public static <ID> boolean hasPermission(ID id, UserDto currentUser, String permission) { log.debug("Computing " + permission + " permission for User " + id + "\n Logged in user: " + currentUser); if (permission.equals("edit")) { if (currentUser == null) return false; boolean isSelf = currentUser.getId().equals(id.toString()); return isSelf || currentUser.isGoodAdmin(); // self or admin; } return false; } }
@Override public Collection<? extends GrantedAuthority> getAuthorities() { Set<String> roles = userDto.getRoles(); Collection<LemonGrantedAuthority> authorities = roles.stream() .map(role -> new LemonGrantedAuthority("ROLE_" + role)) .collect(Collectors.toCollection(() -> new ArrayList<LemonGrantedAuthority>(roles.size() + 2))); if (userDto.isGoodUser()) { authorities.add(new LemonGrantedAuthority("ROLE_" + LecUtils.GOOD_USER)); if (userDto.isGoodAdmin()) authorities.add(new LemonGrantedAuthority("ROLE_" + LecUtils.GOOD_ADMIN)); } return authorities; }
/** * Fetches a new token - for session scrolling etc. * @return */ @PreAuthorize("isAuthenticated()") public String fetchNewToken(Optional<Long> expirationMillis, Optional<String> optionalUsername) { UserDto currentUser = LecwUtils.currentUser(); String username = optionalUsername.orElse(currentUser.getUsername()); LecUtils.ensureAuthority(currentUser.getUsername().equals(username) || currentUser.isGoodAdmin(), "com.naturalprogrammer.spring.notGoodAdminOrSameUser"); return LecUtils.TOKEN_PREFIX + blueTokenService.createToken(BlueTokenService.AUTH_AUDIENCE, username, expirationMillis.orElse(properties.getJwt().getExpirationMillis())); }
@PreAuthorize("isAuthenticated()") public Mono<Map<String, String>> fetchNewToken(ServerWebExchange exchange) { return Mono.zip(LecrUtils.currentUser(), exchange.getFormData()).map(tuple -> { UserDto currentUser = (UserDto) tuple.getT1().get(); String username = tuple.getT2().getFirst("username"); if (StringUtils.isBlank(username)) username = currentUser.getUsername(); long expirationMillis = getExpirationMillis(tuple.getT2()); LecUtils.ensureAuthority(currentUser.getUsername().equals(username) || currentUser.isGoodAdmin(), "com.naturalprogrammer.spring.notGoodAdminOrSameUser"); return Collections.singletonMap("token", LecUtils.TOKEN_PREFIX + blueTokenService.createToken(blueTokenService.AUTH_AUDIENCE, username, expirationMillis)); }); }
/** * Updates the fields of the users. Override this if you have more fields. */ protected void updateUserFields(U user, U updatedUser, UserDto currentUser) { log.debug("Updating user fields for user: " + user); // Another good admin must be logged in to edit roles if (currentUser.isGoodAdmin() && !currentUser.getId().equals(user.getId().toString())) { log.debug("Updating roles for user: " + user); // update the roles if (user.getRoles().equals(updatedUser.getRoles())) // roles are same return; if (updatedUser.hasRole(UserUtils.Role.UNVERIFIED)) { if (!user.hasRole(UserUtils.Role.UNVERIFIED)) { makeUnverified(user); // make user unverified } } else { if (user.hasRole(UserUtils.Role.UNVERIFIED)) user.getRoles().remove(UserUtils.Role.UNVERIFIED); // make user verified } user.setRoles(updatedUser.getRoles()); user.setCredentialsUpdatedMillis(System.currentTimeMillis()); } }
/** * Updates the fields of the users. Override this if you have more fields. */ protected void updateUserFields(U user, U updatedUser, UserDto currentUser) { log.debug("Updating user fields for user: " + user); // Another good admin must be logged in to edit roles if (currentUser.isGoodAdmin() && !currentUser.getId().equals(user.getId().toString())) { log.debug("Updating roles for user: " + user); // update the roles if (user.getRoles().equals(updatedUser.getRoles())) // roles are same return; if (updatedUser.hasRole(UserUtils.Role.UNVERIFIED)) { if (!user.hasRole(UserUtils.Role.UNVERIFIED)) { makeUnverified(user); // make user unverified } } else { if (user.hasRole(UserUtils.Role.UNVERIFIED)) user.getRoles().remove(UserUtils.Role.UNVERIFIED); // make user verified } user.setRoles(updatedUser.getRoles()); user.setCredentialsUpdatedMillis(System.currentTimeMillis()); } }