Added Permissions#isPublic = EVERYONE can read the object

cd95da72 · Matija Obreza · c0919826 · cd95da72 · cd95da72 · cd95da72
Commit cd95da72 authored Oct 27, 2018 by Matija Obreza
4 changed files
--- a/security/src/main/java/org/genesys/blocks/security/SecurityContextUtil.java
+++ b/security/src/main/java/org/genesys/blocks/security/SecurityContextUtil.java
@@ -16,6 +16,8 @@

 package org.genesys.blocks.security;

+import java.util.Arrays;
+
 import org.genesys.blocks.security.model.AclSid;
 import org.genesys.blocks.security.model.BasicUser;
 import org.genesys.blocks.util.CurrentApplicationContext;
@@ -26,20 +28,24 @@ import org.springframework.context.ApplicationContext;
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;

 /**
 * The Class SecurityContextUtil.
 */
 public class SecurityContextUtil {
-	
+
 	/** The Constant LOG. */
 	public static final Logger LOG = LoggerFactory.getLogger(SecurityContextUtil.class);

 	/** The permission evaluator. */
 	private static PermissionEvaluator permissionEvaluator;

+	private final static Authentication ANONYMOUS_AUTH = new PreAuthenticatedAuthenticationToken("Anyone", null, Arrays.asList(new SimpleGrantedAuthority("ROLE_EVERYONE")));
+
 	// Context initialization
 	static {
 		ApplicationContext context = CurrentApplicationContext.getContext();
@@ -86,7 +92,7 @@ public class SecurityContextUtil {
 			} else {
 				LOG.warn("Principal {} is not BasicUser, but type {}", principal, principal.getClass());
 			}
-		} 
+		}

 		return null;
 	}
@@ -112,7 +118,7 @@ public class SecurityContextUtil {

 		return null;
 	}
-	
+
 	/**
 	 * Checks for role.
 	 *
@@ -130,7 +136,7 @@ public class SecurityContextUtil {
 		}
 		return false;
 	}
-	
+
 	/**
 	 * Checks for permission.
 	 *
@@ -151,4 +157,24 @@ public class SecurityContextUtil {
 			return false;
 		}
 	}
+
+	/**
+	 * Check if ROLE_EVERYONE has permission on target object
+	 * 
+	 * @param targetDomainObject
+	 * @param permission
+	 * @return
+	 */
+	public static boolean anyoneHasPermission(Object targetDomainObject, Object permission) {
+		if (permissionEvaluator == null) {
+			LOG.warn("permissionEvaluator not available. No permissions.");
+			return false;
+		}
+
+		if (ANONYMOUS_AUTH != null) {
+			return permissionEvaluator.hasPermission(ANONYMOUS_AUTH, targetDomainObject, permission);
+		} else {
+			return false;
+		}
+	}
 }
--- a/security/src/main/java/org/genesys/blocks/security/serialization/CurrentPermissionsWriter.java
+++ b/security/src/main/java/org/genesys/blocks/security/serialization/CurrentPermissionsWriter.java
@@ -61,7 +61,6 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {


 	private static final Permissions NO_PERMISSIONS = new Permissions().grantNone();
-	private static final Permissions ALL_PERMISSIONS = new Permissions().grantAll();

 	/**
 	 * Instantiates a new current permissions writer.
@@ -96,11 +95,13 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
 			return NO_PERMISSIONS;
 		}
 		
+		Permissions perms = new Permissions();
+		perms.isPublic =  SecurityContextUtil.anyoneHasPermission(bean, "READ");
+		
 		if (SecurityContextUtil.hasRole("ADMINISTRATOR")) {
-			return ALL_PERMISSIONS;
+			perms.grantAll();
 		}

-		Permissions perms = new Permissions();
 		try {
 			perms.create = SecurityContextUtil.hasPermission(bean, BasePermission.CREATE);
 			perms.read = SecurityContextUtil.hasPermission(bean, BasePermission.READ);

--- a/security/src/main/java/org/genesys/blocks/security/serialization/Permissions.java
+++ b/security/src/main/java/org/genesys/blocks/security/serialization/Permissions.java
@@ -41,6 +41,9 @@ public class Permissions {
 	/** Allowed to admin/manage. */
 	public boolean manage;

+	/** Anyone is allowed to read the object */
+	public boolean isPublic = false;
+
 	/* (non-Javadoc)
 	 * @see java.lang.Object#toString()
 	 */
@@ -48,7 +51,7 @@ public class Permissions {
 	public String toString() {
 		StringBuffer sb = new StringBuffer();
 		sb.append(create ? "c" : "-");
-		sb.append(read ? "r" : "-");
+		sb.append(isPublic ? "R" : read ? "r" : "-");
 		sb.append(write ? "w" : "-");
 		sb.append(delete ? "d" : "-");
 		sb.append(manage ? "A" : "-"); // Admin

--- a/security/src/test/java/org/genesys/blocks/security/model/UserRole.java
+++ b/security/src/test/java/org/genesys/blocks/security/model/UserRole.java
@@ -24,13 +24,13 @@ import org.springframework.security.core.GrantedAuthority;
 public enum UserRole implements GrantedAuthority {
 	
 	/** The user. */
-	USER("User"), 
- /** The administrator. */
- ADMINISTRATOR("Administrator"), 
- /** The extrarole. */
- EXTRAROLE("Extra"), 
- /** The everyone. */
- EVERYONE("Everyone");
+	USER("User"),
+	/** The administrator. */
+	ADMINISTRATOR("Administrator"),
+	/** The extrarole. */
+	EXTRAROLE("Extra"),
+	/** The everyone. */
+	EVERYONE("Everyone");

 	/** The label. */
 	String label;