[New] Requiring TX for privilege services
This commit is contained in:
parent
7d189ad7ae
commit
282bbba3aa
|
@ -1,12 +1,12 @@
|
|||
/*
|
||||
* Copyright 2015 Robert von Burg <eitch@eitchnet.ch>
|
||||
*
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
|
@ -15,6 +15,9 @@
|
|||
*/
|
||||
package li.strolch.rest.endpoint;
|
||||
|
||||
import static li.strolch.privilege.handler.PrivilegeHandler.PRIVILEGE_ACTION;
|
||||
import static li.strolch.privilege.handler.PrivilegeHandler.PRIVILEGE_ACTION_GET_POLICIES;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.GET;
|
||||
import javax.ws.rs.Path;
|
||||
|
@ -26,8 +29,10 @@ import java.util.Map;
|
|||
|
||||
import com.google.gson.JsonObject;
|
||||
import li.strolch.agent.api.ComponentContainer;
|
||||
import li.strolch.persistence.api.StrolchTransaction;
|
||||
import li.strolch.privilege.handler.PrivilegeHandler;
|
||||
import li.strolch.privilege.model.Certificate;
|
||||
import li.strolch.privilege.model.SimpleRestrictable;
|
||||
import li.strolch.rest.RestfulStrolchComponent;
|
||||
import li.strolch.rest.StrolchRestfulConstants;
|
||||
|
||||
|
@ -44,18 +49,27 @@ public class PrivilegePoliciesService {
|
|||
return container.getPrivilegeHandler().getPrivilegeHandler();
|
||||
}
|
||||
|
||||
private static String getContext() {
|
||||
StackTraceElement element = new Throwable().getStackTrace()[2];
|
||||
return element.getClassName() + "." + element.getMethodName();
|
||||
}
|
||||
|
||||
@GET
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response getRoles(@Context HttpServletRequest request) {
|
||||
public Response getPrivilegePolicies(@Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler();
|
||||
|
||||
Map<String, String> policyDefs = privilegeHandler.getPolicyDefs(cert);
|
||||
try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, getContext())) {
|
||||
tx.validateAction(new SimpleRestrictable(PRIVILEGE_ACTION, PRIVILEGE_ACTION_GET_POLICIES));
|
||||
|
||||
JsonObject policiesJ = new JsonObject();
|
||||
for (String key : policyDefs.keySet()) {
|
||||
policiesJ.addProperty(key, policyDefs.get(key));
|
||||
Map<String, String> policyDefs = privilegeHandler.getPolicyDefs(cert);
|
||||
|
||||
JsonObject policiesJ = new JsonObject();
|
||||
for (String key : policyDefs.keySet()) {
|
||||
policiesJ.addProperty(key, policyDefs.get(key));
|
||||
}
|
||||
return Response.ok(policiesJ.toString(), MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
return Response.ok(policiesJ.toString(), MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
package li.strolch.rest.endpoint;
|
||||
|
||||
import static java.util.Comparator.comparing;
|
||||
import static li.strolch.privilege.handler.PrivilegeHandler.PRIVILEGE_GET_ROLE;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.*;
|
||||
|
@ -27,6 +28,7 @@ import com.google.gson.JsonArray;
|
|||
import li.strolch.agent.api.ComponentContainer;
|
||||
import li.strolch.model.json.PrivilegeElementFromJsonVisitor;
|
||||
import li.strolch.model.json.PrivilegeElementToJsonVisitor;
|
||||
import li.strolch.persistence.api.StrolchTransaction;
|
||||
import li.strolch.privilege.handler.PrivilegeHandler;
|
||||
import li.strolch.privilege.model.Certificate;
|
||||
import li.strolch.privilege.model.PrivilegeRep;
|
||||
|
@ -48,20 +50,29 @@ public class PrivilegeRolesService {
|
|||
return container.getPrivilegeHandler().getPrivilegeHandler();
|
||||
}
|
||||
|
||||
private static String getContext() {
|
||||
StackTraceElement element = new Throwable().getStackTrace()[2];
|
||||
return element.getClassName() + "." + element.getMethodName();
|
||||
}
|
||||
|
||||
@GET
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response getRoles(@Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler();
|
||||
|
||||
PrivilegeElementToJsonVisitor visitor = new PrivilegeElementToJsonVisitor();
|
||||
JsonArray rolesJ = privilegeHandler.getRoles(cert).stream() //
|
||||
.sorted(comparing(roleRep -> roleRep.getName().toLowerCase())) //
|
||||
.collect(JsonArray::new, //
|
||||
(array, role) -> array.add(role.accept(visitor)), //
|
||||
JsonArray::addAll);
|
||||
try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, getContext())) {
|
||||
tx.getPrivilegeContext().assertHasPrivilege(PRIVILEGE_GET_ROLE);
|
||||
|
||||
return Response.ok(rolesJ.toString(), MediaType.APPLICATION_JSON).build();
|
||||
PrivilegeElementToJsonVisitor visitor = new PrivilegeElementToJsonVisitor();
|
||||
JsonArray rolesJ = privilegeHandler.getRoles(cert).stream() //
|
||||
.sorted(comparing(roleRep -> roleRep.getName().toLowerCase())) //
|
||||
.collect(JsonArray::new, //
|
||||
(array, role) -> array.add(role.accept(visitor)), //
|
||||
JsonArray::addAll);
|
||||
|
||||
return Response.ok(rolesJ.toString(), MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
}
|
||||
|
||||
@GET
|
||||
|
@ -71,9 +82,12 @@ public class PrivilegeRolesService {
|
|||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler();
|
||||
|
||||
RoleRep role = privilegeHandler.getRole(cert, rolename);
|
||||
return Response.ok(role.accept(new PrivilegeElementToJsonVisitor()).toString(), MediaType.APPLICATION_JSON)
|
||||
.build();
|
||||
try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, getContext())) {
|
||||
tx.getPrivilegeContext().assertHasPrivilege(PRIVILEGE_GET_ROLE);
|
||||
|
||||
RoleRep role = privilegeHandler.getRole(cert, rolename);
|
||||
return Response.ok(role.accept(new PrivilegeElementToJsonVisitor()).toString(), MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
}
|
||||
|
||||
@POST
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
package li.strolch.rest.endpoint;
|
||||
|
||||
import static java.util.Comparator.comparing;
|
||||
import static li.strolch.privilege.handler.PrivilegeHandler.PRIVILEGE_GET_USER;
|
||||
import static li.strolch.rest.helper.RestfulHelper.toJson;
|
||||
import static li.strolch.search.SearchBuilder.buildSimpleValueSearch;
|
||||
|
||||
|
@ -34,6 +35,7 @@ import com.google.gson.*;
|
|||
import li.strolch.agent.api.ComponentContainer;
|
||||
import li.strolch.model.json.PrivilegeElementFromJsonVisitor;
|
||||
import li.strolch.model.json.PrivilegeElementToJsonVisitor;
|
||||
import li.strolch.persistence.api.StrolchTransaction;
|
||||
import li.strolch.privilege.handler.PrivilegeHandler;
|
||||
import li.strolch.privilege.model.Certificate;
|
||||
import li.strolch.privilege.model.UserRep;
|
||||
|
@ -65,27 +67,36 @@ public class PrivilegeUsersService {
|
|||
return container.getPrivilegeHandler().getPrivilegeHandler();
|
||||
}
|
||||
|
||||
private static String getContext() {
|
||||
StackTraceElement element = new Throwable().getStackTrace()[2];
|
||||
return element.getClassName() + "." + element.getMethodName();
|
||||
}
|
||||
|
||||
@GET
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response queryUsers(@Context HttpServletRequest request, @BeanParam QueryData queryData) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler();
|
||||
|
||||
String query = queryData.getQuery();
|
||||
List<UserRep> users = privilegeHandler.getUsers(cert);
|
||||
SearchResult<UserRep> result = buildSimpleValueSearch(new ValueSearch<UserRep>(), query, Arrays.asList( //
|
||||
UserRep::getUsername, //
|
||||
UserRep::getFirstname, //
|
||||
UserRep::getLastname, //
|
||||
userRep -> userRep.getUserState().name(), //
|
||||
UserRep::getRoles)) //
|
||||
.search(users) //
|
||||
.orderBy(comparing(r -> r.getUsername().toLowerCase()));
|
||||
try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, getContext())) {
|
||||
tx.getPrivilegeContext().assertHasPrivilege(PRIVILEGE_GET_USER);
|
||||
|
||||
PrivilegeElementToJsonVisitor visitor = new PrivilegeElementToJsonVisitor();
|
||||
JsonObject root = toJson(queryData, users.size(), result, t -> t.accept(visitor));
|
||||
Gson gson = new GsonBuilder().setPrettyPrinting().create();
|
||||
return Response.ok(gson.toJson(root), MediaType.APPLICATION_JSON).build();
|
||||
String query = queryData.getQuery();
|
||||
List<UserRep> users = privilegeHandler.getUsers(cert);
|
||||
SearchResult<UserRep> result = buildSimpleValueSearch(new ValueSearch<UserRep>(), query, Arrays.asList( //
|
||||
UserRep::getUsername, //
|
||||
UserRep::getFirstname, //
|
||||
UserRep::getLastname, //
|
||||
userRep -> userRep.getUserState().name(), //
|
||||
UserRep::getRoles)) //
|
||||
.search(users) //
|
||||
.orderBy(comparing(r -> r.getUsername().toLowerCase()));
|
||||
|
||||
PrivilegeElementToJsonVisitor visitor = new PrivilegeElementToJsonVisitor();
|
||||
JsonObject root = toJson(queryData, users.size(), result, t -> t.accept(visitor));
|
||||
Gson gson = new GsonBuilder().setPrettyPrinting().create();
|
||||
return Response.ok(gson.toJson(root), MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
}
|
||||
|
||||
@POST
|
||||
|
@ -96,16 +107,20 @@ public class PrivilegeUsersService {
|
|||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler();
|
||||
|
||||
PrivilegeElementToJsonVisitor visitor = new PrivilegeElementToJsonVisitor();
|
||||
try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, getContext())) {
|
||||
tx.getPrivilegeContext().assertHasPrivilege(PRIVILEGE_GET_USER);
|
||||
|
||||
UserRep queryRep = new PrivilegeElementFromJsonVisitor().userRepFromJson(query);
|
||||
JsonArray usersArr = privilegeHandler.queryUsers(cert, queryRep).stream() //
|
||||
.sorted(comparing(r -> r.getUsername().toLowerCase())) //
|
||||
.collect(JsonArray::new, //
|
||||
(array, user) -> array.add(user.accept(visitor)), //
|
||||
JsonArray::addAll);
|
||||
PrivilegeElementToJsonVisitor visitor = new PrivilegeElementToJsonVisitor();
|
||||
|
||||
return Response.ok(usersArr.toString(), MediaType.APPLICATION_JSON).build();
|
||||
UserRep queryRep = new PrivilegeElementFromJsonVisitor().userRepFromJson(query);
|
||||
JsonArray usersArr = privilegeHandler.queryUsers(cert, queryRep).stream() //
|
||||
.sorted(comparing(r -> r.getUsername().toLowerCase())) //
|
||||
.collect(JsonArray::new, //
|
||||
(array, user) -> array.add(user.accept(visitor)), //
|
||||
JsonArray::addAll);
|
||||
|
||||
return Response.ok(usersArr.toString(), MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
}
|
||||
|
||||
@GET
|
||||
|
@ -115,9 +130,12 @@ public class PrivilegeUsersService {
|
|||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler();
|
||||
|
||||
UserRep user = privilegeHandler.getUser(cert, username);
|
||||
return Response.ok(user.accept(new PrivilegeElementToJsonVisitor()).toString(), MediaType.APPLICATION_JSON)
|
||||
.build();
|
||||
try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, getContext())) {
|
||||
tx.getPrivilegeContext().assertHasPrivilege(PRIVILEGE_GET_USER);
|
||||
|
||||
UserRep user = privilegeHandler.getUser(cert, username);
|
||||
return Response.ok(user.accept(new PrivilegeElementToJsonVisitor()).toString(), MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
}
|
||||
|
||||
@POST
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
package li.strolch.rest.endpoint;
|
||||
|
||||
import static li.strolch.rest.helper.RestfulHelper.toJson;
|
||||
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_GET_SESSION;
|
||||
import static li.strolch.search.SearchBuilder.buildSimpleValueSearch;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
@ -31,6 +32,7 @@ import java.util.Locale;
|
|||
import com.google.gson.Gson;
|
||||
import com.google.gson.GsonBuilder;
|
||||
import com.google.gson.JsonObject;
|
||||
import li.strolch.persistence.api.StrolchTransaction;
|
||||
import li.strolch.privilege.model.Certificate;
|
||||
import li.strolch.rest.RestfulStrolchComponent;
|
||||
import li.strolch.rest.StrolchRestfulConstants;
|
||||
|
@ -48,6 +50,11 @@ public class UserSessionsService {
|
|||
|
||||
private static final Logger logger = LoggerFactory.getLogger(UserSessionsService.class);
|
||||
|
||||
private static String getContext() {
|
||||
StackTraceElement element = new Throwable().getStackTrace()[2];
|
||||
return element.getClassName() + "." + element.getMethodName();
|
||||
}
|
||||
|
||||
@GET
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response querySessions(@Context HttpServletRequest request, @BeanParam QueryData queryData) {
|
||||
|
@ -56,19 +63,23 @@ public class UserSessionsService {
|
|||
logger.info("[" + cert.getUsername() + "] Querying user sessions...");
|
||||
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
|
||||
|
||||
String query = queryData.getQuery();
|
||||
List<UserSession> sessions = sessionHandler.getSessions(cert, source);
|
||||
try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, getContext())) {
|
||||
tx.getPrivilegeContext().assertHasPrivilege(PRIVILEGE_GET_SESSION);
|
||||
|
||||
SearchResult<UserSession> result = buildSimpleValueSearch(new ValueSearch<UserSession>(), query,
|
||||
Arrays.asList( //
|
||||
UserSession::getUsername, //
|
||||
UserSession::getFirstname, //
|
||||
UserSession::getLastname, //
|
||||
UserSession::getUserRoles)).search(sessions);
|
||||
String query = queryData.getQuery();
|
||||
List<UserSession> sessions = sessionHandler.getSessions(cert, source);
|
||||
|
||||
JsonObject root = toJson(queryData, sessions.size(), result, UserSession::toJson);
|
||||
Gson gson = new GsonBuilder().setPrettyPrinting().create();
|
||||
return Response.ok(gson.toJson(root), MediaType.APPLICATION_JSON).build();
|
||||
SearchResult<UserSession> result = buildSimpleValueSearch(new ValueSearch<UserSession>(), query,
|
||||
Arrays.asList( //
|
||||
UserSession::getUsername, //
|
||||
UserSession::getFirstname, //
|
||||
UserSession::getLastname, //
|
||||
UserSession::getUserRoles)).search(sessions);
|
||||
|
||||
JsonObject root = toJson(queryData, sessions.size(), result, UserSession::toJson);
|
||||
Gson gson = new GsonBuilder().setPrettyPrinting().create();
|
||||
return Response.ok(gson.toJson(root), MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
}
|
||||
|
||||
@GET
|
||||
|
@ -79,8 +90,13 @@ public class UserSessionsService {
|
|||
String source = (String) request.getAttribute(StrolchRestfulConstants.STROLCH_REQUEST_SOURCE);
|
||||
logger.info("[" + cert.getUsername() + "] Returning session " + sessionId);
|
||||
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
|
||||
UserSession session = sessionHandler.getSession(cert, source, sessionId);
|
||||
return Response.ok(session.toJson().toString(), MediaType.APPLICATION_JSON).build();
|
||||
|
||||
try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, getContext())) {
|
||||
tx.getPrivilegeContext().assertHasPrivilege(PRIVILEGE_GET_SESSION);
|
||||
|
||||
UserSession session = sessionHandler.getSession(cert, source, sessionId);
|
||||
return Response.ok(session.toJson().toString(), MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
}
|
||||
|
||||
@DELETE
|
||||
|
@ -90,8 +106,13 @@ public class UserSessionsService {
|
|||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
logger.info("[" + cert.getUsername() + "] Invalidating session " + sessionId);
|
||||
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
|
||||
sessionHandler.invalidate(cert, sessionId);
|
||||
return ResponseUtil.toResponse();
|
||||
|
||||
try (StrolchTransaction tx = RestfulStrolchComponent.getInstance().openTx(cert, getContext())) {
|
||||
tx.getPrivilegeContext().assertHasPrivilege(PRIVILEGE_GET_SESSION);
|
||||
|
||||
sessionHandler.invalidate(cert, sessionId);
|
||||
return ResponseUtil.toResponse();
|
||||
}
|
||||
}
|
||||
|
||||
@PUT
|
||||
|
|
|
@ -46,11 +46,13 @@ public class PrivilegeAddOrReplacePrivilegeOnRoleService
|
|||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||
|
||||
RoleRep role = privilegeHandler.addOrReplacePrivilegeOnRole(getCertificate(), arg.roleName, arg.privilegeRep);
|
||||
privilegeHandler.persist(getCertificate());
|
||||
|
||||
RoleRep role;
|
||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_MODIFY_ROLE)) {
|
||||
tx.setSuppressAudits(true);
|
||||
|
||||
role = privilegeHandler.addOrReplacePrivilegeOnRole(getCertificate(), arg.roleName, arg.privilegeRep);
|
||||
privilegeHandler.persist(getCertificate());
|
||||
|
||||
Audit audit = tx
|
||||
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.ROLE,
|
||||
role.getName());
|
||||
|
|
|
@ -44,11 +44,13 @@ public class PrivilegeAddRoleService extends AbstractService<PrivilegeRoleArgume
|
|||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||
|
||||
RoleRep role = privilegeHandler.addRole(getCertificate(), arg.role);
|
||||
privilegeHandler.persist(getCertificate());
|
||||
|
||||
RoleRep role;
|
||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_ADD_ROLE)) {
|
||||
tx.setSuppressAudits(true);
|
||||
|
||||
role = privilegeHandler.addRole(getCertificate(), arg.role);
|
||||
privilegeHandler.persist(getCertificate());
|
||||
|
||||
Audit audit = tx
|
||||
.auditFrom(AccessType.CREATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.ROLE,
|
||||
role.getName());
|
||||
|
|
|
@ -46,11 +46,13 @@ public class PrivilegeRemovePrivilegeFromRoleService
|
|||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||
|
||||
RoleRep role = privilegeHandler.removePrivilegeFromRole(getCertificate(), arg.roleName, arg.privilegeName);
|
||||
privilegeHandler.persist(getCertificate());
|
||||
|
||||
RoleRep role;
|
||||
try (StrolchTransaction tx = openArgOrUserTx(arg, StrolchPrivilegeConstants.PRIVILEGE_MODIFY_ROLE)) {
|
||||
tx.setSuppressAudits(true);
|
||||
|
||||
role = privilegeHandler.removePrivilegeFromRole(getCertificate(), arg.roleName, arg.privilegeName);
|
||||
privilegeHandler.persist(getCertificate());
|
||||
|
||||
Audit audit = tx
|
||||
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.ROLE,
|
||||
role.getName());
|
||||
|
|
|
@ -45,11 +45,13 @@ public class PrivilegeRemoveRoleService extends AbstractService<PrivilegeRoleNam
|
|||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||
|
||||
RoleRep role = privilegeHandler.removeRole(getCertificate(), arg.roleName);
|
||||
privilegeHandler.persist(getCertificate());
|
||||
|
||||
RoleRep role;
|
||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_REMOVE_ROLE)) {
|
||||
tx.setSuppressAudits(true);
|
||||
|
||||
role = privilegeHandler.removeRole(getCertificate(), arg.roleName);
|
||||
privilegeHandler.persist(getCertificate());
|
||||
|
||||
Audit audit = tx
|
||||
.auditFrom(AccessType.DELETE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.ROLE,
|
||||
role.getName());
|
||||
|
|
|
@ -45,11 +45,13 @@ public class PrivilegeUpdateRoleService extends AbstractService<PrivilegeRoleArg
|
|||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||
|
||||
RoleRep role = privilegeHandler.replaceRole(getCertificate(), arg.role);
|
||||
privilegeHandler.persist(getCertificate());
|
||||
|
||||
RoleRep role;
|
||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_MODIFY_ROLE)) {
|
||||
tx.setSuppressAudits(true);
|
||||
|
||||
role = privilegeHandler.replaceRole(getCertificate(), arg.role);
|
||||
privilegeHandler.persist(getCertificate());
|
||||
|
||||
Audit audit = tx
|
||||
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.ROLE,
|
||||
role.getName());
|
||||
|
|
|
@ -46,11 +46,13 @@ public class PrivilegeAddRoleToUserService
|
|||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||
|
||||
UserRep user = privilegeHandler.addRoleToUser(getCertificate(), arg.username, arg.rolename);
|
||||
privilegeHandler.persist(getCertificate());
|
||||
|
||||
UserRep user;
|
||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_ADD_ROLE_TO_USER)) {
|
||||
tx.setSuppressAudits(true);
|
||||
|
||||
user = privilegeHandler.addRoleToUser(getCertificate(), arg.username, arg.rolename);
|
||||
privilegeHandler.persist(getCertificate());
|
||||
|
||||
Audit audit = tx
|
||||
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.USER,
|
||||
user.getUsername());
|
||||
|
|
|
@ -45,11 +45,13 @@ public class PrivilegeRemoveRoleFromUserService
|
|||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||
|
||||
UserRep user = privilegeHandler.removeRoleFromUser(getCertificate(), arg.username, arg.rolename);
|
||||
privilegeHandler.persist(getCertificate());
|
||||
|
||||
UserRep user;
|
||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_REMOVE_ROLE_FROM_USER)) {
|
||||
tx.setSuppressAudits(true);
|
||||
|
||||
user = privilegeHandler.removeRoleFromUser(getCertificate(), arg.username, arg.rolename);
|
||||
privilegeHandler.persist(getCertificate());
|
||||
|
||||
Audit audit = tx
|
||||
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.USER,
|
||||
user.getUsername());
|
||||
|
|
|
@ -45,11 +45,13 @@ public class PrivilegeRemoveUserService extends AbstractService<PrivilegeUserNam
|
|||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||
|
||||
UserRep user = privilegeHandler.removeUser(getCertificate(), arg.username);
|
||||
privilegeHandler.persist(getCertificate());
|
||||
|
||||
UserRep user;
|
||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_REMOVE_USER)) {
|
||||
tx.setSuppressAudits(true);
|
||||
|
||||
user = privilegeHandler.removeUser(getCertificate(), arg.username);
|
||||
privilegeHandler.persist(getCertificate());
|
||||
|
||||
Audit audit = tx
|
||||
.auditFrom(AccessType.DELETE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.USER,
|
||||
user.getUsername());
|
||||
|
|
|
@ -46,11 +46,13 @@ public class PrivilegeSetUserLocaleService
|
|||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||
|
||||
UserRep user = privilegeHandler.setUserLocale(getCertificate(), arg.username, arg.locale);
|
||||
privilegeHandler.persist(getCertificate());
|
||||
|
||||
UserRep user;
|
||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_SET_USER_LOCALE)) {
|
||||
tx.setSuppressAudits(true);
|
||||
|
||||
user = privilegeHandler.setUserLocale(getCertificate(), arg.username, arg.locale);
|
||||
privilegeHandler.persist(getCertificate());
|
||||
|
||||
Audit audit = tx
|
||||
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.USER,
|
||||
user.getUsername());
|
||||
|
@ -59,14 +61,4 @@ public class PrivilegeSetUserLocaleService
|
|||
|
||||
return new PrivilegeUserResult(user);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeName() {
|
||||
return StrolchPrivilegeConstants.PRIVILEGE_SET_USER_LOCALE;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeValue() {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -42,19 +42,20 @@ public class PrivilegeSetUserPasswordService extends AbstractService<PrivilegeSe
|
|||
@Override
|
||||
protected ServiceResult internalDoService(PrivilegeSetUserPasswordArgument arg) throws Exception {
|
||||
|
||||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||
privilegeHandler.setUserPassword(getCertificate(), arg.username, arg.password);
|
||||
|
||||
// only persist if not setting own password
|
||||
if (!getCertificate().getUsername().equals(arg.username) && getPrivilegeContext().getPrivilegeNames()
|
||||
.contains(PrivilegeHandler.PRIVILEGE_ACTION_PERSIST)) {
|
||||
|
||||
privilegeHandler.persist(getCertificate());
|
||||
}
|
||||
|
||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_SET_USER_PASSWORD)) {
|
||||
tx.setSuppressAudits(true);
|
||||
|
||||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer()
|
||||
.getPrivilegeHandler();
|
||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||
privilegeHandler.setUserPassword(getCertificate(), arg.username, arg.password);
|
||||
|
||||
// only persist if not setting own password
|
||||
if (!getCertificate().getUsername().equals(arg.username) && getPrivilegeContext().getPrivilegeNames()
|
||||
.contains(PrivilegeHandler.PRIVILEGE_ACTION_PERSIST)) {
|
||||
privilegeHandler.persist(getCertificate());
|
||||
}
|
||||
|
||||
Audit audit = tx
|
||||
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.USER,
|
||||
arg.username);
|
||||
|
|
|
@ -45,11 +45,13 @@ public class PrivilegeSetUserStateService extends AbstractService<PrivilegeSetUs
|
|||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||
|
||||
UserRep user = privilegeHandler.setUserState(getCertificate(), arg.username, arg.userState);
|
||||
privilegeHandler.persist(getCertificate());
|
||||
|
||||
UserRep user;
|
||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_SET_USER_STATE)) {
|
||||
tx.setSuppressAudits(true);
|
||||
|
||||
user = privilegeHandler.setUserState(getCertificate(), arg.username, arg.userState);
|
||||
privilegeHandler.persist(getCertificate());
|
||||
|
||||
Audit audit = tx
|
||||
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.USER,
|
||||
user.getUsername());
|
||||
|
@ -58,14 +60,4 @@ public class PrivilegeSetUserStateService extends AbstractService<PrivilegeSetUs
|
|||
|
||||
return new PrivilegeUserResult(user);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeName() {
|
||||
return StrolchPrivilegeConstants.PRIVILEGE_SET_USER_STATE;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeValue() {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -55,28 +55,31 @@ public class PrivilegeUpdateUserRolesService extends AbstractService<JsonService
|
|||
rolesE.forEach(e -> roles.add(e.getAsString()));
|
||||
|
||||
String username = arg.objectId;
|
||||
UserRep user = privilegeHandler.getUser(getCertificate(), username);
|
||||
|
||||
// first add new roles
|
||||
boolean changed = false;
|
||||
for (String role : roles) {
|
||||
if (!user.hasRole(role)) {
|
||||
user = privilegeHandler.addRoleToUser(getCertificate(), username, role);
|
||||
changed = true;
|
||||
UserRep user;
|
||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_ADD_ROLE_TO_USER)) {
|
||||
tx.setSuppressAudits(true);
|
||||
|
||||
user = privilegeHandler.getUser(getCertificate(), username);
|
||||
|
||||
// first add new roles
|
||||
boolean changed = false;
|
||||
for (String role : roles) {
|
||||
if (!user.hasRole(role)) {
|
||||
user = privilegeHandler.addRoleToUser(getCertificate(), username, role);
|
||||
changed = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// handle removed roles
|
||||
for (String role : user.getRoles()) {
|
||||
if (!roles.contains(role)) {
|
||||
user = privilegeHandler.removeRoleFromUser(getCertificate(), username, role);
|
||||
changed = true;
|
||||
// handle removed roles
|
||||
for (String role : user.getRoles()) {
|
||||
if (!roles.contains(role)) {
|
||||
user = privilegeHandler.removeRoleFromUser(getCertificate(), username, role);
|
||||
changed = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (changed) {
|
||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_ADD_ROLE_TO_USER)) {
|
||||
tx.setSuppressAudits(true);
|
||||
if (changed) {
|
||||
Audit audit = tx.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE,
|
||||
StrolchPrivilegeConstants.USER, user.getUsername());
|
||||
tx.getAuditTrail().add(tx, audit);
|
||||
|
|
|
@ -45,11 +45,13 @@ public class PrivilegeUpdateUserService extends AbstractService<PrivilegeUserArg
|
|||
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
|
||||
|
||||
UserRep user = privilegeHandler.updateUser(getCertificate(), arg.user);
|
||||
privilegeHandler.persist(getCertificate());
|
||||
|
||||
UserRep user;
|
||||
try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_MODIFY_USER)) {
|
||||
tx.setSuppressAudits(true);
|
||||
|
||||
user = privilegeHandler.updateUser(getCertificate(), arg.user);
|
||||
privilegeHandler.persist(getCertificate());
|
||||
|
||||
Audit audit = tx
|
||||
.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.USER,
|
||||
user.getUsername());
|
||||
|
|
Loading…
Reference in New Issue