Commit bf7d1a68 authored by Maxym Borodenko's avatar Maxym Borodenko Committed by Matija Obreza
Browse files

OAuthClient as ACL SID

- updated permission editor
parent da73a733
......@@ -25,6 +25,9 @@ import com.fasterxml.jackson.databind.ObjectMapper;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.math.RandomUtils;
import org.genesys.blocks.oauth.model.OAuthClient;
import org.genesys.blocks.oauth.service.OAuthClientDetailsService;
import org.genesys.blocks.security.UserException;
import org.genesys2.server.model.impl.Country;
import org.genesys2.server.model.impl.Crop;
import org.genesys2.server.model.impl.User;
......@@ -57,6 +60,9 @@ public class JspHelper {
@Autowired
private HtmlConverter htmlConverter;
@Autowired
private OAuthClientDetailsService clientDetailsService;
public String userFullName(Long userId) {
if (userId == null) {
return null;
......@@ -77,6 +83,13 @@ public class JspHelper {
return userService.getUserByUuid(uuid);
}
public OAuthClient getByClientId(final String clientId) {
if (clientId == null) {
return null;
}
return clientDetailsService.getClient(clientId);
}
public Country getCountry(String iso3) {
return geoService.getCountry(iso3);
}
......
......@@ -17,9 +17,12 @@
package org.genesys2.server.servlet.controller.rest;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.genesys.blocks.oauth.model.OAuthClient;
import org.genesys.blocks.oauth.service.OAuthClientDetailsService;
import org.genesys.blocks.security.model.AclObjectIdentity;
import org.genesys.blocks.security.service.CustomAclService;
import org.genesys2.server.model.impl.User;
......@@ -47,20 +50,16 @@ public class PermissionController extends RestController {
@Autowired
private UserService userService;
@Autowired
private OAuthClientDetailsService clientDetailsService;
@RequestMapping(value = "/add", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
public @ResponseBody Object addPermission(@RequestBody PermissionJson permissionJson) {
LOG.info("Adding permission {}", permissionJson);
final Map<Integer, Boolean> permissionMap = PermissionJsonUtil.createPermissionsMap(permissionJson);
if (permissionJson.isPrincipal()) {
final User user = userService.getUserByEmail(permissionJson.getUuid());
aclService.addPermissions(permissionJson.getOid(), permissionJson.getClazz(), user.getUuid(), permissionJson.isPrincipal(), permissionMap);
return JSON_OK;
} else {
aclService.addPermissions(permissionJson.getOid(), permissionJson.getClazz(), permissionJson.getUuid(), permissionJson.isPrincipal(),
permissionMap);
return JSON_OK;
}
aclService.addPermissions(permissionJson.getOid(), permissionJson.getClazz(), permissionJson.getUuid(), permissionJson.isPrincipal(), permissionMap);
return JSON_OK;
}
@RequestMapping(value = "/update", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
......@@ -81,4 +80,13 @@ public class PermissionController extends RestController {
}
return userEmails;
}
@RequestMapping(value = "/autocomplete-oauth-client", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
public @ResponseBody Map<String, String> acOauthClient(@RequestParam("term") String title) {
final Map<String, String> oauthMap = new HashMap<>();
for (final OAuthClient client : clientDetailsService.autocompleteClients(title)) {
oauthMap.put(client.getTitle(), client.getClientId());
}
return oauthMap;
}
}
......@@ -4,227 +4,332 @@
<%@ include file="/WEB-INF/jsp/init.jsp" %>
<html>
<head>
<head>
<title><spring:message code="acl.page.permission-manager"/></title>
</head>
<body>
<h1>
<small><c:out value="${aclObjectIdentity.aclClass.aclClass}"/></small>
<c:out value="${aclObjectIdentity.objectIdIdentity}"/>
</h1>
<p><spring:message code="acl.owner"/>: <c:out value="${jspHelper.userByUuid(aclObjectIdentity.ownerSid.sid).email}"/></p>
<table class="accessions">
<thead>
<tr>
<td><spring:message code="acl.sid" /></td>
<c:forEach items="${aclPermissions}" var="aclPermission">
<td><spring:message code="acl.permission.${aclPermission.mask}" /></td>
</c:forEach>
</tr>
</thead>
<tbody>
</head>
<body>
<h1>
<small><c:out value="${aclObjectIdentity.aclClass.aclClass}"/></small>
<c:out value="${aclObjectIdentity.objectIdIdentity}"/>
</h1>
<p>
<spring:message code="acl.owner"/>:
<c:out value="${jspHelper.userByUuid(aclObjectIdentity.ownerSid.sid).email}"/>
</p>
<table class="table table-striped">
<thead>
<tr>
<td><spring:message code="acl.sid"/></td>
<c:forEach items="${aclPermissions}" var="aclPermission">
<td><spring:message code="acl.permission.${aclPermission.mask}"/></td>
</c:forEach>
</tr>
</thead>
<tbody>
<c:forEach items="${aclSids}" var="aclSid" varStatus="status">
<tr class="${status.count % 2 == 0 ? 'even' : 'odd'}">
<c:forEach items="${aclSids}" var="aclSid" varStatus="status">
<tr class="${status.count % 2 == 0 ? 'even' : 'odd'}">
<td>
<c:choose>
<c:when test="${aclSid.principal == true}">
<c:out value="${jspHelper.userByUuid(aclSid.sid).email}"/>
</c:when>
<c:when test="${aclSid.principal == false}">
<c:out value="${aclSid.sid}"/>
</c:when>
</c:choose>
<c:choose>
<c:when test="${aclSid.sid.contains('@')}">
<c:out value="${jspHelper.getByClientId(aclSid.sid).title}"/>
</c:when>
<c:when test="${aclSid.principal == false}">
<c:forEach var="role" items="${roles}">
<c:if test="${role.name eq aclSid.sid}">
<c:out value="${aclSid.sid}"/>
</c:if>
</c:forEach>
</c:when>
<c:when test="${aclSid.principal == true}">
<c:out value="${jspHelper.userByUuid(aclSid.sid).email}"/>
</c:when>
</c:choose>
</td>
<input type="hidden" name="aclSid" class="aclSid" value="${aclSid.sid}"/>
<input type="hidden" name="aclPrincipal" class="aclPrincipal" value="${aclSid.principal}"/>
<c:forEach items="${aclPermissions}" var="aclPermission">
<td><input type="checkbox" value="1" class="check"
name="permissionValue${aclPermission.mask}"
id="permissionValue${aclPermission.mask}" disabled="disabled"
${aclEntries[aclSid.sid][aclPermission.mask] ? 'checked' : '' }/></td>
<td><input type="checkbox" value="1" class="check" name="permissionValue${aclPermission.mask}" id="permissionValue${aclPermission.mask}" disabled="disabled" ${aclEntries[aclSid.sid][aclPermission.mask] ? 'checked' : '' }/></td>
</c:forEach>
<td><input type="button" class="btn btn-primary edit" value="<spring:message code="edit" />" /></td>
<td><input type="submit" class="btn btn-primary save" style="display: none" value="<spring:message code="save"/>">
<button class="btn btn-default cancel" style="display: none"><spring:message code="cancel"/></button></td>
<td>
<input type="submit" class="btn btn-primary save" style="display: none" value="<spring:message code='save' />">
<button class="btn btn-default cancel" style="display: none"><spring:message code="cancel"/></button>
<input type="button" class="btn btn-primary edit" value="<spring:message code='edit' />"/>
</td>
</tr>
</c:forEach>
<tr id="permissionAdder" class="${aclSids.size()-1 % 2 == 0 ? 'even' : 'odd'}">
<td><input type="text" class="required form-control" name="uuid" id="autocomplete-email" placeholder="User email"/></td>
<c:forEach items="${aclPermissions}" var="aclPermission">
<td>
<input type="checkbox" id="autoCheck${aclPermission.mask}" value="1" name="acPermissionValue${aclPermission.mask}" ${aclEntries[aclSid.sid][aclPermission.mask] ? 'checked' : '' }/>
</td>
</c:forEach>
<td><input type="button" class="btn btn-primary" value="<spring:message code='add' />"/></td>
</tr>
</c:forEach>
<tr id="permissionAdderByOAuthClient" class="${aclSids.size()-1 % 2 == 0 ? 'even' : 'odd'}">
<td><input type="text" class="required form-control" name="uuid" id="autocomplete-oauth-client" placeholder="OAuth client"/></td>
<tr id="permissionAdder" class="${aclSids.size()-1 % 2 == 0 ? 'even' : 'odd'}">
<td><input type="text" class="required form-control" name="uuid" id="autocomplete" /></td>
<c:forEach items="${aclPermissions}" var="aclPermission">
<td>
<input type="checkbox" id="oauthAutoCheck${aclPermission.mask}" value="1" name="acPermissionValue${aclPermission.mask}" ${aclEntries[aclSid.sid][aclPermission.mask] ? 'checked' : '' }/>
</td>
</c:forEach>
<c:forEach items="${aclPermissions}" var="aclPermission">
<td><input type="checkbox" id="autoCheck${aclPermission.mask}" value="1"
name="acPermissionValue${aclPermission.mask}"
${aclEntries[aclSid.sid][aclPermission.mask] ? 'checked' : '' }/></td>
</c:forEach>
<td>
<input type="button" class="btn btn-primary" value="<spring:message code='add' />"/></td>
</tr>
<td><input type="button" class="btn btn-primary" value="<spring:message code="add" />" /></td>
<td></td>
</tr>
<tr id="permissionAdderByRole" class="${aclSids.size()-1 % 2 == 0 ? 'even' : 'odd'}">
<td>
<tr id="permissionAdderByRole" class="${aclSids.size()-1 % 2 == 0 ? 'even' : 'odd'}">
<td>
<select class="required form-control" name="uuid" id="" title="roles">
<option disabled="disabled" selected="selected">SELECT ROLE</option>
<c:forEach var="role" items="${roles}">
<option value="${role}"><c:out value="${role}" /></option>
</c:forEach>
<option disabled="disabled" selected="selected">SELECT ROLE</option>
<c:forEach var="role" items="${roles}">
<option value="${role}"><c:out value="${role}"/></option>
</c:forEach>
</select>
</td>
</td>
<c:forEach items="${aclPermissions}" var="aclPermission">
<td><input type="checkbox" id="rAutoCheck${aclPermission.mask}" value="1"
name="acPermissionValue${aclPermission.mask}"
${aclEntries[aclSid.sid][aclPermission.mask] ? 'checked' : '' }/></td>
</c:forEach>
<c:forEach items="${aclPermissions}" var="aclPermission">
<td><input type="checkbox" id="rAutoCheck${aclPermission.mask}" value="1" name="acPermissionValue${aclPermission.mask}" ${aclEntries[aclSid.sid][aclPermission.mask] ? 'checked' : '' }/></td>
</c:forEach>
<td><input type="button" class="btn btn-primary" value="<spring:message code="add" />"/></td>
<td></td>
</tr>
</tbody>
</table>
<a href="<c:url value="${backUrl}" />" class="btn btn-default"><spring:message code="cancel" /></a>
<content tag="javascript">
<script type="text/javascript">
jQuery(document).ready(function() {
if ($('#permissionAdderByRole select')[0].value == 'SELECT ROLE') {
$("#permissionAdderByRole input[type=button]").prop('disabled', true);
}
$('#permissionAdderByRole select').on('change', function () {
if ($('#permissionAdderByRole select')[0].value == 'SELECT ROLE') {
$("#permissionAdderByRole input[type=button]").prop('disabled', true);
} else {
$("#permissionAdderByRole input[type=button]").prop('disabled', false);
}
});
$("#permissionAdderByRole input[type=button]").on("click", function (a, b, c) {
var object = {
"oid": ${aclObjectIdentity.objectIdIdentity},
"clazz": "${aclObjectIdentity.aclClass.aclClass}",
"uuid": $('#permissionAdderByRole select')[0].value,
"principal": false,
"create": $("#rAutoCheck4").is(':checked'),
"read": $("#rAutoCheck1").is(':checked'),
"write": $("#rAutoCheck2").is(':checked'),
"delete": $("#rAutoCheck8").is(':checked'),
"manage": $("#rAutoCheck16").is(':checked')
};
$.ajax("<c:url value="/json/v0/permission/add" />", {
type: 'POST',
dataType: 'json',
contentType: 'application/json; charset=utf-8',
data: (object == null ? null : JSON.stringify(object)),
beforeSend: function (xhr) {
},
success: function (respObject) {
window.location.reload();
console.log(respObject);
},
error: function (jqXHR, textStatus, errorThrown) {
console.log(textStatus);
console.log(errorThrown);
}
});
});
$("#permissionAdder input[type=button]").on("click", function(a,b,c) {
var create=$("#autoCheck4").is(':checked');
var read=$("#autoCheck1").is(':checked');
var write=$("#autoCheck2").is(':checked');
var remove=$("#autoCheck8").is(':checked');
var manage=$("#autoCheck16").is(':checked');
var object = { "oid": ${aclObjectIdentity.objectIdIdentity},"clazz":"${aclObjectIdentity.aclClass.aclClass}","uuid":$("#permissionAdder input[type=text]")[0].value,"principal":true,
"create":create,"read":read,"write":write,"delete":remove,"manage":manage};
//debugger;
$.ajax("<c:url value="/json/v0/permission/add" />", {
type : 'POST',
dataType : 'json',
contentType: 'application/json; charset=utf-8',
data: (object==null ? null : JSON.stringify(object)),
beforeSend : function(xhr) {
},
success : function(respObject) {
window.location.reload();
console.log(respObject);
},
error: function(jqXHR, textStatus, errorThrown) {
console.log(textStatus);
console.log(errorThrown);
}
});
});
$(".save").on("click", function() {
var create=$(this).parent().parent().find('#permissionValue4').is(':checked');
var read=$(this).parent().parent().find('#permissionValue1').is(':checked');
var write=$(this).parent().parent().find('#permissionValue2').is(':checked');
var remove=$(this).parent().parent().find('#permissionValue8').is(':checked');
var manage=$(this).parent().parent().find('#permissionValue16').is(':checked');
var uuid=$(this).parent().parent().find('.aclSid').val();
var object = { "oid": ${aclObjectIdentity.objectIdIdentity},"clazz":"${aclObjectIdentity.aclClass.aclClass}","uuid":uuid,"principal":true,
"create":create,"read":read,"write":write,"delete":remove,"manage":manage};
$.ajax("<c:url value="/json/v0/permission/update" />", {
type : 'POST',
dataType : 'json',
contentType: 'application/json; charset=utf-8',
data: (object==null ? null : JSON.stringify(object)),
beforeSend : function(xhr) {
},
success : function(respObject) {
window.location.reload();
console.log(respObject);
},
error: function(jqXHR, textStatus, errorThrown) {
console.log(textStatus);
console.log(errorThrown);
}
});
});
$(".edit").click(function(){
$(".check").prop("disabled",true);
$("input:submit").hide();
$(".cancel").hide();
$(this).parent().parent().find('input:checkbox').prop("disabled",false);
$(this).parent().parent().find('input:submit').show();
$(this).parent().parent().find('.cancel').show();
})
$(".cancel").click(function(){
$(".check").prop("disabled",true);
$("input:submit").hide();
$(this).hide();
})
$(function () {
var tags = [];
<c:forEach items="${userNames}" var="userName">
tags.push("${userName}");
</c:forEach>
$("#autocomplete").autocomplete(
{ delay: 200, minLength: 4, source: "<c:url value="/json/v0/permission/autocompleteuser" />",
messages: { noResults: '', results: function() {} } }
);
});
});
</script>
</content>
</body>
<td><input type="button" class="btn btn-primary" value="<spring:message code='add' />"/></td>
</tr>
</tbody>
</table>
<a href="<c:url value='${backUrl}' />" class="btn btn-default"><spring:message code='cancel'/></a>
<content tag="javascript">
<script type="text/javascript">
jQuery(document).ready(function() {
var oAuthClientMap;
if ($('#permissionAdderByRole select')[0].value == 'SELECT ROLE') {
$("#permissionAdderByRole input[type=button]").prop('disabled', true);
}
$('#permissionAdderByRole select').on('change', function () {
if ($('#permissionAdderByRole select')[0].value == 'SELECT ROLE') {
$("#permissionAdderByRole input[type=button]").prop('disabled', true);
} else {
$("#permissionAdderByRole input[type=button]").prop('disabled', false);
}
});
$("#permissionAdderByRole input[type=button]").on("click", function (a, b, c) {
var object = {
"oid": ${aclObjectIdentity.objectIdIdentity},
"clazz": "${aclObjectIdentity.aclClass.aclClass}",
"uuid": $('#permissionAdderByRole select')[0].value,
"principal": false,
"create": $("#rAutoCheck4").is(':checked'),
"read": $("#rAutoCheck1").is(':checked'),
"write": $("#rAutoCheck2").is(':checked'),
"delete": $("#rAutoCheck8").is(':checked'),
"manage": $("#rAutoCheck16").is(':checked')
};
$.ajax("<c:url value='/json/v0/permission/add' />", {
type: 'POST',
dataType: 'json',
contentType: 'application/json; charset=utf-8',
data: (object == null ? null : JSON.stringify(object)),
beforeSend: function (xhr) {
},
success: function (respObject) {
window.location.reload();
console.log(respObject);
},
error: function (jqXHR, textStatus, errorThrown) {
console.log(textStatus);
console.log(errorThrown);
}
});
});
$("#permissionAdderByOAuthClient input[type=button]").on("click", function (a, b, c) {
var object = {
"oid": ${aclObjectIdentity.objectIdIdentity},
"clazz": "${aclObjectIdentity.aclClass.aclClass}",
"uuid": oAuthClientMap[$("#permissionAdderByOAuthClient input[type=text]")[0].value],
"principal": true,
"create": $("#oauthAutoCheck4").is(':checked'),
"read": $("#oauthAutoCheck1").is(':checked'),
"write": $("#oauthAutoCheck2").is(':checked'),
"delete": $("#oauthAutoCheck8").is(':checked'),
"manage": $("#oauthAutoCheck16").is(':checked')
};
$.ajax("<c:url value='/json/v0/permission/add' />", {
type: 'POST',
dataType: 'json',
contentType: 'application/json; charset=utf-8',
data: (object == null ? null : JSON.stringify(object)),
beforeSend: function (xhr) {
},
success: function (respObject) {
window.location.reload();
console.log(respObject);
},
error: function (jqXHR, textStatus, errorThrown) {
console.log(textStatus);
console.log(errorThrown);
}
});
});
$("#permissionAdder input[type=button]").on("click", function(a,b,c) {
var create=$("#autoCheck4").is(':checked');
var read=$("#autoCheck1").is(':checked');
var write=$("#autoCheck2").is(':checked');
var remove=$("#autoCheck8").is(':checked');
var manage=$("#autoCheck16").is(':checked');
var object = {
"oid": ${aclObjectIdentity.objectIdIdentity},
"clazz": "${aclObjectIdentity.aclClass.aclClass}",
"uuid": $("#permissionAdder input[type=text]")[0].value,
"principal": true,
"create": create,
"read": read,
"write": write,
"delete": remove,
"manage": manage
};
$.ajax("<c:url value='/json/v0/permission/add' />", {
type : 'POST',
dataType : 'json',
contentType: 'application/json; charset=utf-8',
data: (object==null ? null : JSON.stringify(object)),
beforeSend : function(xhr) {
},
success : function(respObject) {
window.location.reload();
console.log(respObject);
},
error: function(jqXHR, textStatus, errorThrown) {
console.log(textStatus);
console.log(errorThrown);
}
});
});
$(".save").on("click", function() {
var create=$(this).parent().parent().find('#permissionValue4').is(':checked');
var read=$(this).parent().parent().find('#permissionValue1').is(':checked');
var write=$(this).parent().parent().find('#permissionValue2').is(':checked');
var remove=$(this).parent().parent().find('#permissionValue8').is(':checked');
var manage=$(this).parent().parent().find('#permissionValue16').is(':checked');
var uuid=$(this).parent().parent().find('.aclSid').val();
var object = {
"oid": ${aclObjectIdentity.objectIdIdentity},
"clazz": "${aclObjectIdentity.aclClass.aclClass}",
"uuid": uuid,
"principal": true,
"create": create,
"read": read,
"write": write,
"delete": remove,
"manage": manage
};
$.ajax("<c:url value='/json/v0/permission/update' />", {
type : 'POST',
dataType : 'json',
contentType: 'application/json; charset=utf-8',
data: (object==null ? null : JSON.stringify(object)),
beforeSend : function(xhr) {
},
success : function(respObject) {
window.location.reload();
console.log(respObject);
},
error: function(jqXHR, textStatus, errorThrown) {
console.log(textStatus);
console.log(errorThrown);
}
});
});
$(".edit").click(function(){
$(".check").prop("disabled",true);
$("input:submit").hide();
$(".cancel").hide();
$(this).parent().parent().find('input:checkbox').prop("disabled",false);
$(this).parent().parent().find('input:submit').show();
$(this).parent().parent().find('.cancel').show();
});
$(".cancel").click(function(){
$(".check").prop("disabled",true);
$("input:submit").hide();
$(this).hide();
});
$(function () {
var tags = [];