CCM NG: Added annotations for authorization to several methods

git-svn-id: https://svn.libreccm.org/ccm/ccm_ng@4155 8810af33-2d31-482b-a856-94f89814c4df
2016-06-13 17:59:09 +00:00 · 2016-06-13 17:59:09 +00:00 · bce1dac628
parent 08df95a744
commit bce1dac628
7 changed files with 81 additions and 2 deletions
--- a/ccm-core/src/main/java/org/libreccm/categorization/CategorizationConstants.java
+++ b/ccm-core/src/main/java/org/libreccm/categorization/CategorizationConstants.java
@ -25,6 +25,8 @@ package org.libreccm.categorization;
 public final class CategorizationConstants {
    
    public static final String CAT_XML_NS = "http://categorization.libreccm.org";
+    public static final String MANAGE_CATEGORIES_PRIVILEGE = "manage_categories";
+    public static final String MANAGE_DOMAINS_PRIVILEGE = "manage_domains";
    
    private CategorizationConstants() {
        //Nothing
--- a/ccm-core/src/main/java/org/libreccm/categorization/CategoryRepository.java
+++ b/ccm-core/src/main/java/org/libreccm/categorization/CategoryRepository.java
@ -20,7 +20,9 @@ package org.libreccm.categorization;

 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
+import org.apache.shiro.subject.Subject;
 import org.libreccm.core.AbstractEntityRepository;
+import org.libreccm.security.PermissionChecker;

 import java.util.List;
 import java.util.Optional;
@ -29,6 +31,7 @@ import java.util.UUID;
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.persistence.TypedQuery;
+import javax.transaction.Transactional;

 /**
 *
@ -43,6 +46,12 @@ public class CategoryRepository extends AbstractEntityRepository<Long, Category>
    @Inject
    private DomainRepository domainRepo;
    
+    @Inject
+    private PermissionChecker permissionChecker;
+    
+    @Inject
+    private Subject subject;
+
    @Override
    public Class<Category> getEntityClass() {
        return Category.class;
@ -151,4 +160,16 @@ public class CategoryRepository extends AbstractEntityRepository<Long, Category>

        return current;
    }
+    
+    @Override
+    @Transactional(Transactional.TxType.REQUIRED)
+    public void save(final Category category) {
+        super.save(category);
+    }
+    
+    @Override
+    @Transactional(Transactional.TxType.REQUIRED)
+    public void delete(final Category category) {
+        super.save(category);
+    }
 }
--- a/ccm-core/src/main/java/org/libreccm/categorization/DomainManager.java
+++ b/ccm-core/src/main/java/org/libreccm/categorization/DomainManager.java
@ -18,6 +18,8 @@
 */
 package org.libreccm.categorization;

+import org.libreccm.security.AuthorizationRequired;
+import org.libreccm.security.RequiresPrivilege;
 import org.libreccm.web.ApplicationRepository;
 import org.libreccm.web.CcmApplication;

@ -60,6 +62,8 @@ public class DomainManager {
     *
     * @return The new domain.
     */
+    @AuthorizationRequired
+    @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE)
    @Transactional(Transactional.TxType.REQUIRED)
    public Domain createDomain(final String domainKey,
                               final String rootCategoryName) {
@ -90,6 +94,8 @@ public class DomainManager {
     * @param domain      The {@code Domain} to which owners the
     *                    {@code CcmApplication is added}.
     */
+    @AuthorizationRequired
+    @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE)
    @Transactional(Transactional.TxType.REQUIRED)
    public void addDomainOwner(final CcmApplication application,
                               final Domain domain) {
@ -117,6 +123,8 @@ public class DomainManager {
     * @param domain      The {@code Domain} from which owners the provided
     *                    {@code CcmApplication} should be removed.
     */
+    @AuthorizationRequired
+    @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE)
    @Transactional(Transactional.TxType.REQUIRED)
    public void removeDomainOwner(final CcmApplication application,
                                  final Domain domain) {
--- a/ccm-core/src/main/java/org/libreccm/categorization/DomainRepository.java
+++ b/ccm-core/src/main/java/org/libreccm/categorization/DomainRepository.java
@ -20,6 +20,8 @@ package org.libreccm.categorization;

 import org.libreccm.core.AbstractEntityRepository;
 import org.libreccm.core.DefaultEntityGraph;
+import org.libreccm.security.AuthorizationRequired;
+import org.libreccm.security.RequiresPrivilege;

 import java.net.URI;
 import java.util.List;
@ -141,4 +143,19 @@ public class DomainRepository extends AbstractEntityRepository<Long, Domain> {
        return query.getResultList();
    }

+    @AuthorizationRequired
+    @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE)
+    @Transactional(Transactional.TxType.REQUIRED)
+    @Override
+    public void save(final Domain domain) {
+        super.save(domain);
+    }
+    
+    @AuthorizationRequired
+    @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE)
+    @Transactional(Transactional.TxType.REQUIRED)
+    @Override
+    public void delete(final Domain domain) {
+        super.delete(domain);
+    }
 }
--- a/ccm-core/src/main/java/org/libreccm/security/PartyRepository.java
+++ b/ccm-core/src/main/java/org/libreccm/security/PartyRepository.java
@ -25,6 +25,7 @@ import org.libreccm.core.AbstractEntityRepository;
 import java.util.List;

 import javax.persistence.TypedQuery;
+import javax.transaction.Transactional;

 /**
 * Repository class for parties.
@ -74,4 +75,19 @@ public class PartyRepository extends AbstractEntityRepository<Long, Party> {
        return query.getResultList();
    }

+    @AuthorizationRequired
+    @RequiresPrivilege("admin")
+    @Transactional(Transactional.TxType.REQUIRED)
+    @Override
+    public void save(final Party party) {
+        super.save(party);
+    }
+    
+    @AuthorizationRequired
+    @RequiresPrivilege("admin")
+    @Transactional(Transactional.TxType.REQUIRED)
+    @Override
+    public void delete(final Party party) {
+        super.delete(party);
+    }
 }
--- a/ccm-core/src/main/java/org/libreccm/security/UserRepository.java
+++ b/ccm-core/src/main/java/org/libreccm/security/UserRepository.java
@ -160,8 +160,18 @@ public class UserRepository extends AbstractEntityRepository<Long, User> {
        return query.getResultList();
    }

+    @AuthorizationRequired
+    @RequiresPrivilege("admin")
+    @Transactional(Transactional.TxType.REQUIRED)
+    @Override
+    public void save(final User entity) {
+        super.save(entity);
+    }
+     
+    @AuthorizationRequired
+    @RequiresPrivilege("admin")
+    @Transactional(Transactional.TxType.REQUIRED)
    @Override
-    @Transactional
    public void delete(final User entity) {
        if (entity == null) { 
            throw new IllegalArgumentException("Can't delete null");
--- a/ccm-core/src/test/java/org/libreccm/security/PartyRepositoryTest.java
+++ b/ccm-core/src/test/java/org/libreccm/security/PartyRepositoryTest.java
@ -33,7 +33,11 @@ import org.jboss.shrinkwrap.api.asset.EmptyAsset;
 import org.jboss.shrinkwrap.api.spec.WebArchive;
 import org.jboss.shrinkwrap.resolver.api.maven.Maven;
 import org.jboss.shrinkwrap.resolver.api.maven.PomEquippedResolveStage;
-import org.junit.*;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
 import org.junit.experimental.categories.Category;
 import org.junit.runner.RunWith;
 import org.libreccm.core.EmailAddress;
@ -42,6 +46,7 @@ import org.libreccm.tests.categories.IntegrationTest;
 import javax.inject.Inject;
 import javax.persistence.EntityManager;
 import javax.persistence.PersistenceContext;
+
 import java.io.File;
 import java.util.List;