From 07e8259417f96983387ad372438efa6110ff7ce0 Mon Sep 17 00:00:00 2001 From: Paulo Gustavo Veiga Date: Sat, 18 Nov 2023 23:22:25 -0800 Subject: [PATCH] WIP --- wise-webapp/pom.xml | 5 +- .../config/MethodSecurityConfig.java | 35 +++++++ .../wisemapping/config/SecurityConfig.java | 4 + .../security/MapAccessPermission.java | 6 ++ .../MapAccessPermissionEvaluation.java | 92 +++++++++++++++++++ .../MapPermissionsSecurityAdvice.java | 37 ++++++++ ...ityAdvise.java => ReadSecurityAdvise.java} | 20 +--- .../security/UpdateSecurityAdvise.java | 48 ++++++++++ .../security/aop/BaseSecurityAdvice.java | 65 ------------- .../security/aop/UpdateSecurityAdvise.java | 55 ----------- .../service/MindmapServiceImpl.java | 45 ++++++--- wise-webapp/src/main/webapp/WEB-INF/web.xml | 1 - .../main/webapp/WEB-INF/wisemapping-aop.xml | 45 --------- .../webapp/WEB-INF/wisemapping-service.xml | 2 - 14 files changed, 259 insertions(+), 201 deletions(-) create mode 100644 wise-webapp/src/main/java/com/wisemapping/config/MethodSecurityConfig.java create mode 100644 wise-webapp/src/main/java/com/wisemapping/security/MapAccessPermission.java create mode 100644 wise-webapp/src/main/java/com/wisemapping/security/MapAccessPermissionEvaluation.java create mode 100755 wise-webapp/src/main/java/com/wisemapping/security/MapPermissionsSecurityAdvice.java rename wise-webapp/src/main/java/com/wisemapping/security/{aop/ViewBaseSecurityAdvise.java => ReadSecurityAdvise.java} (70%) create mode 100755 wise-webapp/src/main/java/com/wisemapping/security/UpdateSecurityAdvise.java delete mode 100755 wise-webapp/src/main/java/com/wisemapping/security/aop/BaseSecurityAdvice.java delete mode 100755 wise-webapp/src/main/java/com/wisemapping/security/aop/UpdateSecurityAdvise.java delete mode 100755 wise-webapp/src/main/webapp/WEB-INF/wisemapping-aop.xml diff --git a/wise-webapp/pom.xml b/wise-webapp/pom.xml index 26ff41f8..9a5d45b0 100644 --- a/wise-webapp/pom.xml +++ b/wise-webapp/pom.xml @@ -13,8 +13,8 @@ - 6.0.13 - 6.1.2 + 6.0.14 + 6.1.5 6.0.2 @@ -147,7 +147,6 @@ org.springframework spring-aop ${org.springframework.version} - runtime org.springframework.security diff --git a/wise-webapp/src/main/java/com/wisemapping/config/MethodSecurityConfig.java b/wise-webapp/src/main/java/com/wisemapping/config/MethodSecurityConfig.java new file mode 100644 index 00000000..5e7d328b --- /dev/null +++ b/wise-webapp/src/main/java/com/wisemapping/config/MethodSecurityConfig.java @@ -0,0 +1,35 @@ +package com.wisemapping.config; + +import com.wisemapping.security.MapAccessPermissionEvaluation; +import com.wisemapping.security.ReadSecurityAdvise; +import com.wisemapping.security.UpdateSecurityAdvise; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler; +import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler; +import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; + +@Configuration +@EnableMethodSecurity( + prePostEnabled = true, + securedEnabled = true, + jsr250Enabled = true) +public class MethodSecurityConfig { + + @Autowired + private ReadSecurityAdvise readAdvice; + + @Autowired + private UpdateSecurityAdvise updateAdvice; + + @Bean + protected MethodSecurityExpressionHandler createExpressionHandler() { + DefaultMethodSecurityExpressionHandler expressionHandler = + new DefaultMethodSecurityExpressionHandler(); + + final MapAccessPermissionEvaluation permissionEvaluator = new MapAccessPermissionEvaluation(readAdvice, updateAdvice); + expressionHandler.setPermissionEvaluator(permissionEvaluator); + return expressionHandler; + } +} diff --git a/wise-webapp/src/main/java/com/wisemapping/config/SecurityConfig.java b/wise-webapp/src/main/java/com/wisemapping/config/SecurityConfig.java index da8baa29..97b6e9b2 100644 --- a/wise-webapp/src/main/java/com/wisemapping/config/SecurityConfig.java +++ b/wise-webapp/src/main/java/com/wisemapping/config/SecurityConfig.java @@ -1,6 +1,7 @@ package com.wisemapping.config; import com.wisemapping.security.AuthenticationSuccessHandler; +import com.wisemapping.security.MapAccessPermissionEvaluation; import com.wisemapping.security.UserDetailsService; import com.wisemapping.service.UserService; import org.jetbrains.annotations.NotNull; @@ -9,6 +10,9 @@ import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; +import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler; +import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler; +import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; diff --git a/wise-webapp/src/main/java/com/wisemapping/security/MapAccessPermission.java b/wise-webapp/src/main/java/com/wisemapping/security/MapAccessPermission.java new file mode 100644 index 00000000..a1b570fa --- /dev/null +++ b/wise-webapp/src/main/java/com/wisemapping/security/MapAccessPermission.java @@ -0,0 +1,6 @@ +package com.wisemapping.security; + +public enum MapAccessPermission { + READ, + WRITE +} diff --git a/wise-webapp/src/main/java/com/wisemapping/security/MapAccessPermissionEvaluation.java b/wise-webapp/src/main/java/com/wisemapping/security/MapAccessPermissionEvaluation.java new file mode 100644 index 00000000..fd31c897 --- /dev/null +++ b/wise-webapp/src/main/java/com/wisemapping/security/MapAccessPermissionEvaluation.java @@ -0,0 +1,92 @@ +package com.wisemapping.security; + +import com.wisemapping.model.Collaborator; +import com.wisemapping.model.Mindmap; +import com.wisemapping.model.User; +import jakarta.validation.constraints.NotNull; +import org.apache.logging.log4j.Level; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; +import org.springframework.security.access.PermissionEvaluator; +import org.springframework.security.core.Authentication; + +import java.io.Serializable; + + +public class MapAccessPermissionEvaluation implements PermissionEvaluator { + final private static Logger logger = LogManager.getLogger(); + + private MapPermissionsSecurityAdvice readAdvice; + + private MapPermissionsSecurityAdvice updateAdvice; + + public MapAccessPermissionEvaluation(final @NotNull MapPermissionsSecurityAdvice readAdvice, final @NotNull MapPermissionsSecurityAdvice updateAdvice) { + this.readAdvice = readAdvice; + this.updateAdvice = updateAdvice; + } + + @Override + public boolean hasPermission( + @NotNull Authentication auth, @NotNull Object targetDomainObject, @NotNull Object permission) { + + logger.log(Level.DEBUG, "auth: " + auth + ",targetDomainObject:" + targetDomainObject + ",permission:" + permission); + if ((auth == null) || (targetDomainObject == null) || !(permission instanceof String)) { + logger.debug("Permissions could not be validated, illegal parameters."); + return false; + } + + boolean result; + final User user = Utils.getUser(); + final MapAccessPermission perm = MapAccessPermission.valueOf((permission.toString().toUpperCase())); + if (targetDomainObject instanceof Integer) { + // Checking permissions by mapId ... + final int mapId = (Integer) targetDomainObject; + result = hasPrivilege(mapId, perm); + } else if (targetDomainObject instanceof Mindmap) { + final Mindmap map = (Mindmap) targetDomainObject; + result = hasPrivilege(map, perm); + } else if (targetDomainObject instanceof Collaborator collab) { + // Read only operations checks ... + assert user != null; + result = user.identityEquality(collab) || readAdvice.getMindmapService().isAdmin(user); + } else { + throw new IllegalArgumentException("Unsupported check control of permissions"); + } + + if (!result) { + logger.debug("User '" + (user != null ? user.getEmail() : "none") + "' not allowed to invoke"); + } + return result; + } + + + @Override + public boolean hasPermission( + @NotNull Authentication auth, Serializable targetId, @NotNull String targetType, @NotNull Object + permission) { + logger.log(Level.FATAL, "Unsupported privilege: auth: " + auth + ",targetId:" + targetType + ",targetType:" + targetType + ", permission:" + permission); + return false; + } + + private boolean hasPrivilege(@NotNull int mapId, @NotNull MapAccessPermission permission) { + boolean result; + final User user = Utils.getUser(); + if (MapAccessPermission.READ == permission) { + result = readAdvice.isAllowed(user, mapId); + } else { + result = updateAdvice.isAllowed(user, mapId); + } + return result; + } + + private boolean hasPrivilege(@NotNull Mindmap map, @NotNull MapAccessPermission permission) { + boolean result; + final User user = Utils.getUser(); + if (MapAccessPermission.READ == permission) { + result = readAdvice.isAllowed(user, map); + } else { + result = updateAdvice.isAllowed(user, map); + } + return result; + } +} \ No newline at end of file diff --git a/wise-webapp/src/main/java/com/wisemapping/security/MapPermissionsSecurityAdvice.java b/wise-webapp/src/main/java/com/wisemapping/security/MapPermissionsSecurityAdvice.java new file mode 100755 index 00000000..33a986a5 --- /dev/null +++ b/wise-webapp/src/main/java/com/wisemapping/security/MapPermissionsSecurityAdvice.java @@ -0,0 +1,37 @@ +/* +* Copyright [2022] [wisemapping] +* +* Licensed under WiseMapping Public License, Version 1.0 (the "License"). +* It is basically the Apache License, Version 2.0 (the "License") plus the +* "powered by wisemapping" text requirement on every single page; +* you may not use this file except in compliance with the License. +* You may obtain a copy of the license at +* +* http://www.wisemapping.org/license +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +package com.wisemapping.security; + +import com.wisemapping.model.Mindmap; +import com.wisemapping.model.User; +import com.wisemapping.service.MindmapService; +import org.jetbrains.annotations.Nullable; +import org.springframework.beans.factory.annotation.Autowired; + +public abstract class MapPermissionsSecurityAdvice { + @Autowired private MindmapService mindmapService; + + protected abstract boolean isAllowed(@Nullable User user, Mindmap map); + + protected abstract boolean isAllowed(@Nullable User user, int mapId); + + protected MindmapService getMindmapService() { + return mindmapService; + } +} diff --git a/wise-webapp/src/main/java/com/wisemapping/security/aop/ViewBaseSecurityAdvise.java b/wise-webapp/src/main/java/com/wisemapping/security/ReadSecurityAdvise.java similarity index 70% rename from wise-webapp/src/main/java/com/wisemapping/security/aop/ViewBaseSecurityAdvise.java rename to wise-webapp/src/main/java/com/wisemapping/security/ReadSecurityAdvise.java index 52c59944..db545fa6 100755 --- a/wise-webapp/src/main/java/com/wisemapping/security/aop/ViewBaseSecurityAdvise.java +++ b/wise-webapp/src/main/java/com/wisemapping/security/ReadSecurityAdvise.java @@ -16,32 +16,22 @@ * limitations under the License. */ -package com.wisemapping.security.aop; +package com.wisemapping.security; import com.wisemapping.model.CollaborationRole; import com.wisemapping.model.Mindmap; import com.wisemapping.model.User; -import org.aopalliance.intercept.MethodInterceptor; -import org.aopalliance.intercept.MethodInvocation; -import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; +import org.springframework.stereotype.Component; -public class ViewBaseSecurityAdvise - extends BaseSecurityAdvice - implements MethodInterceptor { +@Component +public class ReadSecurityAdvise + extends MapPermissionsSecurityAdvice { - @Override - public Object invoke(@NotNull MethodInvocation methodInvocation) throws Throwable { - checkRole(methodInvocation); - return methodInvocation.proceed(); - } - - @Override protected boolean isAllowed(@Nullable User user, Mindmap map) { return getMindmapService().hasPermissions(user, map, CollaborationRole.VIEWER); } - @Override protected boolean isAllowed(@Nullable User user, int mapId) { return getMindmapService().hasPermissions(user, mapId, CollaborationRole.VIEWER); } diff --git a/wise-webapp/src/main/java/com/wisemapping/security/UpdateSecurityAdvise.java b/wise-webapp/src/main/java/com/wisemapping/security/UpdateSecurityAdvise.java new file mode 100755 index 00000000..ecac9c41 --- /dev/null +++ b/wise-webapp/src/main/java/com/wisemapping/security/UpdateSecurityAdvise.java @@ -0,0 +1,48 @@ +/* + * Copyright [2022] [wisemapping] + * + * Licensed under WiseMapping Public License, Version 1.0 (the "License"). + * It is basically the Apache License, Version 2.0 (the "License") plus the + * "powered by wisemapping" text requirement on every single page; + * you may not use this file except in compliance with the License. + * You may obtain a copy of the license at + * + * http://www.wisemapping.org/license + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.wisemapping.security; + +import com.wisemapping.model.CollaborationRole; +import com.wisemapping.model.Mindmap; +import com.wisemapping.model.User; +import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; +import org.springframework.stereotype.Component; + +@Component +public class UpdateSecurityAdvise + extends MapPermissionsSecurityAdvice { + + @Override + protected boolean isAllowed(@Nullable User user, @NotNull Mindmap map) { + boolean result; + if (map.getCreator() == null) { + // This means that the map is new and is an add operation. + result = true; + } else { + result = getMindmapService().hasPermissions(user, map, CollaborationRole.EDITOR); + } + return result; + } + + @Override + protected boolean isAllowed(@Nullable User user, int mapId) { + return getMindmapService().hasPermissions(user, mapId, CollaborationRole.EDITOR); + } +} diff --git a/wise-webapp/src/main/java/com/wisemapping/security/aop/BaseSecurityAdvice.java b/wise-webapp/src/main/java/com/wisemapping/security/aop/BaseSecurityAdvice.java deleted file mode 100755 index fce46766..00000000 --- a/wise-webapp/src/main/java/com/wisemapping/security/aop/BaseSecurityAdvice.java +++ /dev/null @@ -1,65 +0,0 @@ -/* -* Copyright [2022] [wisemapping] -* -* Licensed under WiseMapping Public License, Version 1.0 (the "License"). -* It is basically the Apache License, Version 2.0 (the "License") plus the -* "powered by wisemapping" text requirement on every single page; -* you may not use this file except in compliance with the License. -* You may obtain a copy of the license at -* -* http://www.wisemapping.org/license -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ - -package com.wisemapping.security.aop; - -import com.wisemapping.exceptions.AccessDeniedSecurityException; -import com.wisemapping.model.Collaborator; -import com.wisemapping.model.Mindmap; -import com.wisemapping.model.User; -import com.wisemapping.security.Utils; -import com.wisemapping.service.MindmapService; -import org.aopalliance.intercept.MethodInvocation; -import org.jetbrains.annotations.Nullable; - -public abstract class BaseSecurityAdvice { - private MindmapService mindmapService = null; - - public void checkRole(MethodInvocation methodInvocation) throws AccessDeniedSecurityException { - final User user = Utils.getUser(); - final Object argument = methodInvocation.getArguments()[0]; - boolean isAllowed; - - if (argument instanceof Mindmap) { - isAllowed = isAllowed(user, (Mindmap) argument) || mindmapService.isAdmin(user); - } else if (argument instanceof Integer) { - isAllowed = isAllowed(user, ((Integer) argument)) || mindmapService.isAdmin(user); - } else if (argument instanceof Collaborator) { - // Read operation find on the user are allowed ... - isAllowed = user.identityEquality((Collaborator) argument) || mindmapService.isAdmin(user); - } else { - throw new IllegalArgumentException("Argument " + argument); - } - - if (!isAllowed) { - throw new AccessDeniedSecurityException("User '" + (user != null ? user.getEmail() : "none") + "' not allowed to invoke:" + methodInvocation); - } - } - - protected abstract boolean isAllowed(@Nullable User user, Mindmap map); - - protected abstract boolean isAllowed(@Nullable User user, int mapId); - - protected MindmapService getMindmapService() { - return mindmapService; - } - - public void setMindmapService(MindmapService service) { - this.mindmapService = service; - } -} diff --git a/wise-webapp/src/main/java/com/wisemapping/security/aop/UpdateSecurityAdvise.java b/wise-webapp/src/main/java/com/wisemapping/security/aop/UpdateSecurityAdvise.java deleted file mode 100755 index f2103225..00000000 --- a/wise-webapp/src/main/java/com/wisemapping/security/aop/UpdateSecurityAdvise.java +++ /dev/null @@ -1,55 +0,0 @@ -/* -* Copyright [2022] [wisemapping] -* -* Licensed under WiseMapping Public License, Version 1.0 (the "License"). -* It is basically the Apache License, Version 2.0 (the "License") plus the -* "powered by wisemapping" text requirement on every single page; -* you may not use this file except in compliance with the License. -* You may obtain a copy of the license at -* -* http://www.wisemapping.org/license -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ - -package com.wisemapping.security.aop; - -import com.wisemapping.model.CollaborationRole; -import com.wisemapping.model.Mindmap; -import com.wisemapping.model.User; -import org.aopalliance.intercept.MethodInterceptor; -import org.aopalliance.intercept.MethodInvocation; -import org.jetbrains.annotations.NotNull; -import org.jetbrains.annotations.Nullable; - -public class UpdateSecurityAdvise - extends BaseSecurityAdvice - implements MethodInterceptor { - - @Override - public Object invoke(MethodInvocation methodInvocation) throws Throwable { - checkRole(methodInvocation); - return methodInvocation.proceed(); - } - - @Override - protected boolean isAllowed(@Nullable User user, @NotNull Mindmap map) { - boolean result; - if (map.getCreator() == null) { - // This means that the map is new and is an add operation. - result = true; - } else { - result = getMindmapService().hasPermissions(user, map, CollaborationRole.EDITOR); - } - return result; - } - - @Override - protected boolean isAllowed(@Nullable User user, int mapId) { - return getMindmapService().hasPermissions(user, mapId, CollaborationRole.EDITOR); - } -} diff --git a/wise-webapp/src/main/java/com/wisemapping/service/MindmapServiceImpl.java b/wise-webapp/src/main/java/com/wisemapping/service/MindmapServiceImpl.java index e6791fe2..57969536 100755 --- a/wise-webapp/src/main/java/com/wisemapping/service/MindmapServiceImpl.java +++ b/wise-webapp/src/main/java/com/wisemapping/service/MindmapServiceImpl.java @@ -27,8 +27,8 @@ import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.security.access.prepost.PreAuthorize; -import java.io.IOException; import java.io.UnsupportedEncodingException; import java.util.Calendar; import java.util.List; @@ -92,37 +92,42 @@ public class MindmapServiceImpl } @Override + @PreAuthorize("hasPermission(#user, 'READ')") public Mindmap getMindmapByTitle(String title, User user) { return mindmapManager.getMindmapByTitle(title, user); } @Override @Nullable + @PreAuthorize("hasPermission(#id, 'READ')") public Mindmap findMindmapById(int id) { return mindmapManager.getMindmapById(id); } @NotNull @Override + @PreAuthorize("hasAnyRole('USER', 'ADMIN') && hasPermission(#user, 'READ')") public List findMindmapsByUser(@NotNull User user) { return mindmapManager.findMindmapByUser(user); } @Override + @PreAuthorize("hasAnyRole('USER', 'ADMIN') && hasPermission(#user, 'READ')") public List findCollaborations(@NotNull User user) { return mindmapManager.findCollaboration(user.getId()); } @Override - public void updateMindmap(@NotNull Mindmap mindMap, boolean saveHistory) throws WiseMappingException { - if (mindMap.getTitle() == null || mindMap.getTitle().length() == 0) { + @PreAuthorize("hasAnyRole('USER', 'ADMIN') && hasPermission(#mindmap, 'WRITE')") + public void updateMindmap(@NotNull Mindmap mindmap, boolean saveHistory) throws WiseMappingException { + if (mindmap.getTitle() == null || mindmap.getTitle().length() == 0) { throw new WiseMappingException("The title can not be empty"); } // Check that what we received a valid mindmap... final String xml; try { - xml = mindMap.getXmlStr().trim(); + xml = mindmap.getXmlStr().trim(); } catch (UnsupportedEncodingException e) { throw new WiseMappingException("Could not be decoded.", e); } @@ -131,10 +136,11 @@ public class MindmapServiceImpl throw new WiseMappingException("Map seems not to be a valid mindmap: '" + xml + "'"); } - mindmapManager.updateMindmap(mindMap, saveHistory); + mindmapManager.updateMindmap(mindmap, saveHistory); } @Override + @PreAuthorize("hasAnyRole('USER', 'ADMIN') && hasPermission(#mindmap, 'WRITE')") public void removeCollaboration(@NotNull Mindmap mindmap, @NotNull Collaboration collaboration) throws CollaborationException { // remove collaborator association final Mindmap mindMap = collaboration.getMindMap(); @@ -149,6 +155,7 @@ public class MindmapServiceImpl } @Override + @PreAuthorize("hasAnyRole('USER', 'ADMIN') && hasPermission(#mindmap, 'READ')") public void removeMindmap(@NotNull Mindmap mindmap, @NotNull User user) throws WiseMappingException { if (mindmap.getCreator().identityEquality(user)) { mindmapManager.removeMindmap(mindmap); @@ -161,9 +168,10 @@ public class MindmapServiceImpl } @Override - public void addMindmap(@NotNull Mindmap map, @NotNull User user) { + @PreAuthorize("hasAnyRole('USER', 'ADMIN') && hasPermission(#mindmap, 'WRITE')") + public void addMindmap(@NotNull Mindmap mindmap, @NotNull User user) { - final String title = map.getTitle(); + final String title = mindmap.getTitle(); if (title == null || title.length() == 0) { throw new IllegalArgumentException("The tile can not be empty"); @@ -175,20 +183,21 @@ public class MindmapServiceImpl } final Calendar creationTime = Calendar.getInstance(); - map.setLastEditor(user); - map.setCreationTime(creationTime); - map.setLastModificationTime(creationTime); - map.setCreator(user); + mindmap.setLastEditor(user); + mindmap.setCreationTime(creationTime); + mindmap.setLastModificationTime(creationTime); + mindmap.setCreator(user); // Add map creator with owner permissions ... final User dbUser = userService.getUserBy(user.getId()); - final Collaboration collaboration = new Collaboration(CollaborationRole.OWNER, dbUser, map); - map.getCollaborations().add(collaboration); + final Collaboration collaboration = new Collaboration(CollaborationRole.OWNER, dbUser, mindmap); + mindmap.getCollaborations().add(collaboration); - mindmapManager.addMindmap(dbUser, map); + mindmapManager.addMindmap(dbUser, mindmap); } @Override + @PreAuthorize("hasAnyRole('USER', 'ADMIN') && hasPermission(#mindmap, 'WRITE')") public void addCollaboration(@NotNull Mindmap mindmap, @NotNull String email, @NotNull CollaborationRole role, @Nullable String message) throws CollaborationException { @@ -222,7 +231,8 @@ public class MindmapServiceImpl } } - private Collaborator addCollaborator(String email) { + + private Collaborator addCollaborator(@NotNull String email) { // Add a new collaborator ... Collaborator collaborator = mindmapManager.findCollaborator(email); if (collaborator == null) { @@ -236,11 +246,13 @@ public class MindmapServiceImpl @Override + @PreAuthorize("hasAnyRole('USER', 'ADMIN') && hasPermission(#mindmap, 'READ')") public List findMindmapHistory(int mindmapId) { return mindmapManager.getHistoryFrom(mindmapId); } @Override + @PreAuthorize("hasAnyRole('USER', 'ADMIN') && hasPermission(#mindmap, 'WRITE')") public void revertChange(@NotNull Mindmap mindmap, int historyId) throws WiseMappingException { final MindMapHistory history = mindmapManager.getHistory(historyId); @@ -249,6 +261,7 @@ public class MindmapServiceImpl } @Override + @PreAuthorize("hasAnyRole('USER', 'ADMIN') && hasPermission(#mindmap, 'READ')") public MindMapHistory findMindmapHistory(int id, int hid) throws WiseMappingException { final List mindmapHistory = this.findMindmapHistory(id); MindMapHistory result = null; @@ -266,6 +279,7 @@ public class MindmapServiceImpl } @Override + @PreAuthorize("hasAnyRole('USER', 'ADMIN') && hasPermission(#collaborator, 'WRITE')") public void updateCollaboration(@NotNull Collaborator collaborator, @NotNull Collaboration collaboration) throws WiseMappingException { if (!collaborator.identityEquality(collaboration.getCollaborator())) { throw new WiseMappingException("No enough permissions for this operation."); @@ -279,6 +293,7 @@ public class MindmapServiceImpl return this.lockManager; } + @PreAuthorize("hasAnyRole('USER', 'ADMIN') && hasPermission(#mindmap, 'READ')") private Collaboration getCollaborationBy(@NotNull final String email, @NotNull final Set collaborations) { Collaboration collaboration = null; diff --git a/wise-webapp/src/main/webapp/WEB-INF/web.xml b/wise-webapp/src/main/webapp/WEB-INF/web.xml index d46cd453..291b7ed2 100644 --- a/wise-webapp/src/main/webapp/WEB-INF/web.xml +++ b/wise-webapp/src/main/webapp/WEB-INF/web.xml @@ -24,7 +24,6 @@ contextConfigLocation - /WEB-INF/wisemapping-aop.xml /WEB-INF/wisemapping-datasource.xml /WEB-INF/wisemapping-dao.xml /WEB-INF/wisemapping-service.xml diff --git a/wise-webapp/src/main/webapp/WEB-INF/wisemapping-aop.xml b/wise-webapp/src/main/webapp/WEB-INF/wisemapping-aop.xml deleted file mode 100755 index 3056c4c1..00000000 --- a/wise-webapp/src/main/webapp/WEB-INF/wisemapping-aop.xml +++ /dev/null @@ -1,45 +0,0 @@ - - - - - - - - getMindmapUserBy - getMindmapById - linkLabel - find* - filter* - - removeMindmap - - - - - - - - - save* - update* - add* - revert* - removeCollaboration - - - - - - - - - - - - - diff --git a/wise-webapp/src/main/webapp/WEB-INF/wisemapping-service.xml b/wise-webapp/src/main/webapp/WEB-INF/wisemapping-service.xml index 40adf514..2b6a3a8f 100755 --- a/wise-webapp/src/main/webapp/WEB-INF/wisemapping-service.xml +++ b/wise-webapp/src/main/webapp/WEB-INF/wisemapping-service.xml @@ -65,8 +65,6 @@ txInterceptor - viewSecurityAdvisor - updateSecurityAdvisor