You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2012/04/11 09:46:36 UTC
svn commit: r1324610 - in /incubator/syncope/trunk:
client/src/main/java/org/syncope/types/AuditElements.java
core/src/main/java/org/syncope/core/rest/controller/RoleController.java
core/src/test/java/org/syncope/core/rest/RoleTestITCase.java
Author: ilgrosso
Date: Wed Apr 11 07:46:35 2012
New Revision: 1324610
URL: http://svn.apache.org/viewvc?rev=1324610&view=rev
Log:
[SYNCOPE-55] Reworked provided patch
Modified:
incubator/syncope/trunk/client/src/main/java/org/syncope/types/AuditElements.java
incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/RoleController.java
incubator/syncope/trunk/core/src/test/java/org/syncope/core/rest/RoleTestITCase.java
Modified: incubator/syncope/trunk/client/src/main/java/org/syncope/types/AuditElements.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/client/src/main/java/org/syncope/types/AuditElements.java?rev=1324610&r1=1324609&r2=1324610&view=diff
==============================================================================
--- incubator/syncope/trunk/client/src/main/java/org/syncope/types/AuditElements.java (original)
+++ incubator/syncope/trunk/client/src/main/java/org/syncope/types/AuditElements.java Wed Apr 11 07:46:35 2012
@@ -161,6 +161,7 @@ public final class AuditElements {
list,
create,
read,
+ selfRead,
update,
delete,
parent,
@@ -230,7 +231,8 @@ public final class AuditElements {
read,
update,
delete,
- isCreateAllowed,}
+ isCreateAllowed,
+ }
public enum WorkflowSubCategory {
Modified: incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/RoleController.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/RoleController.java?rev=1324610&r1=1324609&r2=1324610&view=diff
==============================================================================
--- incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/RoleController.java (original)
+++ incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/RoleController.java Wed Apr 11 07:46:35 2012
@@ -25,7 +25,9 @@ import javassist.NotFoundException;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
+import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
@@ -35,7 +37,9 @@ import org.syncope.client.to.RoleTO;
import org.syncope.client.validation.SyncopeClientCompositeErrorException;
import org.syncope.core.audit.AuditManager;
import org.syncope.core.persistence.beans.role.SyncopeRole;
+import org.syncope.core.persistence.beans.user.SyncopeUser;
import org.syncope.core.persistence.dao.RoleDAO;
+import org.syncope.core.persistence.dao.UserDAO;
import org.syncope.core.rest.data.RoleDataBinder;
import org.syncope.core.util.EntitlementUtil;
import org.syncope.types.AuditElements.Category;
@@ -53,6 +57,9 @@ public class RoleController extends Abst
private RoleDAO roleDAO;
@Autowired
+ private UserDAO userDAO;
+
+ @Autowired
private RoleDataBinder roleDataBinder;
@PreAuthorize("hasRole('ROLE_CREATE')")
@@ -82,7 +89,7 @@ public class RoleController extends Abst
SyncopeRole role = roleDAO.find(roleId);
if (role == null) {
- throw new NotFoundException("Role " + String.valueOf(roleId));
+ throw new NotFoundException("Role " + roleId);
}
Set<Long> allowedRoleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
@@ -97,6 +104,7 @@ public class RoleController extends Abst
}
@RequestMapping(method = RequestMethod.GET, value = "/list")
+ @Transactional(readOnly = true)
public List<RoleTO> list() {
List<SyncopeRole> roles = roleDAO.findAll();
List<RoleTO> roleTOs = new ArrayList<RoleTO>();
@@ -112,6 +120,7 @@ public class RoleController extends Abst
@PreAuthorize("hasRole('ROLE_READ')")
@RequestMapping(method = RequestMethod.GET, value = "/parent/{roleId}")
+ @Transactional(readOnly = true)
public RoleTO parent(@PathVariable("roleId") final Long roleId)
throws NotFoundException, UnauthorizedRoleException {
@@ -139,6 +148,7 @@ public class RoleController extends Abst
@PreAuthorize("hasRole('ROLE_READ')")
@RequestMapping(method = RequestMethod.GET, value = "/children/{roleId}")
+ @Transactional(readOnly = true)
public List<RoleTO> children(@PathVariable("roleId") final Long roleId) {
Set<Long> allowedRoleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
@@ -158,12 +168,13 @@ public class RoleController extends Abst
@PreAuthorize("hasRole('ROLE_READ')")
@RequestMapping(method = RequestMethod.GET, value = "/read/{roleId}")
+ @Transactional(readOnly = true)
public RoleTO read(@PathVariable("roleId") final Long roleId)
throws NotFoundException, UnauthorizedRoleException {
SyncopeRole role = roleDAO.find(roleId);
if (role == null) {
- throw new NotFoundException(String.valueOf(roleId));
+ throw new NotFoundException("Role " + roleId);
}
Set<Long> allowedRoleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
@@ -177,6 +188,34 @@ public class RoleController extends Abst
return roleDataBinder.getRoleTO(role);
}
+ @PreAuthorize("isAuthenticated()")
+ @RequestMapping(method = RequestMethod.GET, value = "/selfRead/{roleId}")
+ @Transactional(readOnly = true)
+ public RoleTO selfRead(@PathVariable("roleId") final Long roleId)
+ throws NotFoundException, UnauthorizedRoleException {
+
+ SyncopeRole role = roleDAO.find(roleId);
+ if (role == null) {
+ throw new NotFoundException("Role " + roleId);
+ }
+ SyncopeUser authUser = userDAO.find(SecurityContextHolder.getContext().getAuthentication().getName());
+ if (authUser == null) {
+ throw new NotFoundException("Authenticated user "
+ + SecurityContextHolder.getContext().getAuthentication().getName());
+ }
+
+ Set<Long> allowedRoleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
+ allowedRoleIds.addAll(authUser.getRoleIds());
+ if (!allowedRoleIds.contains(role.getId())) {
+ throw new UnauthorizedRoleException(role.getId());
+ }
+
+ auditManager.audit(Category.role, RoleSubCategory.selfRead, Result.success,
+ "Successfully read own role: " + role.getId());
+
+ return roleDataBinder.getRoleTO(role);
+ }
+
@PreAuthorize("hasRole('ROLE_UPDATE')")
@RequestMapping(method = RequestMethod.POST, value = "/update")
public RoleTO update(@RequestBody final RoleMod roleMod) throws NotFoundException, UnauthorizedRoleException {
Modified: incubator/syncope/trunk/core/src/test/java/org/syncope/core/rest/RoleTestITCase.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/core/src/test/java/org/syncope/core/rest/RoleTestITCase.java?rev=1324610&r1=1324609&r2=1324610&view=diff
==============================================================================
--- incubator/syncope/trunk/core/src/test/java/org/syncope/core/rest/RoleTestITCase.java (original)
+++ incubator/syncope/trunk/core/src/test/java/org/syncope/core/rest/RoleTestITCase.java Wed Apr 11 07:46:35 2012
@@ -22,14 +22,19 @@ import static org.junit.Assert.*;
import java.util.Arrays;
import java.util.List;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.impl.client.DefaultHttpClient;
import org.junit.Test;
import org.springframework.http.HttpStatus;
import org.springframework.web.client.HttpStatusCodeException;
+import org.syncope.client.http.PreemptiveAuthHttpRequestFactory;
import org.syncope.client.mod.AttributeMod;
import org.syncope.client.mod.RoleMod;
import org.syncope.client.to.AttributeTO;
import org.syncope.client.to.RoleTO;
+import org.syncope.client.to.UserTO;
import org.syncope.client.validation.SyncopeClientCompositeErrorException;
+import org.syncope.client.validation.SyncopeClientException;
import org.syncope.types.SyncopeClientExceptionType;
public class RoleTestITCase extends AbstractTest {
@@ -149,6 +154,37 @@ public class RoleTestITCase extends Abst
}
@Test
+ public void selfRead() {
+ UserTO userTO = restTemplate.getForObject(BASE_URL + "user/read/{userId}", UserTO.class, 1);
+ assertNotNull(userTO);
+
+ assertTrue(userTO.getMembershipMap().containsKey(1L));
+ assertFalse(userTO.getMembershipMap().containsKey(3L));
+
+ PreemptiveAuthHttpRequestFactory requestFactory = ((PreemptiveAuthHttpRequestFactory) restTemplate.
+ getRequestFactory());
+ ((DefaultHttpClient) requestFactory.getHttpClient()).getCredentialsProvider().setCredentials(
+ requestFactory.getAuthScope(), new UsernamePasswordCredentials("user1", "password"));
+
+ SyncopeClientException exception = null;
+ try {
+ restTemplate.getForObject(BASE_URL + "role/selfRead/{roleId}", RoleTO.class, 3);
+ fail();
+ } catch (SyncopeClientCompositeErrorException e) {
+ exception = e.getException(SyncopeClientExceptionType.UnauthorizedRole);
+ }
+ assertNotNull(exception);
+
+ RoleTO roleTO = restTemplate.getForObject(BASE_URL + "role/selfRead/{roleId}", RoleTO.class, 1);
+ assertNotNull(roleTO);
+ assertNotNull(roleTO.getAttributes());
+ assertFalse(roleTO.getAttributes().isEmpty());
+
+ // restore admin authentication
+ super.setupRestTemplate();
+ }
+
+ @Test
public void update() {
RoleTO roleTO = new RoleTO();
roleTO.setName("latestRole");