hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 3 Activity

refactored ugly and risky code in role filter / removed Role.isIndependent()

Browse Source
This commit is contained in:
Michael Hoennig 2019-05-10 17:37:36 +02:00
parent a2b90b0a36
commit 3143f27b6c
3 changed files with 24 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/org/hostsharing/hsadminng/service/accessfilter/JSonAccessFilter.java
View File

@ -59,8 +59,10 @@ abstract class JSonAccessFilter<T> {
*/ */
Set<Role> getLoginUserRoles() { Set<Role> getLoginUserRoles() {
final Set<Role> independentRoles = Arrays.stream(Role.values()) final Set<Role> independentRoles = Arrays.stream(Role.values())
// TODO mhoennig: ugly and risky filter condition => refactor! .filter(
.filter(role -> role.isIndependent() && SecurityUtils.isCurrentUserInRole(role.asAuthority())) role -> role.getAuthority()
.map(authority -> SecurityUtils.isCurrentUserInRole(authority))
.orElse(false))
.collect(Collectors.toSet()); .collect(Collectors.toSet());
final Set<Role> rolesOnThis = getId() != null ? getLoginUserDirectRolesFor(dto.getClass(), getId()) : EMPTY_SET; final Set<Role> rolesOnThis = getId() != null ? getLoginUserDirectRolesFor(dto.getClass(), getId()) : EMPTY_SET;

23
src/main/java/org/hostsharing/hsadminng/service/accessfilter/Role.java
View File

@ -6,6 +6,7 @@ import static com.google.common.base.Verify.verify;
import org.hostsharing.hsadminng.security.AuthoritiesConstants; import org.hostsharing.hsadminng.security.AuthoritiesConstants;
import java.lang.reflect.Field; import java.lang.reflect.Field;
import java.util.Optional;
/** /**
* These enum values are on the one hand used to define the minimum role required to grant access to resources, * These enum values are on the one hand used to define the minimum role required to grant access to resources,
@ -94,21 +95,21 @@ public enum Role {
IGNORED; IGNORED;
private final Integer level; private final Integer level;
private final String authority; private final Optional<String> authority;
Role(final int level, final String authority) { Role(final int level, final String authority) {
this.level = level; this.level = level;
this.authority = authority; this.authority = Optional.of(authority);
} }
Role(final int level) { Role(final int level) {
this.level = level; this.level = level;
this.authority = AuthoritiesConstants.USER; this.authority = Optional.empty();
} }
Role() { Role() {
this.level = null; this.level = null;
this.authority = null; this.authority = Optional.empty();
} }
/** /**
@ -124,7 +125,12 @@ public enum Role {
return updateAccessFor.length == 1 && updateAccessFor[0].isIgnored(); return updateAccessFor.length == 1 && updateAccessFor[0].isIgnored();
} }
public String asAuthority() { /**
* @return the independent authority related 1:1 to this Role or empty if no independent authority is related 1:1
*
* @see AuthoritiesConstants
*/
public Optional<String> getAuthority() {
return authority; return authority;
} }
@ -135,13 +141,6 @@ public enum Role {
return this == Role.IGNORED; return this == Role.IGNORED;
} }
/**
* @return true if this role is independent of a target object, false otherwise.
*/
public boolean isIndependent() {
return this != NOBODY && (this == ANYBODY || covers(Role.SUPPORTER));
}
/** /**
* @return the role with the broadest access rights * @return the role with the broadest access rights
*/ */

39
src/test/java/org/hostsharing/hsadminng/service/accessfilter/RoleUnitTest.java
View File

@ -4,6 +4,8 @@ package org.hostsharing.hsadminng.service.accessfilter;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.ThrowableAssert.catchThrowable; import static org.assertj.core.api.ThrowableAssert.catchThrowable;
import org.hostsharing.hsadminng.security.AuthoritiesConstants;
import com.google.common.base.VerifyException; import com.google.common.base.VerifyException;
import org.junit.Test; import org.junit.Test;
@ -95,22 +97,6 @@ public class RoleUnitTest {
assertThat(catchThrowable(() -> Role.HOSTMASTER.coversAny((Role[]) null))).isInstanceOf(VerifyException.class); assertThat(catchThrowable(() -> Role.HOSTMASTER.coversAny((Role[]) null))).isInstanceOf(VerifyException.class);
} }
@Test
public void isNdependend() {
assertThat(Role.NOBODY.isIndependent()).isFalse();
assertThat(Role.HOSTMASTER.isIndependent()).isTrue();
assertThat(Role.ADMIN.isIndependent()).isTrue();
assertThat(Role.SUPPORTER.isIndependent()).isTrue();
assertThat(Role.CONTRACTUAL_CONTACT.isIndependent()).isFalse();
assertThat(Role.FINANCIAL_CONTACT.isIndependent()).isFalse();
assertThat(Role.ACTUAL_CUSTOMER_USER.isIndependent()).isFalse();
assertThat(Role.ANY_CUSTOMER_USER.isIndependent()).isFalse();
assertThat(Role.ANYBODY.isIndependent()).isTrue();
}
@Test @Test
public void isIgnored() { public void isIgnored() {
for (Role role : Role.values()) { for (Role role : Role.values()) {
@ -131,20 +117,13 @@ public class RoleUnitTest {
} }
@Test @Test
public void isIndependent() { public void getAuthority() {
assertThat(Role.HOSTMASTER.isIndependent()).isTrue(); assertThat(Role.NOBODY.getAuthority()).isEmpty();
assertThat(Role.SUPPORTER.isIndependent()).isTrue(); assertThat(Role.HOSTMASTER.getAuthority()).hasValue(AuthoritiesConstants.HOSTMASTER);
assertThat(Role.ADMIN.getAuthority()).hasValue(AuthoritiesConstants.ADMIN);
assertThat(Role.CONTRACTUAL_CONTACT.isIndependent()).isFalse(); assertThat(Role.SUPPORTER.getAuthority()).hasValue(AuthoritiesConstants.SUPPORTER);
assertThat(Role.ANY_CUSTOMER_USER.isIndependent()).isFalse(); assertThat(Role.CONTRACTUAL_CONTACT.getAuthority()).isEmpty();
} assertThat(Role.ANYBODY.getAuthority()).hasValue(AuthoritiesConstants.ANONYMOUS);
@Test
public void asAuthority() {
assertThat(Role.HOSTMASTER.asAuthority()).isEqualTo("ROLE_HOSTMASTER");
assertThat(Role.ADMIN.asAuthority()).isEqualTo("ROLE_ADMIN");
assertThat(Role.SUPPORTER.asAuthority()).isEqualTo("ROLE_SUPPORTER");
assertThat(Role.CONTRACTUAL_CONTACT.asAuthority()).isEqualTo("ROLE_USER");
} }
@Test @Test