Commit 7902bccc authored by Matija Obreza's avatar Matija Obreza

Merge branch 'descriptors-not-accessible' into 'master'

Descriptors not accessible

See merge request genesys-pgr/genesys-server!286
parents 2f32b0d4 ba400709
...@@ -95,6 +95,16 @@ public interface DescriptorService { ...@@ -95,6 +95,16 @@ public interface DescriptorService {
*/ */
Page<Descriptor> listDescriptorsForCurrentUser(DescriptorFilter filter, Pageable page); Page<Descriptor> listDescriptorsForCurrentUser(DescriptorFilter filter, Pageable page);
/**
* List descriptors accessible to the user (both published by others and owned descriptors).
*
* @param filter the filter
* @param page the page
* @return the page
*/
Page<Descriptor> listAccessibleDescriptors(DescriptorFilter filter, Pageable page);
/** /**
* List published descriptors. * List published descriptors.
* *
...@@ -180,4 +190,5 @@ public interface DescriptorService { ...@@ -180,4 +190,5 @@ public interface DescriptorService {
* @return the number of published descriptors * @return the number of published descriptors
*/ */
long countDescriptors(DescriptorFilter filter); long countDescriptors(DescriptorFilter filter);
} }
...@@ -236,6 +236,19 @@ public class DescriptorServiceImpl implements DescriptorService { ...@@ -236,6 +236,19 @@ public class DescriptorServiceImpl implements DescriptorService {
return new PageImpl<>(res.getContent(), page, res.getTotalElements()); return new PageImpl<>(res.getContent(), page, res.getTotalElements());
} }
} }
@Override
@PreAuthorize("isAuthenticated()")
public Page<Descriptor> listAccessibleDescriptors(DescriptorFilter descriptorFilter, Pageable page) {
if (securityUtils.hasRole(UserRole.ADMINISTRATOR)) {
return listDescriptorsForCurrentUser(descriptorFilter, page);
} else {
final HashSet<Long> partners = new HashSet<>(securityUtils.listObjectIdentityIdsForCurrentUser(Partner.class, BasePermission.WRITE));
Pageable markdownSortPageRequest = JPAUtils.toMarkdownSort(page, "title");
Page<Descriptor> res = descriptorRepository.findAll(QDescriptor.descriptor.state.in(PublishState.PUBLISHED).or(descriptor.owner.id.in(partners)).and(descriptorFilter.buildQuery()), markdownSortPageRequest);
return new PageImpl<>(res.getContent(), page, res.getTotalElements());
}
}
/** /**
* {@inheritDoc} * {@inheritDoc}
......
...@@ -245,6 +245,28 @@ public class DescriptorController extends ApiBaseController { ...@@ -245,6 +245,28 @@ public class DescriptorController extends ApiBaseController {
return new FilteredPage<>(filterInfo.filterCode, filterInfo.filter, descriptorService.listDescriptors(filterInfo.filter, page.toPageRequest(100, Sort.Direction.ASC, "id"))); return new FilteredPage<>(filterInfo.filterCode, filterInfo.filter, descriptorService.listDescriptors(filterInfo.filter, page.toPageRequest(100, Sort.Direction.ASC, "id")));
} }
/**
* List descriptors accessible to user
*
* @param page the page
* @param filter the descriptor filter
* @return the page
* @throws IOException
*/
@PostMapping(value = "/list-accessible")
public FilteredPage<Descriptor> listAccessibleDescriptors(@RequestParam(name = "f", required = false) String filterCode, final Pagination page,
@RequestBody(required = false) DescriptorFilter filter) throws IOException {
if (filterCode != null) {
filter = shortFilterService.filterByCode(filterCode, DescriptorFilter.class);
} else {
filterCode = shortFilterService.getCode(filter);
}
FilterInfo<DescriptorFilter> filterInfo = shortFilterService.processFilter(filterCode, filter, DescriptorFilter.class);
return new FilteredPage<>(filterInfo.filterCode, filterInfo.filter, descriptorService.listAccessibleDescriptors(filterInfo.filter, page.toPageRequest(100, Sort.Direction.ASC, "id")));
}
/** /**
* My descriptors. * My descriptors.
* *
......
...@@ -120,7 +120,7 @@ public class UserServiceImpl extends BasicUserServiceImpl<UserRole, User> implem ...@@ -120,7 +120,7 @@ public class UserServiceImpl extends BasicUserServiceImpl<UserRole, User> implem
user.setAccountType(accountType); user.setAccountType(accountType);
user.getRoles().add(UserRole.USER); user.getRoles().add(UserRole.USER);
super.setPassword(user, password); super.setPassword(user, password);
return userRepository.save(user); return deepLoad(userRepository.save(user));
} }
@Transactional @Transactional
...@@ -279,23 +279,13 @@ public class UserServiceImpl extends BasicUserServiceImpl<UserRole, User> implem ...@@ -279,23 +279,13 @@ public class UserServiceImpl extends BasicUserServiceImpl<UserRole, User> implem
@Override @Override
public User getUserByEmail(String email) { public User getUserByEmail(String email) {
final User user = userRepository.findByEmail(email); final User user = userRepository.findByEmail(email);
return deepLoad(user);
if (user != null) {
user.getRoles().size();
}
return user;
} }
@Override @Override
public User getUserByUuid(String uuid) { public User getUserByUuid(String uuid) {
final User user = userRepository.findByUuid(uuid); final User user = userRepository.findByUuid(uuid);
return deepLoad(user);
if (user != null) {
user.getRoles().size();
}
return user;
} }
@Override @Override
......
...@@ -67,6 +67,7 @@ public class UserServiceTest extends AbstractServicesTest { ...@@ -67,6 +67,7 @@ public class UserServiceTest extends AbstractServicesTest {
user = userService.createUser(email, fullName, initialPassword, AccountType.LOCAL); user = userService.createUser(email, fullName, initialPassword, AccountType.LOCAL);
assertEquals(user.getAccountType(), AccountType.LOCAL); assertEquals(user.getAccountType(), AccountType.LOCAL);
assertThat(user.getRoles(), containsInAnyOrder(UserRole.USER, UserRole.EVERYONE));
assertThat(passwordEncoder.matches(initialPassword, user.getPassword()), is(true)); assertThat(passwordEncoder.matches(initialPassword, user.getPassword()), is(true));
} }
...@@ -230,7 +231,7 @@ public class UserServiceTest extends AbstractServicesTest { ...@@ -230,7 +231,7 @@ public class UserServiceTest extends AbstractServicesTest {
@Test @Test
public void updateRolesTest() throws PasswordPolicyException { public void updateRolesTest() throws PasswordPolicyException {
assertThat(userService.getUserByEmail(email).getRoles(), hasSize(1)); assertThat(userService.getUserByEmail(email).getRoles(), hasSize(2));
Set<UserRole> selectedRoles = Sets.newHashSet(UserRole.ADMINISTRATOR); Set<UserRole> selectedRoles = Sets.newHashSet(UserRole.ADMINISTRATOR);
userService.setRoles(user, selectedRoles); userService.setRoles(user, selectedRoles);
assertThat(userService.getUserByEmail(email).getRoles(), hasSize(3)); assertThat(userService.getUserByEmail(email).getRoles(), hasSize(3));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment