||||
@Column(name = "GRP_IDROLE_C", length = 36)
|
||||
private String roleId;
|
||||
|
||||
/**
|
||||
* Deletion date.
|
||||
*/
|
||||
@ -79,10 +85,20 @@ public class Group implements Loggable {
|
||||
return this;
|
||||
}
|
||||
|
||||
public String getRoleId() {
|
||||
return roleId;
|
||||
}
|
||||
|
||||
public Group setRoleId(String roleId) {
|
||||
this.roleId = roleId;
|
||||
return this;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return MoreObjects.toStringHelper(this)
|
||||
.add("id", id)
|
||||
.add("roleId", roleId)
|
||||
.add("parentId", parentId)
|
||||
.add("name", name)
|
||||
.toString();
|
||||
|
@ -1,7 +1,7 @@
|
||||
create memory table T_GROUP ( GRP_ID_C varchar(36) not null, GRP_IDPARENT_C varchar(36), GRP_NAME_C varchar(50) not null, GRP_DELETEDATE_D datetime, primary key (GRP_ID_C) );
|
||||
create memory table T_GROUP ( GRP_ID_C varchar(36) not null, GRP_IDPARENT_C varchar(36), GRP_NAME_C varchar(50) not null, GRP_IDROLE_C varchar(36), GRP_DELETEDATE_D datetime, primary key (GRP_ID_C) );
|
||||
create memory table T_USER_GROUP ( UGP_ID_C varchar(36) not null, UGP_IDUSER_C varchar(36) not null, UGP_IDGROUP_C varchar(36) not null, UGP_DELETEDATE_D datetime, primary key (UGP_ID_C) );
|
||||
|
||||
insert into T_GROUP(GRP_ID_C, GRP_NAME_C) values('administrators', 'administrators');
|
||||
insert into T_GROUP(GRP_ID_C, GRP_NAME_C, GRP_IDROLE_C) values('administrators', 'administrators', 'admin');
|
||||
insert into T_USER_GROUP(UGP_ID_C, UGP_IDUSER_C, UGP_IDGROUP_C) values('admin-administrators', 'admin', 'administrators');
|
||||
|
||||
update T_CONFIG set CFG_VALUE_C = '8' where CFG_ID_C = 'DB_VERSION';
|
||||
|
@ -3,6 +3,7 @@ package com.sismics.util.filter;
|
||||
import java.io.IOException;
|
||||
import java.text.MessageFormat;
|
||||
import java.util.Date;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
@ -36,7 +37,7 @@ import jersey.repackaged.com.google.common.collect.Sets;
|
||||
/**
|
||||
* This filter is used to authenticate the user having an active session via an authentication token stored in database.
|
||||
* The filter extracts the authentication token stored in a cookie.
|
||||
* If the ocokie exists and the token is valid, the filter injects a UserPrincipal into a request attribute.
|
||||
* If the cookie exists and the token is valid, the filter injects a UserPrincipal into a request attribute.
|
||||
* If not, the user is anonymous, and the filter injects a AnonymousPrincipal into the request attribute.
|
||||
*
|
||||
* @author jtremeaux
|
||||
@ -154,22 +155,27 @@ public class TokenBasedSecurityFilter implements Filter {
|
||||
private void injectAuthenticatedUser(HttpServletRequest request, User user) {
|
||||
UserPrincipal userPrincipal = new UserPrincipal(user.getId(), user.getUsername());
|
||||
|
||||
// Add base functions
|
||||
RoleBaseFunctionDao userBaseFuction = new RoleBaseFunctionDao();
|
||||
Set<String> baseFunctionSet = userBaseFuction.findByRoleId(user.getRoleId());
|
||||
userPrincipal.setBaseFunctionSet(baseFunctionSet);
|
||||
|
||||
// Add groups
|
||||
GroupDao groupDao = new GroupDao();
|
||||
Set<String> groupRoleIdSet = new HashSet<>();
|
||||
List<GroupDto> groupDtoList = groupDao.findByCriteria(new GroupCriteria()
|
||||
.setUserId(user.getId())
|
||||
.setRecursive(true), null);
|
||||
Set<String> groupIdSet = Sets.newHashSet();
|
||||
for (GroupDto groupDto : groupDtoList) {
|
||||
groupIdSet.add(groupDto.getId());
|
||||
if (groupDto.getRoleId() != null) {
|
||||
groupRoleIdSet.add(groupDto.getRoleId());
|
||||
}
|
||||
}
|
||||
userPrincipal.setGroupIdSet(groupIdSet);
|
||||
|
||||
// Add base functions
|
||||
groupRoleIdSet.add(user.getRoleId());
|
||||
RoleBaseFunctionDao userBaseFuction = new RoleBaseFunctionDao();
|
||||
Set<String> baseFunctionSet = userBaseFuction.findByRoleId(groupRoleIdSet);
|
||||
userPrincipal.setBaseFunctionSet(baseFunctionSet);
|
||||
|
||||
// Add email
|
||||
userPrincipal.setEmail(user.getEmail());
|
||||
|
||||
|
@ -310,7 +310,6 @@ public class GroupResource extends BaseResource {
|
||||
if (!authenticate()) {
|
||||
throw new ForbiddenClientException();
|
||||
}
|
||||
checkBaseFunction(BaseFunction.ADMIN);
|
||||
|
||||
// Get the group
|
||||
GroupDao groupDao = new GroupDao();
|
||||
|
@ -25,6 +25,7 @@ import javax.ws.rs.core.Response;
|
||||
import org.apache.commons.lang.StringUtils;
|
||||
|
||||
import com.google.common.base.Strings;
|
||||
import com.google.common.collect.Sets;
|
||||
import com.sismics.docs.core.constant.Constants;
|
||||
import com.sismics.docs.core.dao.jpa.AuthenticationTokenDao;
|
||||
import com.sismics.docs.core.dao.jpa.DocumentDao;
|
||||
@ -398,7 +399,7 @@ public class UserResource extends BaseResource {
|
||||
|
||||
// Ensure that the admin user is not deleted
|
||||
RoleBaseFunctionDao userBaseFuction = new RoleBaseFunctionDao();
|
||||
Set<String> baseFunctionSet = userBaseFuction.findByRoleId(user.getRoleId());
|
||||
Set<String> baseFunctionSet = userBaseFuction.findByRoleId(Sets.newHashSet(user.getRoleId()));
|
||||
if (baseFunctionSet.contains(BaseFunction.ADMIN.name())) {
|
||||
throw new ClientException("ForbiddenError", "The admin user cannot be deleted");
|
||||
}
|
||||
|
@ -41,6 +41,18 @@ public class TestGroupResource extends BaseJerseyTest {
|
||||
clientUtil.createUser("group1", "g112", "g12");
|
||||
String group1Token = clientUtil.login("group1");
|
||||
|
||||
// Login admin2
|
||||
clientUtil.createUser("admin2", "administrators");
|
||||
String admin2Token = clientUtil.login("admin2");
|
||||
|
||||
// Create trashme
|
||||
clientUtil.createUser("trashme");
|
||||
|
||||
// Delete trashme with admin2
|
||||
target().path("/user/trashme").request()
|
||||
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, admin2Token)
|
||||
.delete(JsonObject.class);
|
||||
|
||||
// Get all groups
|
||||
JsonObject json = target().path("/group")
|
||||
.queryParam("sort_column", "1")
|
||||
|
Loading…
Reference in New Issue
Block a user