Commit 7e25fd8c authored by Matija Obreza's avatar Matija Obreza

Permission controller update

- returns actually inherited permission (not "effective")
- AclObjectIdentityExt moved to app-blocks
- delete ACL entries for SID
- controller methods are no longer transactional
parent 0faf415a
......@@ -15,24 +15,20 @@
*/
package org.genesys2.server.api.v1;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.genesys.blocks.model.JsonViews;
import org.genesys.blocks.oauth.model.OAuthClient;
import org.genesys.blocks.oauth.service.OAuthClientDetailsService;
import org.genesys.blocks.security.model.AclEntry;
import org.genesys.blocks.security.model.AclObjectIdentity;
import org.genesys.blocks.security.model.AclSid;
import org.genesys.blocks.security.serialization.AclEntriesToPermissions;
import org.genesys.blocks.security.serialization.SidPermissions;
import org.genesys.blocks.security.service.CustomAclService;
import org.genesys.blocks.security.service.CustomAclService.AclObjectIdentityExt;
import org.genesys2.server.api.ApiBaseController;
import org.genesys2.server.exception.NotFoundElement;
import org.genesys2.server.model.UserRole;
......@@ -42,7 +38,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
......@@ -51,9 +47,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import com.fasterxml.jackson.annotation.JsonUnwrapped;
import com.fasterxml.jackson.annotation.JsonView;
import com.fasterxml.jackson.databind.annotation.JsonSerialize;
import io.swagger.annotations.Api;
......@@ -90,7 +84,6 @@ public class PermissionController {
* @param sidPermissions the sid permissions
* @return the acl object identity
*/
@Transactional
@PostMapping(value = "/permissions/{clazz}/{id}", produces = MediaType.APPLICATION_JSON_VALUE)
@JsonView(JsonViews.Minimal.class)
public AclObjectIdentityExt addPermission(@PathVariable(value = "clazz") final String className, @PathVariable("id") final long id,
......@@ -104,6 +97,27 @@ public class PermissionController {
return lazyLoadForJson(aclService.setPermissions(objectIdentity, sid, sidPermissions));
}
/**
* Adds the permission.
*
* @param className the class name
* @param id the id
* @param sidPermissions the sid permissions
* @return the acl object identity
*/
@DeleteMapping(value = "/permissions/{clazz}/{id}/{sid}", produces = MediaType.APPLICATION_JSON_VALUE)
@JsonView(JsonViews.Minimal.class)
public AclObjectIdentityExt deletePermissionsForSid(@PathVariable(value = "clazz") final String className, @PathVariable("id") final long id,
@PathVariable("sid") final String sid) {
final AclObjectIdentity objectIdentity = aclService.ensureObjectIdentity(id, className);
LOG.info("Removing permissions for {}", sid);
final AclSid aclSid = aclService.getSid(aclService.getSidId(sid));
return lazyLoadForJson(aclService.removePermissions(objectIdentity, aclSid));
}
/**
* Update inheriting status
*
......@@ -111,7 +125,6 @@ public class PermissionController {
* @param id the id
* @return updated acl object identity
*/
@Transactional
@JsonView(JsonViews.Minimal.class)
@PostMapping(value = "/update-inheriting/{inheriting}/{id}", produces = MediaType.APPLICATION_JSON_VALUE)
public AclObjectIdentityExt updateInheriting(@PathVariable(value = "inheriting") final boolean inheriting,
......@@ -131,7 +144,6 @@ public class PermissionController {
* @param parentId the parentId
* @return updated acl object identity
*/
@Transactional
@JsonView(JsonViews.Minimal.class)
@PostMapping(value = "/update-parent/{id}/{parentId}", produces = MediaType.APPLICATION_JSON_VALUE)
public AclObjectIdentityExt updateParentObject(@PathVariable(name = "id") final long id, @PathVariable(name = "parentId") final long parentId) {
......@@ -149,7 +161,6 @@ public class PermissionController {
* @param id the id
* @return the acl object identity
*/
@Transactional(readOnly = true)
@GetMapping(value = "/permissions/{clazz}/{id}", produces = MediaType.APPLICATION_JSON_VALUE)
@JsonView(JsonViews.Minimal.class)
public AclObjectIdentityExt permissions(@PathVariable(value = "clazz") final String className, @PathVariable("id") final long id) {
......@@ -167,32 +178,11 @@ public class PermissionController {
* @return the acl object identity
*/
protected AclObjectIdentityExt lazyLoadForJson(final AclObjectIdentity objectIdentity) {
AclObjectIdentityExt _aclObjectIdentity = new AclObjectIdentityExt(objectIdentity);
if (objectIdentity != null && objectIdentity.getAclEntries() != null) {
objectIdentity.getAclEntries().size();
List<AclEntry> inheritedEntries = inherited(objectIdentity, new ArrayList<>(), new HashSet<>());
_aclObjectIdentity.inherited.addAll(inheritedEntries);
// lazy load for JSON
_aclObjectIdentity.inherited.forEach(entry -> entry.getAclSid().getId());
AclObjectIdentityExt ext = aclService.loadObjectIdentityExt(objectIdentity);
if (ext == null) {
throw new NotFoundElement("No such ACL object");
}
return _aclObjectIdentity;
}
private List<AclEntry> inherited(AclObjectIdentity objectIdentity, List<AclEntry> aclEntries, Set<AclObjectIdentity> handled) {
if (objectIdentity == null || handled.contains(objectIdentity)) {
return aclEntries;
}
aclEntries.addAll(objectIdentity.getAclEntries());
handled.add(objectIdentity);
if (objectIdentity.getParentObject() != null) {
inherited(objectIdentity.getParentObject(), aclEntries, handled);
}
return aclEntries;
return ext;
}
/**
......@@ -201,7 +191,6 @@ public class PermissionController {
* @param id the internal ID of aclObjectIdentity
* @return the acl object identity
*/
@Transactional(readOnly = true)
@GetMapping(value = "/permissions/{aclObjectIdentityId}", produces = MediaType.APPLICATION_JSON_VALUE)
@JsonView(JsonViews.Minimal.class)
public AclObjectIdentityExt permissions(@PathVariable(value = "aclObjectIdentityId") final long id) {
......@@ -274,18 +263,4 @@ public class PermissionController {
}
return oauthMap;
}
/**
* Wraps {@link AclObjectIdentity} and adds list of inherited permissions.
*/
private static class AclObjectIdentityExt {
@JsonUnwrapped
public AclObjectIdentity original;
@JsonSerialize(converter = AclEntriesToPermissions.class)
public List<AclEntry> inherited = new ArrayList<>();
public AclObjectIdentityExt(AclObjectIdentity source) {
this.original = source;
}
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment