[New] removed need for StrolchPrivilegeAdmin role (user privileges!)
This commit is contained in:
parent
82c7417bdd
commit
01963c7c20
|
|
@ -1 +1 @@
|
|||
Subproject commit 3f7636428d460b37f1a5cb02144b41c0376be433
|
||||
Subproject commit 2607bbef3fc7df863548820665d8ed133e524c39
|
||||
|
|
@ -21,5 +21,4 @@ package li.strolch.rest;
|
|||
public class StrolchRestfulConstants {
|
||||
|
||||
public static final String STROLCH_CERTIFICATE = "strolch.certificate"; //$NON-NLS-1$
|
||||
public static final String ROLE_STROLCH_PRIVILEGE_ADMIN = "StrolchPrivilegeAdmin";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -30,7 +30,6 @@ import javax.ws.rs.core.Response;
|
|||
import li.strolch.agent.api.ComponentContainer;
|
||||
import li.strolch.rest.RestfulStrolchComponent;
|
||||
import li.strolch.rest.StrolchRestfulConstants;
|
||||
import ch.eitchnet.privilege.base.AccessDeniedException;
|
||||
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||
import ch.eitchnet.privilege.model.Certificate;
|
||||
import ch.eitchnet.utils.xml.XmlKeyValue;
|
||||
|
|
@ -43,12 +42,7 @@ public class PrivilegePoliciesService {
|
|||
|
||||
// private static final Logger logger = LoggerFactory.getLogger(PrivilegePoliciesService.class);
|
||||
|
||||
private PrivilegeHandler getPrivilegeHandler(Certificate cert, boolean requiresStrolchPrivilegeAdminRole) {
|
||||
if (requiresStrolchPrivilegeAdminRole && !cert.hasRole(StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN)) {
|
||||
throw new AccessDeniedException("You may not perform the request as you are missing role "
|
||||
+ StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN);
|
||||
}
|
||||
|
||||
private PrivilegeHandler getPrivilegeHandler(Certificate cert) {
|
||||
ComponentContainer container = RestfulStrolchComponent.getInstance().getContainer();
|
||||
return container.getPrivilegeHandler().getPrivilegeHandler(cert);
|
||||
}
|
||||
|
|
@ -57,7 +51,7 @@ public class PrivilegePoliciesService {
|
|||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response getRoles(@Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
||||
|
||||
Map<String, String> policyDefs = privilegeHandler.getPolicyDefs(cert);
|
||||
List<XmlKeyValue> values = XmlKeyValue.valueOf(policyDefs);
|
||||
|
|
|
|||
|
|
@ -55,12 +55,7 @@ public class PrivilegeRolesService {
|
|||
|
||||
private static final Logger logger = LoggerFactory.getLogger(PrivilegeRolesService.class);
|
||||
|
||||
private PrivilegeHandler getPrivilegeHandler(Certificate cert, boolean requiresStrolchPrivilegeAdminRole) {
|
||||
if (requiresStrolchPrivilegeAdminRole && !cert.hasRole(StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN)) {
|
||||
throw new AccessDeniedException("You may not perform the request as you are missing role "
|
||||
+ StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN);
|
||||
}
|
||||
|
||||
private PrivilegeHandler getPrivilegeHandler(Certificate cert) {
|
||||
ComponentContainer container = RestfulStrolchComponent.getInstance().getContainer();
|
||||
return container.getPrivilegeHandler().getPrivilegeHandler(cert);
|
||||
}
|
||||
|
|
@ -69,7 +64,7 @@ public class PrivilegeRolesService {
|
|||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response getRoles(@Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
||||
|
||||
List<RoleRep> roles = privilegeHandler.getRoles(cert);
|
||||
GenericEntity<List<RoleRep>> entity = new GenericEntity<List<RoleRep>>(roles) {
|
||||
|
|
@ -82,7 +77,7 @@ public class PrivilegeRolesService {
|
|||
@Path("{rolename}")
|
||||
public Response getRole(@PathParam("rolename") String rolename, @Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
||||
|
||||
RoleRep role = privilegeHandler.getRole(cert, rolename);
|
||||
return Response.ok(role, MediaType.APPLICATION_JSON).build();
|
||||
|
|
@ -95,7 +90,7 @@ public class PrivilegeRolesService {
|
|||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
try {
|
||||
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
||||
RoleRep role = privilegeHandler.addRole(cert, newRole);
|
||||
return Response.ok(role, MediaType.APPLICATION_JSON).build();
|
||||
|
||||
|
|
@ -123,7 +118,7 @@ public class PrivilegeRolesService {
|
|||
return Response.serverError().entity(new Result("Path rolename and data do not have same role name!"))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
||||
RoleRep role = privilegeHandler.replaceRole(cert, updatedRole);
|
||||
return Response.ok(role, MediaType.APPLICATION_JSON).build();
|
||||
|
||||
|
|
@ -146,7 +141,7 @@ public class PrivilegeRolesService {
|
|||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
try {
|
||||
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
||||
RoleRep role = privilegeHandler.removeRole(cert, rolename);
|
||||
return Response.ok(role, MediaType.APPLICATION_JSON).build();
|
||||
|
||||
|
|
@ -170,7 +165,7 @@ public class PrivilegeRolesService {
|
|||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
try {
|
||||
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
||||
RoleRep updatedRole = privilegeHandler.addOrReplacePrivilegeOnRole(cert, rolename, privilegeRep);
|
||||
return Response.ok(updatedRole, MediaType.APPLICATION_JSON).build();
|
||||
|
||||
|
|
@ -194,7 +189,7 @@ public class PrivilegeRolesService {
|
|||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
try {
|
||||
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
||||
RoleRep updatedRole = privilegeHandler.removePrivilegeFromRole(cert, rolename, privilege);
|
||||
return Response.ok(updatedRole, MediaType.APPLICATION_JSON).build();
|
||||
|
||||
|
|
|
|||
|
|
@ -15,8 +15,6 @@
|
|||
*/
|
||||
package li.strolch.rest.endpoint;
|
||||
|
||||
import static li.strolch.rest.StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN;
|
||||
|
||||
import java.text.MessageFormat;
|
||||
import java.util.List;
|
||||
import java.util.Locale;
|
||||
|
|
@ -60,12 +58,7 @@ public class PrivilegeUsersService {
|
|||
|
||||
private static final Logger logger = LoggerFactory.getLogger(PrivilegeUsersService.class);
|
||||
|
||||
private PrivilegeHandler getPrivilegeHandler(Certificate cert, boolean requiresStrolchPrivilegeAdminRole) {
|
||||
if (requiresStrolchPrivilegeAdminRole && !cert.hasRole(ROLE_STROLCH_PRIVILEGE_ADMIN)) {
|
||||
String msg = "You may not perform the request as you are missing role {0}";
|
||||
throw new AccessDeniedException(MessageFormat.format(msg, ROLE_STROLCH_PRIVILEGE_ADMIN));
|
||||
}
|
||||
|
||||
private PrivilegeHandler getPrivilegeHandler(Certificate cert) {
|
||||
ComponentContainer container = RestfulStrolchComponent.getInstance().getContainer();
|
||||
return container.getPrivilegeHandler().getPrivilegeHandler(cert);
|
||||
}
|
||||
|
|
@ -74,7 +67,7 @@ public class PrivilegeUsersService {
|
|||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response getUsers(@Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
||||
|
||||
List<UserRep> users = privilegeHandler.getUsers(cert);
|
||||
GenericEntity<List<UserRep>> entity = new GenericEntity<List<UserRep>>(users) {
|
||||
|
|
@ -87,7 +80,7 @@ public class PrivilegeUsersService {
|
|||
@Path("{username}")
|
||||
public Response getUser(@PathParam("username") String username, @Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
||||
|
||||
UserRep user = privilegeHandler.getUser(cert, username);
|
||||
return Response.ok(user, MediaType.APPLICATION_JSON).build();
|
||||
|
|
@ -99,7 +92,7 @@ public class PrivilegeUsersService {
|
|||
@Path("query")
|
||||
public Response queryUsers(UserRep query, @Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
||||
|
||||
List<UserRep> users = privilegeHandler.queryUsers(cert, query);
|
||||
GenericEntity<List<UserRep>> entity = new GenericEntity<List<UserRep>>(users) {
|
||||
|
|
@ -114,7 +107,7 @@ public class PrivilegeUsersService {
|
|||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
try {
|
||||
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
||||
UserRep user = privilegeHandler.addUser(cert, newUser, null);
|
||||
return Response.ok(user, MediaType.APPLICATION_JSON).build();
|
||||
|
||||
|
|
@ -137,7 +130,7 @@ public class PrivilegeUsersService {
|
|||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
try {
|
||||
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
||||
UserRep user = privilegeHandler.removeUser(cert, username);
|
||||
return Response.ok(user, MediaType.APPLICATION_JSON).build();
|
||||
|
||||
|
|
@ -165,7 +158,7 @@ public class PrivilegeUsersService {
|
|||
return Response.serverError().entity(new Result("Path username and data do not have same username!"))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
||||
UserRep updatedUser = privilegeHandler.updateUser(cert, updatedFields);
|
||||
return Response.ok(updatedUser, MediaType.APPLICATION_JSON).build();
|
||||
|
||||
|
|
@ -189,7 +182,7 @@ public class PrivilegeUsersService {
|
|||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
try {
|
||||
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
||||
UserRep updatedUser = privilegeHandler.addRoleToUser(cert, username, rolename);
|
||||
return Response.ok(updatedUser, MediaType.APPLICATION_JSON).build();
|
||||
|
||||
|
|
@ -213,7 +206,7 @@ public class PrivilegeUsersService {
|
|||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
try {
|
||||
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
||||
UserRep updatedUser = privilegeHandler.removeRoleFromUser(cert, username, rolename);
|
||||
return Response.ok(updatedUser, MediaType.APPLICATION_JSON).build();
|
||||
|
||||
|
|
@ -244,7 +237,7 @@ public class PrivilegeUsersService {
|
|||
return Response.serverError().entity(new Result(msg)).type(MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
||||
UserRep updatedUser = privilegeHandler.setUserState(cert, username, userState);
|
||||
return Response.ok(updatedUser, MediaType.APPLICATION_JSON).build();
|
||||
|
||||
|
|
@ -268,7 +261,7 @@ public class PrivilegeUsersService {
|
|||
try {
|
||||
|
||||
// if user changing own password, then no need for StrolchPrivilegeAdmin
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, !cert.getUsername().equals(username));
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
||||
|
||||
privilegeHandler.setUserPassword(cert, username, passwordField.getPassword().getBytes());
|
||||
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||
|
|
@ -301,7 +294,7 @@ public class PrivilegeUsersService {
|
|||
}
|
||||
|
||||
// if user changing own locale, then no need for StrolchPrivilegeAdmin
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, !cert.getUsername().equals(username));
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
||||
|
||||
UserRep updatedUser = privilegeHandler.setUserLocale(cert, username, locale);
|
||||
return Response.ok(updatedUser, MediaType.APPLICATION_JSON).build();
|
||||
|
|
|
|||
Loading…
Reference in New Issue