[Major] Refactoring privilege services, added Organisation checking if required
This commit is contained in:
parent
c1f9ee01b5
commit
ad0a0f1e10
|
@ -89,10 +89,29 @@
|
|||
</Role>
|
||||
|
||||
<Role name="UserPrivileges">
|
||||
<Privilege name="li.strolch.service.api.Service" policy="DefaultPrivilege">
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeSetUserPasswordService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeSetUserLocaleService</Allow>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeSetUserPassword" policy="UserAccessPrivilege"/>
|
||||
<Privilege name="PrivilegeSetUserLocale" policy="UserAccessPrivilege"/>
|
||||
</Role>
|
||||
<Role name="PrivilegeAdmin">
|
||||
<Privilege name="li.strolch.service.api.Service" policy="DefaultPrivilege">
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeUpdateUserService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeUpdateUserRolesService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeSetUserPasswordService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeSetUserLocaleService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeRemoveUserService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeRemoveRoleFromUserService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeAddUserService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeAddRoleToUserService</Allow>
|
||||
<Allow>li.strolch.service.privilege.roles.PrivilegeUpdateRoleService</Allow>
|
||||
<Allow>li.strolch.service.privilege.roles.PrivilegeRemoveRoleService</Allow>
|
||||
<Allow>li.strolch.service.privilege.roles.PrivilegeRemovePrivilegeFromRoleService</Allow>
|
||||
<Allow>li.strolch.service.privilege.roles.PrivilegeAddRoleService</Allow>
|
||||
<Allow>li.strolch.service.privilege.roles.PrivilegeAddOrReplacePrivilegeOnRoleService</Allow>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeAddUser" policy="UserAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
|
|
|
@ -101,10 +101,29 @@
|
|||
</Role>
|
||||
|
||||
<Role name="UserPrivileges">
|
||||
<Privilege name="li.strolch.service.api.Service" policy="DefaultPrivilege">
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeSetUserPasswordService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeSetUserLocaleService</Allow>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeSetUserPassword" policy="UserAccessPrivilege"/>
|
||||
<Privilege name="PrivilegeSetUserLocale" policy="UserAccessPrivilege"/>
|
||||
</Role>
|
||||
<Role name="PrivilegeAdmin">
|
||||
<Privilege name="li.strolch.service.api.Service" policy="DefaultPrivilege">
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeUpdateUserService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeUpdateUserRolesService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeSetUserPasswordService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeSetUserLocaleService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeRemoveUserService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeRemoveRoleFromUserService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeAddUserService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeAddRoleToUserService</Allow>
|
||||
<Allow>li.strolch.service.privilege.roles.PrivilegeUpdateRoleService</Allow>
|
||||
<Allow>li.strolch.service.privilege.roles.PrivilegeRemoveRoleService</Allow>
|
||||
<Allow>li.strolch.service.privilege.roles.PrivilegeRemovePrivilegeFromRoleService</Allow>
|
||||
<Allow>li.strolch.service.privilege.roles.PrivilegeAddRoleService</Allow>
|
||||
<Allow>li.strolch.service.privilege.roles.PrivilegeAddOrReplacePrivilegeOnRoleService</Allow>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeAddUser" policy="UserAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
|
|
|
@ -15,10 +15,13 @@
|
|||
*/
|
||||
package li.strolch.privilege.policy;
|
||||
|
||||
import static java.util.stream.Collectors.toSet;
|
||||
import static li.strolch.privilege.policy.PrivilegePolicyHelper.preValidate;
|
||||
import static li.strolch.utils.helper.StringHelper.isEmpty;
|
||||
|
||||
import java.text.MessageFormat;
|
||||
import java.util.Set;
|
||||
import java.util.stream.Stream;
|
||||
|
||||
import li.strolch.privilege.base.AccessDeniedException;
|
||||
import li.strolch.privilege.base.PrivilegeException;
|
||||
|
@ -38,7 +41,7 @@ import li.strolch.utils.dbc.DBC;
|
|||
*/
|
||||
public class UserAccessWithSameOrganisationPrivilege extends UserAccessPrivilege {
|
||||
|
||||
private static final String PARAM_ORGANISATION = "organisation";
|
||||
public static final String PARAM_ORGANISATION = "organisation";
|
||||
|
||||
@Override
|
||||
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable)
|
||||
|
@ -69,9 +72,7 @@ public class UserAccessWithSameOrganisationPrivilege extends UserAccessPrivilege
|
|||
}
|
||||
|
||||
// get user organisation
|
||||
String userOrg = ctx.getCertificate().getProperty(PARAM_ORGANISATION);
|
||||
if (isEmpty(userOrg))
|
||||
throw new PrivilegeException("No organisation configured for user " + ctx.getUsername());
|
||||
Set<String> userOrgs = getUserOrganisations(ctx);
|
||||
|
||||
Tuple tuple = (Tuple) object;
|
||||
|
||||
|
@ -84,12 +85,12 @@ public class UserAccessWithSameOrganisationPrivilege extends UserAccessPrivilege
|
|||
// make sure old user has same organisation
|
||||
User oldUser = tuple.getFirst();
|
||||
if (oldUser != null) {
|
||||
String oldOrg = oldUser.getProperty(PARAM_ORGANISATION);
|
||||
if (!userOrg.equals(oldOrg)) {
|
||||
Set<String> oldOrgs = getUserOrganisations(oldUser);
|
||||
if (!isUserInOrganisation(userOrgs, oldOrgs)) {
|
||||
if (assertHasPrivilege)
|
||||
throw new AccessDeniedException(
|
||||
"User " + ctx.getUsername() + " may not access users outside of their organisation: "
|
||||
+ userOrg + " / " + oldOrg);
|
||||
+ userOrgs + " / " + oldOrgs);
|
||||
|
||||
return false;
|
||||
}
|
||||
|
@ -98,13 +99,13 @@ public class UserAccessWithSameOrganisationPrivilege extends UserAccessPrivilege
|
|||
// make sure new user has same organisation
|
||||
User newUser = tuple.getSecond();
|
||||
DBC.INTERIM.assertNotNull("For " + privilegeName + " second must not be null!", newUser);
|
||||
String newdOrg = newUser.getProperty(PARAM_ORGANISATION);
|
||||
Set<String> newOrgs = getUserOrganisations(newUser);
|
||||
|
||||
if (!userOrg.equals(newdOrg)) {
|
||||
if (!isUserInOrganisation(userOrgs, newOrgs)) {
|
||||
if (assertHasPrivilege)
|
||||
throw new AccessDeniedException(
|
||||
"User " + ctx.getUsername() + " may not access users outside of their organisations: "
|
||||
+ userOrg + " / " + newdOrg);
|
||||
+ userOrgs + " / " + newOrgs);
|
||||
|
||||
return false;
|
||||
}
|
||||
|
@ -116,13 +117,13 @@ public class UserAccessWithSameOrganisationPrivilege extends UserAccessPrivilege
|
|||
|
||||
User user = tuple.getFirst();
|
||||
DBC.INTERIM.assertNotNull("For " + privilegeName + " first must not be null!", user);
|
||||
String org = user.getProperty(PARAM_ORGANISATION);
|
||||
if (!userOrg.equals(org)) {
|
||||
Set<String> orgs = getUserOrganisations(user);
|
||||
if (!isUserInOrganisation(userOrgs, orgs)) {
|
||||
|
||||
if (assertHasPrivilege)
|
||||
throw new AccessDeniedException(
|
||||
"User " + ctx.getUsername() + " may not access users outside of their organisation: "
|
||||
+ userOrg + " / " + org);
|
||||
+ userOrgs + " / " + orgs);
|
||||
|
||||
return false;
|
||||
}
|
||||
|
@ -140,4 +141,22 @@ public class UserAccessWithSameOrganisationPrivilege extends UserAccessPrivilege
|
|||
// now delegate the rest of the validation to the super class
|
||||
return super.validateAction(ctx, privilege, restrictable, assertHasPrivilege);
|
||||
}
|
||||
|
||||
protected boolean isUserInOrganisation(Set<String> organisations, Set<String> userOrg) {
|
||||
return userOrg.stream().anyMatch(organisations::contains);
|
||||
}
|
||||
|
||||
protected Set<String> getUserOrganisations(User user) {
|
||||
String userOrg = user.getProperty(PARAM_ORGANISATION);
|
||||
if (isEmpty(userOrg))
|
||||
throw new PrivilegeException("No organisation configured for user " + user.getUsername());
|
||||
return Stream.of(userOrg.split(",")).map(String::trim).collect(toSet());
|
||||
}
|
||||
|
||||
protected Set<String> getUserOrganisations(PrivilegeContext ctx) {
|
||||
String userOrg = ctx.getCertificate().getProperty(PARAM_ORGANISATION);
|
||||
if (isEmpty(userOrg))
|
||||
throw new PrivilegeException("No organisation configured for user " + ctx.getUsername());
|
||||
return Stream.of(userOrg.split(",")).map(String::trim).collect(toSet());
|
||||
}
|
||||
}
|
||||
|
|
|
@ -43,7 +43,7 @@ import li.strolch.privilege.model.Restrictable;
|
|||
*/
|
||||
public class UsernameFromCertificateWithSameOrganisationPrivilege extends UsernameFromCertificatePrivilege {
|
||||
|
||||
private static final String PARAM_ORGANISATION = "organisation";
|
||||
public static final String PARAM_ORGANISATION = "organisation";
|
||||
|
||||
@Override
|
||||
public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable)
|
||||
|
|
|
@ -2,27 +2,20 @@
|
|||
<Roles>
|
||||
|
||||
<Role name="PrivilegeAdmin">
|
||||
<Privilege name="PrivilegeAction" policy="DefaultPrivilege">
|
||||
<Allow>Persist</Allow>
|
||||
<Allow>Reload</Allow>
|
||||
<Allow>GetPolicies</Allow>
|
||||
</Privilege>
|
||||
|
||||
<Privilege name="PrivilegeGetRole" policy="RoleAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeAddRole" policy="RoleAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeRemoveRole" policy="RoleAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeModifyRole" policy="RoleAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
|
||||
<Privilege name="PrivilegeGetUser" policy="UserAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
<Privilege name="li.strolch.service.api.Service" policy="DefaultPrivilege">
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeUpdateUserService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeUpdateUserRolesService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeSetUserPasswordService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeSetUserLocaleService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeRemoveUserService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeRemoveRoleFromUserService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeAddUserService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeAddRoleToUserService</Allow>
|
||||
<Allow>li.strolch.service.privilege.roles.PrivilegeUpdateRoleService</Allow>
|
||||
<Allow>li.strolch.service.privilege.roles.PrivilegeRemoveRoleService</Allow>
|
||||
<Allow>li.strolch.service.privilege.roles.PrivilegeRemovePrivilegeFromRoleService</Allow>
|
||||
<Allow>li.strolch.service.privilege.roles.PrivilegeAddRoleService</Allow>
|
||||
<Allow>li.strolch.service.privilege.roles.PrivilegeAddOrReplacePrivilegeOnRoleService</Allow>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeAddUser" policy="UserAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
|
@ -30,24 +23,52 @@
|
|||
<Privilege name="PrivilegeRemoveUser" policy="UserAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeModifyUser" policy="UserAccessPrivilege">
|
||||
<Privilege name="InvalidateSession" policy="UserSessionAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeAddRoleToUser" policy="UserAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeRemoveRoleFromUser" policy="UserAccessPrivilege">
|
||||
<Privilege name="PrivilegeSetUserPassword" policy="UserAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeSetUserLocale" policy="UserAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeSetUserState" policy="UserAccessPrivilege">
|
||||
<Allow>ENABLED</Allow>
|
||||
<Allow>DISABLED</Allow>
|
||||
<Deny>SYSTEM</Deny>
|
||||
<Privilege name="PrivilegeAction" policy="DefaultPrivilege">
|
||||
<Allow>Reload</Allow>
|
||||
<Allow>GetPolicies</Allow>
|
||||
<Allow>Persist</Allow>
|
||||
<Allow>GetCertificates</Allow>
|
||||
<Allow>PersistSessions</Allow>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeSetUserPassword" policy="UserAccessPrivilege">
|
||||
<Privilege name="PrivilegeGetUser" policy="UserAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeSetUserState" policy="UserAccessPrivilege">
|
||||
<Deny>SYSTEM</Deny>
|
||||
<Allow>DISABLED</Allow>
|
||||
<Allow>ENABLED</Allow>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeAddRoleToUser" policy="UserAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeGetRole" policy="RoleAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="GetSession" policy="UserSessionAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeModifyUser" policy="UserAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeRemoveRole" policy="RoleAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeRemoveRoleFromUser" policy="UserAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeModifyRole" policy="RoleAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeAddRole" policy="RoleAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
</Role>
|
||||
|
|
|
@ -15,12 +15,13 @@
|
|||
*/
|
||||
package li.strolch.rest.endpoint;
|
||||
|
||||
import static java.util.Comparator.comparing;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.*;
|
||||
import javax.ws.rs.core.Context;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
import javax.ws.rs.core.Response;
|
||||
import java.util.List;
|
||||
|
||||
import com.google.gson.JsonArray;
|
||||
import li.strolch.agent.api.ComponentContainer;
|
||||
|
@ -53,8 +54,13 @@ public class PrivilegeRolesService {
|
|||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler();
|
||||
|
||||
List<RoleRep> roles = privilegeHandler.getRoles(cert);
|
||||
JsonArray rolesJ = toJson(roles);
|
||||
PrivilegeElementToJsonVisitor visitor = new PrivilegeElementToJsonVisitor();
|
||||
JsonArray rolesJ = privilegeHandler.getRoles(cert).stream() //
|
||||
.sorted(comparing(roleRep -> roleRep.getName().toLowerCase())) //
|
||||
.collect(JsonArray::new, //
|
||||
(array, role) -> array.add(role.accept(visitor)), //
|
||||
JsonArray::addAll);
|
||||
|
||||
return Response.ok(rolesJ.toString(), MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
|
||||
|
@ -173,12 +179,4 @@ public class PrivilegeRolesService {
|
|||
}
|
||||
return ResponseUtil.toResponse(svcResult);
|
||||
}
|
||||
|
||||
private JsonArray toJson(List<RoleRep> roles) {
|
||||
JsonArray rolesArr = new JsonArray();
|
||||
for (RoleRep roleRep : roles) {
|
||||
rolesArr.add(roleRep.accept(new PrivilegeElementToJsonVisitor()));
|
||||
}
|
||||
return rolesArr;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -15,6 +15,7 @@
|
|||
*/
|
||||
package li.strolch.rest.endpoint;
|
||||
|
||||
import static java.util.Comparator.comparing;
|
||||
import static li.strolch.rest.helper.RestfulHelper.toJson;
|
||||
import static li.strolch.search.SearchBuilder.buildSimpleValueSearch;
|
||||
|
||||
|
@ -77,7 +78,9 @@ public class PrivilegeUsersService {
|
|||
UserRep::getFirstname, //
|
||||
UserRep::getLastname, //
|
||||
userRep -> userRep.getUserState().name(), //
|
||||
UserRep::getRoles)).search(users);
|
||||
UserRep::getRoles)) //
|
||||
.search(users) //
|
||||
.orderBy(comparing(r -> r.getUsername().toLowerCase()));
|
||||
|
||||
PrivilegeElementToJsonVisitor visitor = new PrivilegeElementToJsonVisitor();
|
||||
JsonObject root = toJson(queryData, users.size(), result, t -> t.accept(visitor));
|
||||
|
@ -93,13 +96,15 @@ public class PrivilegeUsersService {
|
|||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler();
|
||||
|
||||
UserRep queryRep = new PrivilegeElementFromJsonVisitor().userRepFromJson(query);
|
||||
List<UserRep> users = privilegeHandler.queryUsers(cert, queryRep);
|
||||
PrivilegeElementToJsonVisitor visitor = new PrivilegeElementToJsonVisitor();
|
||||
|
||||
UserRep queryRep = new PrivilegeElementFromJsonVisitor().userRepFromJson(query);
|
||||
JsonArray usersArr = privilegeHandler.queryUsers(cert, queryRep).stream() //
|
||||
.sorted(comparing(r -> r.getUsername().toLowerCase())) //
|
||||
.collect(JsonArray::new, //
|
||||
(array, user) -> array.add(user.accept(visitor)), //
|
||||
JsonArray::addAll);
|
||||
|
||||
JsonArray usersArr = new JsonArray();
|
||||
for (UserRep userRep : users) {
|
||||
usersArr.add(userRep.accept(new PrivilegeElementToJsonVisitor()));
|
||||
}
|
||||
return Response.ok(usersArr.toString(), MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
|
||||
|
|
|
@ -59,14 +59,4 @@ public class PrivilegeAddOrReplacePrivilegeOnRoleService
|
|||
|
||||
return new PrivilegeRoleResult(role);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeName() {
|
||||
return StrolchPrivilegeConstants.PRIVILEGE_MODIFY_ROLE;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeValue() {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -57,14 +57,4 @@ public class PrivilegeAddRoleService extends AbstractService<PrivilegeRoleArgume
|
|||
|
||||
return new PrivilegeRoleResult(role);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeName() {
|
||||
return StrolchPrivilegeConstants.PRIVILEGE_ADD_ROLE;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeValue() {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -59,14 +59,4 @@ public class PrivilegeRemovePrivilegeFromRoleService
|
|||
|
||||
return new PrivilegeRoleResult(role);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeName() {
|
||||
return StrolchPrivilegeConstants.PRIVILEGE_MODIFY_ROLE;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeValue() {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -58,14 +58,4 @@ public class PrivilegeRemoveRoleService extends AbstractService<PrivilegeRoleNam
|
|||
|
||||
return new PrivilegeRoleResult(role);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeName() {
|
||||
return StrolchPrivilegeConstants.PRIVILEGE_REMOVE_ROLE;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeValue() {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -58,14 +58,4 @@ public class PrivilegeUpdateRoleService extends AbstractService<PrivilegeRoleArg
|
|||
|
||||
return new PrivilegeRoleResult(role);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeName() {
|
||||
return StrolchPrivilegeConstants.PRIVILEGE_MODIFY_ROLE;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeValue() {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -59,14 +59,4 @@ public class PrivilegeAddRoleToUserService
|
|||
|
||||
return new PrivilegeUserResult(user);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeName() {
|
||||
return StrolchPrivilegeConstants.PRIVILEGE_ADD_ROLE_TO_USER;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeValue() {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,7 +17,6 @@ package li.strolch.service.privilege.users;
|
|||
|
||||
import li.strolch.persistence.api.StrolchTransaction;
|
||||
import li.strolch.privilege.handler.PrivilegeHandler;
|
||||
import li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants;
|
||||
import li.strolch.service.api.AbstractService;
|
||||
import li.strolch.service.api.ServiceResultState;
|
||||
|
||||
|
@ -49,14 +48,4 @@ public class PrivilegeAddUserService extends AbstractService<PrivilegeUserArgume
|
|||
|
||||
return new PrivilegeUserResult(cmd.getUserOut());
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeName() {
|
||||
return StrolchPrivilegeConstants.PRIVILEGE_ADD_USER;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeValue() {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -58,14 +58,4 @@ public class PrivilegeRemoveRoleFromUserService
|
|||
|
||||
return new PrivilegeUserResult(user);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeName() {
|
||||
return StrolchPrivilegeConstants.PRIVILEGE_REMOVE_ROLE_FROM_USER;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeValue() {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -58,14 +58,4 @@ public class PrivilegeRemoveUserService extends AbstractService<PrivilegeUserNam
|
|||
|
||||
return new PrivilegeUserResult(user);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeName() {
|
||||
return StrolchPrivilegeConstants.PRIVILEGE_REMOVE_USER;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeValue() {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -63,14 +63,4 @@ public class PrivilegeSetUserPasswordService extends AbstractService<PrivilegeSe
|
|||
|
||||
return ServiceResult.success();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeName() {
|
||||
return StrolchPrivilegeConstants.PRIVILEGE_SET_USER_PASSWORD;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeValue() {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -85,14 +85,4 @@ public class PrivilegeUpdateUserRolesService extends AbstractService<JsonService
|
|||
|
||||
return new PrivilegeUserResult(user);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeName() {
|
||||
return StrolchPrivilegeConstants.PRIVILEGE_ADD_ROLE_TO_USER;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeValue() {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -58,14 +58,4 @@ public class PrivilegeUpdateUserService extends AbstractService<PrivilegeUserArg
|
|||
|
||||
return new PrivilegeUserResult(user);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeName() {
|
||||
return StrolchPrivilegeConstants.PRIVILEGE_MODIFY_USER;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeValue() {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -104,27 +104,20 @@
|
|||
</Role>
|
||||
|
||||
<Role name="PrivilegeAdmin">
|
||||
<Privilege name="PrivilegeAction" policy="DefaultPrivilege">
|
||||
<Allow>Persist</Allow>
|
||||
<Allow>Reload</Allow>
|
||||
<Allow>GetPolicies</Allow>
|
||||
</Privilege>
|
||||
|
||||
<Privilege name="PrivilegeGetRole" policy="RoleAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeAddRole" policy="RoleAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeRemoveRole" policy="RoleAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeModifyRole" policy="RoleAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
|
||||
<Privilege name="PrivilegeGetUser" policy="UserAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
<Privilege name="li.strolch.service.api.Service" policy="DefaultPrivilege">
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeUpdateUserService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeUpdateUserRolesService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeSetUserPasswordService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeSetUserLocaleService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeRemoveUserService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeRemoveRoleFromUserService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeAddUserService</Allow>
|
||||
<Allow>li.strolch.service.privilege.users.PrivilegeAddRoleToUserService</Allow>
|
||||
<Allow>li.strolch.service.privilege.roles.PrivilegeUpdateRoleService</Allow>
|
||||
<Allow>li.strolch.service.privilege.roles.PrivilegeRemoveRoleService</Allow>
|
||||
<Allow>li.strolch.service.privilege.roles.PrivilegeRemovePrivilegeFromRoleService</Allow>
|
||||
<Allow>li.strolch.service.privilege.roles.PrivilegeAddRoleService</Allow>
|
||||
<Allow>li.strolch.service.privilege.roles.PrivilegeAddOrReplacePrivilegeOnRoleService</Allow>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeAddUser" policy="UserAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
|
@ -132,24 +125,52 @@
|
|||
<Privilege name="PrivilegeRemoveUser" policy="UserAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeModifyUser" policy="UserAccessPrivilege">
|
||||
<Privilege name="InvalidateSession" policy="UserSessionAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeAddRoleToUser" policy="UserAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeRemoveRoleFromUser" policy="UserAccessPrivilege">
|
||||
<Privilege name="PrivilegeSetUserPassword" policy="UserAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeSetUserLocale" policy="UserAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeSetUserState" policy="UserAccessPrivilege">
|
||||
<Allow>ENABLED</Allow>
|
||||
<Allow>DISABLED</Allow>
|
||||
<Deny>SYSTEM</Deny>
|
||||
<Privilege name="PrivilegeAction" policy="DefaultPrivilege">
|
||||
<Allow>Reload</Allow>
|
||||
<Allow>GetPolicies</Allow>
|
||||
<Allow>Persist</Allow>
|
||||
<Allow>GetCertificates</Allow>
|
||||
<Allow>PersistSessions</Allow>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeSetUserPassword" policy="UserAccessPrivilege">
|
||||
<Privilege name="PrivilegeGetUser" policy="UserAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeSetUserState" policy="UserAccessPrivilege">
|
||||
<Deny>SYSTEM</Deny>
|
||||
<Allow>DISABLED</Allow>
|
||||
<Allow>ENABLED</Allow>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeAddRoleToUser" policy="UserAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeGetRole" policy="RoleAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="GetSession" policy="UserSessionAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeModifyUser" policy="UserAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeRemoveRole" policy="RoleAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeRemoveRoleFromUser" policy="UserAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeModifyRole" policy="RoleAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="PrivilegeAddRole" policy="RoleAccessPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
</Role>
|
||||
|
|
Loading…
Reference in New Issue