Cerberus/cerberus
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add role checking method.

Browse Source
This commit is contained in:
Florian THIERRY - Takiguchi
2019-09-02 23:47:35 +02:00
parent 06dadf257f
commit 2111543027
6 changed files with 202 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/main/java/org/cerberus/controllers/ApplicationController.java
View File

@@ -4,13 +4,13 @@ import org.cerberus.entities.persistence.Application;
import org.cerberus.entities.persistence.User;
import org.cerberus.services.ApplicationService;
import org.cerberus.services.SecurityService;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.bind.annotation.*;
import java.security.Principal;
import static org.cerberus.core.constant.RoleSecurity.ADMIN;
import static org.cerberus.core.constant.RoleSecurity.MAINTAINER;
@RestController
@RequestMapping("/api/applications")
public class ApplicationController {
@@ -28,4 +28,10 @@ public class ApplicationController {
User user = securityService.getAdminUser(connectedUser);
return applicationService.create(application, user);
}
@PutMapping
public Application update(@RequestBody Application application, Principal connectedUser) {
securityService.checkHasAnyRole(connectedUser, application, ADMIN, MAINTAINER);
return applicationService.update(application);
}
}

6
src/main/java/org/cerberus/entities/persistence/Application.java
View File

@@ -7,6 +7,8 @@ import java.util.LinkedList;
import java.util.List;
import java.util.UUID;
import static javax.persistence.CascadeType.REMOVE;
@Entity
@Table(name="application")
@Proxy(lazy = false)
@@ -20,10 +22,10 @@ public class Application {
@Column(nullable = false)
private String serviceName;
@OneToMany(mappedBy = "application", cascade = CascadeType.ALL)
@OneToMany(mappedBy = "application", cascade = { REMOVE })
private List<ConfigurationFile> configurationFileList;
@OneToMany(mappedBy = "application", cascade = CascadeType.ALL)
@OneToMany(mappedBy = "application", cascade = { REMOVE })
private List<ApplicationRole> administratorList;
@PrePersist

6
src/main/java/org/cerberus/services/ApplicationService.java
View File

@@ -40,4 +40,10 @@ public class ApplicationService {
return application;
}
public Application update(Application application) {
applicationValidator.checkAllAttributsConstraints(application);
applicationRepository.save(application);
return application;
}
}

37
src/main/java/org/cerberus/services/SecurityService.java
View File

@@ -1,12 +1,18 @@
package org.cerberus.services;
import org.cerberus.core.exceptions.ForbiddenException;
import org.cerberus.entities.persistence.Application;
import org.cerberus.entities.persistence.User;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;
import java.security.Principal;
import java.util.Arrays;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import static org.cerberus.core.constant.RoleSecurity.ADMIN;
@Service
public class SecurityService {
@@ -29,6 +35,37 @@ public class SecurityService {
return user.get();
}
/**
* Checks if the connectedUser has at least one of {@code roles} about the {@code application}.
* @param connectedUser The connected user.
* @param application The application about the user should have role.
* @param roles Allowed role to check.
*/
public void checkHasAnyRole(Principal connectedUser, Application application, String... roles) {
Optional<User> user = getUserByPrincipal(connectedUser);
List<String> roleList = Arrays.stream(roles).collect(Collectors.toList());
boolean userHasRole = false;
if(user.isPresent()) {
// Admin is required ?
userHasRole = roleList.contains(ADMIN) && userService.isAdmin(user.get());
if(!userHasRole) {
// Application role required ?
userHasRole = userService.getApplicationRolesByEmail(user.get().getEmail()).stream()
.anyMatch(appRole ->
appRole.getApplication().getId().equals(application.getId())
&& roleList.contains(appRole.getRole().name())
);
}
}
if(!userHasRole) {
throw new ForbiddenException("Illegal access attempt.");
}
}
public Optional<User> getUserByPrincipal(final Principal pPrincipal) {
Optional<User> result = Optional.empty();

9
src/main/java/org/cerberus/services/UserService.java
View File

@@ -1,7 +1,7 @@
package org.cerberus.services;
import org.cerberus.core.constant.Role;
import org.cerberus.core.config.security.CustomAuthenticationProvider;
import org.cerberus.core.constant.Role;
import org.cerberus.core.constant.RoleSecurity;
import org.cerberus.core.exceptions.BadRequestException;
import org.cerberus.entities.dto.SignUpDTO;
@@ -16,6 +16,7 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Service;
import java.util.Collection;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
@@ -57,7 +58,7 @@ public class UserService {
}
Collection<GrantedAuthority> fetchGrantedAuthorities(User user) {
Collection<GrantedAuthority> grantedAuthorityCollection = userRepository.getApplicationRolesByEmail(user.getEmail())
Collection<GrantedAuthority> grantedAuthorityCollection = getApplicationRolesByEmail(user.getEmail())
.stream()
.map(ApplicationRole::getRole)
.map(Role::name)
@@ -71,6 +72,10 @@ public class UserService {
return grantedAuthorityCollection;
}
public List<ApplicationRole> getApplicationRolesByEmail(String email) {
return userRepository.getApplicationRolesByEmail(email);
}
public void signUp(SignUpDTO inputData) {
signUpValidator.checkAllAttributsConstraints(inputData);