JSON serializer generalized

2019-04-18 17:12:24 +02:00 · 2019-04-18 17:12:24 +02:00 · 5287d78fcb
commit 5287d78fcb
parent bc87739d6f
3 changed files with 150 additions and 99 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -6025,7 +6025,8 @@
        "ansi-regex": {
          "version": "2.1.1",
          "bundled": true,
-            "dev": true
+          "dev": true,
          "optional": true
        },
        "aproba": {
          "version": "1.2.0",
@ -6046,12 +6047,14 @@
        "balanced-match": {
          "version": "1.0.0",
          "bundled": true,
-            "dev": true
+          "dev": true,
          "optional": true
        },
        "brace-expansion": {
          "version": "1.1.11",
          "bundled": true,
          "dev": true,
          "optional": true,
          "requires": {
            "balanced-match": "^1.0.0",
            "concat-map": "0.0.1"
@ -6066,17 +6069,20 @@
        "code-point-at": {
          "version": "1.1.0",
          "bundled": true,
-            "dev": true
+          "dev": true,
          "optional": true
        },
        "concat-map": {
          "version": "0.0.1",
          "bundled": true,
-            "dev": true
+          "dev": true,
          "optional": true
        },
        "console-control-strings": {
          "version": "1.1.0",
          "bundled": true,
-            "dev": true
+          "dev": true,
          "optional": true
        },
        "core-util-is": {
          "version": "1.0.2",
@ -6193,7 +6199,8 @@
        "inherits": {
          "version": "2.0.3",
          "bundled": true,
-            "dev": true
+          "dev": true,
          "optional": true
        },
        "ini": {
          "version": "1.3.5",
@ -6205,6 +6212,7 @@
          "version": "1.0.0",
          "bundled": true,
          "dev": true,
          "optional": true,
          "requires": {
            "number-is-nan": "^1.0.0"
          }
@ -6219,6 +6227,7 @@
          "version": "3.0.4",
          "bundled": true,
          "dev": true,
          "optional": true,
          "requires": {
            "brace-expansion": "^1.1.7"
          }
@ -6226,12 +6235,14 @@
        "minimist": {
          "version": "0.0.8",
          "bundled": true,
-            "dev": true
+          "dev": true,
          "optional": true
        },
        "minipass": {
          "version": "2.3.5",
          "bundled": true,
          "dev": true,
          "optional": true,
          "requires": {
            "safe-buffer": "^5.1.2",
            "yallist": "^3.0.0"
@ -6250,6 +6261,7 @@
          "version": "0.5.1",
          "bundled": true,
          "dev": true,
          "optional": true,
          "requires": {
            "minimist": "0.0.8"
          }
@ -6330,7 +6342,8 @@
        "number-is-nan": {
          "version": "1.0.1",
          "bundled": true,
-            "dev": true
+          "dev": true,
          "optional": true
        },
        "object-assign": {
          "version": "4.1.1",
@ -6342,6 +6355,7 @@
          "version": "1.4.0",
          "bundled": true,
          "dev": true,
          "optional": true,
          "requires": {
            "wrappy": "1"
          }
@ -6427,7 +6441,8 @@
        "safe-buffer": {
          "version": "5.1.2",
          "bundled": true,
-            "dev": true
+          "dev": true,
          "optional": true
        },
        "safer-buffer": {
          "version": "2.1.2",
@ -6463,6 +6478,7 @@
          "version": "1.0.2",
          "bundled": true,
          "dev": true,
          "optional": true,
          "requires": {
            "code-point-at": "^1.0.0",
            "is-fullwidth-code-point": "^1.0.0",
@ -6482,6 +6498,7 @@
          "version": "3.0.1",
          "bundled": true,
          "dev": true,
          "optional": true,
          "requires": {
            "ansi-regex": "^2.0.0"
          }
@ -6525,12 +6542,14 @@
        "wrappy": {
          "version": "1.0.2",
          "bundled": true,
-            "dev": true
+          "dev": true,
          "optional": true
        },
        "yallist": {
          "version": "3.0.3",
          "bundled": true,
-            "dev": true
+          "dev": true,
          "optional": true
        }
      }
    },
--- a/src/main/java/org/hostsharing/hsadminng/service/dto/CustomerDTO.java
+++ b/src/main/java/org/hostsharing/hsadminng/service/dto/CustomerDTO.java
@ -14,60 +14,55 @@ import org.apache.commons.lang3.NotImplementedException;
 import org.hostsharing.hsadminng.security.SecurityUtils;
 import org.springframework.boot.jackson.JsonComponent;
 import javax.annotation.PostConstruct;
 import javax.validation.constraints.*;
 import java.beans.IntrospectionException;
 import java.beans.Introspector;
 import java.beans.PropertyDescriptor;
 import java.io.IOException;
 import java.io.Serializable;
 import java.lang.annotation.*;
 import java.lang.reflect.Field;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.util.Objects;
 import java.util.Optional;
 /**
 * A DTO for the Customer entity.
 */
@ReadableFor(Role.ANY_CUSTOMER_USER)
@WritableFor(Role.SUPPORTER)
 public class CustomerDTO implements Serializable {
-    @WritableFor(Role.NOBODY)
+    @AccessFor(read = Role.ANY_CUSTOMER_USER)
    private Long id;
    @NotNull
    @Min(value = 10000)
    @Max(value = 99999)
    @AccessFor(init = Role.ADMIN, read = Role.ANY_CUSTOMER_USER)
    private Integer number;
    @NotNull
    @Pattern(regexp = "[a-z][a-z0-9]+")
    @AccessFor(init = Role.ADMIN, read = Role.ANY_CUSTOMER_USER)
    private String prefix;
    @NotNull
    @Size(max = 80)
    @AccessFor(init = Role.ADMIN, read = Role.ANY_CUSTOMER_USER)
    private String name;
    @NotNull
    @Size(max = 400)
-    @ReadableFor(Role.CONTRACTUAL_CONTACT)
+    @AccessFor(init = Role.ADMIN, update = Role.ADMIN, read = Role.CONTRACTUAL_CONTACT)
    private String contractualAddress;
    @Size(max = 80)
-    @ReadableFor(Role.CONTRACTUAL_CONTACT)
+    @AccessFor(init = Role.ADMIN, update = Role.CONTRACTUAL_CONTACT, read = Role.ANY_CUSTOMER_CONTACT)
    @WritableFor(Role.CONTRACTUAL_CONTACT)
    private String contractualSalutation;
    @Size(max = 400)
-    @ReadableFor(Role.CONTRACTUAL_CONTACT)
+    @AccessFor(init = Role.ADMIN, update = Role.ADMIN, read = Role.CONTRACTUAL_CONTACT)
    private String billingAddress;
    @Size(max = 80)
-    @ReadableFor(Role.CONTRACTUAL_CONTACT)
+    @AccessFor(init = Role.ADMIN, update = {Role.CONTRACTUAL_CONTACT, Role.FINANCIAL_CONTACT}, read = Role.CONTRACTUAL_CONTACT)
    @WritableFor(Role.CONTRACTUAL_CONTACT)
    private String billingSalutation;
    public Long getId() {
@ -172,65 +167,46 @@ public class CustomerDTO implements Serializable {
    @JsonComponent
    public static class CustomerJsonSerializer extends JsonSerializer<CustomerDTO> {
        private Optional<String> login;
        @PostConstruct
        public void getLoginUser() {
            this.login = SecurityUtils.getCurrentUserLogin();
        }
        @Override
        public void serialize(CustomerDTO dto, JsonGenerator jsonGenerator,
                              SerializerProvider serializerProvider) throws IOException {
            jsonGenerator.writeStartObject();
-            try {
+            for (Field prop : CustomerDTO.class.getDeclaredFields()) {
                for (PropertyDescriptor prop : Introspector.getBeanInfo(CustomerDTO.class).getPropertyDescriptors()) {
                    if (isRealProprety(prop)) {
                toJSon(dto, jsonGenerator, prop);
            }
                }
            } catch (IntrospectionException e) {
                throw new RuntimeException(e);
            }
 //
 //            jsonGenerator.writeNumberField("number", dto.getNumber());
 //            jsonGenerator.writeStringField("prefix", dto.getPrefix());
 //            jsonGenerator.writeStringField("name", dto.getName());
 //            toJSonString(dto, jsonGenerator,"contractualAddress");
 //            jsonGenerator.writeStringField("contractualSalutation", dto.getContractualSalutation());
 //            jsonGenerator.writeStringField("billingAddress", dto.getBillingAddress());
 //            jsonGenerator.writeStringField("billingSalutation", dto.getBillingSalutation());
            jsonGenerator.writeEndObject();
        }
-        private boolean isRealProprety(PropertyDescriptor prop) {
+        private void toJSon(CustomerDTO dto, JsonGenerator jsonGenerator, Field prop) throws IOException {
-            return prop.getWriteMethod() != null;
+            if (getLoginUserRole().isAllowedToRead(prop)) {
        }
        private void toJSonString(CustomerDTO user, JsonGenerator jsonGenerator, String fieldName) throws IOException {
            if (isReadAllowed(fieldName)) {
                jsonGenerator.writeStringField(fieldName, user.getContractualAddress());
            }
        }
        private void toJSon(CustomerDTO dto, JsonGenerator jsonGenerator, PropertyDescriptor prop) throws IOException {
                final String fieldName = prop.getName();
-            if (isReadAllowed(fieldName)) {
+                if (Integer.class.isAssignableFrom(prop.getType()) || int.class.isAssignableFrom(prop.getType())) {
-                if (Integer.class.isAssignableFrom(prop.getPropertyType()) || int.class.isAssignableFrom(prop.getPropertyType())) {
+                    jsonGenerator.writeNumberField(fieldName, (int) get(dto, prop));
-                    jsonGenerator.writeNumberField(fieldName, (int) invoke(dto, prop.getReadMethod()));
+                } else if (Long.class.isAssignableFrom(prop.getType()) || long.class.isAssignableFrom(prop.getType())) {
-                } else if (Long.class.isAssignableFrom(prop.getPropertyType()) || long.class.isAssignableFrom(prop.getPropertyType())) {
+                    jsonGenerator.writeNumberField(fieldName, (long) get(dto, prop));
-                    jsonGenerator.writeNumberField(fieldName, (long) invoke(dto, prop.getReadMethod()));
+                } else if (String.class.isAssignableFrom(prop.getType())) {
-                } else if (String.class.isAssignableFrom(prop.getPropertyType())) {
+                    jsonGenerator.writeStringField(fieldName, (String) get(dto, prop));
                    jsonGenerator.writeStringField(fieldName, (String) invoke(dto, prop.getReadMethod()));
                } else {
                    throw new NotImplementedException("property type not yet implemented" + prop);
                }
            }
        }
        private Object get(CustomerDTO dto, Field field) {
            try {
                field.setAccessible(true);
                return field.get(dto);
            } catch (IllegalAccessException e) {
                throw new RuntimeException(e);
            }
        }
        private Role getLoginUserRole() {
            return SecurityUtils.getCurrentUserLogin().map(u -> Role.valueOf(u.toUpperCase())).orElse(Role.ANYBODY);
        }
        private Object invoke(Object dto, Method method) {
            try {
                return method.invoke(dto);
@ -239,12 +215,6 @@ public class CustomerDTO implements Serializable {
            }
        }
        private boolean isReadAllowed(String fieldName) {
            if ( fieldName.equals("contractualAddress") ) {
                return login.map(user -> user.equals("admin")).orElse(false);
            }
            return true;
        }
    }
    @JsonComponent
@ -274,27 +244,73 @@ public class CustomerDTO implements Serializable {
 enum Role {
    NOBODY(0), HOSTMASTER(1), ADMIN(2), SUPPORTER(3),
-    ANY_CUSTOMER_CONTACT(10), CONTRACTUAL_CONTACT(11),
+    ANY_CUSTOMER_CONTACT(20), CONTRACTUAL_CONTACT(21), FINANCIAL_CONTACT(22), TECHNICAL_CONTACT(22),
-    ANY_CUSTOMER_USER(30);
+    ANY_CUSTOMER_USER(80),
    ANYBODY(99);
    private final int level;
    Role(final int level) {
        this.level = level;
    }
    boolean covers(final Role role) {
        return this == role || this.level < role.level;
    }
    public boolean isAllowedToInit(Field field) {
        final AccessFor accessFor = field.getAnnotation(AccessFor.class);
        if (accessFor == null) {
            return false;
        }
        return isRoleCovered(accessFor.init());
    }
    public boolean isAllowedToUpdate(Field field) {
        final Role loginUserRole = SecurityUtils.getCurrentUserLogin().map(u -> Role.valueOf(u.toUpperCase())).orElse(Role.ANYBODY);
        final AccessFor accessFor = field.getAnnotation(AccessFor.class);
        if (accessFor == null) {
            return false;
        }
        return isRoleCovered(accessFor.update());
    }
    public boolean isAllowedToRead(Field field) {
        final Role loginUserRole = SecurityUtils.getCurrentUserLogin().map(u -> Role.valueOf(u.toUpperCase())).orElse(Role.ANYBODY);
        final AccessFor accessFor = field.getAnnotation(AccessFor.class);
        if (accessFor == null) {
            return false;
        }
        return isRoleCovered(accessFor.read());
    }
    private boolean isRoleCovered(Role[] requiredRoles) {
        for (Role accessAllowedForRole : requiredRoles) {
            if (this.covers(accessAllowedForRole)) {
                return true;
            }
        }
        return false;
    }
 }
@Target({ElementType.FIELD, ElementType.TYPE_USE})
@Retention(RetentionPolicy.RUNTIME)
@Documented
-@interface ReadableFor {
+@interface AccessFor {
    Role[] init() default Role.NOBODY;
    Role[] update() default Role.NOBODY;
    Role[] read() default Role.NOBODY;
 }
@Target({ElementType.FIELD, ElementType.TYPE_USE})
@Retention(RetentionPolicy.RUNTIME)
@Documented
@interface WritableFor {
 }
--- a/src/test/java/org/hostsharing/hsadminng/service/dto/CustomerDTOUnitTest.java
+++ b/src/test/java/org/hostsharing/hsadminng/service/dto/CustomerDTOUnitTest.java
@ -27,26 +27,42 @@ public class CustomerDTOUnitTest {
    private ObjectMapper objectMapper;
    @Test
-    public void testSerializationAsCustomer() throws JsonProcessingException {
+    public void testSerializationAsContractualCustomerContact() throws JsonProcessingException {
        // given
        CustomerDTO given = createSomeCustomerDTO();
-        givenLoginUser("customer");
+        givenLoginUserWithRole("ANY_CUSTOMER_USER");
        // when
        String actual = objectMapper.writeValueAsString(given);
        // then
        given.setContractualAddress(null);
-        //given.setContractualSalutation(null);
+        given.setContractualSalutation(null);
        given.setBillingAddress(null);
        given.setBillingSalutation(null);
        assertEquals(createExpectedJSon(given), actual);
    }
    @Test
-    public void testDeserializeAsCustomer() throws IOException {
+    public void testSerializationAsSupporter() throws JsonProcessingException {
        // given
        CustomerDTO given = createSomeCustomerDTO();
        givenLoginUserWithRole("SUPPORTER");
        // when
        String actual = objectMapper.writeValueAsString(given);
        // then
        assertEquals(createExpectedJSon(given), actual);
    }
    @Test
    public void testDeserializeAsContractualCustomerContact() throws IOException {
        // given
        String json = "{\"id\":1234,\"number\":10001,\"prefix\":\"abc\",\"name\":\"Mein Name\",\"contractualAddress\":\"Eine Adresse\",\"contractualSalutation\":\"Hallo\",\"billingAddress\":\"Noch eine Adresse\",\"billingSalutation\":\"Moin\"}";
-        givenLoginUser("customer");
+        givenLoginUserWithRole("CONTRACTUAL_CONTACT");
        // when
        CustomerDTO actual = objectMapper.readValue(json, CustomerDTO.class);
@ -66,14 +82,14 @@ public class CustomerDTOUnitTest {
    private String createExpectedJSon(CustomerDTO dto) {
        String json = // the fields in alphanumeric order:
-            toJSonFieldDefinitionIfPresent("billingAddress", dto.getBillingAddress()) +
+            toJSonFieldDefinitionIfPresent("id", dto.getId()) +
-                toJSonFieldDefinitionIfPresent("billingSalutation", dto.getBillingSalutation()) +
+                toJSonFieldDefinitionIfPresent("number", dto.getNumber()) +
                toJSonFieldDefinitionIfPresent("prefix", dto.getPrefix()) +
                toJSonFieldDefinitionIfPresent("name", dto.getName()) +
                toJSonFieldDefinitionIfPresent("contractualAddress", dto.getContractualAddress()) +
                toJSonFieldDefinitionIfPresent("contractualSalutation", dto.getContractualSalutation()) +
-                toJSonFieldDefinitionIfPresent("id", dto.getId()) +
+                toJSonFieldDefinitionIfPresent("billingAddress", dto.getBillingAddress()) +
-                toJSonFieldDefinitionIfPresent("name", dto.getName()) +
+                toJSonFieldDefinitionIfPresent("billingSalutation", dto.getBillingSalutation());
                toJSonFieldDefinitionIfPresent("number", dto.getNumber()) +
                toJSonFieldDefinitionIfPresent("prefix", dto.getPrefix());
        return "{" + json.substring(0, json.length() - 1) + "}";
    }
@ -99,11 +115,11 @@ public class CustomerDTOUnitTest {
        given.setContractualSalutation("Hallo");
        given.setBillingAddress("Noch eine Adresse");
        given.setBillingSalutation("Moin");
-        givenLoginUser("admin");
+        givenLoginUserWithRole("admin");
        return given;
    }
-    private void givenLoginUser(String userName) {
+    private void givenLoginUserWithRole(String userName) {
        SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
        securityContext.setAuthentication(new UsernamePasswordAuthenticationToken(userName, userName));
        SecurityContextHolder.setContext(securityContext);