diff --git a/security/src/main/java/org/genesys/blocks/security/SecurityContextUtil.java b/security/src/main/java/org/genesys/blocks/security/SecurityContextUtil.java index d8d4289f314a095de84ec198240eb5ce3ec578f3..83fbeb87ee72a3804854553df8287f9858eb68b9 100644 --- a/security/src/main/java/org/genesys/blocks/security/SecurityContextUtil.java +++ b/security/src/main/java/org/genesys/blocks/security/SecurityContextUtil.java @@ -16,6 +16,8 @@ package org.genesys.blocks.security; +import java.util.Arrays; + import org.genesys.blocks.security.model.AclSid; import org.genesys.blocks.security.model.BasicUser; import org.genesys.blocks.util.CurrentApplicationContext; @@ -26,20 +28,24 @@ import org.springframework.context.ApplicationContext; import org.springframework.security.access.PermissionEvaluator; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; /** * The Class SecurityContextUtil. */ public class SecurityContextUtil { - + /** The Constant LOG. */ public static final Logger LOG = LoggerFactory.getLogger(SecurityContextUtil.class); /** The permission evaluator. */ private static PermissionEvaluator permissionEvaluator; + private final static Authentication ANONYMOUS_AUTH = new PreAuthenticatedAuthenticationToken("Anyone", null, Arrays.asList(new SimpleGrantedAuthority("ROLE_EVERYONE"))); + // Context initialization static { ApplicationContext context = CurrentApplicationContext.getContext(); @@ -86,7 +92,7 @@ public class SecurityContextUtil { } else { LOG.warn("Principal {} is not BasicUser, but type {}", principal, principal.getClass()); } - } + } return null; } @@ -112,7 +118,7 @@ public class SecurityContextUtil { return null; } - + /** * Checks for role. * @@ -130,7 +136,7 @@ public class SecurityContextUtil { } return false; } - + /** * Checks for permission. * @@ -151,4 +157,24 @@ public class SecurityContextUtil { return false; } } + + /** + * Check if ROLE_EVERYONE has permission on target object + * + * @param targetDomainObject + * @param permission + * @return + */ + public static boolean anyoneHasPermission(Object targetDomainObject, Object permission) { + if (permissionEvaluator == null) { + LOG.warn("permissionEvaluator not available. No permissions."); + return false; + } + + if (ANONYMOUS_AUTH != null) { + return permissionEvaluator.hasPermission(ANONYMOUS_AUTH, targetDomainObject, permission); + } else { + return false; + } + } } diff --git a/security/src/main/java/org/genesys/blocks/security/serialization/CurrentPermissionsWriter.java b/security/src/main/java/org/genesys/blocks/security/serialization/CurrentPermissionsWriter.java index 1363fc5cb2f863e41f082b90da8b0ae4df847f7d..740cc4108478991e0410d0f8d421afbbe5b3c79a 100644 --- a/security/src/main/java/org/genesys/blocks/security/serialization/CurrentPermissionsWriter.java +++ b/security/src/main/java/org/genesys/blocks/security/serialization/CurrentPermissionsWriter.java @@ -61,7 +61,6 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter { private static final Permissions NO_PERMISSIONS = new Permissions().grantNone(); - private static final Permissions ALL_PERMISSIONS = new Permissions().grantAll(); /** * Instantiates a new current permissions writer. @@ -96,11 +95,13 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter { return NO_PERMISSIONS; } + Permissions perms = new Permissions(); + perms.isPublic = SecurityContextUtil.anyoneHasPermission(bean, "READ"); + if (SecurityContextUtil.hasRole("ADMINISTRATOR")) { - return ALL_PERMISSIONS; + perms.grantAll(); } - Permissions perms = new Permissions(); try { perms.create = SecurityContextUtil.hasPermission(bean, BasePermission.CREATE); perms.read = SecurityContextUtil.hasPermission(bean, BasePermission.READ); diff --git a/security/src/main/java/org/genesys/blocks/security/serialization/Permissions.java b/security/src/main/java/org/genesys/blocks/security/serialization/Permissions.java index eb1e865292a6e9cb4b754c14c79813f180c101de..a1533712ac62a91a995d4b1b6684e52daf563e77 100644 --- a/security/src/main/java/org/genesys/blocks/security/serialization/Permissions.java +++ b/security/src/main/java/org/genesys/blocks/security/serialization/Permissions.java @@ -41,6 +41,9 @@ public class Permissions { /** Allowed to admin/manage. */ public boolean manage; + /** Anyone is allowed to read the object */ + public boolean isPublic = false; + /* (non-Javadoc) * @see java.lang.Object#toString() */ @@ -48,7 +51,7 @@ public class Permissions { public String toString() { StringBuffer sb = new StringBuffer(); sb.append(create ? "c" : "-"); - sb.append(read ? "r" : "-"); + sb.append(isPublic ? "R" : read ? "r" : "-"); sb.append(write ? "w" : "-"); sb.append(delete ? "d" : "-"); sb.append(manage ? "A" : "-"); // Admin diff --git a/security/src/test/java/org/genesys/blocks/security/model/UserRole.java b/security/src/test/java/org/genesys/blocks/security/model/UserRole.java index 94ddec686ed64d0d6922df1d502de8e05f91313e..767af7e24c4e04f02bc58db2da56f2ef6f90a94c 100644 --- a/security/src/test/java/org/genesys/blocks/security/model/UserRole.java +++ b/security/src/test/java/org/genesys/blocks/security/model/UserRole.java @@ -24,13 +24,13 @@ import org.springframework.security.core.GrantedAuthority; public enum UserRole implements GrantedAuthority { /** The user. */ - USER("User"), - /** The administrator. */ - ADMINISTRATOR("Administrator"), - /** The extrarole. */ - EXTRAROLE("Extra"), - /** The everyone. */ - EVERYONE("Everyone"); + USER("User"), + /** The administrator. */ + ADMINISTRATOR("Administrator"), + /** The extrarole. */ + EXTRAROLE("Extra"), + /** The everyone. */ + EVERYONE("Everyone"); /** The label. */ String label;