@Override public int hashCode() { int hash = 7; hash = 73 * hash + (this.name != null ? this.name.hashCode() : 0); hash = 73 * hash + (this.dataType != null ? this.dataType.hashCode() : 0); return hash; }
/** * Utility method to remove Reserved group (for example EVERYONE) from a group list * * @param groups * @return */ private Set<UserGroup> removeReservedGroups(Set<UserGroup> groups){ List<UserGroup> reserved = new ArrayList<UserGroup>(); for(UserGroup ug : groups){ if(!GroupReservedNames.isAllowedName(ug.getGroupName())){ reserved.add(ug); } } for(UserGroup ug : reserved){ groups.remove(ug); } return groups; }
public boolean insertSpecialUsersGroups(){ if (LOGGER.isDebugEnabled()) { LOGGER.debug("Persisting Reserved UsersGroup... "); } UserGroup ug = new UserGroup(); ug.setGroupName(GroupReservedNames.EVERYONE.groupName()); userGroupDAO.persist(ug); if (LOGGER.isDebugEnabled()) { LOGGER.debug("Special UserGroup '" + ug.getGroupName() + "' persisted!"); } return true; }
@Override public long getCount(User user, String nameLike, boolean all) throws BadRequestServiceEx { if (user == null) throw new BadRequestServiceEx("User must be defined."); Search searchCriteria = new Search(UserGroup.class); searchCriteria.addSortAsc("groupName"); Role userRole = user.getRole(); if (userRole.equals((Role)Role.USER)){ Set<UserGroup> userGrp = user.getGroups(); Collection<Long> grpIds = new Vector<Long>(); for(UserGroup grp :userGrp){ grpIds.add(grp.getId()); } searchCriteria.addFilterIn("id", grpIds); } if (nameLike != null) { searchCriteria.addFilterILike("groupName", nameLike); } if(!all) searchCriteria.addFilterNotEqual("groupName", GroupReservedNames.EVERYONE.groupName()); return userGroupDAO.count(searchCriteria); }
if (authUser.getRole().equals(Role.ADMIN)) { return true;
@Override public boolean insertSpecialUsers() { if (LOGGER.isDebugEnabled()) { LOGGER.debug("Persisting Reserved Users... "); } User u = new User(); u.setName(UserReservedNames.GUEST.userName()); u.setRole(Role.GUEST); Search search = new Search(); search.addFilterEqual("groupName", GroupReservedNames.EVERYONE.groupName()); List<UserGroup> userGroup = userGroupDAO.search(search); if(userGroup.size() != 1){ LOGGER.warn("More than EVERYONE group is found..."); } u.setGroups(new HashSet<UserGroup>(userGroup)); userDAO.persist(u); if (LOGGER.isDebugEnabled()) { LOGGER.debug("Special User '" + u.getName() + "' persisted!"); } return true; }
/** * Helper method that creates an Authentication object for the given user, * populating GrantedAuthority instances. * * @param user * @return */ protected Authentication createAuthenticationForUser(User user) { if (user != null) { String role = user.getRole().toString(); List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); authorities.add(new GrantedAuthorityImpl("ROLE_" + role)); return new UsernamePasswordAuthenticationToken(user, user.getPassword(), authorities); } else { LOGGER.error(USER_NOT_FOUND_MSG); return null; } }
/** * Creates a Guest principal with Username="guest" password="" and role ROLE_GUEST. * The guest principal should be used with unauthenticated users. * * @return the Principal instance */ public Principal createGuestPrincipal(){ List<GrantedAuthority> authorities = new ArrayList<>(); authorities.add(new GrantedAuthorityImpl("ROLE_GUEST")); try { User u = userService.get(UserReservedNames.GUEST.userName()); return new UsernamePasswordAuthenticationToken(u,"", authorities); } catch (NotFoundServiceEx e) { if(LOGGER.isDebugEnabled()){ LOGGER.debug("User GUEST is not configured, creating on-the-fly a default one"); } } User guest = new User(); guest.setName("guest"); guest.setRole(Role.GUEST); guest.setGroups(new HashSet<UserGroup>()); Principal principal = new UsernamePasswordAuthenticationToken(guest,"", authorities); return principal; }
/** * Utility method to remove Reserved group (for example EVERYONE) from a group list * * @param groups * @return */ private Set<UserGroup> checkReservedGroups(Set<UserGroup> groups){ List<UserGroup> reserved = new ArrayList<UserGroup>(); for(UserGroup ug : groups){ if(!GroupReservedNames.isAllowedName(ug.getGroupName())){ reserved.add(ug); } } for(UserGroup ug : reserved){ groups.remove(ug); } return groups; } }
@Override public List<UserGroup> getAllAllowed(User user, Integer page, Integer entries, String nameLike, boolean all) throws BadRequestServiceEx { if (user == null) throw new BadRequestServiceEx("User must be defined."); if (((page != null) && (entries == null)) || ((page == null) && (entries != null))) { throw new BadRequestServiceEx("Page and entries params should be declared together."); } Search searchCriteria = new Search(UserGroup.class); if (page != null) { searchCriteria.setMaxResults(entries); searchCriteria.setPage(page); } searchCriteria.addSortAsc("groupName"); Role userRole = user.getRole(); if (userRole.equals((Role)Role.USER)){ Set<UserGroup> userGrp = user.getGroups(); Collection<Long> grpIds = new Vector<Long>(); for(UserGroup grp :userGrp){ grpIds.add(grp.getId()); } searchCriteria.addFilterIn("id", grpIds); } if (nameLike != null) searchCriteria.addFilterILike("groupName", nameLike); if(!all) searchCriteria.addFilterNotEqual("groupName", GroupReservedNames.EVERYONE.groupName()); List<UserGroup> found = userGroupDAO.search(searchCriteria); return found; }
if (authUser.getRole().equals(Role.ADMIN)) { return true;
/** * @param id * @param name * @param role */ public RESTUser(Long id, String name, Role role, Set<UserGroup> groups, boolean allGroups) { super(); this.id = id; this.name = name; this.role = role; groupsNames = new ArrayList<String>(); if(groups != null){ for(UserGroup ug : groups){ if(allGroups || GroupReservedNames.isAllowedName(ug.getGroupName())){ groupsNames.add(ug.getGroupName()); } } } }
public ResourceAuth getResourceAuth(User authUser, long resourceId) if (authUser.getRole().equals(Role.ADMIN)) { return new ResourceAuth(true, true);
@Override public long insert(UserGroup userGroup) throws BadRequestServiceEx { if (LOGGER.isDebugEnabled()) { LOGGER.debug("Persisting UserGroup... "); } if (userGroup == null || StringUtils.isEmpty(userGroup.getGroupName())) { throw new BadRequestServiceEx("The provided UserGroup instance is null or group Name is not specified!"); } if(!GroupReservedNames.isAllowedName(userGroup.getGroupName())){ throw new ReservedUserGroupNameEx("The usergroup name you try to save: '" + userGroup.getGroupName() + "' is a reserved name!"); } userGroup.setGroupName(userGroup.getGroupName()); userGroupDAO.persist(userGroup); if (LOGGER.isDebugEnabled()) { LOGGER.debug("UserGroup '" + userGroup.getGroupName() + "' persisted!"); } return userGroup.getId(); }
@Override public User getAuthUserDetails(SecurityContext sc, boolean includeAttributes) { User authUser = extractAuthUser(sc); User ret = null; try { authUser = userService.get(authUser.getName()); if (authUser != null) { if(authUser.getRole().equals(Role.GUEST)){ throw new NotFoundWebEx("User not found"); } ret = new User(); ret.setId(authUser.getId()); ret.setName(authUser.getName()); // ret.setPassword(authUser.getPassword()); // NO! password should not be sent out of the server! ret.setRole(authUser.getRole()); ret.setGroups(authUser.getGroups()); if (includeAttributes) { ret.setAttribute(authUser.getAttribute()); } } } catch (NotFoundServiceEx e) { throw new NotFoundWebEx("User not found"); } return ret; }
@Override public void assignUserGroup(long userId, long groupId) throws NotFoundServiceEx{ UserGroup groupToAssign = userGroupDAO.find(groupId); // Check if the group user want to assign is an allowed one if(!GroupReservedNames.isAllowedName(groupToAssign.getGroupName())){ throw new NotFoundServiceEx("You can't re-assign the group EVERYONE or any other reserved groups..."); } User targetUser = userDAO.find(userId); if(groupToAssign == null || targetUser == null){ throw new NotFoundServiceEx("The userGroup or the user you provide doesn't exist"); } if(targetUser.getGroups() == null){ Set<UserGroup> groups = new HashSet<UserGroup>(); groups.add(groupToAssign); targetUser.setGroups(groups); userDAO.merge(targetUser); } else{ targetUser.getGroups().add(groupToAssign); userDAO.merge(targetUser); } }
@Override public boolean delete(long id) throws NotFoundServiceEx, BadRequestServiceEx { UserGroup group = userGroupDAO.find(id); if(group == null){ LOGGER.error("Can't find usergroup with id '" + id + "'"); throw new NotFoundServiceEx("Can't find usergroup with id '" + id + "'"); } if(!GroupReservedNames.isAllowedName(group.getGroupName())){ throw new BadRequestServiceEx("Delete a special usergroup ('" + group.getGroupName() + "' in this case) isn't possible"); } Set<User> users = group.getUsers(); for(User u : users){ u.getGroups().remove(group); userDAO.merge(u); } userGroupDAO.remove(group); return true; }
@Override public UserGroupList getAll(SecurityContext sc, Integer page, Integer entries, boolean all) throws BadRequestWebEx { try { List<UserGroup> returnList = userGroupService.getAll(page, entries); List<RESTUserGroup> ugl = new ArrayList<RESTUserGroup>(); for(UserGroup ug : returnList){ if(all || GroupReservedNames.isAllowedName(ug.getGroupName())){ RESTUserGroup rug = new RESTUserGroup(ug.getId(), ug.getGroupName(), ug.getUsers(), ug.getDescription()); ugl.add(rug); } } return new UserGroupList(ugl); } catch (BadRequestServiceEx e) { LOGGER.error(e.getMessage(), e); throw new BadRequestWebEx(e.getMessage()); } }
@Override public void deassignUserGroup(long userId, long groupId) throws NotFoundServiceEx{ UserGroup groupToAssign = userGroupDAO.find(groupId); // Check if the group user want to remove is an allowed one if(!GroupReservedNames.isAllowedName(groupToAssign.getGroupName())){ throw new NotFoundServiceEx("You can't remove the group EVERYONE or any other reserved groups from the users group list..."); } User targetUser = userDAO.find(userId); if(groupToAssign == null || targetUser == null){ throw new NotFoundServiceEx("The userGroup or the user you provide doesn't exist"); } if(targetUser.getGroups() != null){ Set<UserGroup> ugs = targetUser.getGroups(); for( UserGroup group : ugs){ if( group.getId() == groupId){ targetUser.getGroups().remove(group); userDAO.merge(targetUser); return; } } } }