public static UserAuthorityGroup createUserAuthorityGroup( char uniqueCharacter, String... auths ) { UserAuthorityGroup role = new UserAuthorityGroup(); role.setAutoFields(); role.setUid( BASE_UID + uniqueCharacter ); role.setName( "UserAuthorityGroup" + uniqueCharacter ); for ( String auth : auths ) { role.getAuthorities().add( auth ); } return role; }
@Override public boolean isLastSuperRole( UserAuthorityGroup userAuthorityGroup ) { Collection<UserAuthorityGroup> groups = userAuthorityGroupStore.getAll(); for ( UserAuthorityGroup group : groups ) { if ( group.isSuper() && group.getId() != userAuthorityGroup.getId() ) { return false; } } return true; }
String password = "district"; UserAuthorityGroup userAuthorityGroup = new UserAuthorityGroup(); userAuthorityGroup.setUid( "yrB6vc5Ip3r" ); userAuthorityGroup.setCode( "Superuser" ); userAuthorityGroup.setName( "Superuser" ); userAuthorityGroup.setDescription( "Superuser" ); userAuthorityGroup.setAuthorities( Sets.newHashSet( authorities ) );
/** * Indicates whether this user credentials has at least one authority through * its user authority groups. */ public boolean hasAuthorities() { for ( UserAuthorityGroup group : userAuthorityGroups ) { if ( group != null && group.getAuthorities() != null && !group.getAuthorities().isEmpty() ) { return true; } } return false; }
public MockCurrentUserService( boolean superUserFlag, Set<OrganisationUnit> organisationUnits, Set<OrganisationUnit> dataViewOrganisationUnits, String... auths ) { UserAuthorityGroup userRole = new UserAuthorityGroup(); userRole.setAutoFields(); userRole.getAuthorities().addAll( Arrays.asList( auths ) ); this.superUserFlag = superUserFlag; UserCredentials credentials = new UserCredentials(); credentials.setUsername( "currentUser" ); credentials.getUserAuthorityGroups().add( userRole ); credentials.setAutoFields(); User user = new User(); user.setFirstName( "Current" ); user.setSurname( "User" ); user.setOrganisationUnits( organisationUnits ); user.setDataViewOrganisationUnits( dataViewOrganisationUnits ); user.setUserCredentials( credentials ); user.setAutoFields(); credentials.setUserInfo( user ); this.currentUser = user; }
UserAuthorityGroup userAuthorityGroup = new UserAuthorityGroup(); userAuthorityGroup.setName( "Superuser" ); userAuthorityGroup.getAuthorities().addAll( authorities );
/** * Indicates whether this user credentials is a super user, implying that the * ALL authority is present in at least one of the user authority groups of * this user credentials. */ public boolean isSuper() { for ( UserAuthorityGroup group : userAuthorityGroups ) { if ( group.isSuper() ) { return true; } } return false; }
@Override public String allowDeleteUserAuthorityGroup( UserAuthorityGroup authorityGroup ) { for ( UserCredentials credentials : authorityGroup.getMembers() ) { for ( UserAuthorityGroup role : credentials.getUserAuthorityGroups() ) { if ( role.equals( authorityGroup ) ) { return credentials.getName(); } } } return null; } }
List<UserAuthorityGroup> roles = userAuthorityGroupStore.getByUid( user.getUserCredentials().getUserAuthorityGroups().stream().map( r -> r.getUid() ).collect( Collectors.toList() ) ); errors.add( new ErrorReport( UserAuthorityGroup.class, ErrorCode.E3003, currentUser.getUsername(), ur.getName() ) );
@Override public void deleteUserAuthorityGroup( UserAuthorityGroup authorityGroup ) { for ( UserCredentials credentials : authorityGroup.getMembers() ) { credentials.getUserAuthorityGroups().remove( authorityGroup ); idObjectManager.updateNoAcl( credentials ); } }
@Override public int addUserAuthorityGroup( UserAuthorityGroup userAuthorityGroup ) { userAuthorityGroupStore.save( userAuthorityGroup ); return userAuthorityGroup.getId(); }
@Override public String allowDeleteUserAuthorityGroup( UserAuthorityGroup userAuthorityGroup ) { UserAuthorityGroup selfRegRole = configService.getConfiguration().getSelfRegistrationRole(); return ( selfRegRole != null && selfRegRole.equals( userAuthorityGroup ) ) ? StringUtils.EMPTY : null; } }
protected User createUser( String username, String... authorities ) { Assert.notNull( userService, "UserService must be injected in test" ); String password = "district"; UserAuthorityGroup userAuthorityGroup = new UserAuthorityGroup(); userAuthorityGroup.setCode( username ); userAuthorityGroup.setName( username ); userAuthorityGroup.setDescription( username ); userAuthorityGroup.setAuthorities( Sets.newHashSet( authorities ) ); userService.addUserAuthorityGroup( userAuthorityGroup ); User user = new User(); user.setCode( username ); user.setFirstName( username ); user.setSurname( username ); userService.addUser( user ); UserCredentials userCredentials = new UserCredentials(); userCredentials.setCode( username ); userCredentials.setUser( user ); userCredentials.setUserInfo( user ); userCredentials.setUsername( username ); userCredentials.getUserAuthorityGroups().add( userAuthorityGroup ); userService.encodeAndSetPassword( userCredentials, password ); userService.addUserCredentials( userCredentials ); user.setUserCredentials( userCredentials ); userService.updateUser( user ); return user; }
/** * Returns a set of the aggregated authorities for all user authority groups * of this user credentials. */ public Set<String> getAllAuthorities() { Set<String> authorities = new HashSet<>(); for ( UserAuthorityGroup group : userAuthorityGroups ) { authorities.addAll( group.getAuthorities() ); } return authorities; }
@Override public void deleteUser( User user ) { UserCredentials credentials = user.getUserCredentials(); for ( UserAuthorityGroup group : credentials.getUserAuthorityGroups() ) { group.getMembers().remove( credentials ); userService.updateUserAuthorityGroup( group ); } } }
public static Collection<GrantedAuthority> getGrantedAuthorities( UserCredentials credentials ) { Set<GrantedAuthority> authorities = new HashSet<>(); for ( UserAuthorityGroup group : credentials.getUserAuthorityGroups() ) { for ( String authority : group.getAuthorities() ) { authorities.add( new SimpleGrantedAuthority( authority ) ); } } return authorities; } }
/** * Indicates whether this user credentials can issue the given user authority * group. First the given authority group must not be null. Second this * user credentials must not contain the given authority group. Third * the authority group must be a subset of the aggregated user authorities * of this user credentials, or this user credentials must have the ALL * authority. * * @param group the user authority group. * @param canGrantOwnUserAuthorityGroups indicates whether this users can grant * its own authority groups to others. */ public boolean canIssueUserRole( UserAuthorityGroup group, boolean canGrantOwnUserAuthorityGroups ) { if ( group == null ) { return false; } final Set<String> authorities = getAllAuthorities(); if ( authorities.contains( UserAuthorityGroup.AUTHORITY_ALL ) ) { return true; } if ( !canGrantOwnUserAuthorityGroups && userAuthorityGroups.contains( group ) ) { return false; } return authorities.containsAll( group.getAuthorities() ); }