diff --git a/ccm-core/src/main/java/org/libreccm/categorization/CategorizationConstants.java b/ccm-core/src/main/java/org/libreccm/categorization/CategorizationConstants.java index fe9c28c39..4a67c2c68 100644 --- a/ccm-core/src/main/java/org/libreccm/categorization/CategorizationConstants.java +++ b/ccm-core/src/main/java/org/libreccm/categorization/CategorizationConstants.java @@ -25,6 +25,8 @@ package org.libreccm.categorization; public final class CategorizationConstants { public static final String CAT_XML_NS = "http://categorization.libreccm.org"; + public static final String MANAGE_CATEGORIES_PRIVILEGE = "manage_categories"; + public static final String MANAGE_DOMAINS_PRIVILEGE = "manage_domains"; private CategorizationConstants() { //Nothing diff --git a/ccm-core/src/main/java/org/libreccm/categorization/CategoryRepository.java b/ccm-core/src/main/java/org/libreccm/categorization/CategoryRepository.java index 70f284227..dbe7b1b3a 100644 --- a/ccm-core/src/main/java/org/libreccm/categorization/CategoryRepository.java +++ b/ccm-core/src/main/java/org/libreccm/categorization/CategoryRepository.java @@ -20,7 +20,9 @@ package org.libreccm.categorization; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; +import org.apache.shiro.subject.Subject; import org.libreccm.core.AbstractEntityRepository; +import org.libreccm.security.PermissionChecker; import java.util.List; import java.util.Optional; @@ -29,6 +31,7 @@ import java.util.UUID; import javax.enterprise.context.RequestScoped; import javax.inject.Inject; import javax.persistence.TypedQuery; +import javax.transaction.Transactional; /** * @@ -42,6 +45,12 @@ public class CategoryRepository extends AbstractEntityRepository @Inject private DomainRepository domainRepo; + + @Inject + private PermissionChecker permissionChecker; + + @Inject + private Subject subject; @Override public Class getEntityClass() { @@ -151,4 +160,16 @@ public class CategoryRepository extends AbstractEntityRepository return current; } + + @Override + @Transactional(Transactional.TxType.REQUIRED) + public void save(final Category category) { + super.save(category); + } + + @Override + @Transactional(Transactional.TxType.REQUIRED) + public void delete(final Category category) { + super.save(category); + } } diff --git a/ccm-core/src/main/java/org/libreccm/categorization/DomainManager.java b/ccm-core/src/main/java/org/libreccm/categorization/DomainManager.java index 52bc7c876..7868cb94d 100644 --- a/ccm-core/src/main/java/org/libreccm/categorization/DomainManager.java +++ b/ccm-core/src/main/java/org/libreccm/categorization/DomainManager.java @@ -18,6 +18,8 @@ */ package org.libreccm.categorization; +import org.libreccm.security.AuthorizationRequired; +import org.libreccm.security.RequiresPrivilege; import org.libreccm.web.ApplicationRepository; import org.libreccm.web.CcmApplication; @@ -60,6 +62,8 @@ public class DomainManager { * * @return The new domain. */ + @AuthorizationRequired + @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE) @Transactional(Transactional.TxType.REQUIRED) public Domain createDomain(final String domainKey, final String rootCategoryName) { @@ -90,6 +94,8 @@ public class DomainManager { * @param domain The {@code Domain} to which owners the * {@code CcmApplication is added}. */ + @AuthorizationRequired + @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE) @Transactional(Transactional.TxType.REQUIRED) public void addDomainOwner(final CcmApplication application, final Domain domain) { @@ -117,6 +123,8 @@ public class DomainManager { * @param domain The {@code Domain} from which owners the provided * {@code CcmApplication} should be removed. */ + @AuthorizationRequired + @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE) @Transactional(Transactional.TxType.REQUIRED) public void removeDomainOwner(final CcmApplication application, final Domain domain) { diff --git a/ccm-core/src/main/java/org/libreccm/categorization/DomainRepository.java b/ccm-core/src/main/java/org/libreccm/categorization/DomainRepository.java index 6a9ba1331..3ce11f0d1 100644 --- a/ccm-core/src/main/java/org/libreccm/categorization/DomainRepository.java +++ b/ccm-core/src/main/java/org/libreccm/categorization/DomainRepository.java @@ -20,6 +20,8 @@ package org.libreccm.categorization; import org.libreccm.core.AbstractEntityRepository; import org.libreccm.core.DefaultEntityGraph; +import org.libreccm.security.AuthorizationRequired; +import org.libreccm.security.RequiresPrivilege; import java.net.URI; import java.util.List; @@ -141,4 +143,19 @@ public class DomainRepository extends AbstractEntityRepository { return query.getResultList(); } + @AuthorizationRequired + @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE) + @Transactional(Transactional.TxType.REQUIRED) + @Override + public void save(final Domain domain) { + super.save(domain); + } + + @AuthorizationRequired + @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE) + @Transactional(Transactional.TxType.REQUIRED) + @Override + public void delete(final Domain domain) { + super.delete(domain); + } } diff --git a/ccm-core/src/main/java/org/libreccm/security/PartyRepository.java b/ccm-core/src/main/java/org/libreccm/security/PartyRepository.java index 5bce02879..10a6b6de1 100644 --- a/ccm-core/src/main/java/org/libreccm/security/PartyRepository.java +++ b/ccm-core/src/main/java/org/libreccm/security/PartyRepository.java @@ -25,6 +25,7 @@ import org.libreccm.core.AbstractEntityRepository; import java.util.List; import javax.persistence.TypedQuery; +import javax.transaction.Transactional; /** * Repository class for parties. @@ -74,4 +75,19 @@ public class PartyRepository extends AbstractEntityRepository { return query.getResultList(); } + @AuthorizationRequired + @RequiresPrivilege("admin") + @Transactional(Transactional.TxType.REQUIRED) + @Override + public void save(final Party party) { + super.save(party); + } + + @AuthorizationRequired + @RequiresPrivilege("admin") + @Transactional(Transactional.TxType.REQUIRED) + @Override + public void delete(final Party party) { + super.delete(party); + } } diff --git a/ccm-core/src/main/java/org/libreccm/security/UserRepository.java b/ccm-core/src/main/java/org/libreccm/security/UserRepository.java index bacb38cb8..431362d36 100644 --- a/ccm-core/src/main/java/org/libreccm/security/UserRepository.java +++ b/ccm-core/src/main/java/org/libreccm/security/UserRepository.java @@ -160,8 +160,18 @@ public class UserRepository extends AbstractEntityRepository { return query.getResultList(); } + @AuthorizationRequired + @RequiresPrivilege("admin") + @Transactional(Transactional.TxType.REQUIRED) + @Override + public void save(final User entity) { + super.save(entity); + } + + @AuthorizationRequired + @RequiresPrivilege("admin") + @Transactional(Transactional.TxType.REQUIRED) @Override - @Transactional public void delete(final User entity) { if (entity == null) { throw new IllegalArgumentException("Can't delete null"); diff --git a/ccm-core/src/test/java/org/libreccm/security/PartyRepositoryTest.java b/ccm-core/src/test/java/org/libreccm/security/PartyRepositoryTest.java index 47810ffb5..9bbd9339a 100644 --- a/ccm-core/src/test/java/org/libreccm/security/PartyRepositoryTest.java +++ b/ccm-core/src/test/java/org/libreccm/security/PartyRepositoryTest.java @@ -33,7 +33,11 @@ import org.jboss.shrinkwrap.api.asset.EmptyAsset; import org.jboss.shrinkwrap.api.spec.WebArchive; import org.jboss.shrinkwrap.resolver.api.maven.Maven; import org.jboss.shrinkwrap.resolver.api.maven.PomEquippedResolveStage; -import org.junit.*; +import org.junit.After; +import org.junit.AfterClass; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; import org.junit.experimental.categories.Category; import org.junit.runner.RunWith; import org.libreccm.core.EmailAddress; @@ -42,6 +46,7 @@ import org.libreccm.tests.categories.IntegrationTest; import javax.inject.Inject; import javax.persistence.EntityManager; import javax.persistence.PersistenceContext; + import java.io.File; import java.util.List;