CCM NG: Added annotations for authorization to several methods

git-svn-id: https://svn.libreccm.org/ccm/ccm_ng@4155 8810af33-2d31-482b-a856-94f89814c4df

ccm-core/src/main/java/org/libreccm/categorization/CategorizationConstants.java

@@ -25,6 +25,8 @@ package org.libreccm.categorization;
 public final class CategorizationConstants {
     
     public static final String CAT_XML_NS = "http://categorization.libreccm.org";
+    public static final String MANAGE_CATEGORIES_PRIVILEGE = "manage_categories";
+    public static final String MANAGE_DOMAINS_PRIVILEGE = "manage_domains";
     
     private CategorizationConstants() {
         //Nothing

ccm-core/src/main/java/org/libreccm/categorization/CategoryRepository.java

@@ -20,7 +20,9 @@ package org.libreccm.categorization;
 
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
+import org.apache.shiro.subject.Subject;
 import org.libreccm.core.AbstractEntityRepository;
+import org.libreccm.security.PermissionChecker;
 
 import java.util.List;
 import java.util.Optional;
@@ -29,6 +31,7 @@ import java.util.UUID;
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.persistence.TypedQuery;
+import javax.transaction.Transactional;
 
 /**
  *
@@ -42,6 +45,12 @@ public class CategoryRepository extends AbstractEntityRepository<Long, Category>
 
     @Inject
     private DomainRepository domainRepo;
+    
+    @Inject
+    private PermissionChecker permissionChecker;
+    
+    @Inject
+    private Subject subject;
 
     @Override
     public Class<Category> getEntityClass() {
@@ -151,4 +160,16 @@ public class CategoryRepository extends AbstractEntityRepository<Long, Category>
 
         return current;
     }
+    
+    @Override
+    @Transactional(Transactional.TxType.REQUIRED)
+    public void save(final Category category) {
+        super.save(category);
+    }
+    
+    @Override
+    @Transactional(Transactional.TxType.REQUIRED)
+    public void delete(final Category category) {
+        super.save(category);
+    }
 }

ccm-core/src/main/java/org/libreccm/categorization/DomainManager.java

@@ -18,6 +18,8 @@
  */
 package org.libreccm.categorization;
 
+import org.libreccm.security.AuthorizationRequired;
+import org.libreccm.security.RequiresPrivilege;
 import org.libreccm.web.ApplicationRepository;
 import org.libreccm.web.CcmApplication;
 
@@ -60,6 +62,8 @@ public class DomainManager {
      *
      * @return The new domain.
      */
+    @AuthorizationRequired
+    @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE)
     @Transactional(Transactional.TxType.REQUIRED)
     public Domain createDomain(final String domainKey,
                                final String rootCategoryName) {
@@ -90,6 +94,8 @@ public class DomainManager {
      * @param domain      The {@code Domain} to which owners the
      *                    {@code CcmApplication is added}.
      */
+    @AuthorizationRequired
+    @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE)
     @Transactional(Transactional.TxType.REQUIRED)
     public void addDomainOwner(final CcmApplication application,
                                final Domain domain) {
@@ -117,6 +123,8 @@ public class DomainManager {
      * @param domain      The {@code Domain} from which owners the provided
      *                    {@code CcmApplication} should be removed.
      */
+    @AuthorizationRequired
+    @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE)
     @Transactional(Transactional.TxType.REQUIRED)
     public void removeDomainOwner(final CcmApplication application,
                                   final Domain domain) {

ccm-core/src/main/java/org/libreccm/categorization/DomainRepository.java

@@ -20,6 +20,8 @@ package org.libreccm.categorization;
 
 import org.libreccm.core.AbstractEntityRepository;
 import org.libreccm.core.DefaultEntityGraph;
+import org.libreccm.security.AuthorizationRequired;
+import org.libreccm.security.RequiresPrivilege;
 
 import java.net.URI;
 import java.util.List;
@@ -141,4 +143,19 @@ public class DomainRepository extends AbstractEntityRepository<Long, Domain> {
         return query.getResultList();
     }
 
+    @AuthorizationRequired
+    @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE)
+    @Transactional(Transactional.TxType.REQUIRED)
+    @Override
+    public void save(final Domain domain) {
+        super.save(domain);
+    }
+    
+    @AuthorizationRequired
+    @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE)
+    @Transactional(Transactional.TxType.REQUIRED)
+    @Override
+    public void delete(final Domain domain) {
+        super.delete(domain);
+    }
 }

ccm-core/src/main/java/org/libreccm/security/PartyRepository.java

@@ -25,6 +25,7 @@ import org.libreccm.core.AbstractEntityRepository;
 import java.util.List;
 
 import javax.persistence.TypedQuery;
+import javax.transaction.Transactional;
 
 /**
  * Repository class for parties.
@@ -74,4 +75,19 @@ public class PartyRepository extends AbstractEntityRepository<Long, Party> {
         return query.getResultList();
     }
 
+    @AuthorizationRequired
+    @RequiresPrivilege("admin")
+    @Transactional(Transactional.TxType.REQUIRED)
+    @Override
+    public void save(final Party party) {
+        super.save(party);
+    }
+    
+    @AuthorizationRequired
+    @RequiresPrivilege("admin")
+    @Transactional(Transactional.TxType.REQUIRED)
+    @Override
+    public void delete(final Party party) {
+        super.delete(party);
+    }
 }

ccm-core/src/main/java/org/libreccm/security/UserRepository.java

@@ -160,8 +160,18 @@ public class UserRepository extends AbstractEntityRepository<Long, User> {
         return query.getResultList();
     }
 
+    @AuthorizationRequired
+    @RequiresPrivilege("admin")
+    @Transactional(Transactional.TxType.REQUIRED)
+    @Override
+    public void save(final User entity) {
+        super.save(entity);
+    }
+     
+    @AuthorizationRequired
+    @RequiresPrivilege("admin")
+    @Transactional(Transactional.TxType.REQUIRED)
     @Override
-    @Transactional
     public void delete(final User entity) {
         if (entity == null) { 
             throw new IllegalArgumentException("Can't delete null");

ccm-core/src/test/java/org/libreccm/security/PartyRepositoryTest.java

@@ -33,7 +33,11 @@ import org.jboss.shrinkwrap.api.asset.EmptyAsset;
 import org.jboss.shrinkwrap.api.spec.WebArchive;
 import org.jboss.shrinkwrap.resolver.api.maven.Maven;
 import org.jboss.shrinkwrap.resolver.api.maven.PomEquippedResolveStage;
-import org.junit.*;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
 import org.junit.experimental.categories.Category;
 import org.junit.runner.RunWith;
 import org.libreccm.core.EmailAddress;
@@ -42,6 +46,7 @@ import org.libreccm.tests.categories.IntegrationTest;
 import javax.inject.Inject;
 import javax.persistence.EntityManager;
 import javax.persistence.PersistenceContext;
+
 import java.io.File;
 import java.util.List;