From fb3b79cfc413e7d1e72156a9c23949ec3d1412b8 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Thu, 25 Apr 2019 12:56:51 +0200 Subject: [PATCH] for now, make give all users the role of a HOSTMASTER --- .../hostsharing/hsadminng/HsadminNgApp.java | 12 +++++--- .../security/AuthoritiesConstants.java | 4 +++ .../JSonDeserializerWithAccessFilter.java | 28 +++++++++++-------- src/main/resources/.h2.server.properties | 2 +- .../config/liquibase/authorities.csv | 2 ++ .../config/liquibase/users_authorities.csv | 1 + .../service/accessfilter/JSonBuilder.java | 2 +- ...nDeserializerWithAccessFilterUnitTest.java | 14 ++++++++++ 8 files changed, 48 insertions(+), 17 deletions(-) diff --git a/src/main/java/org/hostsharing/hsadminng/HsadminNgApp.java b/src/main/java/org/hostsharing/hsadminng/HsadminNgApp.java index d2e0adb8..3b119fde 100644 --- a/src/main/java/org/hostsharing/hsadminng/HsadminNgApp.java +++ b/src/main/java/org/hostsharing/hsadminng/HsadminNgApp.java @@ -1,11 +1,11 @@ package org.hostsharing.hsadminng; +import io.github.jhipster.config.JHipsterConstants; +import org.apache.commons.lang3.StringUtils; import org.hostsharing.hsadminng.config.ApplicationProperties; import org.hostsharing.hsadminng.config.DefaultProfileUtil; - -import io.github.jhipster.config.JHipsterConstants; - -import org.apache.commons.lang3.StringUtils; +import org.hostsharing.hsadminng.security.SecurityUtils; +import org.hostsharing.hsadminng.service.accessfilter.Role; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.boot.SpringApplication; @@ -41,6 +41,10 @@ public class HsadminNgApp { */ @PostConstruct public void initApplication() { + + // TODO: remove this hack once proper user roles are implemented + SecurityUtils.addUserRole(null, null, Role.HOSTMASTER); + Collection activeProfiles = Arrays.asList(env.getActiveProfiles()); if (activeProfiles.contains(JHipsterConstants.SPRING_PROFILE_DEVELOPMENT) && activeProfiles.contains(JHipsterConstants.SPRING_PROFILE_PRODUCTION)) { log.error("You have misconfigured your application! It should not run " + diff --git a/src/main/java/org/hostsharing/hsadminng/security/AuthoritiesConstants.java b/src/main/java/org/hostsharing/hsadminng/security/AuthoritiesConstants.java index 9aebdf89..bb1fd344 100644 --- a/src/main/java/org/hostsharing/hsadminng/security/AuthoritiesConstants.java +++ b/src/main/java/org/hostsharing/hsadminng/security/AuthoritiesConstants.java @@ -5,8 +5,12 @@ package org.hostsharing.hsadminng.security; */ public final class AuthoritiesConstants { + public static final String HOSTMASTER = "ROLE_HOSTMASTER"; + public static final String ADMIN = "ROLE_ADMIN"; + public static final String SUPPORTER = "ROLE_SUPPORTER"; + public static final String USER = "ROLE_USER"; public static final String ANONYMOUS = "ROLE_ANONYMOUS"; diff --git a/src/main/java/org/hostsharing/hsadminng/service/accessfilter/JSonDeserializerWithAccessFilter.java b/src/main/java/org/hostsharing/hsadminng/service/accessfilter/JSonDeserializerWithAccessFilter.java index de4085ec..0fe113a8 100644 --- a/src/main/java/org/hostsharing/hsadminng/service/accessfilter/JSonDeserializerWithAccessFilter.java +++ b/src/main/java/org/hostsharing/hsadminng/service/accessfilter/JSonDeserializerWithAccessFilter.java @@ -3,10 +3,7 @@ package org.hostsharing.hsadminng.service.accessfilter; import com.fasterxml.jackson.core.JsonParser; import com.fasterxml.jackson.core.TreeNode; import com.fasterxml.jackson.databind.DeserializationContext; -import com.fasterxml.jackson.databind.node.ArrayNode; -import com.fasterxml.jackson.databind.node.IntNode; -import com.fasterxml.jackson.databind.node.LongNode; -import com.fasterxml.jackson.databind.node.TextNode; +import com.fasterxml.jackson.databind.node.*; import org.apache.commons.lang3.NotImplementedException; import org.apache.commons.lang3.ObjectUtils; import org.hostsharing.hsadminng.service.util.ReflectionUtil; @@ -60,7 +57,7 @@ public class JSonDeserializerWithAccessFilter extends JSonAccessFilter { } private void overwriteUnmodifiedFieldsWithCurrentValues(final Object currentDto) { - if ( currentDto == null ) { + if (currentDto == null) { return; } for (Field field : currentDto.getClass().getDeclaredFields()) { @@ -79,21 +76,30 @@ public class JSonDeserializerWithAccessFilter extends JSonAccessFilter { private Object readValue(final TreeNode treeNode, final String fieldName, final Class fieldClass) { final TreeNode fieldNode = treeNode.get(fieldName); + if (fieldNode instanceof NullNode) { + return null; + } if (fieldNode instanceof TextNode) { return ((TextNode) fieldNode).asText(); - } else if (fieldNode instanceof IntNode) { + } + if (fieldNode instanceof IntNode) { return ((IntNode) fieldNode).asInt(); - } else if (fieldNode instanceof LongNode) { + } + if (fieldNode instanceof LongNode) { return ((LongNode) fieldNode).asLong(); - } else if (fieldNode instanceof ArrayNode && LocalDate.class.isAssignableFrom(fieldClass)) { + } + if (fieldNode instanceof ArrayNode && LocalDate.class.isAssignableFrom(fieldClass)) { return LocalDate.of(((ArrayNode) fieldNode).get(0).asInt(), ((ArrayNode) fieldNode).get(1).asInt(), ((ArrayNode) fieldNode).get(2).asInt()); - } else { + } + { throw new NotImplementedException("property type not yet implemented: " + fieldNode + " -> " + fieldName + ": " + fieldClass); } } private void writeValue(final T dto, final Field field, final Object value) { - if (field.getType().isAssignableFrom(value.getClass())) { + if (value == null) { + ReflectionUtil.setValue(dto, field, null); + } else if (field.getType().isAssignableFrom(value.getClass())) { ReflectionUtil.setValue(dto, field, value); } else if (Integer.class.isAssignableFrom(field.getType()) || int.class.isAssignableFrom(field.getType())) { ReflectionUtil.setValue(dto, field, ((Number) value).intValue()); @@ -121,7 +127,7 @@ public class JSonDeserializerWithAccessFilter extends JSonAccessFilter { throw new BadRequestAlertException("Referencing field " + toDisplay(field) + " prohibited for current user role " + role, toDisplay(field), "referencingProhibited"); } } - } else if (isUpdate(field, dto, currentDto) && !getLoginUserRole().isAllowedToUpdate(field)){ + } else if (isUpdate(field, dto, currentDto) && !getLoginUserRole().isAllowedToUpdate(field)) { throw new BadRequestAlertException("Update of field " + toDisplay(field) + " prohibited for current user role " + role, toDisplay(field), "updateProhibited"); } } diff --git a/src/main/resources/.h2.server.properties b/src/main/resources/.h2.server.properties index 909b4938..b775c018 100644 --- a/src/main/resources/.h2.server.properties +++ b/src/main/resources/.h2.server.properties @@ -1,5 +1,5 @@ #H2 Server Properties -#Wed Apr 03 13:36:25 CEST 2019 +#Thu Apr 25 12:42:42 CEST 2019 0=JHipster H2 (Memory)|org.h2.Driver|jdbc\:h2\:mem\:hsadminng|hsadminNg webAllowOthers=true webPort=8082 diff --git a/src/main/resources/config/liquibase/authorities.csv b/src/main/resources/config/liquibase/authorities.csv index af5c6dfa..f56c3aa4 100644 --- a/src/main/resources/config/liquibase/authorities.csv +++ b/src/main/resources/config/liquibase/authorities.csv @@ -1,3 +1,5 @@ name +ROLE_HOSTMASTER ROLE_ADMIN +ROLE_SUPPORTER ROLE_USER diff --git a/src/main/resources/config/liquibase/users_authorities.csv b/src/main/resources/config/liquibase/users_authorities.csv index 06c5feee..bb482bfa 100644 --- a/src/main/resources/config/liquibase/users_authorities.csv +++ b/src/main/resources/config/liquibase/users_authorities.csv @@ -1,4 +1,5 @@ user_id;authority_name +1;ROLE_HOSTMASTER 1;ROLE_ADMIN 1;ROLE_USER 3;ROLE_ADMIN diff --git a/src/test/java/org/hostsharing/hsadminng/service/accessfilter/JSonBuilder.java b/src/test/java/org/hostsharing/hsadminng/service/accessfilter/JSonBuilder.java index ec1d6487..01e3832f 100644 --- a/src/test/java/org/hostsharing/hsadminng/service/accessfilter/JSonBuilder.java +++ b/src/test/java/org/hostsharing/hsadminng/service/accessfilter/JSonBuilder.java @@ -21,7 +21,7 @@ public class JSonBuilder { } private static String inQuotes(Object value) { - return "\"" + value.toString() + "\""; + return value != null ? "\"" + value.toString() + "\"" : "null"; } } diff --git a/src/test/java/org/hostsharing/hsadminng/service/accessfilter/JSonDeserializerWithAccessFilterUnitTest.java b/src/test/java/org/hostsharing/hsadminng/service/accessfilter/JSonDeserializerWithAccessFilterUnitTest.java index af508886..686eff80 100644 --- a/src/test/java/org/hostsharing/hsadminng/service/accessfilter/JSonDeserializerWithAccessFilterUnitTest.java +++ b/src/test/java/org/hostsharing/hsadminng/service/accessfilter/JSonDeserializerWithAccessFilterUnitTest.java @@ -72,6 +72,20 @@ public class JSonDeserializerWithAccessFilterUnitTest { given(jsonParser.getCodec()).willReturn(codec); } + @Test + public void shouldDeserializeNullField() throws IOException { + // given + givenJSonTree(asJSon( + ImmutablePair.of("id", 1234L), + ImmutablePair.of("openStringField", null))); + + // when + GivenDto actualDto = new JSonDeserializerWithAccessFilter<>(ctx, jsonParser, null, GivenDto.class).deserialize(); + + // then + assertThat(actualDto.openStringField).isNull(); + } + @Test public void shouldDeserializeStringField() throws IOException { // given