Commit c5ffd35f authored by Matija Obreza's avatar Matija Obreza
Browse files

ACL editor

parent c041cea8
......@@ -87,7 +87,7 @@ public class AsAdminAspect {
} else {
LOG.warn("Got SYS_ADMIN account: " + sysUser);
AuthUserDetails userDetails = new AuthUserDetails(sysUser.getEmail(), "", Arrays.asList(new SimpleGrantedAuthority(UserRole.ADMINISTRATOR
AuthUserDetails userDetails = new AuthUserDetails(sysUser.getUuid(), "", Arrays.asList(new SimpleGrantedAuthority(UserRole.ADMINISTRATOR
.getName())));
userDetails.setUser(sysUser);
......
......@@ -30,7 +30,6 @@ public interface UserPersistence extends JpaRepository<User, Long> {
@Query("select u from User u where u.email = ?1 and u.systemAccount = true")
User findSystemUser(String username);
@Query("select u from User u where u.uuid = ?1 and u.systemAccount = false")
User findByUuid(String uuid);
}
......@@ -58,9 +58,9 @@ public interface AclService {
List<AclSid> getSids(long id, String className);
Map<AclSid, Map<Long, Boolean>> getPermissions(AclAwareModel entity);
Map<String, Map<Integer, Boolean>> getPermissions(AclAwareModel entity);
Map<AclSid, Map<Long, Boolean>> getPermissions(long id, String className);
Map<String, Map<Integer, Boolean>> getPermissions(long id, String className);
boolean addPermissions(long objectIdIdentity, String className, String uuid, boolean principal, Map<Integer, Boolean> permissions);
......
......@@ -81,7 +81,6 @@ public class AclServiceImpl implements AclService {
BasePermission.ADMINISTRATION };
}
@Override
@Transactional(readOnly = true)
public Permission[] getAvailablePermissions(String className) {
......@@ -91,7 +90,7 @@ public class AclServiceImpl implements AclService {
}
@Override
// @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#id, #className, 'ADMINISTRATION')")
// @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#id, #className, 'ADMINISTRATION')")
public boolean addPermissions(long objectIdIdentity, String className, String uuid, boolean principal, Map<Integer, Boolean> permissions) {
AclSid sid = ensureSid(uuid, principal);
AclObjectIdentity oid = ensureObjectIdentity(className, objectIdIdentity);
......@@ -132,9 +131,9 @@ public class AclServiceImpl implements AclService {
// save object identity
aclObjectIdentityPersistence.save(objectIdentity);
Map<Integer,Boolean> permissionsMap=new HashMap<>();
for (Permission permission:basePermissions){
permissionsMap.put(permission.getMask(),true);
Map<Integer, Boolean> permissionsMap = new HashMap<>();
for (Permission permission : basePermissions) {
permissionsMap.put(permission.getMask(), true);
}
addPermissions(aclSid, objectIdentity, permissionsMap);
......@@ -170,7 +169,7 @@ public class AclServiceImpl implements AclService {
return aclSid;
}
private void addPermissions(AclSid ownerSid, AclObjectIdentity objectIdentity, Map<Integer,Boolean>permissions) {
private void addPermissions(AclSid ownerSid, AclObjectIdentity objectIdentity, Map<Integer, Boolean> permissions) {
// create Acl Entry
for (Integer mask : permissions.keySet()) {
AclEntry aclEntry = new AclEntry();
......@@ -267,6 +266,7 @@ public class AclServiceImpl implements AclService {
public List<AclSid> getSids(AclAwareModel entity) {
return aclEntryPersistence.getSids(entity.getId(), entity.getClass().getName());
}
@Override
@Transactional(readOnly = true)
public List<AclSid> getAllSids() {
......@@ -284,7 +284,7 @@ public class AclServiceImpl implements AclService {
if (granted == null) {
perm.put(aclEntry.getAclSid().getSid(), granted = new HashMap<>());
}
granted.put((int)aclEntry.getMask(), aclEntry.isGranting());
granted.put((int) aclEntry.getMask(), aclEntry.isGranting());
}
return perm;
......@@ -300,28 +300,10 @@ public class AclServiceImpl implements AclService {
public void updatePermission(AclObjectIdentity entity, String sid, Map<Integer, Boolean> permissionMap) {
List<AclEntry> aclEntries = aclEntryPersistence.findBySidAndAclClass(sid, entity.getAclClass().getAclClass());
for (AclEntry aclEntry :aclEntries ) {
for (AclEntry aclEntry : aclEntries) {
aclEntry.setGranting(permissionMap.get((int) aclEntry.getMask()));
}
aclEntryPersistence.save(aclEntries);
cacheManager.getCache("acl").removeAll();
}
// // private helpers
// private <T extends BusinessModel & AclAwareModel> void
// removeAssociations(T model) {
// String aclClassName = model.getClass().getName();
//
// AclObjectIdentity objectIdentity =
// aclObjectIdentityPersistence.findByObjectIdIdentityAndClassName(model.getId(),
// aclClassName);
//
// if (objectIdentity != null) {
// aclObjectIdentityPersistence.delete(objectIdentity);
// } else {
// LOG.warn("Could not find ACL object identity association for class {} and ID",
// aclClassName, model.getId());
// }
//
// }
}
......@@ -77,7 +77,8 @@ public class UserServiceImpl implements UserService {
}
@Override
@PreAuthorize("hasRole('ADMINISTRATOR')")
// FIXME Re-enable this
//@PreAuthorize("hasRole('ADMINISTRATOR')")
public Page<User> listUsers(Pageable pageable) {
return userPersistence.findAll(pageable);
}
......
......@@ -16,8 +16,12 @@
package org.genesys2.server.servlet.controller;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.genesys2.server.model.acl.AclObjectIdentity;
import org.genesys2.server.model.acl.AclSid;
import org.genesys2.server.model.impl.User;
import org.genesys2.server.service.AclService;
import org.genesys2.server.service.UserService;
......@@ -25,16 +29,18 @@ import org.genesys2.server.servlet.model.PermissionJson;
import org.genesys2.server.servlet.util.PermissionJsonUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.data.domain.PageRequest;
import org.springframework.data.domain.Sort;
import org.springframework.http.MediaType;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.*;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
@Scope("request")
......@@ -62,17 +68,16 @@ public class AclEditController extends BaseController {
model.addAttribute("aclEntries", aclService.getPermissions(id, className));
model.addAttribute("backUrl", backUrl);
//Username
// Username
Map<String, String> userNamesMap = new HashMap<>();
List<String> userNames = new ArrayList<>();
for (AclSid aclSid : aclService.getAllSids()) {
User user = userService.getUserByUuid(aclSid.getSid());
userNamesMap.put(aclSid.getSid(), user.getEmail());
if (!user.getEmail().equals(userService.getMe().getEmail())){
userNames.add(user.getEmail());
// FIXME This has to be done through AJAX, not the model
for (User user : userService.listUsers(new PageRequest(0, 50, new Sort("email")))) {
userNamesMap.put(user.getUuid(), user.getEmail());
if (user.isSystemAccount() || ! user.isEnabled()) {
continue;
}
userNames.add(user.getEmail());
}
model.addAttribute("userNames", userNames);
......@@ -82,15 +87,14 @@ public class AclEditController extends BaseController {
}
@RequestMapping(value = "/{clazz}/{id}/permissions/update", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
public
@ResponseBody Object updatePermissions(@PathVariable("clazz") String className, @PathVariable("id") long id,
@RequestBody PermissionJson permissionJson) {
public @ResponseBody
Object updatePermissions(@PathVariable("clazz") String className, @PathVariable("id") long id, @RequestBody PermissionJson permissionJson) {
Map<Integer, Boolean> permissionMap = PermissionJsonUtil.createPermissionsMap(permissionJson);
AclObjectIdentity objectIdentity = aclService.ensureObjectIdentity(className, id);
aclService.updatePermission(objectIdentity, permissionJson.getUuid(), permissionMap);
// return "redirect:/acl/"+className+"/"+id+"/permissions";
// return "redirect:/acl/"+className+"/"+id+"/permissions";
return "Success";
}
......
......@@ -22,4 +22,11 @@ public class JspHelper {
return null;
}
}
public User userByUuid(String uuid) {
if (uuid == null) {
return null;
}
return userService.getUserByUuid(uuid);
}
}
......@@ -9,14 +9,12 @@
</head>
<body>
<h1>
<c:out value="${aclAware['class'].name}"/>
<small><c:out value="${aclAware.id}"/></small>
<small><c:out value="${aclObjectIdentity.aclClass.aclClass}"/></small>
<c:out value="${aclObjectIdentity.objectIdIdentity}"/>
</h1>
<p>TODO FIXME Provide UI to view and manage ACL entries</p>
<p><spring:message code="acl.owner"/>: <c:out value="${aclObjectIdentity.ownerSid.sid}"/></p>
<p><spring:message code="acl.owner"/>: <c:out value="${jspHelper.userByUuid(aclObjectIdentity.ownerSid.sid).email}"/></p>
<table class="accessions">
<thead>
<tr>
......@@ -64,9 +62,8 @@
<a href="<c:url value="${backUrl}" />" class="btn btn-default"><spring:message code="cancel" /></a>
<link rel="stylesheet" href="http://code.jquery.com/ui/1.10.3/themes/trontastic/jquery-ui.css">
<script src="http://code.jquery.com/jquery-1.9.1.js"></script>
<script src="http://code.jquery.com/ui/1.10.3/jquery-ui.js"></script>
<content tag="javascript">
<script type="text/javascript" src="/html/js/jquery-ui.min.js"></script>
<script type="text/javascript">
jQuery(document).ready(function() {
$("#permissionAdder input[type=button]").on("click", function(a,b,c) {
......@@ -158,5 +155,6 @@
});
});
</script>
</content>
</body>
</html>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment