Commit 74b36c0b authored by Matija Obreza's avatar Matija Obreza

Migration of data to new app-blocks:1.3 for ACL

- Users, OAuthClient are AclSid
- Roles are AclSid
- DB: Old permissions and object ownership migrated to new schema
- Permission editor
- Services cleanup
parent 9bcbdcf0
......@@ -20,6 +20,7 @@ import java.beans.Transient;
import javax.persistence.Cacheable;
import javax.persistence.Column;
import javax.persistence.DiscriminatorValue;
import javax.persistence.Entity;
import javax.persistence.Table;
......@@ -34,6 +35,7 @@ import org.genesys2.server.servlet.controller.rest.serialization.UserSerializer;
@Entity
@Table(name = "\"user\"")
@JsonSerialize(using = UserSerializer.class)
@DiscriminatorValue(value = "1")
public class User extends BasicUser<UserRole> {
private static final long serialVersionUID = 4564013753931115445L;
......
......@@ -46,9 +46,6 @@ public interface UserService extends BasicUserService<UserRole, User> {
UserWrapper getWrappedById(long userId) throws UserException;
@PreAuthorize("hasRole('ADMINISTRATOR') || principal.id == #userId")
User updateData(long userId, String name, String email) throws UserException;
User getSystemUser(String string);
Page<User> listUsers(Pageable pageable);
......
......@@ -174,6 +174,19 @@ public class UserServiceImpl extends BasicUserServiceImpl<UserRole, User> implem
userWrapper.setRoles(roles);
return userWrapper;
}
@Override
@Transactional
@PreAuthorize("hasRole('ADMINISTRATOR') || principal.id == #user.id")
public User updateUser(User user, String email, String fullName) throws UserException {
if (!emailValidator.isValid(email)) {
LOG.warn("Invalid email provided: {}", email);
throw new UserException("Invalid email provided: " + email);
}
return super.updateUser(user, email, fullName);
}
protected void updateUser(User user) throws UserException {
try {
......@@ -187,28 +200,6 @@ public class UserServiceImpl extends BasicUserServiceImpl<UserRole, User> implem
}
}
@Override
@PreAuthorize("hasRole('ADMINISTRATOR') || principal.id == #userId")
@Transactional(readOnly = false, rollbackFor = NotUniqueUserException.class)
public User updateData(long userId, String name, String email) throws UserException {
final User user = userRepository.findOne(userId);
if (user == null) {
throw new UserException("No user with id=" + userId);
}
if (!emailValidator.isValid(email)) {
LOG.warn("Invalid email provided: {}", email);
throw new UserException("Invalid email provided: " + email);
}
if (!StringUtils.equals(email, user.getEmail()) && userRepository.findByEmail(email) != null) {
throw new NotUniqueUserException(new Throwable(), email);
}
user.setFullName(name);
user.setEmail(email);
userRepository.save(user);
return user;
}
@Override
@Transactional
......
......@@ -19,7 +19,6 @@ package org.genesys2.server.servlet.controller;
import org.genesys.blocks.security.model.AclObjectIdentity;
import org.genesys.blocks.security.service.CustomAclService;
import org.genesys2.server.model.UserRole;
import org.genesys2.server.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.security.access.prepost.PreAuthorize;
......@@ -38,9 +37,6 @@ public class AclEditController extends BaseController {
@Autowired
private CustomAclService aclService;
@Autowired
private UserService userService;
@RequestMapping("/{clazz}/{id}/permissions")
public String permissions(ModelMap model, @PathVariable(value = "clazz") String className, @PathVariable("id") long id,
@RequestParam(value = "back", required = false) String backUrl) {
......
......@@ -24,6 +24,7 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.genesys.blocks.security.NotUniqueUserException;
import org.genesys.blocks.security.UserException;
import org.genesys.blocks.security.model.BasicUser.AccountType;
import org.genesys.blocks.security.service.PasswordPolicy.PasswordPolicyException;
import org.genesys2.server.model.UserRole;
......@@ -263,10 +264,13 @@ public class UserProfileController extends BaseController {
}
try {
user = userService.updateUser(user, email, fullName);
user = userService.updateUser(user, email, fullName);
} catch (NotUniqueUserException e) {
redirectAttributes.addFlashAttribute("emailError", "User with e-mail address " + e.getEmail() + " already exists");
return "redirect:/profile/" + user.getUuid() + "/edit";
} catch (UserException e) {
redirectAttributes.addFlashAttribute("emailError", e.getMessage());
return "redirect:/profile/" + user.getUuid() + "/edit";
}
if (StringUtils.isNotBlank(pwd1) || StringUtils.isNotBlank(pwd2)) {
......
......@@ -174,6 +174,9 @@ public class UserProfileController extends BaseController {
} catch (NotUniqueUserException e) {
redirectAttributes.addFlashAttribute("emailError", "User with e-mail address " + e.getEmail() + " already exists");
return "redirect:" + URLBASE + user.getUuid() + "/edit";
} catch (UserException e) {
redirectAttributes.addFlashAttribute("emailError", e.getMessage());
return "redirect:" + URLBASE + user.getUuid() + "/edit";
}
if (StringUtils.isNotBlank(pwd1)) {
......
......@@ -87,19 +87,19 @@ public class PermissionController extends RestController {
}
@RequestMapping(value = "/autocompleteuser", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
public @ResponseBody Map<Long, String> acUser(@RequestParam("term") String email) {
final Map<Long, String> userIds = new HashMap<>();
public @ResponseBody Map<String, Long> acUser(@RequestParam("term") String email) {
final Map<String, Long> userIds = new HashMap<>();
for (User user : userService.autocompleteUser(email)) {
userIds.put(user.getId(), user.getEmail());
userIds.put(user.getEmail(), user.getId());
}
return userIds;
}
@RequestMapping(value = "/autocomplete-oauth-client", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
public @ResponseBody Map<String, String> acOauthClient(@RequestParam("term") String title) {
final Map<String, String> oauthMap = new HashMap<>();
public @ResponseBody Map<String, Long> acOauthClient(@RequestParam("term") String title) {
final Map<String, Long> oauthMap = new HashMap<>();
for (final OAuthClient client : clientDetailsService.autocompleteClients(title)) {
oauthMap.put(client.getTitle(), client.getClientId());
oauthMap.put(client.getTitle(), client.getId());
}
return oauthMap;
}
......
......@@ -35,7 +35,6 @@ import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.MediaType;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
......@@ -100,13 +99,10 @@ public class UsersController extends RestController {
}
try {
userService.updateData(user.getId(), userData.getName(), userData.getEmail());
userService.updateUser(user, userData.getEmail(), userData.getName());
} catch (NotUniqueUserException e) {
LOG.warn("User with e-mail address {} already exists", e.getEmail());
throw e;
} catch (UserException e) {
LOG.warn("E-mail address is incorrect");
throw e;
}
if (StringUtils.isNotBlank(userData.getPwd1())) {
......
......@@ -15,7 +15,9 @@
<p>
<spring:message code="acl.owner"/>:
<c:out value="${jspHelper.aclSidById(aclObjectIdentity.ownerSid.id).fullName}"/>
<c:set var="sid" value="${jspHelper.aclSidById(aclObjectIdentity.ownerSid.id)}" />
<c:out value="${sid.fullName}"/>
<c:catch><a href="<c:url value='mailto:${sid.email}' />"><c:out value="${sid.email}" /></a></c:catch>
</p>
<table class="table table-striped">
<thead>
......@@ -29,9 +31,11 @@
<tbody>
<c:forEach items="${aclSids}" var="aclSid" varStatus="status">
<c:set var="sid" value="${jspHelper.aclSidById(aclSid.id)}" />
<tr class="${status.count % 2 == 0 ? 'even' : 'odd'}">
<td>
<c:out value="${jspHelper.aclSidById(aclSid.id).fullName}"/>
<c:out value="${sid.fullName}"/>
<c:catch><a href="<c:url value='mailto:${sid.email}' />"><c:out value="${sid.email}" /></a></c:catch>
</td>
<input type="hidden" name="sid" class="aclSid" value="${aclSid.id}"/>
......
......@@ -15,7 +15,8 @@
**/
package org.genesys2.tests.unit;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.Matchers.is;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
......@@ -127,7 +128,7 @@ public class UserServiceTest extends AbstractServicesTest {
}
@Test
public void updateUserTest() throws PasswordPolicyException, NotUniqueUserException {
public void updateUserTest() throws UserException {
User userFromDB = userService.getUserByEmail(email);
String newFullName = "New Name";
String newEmail = "user@newemail";
......@@ -147,7 +148,7 @@ public class UserServiceTest extends AbstractServicesTest {
fullName = "This is new name";
email = "newMail@new.com";
userService.updateData(userFromDB.getId(), fullName, email);
userService.updateUser(userFromDB, email, fullName);
userFromDB = userService.getUserByEmail(email);
assertTrue(userFromDB.getFullName().equals(fullName));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment