Commit d1bdd379 authored by Matija Obreza's avatar Matija Obreza

Merge branch '29-permission-checks-fail' into 'master'

Resolve "Permission checks fail"

Closes #29

See merge request genesys-pgr/application-blocks!31
parents 1c6bcfd9 c3fd313a
......@@ -23,8 +23,6 @@ import org.genesys.blocks.security.model.AclObjectIdentity;
import org.genesys.blocks.security.model.AclSid;
import org.genesys.blocks.security.serialization.Permissions;
import org.genesys.blocks.security.serialization.SidPermissions;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.acls.model.Permission;
/**
......@@ -90,7 +88,6 @@ public interface CustomAclService {
* @param id AclObjectIdentity id
* @return
*/
@PostAuthorize("returnObject==null or hasRole('ADMINISTRATOR') or hasPermission(#returnObject.objectIdIdentity, #returnObject.aclClass.aclClass, 'read')")
AclObjectIdentity getObjectIdentity(long id);
/**
......@@ -100,7 +97,6 @@ public interface CustomAclService {
* @param className the clazz
* @return the object identity
*/
@PreAuthorize("returnObject==null or hasRole('ADMINISTRATOR') or hasPermission(#id, #className, 'ADMINISTRATION')")
AclObjectIdentity getObjectIdentity(long id, String className);
/**
......@@ -109,7 +105,6 @@ public interface CustomAclService {
* @param entity the entity
* @return the object identity
*/
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(entity, 'ADMINISTRATION')")
AclObjectIdentity getObjectIdentity(AclAwareModel entity);
/**
......@@ -119,7 +114,6 @@ public interface CustomAclService {
* @param className the class name
* @return the permissions
*/
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#id, #className, 'ADMINISTRATION')")
List<SidPermissions> getPermissions(long id, String className);
/**
......@@ -128,7 +122,6 @@ public interface CustomAclService {
* @param entity the entity
* @return the permissions
*/
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(entity, 'ADMINISTRATION')")
List<SidPermissions> getPermissions(AclAwareModel entity);
/**
......@@ -137,7 +130,6 @@ public interface CustomAclService {
* @param objectIdentity the object identity
* @return the acl entries
*/
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#objectIdentity.objectIdIdentity, #objectIdentity.aclClass.aclClass, 'ADMINISTRATION')")
List<AclEntry> getAclEntries(AclObjectIdentity objectIdentity);
/**
......@@ -148,7 +140,6 @@ public interface CustomAclService {
* @param permissionMap the permission map
* @return
*/
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(entity, 'ADMINISTRATION')")
AclObjectIdentity setPermissions(AclAwareModel entity, AclSid sid, final Permissions permissions);
/**
......@@ -159,7 +150,6 @@ public interface CustomAclService {
* @param permissionMap the permission map
* @return
*/
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#objectIdentity.objectIdIdentity, #objectIdentity.aclClass.aclClass, 'ADMINISTRATION')")
AclObjectIdentity setPermissions(AclObjectIdentity objectIdentity, AclSid sid, final Permissions permissions);
/**
......@@ -168,7 +158,6 @@ public interface CustomAclService {
* @param entity the entity
* @return the acl entries
*/
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(entity, 'read')")
List<AclEntry> getAclEntries(AclAwareModel entity);
/**
......@@ -178,7 +167,6 @@ public interface CustomAclService {
* @param className the class name
* @return the sids
*/
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#id, #className, 'read')")
List<AclSid> getSids(long id, String className);
/**
......@@ -187,7 +175,6 @@ public interface CustomAclService {
* @param entity the entity
* @return the sids
*/
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#entity, 'read')")
List<AclSid> getSids(AclAwareModel entity);
/**
......@@ -213,10 +200,9 @@ public interface CustomAclService {
/**
* Make entity publicly readable (or not)
*
* @param entity The entity
* @param aclAwareModel The entity
* @param publiclyReadable true or false?
* @since 1.4
*/
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(entity, 'ADMINISTRATION')")
void makePubliclyReadable(AclAwareModel entity, boolean publiclyReadable);
void makePubliclyReadable(AclAwareModel aclAwareModel, boolean publiclyReadable);
}
......@@ -38,6 +38,7 @@ import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cache.Cache;
import org.springframework.cache.CacheManager;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.acls.domain.BasePermission;
import org.springframework.security.acls.model.Permission;
......@@ -257,6 +258,7 @@ public class CustomAclServiceImpl implements CustomAclService {
*/
@Override
@Transactional(readOnly = true)
@PostAuthorize("returnObject==null or hasRole('ADMINISTRATOR') or hasPermission(#returnObject.objectIdIdentity, #returnObject.aclClass.aclClass, 'READ')")
public AclObjectIdentity getObjectIdentity(final long id) {
return aclObjectIdentityPersistence.findOne(id);
}
......@@ -269,6 +271,7 @@ public class CustomAclServiceImpl implements CustomAclService {
*/
@Override
@Transactional(readOnly = true)
@PreAuthorize("returnObject==null or hasRole('ADMINISTRATOR') or hasPermission(#id, #className, 'ADMINISTRATION')")
public AclObjectIdentity getObjectIdentity(final long id, final String className) {
return aclObjectIdentityPersistence.findByObjectIdAndClassname(id, className);
}
......@@ -281,6 +284,7 @@ public class CustomAclServiceImpl implements CustomAclService {
*/
@Override
@Transactional(readOnly = true)
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#entity, 'ADMINISTRATION')")
public AclObjectIdentity getObjectIdentity(final AclAwareModel entity) {
if (entity == null) {
LOG.error("getObjectIdentity: Entity is null");
......@@ -404,6 +408,7 @@ public class CustomAclServiceImpl implements CustomAclService {
*/
@Override
@Transactional(readOnly = true)
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#objectIdentity.objectIdIdentity, #objectIdentity.aclClass.aclClass, 'ADMINISTRATION')")
public List<AclEntry> getAclEntries(final AclObjectIdentity objectIdentity) {
return aclEntryPersistence.findByObjectIdentity(objectIdentity);
}
......@@ -415,6 +420,7 @@ public class CustomAclServiceImpl implements CustomAclService {
*/
@Override
@Transactional(readOnly = true)
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#entity, 'ADMINISTRATION')")
public List<AclEntry> getAclEntries(final AclAwareModel entity) {
return aclEntryPersistence.findByObjectIdentity(getObjectIdentity(entity));
}
......@@ -426,6 +432,7 @@ public class CustomAclServiceImpl implements CustomAclService {
*/
@Override
@Transactional(readOnly = true)
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#id, #className, 'ADMINISTRATION')")
public List<AclSid> getSids(final long id, final String className) {
return aclEntryPersistence.getSids(getObjectIdentity(id, className));
}
......@@ -509,6 +516,7 @@ public class CustomAclServiceImpl implements CustomAclService {
*/
@Override
@Transactional(propagation = Propagation.REQUIRED)
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#entity, 'ADMINISTRATION')")
public void makePubliclyReadable(AclAwareModel entity, boolean publiclyReadable) {
AclSid roleEveryone = getAuthoritySid("ROLE_EVERYONE");
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment