Closes #82: Add role to groups

This commit is contained in:
jendib 2016-03-20 22:18:58 +01:00
parent 6598b585a2
commit 5a41e9555e
9 changed files with 65 additions and 16 deletions

View File

@ -173,7 +173,7 @@ public class GroupDao {
Map<String, Object> parameterMap = new HashMap<String, Object>();
List<String> criteriaList = new ArrayList<String>();
StringBuilder sb = new StringBuilder("select g.GRP_ID_C as c0, g.GRP_NAME_C as c1, g.GRP_IDPARENT_C as c2, gp.GRP_NAME_C as c3 ");
StringBuilder sb = new StringBuilder("select g.GRP_ID_C as c0, g.GRP_NAME_C as c1, g.GRP_IDPARENT_C as c2, gp.GRP_NAME_C as c3, g.GRP_IDROLE_C ");
if (criteria.getUserId() != null) {
sb.append(" , ug.UGP_ID_C ");
}
@ -213,7 +213,8 @@ public class GroupDao {
.setId((String) o[i++])
.setName((String) o[i++])
.setParentId((String) o[i++])
.setParentName((String) o[i++]);
.setParentName((String) o[i++])
.setRoleId((String) o[i++]);
groupDtoList.add(groupDto);
if (criteria.getUserId() != null && o[i++] != null) {
userGroupDtoList.add(groupDto);

View File

@ -16,17 +16,17 @@ public class RoleBaseFunctionDao {
/**
* Find the set of base functions of a role.
*
* @param roleId Role ID
* @param roleIdSet Set of role ID
* @return Set of base functions
*/
@SuppressWarnings("unchecked")
public Set<String> findByRoleId(String roleId) {
public Set<String> findByRoleId(Set<String> roleIdSet) {
EntityManager em = ThreadLocalContext.get().getEntityManager();
StringBuilder sb = new StringBuilder("select rbf.RBF_IDBASEFUNCTION_C from T_ROLE_BASE_FUNCTION rbf, T_ROLE r");
sb.append(" where rbf.RBF_IDROLE_C = :roleId and rbf.RBF_DELETEDATE_D is null");
sb.append(" where rbf.RBF_IDROLE_C in (:roleIdSet) and rbf.RBF_DELETEDATE_D is null");
sb.append(" and r.ROL_ID_C = rbf.RBF_IDROLE_C and r.ROL_DELETEDATE_D is null");
Query q = em.createNativeQuery(sb.toString());
q.setParameter("roleId", roleId);
q.setParameter("roleIdSet", roleIdSet);
return Sets.newHashSet(q.getResultList());
}
}

View File

@ -26,6 +26,11 @@ public class GroupDto {
*/
private String parentName;
/**
* Role ID.
*/
private String roleId;
public String getId() {
return id;
}
@ -62,6 +67,15 @@ public class GroupDto {
return this;
}
public String getRoleId() {
return roleId;
}
public GroupDto setRoleId(String roleId) {
this.roleId = roleId;
return this;
}
@Override
public boolean equals(Object obj) {
return id.equals(((GroupDto) obj).getId());

View File

@ -36,6 +36,12 @@ public class Group implements Loggable {
@Column(name = "GRP_NAME_C", nullable = false, length = 50)
private String name;
/**
* Role ID.
*/
@Column(name = "GRP_IDROLE_C", length = 36)
private String roleId;
/**
* Deletion date.
*/
@ -79,10 +85,20 @@ public class Group implements Loggable {
return this;
}
public String getRoleId() {
return roleId;
}
public Group setRoleId(String roleId) {
this.roleId = roleId;
return this;
}
@Override
public String toString() {
return MoreObjects.toStringHelper(this)
.add("id", id)
.add("roleId", roleId)
.add("parentId", parentId)
.add("name", name)
.toString();

View File

@ -1,7 +1,7 @@
create memory table T_GROUP ( GRP_ID_C varchar(36) not null, GRP_IDPARENT_C varchar(36), GRP_NAME_C varchar(50) not null, GRP_DELETEDATE_D datetime, primary key (GRP_ID_C) );
create memory table T_GROUP ( GRP_ID_C varchar(36) not null, GRP_IDPARENT_C varchar(36), GRP_NAME_C varchar(50) not null, GRP_IDROLE_C varchar(36), GRP_DELETEDATE_D datetime, primary key (GRP_ID_C) );
create memory table T_USER_GROUP ( UGP_ID_C varchar(36) not null, UGP_IDUSER_C varchar(36) not null, UGP_IDGROUP_C varchar(36) not null, UGP_DELETEDATE_D datetime, primary key (UGP_ID_C) );
insert into T_GROUP(GRP_ID_C, GRP_NAME_C) values('administrators', 'administrators');
insert into T_GROUP(GRP_ID_C, GRP_NAME_C, GRP_IDROLE_C) values('administrators', 'administrators', 'admin');
insert into T_USER_GROUP(UGP_ID_C, UGP_IDUSER_C, UGP_IDGROUP_C) values('admin-administrators', 'admin', 'administrators');
update T_CONFIG set CFG_VALUE_C = '8' where CFG_ID_C = 'DB_VERSION';

View File

@ -3,6 +3,7 @@ package com.sismics.util.filter;
import java.io.IOException;
import java.text.MessageFormat;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
@ -36,7 +37,7 @@ import jersey.repackaged.com.google.common.collect.Sets;
/**
* This filter is used to authenticate the user having an active session via an authentication token stored in database.
* The filter extracts the authentication token stored in a cookie.
* If the ocokie exists and the token is valid, the filter injects a UserPrincipal into a request attribute.
* If the cookie exists and the token is valid, the filter injects a UserPrincipal into a request attribute.
* If not, the user is anonymous, and the filter injects a AnonymousPrincipal into the request attribute.
*
* @author jtremeaux
@ -154,22 +155,27 @@ public class TokenBasedSecurityFilter implements Filter {
private void injectAuthenticatedUser(HttpServletRequest request, User user) {
UserPrincipal userPrincipal = new UserPrincipal(user.getId(), user.getUsername());
// Add base functions
RoleBaseFunctionDao userBaseFuction = new RoleBaseFunctionDao();
Set<String> baseFunctionSet = userBaseFuction.findByRoleId(user.getRoleId());
userPrincipal.setBaseFunctionSet(baseFunctionSet);
// Add groups
GroupDao groupDao = new GroupDao();
Set<String> groupRoleIdSet = new HashSet<>();
List<GroupDto> groupDtoList = groupDao.findByCriteria(new GroupCriteria()
.setUserId(user.getId())
.setRecursive(true), null);
Set<String> groupIdSet = Sets.newHashSet();
for (GroupDto groupDto : groupDtoList) {
groupIdSet.add(groupDto.getId());
if (groupDto.getRoleId() != null) {
groupRoleIdSet.add(groupDto.getRoleId());
}
}
userPrincipal.setGroupIdSet(groupIdSet);
// Add base functions
groupRoleIdSet.add(user.getRoleId());
RoleBaseFunctionDao userBaseFuction = new RoleBaseFunctionDao();
Set<String> baseFunctionSet = userBaseFuction.findByRoleId(groupRoleIdSet);
userPrincipal.setBaseFunctionSet(baseFunctionSet);
// Add email
userPrincipal.setEmail(user.getEmail());

View File

@ -310,7 +310,6 @@ public class GroupResource extends BaseResource {
if (!authenticate()) {
throw new ForbiddenClientException();
}
checkBaseFunction(BaseFunction.ADMIN);
// Get the group
GroupDao groupDao = new GroupDao();

View File

@ -25,6 +25,7 @@ import javax.ws.rs.core.Response;
import org.apache.commons.lang.StringUtils;
import com.google.common.base.Strings;
import com.google.common.collect.Sets;
import com.sismics.docs.core.constant.Constants;
import com.sismics.docs.core.dao.jpa.AuthenticationTokenDao;
import com.sismics.docs.core.dao.jpa.DocumentDao;
@ -398,7 +399,7 @@ public class UserResource extends BaseResource {
// Ensure that the admin user is not deleted
RoleBaseFunctionDao userBaseFuction = new RoleBaseFunctionDao();
Set<String> baseFunctionSet = userBaseFuction.findByRoleId(user.getRoleId());
Set<String> baseFunctionSet = userBaseFuction.findByRoleId(Sets.newHashSet(user.getRoleId()));
if (baseFunctionSet.contains(BaseFunction.ADMIN.name())) {
throw new ClientException("ForbiddenError", "The admin user cannot be deleted");
}

View File

@ -41,6 +41,18 @@ public class TestGroupResource extends BaseJerseyTest {
clientUtil.createUser("group1", "g112", "g12");
String group1Token = clientUtil.login("group1");
// Login admin2
clientUtil.createUser("admin2", "administrators");
String admin2Token = clientUtil.login("admin2");
// Create trashme
clientUtil.createUser("trashme");
// Delete trashme with admin2
target().path("/user/trashme").request()
.cookie(TokenBasedSecurityFilter.COOKIE_NAME, admin2Token)
.delete(JsonObject.class);
// Get all groups
JsonObject json = target().path("/group")
.queryParam("sort_column", "1")