diff --git a/ccm-core/src/main/java/org/libreccm/api/admin/security/GroupsApi.java b/ccm-core/src/main/java/org/libreccm/api/admin/security/GroupsApi.java index 65273f13c..bb1e34ef5 100644 --- a/ccm-core/src/main/java/org/libreccm/api/admin/security/GroupsApi.java +++ b/ccm-core/src/main/java/org/libreccm/api/admin/security/GroupsApi.java @@ -22,8 +22,6 @@ import org.libreccm.api.admin.security.dto.GroupUserMembership; import org.libreccm.api.admin.security.dto.PartyRoleMembership; import org.libreccm.api.dto.ListView; import org.libreccm.core.CoreConstants; -import org.libreccm.api.ExtractedIdentifier; -import org.libreccm.api.IdentifierExtractor; import java.net.URI; import java.util.List; @@ -41,7 +39,6 @@ import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; -import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; @@ -52,9 +49,7 @@ import org.libreccm.security.GroupRepository; import org.libreccm.security.RequiresPrivilege; import org.libreccm.security.Role; import org.libreccm.security.RoleManager; -import org.libreccm.security.RoleRepository; import org.libreccm.security.User; -import org.libreccm.security.UserRepository; import java.util.stream.Collectors; @@ -66,24 +61,18 @@ import java.util.stream.Collectors; @Path("/groups") public class GroupsApi { - @Inject - private IdentifierExtractor identifierExtractor; - @Inject private GroupManager groupManager; @Inject private GroupRepository groupRepository; + @Inject + private SecurityApiRepository repository; + @Inject private RoleManager roleManager; - @Inject - private RoleRepository roleRepository; - - @Inject - private UserRepository userRepository; - @GET @Path("/") @Produces(MediaType.APPLICATION_JSON) @@ -114,7 +103,7 @@ public class GroupsApi { public GroupData getGroup( @PathParam("groupIdentifier") final String identifierParam ) { - return new GroupData(findGroup(identifierParam)); + return new GroupData(repository.findGroup(identifierParam)); } @POST @@ -167,7 +156,7 @@ public class GroupsApi { @PathParam("groupIdentifier") final String groupIdentifier, final GroupData groupData ) { - final Group group = findGroup(groupIdentifier); + final Group group = repository.findGroup(groupIdentifier); boolean updated = false; if (groupData.getName() != null @@ -200,7 +189,7 @@ public class GroupsApi { public Response deleteGroup( @PathParam("groupIdentifier") final String groupIdentifier ) { - final Group group = findGroup(groupIdentifier); + final Group group = repository.findGroup(groupIdentifier); final String name = group.getName(); groupRepository.delete(group); return Response @@ -217,7 +206,7 @@ public class GroupsApi { public List getMembers( @PathParam("groupIdentifier") final String groupIdentifier ) { - return findGroup(groupIdentifier) + return repository.findGroup(groupIdentifier) .getMemberships() .stream() .map(GroupUserMembership::new) @@ -233,8 +222,8 @@ public class GroupsApi { @PathParam("groupIdentifier") final String groupIdentifier, @PathParam("userIdentifier") final String userIdentifier ) { - final Group group = findGroup(groupIdentifier); - final User user = findUser(userIdentifier); + final Group group = repository.findGroup(groupIdentifier); + final User user = repository.findUser(userIdentifier); groupManager.addMemberToGroup(user, group); @@ -258,8 +247,8 @@ public class GroupsApi { @PathParam("groupIdentifier") final String groupIdentifier, @PathParam("userIdentifier") final String userIdentifier ) { - final Group group = findGroup(groupIdentifier); - final User user = findUser(userIdentifier); + final Group group = repository.findGroup(groupIdentifier); + final User user = repository.findUser(userIdentifier); groupManager.removeMemberFromGroup(user, group); @@ -285,7 +274,7 @@ public class GroupsApi { @PathParam("groupIdentifier") final String groupIdentifier ) { - return findGroup(groupIdentifier) + return repository.findGroup(groupIdentifier) .getRoleMemberships() .stream() .map(PartyRoleMembership::new) @@ -303,8 +292,8 @@ public class GroupsApi { @PathParam("roleIdentifier") final String roleIdentifier ) { - final Group group = findGroup(groupIdentifier); - final Role role = findRole(roleIdentifier); + final Group group = repository.findGroup(groupIdentifier); + final Role role = repository.findRole(roleIdentifier); roleManager.assignRoleToParty(role, group); @@ -331,8 +320,8 @@ public class GroupsApi { @PathParam("roleIdentifier") final String roleIdentifier ) { - final Group group = findGroup(groupIdentifier); - final Role role = findRole(roleIdentifier); + final Group group = repository.findGroup(groupIdentifier); + final Role role = repository.findRole(roleIdentifier); roleManager.removeRoleFromParty(role, group); @@ -348,133 +337,4 @@ public class GroupsApi { .build(); } - private Group findGroup(final String groupIdentifier) { - final ExtractedIdentifier identifier = identifierExtractor - .extractIdentifier(groupIdentifier); - - switch (identifier.getType()) { - case ID: - return groupRepository - .findById(Long.parseLong(identifier.getIdentifier())) - .orElseThrow( - () -> new WebApplicationException( - String.format( - "No group with ID %s found", - identifier.getIdentifier() - ), - Response.Status.NOT_FOUND - ) - ); - case UUID: - return groupRepository - .findByUuid(identifier.getIdentifier()) - .orElseThrow( - () -> new WebApplicationException( - String.format( - "No group with UUID %s found.", - identifier.getIdentifier() - ), - Response.Status.NOT_FOUND - ) - ); - default: - return groupRepository - .findByName(identifier.getIdentifier()) - .orElseThrow( - () -> new WebApplicationException( - String.format( - "No group with name %s found.", - identifier.getIdentifier() - ), - Response.Status.NOT_FOUND - ) - ); - } - } - - private Role findRole(final String roleIdentifier) { - final ExtractedIdentifier identifier = identifierExtractor - .extractIdentifier(roleIdentifier); - - switch (identifier.getType()) { - case ID: - return roleRepository - .findById(Long.parseLong(identifier.getIdentifier())) - .orElseThrow( - () -> new WebApplicationException( - String.format( - "No role with ID %s found.", - identifier.getIdentifier() - ), - Response.Status.NOT_FOUND - ) - ); - case UUID: - return roleRepository - .findByUuid(identifier.getIdentifier()) - .orElseThrow( - () -> new WebApplicationException( - String.format( - "No role with UUID %s found.", - identifier.getIdentifier() - ), - Response.Status.NOT_FOUND - ) - ); - default: - return roleRepository - .findByName(identifier.getIdentifier()) - .orElseThrow( - () -> new WebApplicationException( - String.format( - "No role with name %s found.", - identifier.getIdentifier() - ), - Response.Status.NOT_FOUND - ) - ); - } - } - - private User findUser(final String identifierParam) { - final ExtractedIdentifier identifier = identifierExtractor - .extractIdentifier(identifierParam); - - switch (identifier.getType()) { - case ID: - return userRepository - .findById(Long.parseLong(identifier.getIdentifier())) - .orElseThrow( - () -> new WebApplicationException( - String.format( - "No user with ID %s found.", - identifier.getIdentifier() - ), - Response.Status.NOT_FOUND) - ); - case UUID: - return userRepository - .findByUuid(identifier.getIdentifier()) - .orElseThrow( - () -> new WebApplicationException( - String.format( - "No user with UUID %s found.", - identifier.getIdentifier() - ), - Response.Status.NOT_FOUND) - ); - default: - return userRepository - .findByName(identifier.getIdentifier()) - .orElseThrow( - () -> new WebApplicationException( - String.format( - "No user with name %s found.", - identifier.getIdentifier() - ), - Response.Status.NOT_FOUND) - ); - } - } - } diff --git a/ccm-core/src/main/java/org/libreccm/api/admin/security/RolesApi.java b/ccm-core/src/main/java/org/libreccm/api/admin/security/RolesApi.java index 43c89aaaf..1b196cf6b 100644 --- a/ccm-core/src/main/java/org/libreccm/api/admin/security/RolesApi.java +++ b/ccm-core/src/main/java/org/libreccm/api/admin/security/RolesApi.java @@ -5,19 +5,18 @@ */ package org.libreccm.api.admin.security; -import org.libreccm.api.ExtractedIdentifier; import org.libreccm.core.CcmObjectRepository; import org.libreccm.core.CoreConstants; -import org.libreccm.api.IdentifierExtractor; import org.libreccm.api.admin.security.dto.RoleData; +import org.libreccm.api.admin.security.dto.RolePartyMembership; +import org.libreccm.api.admin.security.dto.RolePermission; import org.libreccm.api.dto.ListView; +import org.libreccm.core.CcmObject; import java.util.List; import javax.enterprise.context.RequestScoped; import javax.inject.Inject; -import javax.json.JsonArray; -import javax.json.JsonObject; import javax.transaction.Transactional; import javax.ws.rs.Consumes; import javax.ws.rs.DELETE; @@ -35,19 +34,18 @@ import javax.ws.rs.core.Response; import org.libreccm.security.AuthorizationRequired; import org.libreccm.security.Party; import org.libreccm.security.PartyRepository; +import org.libreccm.security.Permission; +import org.libreccm.security.PermissionManager; import org.libreccm.security.RequiresPrivilege; import org.libreccm.security.Role; import org.libreccm.security.RoleManager; import org.libreccm.security.RoleRepository; import java.net.URI; -import java.util.UUID; import java.util.stream.Collectors; import javax.ws.rs.WebApplicationException; -import static com.arsdigita.bebop.Component.*; - /** * * @author Jens Pelzetter @@ -56,15 +54,18 @@ import static com.arsdigita.bebop.Component.*; @Path("/roles") public class RolesApi { - @Inject - private IdentifierExtractor identifierExtractor; - @Inject private CcmObjectRepository ccmObjectRepository; @Inject private PartyRepository partyRepository; + @Inject + private PermissionManager permissionManager; + + @Inject + private SecurityApiRepository repository; + @Inject private RoleManager roleManager; @@ -101,7 +102,7 @@ public class RolesApi { public RoleData getRole( @PathParam("roleIdentifier") final String roleIdentifier ) { - return new RoleData(findRole(roleIdentifier)); + return new RoleData(repository.findRole(roleIdentifier)); } @POST @@ -111,7 +112,6 @@ public class RolesApi { @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public Response addRole(final RoleData roleData) { - final Role role = new Role(); role.setName(roleData.getName()); role.setDescription(roleData.getDescription()); @@ -130,10 +130,22 @@ public class RolesApi { @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public Response updateRole( - @PathParam("roleIdentifier") final String groupIdentifier, - final JsonObject groupData + @PathParam("roleIdentifier") final String roleIdentifier, + final RoleData roleData ) { - throw new UnsupportedOperationException(); + final Role role = repository.findRole(roleIdentifier); + + if (roleData != null + && roleData.getName() != null + && !roleData.getName().equals(role.getName())) { + role.setName(roleData.getName()); + } + + roleRepository.save(role); + + return Response + .ok(String.format("Role %s updated succesfully.", roleIdentifier)) + .build(); } @DELETE @@ -143,9 +155,13 @@ public class RolesApi { @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public Response deleteRole( - @PathParam("groupIdentifier") final String groupIdentifier + @PathParam("roleIdentifier") final String roleIdentifier ) { - throw new UnsupportedOperationException(); + final Role role = repository.findRole(roleIdentifier); + roleRepository.delete(role); + return Response + .ok(String.format("Role %s deleted successfully.", roleIdentifier)) + .build(); } @GET @@ -154,10 +170,14 @@ public class RolesApi { @AuthorizationRequired @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) - public JsonArray getMembers( + public List getMembers( @PathParam("roleIdentifier") final String roleIdentifier ) { - throw new UnsupportedOperationException(); + return repository.findRole(roleIdentifier) + .getMemberships() + .stream() + .map(RolePartyMembership::new) + .collect(Collectors.toList()); } @PUT @@ -167,9 +187,21 @@ public class RolesApi { @Transactional(Transactional.TxType.REQUIRED) public Response addMember( @PathParam("roleIdentifier") final String groupIdentifier, - @PathParam("partyIdentifier") final String userIdentifier + @PathParam("partyIdentifier") final String partyIdentifier ) { - throw new UnsupportedOperationException(); + final Role role = repository.findRole(groupIdentifier); + final Party party = repository.findParty(partyIdentifier); + + roleManager.assignRoleToParty(role, party); + + return Response + .ok( + String.format( + "Role %s successfully added to party %s.", + role.getName(), + party.getName() + ) + ).build(); } @DELETE @@ -179,9 +211,22 @@ public class RolesApi { @Transactional(Transactional.TxType.REQUIRED) public Response removeMember( @PathParam("roleIdentifier") final String groupIdentifier, - @PathParam("partyIdentifier") final String userIdentifier + @PathParam("partyIdentifier") final String partyIdentifier ) { - throw new UnsupportedOperationException(); + final Role role = repository.findRole(groupIdentifier); + final Party party = repository.findParty(partyIdentifier); + + roleManager.removeRoleFromParty(role, party); + + return Response + .ok( + String.format( + "Role %s successfully removed from party %s.", + role.getName(), + party.getName() + ) + ) + .build(); } @GET @@ -190,10 +235,14 @@ public class RolesApi { @AuthorizationRequired @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) - public JsonArray getPermissions( - @PathParam("roleIdentifier") final String groupIdentifier + public List getPermissions( + @PathParam("roleIdentifier") final String roleIdentifier ) { - throw new UnsupportedOperationException(); + return repository.findRole(roleIdentifier) + .getPermissions() + .stream() + .map(RolePermission::new) + .collect(Collectors.toList()); } @POST @@ -203,9 +252,31 @@ public class RolesApi { @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public Response addPermission( - @PathParam("roleIdentifier") final String groupIdentifier, - final JsonObject permissionData + @PathParam("roleIdentifier") final String roleIdentifier, + final RolePermission permissionData ) { + final Role role = repository.findRole(roleIdentifier); + final String privilege = permissionData.getGrantedPrivilege(); + + final Permission permission; + if (permissionData.getObject() != null) { + final CcmObject object = ccmObjectRepository + .findObjectByUuid(permissionData.getUuid()) + .orElseThrow( + () -> new WebApplicationException( + String.format( + "No CcmObject identified by UUID %s found.", + permissionData.getObject().getUuid() + ) + ) + ); + permission = permissionManager.grantPrivilege( + privilege, role, object + ); + } else { + permission = permissionManager.grantPrivilege(privilege, role); + } + throw new UnsupportedOperationException(); } @@ -215,98 +286,10 @@ public class RolesApi { @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN) @Transactional(Transactional.TxType.REQUIRED) public Response removePermission( - @PathParam("roleIdentifier") final String groupIdentifier, + @PathParam("roleIdentifier") final String roleIdentifier, @PathParam("permissionIdentifier") final String permissionIdentifier ) { throw new UnsupportedOperationException(); } - private Party findParty(final String partyIdentifier) { - final ExtractedIdentifier identifier = identifierExtractor - .extractIdentifier(partyIdentifier); - - switch (identifier.getType()) { - case ID: - return partyRepository - .findById(Long.parseLong(identifier.getIdentifier())) - .orElseThrow( - () -> new WebApplicationException( - String.format( - "No party with ID %s found", - identifier.getIdentifier() - ), - Response.Status.NOT_FOUND - ) - ); - case UUID: - return partyRepository - .findByUuid(identifier.getIdentifier()) - .orElseThrow( - () -> new WebApplicationException( - String.format( - "No party with UUID %s found", - identifier.getIdentifier() - ), - Response.Status.NOT_FOUND - ) - ); - default: - return partyRepository - .findByName(identifier.getIdentifier()) - .orElseThrow( - () -> new WebApplicationException( - String.format( - "No party with name %s found", - identifier.getIdentifier() - ), - Response.Status.NOT_FOUND - ) - ); - } - } - - private Role findRole(final String roleIdentifier) { - final ExtractedIdentifier identifier = identifierExtractor - .extractIdentifier(roleIdentifier); - - switch (identifier.getType()) { - case ID: - return roleRepository - .findById(Long.parseLong(identifier.getIdentifier())) - .orElseThrow( - () -> new WebApplicationException( - String.format( - "No role with ID %s found.", - identifier.getIdentifier() - ), - Response.Status.NOT_FOUND - ) - ); - case UUID: - return roleRepository - .findByUuid(identifier.getIdentifier()) - .orElseThrow( - () -> new WebApplicationException( - String.format( - "No role with UUID %s found.", - identifier.getIdentifier() - ), - Response.Status.NOT_FOUND - ) - ); - default: - return roleRepository - .findByName(identifier.getIdentifier()) - .orElseThrow( - () -> new WebApplicationException( - String.format( - "No role with name %s found.", - identifier.getIdentifier() - ), - Response.Status.NOT_FOUND - ) - ); - } - } - } diff --git a/ccm-core/src/main/java/org/libreccm/api/admin/security/SecurityApiRepository.java b/ccm-core/src/main/java/org/libreccm/api/admin/security/SecurityApiRepository.java new file mode 100644 index 000000000..f6e031b69 --- /dev/null +++ b/ccm-core/src/main/java/org/libreccm/api/admin/security/SecurityApiRepository.java @@ -0,0 +1,238 @@ +/* + * Copyright (C) 2020 LibreCCM Foundation. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ +package org.libreccm.api.admin.security; + +import org.libreccm.api.ExtractedIdentifier; +import org.libreccm.api.IdentifierExtractor; +import org.libreccm.security.Group; +import org.libreccm.security.GroupRepository; +import org.libreccm.security.Party; +import org.libreccm.security.PartyRepository; +import org.libreccm.security.Role; +import org.libreccm.security.RoleRepository; +import org.libreccm.security.User; +import org.libreccm.security.UserRepository; + +import javax.enterprise.context.Dependent; +import javax.inject.Inject; +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.Response; + +/** + * A custom repository for retrieving users, groups and roles from the database + * for the JAX-RS classes in this package. + * + * A methods in this class will throw a {@link WebApplicationException} if + * the requested entity is not found. + * + * @author Jens Pelzetter + */ +@Dependent +class SecurityApiRepository { + + @Inject + private GroupRepository groupRepository; + + @Inject + private IdentifierExtractor identifierExtractor; + + @Inject + private PartyRepository partyRepository; + + @Inject + private RoleRepository roleRepository; + + @Inject + private UserRepository userRepository; + + protected Group findGroup(final String groupIdentifier) { + final ExtractedIdentifier identifier = identifierExtractor + .extractIdentifier(groupIdentifier); + + switch (identifier.getType()) { + case ID: + return groupRepository + .findById(Long.parseLong(identifier.getIdentifier())) + .orElseThrow( + () -> new WebApplicationException( + String.format( + "No group with ID %s found", + identifier.getIdentifier() + ), + Response.Status.NOT_FOUND + ) + ); + case UUID: + return groupRepository + .findByUuid(identifier.getIdentifier()) + .orElseThrow( + () -> new WebApplicationException( + String.format( + "No group with UUID %s found.", + identifier.getIdentifier() + ), + Response.Status.NOT_FOUND + ) + ); + default: + return groupRepository + .findByName(identifier.getIdentifier()) + .orElseThrow( + () -> new WebApplicationException( + String.format( + "No group with name %s found.", + identifier.getIdentifier() + ), + Response.Status.NOT_FOUND + ) + ); + } + } + + protected Party findParty(final String partyIdentifier) { + final ExtractedIdentifier identifier = identifierExtractor + .extractIdentifier(partyIdentifier); + + switch (identifier.getType()) { + case ID: + return partyRepository + .findById(Long.parseLong(identifier.getIdentifier())) + .orElseThrow( + () -> new WebApplicationException( + String.format( + "No party with ID %s found", + identifier.getIdentifier() + ), + Response.Status.NOT_FOUND + ) + ); + case UUID: + return partyRepository + .findByUuid(identifier.getIdentifier()) + .orElseThrow( + () -> new WebApplicationException( + String.format( + "No party with UUID %s found", + identifier.getIdentifier() + ), + Response.Status.NOT_FOUND + ) + ); + default: + return partyRepository + .findByName(identifier.getIdentifier()) + .orElseThrow( + () -> new WebApplicationException( + String.format( + "No party with name %s found", + identifier.getIdentifier() + ), + Response.Status.NOT_FOUND + ) + ); + } + } + + + protected Role findRole(final String roleIdentifier) { + final ExtractedIdentifier identifier = identifierExtractor + .extractIdentifier(roleIdentifier); + + switch (identifier.getType()) { + case ID: + return roleRepository + .findById(Long.parseLong(identifier.getIdentifier())) + .orElseThrow( + () -> new WebApplicationException( + String.format( + "No role with ID %s found.", + identifier.getIdentifier() + ), + Response.Status.NOT_FOUND + ) + ); + case UUID: + return roleRepository + .findByUuid(identifier.getIdentifier()) + .orElseThrow( + () -> new WebApplicationException( + String.format( + "No role with UUID %s found.", + identifier.getIdentifier() + ), + Response.Status.NOT_FOUND + ) + ); + default: + return roleRepository + .findByName(identifier.getIdentifier()) + .orElseThrow( + () -> new WebApplicationException( + String.format( + "No role with name %s found.", + identifier.getIdentifier() + ), + Response.Status.NOT_FOUND + ) + ); + } + } + + protected User findUser(final String identifierParam) { + final ExtractedIdentifier identifier = identifierExtractor + .extractIdentifier(identifierParam); + + switch (identifier.getType()) { + case ID: + return userRepository + .findById(Long.parseLong(identifier.getIdentifier())) + .orElseThrow( + () -> new WebApplicationException( + String.format( + "No user with ID %s found.", + identifier.getIdentifier() + ), + Response.Status.NOT_FOUND) + ); + case UUID: + return userRepository + .findByUuid(identifier.getIdentifier()) + .orElseThrow( + () -> new WebApplicationException( + String.format( + "No user with UUID %s found.", + identifier.getIdentifier() + ), + Response.Status.NOT_FOUND) + ); + default: + return userRepository + .findByName(identifier.getIdentifier()) + .orElseThrow( + () -> new WebApplicationException( + String.format( + "No user with name %s found.", + identifier.getIdentifier() + ), + Response.Status.NOT_FOUND) + ); + } + } + +} diff --git a/ccm-core/src/main/java/org/libreccm/api/admin/security/UsersApi.java b/ccm-core/src/main/java/org/libreccm/api/admin/security/UsersApi.java index d11ea80c0..0d1b57438 100644 --- a/ccm-core/src/main/java/org/libreccm/api/admin/security/UsersApi.java +++ b/ccm-core/src/main/java/org/libreccm/api/admin/security/UsersApi.java @@ -23,8 +23,6 @@ import org.libreccm.api.admin.security.dto.UserGroupMembership; import org.libreccm.api.admin.security.dto.PartyRoleMembership; import org.libreccm.api.dto.ListView; import org.libreccm.core.CoreConstants; -import org.libreccm.api.ExtractedIdentifier; -import org.libreccm.api.IdentifierExtractor; import java.net.URI; import java.util.List; @@ -42,18 +40,15 @@ import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; -import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import org.libreccm.security.AuthorizationRequired; import org.libreccm.security.Group; import org.libreccm.security.GroupManager; -import org.libreccm.security.GroupRepository; import org.libreccm.security.RequiresPrivilege; import org.libreccm.security.Role; import org.libreccm.security.RoleManager; -import org.libreccm.security.RoleRepository; import org.libreccm.security.User; import org.libreccm.security.UserManager; import org.libreccm.security.UserRepository; @@ -70,20 +65,14 @@ import java.util.stream.Collectors; @Path("/users") public class UsersApi { - @Inject - private IdentifierExtractor identifierExtractor; - @Inject private GroupManager groupManager; - @Inject - private GroupRepository groupRepository; - @Inject private RoleManager roleManager; @Inject - private RoleRepository roleRepository; + private SecurityApiRepository repository; @Inject private UserManager userManager; @@ -136,7 +125,7 @@ public class UsersApi { public UserData getUser( final @PathParam("userIdentifier") String identifierParam ) { - return new UserData(findUser(identifierParam)); + return new UserData(repository.findUser(identifierParam)); } /** @@ -260,7 +249,7 @@ public class UsersApi { @PathParam("userIdentifier") final String userIdentifier, final UserData userData ) { - final User user = findUser(userIdentifier); + final User user = repository.findUser(userIdentifier); boolean updated = false; if (userData.getFamilyName() != null @@ -313,7 +302,7 @@ public class UsersApi { public Response deleteUser( @PathParam("userIdentifier") final String userIdentifier ) { - final User user = findUser(userIdentifier); + final User user = repository.findUser(userIdentifier); final String name = user.getName(); userRepository.delete(user); return Response @@ -331,7 +320,7 @@ public class UsersApi { public List getGroupMemberships( @PathParam("userIdentifier") final String userIdentifier ) { - return findUser(userIdentifier) + return repository.findUser(userIdentifier) .getGroupMemberships() .stream() .map(UserGroupMembership::new) @@ -347,8 +336,8 @@ public class UsersApi { @PathParam("userIdentifier") final String userIdentifier, @PathParam("groupIdentifier") final String groupIdentifier ) { - final User user = findUser(userIdentifier); - final Group group = findGroup(groupIdentifier); + final User user = repository.findUser(userIdentifier); + final Group group = repository.findGroup(groupIdentifier); groupManager.addMemberToGroup(user, group); @@ -373,8 +362,8 @@ public class UsersApi { @PathParam("userIdentifier") final String userIdentifier, @PathParam("groupIdentifier") final String groupIdentifier ) { - final User user = findUser(userIdentifier); - final Group group = findGroup(groupIdentifier); + final User user = repository.findUser(userIdentifier); + final Group group = repository.findGroup(groupIdentifier); groupManager.removeMemberFromGroup(user, group); @@ -400,7 +389,7 @@ public class UsersApi { @PathParam("userIdentifier") final String userIdentifier ) { - return findUser(userIdentifier) + return repository.findUser(userIdentifier) .getRoleMemberships() .stream() .map(PartyRoleMembership::new) @@ -418,8 +407,8 @@ public class UsersApi { @PathParam("roleIdentifier") final String roleIdentifier ) { - final User user = findUser(userIdentifier); - final Role role = findRole(roleIdentifier); + final User user = repository.findUser(userIdentifier); + final Role role = repository.findRole(roleIdentifier); roleManager.assignRoleToParty(role, user); @@ -446,8 +435,8 @@ public class UsersApi { @PathParam("roleIdentifier") final String roleIdentifier ) { - final User user = findUser(userIdentifier); - final Role role = findRole(roleIdentifier); + final User user = repository.findUser(userIdentifier); + final Role role = repository.findRole(roleIdentifier); roleManager.removeRoleFromParty(role, user); @@ -463,133 +452,4 @@ public class UsersApi { .build(); } - private Group findGroup(final String groupIdentifier) { - final ExtractedIdentifier identifier = identifierExtractor - .extractIdentifier(groupIdentifier); - - switch (identifier.getType()) { - case ID: - return groupRepository - .findById(Long.parseLong(identifier.getIdentifier())) - .orElseThrow( - () -> new WebApplicationException( - String.format( - "No group with ID %s found", - identifier.getIdentifier() - ), - Response.Status.NOT_FOUND - ) - ); - case UUID: - return groupRepository - .findByUuid(identifier.getIdentifier()) - .orElseThrow( - () -> new WebApplicationException( - String.format( - "No group with UUID %s found.", - identifier.getIdentifier() - ), - Response.Status.NOT_FOUND - ) - ); - default: - return groupRepository - .findByName(identifier.getIdentifier()) - .orElseThrow( - () -> new WebApplicationException( - String.format( - "No group with name %s found.", - identifier.getIdentifier() - ), - Response.Status.NOT_FOUND - ) - ); - } - } - - private Role findRole(final String roleIdentifier) { - final ExtractedIdentifier identifier = identifierExtractor - .extractIdentifier(roleIdentifier); - - switch (identifier.getType()) { - case ID: - return roleRepository - .findById(Long.parseLong(identifier.getIdentifier())) - .orElseThrow( - () -> new WebApplicationException( - String.format( - "No role with ID %s found.", - identifier.getIdentifier() - ), - Response.Status.NOT_FOUND - ) - ); - case UUID: - return roleRepository - .findByUuid(identifier.getIdentifier()) - .orElseThrow( - () -> new WebApplicationException( - String.format( - "No role with UUID %s found.", - identifier.getIdentifier() - ), - Response.Status.NOT_FOUND - ) - ); - default: - return roleRepository - .findByName(identifier.getIdentifier()) - .orElseThrow( - () -> new WebApplicationException( - String.format( - "No role with name %s found.", - identifier.getIdentifier() - ), - Response.Status.NOT_FOUND - ) - ); - } - } - - private User findUser(final String identifierParam) { - final ExtractedIdentifier identifier = identifierExtractor - .extractIdentifier(identifierParam); - - switch (identifier.getType()) { - case ID: - return userRepository - .findById(Long.parseLong(identifier.getIdentifier())) - .orElseThrow( - () -> new WebApplicationException( - String.format( - "No user with ID %s found.", - identifier.getIdentifier() - ), - Response.Status.NOT_FOUND) - ); - case UUID: - return userRepository - .findByUuid(identifier.getIdentifier()) - .orElseThrow( - () -> new WebApplicationException( - String.format( - "No user with UUID %s found.", - identifier.getIdentifier() - ), - Response.Status.NOT_FOUND) - ); - default: - return userRepository - .findByName(identifier.getIdentifier()) - .orElseThrow( - () -> new WebApplicationException( - String.format( - "No user with name %s found.", - identifier.getIdentifier() - ), - Response.Status.NOT_FOUND) - ); - } - } - } diff --git a/ccm-core/src/main/java/org/libreccm/security/PermissionManager.java b/ccm-core/src/main/java/org/libreccm/security/PermissionManager.java index 1b7e3b7dc..72c95f89a 100644 --- a/ccm-core/src/main/java/org/libreccm/security/PermissionManager.java +++ b/ccm-core/src/main/java/org/libreccm/security/PermissionManager.java @@ -409,6 +409,11 @@ public class PermissionManager implements Serializable { permission.setUuid(UUID.randomUUID().toString()); entityManager.persist(permission); + + return permission; + } else{ + // ToDo + throw new UnsupportedOperationException(); } }