Commit 9b43f462 authored by Matija Obreza's avatar Matija Obreza

hasRole and hasPermission added to SecurityContextUtil

parent e0d3ddb0
......@@ -18,9 +18,14 @@ package org.genesys.blocks.security;
import org.genesys.blocks.security.model.AclSid;
import org.genesys.blocks.security.model.BasicUser;
import org.genesys.blocks.util.CurrentApplicationContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
......@@ -32,6 +37,23 @@ public class SecurityContextUtil {
/** The Constant LOG. */
public static final Logger LOG = LoggerFactory.getLogger(SecurityContextUtil.class);
/** The permission evaluator. */
private static PermissionEvaluator permissionEvaluator;
// Context initialization
static {
ApplicationContext context = CurrentApplicationContext.getContext();
if (context != null) {
try {
permissionEvaluator = context.getBean(PermissionEvaluator.class);
} catch (BeansException e) {
LOG.warn("Could not find PermissionEvaluator instance in your context");
}
} else {
LOG.warn("You should initialize a bean instance of org.genesys.blocks.util.CurrentApplicationContext in your context");
}
}
/**
* Gets the username.
*
......@@ -90,4 +112,43 @@ public class SecurityContextUtil {
return null;
}
/**
* Checks for role.
*
* @param role the role
* @return true, if successful
*/
public static boolean hasRole(String role) {
final Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null) {
for (GrantedAuthority authority : auth.getAuthorities()) {
if (authority.getAuthority().equals("ROLE_" + role)) {
return true;
}
}
}
return false;
}
/**
* Checks for permission.
*
* @param targetDomainObject the target domain object
* @param permission the permission
* @return true, if successful
*/
public static boolean hasPermission(Object targetDomainObject, Object permission) {
if (permissionEvaluator == null) {
LOG.warn("permissionEvaluator not available. No permissions.");
return false;
}
final Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null) {
return permissionEvaluator.hasPermission(auth, targetDomainObject, permission);
} else {
return false;
}
}
}
......@@ -15,6 +15,14 @@
*/
package org.genesys.blocks.security.serialization;
import org.genesys.blocks.security.SecurityContextUtil;
import org.genesys.blocks.security.model.AclAwareModel;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.acls.domain.BasePermission;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.databind.JavaType;
import com.fasterxml.jackson.databind.SerializerProvider;
......@@ -24,19 +32,6 @@ import com.fasterxml.jackson.databind.introspect.BeanPropertyDefinition;
import com.fasterxml.jackson.databind.ser.VirtualBeanPropertyWriter;
import com.fasterxml.jackson.databind.util.Annotations;
import java.util.concurrent.atomic.AtomicBoolean;
import org.genesys.blocks.security.model.AclAwareModel;
import org.genesys.blocks.util.CurrentApplicationContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.acls.domain.BasePermission;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
/**
* The CurrentPermissionsWriter is applied to {@link AclAwareModel} and it
* instructs Jackson to to include {@link Permissions} for current SID for every
......@@ -64,26 +59,10 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
/** The Constant serialVersionUID. */
private static final long serialVersionUID = 1L;
/** The permission evaluator. */
private static PermissionEvaluator permissionEvaluator;
private static final Permissions NO_PERMISSIONS = new Permissions().grantNone();
private static final Permissions ALL_PERMISSIONS = new Permissions().grantAll();
// Context initialization
static {
ApplicationContext context = CurrentApplicationContext.getContext();
if (context != null) {
try {
permissionEvaluator = context.getBean(PermissionEvaluator.class);
} catch (BeansException e) {
LOG.warn("Could not find PermissionEvaluator instance in your context");
}
} else {
LOG.warn("You should initialize a bean instance of org.genesys.blocks.util.CurrentApplicationContext in your context");
}
}
/**
* Instantiates a new current permissions writer.
*/
......@@ -116,32 +95,22 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
if (authentication == null) {
return NO_PERMISSIONS;
}
AtomicBoolean isAdmin = new AtomicBoolean(false);
authentication.getAuthorities().forEach(authority -> {
// We don't have a Role.ADMINSITRATOR defined so we use a String comparison.
if ("ROLE_ADMINISTRATOR".equals(authority.getAuthority())) {
isAdmin.set(true);
}
});
if (isAdmin.get()) {
if (SecurityContextUtil.hasRole("ADMINISTRATOR")) {
return ALL_PERMISSIONS;
}
if (permissionEvaluator != null) {
if (authentication != null) {
Permissions perms = new Permissions();
try {
perms.create = permissionEvaluator.hasPermission(authentication, bean, BasePermission.CREATE);
perms.read = permissionEvaluator.hasPermission(authentication, bean, BasePermission.READ);
perms.write = permissionEvaluator.hasPermission(authentication, bean, BasePermission.WRITE);
perms.delete = permissionEvaluator.hasPermission(authentication, bean, BasePermission.DELETE);
perms.manage = permissionEvaluator.hasPermission(authentication, bean, BasePermission.ADMINISTRATION);
} catch (Throwable e) {
LOG.warn("Could not read current permissions {}", e.getMessage());
}
return perms;
}
Permissions perms = new Permissions();
try {
perms.create = SecurityContextUtil.hasPermission(bean, BasePermission.CREATE);
perms.read = SecurityContextUtil.hasPermission(bean, BasePermission.READ);
perms.write = SecurityContextUtil.hasPermission(bean, BasePermission.WRITE);
perms.delete = SecurityContextUtil.hasPermission(bean, BasePermission.DELETE);
perms.manage = SecurityContextUtil.hasPermission(bean, BasePermission.ADMINISTRATION);
} catch (Throwable e) {
LOG.warn("Could not read current permissions {}", e.getMessage());
}
return null;
return perms;
}
/*
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment