Commit 1ae92a77 authored by Matija Obreza's avatar Matija Obreza

Default user roles can be provided as a collection and are not persisted to the database

parent c690ddd4
......@@ -27,7 +27,9 @@ public enum OAuthRole implements GrantedAuthority {
/** The client. */
CLIENT,
/** The trusted client. */
TRUSTED_CLIENT;
TRUSTED_CLIENT,
/** Everyone */
EVERYONE;
/**
* GrantedAuthorities start with ROLE_.
......
......@@ -113,6 +113,7 @@ public class OAuthServiceImpl implements OAuthClientDetailsService, OAuthTokenSt
private OAuthClient lazyLoad(OAuthClient client) {
if (client != null) {
client.getRoles().size();
client.getRoles().add(OAuthRole.EVERYONE);
}
return client;
}
......
......@@ -15,6 +15,7 @@
*/
package org.genesys.blocks.security.service;
import java.util.Collection;
import java.util.List;
import java.util.Set;
......@@ -135,9 +136,18 @@ public interface BasicUserService<R extends GrantedAuthority, T extends BasicUse
* Gets the default user role.
*
* @return the default user role
* @deprecated Use {@link #getDefaultUserRoles()}
*/
R getDefaultUserRole();
/**
* Get default roles assigned to users. These are transient and not persisted to the database.
*
* @return collection of roles assigned to all users
* @since 1.4
*/
Collection<R> getDefaultUserRoles();
/**
* Sets the account type.
*
......@@ -146,4 +156,5 @@ public interface BasicUserService<R extends GrantedAuthority, T extends BasicUse
* @return the t
*/
T setAccountType(T user, AccountType accountType);
}
......@@ -51,7 +51,7 @@ public interface CustomAclService {
/**
* Gets the sid of the specified authority
*
* @param authority the authority
* @param authority the authority (must start with "ROLE_")
* @return the authority sid
*/
AclSid getAuthoritySid(String authority);
......
......@@ -15,6 +15,7 @@
*/
package org.genesys.blocks.security.service.impl;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import java.util.Set;
......@@ -124,6 +125,12 @@ public abstract class BasicUserServiceImpl<R extends GrantedAuthority, T extends
@Override
public abstract R getDefaultUserRole();
/* (non-Javadoc)
* @see org.genesys.blocks.security.service.BasicUserService#getDefaultUserRoles()
*/
@Override
public abstract Collection<R> getDefaultUserRoles();
/*
* (non-Javadoc)
* @see
......@@ -159,6 +166,7 @@ public abstract class BasicUserServiceImpl<R extends GrantedAuthority, T extends
public T deepLoad(final T user) {
if (user != null) {
user.getRoles().size();
user.getRoles().addAll(getDefaultUserRoles());
}
return user;
}
......@@ -210,6 +218,9 @@ public abstract class BasicUserServiceImpl<R extends GrantedAuthority, T extends
public T setRoles(T user, final Set<R> newRoles) {
user = _repository.findOne(user.getId());
// Remove transient roles
newRoles.removeAll(getDefaultUserRoles());
// If roles match, do nothing
if (newRoles.containsAll(user.getRoles()) && user.getRoles().containsAll(newRoles)) {
LOG.debug("Roles {} match {}. No change.", newRoles, user.getRoles());
......@@ -218,7 +229,6 @@ public abstract class BasicUserServiceImpl<R extends GrantedAuthority, T extends
user.getRoles().clear();
user.getRoles().addAll(newRoles);
user.getRoles().add(getDefaultUserRole());
LOG.info("Setting roles for user {} to {}", user.getEmail(), user.getRoles());
return deepLoad(_repository.save(user));
}
......
......@@ -16,6 +16,7 @@
package org.genesys.blocks.security.config;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import com.google.common.collect.Lists;
......@@ -119,6 +120,11 @@ public class ApplicationConfig {
public UserRole getDefaultUserRole() {
return UserRole.USER;
}
@Override
public Collection<UserRole> getDefaultUserRoles() {
return Sets.newHashSet(UserRole.USER, UserRole.EVERYONE);
}
@Override
public List<UserRole> listAvailableRoles() {
......
......@@ -19,7 +19,7 @@ package org.genesys.blocks.security.model;
import org.springframework.security.core.GrantedAuthority;
public enum UserRole implements GrantedAuthority {
USER("User"), ADMINISTRATOR("Administrator"), EXTRAROLE("Extra");
USER("User"), ADMINISTRATOR("Administrator"), EXTRAROLE("Extra"), EVERYONE("Everyone");
String label;
......
......@@ -99,6 +99,7 @@ public class BasicUserServiceTest extends ServiceTest {
public void testDefaultUserRole() {
assertThat(testUserService.getDefaultUserRole(), not(nullValue()));
assertThat(testUserService.getDefaultUserRole(), is(UserRole.USER));
assertThat(testUserService.getDefaultUserRoles(), containsInAnyOrder(UserRole.USER, UserRole.EVERYONE));
}
@Test
......@@ -107,12 +108,12 @@ public class BasicUserServiceTest extends ServiceTest {
assertThat("Default user role was not assigned automatically", user.getRoles(), contains(UserRole.USER));
user = testUserService.setRoles(user, Sets.newHashSet(UserRole.USER));
assertThat("Default user role was not assigned automatically", user.getRoles(), contains(UserRole.USER));
assertThat("Default user role was not assigned automatically", user.getRoles(), containsInAnyOrder(testUserService.getDefaultUserRoles().toArray()));
user = testUserService.setRoles(user, Sets.newHashSet(UserRole.EXTRAROLE));
assertThat("Default user role was not assigned automatically", user.getRoles(), containsInAnyOrder(UserRole.USER, UserRole.EXTRAROLE));
assertThat("Default user role was not assigned automatically", user.getRoles(), containsInAnyOrder(UserRole.USER, UserRole.EVERYONE, UserRole.EXTRAROLE));
user = testUserService.setRoles(user, Sets.newHashSet(UserRole.ADMINISTRATOR));
assertThat("Default user role was not assigned automatically", user.getRoles(), containsInAnyOrder(UserRole.USER, UserRole.ADMINISTRATOR));
assertThat("Default user role was not assigned automatically", user.getRoles(), containsInAnyOrder(UserRole.USER, UserRole.EVERYONE, UserRole.ADMINISTRATOR));
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment