Commit 72f007df authored by Matija Obreza's avatar Matija Obreza
Browse files

Permissions controller upgraded for app-blocks:1.4 with improved autocomplete

- Method signatures updated to return permissions and accept SidPermissions object
parent 4aac191a
......@@ -39,22 +39,13 @@ public interface UserRepository extends JpaRepository<User, Long> {
User findByEmail(String email);
/**
* Autocomplete by email.
* Autocomplete user by email or fullName
*
* @param email the email
* @param pageable the pageable
* @return the list
*/
List<User> findByEmailStartingWith(String email, Pageable pageable);
/**
* Search.
*
* @param terms the terms
* @param page the page
* @param term the search term
* @param page the page request
* @return the list
*/
@Query("from User le where le.email like concat('%', ?1, '%')")
List<User> search(String terms, Pageable page);
@Query("select u from User u where lower(u.email) like concat(lower(?1), '%') or lower(u.fullName) like concat(lower(?1), '%')")
List<User> autocomplete(String term, Pageable page);
}
......@@ -26,6 +26,13 @@ import org.genesys.catalog.model.user.UserRole;
*/
public interface UserService extends BasicUserService<UserRole, User> {
List<User> autocompleteUser(String email);
/**
* Autocomplete user.
*
* @param term the search term
* @param limit maximum number of results
* @return the list
*/
List<User> autocompleteUser(String term, int limit);
}
......@@ -57,7 +57,7 @@ public class UserServiceImpl extends BasicUserServiceImpl<UserRole, User> implem
protected JpaRepository<User, Long> getUserRepository() {
return userRepository;
}
@Override
public UserRole getDefaultUserRole() {
return UserRole.USER;
......@@ -72,7 +72,7 @@ public class UserServiceImpl extends BasicUserServiceImpl<UserRole, User> implem
public User deepLoad(User user) {
return super.deepLoad(user);
}
@Override
protected User createSystemAdministrator(String username) throws UserException {
User admin = createUser(username, "System Administrator", null, AccountType.SYSTEM);
......@@ -99,9 +99,9 @@ public class UserServiceImpl extends BasicUserServiceImpl<UserRole, User> implem
}
@Override
public List<User> autocompleteUser(String email) {
if (StringUtils.isBlank(email) || (email.length() < 4))
public List<User> autocompleteUser(String email, int limit) {
if (StringUtils.isBlank(email) || (email.length() < 1))
return Collections.emptyList();
return userRepository.findByEmailStartingWith(email, new PageRequest(0, 20, new Sort("email")));
return userRepository.autocomplete(email, new PageRequest(0, Integer.min(100, limit), new Sort("email")));
}
}
......@@ -157,6 +157,8 @@ public class WebConfiguration extends WebMvcConfigurerAdapter {
mapper.enable(DeserializationFeature.ACCEPT_EMPTY_STRING_AS_NULL_OBJECT);
// ignore stuff we don't understand
mapper.disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES);
// // ignore missing type information
// mapper.disable(DeserializationFeature.FAIL_ON_INVALID_SUBTYPE);
// explicit json views: every fields needs to be annotated, therefore enabled
mapper.enable(MapperFeature.DEFAULT_VIEW_INCLUSION);
......
......@@ -15,24 +15,26 @@
*/
package org.genesys.catalog.server.controller.api.v0;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.genesys.blocks.oauth.model.OAuthClient;
import org.genesys.blocks.oauth.service.OAuthClientDetailsService;
import org.genesys.blocks.security.model.AclEntry;
import org.genesys.blocks.security.model.AclObjectIdentity;
import org.genesys.blocks.security.model.AclSid;
import org.genesys.blocks.security.serialization.SidPermissions;
import org.genesys.blocks.security.service.CustomAclService;
import org.genesys.catalog.model.user.User;
import org.genesys.catalog.server.rest.model.PermissionJson;
import org.genesys.catalog.server.util.PermissionJsonUtil;
import org.genesys.catalog.model.user.UserRole;
import org.genesys.catalog.service.UserService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
......@@ -42,7 +44,8 @@ import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
/**
* @author Andrey Lugovskoy.
* @author Andrey Lugovskoy
* @author Matija Obreza
*/
@RestController
@RequestMapping(value = { "/api/v0/permission", "/json/v0/permission" })
......@@ -50,8 +53,6 @@ public class PermissionController {
private static final Logger LOG = LoggerFactory.getLogger(PermissionController.class);
protected static final ApiResult JSON_OK = new ApiResult(true);
@Autowired
protected CustomAclService aclService;
......@@ -61,69 +62,109 @@ public class PermissionController {
@Autowired
private OAuthClientDetailsService clientDetailsService;
@PostMapping(value = "/add", produces = MediaType.APPLICATION_JSON_VALUE)
public Object addPermission(@RequestBody final PermissionJson permissionJson) {
LOG.info("Adding permission {}", permissionJson);
final Map<Integer, Boolean> permissionMap = PermissionJsonUtil.createPermissionsMap(permissionJson);
if (permissionJson.getAuthority() != null) {
final AclSid sid = aclService.getAuthoritySid(permissionJson.getAuthority());
aclService.addPermissions(permissionJson.getOid(), permissionJson.getClazz(), sid, permissionMap);
@Transactional
@PostMapping(value = "/permissions/{clazz}/{id}", produces = MediaType.APPLICATION_JSON_VALUE)
public AclObjectIdentity addPermission(@PathVariable(value = "clazz") final String className, @PathVariable("id") final long id,
@RequestBody final SidPermissions sidPermissions) {
AclObjectIdentity objectIdentity = aclService.ensureObjectIdentity(id, className);
LOG.info("Setting permissions {}", sidPermissions);
} else if (permissionJson.getSid() != null) {
final AclSid sid = aclService.getSid(permissionJson.getSid());
aclService.addPermissions(permissionJson.getOid(), permissionJson.getClazz(), sid, permissionMap);
}
final AclSid sid = aclService.getSid(sidPermissions.sid.getId());
return JSON_OK;
return lazyLoadForJson(aclService.setPermissions(objectIdentity, sid, sidPermissions));
}
@PostMapping(value = "/update", produces = MediaType.APPLICATION_JSON_VALUE)
public Object updatePermissions(@RequestBody final PermissionJson permissionJson) {
final Map<Integer, Boolean> permissionMap = PermissionJsonUtil.createPermissionsMap(permissionJson);
final AclObjectIdentity objectIdentity = aclService.ensureObjectIdentity(permissionJson.getClazz(), permissionJson.getOid());
if (permissionJson.getAuthority() != null) {
final AclSid sid = aclService.getAuthoritySid(permissionJson.getAuthority());
aclService.updatePermissions(objectIdentity, sid, permissionMap);
/**
* Return all information related to the AclAwareModel
*
* @param className
* @param id
* @return
*/
@Transactional(readOnly = true)
@GetMapping(value = "/permissions/{clazz}/{id}", produces = MediaType.APPLICATION_JSON_VALUE)
public AclObjectIdentity permissions(@PathVariable(value = "clazz") final String className, @PathVariable("id") final long id) {
AclObjectIdentity objectIdentity = aclService.getObjectIdentity(id, className);
return lazyLoadForJson(objectIdentity);
}
} else if (permissionJson.getSid() != null) {
final AclSid sid = aclService.getSid(permissionJson.getSid());
aclService.updatePermissions(objectIdentity, sid, permissionMap);
protected AclObjectIdentity lazyLoadForJson(AclObjectIdentity objectIdentity) {
if (objectIdentity != null && objectIdentity.getAclEntries() != null) {
objectIdentity.getAclEntries().size();
// lazy load for JSON
objectIdentity.getAclEntries().forEach(entry -> entry.getAclSid().getId());
}
return objectIdentity;
}
return JSON_OK;
/**
* Return all information for {@link AclObjectIdentity} by its id
*
* @param id the internal ID of aclObjectIdentity
* @return
*/
@GetMapping(value = "/permissions/{aclObjectIdentityId}", produces = MediaType.APPLICATION_JSON_VALUE)
public AclObjectIdentity permissions(@PathVariable(value = "aclObjectIdentityId") final long id) {
AclObjectIdentity objectIdentity = aclService.getObjectIdentity(id);
return lazyLoadForJson(objectIdentity);
}
@GetMapping(value = "/permissions/{clazz}/{id}", produces = MediaType.APPLICATION_JSON_VALUE)
public List<AclEntry> permissions(@PathVariable(value = "clazz") final String className, @PathVariable("id") final long id) {
final AclObjectIdentity objectIdentity = aclService.getObjectIdentity(className, id);
return aclService.getAclEntries(objectIdentity);
/**
* Auto-complete users, roles and clients
*
* @param term the search term
* @return Map of SID labels and SID IDs
* @since 1.6
*/
@GetMapping(value = "/autocomplete", produces = MediaType.APPLICATION_JSON_VALUE)
public Map<String, Long> acSid(@RequestParam("term") final String term) {
final Map<String, Long> sidIds = new HashMap<>();
sidIds.putAll(acRole(term));
sidIds.putAll(acUser(term));
sidIds.putAll(acOauthClient(term));
return sidIds;
}
/**
* @deprecated Will be deprecated in 1.7
*/
// TODO remove
@GetMapping(value = "/autocompleteuser", produces = MediaType.APPLICATION_JSON_VALUE)
public Map<String, Long> acUser(@RequestParam("term") final String email) {
public Map<String, Long> acUser(@RequestParam("term") final String term) {
final Map<String, Long> userIds = new HashMap<>();
for (final User user : userService.autocompleteUser(email)) {
for (final User user : userService.autocompleteUser(term, 10)) {
userIds.put(user.getEmail(), user.getId());
}
return userIds;
}
/**
* @deprecated Will be deprecated in 1.7
*/
// TODO remove
@GetMapping(value = "/autocompleterole", produces = MediaType.APPLICATION_JSON_VALUE)
public Map<String, Long> acRole(@RequestParam("term") final String term) {
final Map<String, Long> roleSids = new HashMap<>();
List<UserRole> matchingRoles = Arrays.stream(UserRole.values()).filter(role -> role.name().toLowerCase().startsWith(term.toLowerCase())).collect(Collectors.toList());
for (final UserRole role : matchingRoles) {
roleSids.put(role.name(), aclService.getAuthoritySid(role.getAuthority()).getId());
}
return roleSids;
}
/**
* @deprecated Will be deprecated in 1.7
*/
// TODO remove
@GetMapping(value = "/autocomplete-oauth-client", produces = MediaType.APPLICATION_JSON_VALUE)
public Map<String, Long> acOauthClient(@RequestParam("term") final String title) {
public Map<String, Long> acOauthClient(@RequestParam("term") final String term) {
final Map<String, Long> oauthMap = new HashMap<>();
for (final OAuthClient client : clientDetailsService.autocompleteClients(title)) {
for (final OAuthClient client : clientDetailsService.autocompleteClients(term, 10)) {
oauthMap.put(client.getTitle(), client.getId());
}
return oauthMap;
}
public static class ApiResult {
public boolean result = false;
public ApiResult(final boolean b) {
result = b;
}
}
}
......@@ -3379,3 +3379,31 @@ databaseChangeLog:
columnDataType: INT(10)
columnName: idx
tableName: descriptor_term
- changeSet:
id: 1517210266274-4
author: mobreza (generated)
comment: Drop defaults, they were needed for migration
changes:
- dropDefaultValue:
columnDataType: varchar(20)
columnName: category
tableName: descriptor
- dropDefaultValue:
columnDataType: boolean
columnName: key_descriptor
tableName: descriptor
- changeSet:
id: 1517210266274-1
author: mobreza (generated)
comment: AclEntry should not allow multiple entries for same sid
changes:
- modifyDataType:
columnName: mask
newDataType: int(10)
tableName: acl_entry
- addUniqueConstraint:
columnNames: acl_object_identity, sid, mask
constraintName: UK_hpgwva1rxi3qc8ewx3jvlc2vk
tableName: acl_entry
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment