LibreCCM
/
libreccm
3
0
Fork 0
Code Issues 10 Pull Requests Packages Releases Wiki Activity

Moved duplicated methods into separate class, more implementations for RolesAPI

Jens Pelzetter 2020-05-31 16:52:56 +02:00
parent 8fead43ead
commit 632805d9ac
5 changed files with 373 additions and 427 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

172
ccm-core/src/main/java/org/libreccm/api/admin/security/GroupsApi.java
View File

@ -22,8 +22,6 @@ import org.libreccm.api.admin.security.dto.GroupUserMembership;
import org.libreccm.api.admin.security.dto.PartyRoleMembership; import org.libreccm.api.admin.security.dto.PartyRoleMembership;
import org.libreccm.api.dto.ListView; import org.libreccm.api.dto.ListView;
import org.libreccm.core.CoreConstants; import org.libreccm.core.CoreConstants;
import org.libreccm.api.ExtractedIdentifier;
import org.libreccm.api.IdentifierExtractor;
import java.net.URI; import java.net.URI;
import java.util.List; import java.util.List;
@ -41,7 +39,6 @@ import javax.ws.rs.Path;
import javax.ws.rs.PathParam; import javax.ws.rs.PathParam;
import javax.ws.rs.Produces; import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam; import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
@ -52,9 +49,7 @@ import org.libreccm.security.GroupRepository;
import org.libreccm.security.RequiresPrivilege; import org.libreccm.security.RequiresPrivilege;
import org.libreccm.security.Role; import org.libreccm.security.Role;
import org.libreccm.security.RoleManager; import org.libreccm.security.RoleManager;
import org.libreccm.security.RoleRepository;
import org.libreccm.security.User; import org.libreccm.security.User;
import org.libreccm.security.UserRepository;
import java.util.stream.Collectors; import java.util.stream.Collectors;
@ -66,24 +61,18 @@ import java.util.stream.Collectors;
@Path("/groups") @Path("/groups")
public class GroupsApi { public class GroupsApi {
@Inject
private IdentifierExtractor identifierExtractor;
@Inject @Inject
private GroupManager groupManager; private GroupManager groupManager;
@Inject @Inject
private GroupRepository groupRepository; private GroupRepository groupRepository;
@Inject
private SecurityApiRepository repository;
@Inject @Inject
private RoleManager roleManager; private RoleManager roleManager;
@Inject
private RoleRepository roleRepository;
@Inject
private UserRepository userRepository;
@GET @GET
@Path("/") @Path("/")
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@ -114,7 +103,7 @@ public class GroupsApi {
public GroupData getGroup( public GroupData getGroup(
@PathParam("groupIdentifier") final String identifierParam @PathParam("groupIdentifier") final String identifierParam
) { ) {
return new GroupData(findGroup(identifierParam)); return new GroupData(repository.findGroup(identifierParam));
} }
@POST @POST
@ -167,7 +156,7 @@ public class GroupsApi {
@PathParam("groupIdentifier") final String groupIdentifier, @PathParam("groupIdentifier") final String groupIdentifier,
final GroupData groupData final GroupData groupData
) { ) {
final Group group = findGroup(groupIdentifier); final Group group = repository.findGroup(groupIdentifier);
boolean updated = false; boolean updated = false;
if (groupData.getName() != null if (groupData.getName() != null
@ -200,7 +189,7 @@ public class GroupsApi {
public Response deleteGroup( public Response deleteGroup(
@PathParam("groupIdentifier") final String groupIdentifier @PathParam("groupIdentifier") final String groupIdentifier
) { ) {
final Group group = findGroup(groupIdentifier); final Group group = repository.findGroup(groupIdentifier);
final String name = group.getName(); final String name = group.getName();
groupRepository.delete(group); groupRepository.delete(group);
return Response return Response
@ -217,7 +206,7 @@ public class GroupsApi {
public List<GroupUserMembership> getMembers( public List<GroupUserMembership> getMembers(
@PathParam("groupIdentifier") final String groupIdentifier @PathParam("groupIdentifier") final String groupIdentifier
) { ) {
return findGroup(groupIdentifier) return repository.findGroup(groupIdentifier)
.getMemberships() .getMemberships()
.stream() .stream()
.map(GroupUserMembership::new) .map(GroupUserMembership::new)
@ -233,8 +222,8 @@ public class GroupsApi {
@PathParam("groupIdentifier") final String groupIdentifier, @PathParam("groupIdentifier") final String groupIdentifier,
@PathParam("userIdentifier") final String userIdentifier @PathParam("userIdentifier") final String userIdentifier
) { ) {
final Group group = findGroup(groupIdentifier); final Group group = repository.findGroup(groupIdentifier);
final User user = findUser(userIdentifier); final User user = repository.findUser(userIdentifier);
groupManager.addMemberToGroup(user, group); groupManager.addMemberToGroup(user, group);
@ -258,8 +247,8 @@ public class GroupsApi {
@PathParam("groupIdentifier") final String groupIdentifier, @PathParam("groupIdentifier") final String groupIdentifier,
@PathParam("userIdentifier") final String userIdentifier @PathParam("userIdentifier") final String userIdentifier
) { ) {
final Group group = findGroup(groupIdentifier); final Group group = repository.findGroup(groupIdentifier);
final User user = findUser(userIdentifier); final User user = repository.findUser(userIdentifier);
groupManager.removeMemberFromGroup(user, group); groupManager.removeMemberFromGroup(user, group);
@ -285,7 +274,7 @@ public class GroupsApi {
@PathParam("groupIdentifier") @PathParam("groupIdentifier")
final String groupIdentifier final String groupIdentifier
) { ) {
return findGroup(groupIdentifier) return repository.findGroup(groupIdentifier)
.getRoleMemberships() .getRoleMemberships()
.stream() .stream()
.map(PartyRoleMembership::new) .map(PartyRoleMembership::new)
@ -303,8 +292,8 @@ public class GroupsApi {
@PathParam("roleIdentifier") @PathParam("roleIdentifier")
final String roleIdentifier final String roleIdentifier
) { ) {
final Group group = findGroup(groupIdentifier); final Group group = repository.findGroup(groupIdentifier);
final Role role = findRole(roleIdentifier); final Role role = repository.findRole(roleIdentifier);
roleManager.assignRoleToParty(role, group); roleManager.assignRoleToParty(role, group);
@ -331,8 +320,8 @@ public class GroupsApi {
@PathParam("roleIdentifier") @PathParam("roleIdentifier")
final String roleIdentifier final String roleIdentifier
) { ) {
final Group group = findGroup(groupIdentifier); final Group group = repository.findGroup(groupIdentifier);
final Role role = findRole(roleIdentifier); final Role role = repository.findRole(roleIdentifier);
roleManager.removeRoleFromParty(role, group); roleManager.removeRoleFromParty(role, group);
@ -348,133 +337,4 @@ public class GroupsApi {
.build(); .build();
} }
private Group findGroup(final String groupIdentifier) {
final ExtractedIdentifier identifier = identifierExtractor
.extractIdentifier(groupIdentifier);
switch (identifier.getType()) {
case ID:
return groupRepository
.findById(Long.parseLong(identifier.getIdentifier()))
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No group with ID %s found",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
case UUID:
return groupRepository
.findByUuid(identifier.getIdentifier())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No group with UUID %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
default:
return groupRepository
.findByName(identifier.getIdentifier())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No group with name %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
}
}
private Role findRole(final String roleIdentifier) {
final ExtractedIdentifier identifier = identifierExtractor
.extractIdentifier(roleIdentifier);
switch (identifier.getType()) {
case ID:
return roleRepository
.findById(Long.parseLong(identifier.getIdentifier()))
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No role with ID %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
case UUID:
return roleRepository
.findByUuid(identifier.getIdentifier())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No role with UUID %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
default:
return roleRepository
.findByName(identifier.getIdentifier())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No role with name %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
}
}
private User findUser(final String identifierParam) {
final ExtractedIdentifier identifier = identifierExtractor
.extractIdentifier(identifierParam);
switch (identifier.getType()) {
case ID:
return userRepository
.findById(Long.parseLong(identifier.getIdentifier()))
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No user with ID %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND)
);
case UUID:
return userRepository
.findByUuid(identifier.getIdentifier())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No user with UUID %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND)
);
default:
return userRepository
.findByName(identifier.getIdentifier())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No user with name %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND)
);
}
}
} }

217
ccm-core/src/main/java/org/libreccm/api/admin/security/RolesApi.java
View File

@ -5,19 +5,18 @@
*/ */
package org.libreccm.api.admin.security; package org.libreccm.api.admin.security;
import org.libreccm.api.ExtractedIdentifier;
import org.libreccm.core.CcmObjectRepository; import org.libreccm.core.CcmObjectRepository;
import org.libreccm.core.CoreConstants; import org.libreccm.core.CoreConstants;
import org.libreccm.api.IdentifierExtractor;
import org.libreccm.api.admin.security.dto.RoleData; import org.libreccm.api.admin.security.dto.RoleData;
import org.libreccm.api.admin.security.dto.RolePartyMembership;
import org.libreccm.api.admin.security.dto.RolePermission;
import org.libreccm.api.dto.ListView; import org.libreccm.api.dto.ListView;
import org.libreccm.core.CcmObject;
import java.util.List; import java.util.List;
import javax.enterprise.context.RequestScoped; import javax.enterprise.context.RequestScoped;
import javax.inject.Inject; import javax.inject.Inject;
import javax.json.JsonArray;
import javax.json.JsonObject;
import javax.transaction.Transactional; import javax.transaction.Transactional;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE; import javax.ws.rs.DELETE;
@ -35,19 +34,18 @@ import javax.ws.rs.core.Response;
import org.libreccm.security.AuthorizationRequired; import org.libreccm.security.AuthorizationRequired;
import org.libreccm.security.Party; import org.libreccm.security.Party;
import org.libreccm.security.PartyRepository; import org.libreccm.security.PartyRepository;
import org.libreccm.security.Permission;
import org.libreccm.security.PermissionManager;
import org.libreccm.security.RequiresPrivilege; import org.libreccm.security.RequiresPrivilege;
import org.libreccm.security.Role; import org.libreccm.security.Role;
import org.libreccm.security.RoleManager; import org.libreccm.security.RoleManager;
import org.libreccm.security.RoleRepository; import org.libreccm.security.RoleRepository;
import java.net.URI; import java.net.URI;
import java.util.UUID;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import javax.ws.rs.WebApplicationException; import javax.ws.rs.WebApplicationException;
import static com.arsdigita.bebop.Component.*;
/** /**
* *
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a> * @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
@ -56,15 +54,18 @@ import static com.arsdigita.bebop.Component.*;
@Path("/roles") @Path("/roles")
public class RolesApi { public class RolesApi {
@Inject
private IdentifierExtractor identifierExtractor;
@Inject @Inject
private CcmObjectRepository ccmObjectRepository; private CcmObjectRepository ccmObjectRepository;
@Inject @Inject
private PartyRepository partyRepository; private PartyRepository partyRepository;
@Inject
private PermissionManager permissionManager;
@Inject
private SecurityApiRepository repository;
@Inject @Inject
private RoleManager roleManager; private RoleManager roleManager;
@ -101,7 +102,7 @@ public class RolesApi {
public RoleData getRole( public RoleData getRole(
@PathParam("roleIdentifier") final String roleIdentifier @PathParam("roleIdentifier") final String roleIdentifier
) { ) {
return new RoleData(findRole(roleIdentifier)); return new RoleData(repository.findRole(roleIdentifier));
} }
@POST @POST
@ -111,7 +112,6 @@ public class RolesApi {
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED) @Transactional(Transactional.TxType.REQUIRED)
public Response addRole(final RoleData roleData) { public Response addRole(final RoleData roleData) {
final Role role = new Role(); final Role role = new Role();
role.setName(roleData.getName()); role.setName(roleData.getName());
role.setDescription(roleData.getDescription()); role.setDescription(roleData.getDescription());
@ -130,10 +130,22 @@ public class RolesApi {
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED) @Transactional(Transactional.TxType.REQUIRED)
public Response updateRole( public Response updateRole(
@PathParam("roleIdentifier") final String groupIdentifier, @PathParam("roleIdentifier") final String roleIdentifier,
final JsonObject groupData final RoleData roleData
) { ) {
throw new UnsupportedOperationException(); final Role role = repository.findRole(roleIdentifier);
if (roleData != null
&& roleData.getName() != null
&& !roleData.getName().equals(role.getName())) {
role.setName(roleData.getName());
}
roleRepository.save(role);
return Response
.ok(String.format("Role %s updated succesfully.", roleIdentifier))
.build();
} }
@DELETE @DELETE
@ -143,9 +155,13 @@ public class RolesApi {
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED) @Transactional(Transactional.TxType.REQUIRED)
public Response deleteRole( public Response deleteRole(
@PathParam("groupIdentifier") final String groupIdentifier @PathParam("roleIdentifier") final String roleIdentifier
) { ) {
throw new UnsupportedOperationException(); final Role role = repository.findRole(roleIdentifier);
roleRepository.delete(role);
return Response
.ok(String.format("Role %s deleted successfully.", roleIdentifier))
.build();
} }
@GET @GET
@ -154,10 +170,14 @@ public class RolesApi {
@AuthorizationRequired @AuthorizationRequired
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED) @Transactional(Transactional.TxType.REQUIRED)
public JsonArray getMembers( public List<RolePartyMembership> getMembers(
@PathParam("roleIdentifier") final String roleIdentifier @PathParam("roleIdentifier") final String roleIdentifier
) { ) {
throw new UnsupportedOperationException(); return repository.findRole(roleIdentifier)
.getMemberships()
.stream()
.map(RolePartyMembership::new)
.collect(Collectors.toList());
} }
@PUT @PUT
@ -167,9 +187,21 @@ public class RolesApi {
@Transactional(Transactional.TxType.REQUIRED) @Transactional(Transactional.TxType.REQUIRED)
public Response addMember( public Response addMember(
@PathParam("roleIdentifier") final String groupIdentifier, @PathParam("roleIdentifier") final String groupIdentifier,
@PathParam("partyIdentifier") final String userIdentifier @PathParam("partyIdentifier") final String partyIdentifier
) { ) {
throw new UnsupportedOperationException(); final Role role = repository.findRole(groupIdentifier);
final Party party = repository.findParty(partyIdentifier);
roleManager.assignRoleToParty(role, party);
return Response
.ok(
String.format(
"Role %s successfully added to party %s.",
role.getName(),
party.getName()
)
).build();
} }
@DELETE @DELETE
@ -179,9 +211,22 @@ public class RolesApi {
@Transactional(Transactional.TxType.REQUIRED) @Transactional(Transactional.TxType.REQUIRED)
public Response removeMember( public Response removeMember(
@PathParam("roleIdentifier") final String groupIdentifier, @PathParam("roleIdentifier") final String groupIdentifier,
@PathParam("partyIdentifier") final String userIdentifier @PathParam("partyIdentifier") final String partyIdentifier
) { ) {
throw new UnsupportedOperationException(); final Role role = repository.findRole(groupIdentifier);
final Party party = repository.findParty(partyIdentifier);
roleManager.removeRoleFromParty(role, party);
return Response
.ok(
String.format(
"Role %s successfully removed from party %s.",
role.getName(),
party.getName()
)
)
.build();
} }
@GET @GET
@ -190,10 +235,14 @@ public class RolesApi {
@AuthorizationRequired @AuthorizationRequired
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED) @Transactional(Transactional.TxType.REQUIRED)
public JsonArray getPermissions( public List<RolePermission> getPermissions(
@PathParam("roleIdentifier") final String groupIdentifier @PathParam("roleIdentifier") final String roleIdentifier
) { ) {
throw new UnsupportedOperationException(); return repository.findRole(roleIdentifier)
.getPermissions()
.stream()
.map(RolePermission::new)
.collect(Collectors.toList());
} }
@POST @POST
@ -203,9 +252,31 @@ public class RolesApi {
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED) @Transactional(Transactional.TxType.REQUIRED)
public Response addPermission( public Response addPermission(
@PathParam("roleIdentifier") final String groupIdentifier, @PathParam("roleIdentifier") final String roleIdentifier,
final JsonObject permissionData final RolePermission permissionData
) { ) {
final Role role = repository.findRole(roleIdentifier);
final String privilege = permissionData.getGrantedPrivilege();
final Permission permission;
if (permissionData.getObject() != null) {
final CcmObject object = ccmObjectRepository
.findObjectByUuid(permissionData.getUuid())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No CcmObject identified by UUID %s found.",
permissionData.getObject().getUuid()
)
)
);
permission = permissionManager.grantPrivilege(
privilege, role, object
);
} else {
permission = permissionManager.grantPrivilege(privilege, role);
}
throw new UnsupportedOperationException(); throw new UnsupportedOperationException();
} }
@ -215,98 +286,10 @@ public class RolesApi {
@RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
@Transactional(Transactional.TxType.REQUIRED) @Transactional(Transactional.TxType.REQUIRED)
public Response removePermission( public Response removePermission(
@PathParam("roleIdentifier") final String groupIdentifier, @PathParam("roleIdentifier") final String roleIdentifier,
@PathParam("permissionIdentifier") final String permissionIdentifier @PathParam("permissionIdentifier") final String permissionIdentifier
) { ) {
throw new UnsupportedOperationException(); throw new UnsupportedOperationException();
} }
private Party findParty(final String partyIdentifier) {
final ExtractedIdentifier identifier = identifierExtractor
.extractIdentifier(partyIdentifier);
switch (identifier.getType()) {
case ID:
return partyRepository
.findById(Long.parseLong(identifier.getIdentifier()))
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No party with ID %s found",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
case UUID:
return partyRepository
.findByUuid(identifier.getIdentifier())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No party with UUID %s found",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
default:
return partyRepository
.findByName(identifier.getIdentifier())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No party with name %s found",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
}
}
private Role findRole(final String roleIdentifier) {
final ExtractedIdentifier identifier = identifierExtractor
.extractIdentifier(roleIdentifier);
switch (identifier.getType()) {
case ID:
return roleRepository
.findById(Long.parseLong(identifier.getIdentifier()))
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No role with ID %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
case UUID:
return roleRepository
.findByUuid(identifier.getIdentifier())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No role with UUID %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
default:
return roleRepository
.findByName(identifier.getIdentifier())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No role with name %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
}
}
} }

238
ccm-core/src/main/java/org/libreccm/api/admin/security/SecurityApiRepository.java 100644
View File

@ -0,0 +1,238 @@
/*
* Copyright (C) 2020 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.libreccm.api.admin.security;
import org.libreccm.api.ExtractedIdentifier;
import org.libreccm.api.IdentifierExtractor;
import org.libreccm.security.Group;
import org.libreccm.security.GroupRepository;
import org.libreccm.security.Party;
import org.libreccm.security.PartyRepository;
import org.libreccm.security.Role;
import org.libreccm.security.RoleRepository;
import org.libreccm.security.User;
import org.libreccm.security.UserRepository;
import javax.enterprise.context.Dependent;
import javax.inject.Inject;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
/**
* A custom repository for retrieving users, groups and roles from the database
* for the JAX-RS classes in this package.
*
* A methods in this class will throw a {@link WebApplicationException} if
* the requested entity is not found.
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@Dependent
class SecurityApiRepository {
@Inject
private GroupRepository groupRepository;
@Inject
private IdentifierExtractor identifierExtractor;
@Inject
private PartyRepository partyRepository;
@Inject
private RoleRepository roleRepository;
@Inject
private UserRepository userRepository;
protected Group findGroup(final String groupIdentifier) {
final ExtractedIdentifier identifier = identifierExtractor
.extractIdentifier(groupIdentifier);
switch (identifier.getType()) {
case ID:
return groupRepository
.findById(Long.parseLong(identifier.getIdentifier()))
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No group with ID %s found",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
case UUID:
return groupRepository
.findByUuid(identifier.getIdentifier())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No group with UUID %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
default:
return groupRepository
.findByName(identifier.getIdentifier())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No group with name %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
}
}
protected Party findParty(final String partyIdentifier) {
final ExtractedIdentifier identifier = identifierExtractor
.extractIdentifier(partyIdentifier);
switch (identifier.getType()) {
case ID:
return partyRepository
.findById(Long.parseLong(identifier.getIdentifier()))
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No party with ID %s found",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
case UUID:
return partyRepository
.findByUuid(identifier.getIdentifier())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No party with UUID %s found",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
default:
return partyRepository
.findByName(identifier.getIdentifier())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No party with name %s found",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
}
}
protected Role findRole(final String roleIdentifier) {
final ExtractedIdentifier identifier = identifierExtractor
.extractIdentifier(roleIdentifier);
switch (identifier.getType()) {
case ID:
return roleRepository
.findById(Long.parseLong(identifier.getIdentifier()))
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No role with ID %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
case UUID:
return roleRepository
.findByUuid(identifier.getIdentifier())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No role with UUID %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
default:
return roleRepository
.findByName(identifier.getIdentifier())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No role with name %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
}
}
protected User findUser(final String identifierParam) {
final ExtractedIdentifier identifier = identifierExtractor
.extractIdentifier(identifierParam);
switch (identifier.getType()) {
case ID:
return userRepository
.findById(Long.parseLong(identifier.getIdentifier()))
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No user with ID %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND)
);
case UUID:
return userRepository
.findByUuid(identifier.getIdentifier())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No user with UUID %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND)
);
default:
return userRepository
.findByName(identifier.getIdentifier())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No user with name %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND)
);
}
}
}

168
ccm-core/src/main/java/org/libreccm/api/admin/security/UsersApi.java
View File

@ -23,8 +23,6 @@ import org.libreccm.api.admin.security.dto.UserGroupMembership;
import org.libreccm.api.admin.security.dto.PartyRoleMembership; import org.libreccm.api.admin.security.dto.PartyRoleMembership;
import org.libreccm.api.dto.ListView; import org.libreccm.api.dto.ListView;
import org.libreccm.core.CoreConstants; import org.libreccm.core.CoreConstants;
import org.libreccm.api.ExtractedIdentifier;
import org.libreccm.api.IdentifierExtractor;
import java.net.URI; import java.net.URI;
import java.util.List; import java.util.List;
@ -42,18 +40,15 @@ import javax.ws.rs.Path;
import javax.ws.rs.PathParam; import javax.ws.rs.PathParam;
import javax.ws.rs.Produces; import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam; import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import org.libreccm.security.AuthorizationRequired; import org.libreccm.security.AuthorizationRequired;
import org.libreccm.security.Group; import org.libreccm.security.Group;
import org.libreccm.security.GroupManager; import org.libreccm.security.GroupManager;
import org.libreccm.security.GroupRepository;
import org.libreccm.security.RequiresPrivilege; import org.libreccm.security.RequiresPrivilege;
import org.libreccm.security.Role; import org.libreccm.security.Role;
import org.libreccm.security.RoleManager; import org.libreccm.security.RoleManager;
import org.libreccm.security.RoleRepository;
import org.libreccm.security.User; import org.libreccm.security.User;
import org.libreccm.security.UserManager; import org.libreccm.security.UserManager;
import org.libreccm.security.UserRepository; import org.libreccm.security.UserRepository;
@ -70,20 +65,14 @@ import java.util.stream.Collectors;
@Path("/users") @Path("/users")
public class UsersApi { public class UsersApi {
@Inject
private IdentifierExtractor identifierExtractor;
@Inject @Inject
private GroupManager groupManager; private GroupManager groupManager;
@Inject
private GroupRepository groupRepository;
@Inject @Inject
private RoleManager roleManager; private RoleManager roleManager;
@Inject @Inject
private RoleRepository roleRepository; private SecurityApiRepository repository;
@Inject @Inject
private UserManager userManager; private UserManager userManager;
@ -136,7 +125,7 @@ public class UsersApi {
public UserData getUser( public UserData getUser(
final @PathParam("userIdentifier") String identifierParam final @PathParam("userIdentifier") String identifierParam
) { ) {
return new UserData(findUser(identifierParam)); return new UserData(repository.findUser(identifierParam));
} }
/** /**
@ -260,7 +249,7 @@ public class UsersApi {
@PathParam("userIdentifier") final String userIdentifier, @PathParam("userIdentifier") final String userIdentifier,
final UserData userData final UserData userData
) { ) {
final User user = findUser(userIdentifier); final User user = repository.findUser(userIdentifier);
boolean updated = false; boolean updated = false;
if (userData.getFamilyName() != null if (userData.getFamilyName() != null
@ -313,7 +302,7 @@ public class UsersApi {
public Response deleteUser( public Response deleteUser(
@PathParam("userIdentifier") final String userIdentifier @PathParam("userIdentifier") final String userIdentifier
) { ) {
final User user = findUser(userIdentifier); final User user = repository.findUser(userIdentifier);
final String name = user.getName(); final String name = user.getName();
userRepository.delete(user); userRepository.delete(user);
return Response return Response
@ -331,7 +320,7 @@ public class UsersApi {
public List<UserGroupMembership> getGroupMemberships( public List<UserGroupMembership> getGroupMemberships(
@PathParam("userIdentifier") final String userIdentifier @PathParam("userIdentifier") final String userIdentifier
) { ) {
return findUser(userIdentifier) return repository.findUser(userIdentifier)
.getGroupMemberships() .getGroupMemberships()
.stream() .stream()
.map(UserGroupMembership::new) .map(UserGroupMembership::new)
@ -347,8 +336,8 @@ public class UsersApi {
@PathParam("userIdentifier") final String userIdentifier, @PathParam("userIdentifier") final String userIdentifier,
@PathParam("groupIdentifier") final String groupIdentifier @PathParam("groupIdentifier") final String groupIdentifier
) { ) {
final User user = findUser(userIdentifier); final User user = repository.findUser(userIdentifier);
final Group group = findGroup(groupIdentifier); final Group group = repository.findGroup(groupIdentifier);
groupManager.addMemberToGroup(user, group); groupManager.addMemberToGroup(user, group);
@ -373,8 +362,8 @@ public class UsersApi {
@PathParam("userIdentifier") final String userIdentifier, @PathParam("userIdentifier") final String userIdentifier,
@PathParam("groupIdentifier") final String groupIdentifier @PathParam("groupIdentifier") final String groupIdentifier
) { ) {
final User user = findUser(userIdentifier); final User user = repository.findUser(userIdentifier);
final Group group = findGroup(groupIdentifier); final Group group = repository.findGroup(groupIdentifier);
groupManager.removeMemberFromGroup(user, group); groupManager.removeMemberFromGroup(user, group);
@ -400,7 +389,7 @@ public class UsersApi {
@PathParam("userIdentifier") @PathParam("userIdentifier")
final String userIdentifier final String userIdentifier
) { ) {
return findUser(userIdentifier) return repository.findUser(userIdentifier)
.getRoleMemberships() .getRoleMemberships()
.stream() .stream()
.map(PartyRoleMembership::new) .map(PartyRoleMembership::new)
@ -418,8 +407,8 @@ public class UsersApi {
@PathParam("roleIdentifier") @PathParam("roleIdentifier")
final String roleIdentifier final String roleIdentifier
) { ) {
final User user = findUser(userIdentifier); final User user = repository.findUser(userIdentifier);
final Role role = findRole(roleIdentifier); final Role role = repository.findRole(roleIdentifier);
roleManager.assignRoleToParty(role, user); roleManager.assignRoleToParty(role, user);
@ -446,8 +435,8 @@ public class UsersApi {
@PathParam("roleIdentifier") @PathParam("roleIdentifier")
final String roleIdentifier final String roleIdentifier
) { ) {
final User user = findUser(userIdentifier); final User user = repository.findUser(userIdentifier);
final Role role = findRole(roleIdentifier); final Role role = repository.findRole(roleIdentifier);
roleManager.removeRoleFromParty(role, user); roleManager.removeRoleFromParty(role, user);
@ -463,133 +452,4 @@ public class UsersApi {
.build(); .build();
} }
private Group findGroup(final String groupIdentifier) {
final ExtractedIdentifier identifier = identifierExtractor
.extractIdentifier(groupIdentifier);
switch (identifier.getType()) {
case ID:
return groupRepository
.findById(Long.parseLong(identifier.getIdentifier()))
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No group with ID %s found",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
case UUID:
return groupRepository
.findByUuid(identifier.getIdentifier())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No group with UUID %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
default:
return groupRepository
.findByName(identifier.getIdentifier())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No group with name %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
}
}
private Role findRole(final String roleIdentifier) {
final ExtractedIdentifier identifier = identifierExtractor
.extractIdentifier(roleIdentifier);
switch (identifier.getType()) {
case ID:
return roleRepository
.findById(Long.parseLong(identifier.getIdentifier()))
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No role with ID %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
case UUID:
return roleRepository
.findByUuid(identifier.getIdentifier())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No role with UUID %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
default:
return roleRepository
.findByName(identifier.getIdentifier())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No role with name %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND
)
);
}
}
private User findUser(final String identifierParam) {
final ExtractedIdentifier identifier = identifierExtractor
.extractIdentifier(identifierParam);
switch (identifier.getType()) {
case ID:
return userRepository
.findById(Long.parseLong(identifier.getIdentifier()))
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No user with ID %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND)
);
case UUID:
return userRepository
.findByUuid(identifier.getIdentifier())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No user with UUID %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND)
);
default:
return userRepository
.findByName(identifier.getIdentifier())
.orElseThrow(
() -> new WebApplicationException(
String.format(
"No user with name %s found.",
identifier.getIdentifier()
),
Response.Status.NOT_FOUND)
);
}
}
} }

5
ccm-core/src/main/java/org/libreccm/security/PermissionManager.java
View File

@ -409,6 +409,11 @@ public class PermissionManager implements Serializable {
permission.setUuid(UUID.randomUUID().toString()); permission.setUuid(UUID.randomUUID().toString());
entityManager.persist(permission); entityManager.persist(permission);
return permission;
} else{
// ToDo
throw new UnsupportedOperationException();
} }
} }