Commit bf7d1a68 authored by Maxym Borodenko's avatar Maxym Borodenko Committed by Matija Obreza
Browse files

OAuthClient as ACL SID

- updated permission editor
parent da73a733
...@@ -25,6 +25,9 @@ import com.fasterxml.jackson.databind.ObjectMapper; ...@@ -25,6 +25,9 @@ import com.fasterxml.jackson.databind.ObjectMapper;
import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.math.RandomUtils; import org.apache.commons.lang.math.RandomUtils;
import org.genesys.blocks.oauth.model.OAuthClient;
import org.genesys.blocks.oauth.service.OAuthClientDetailsService;
import org.genesys.blocks.security.UserException;
import org.genesys2.server.model.impl.Country; import org.genesys2.server.model.impl.Country;
import org.genesys2.server.model.impl.Crop; import org.genesys2.server.model.impl.Crop;
import org.genesys2.server.model.impl.User; import org.genesys2.server.model.impl.User;
...@@ -57,6 +60,9 @@ public class JspHelper { ...@@ -57,6 +60,9 @@ public class JspHelper {
@Autowired @Autowired
private HtmlConverter htmlConverter; private HtmlConverter htmlConverter;
@Autowired
private OAuthClientDetailsService clientDetailsService;
public String userFullName(Long userId) { public String userFullName(Long userId) {
if (userId == null) { if (userId == null) {
return null; return null;
...@@ -77,6 +83,13 @@ public class JspHelper { ...@@ -77,6 +83,13 @@ public class JspHelper {
return userService.getUserByUuid(uuid); return userService.getUserByUuid(uuid);
} }
public OAuthClient getByClientId(final String clientId) {
if (clientId == null) {
return null;
}
return clientDetailsService.getClient(clientId);
}
public Country getCountry(String iso3) { public Country getCountry(String iso3) {
return geoService.getCountry(iso3); return geoService.getCountry(iso3);
} }
......
...@@ -17,9 +17,12 @@ ...@@ -17,9 +17,12 @@
package org.genesys2.server.servlet.controller.rest; package org.genesys2.server.servlet.controller.rest;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import org.genesys.blocks.oauth.model.OAuthClient;
import org.genesys.blocks.oauth.service.OAuthClientDetailsService;
import org.genesys.blocks.security.model.AclObjectIdentity; import org.genesys.blocks.security.model.AclObjectIdentity;
import org.genesys.blocks.security.service.CustomAclService; import org.genesys.blocks.security.service.CustomAclService;
import org.genesys2.server.model.impl.User; import org.genesys2.server.model.impl.User;
...@@ -47,20 +50,16 @@ public class PermissionController extends RestController { ...@@ -47,20 +50,16 @@ public class PermissionController extends RestController {
@Autowired @Autowired
private UserService userService; private UserService userService;
@Autowired
private OAuthClientDetailsService clientDetailsService;
@RequestMapping(value = "/add", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE) @RequestMapping(value = "/add", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
public @ResponseBody Object addPermission(@RequestBody PermissionJson permissionJson) { public @ResponseBody Object addPermission(@RequestBody PermissionJson permissionJson) {
LOG.info("Adding permission {}", permissionJson); LOG.info("Adding permission {}", permissionJson);
final Map<Integer, Boolean> permissionMap = PermissionJsonUtil.createPermissionsMap(permissionJson); final Map<Integer, Boolean> permissionMap = PermissionJsonUtil.createPermissionsMap(permissionJson);
if (permissionJson.isPrincipal()) { aclService.addPermissions(permissionJson.getOid(), permissionJson.getClazz(), permissionJson.getUuid(), permissionJson.isPrincipal(), permissionMap);
final User user = userService.getUserByEmail(permissionJson.getUuid());
aclService.addPermissions(permissionJson.getOid(), permissionJson.getClazz(), user.getUuid(), permissionJson.isPrincipal(), permissionMap);
return JSON_OK; return JSON_OK;
} else {
aclService.addPermissions(permissionJson.getOid(), permissionJson.getClazz(), permissionJson.getUuid(), permissionJson.isPrincipal(),
permissionMap);
return JSON_OK;
}
} }
@RequestMapping(value = "/update", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE) @RequestMapping(value = "/update", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
...@@ -81,4 +80,13 @@ public class PermissionController extends RestController { ...@@ -81,4 +80,13 @@ public class PermissionController extends RestController {
} }
return userEmails; return userEmails;
} }
@RequestMapping(value = "/autocomplete-oauth-client", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
public @ResponseBody Map<String, String> acOauthClient(@RequestParam("term") String title) {
final Map<String, String> oauthMap = new HashMap<>();
for (final OAuthClient client : clientDetailsService.autocompleteClients(title)) {
oauthMap.put(client.getTitle(), client.getClientId());
}
return oauthMap;
}
} }
...@@ -4,23 +4,25 @@ ...@@ -4,23 +4,25 @@
<%@ include file="/WEB-INF/jsp/init.jsp" %> <%@ include file="/WEB-INF/jsp/init.jsp" %>
<html> <html>
<head> <head>
<title><spring:message code="acl.page.permission-manager"/></title> <title><spring:message code="acl.page.permission-manager"/></title>
</head> </head>
<body> <body>
<h1> <h1>
<small><c:out value="${aclObjectIdentity.aclClass.aclClass}"/></small> <small><c:out value="${aclObjectIdentity.aclClass.aclClass}"/></small>
<c:out value="${aclObjectIdentity.objectIdIdentity}"/> <c:out value="${aclObjectIdentity.objectIdIdentity}"/>
</h1> </h1>
<p>
<p><spring:message code="acl.owner"/>: <c:out value="${jspHelper.userByUuid(aclObjectIdentity.ownerSid.sid).email}"/></p> <spring:message code="acl.owner"/>:
<table class="accessions"> <c:out value="${jspHelper.userByUuid(aclObjectIdentity.ownerSid.sid).email}"/>
</p>
<table class="table table-striped">
<thead> <thead>
<tr> <tr>
<td><spring:message code="acl.sid" /></td> <td><spring:message code="acl.sid"/></td>
<c:forEach items="${aclPermissions}" var="aclPermission"> <c:forEach items="${aclPermissions}" var="aclPermission">
<td><spring:message code="acl.permission.${aclPermission.mask}" /></td> <td><spring:message code="acl.permission.${aclPermission.mask}"/></td>
</c:forEach> </c:forEach>
</tr> </tr>
</thead> </thead>
...@@ -30,69 +32,88 @@ ...@@ -30,69 +32,88 @@
<tr class="${status.count % 2 == 0 ? 'even' : 'odd'}"> <tr class="${status.count % 2 == 0 ? 'even' : 'odd'}">
<td> <td>
<c:choose> <c:choose>
<c:when test="${aclSid.principal == true}"> <c:when test="${aclSid.sid.contains('@')}">
<c:out value="${jspHelper.userByUuid(aclSid.sid).email}"/> <c:out value="${jspHelper.getByClientId(aclSid.sid).title}"/>
</c:when> </c:when>
<c:when test="${aclSid.principal == false}"> <c:when test="${aclSid.principal == false}">
<c:forEach var="role" items="${roles}">
<c:if test="${role.name eq aclSid.sid}">
<c:out value="${aclSid.sid}"/> <c:out value="${aclSid.sid}"/>
</c:if>
</c:forEach>
</c:when>
<c:when test="${aclSid.principal == true}">
<c:out value="${jspHelper.userByUuid(aclSid.sid).email}"/>
</c:when> </c:when>
</c:choose> </c:choose>
</td> </td>
<input type="hidden" name="aclSid" class="aclSid" value="${aclSid.sid}"/> <input type="hidden" name="aclSid" class="aclSid" value="${aclSid.sid}"/>
<input type="hidden" name="aclPrincipal" class="aclPrincipal" value="${aclSid.principal}"/>
<c:forEach items="${aclPermissions}" var="aclPermission"> <c:forEach items="${aclPermissions}" var="aclPermission">
<td><input type="checkbox" value="1" class="check" <td><input type="checkbox" value="1" class="check" name="permissionValue${aclPermission.mask}" id="permissionValue${aclPermission.mask}" disabled="disabled" ${aclEntries[aclSid.sid][aclPermission.mask] ? 'checked' : '' }/></td>
name="permissionValue${aclPermission.mask}"
id="permissionValue${aclPermission.mask}" disabled="disabled"
${aclEntries[aclSid.sid][aclPermission.mask] ? 'checked' : '' }/></td>
</c:forEach> </c:forEach>
<td><input type="button" class="btn btn-primary edit" value="<spring:message code="edit" />" /></td> <td>
<td><input type="submit" class="btn btn-primary save" style="display: none" value="<spring:message code="save"/>"> <input type="submit" class="btn btn-primary save" style="display: none" value="<spring:message code='save' />">
<button class="btn btn-default cancel" style="display: none"><spring:message code="cancel"/></button></td> <button class="btn btn-default cancel" style="display: none"><spring:message code="cancel"/></button>
<input type="button" class="btn btn-primary edit" value="<spring:message code='edit' />"/>
</td>
</tr> </tr>
</c:forEach> </c:forEach>
<tr id="permissionAdder" class="${aclSids.size()-1 % 2 == 0 ? 'even' : 'odd'}"> <tr id="permissionAdder" class="${aclSids.size()-1 % 2 == 0 ? 'even' : 'odd'}">
<td><input type="text" class="required form-control" name="uuid" id="autocomplete" /></td> <td><input type="text" class="required form-control" name="uuid" id="autocomplete-email" placeholder="User email"/></td>
<c:forEach items="${aclPermissions}" var="aclPermission">
<td>
<input type="checkbox" id="autoCheck${aclPermission.mask}" value="1" name="acPermissionValue${aclPermission.mask}" ${aclEntries[aclSid.sid][aclPermission.mask] ? 'checked' : '' }/>
</td>
</c:forEach>
<td><input type="button" class="btn btn-primary" value="<spring:message code='add' />"/></td>
</tr>
<tr id="permissionAdderByOAuthClient" class="${aclSids.size()-1 % 2 == 0 ? 'even' : 'odd'}">
<td><input type="text" class="required form-control" name="uuid" id="autocomplete-oauth-client" placeholder="OAuth client"/></td>
<c:forEach items="${aclPermissions}" var="aclPermission"> <c:forEach items="${aclPermissions}" var="aclPermission">
<td><input type="checkbox" id="autoCheck${aclPermission.mask}" value="1" <td>
name="acPermissionValue${aclPermission.mask}" <input type="checkbox" id="oauthAutoCheck${aclPermission.mask}" value="1" name="acPermissionValue${aclPermission.mask}" ${aclEntries[aclSid.sid][aclPermission.mask] ? 'checked' : '' }/>
${aclEntries[aclSid.sid][aclPermission.mask] ? 'checked' : '' }/></td> </td>
</c:forEach> </c:forEach>
<td><input type="button" class="btn btn-primary" value="<spring:message code="add" />" /></td> <td>
<td></td> <input type="button" class="btn btn-primary" value="<spring:message code='add' />"/></td>
</tr> </tr>
<tr id="permissionAdderByRole" class="${aclSids.size()-1 % 2 == 0 ? 'even' : 'odd'}"> <tr id="permissionAdderByRole" class="${aclSids.size()-1 % 2 == 0 ? 'even' : 'odd'}">
<td> <td>
<select class="required form-control" name="uuid" id="" title="roles"> <select class="required form-control" name="uuid" id="" title="roles">
<option disabled="disabled" selected="selected">SELECT ROLE</option> <option disabled="disabled" selected="selected">SELECT ROLE</option>
<c:forEach var="role" items="${roles}"> <c:forEach var="role" items="${roles}">
<option value="${role}"><c:out value="${role}" /></option> <option value="${role}"><c:out value="${role}"/></option>
</c:forEach> </c:forEach>
</select> </select>
</td> </td>
<c:forEach items="${aclPermissions}" var="aclPermission"> <c:forEach items="${aclPermissions}" var="aclPermission">
<td><input type="checkbox" id="rAutoCheck${aclPermission.mask}" value="1" <td><input type="checkbox" id="rAutoCheck${aclPermission.mask}" value="1" name="acPermissionValue${aclPermission.mask}" ${aclEntries[aclSid.sid][aclPermission.mask] ? 'checked' : '' }/></td>
name="acPermissionValue${aclPermission.mask}"
${aclEntries[aclSid.sid][aclPermission.mask] ? 'checked' : '' }/></td>
</c:forEach> </c:forEach>
<td><input type="button" class="btn btn-primary" value="<spring:message code="add" />"/></td> <td><input type="button" class="btn btn-primary" value="<spring:message code='add' />"/></td>
<td></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
<a href="<c:url value="${backUrl}" />" class="btn btn-default"><spring:message code="cancel" /></a> <a href="<c:url value='${backUrl}' />" class="btn btn-default"><spring:message code='cancel'/></a>
<content tag="javascript"> <content tag="javascript">
<script type="text/javascript"> <script type="text/javascript">
jQuery(document).ready(function() { jQuery(document).ready(function() {
var oAuthClientMap;
if ($('#permissionAdderByRole select')[0].value == 'SELECT ROLE') { if ($('#permissionAdderByRole select')[0].value == 'SELECT ROLE') {
$("#permissionAdderByRole input[type=button]").prop('disabled', true); $("#permissionAdderByRole input[type=button]").prop('disabled', true);
} }
...@@ -117,7 +138,7 @@ ...@@ -117,7 +138,7 @@
"manage": $("#rAutoCheck16").is(':checked') "manage": $("#rAutoCheck16").is(':checked')
}; };
$.ajax("<c:url value="/json/v0/permission/add" />", { $.ajax("<c:url value='/json/v0/permission/add' />", {
type: 'POST', type: 'POST',
dataType: 'json', dataType: 'json',
contentType: 'application/json; charset=utf-8', contentType: 'application/json; charset=utf-8',
...@@ -135,6 +156,40 @@ ...@@ -135,6 +156,40 @@
} }
}); });
}); });
$("#permissionAdderByOAuthClient input[type=button]").on("click", function (a, b, c) {
var object = {
"oid": ${aclObjectIdentity.objectIdIdentity},
"clazz": "${aclObjectIdentity.aclClass.aclClass}",
"uuid": oAuthClientMap[$("#permissionAdderByOAuthClient input[type=text]")[0].value],
"principal": true,
"create": $("#oauthAutoCheck4").is(':checked'),
"read": $("#oauthAutoCheck1").is(':checked'),
"write": $("#oauthAutoCheck2").is(':checked'),
"delete": $("#oauthAutoCheck8").is(':checked'),
"manage": $("#oauthAutoCheck16").is(':checked')
};
$.ajax("<c:url value='/json/v0/permission/add' />", {
type: 'POST',
dataType: 'json',
contentType: 'application/json; charset=utf-8',
data: (object == null ? null : JSON.stringify(object)),
beforeSend: function (xhr) {
},
success: function (respObject) {
window.location.reload();
console.log(respObject);
},
error: function (jqXHR, textStatus, errorThrown) {
console.log(textStatus);
console.log(errorThrown);
}
});
});
$("#permissionAdder input[type=button]").on("click", function(a,b,c) { $("#permissionAdder input[type=button]").on("click", function(a,b,c) {
var create=$("#autoCheck4").is(':checked'); var create=$("#autoCheck4").is(':checked');
...@@ -143,10 +198,18 @@ ...@@ -143,10 +198,18 @@
var remove=$("#autoCheck8").is(':checked'); var remove=$("#autoCheck8").is(':checked');
var manage=$("#autoCheck16").is(':checked'); var manage=$("#autoCheck16").is(':checked');
var object = { "oid": ${aclObjectIdentity.objectIdIdentity},"clazz":"${aclObjectIdentity.aclClass.aclClass}","uuid":$("#permissionAdder input[type=text]")[0].value,"principal":true, var object = {
"create":create,"read":read,"write":write,"delete":remove,"manage":manage}; "oid": ${aclObjectIdentity.objectIdIdentity},
//debugger; "clazz": "${aclObjectIdentity.aclClass.aclClass}",
$.ajax("<c:url value="/json/v0/permission/add" />", { "uuid": $("#permissionAdder input[type=text]")[0].value,
"principal": true,
"create": create,
"read": read,
"write": write,
"delete": remove,
"manage": manage
};
$.ajax("<c:url value='/json/v0/permission/add' />", {
type : 'POST', type : 'POST',
dataType : 'json', dataType : 'json',
contentType: 'application/json; charset=utf-8', contentType: 'application/json; charset=utf-8',
...@@ -174,10 +237,19 @@ ...@@ -174,10 +237,19 @@
var manage=$(this).parent().parent().find('#permissionValue16').is(':checked'); var manage=$(this).parent().parent().find('#permissionValue16').is(':checked');
var uuid=$(this).parent().parent().find('.aclSid').val(); var uuid=$(this).parent().parent().find('.aclSid').val();
var object = { "oid": ${aclObjectIdentity.objectIdIdentity},"clazz":"${aclObjectIdentity.aclClass.aclClass}","uuid":uuid,"principal":true, var object = {
"create":create,"read":read,"write":write,"delete":remove,"manage":manage}; "oid": ${aclObjectIdentity.objectIdIdentity},
"clazz": "${aclObjectIdentity.aclClass.aclClass}",
"uuid": uuid,
"principal": true,
"create": create,
"read": read,
"write": write,
"delete": remove,
"manage": manage
};
$.ajax("<c:url value="/json/v0/permission/update" />", { $.ajax("<c:url value='/json/v0/permission/update' />", {
type : 'POST', type : 'POST',
dataType : 'json', dataType : 'json',
contentType: 'application/json; charset=utf-8', contentType: 'application/json; charset=utf-8',
...@@ -203,28 +275,61 @@ ...@@ -203,28 +275,61 @@
$(this).parent().parent().find('input:checkbox').prop("disabled",false); $(this).parent().parent().find('input:checkbox').prop("disabled",false);
$(this).parent().parent().find('input:submit').show(); $(this).parent().parent().find('input:submit').show();
$(this).parent().parent().find('.cancel').show(); $(this).parent().parent().find('.cancel').show();
}) });
$(".cancel").click(function(){ $(".cancel").click(function(){
$(".check").prop("disabled",true); $(".check").prop("disabled",true);
$("input:submit").hide(); $("input:submit").hide();
$(this).hide(); $(this).hide();
}) });
$(function () { $(function () {
var tags = []; var tags = [];
<c:forEach items="${userNames}" var="userName"> <c:forEach items="${userNames}" var="userName">
tags.push("${userName}"); tags.push("${userName}");
</c:forEach> </c:forEach>
$("#autocomplete").autocomplete( $("#autocomplete-email").autocomplete({
{ delay: 200, minLength: 4, source: "<c:url value="/json/v0/permission/autocompleteuser" />", delay: 200,
messages: { noResults: '', results: function() {} } } minLength: 4,
); source: "<c:url value='/json/v0/permission/autocompleteuser' />",
messages: {
noResults: '',
results: function() {}
}
});
$("#autocomplete-oauth-client").autocomplete({
delay: 200,
minLength: 4,
source: function(request, response) {
$.ajax("<c:url value='/json/v0/permission/autocomplete-oauth-client' />",{
type: "GET",
contentType: "application/json; charset=utf-8",
dataType: "json",
data: {
"term": $("#permissionAdderByOAuthClient input[type=text]")[0].value
},
success: function (data) {
var titles = [];
$.each(data, function(key, element) {
titles.push(key);
});
oAuthClientMap = data;
response(titles);
},
error: function(result) {
alert("Error");
}
})
},
messages: {
noResults: '',
results: function() {}
}
});
}); });
}); });
</script> </script>
</content> </content>
</body> </body>
</html> </html>
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment