hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 2 Activity

JavaDoc for Role

Browse Source
This commit is contained in:
Michael Hoennig 2019-04-19 07:46:11 +02:00
parent f4960f260e
commit d5a37ddfae
1 changed files with 92 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
src/main/java/org/hostsharing/hsadminng/service/accessfilter/Role.java
View File

@ -4,10 +4,63 @@ import org.hostsharing.hsadminng.security.SecurityUtils;
import java.lang.reflect.Field; import java.lang.reflect.Field;
/**
* These enum values are on the one hand used to define the minimum role required to grant access to resources,
* but on the other hand also for the roles users can be assigned to.
*/
public enum Role { public enum Role {
NOBODY(0), HOSTMASTER(1), ADMIN(2), SUPPORTER(3), /**
ANY_CUSTOMER_CONTACT(20), CONTRACTUAL_CONTACT(21), FINANCIAL_CONTACT(22), TECHNICAL_CONTACT(22), * Default for access rights requirement. You can read it as: 'Nobody is allowed to ...'.
* This is usually used for fields which are managed by hsadminNg itself.
*/
NOBODY(0),
/**
* Hostmasters are initialize/update/read and field which, except where NOBODY is allowed to.
*/
HOSTMASTER(1),
/**
* This role is for administrators, e.g. to create memberships and book shared and assets.
*/
ADMIN(2),
/**
* This role is for members of the support team.
*/
SUPPORTER(3),
/**
* This meta-role is to specify that any kind of customer contact can get access to the resource.
*/
ANY_CUSTOMER_CONTACT(20),
/**
* This role is for contractual contacts of a customer, like a director of the company.
* Who has this role, has the broadest access to all resources which belong to this customer.
* Everything which relates to the contract with the customer, needs this role.
*/
CONTRACTUAL_CONTACT(21),
/**
* This role is for financial contacts of a customer, e.g. for accessing billing data.
*/
FINANCIAL_CONTACT(22),
/**
* This role is for technical contacts of a customer.
*/
TECHNICAL_CONTACT(22),
/**
* Any user which belongs to a customer has at least this role.
*/
ANY_CUSTOMER_USER(80), ANY_CUSTOMER_USER(80),
/**
* This role is meant to specify that a resources can be accessed by anybody, even without login.
* It's currently only used for technical purposes.
*/
ANYBODY(99); ANYBODY(99);
private final int level; private final int level;
@ -16,11 +69,30 @@ public enum Role {
this.level = level; this.level = level;
} }
/**
* Determines if the given role is covered by this role.
*
* Where 'this' means the Java instance itself as a role of a system user.
*
* @example
* Role.HOSTMASTER.covers(Role.ANY_CUSTOMER_USER) == true
*
* @param role The required role for a resource.
*
* @return whether this role comprises the given role
*/
boolean covers(final Role role) { boolean covers(final Role role) {
return this == role || this.level < role.level; return this == role || this.level < role.level;
} }
public boolean isAllowedToInit(Field field) { /**
* Checks if this role of a user allows to initialize the given field when creating the resource.
*
* @param field a field of the DTO of a resource
*
* @return true if allowed
*/
public boolean isAllowedToInit(final Field field) {
final AccessFor accessFor = field.getAnnotation(AccessFor.class); final AccessFor accessFor = field.getAnnotation(AccessFor.class);
if (accessFor == null) { if (accessFor == null) {
@ -30,7 +102,14 @@ public enum Role {
return isRoleCovered(accessFor.init()); return isRoleCovered(accessFor.init());
} }
public boolean isAllowedToUpdate(Field field) { /**
* Checks if this role of a user allows to update the given field.
*
* @param field a field of the DTO of a resource
*
* @return true if allowed
*/
public boolean isAllowedToUpdate(final Field field) {
final Role loginUserRole = SecurityUtils.getCurrentUserLogin().map(u -> Role.valueOf(u.toUpperCase())).orElse(Role.ANYBODY); final Role loginUserRole = SecurityUtils.getCurrentUserLogin().map(u -> Role.valueOf(u.toUpperCase())).orElse(Role.ANYBODY);
@ -42,7 +121,14 @@ public enum Role {
return isRoleCovered(accessFor.update()); return isRoleCovered(accessFor.update());
} }
public boolean isAllowedToRead(Field field) { /**
* Checks if this role of a user allows to read the given field.
*
* @param field a field of the DTO of a resource
*
* @return true if allowed
*/
public boolean isAllowedToRead(final Field field) {
final Role loginUserRole = SecurityUtils.getCurrentUserLogin().map(u -> Role.valueOf(u.toUpperCase())).orElse(Role.ANYBODY); final Role loginUserRole = SecurityUtils.getCurrentUserLogin().map(u -> Role.valueOf(u.toUpperCase())).orElse(Role.ANYBODY);
@ -54,7 +140,7 @@ public enum Role {
return isRoleCovered(accessFor.read()); return isRoleCovered(accessFor.read());
} }
private boolean isRoleCovered(Role[] requiredRoles) { private boolean isRoleCovered(final Role[] requiredRoles) {
for (Role accessAllowedForRole : requiredRoles) { for (Role accessAllowedForRole : requiredRoles) {
if (this.covers(accessAllowedForRole)) { if (this.covers(accessAllowedForRole)) {
return true; return true;