Commit c3fd313a authored by Matija Obreza's avatar Matija Obreza

Moved Spring Security annotations to service implementation

parent 1c6bcfd9
...@@ -23,8 +23,6 @@ import org.genesys.blocks.security.model.AclObjectIdentity; ...@@ -23,8 +23,6 @@ import org.genesys.blocks.security.model.AclObjectIdentity;
import org.genesys.blocks.security.model.AclSid; import org.genesys.blocks.security.model.AclSid;
import org.genesys.blocks.security.serialization.Permissions; import org.genesys.blocks.security.serialization.Permissions;
import org.genesys.blocks.security.serialization.SidPermissions; import org.genesys.blocks.security.serialization.SidPermissions;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.acls.model.Permission; import org.springframework.security.acls.model.Permission;
/** /**
...@@ -90,7 +88,6 @@ public interface CustomAclService { ...@@ -90,7 +88,6 @@ public interface CustomAclService {
* @param id AclObjectIdentity id * @param id AclObjectIdentity id
* @return * @return
*/ */
@PostAuthorize("returnObject==null or hasRole('ADMINISTRATOR') or hasPermission(#returnObject.objectIdIdentity, #returnObject.aclClass.aclClass, 'read')")
AclObjectIdentity getObjectIdentity(long id); AclObjectIdentity getObjectIdentity(long id);
/** /**
...@@ -100,7 +97,6 @@ public interface CustomAclService { ...@@ -100,7 +97,6 @@ public interface CustomAclService {
* @param className the clazz * @param className the clazz
* @return the object identity * @return the object identity
*/ */
@PreAuthorize("returnObject==null or hasRole('ADMINISTRATOR') or hasPermission(#id, #className, 'ADMINISTRATION')")
AclObjectIdentity getObjectIdentity(long id, String className); AclObjectIdentity getObjectIdentity(long id, String className);
/** /**
...@@ -109,7 +105,6 @@ public interface CustomAclService { ...@@ -109,7 +105,6 @@ public interface CustomAclService {
* @param entity the entity * @param entity the entity
* @return the object identity * @return the object identity
*/ */
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(entity, 'ADMINISTRATION')")
AclObjectIdentity getObjectIdentity(AclAwareModel entity); AclObjectIdentity getObjectIdentity(AclAwareModel entity);
/** /**
...@@ -119,7 +114,6 @@ public interface CustomAclService { ...@@ -119,7 +114,6 @@ public interface CustomAclService {
* @param className the class name * @param className the class name
* @return the permissions * @return the permissions
*/ */
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#id, #className, 'ADMINISTRATION')")
List<SidPermissions> getPermissions(long id, String className); List<SidPermissions> getPermissions(long id, String className);
/** /**
...@@ -128,7 +122,6 @@ public interface CustomAclService { ...@@ -128,7 +122,6 @@ public interface CustomAclService {
* @param entity the entity * @param entity the entity
* @return the permissions * @return the permissions
*/ */
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(entity, 'ADMINISTRATION')")
List<SidPermissions> getPermissions(AclAwareModel entity); List<SidPermissions> getPermissions(AclAwareModel entity);
/** /**
...@@ -137,7 +130,6 @@ public interface CustomAclService { ...@@ -137,7 +130,6 @@ public interface CustomAclService {
* @param objectIdentity the object identity * @param objectIdentity the object identity
* @return the acl entries * @return the acl entries
*/ */
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#objectIdentity.objectIdIdentity, #objectIdentity.aclClass.aclClass, 'ADMINISTRATION')")
List<AclEntry> getAclEntries(AclObjectIdentity objectIdentity); List<AclEntry> getAclEntries(AclObjectIdentity objectIdentity);
/** /**
...@@ -148,7 +140,6 @@ public interface CustomAclService { ...@@ -148,7 +140,6 @@ public interface CustomAclService {
* @param permissionMap the permission map * @param permissionMap the permission map
* @return * @return
*/ */
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(entity, 'ADMINISTRATION')")
AclObjectIdentity setPermissions(AclAwareModel entity, AclSid sid, final Permissions permissions); AclObjectIdentity setPermissions(AclAwareModel entity, AclSid sid, final Permissions permissions);
/** /**
...@@ -159,7 +150,6 @@ public interface CustomAclService { ...@@ -159,7 +150,6 @@ public interface CustomAclService {
* @param permissionMap the permission map * @param permissionMap the permission map
* @return * @return
*/ */
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#objectIdentity.objectIdIdentity, #objectIdentity.aclClass.aclClass, 'ADMINISTRATION')")
AclObjectIdentity setPermissions(AclObjectIdentity objectIdentity, AclSid sid, final Permissions permissions); AclObjectIdentity setPermissions(AclObjectIdentity objectIdentity, AclSid sid, final Permissions permissions);
/** /**
...@@ -168,7 +158,6 @@ public interface CustomAclService { ...@@ -168,7 +158,6 @@ public interface CustomAclService {
* @param entity the entity * @param entity the entity
* @return the acl entries * @return the acl entries
*/ */
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(entity, 'read')")
List<AclEntry> getAclEntries(AclAwareModel entity); List<AclEntry> getAclEntries(AclAwareModel entity);
/** /**
...@@ -178,7 +167,6 @@ public interface CustomAclService { ...@@ -178,7 +167,6 @@ public interface CustomAclService {
* @param className the class name * @param className the class name
* @return the sids * @return the sids
*/ */
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#id, #className, 'read')")
List<AclSid> getSids(long id, String className); List<AclSid> getSids(long id, String className);
/** /**
...@@ -187,7 +175,6 @@ public interface CustomAclService { ...@@ -187,7 +175,6 @@ public interface CustomAclService {
* @param entity the entity * @param entity the entity
* @return the sids * @return the sids
*/ */
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#entity, 'read')")
List<AclSid> getSids(AclAwareModel entity); List<AclSid> getSids(AclAwareModel entity);
/** /**
...@@ -213,10 +200,9 @@ public interface CustomAclService { ...@@ -213,10 +200,9 @@ public interface CustomAclService {
/** /**
* Make entity publicly readable (or not) * Make entity publicly readable (or not)
* *
* @param entity The entity * @param aclAwareModel The entity
* @param publiclyReadable true or false? * @param publiclyReadable true or false?
* @since 1.4 * @since 1.4
*/ */
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(entity, 'ADMINISTRATION')") void makePubliclyReadable(AclAwareModel aclAwareModel, boolean publiclyReadable);
void makePubliclyReadable(AclAwareModel entity, boolean publiclyReadable);
} }
...@@ -38,6 +38,7 @@ import org.slf4j.LoggerFactory; ...@@ -38,6 +38,7 @@ import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cache.Cache; import org.springframework.cache.Cache;
import org.springframework.cache.CacheManager; import org.springframework.cache.CacheManager;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.acls.domain.BasePermission; import org.springframework.security.acls.domain.BasePermission;
import org.springframework.security.acls.model.Permission; import org.springframework.security.acls.model.Permission;
...@@ -257,6 +258,7 @@ public class CustomAclServiceImpl implements CustomAclService { ...@@ -257,6 +258,7 @@ public class CustomAclServiceImpl implements CustomAclService {
*/ */
@Override @Override
@Transactional(readOnly = true) @Transactional(readOnly = true)
@PostAuthorize("returnObject==null or hasRole('ADMINISTRATOR') or hasPermission(#returnObject.objectIdIdentity, #returnObject.aclClass.aclClass, 'READ')")
public AclObjectIdentity getObjectIdentity(final long id) { public AclObjectIdentity getObjectIdentity(final long id) {
return aclObjectIdentityPersistence.findOne(id); return aclObjectIdentityPersistence.findOne(id);
} }
...@@ -269,6 +271,7 @@ public class CustomAclServiceImpl implements CustomAclService { ...@@ -269,6 +271,7 @@ public class CustomAclServiceImpl implements CustomAclService {
*/ */
@Override @Override
@Transactional(readOnly = true) @Transactional(readOnly = true)
@PreAuthorize("returnObject==null or hasRole('ADMINISTRATOR') or hasPermission(#id, #className, 'ADMINISTRATION')")
public AclObjectIdentity getObjectIdentity(final long id, final String className) { public AclObjectIdentity getObjectIdentity(final long id, final String className) {
return aclObjectIdentityPersistence.findByObjectIdAndClassname(id, className); return aclObjectIdentityPersistence.findByObjectIdAndClassname(id, className);
} }
...@@ -281,6 +284,7 @@ public class CustomAclServiceImpl implements CustomAclService { ...@@ -281,6 +284,7 @@ public class CustomAclServiceImpl implements CustomAclService {
*/ */
@Override @Override
@Transactional(readOnly = true) @Transactional(readOnly = true)
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#entity, 'ADMINISTRATION')")
public AclObjectIdentity getObjectIdentity(final AclAwareModel entity) { public AclObjectIdentity getObjectIdentity(final AclAwareModel entity) {
if (entity == null) { if (entity == null) {
LOG.error("getObjectIdentity: Entity is null"); LOG.error("getObjectIdentity: Entity is null");
...@@ -404,6 +408,7 @@ public class CustomAclServiceImpl implements CustomAclService { ...@@ -404,6 +408,7 @@ public class CustomAclServiceImpl implements CustomAclService {
*/ */
@Override @Override
@Transactional(readOnly = true) @Transactional(readOnly = true)
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#objectIdentity.objectIdIdentity, #objectIdentity.aclClass.aclClass, 'ADMINISTRATION')")
public List<AclEntry> getAclEntries(final AclObjectIdentity objectIdentity) { public List<AclEntry> getAclEntries(final AclObjectIdentity objectIdentity) {
return aclEntryPersistence.findByObjectIdentity(objectIdentity); return aclEntryPersistence.findByObjectIdentity(objectIdentity);
} }
...@@ -415,6 +420,7 @@ public class CustomAclServiceImpl implements CustomAclService { ...@@ -415,6 +420,7 @@ public class CustomAclServiceImpl implements CustomAclService {
*/ */
@Override @Override
@Transactional(readOnly = true) @Transactional(readOnly = true)
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#entity, 'ADMINISTRATION')")
public List<AclEntry> getAclEntries(final AclAwareModel entity) { public List<AclEntry> getAclEntries(final AclAwareModel entity) {
return aclEntryPersistence.findByObjectIdentity(getObjectIdentity(entity)); return aclEntryPersistence.findByObjectIdentity(getObjectIdentity(entity));
} }
...@@ -426,6 +432,7 @@ public class CustomAclServiceImpl implements CustomAclService { ...@@ -426,6 +432,7 @@ public class CustomAclServiceImpl implements CustomAclService {
*/ */
@Override @Override
@Transactional(readOnly = true) @Transactional(readOnly = true)
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#id, #className, 'ADMINISTRATION')")
public List<AclSid> getSids(final long id, final String className) { public List<AclSid> getSids(final long id, final String className) {
return aclEntryPersistence.getSids(getObjectIdentity(id, className)); return aclEntryPersistence.getSids(getObjectIdentity(id, className));
} }
...@@ -509,6 +516,7 @@ public class CustomAclServiceImpl implements CustomAclService { ...@@ -509,6 +516,7 @@ public class CustomAclServiceImpl implements CustomAclService {
*/ */
@Override @Override
@Transactional(propagation = Propagation.REQUIRED) @Transactional(propagation = Propagation.REQUIRED)
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#entity, 'ADMINISTRATION')")
public void makePubliclyReadable(AclAwareModel entity, boolean publiclyReadable) { public void makePubliclyReadable(AclAwareModel entity, boolean publiclyReadable) {
AclSid roleEveryone = getAuthoritySid("ROLE_EVERYONE"); AclSid roleEveryone = getAuthoritySid("ROLE_EVERYONE");
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment