hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 3 Activity

for now, make give all users the role of a HOSTMASTER

Browse Source
This commit is contained in:
Michael Hoennig 2019-04-25 12:56:51 +02:00
parent 3e30cf2d17
commit fb3b79cfc4
8 changed files with 48 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/main/java/org/hostsharing/hsadminng/HsadminNgApp.java
View File

@ -1,11 +1,11 @@
package org.hostsharing.hsadminng; package org.hostsharing.hsadminng;
import io.github.jhipster.config.JHipsterConstants;
import org.apache.commons.lang3.StringUtils;
import org.hostsharing.hsadminng.config.ApplicationProperties; import org.hostsharing.hsadminng.config.ApplicationProperties;
import org.hostsharing.hsadminng.config.DefaultProfileUtil; import org.hostsharing.hsadminng.config.DefaultProfileUtil;
import org.hostsharing.hsadminng.security.SecurityUtils;
import io.github.jhipster.config.JHipsterConstants; import org.hostsharing.hsadminng.service.accessfilter.Role;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.boot.SpringApplication; import org.springframework.boot.SpringApplication;
@ -41,6 +41,10 @@ public class HsadminNgApp {
*/ */
@PostConstruct @PostConstruct
public void initApplication() { public void initApplication() {
// TODO: remove this hack once proper user roles are implemented
SecurityUtils.addUserRole(null, null, Role.HOSTMASTER);
Collection<String> activeProfiles = Arrays.asList(env.getActiveProfiles()); Collection<String> activeProfiles = Arrays.asList(env.getActiveProfiles());
if (activeProfiles.contains(JHipsterConstants.SPRING_PROFILE_DEVELOPMENT) && activeProfiles.contains(JHipsterConstants.SPRING_PROFILE_PRODUCTION)) { if (activeProfiles.contains(JHipsterConstants.SPRING_PROFILE_DEVELOPMENT) && activeProfiles.contains(JHipsterConstants.SPRING_PROFILE_PRODUCTION)) {
log.error("You have misconfigured your application! It should not run " + log.error("You have misconfigured your application! It should not run " +

4
src/main/java/org/hostsharing/hsadminng/security/AuthoritiesConstants.java
View File

@ -5,8 +5,12 @@ package org.hostsharing.hsadminng.security;
*/ */
public final class AuthoritiesConstants { public final class AuthoritiesConstants {
public static final String HOSTMASTER = "ROLE_HOSTMASTER";
public static final String ADMIN = "ROLE_ADMIN"; public static final String ADMIN = "ROLE_ADMIN";
public static final String SUPPORTER = "ROLE_SUPPORTER";
public static final String USER = "ROLE_USER"; public static final String USER = "ROLE_USER";
public static final String ANONYMOUS = "ROLE_ANONYMOUS"; public static final String ANONYMOUS = "ROLE_ANONYMOUS";

28
src/main/java/org/hostsharing/hsadminng/service/accessfilter/JSonDeserializerWithAccessFilter.java
View File

@ -3,10 +3,7 @@ package org.hostsharing.hsadminng.service.accessfilter;
import com.fasterxml.jackson.core.JsonParser; import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.TreeNode; import com.fasterxml.jackson.core.TreeNode;
import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.node.ArrayNode; import com.fasterxml.jackson.databind.node.*;
import com.fasterxml.jackson.databind.node.IntNode;
import com.fasterxml.jackson.databind.node.LongNode;
import com.fasterxml.jackson.databind.node.TextNode;
import org.apache.commons.lang3.NotImplementedException; import org.apache.commons.lang3.NotImplementedException;
import org.apache.commons.lang3.ObjectUtils; import org.apache.commons.lang3.ObjectUtils;
import org.hostsharing.hsadminng.service.util.ReflectionUtil; import org.hostsharing.hsadminng.service.util.ReflectionUtil;
@ -60,7 +57,7 @@ public class JSonDeserializerWithAccessFilter<T> extends JSonAccessFilter<T> {
} }
private void overwriteUnmodifiedFieldsWithCurrentValues(final Object currentDto) { private void overwriteUnmodifiedFieldsWithCurrentValues(final Object currentDto) {
if ( currentDto == null ) { if (currentDto == null) {
return; return;
} }
for (Field field : currentDto.getClass().getDeclaredFields()) { for (Field field : currentDto.getClass().getDeclaredFields()) {
@ -79,21 +76,30 @@ public class JSonDeserializerWithAccessFilter<T> extends JSonAccessFilter<T> {
private Object readValue(final TreeNode treeNode, final String fieldName, final Class<?> fieldClass) { private Object readValue(final TreeNode treeNode, final String fieldName, final Class<?> fieldClass) {
final TreeNode fieldNode = treeNode.get(fieldName); final TreeNode fieldNode = treeNode.get(fieldName);
if (fieldNode instanceof NullNode) {
return null;
}
if (fieldNode instanceof TextNode) { if (fieldNode instanceof TextNode) {
return ((TextNode) fieldNode).asText(); return ((TextNode) fieldNode).asText();
} else if (fieldNode instanceof IntNode) { }
if (fieldNode instanceof IntNode) {
return ((IntNode) fieldNode).asInt(); return ((IntNode) fieldNode).asInt();
} else if (fieldNode instanceof LongNode) { }
if (fieldNode instanceof LongNode) {
return ((LongNode) fieldNode).asLong(); return ((LongNode) fieldNode).asLong();
} else if (fieldNode instanceof ArrayNode && LocalDate.class.isAssignableFrom(fieldClass)) { }
if (fieldNode instanceof ArrayNode && LocalDate.class.isAssignableFrom(fieldClass)) {
return LocalDate.of(((ArrayNode) fieldNode).get(0).asInt(), ((ArrayNode) fieldNode).get(1).asInt(), ((ArrayNode) fieldNode).get(2).asInt()); return LocalDate.of(((ArrayNode) fieldNode).get(0).asInt(), ((ArrayNode) fieldNode).get(1).asInt(), ((ArrayNode) fieldNode).get(2).asInt());
} else { }
{
throw new NotImplementedException("property type not yet implemented: " + fieldNode + " -> " + fieldName + ": " + fieldClass); throw new NotImplementedException("property type not yet implemented: " + fieldNode + " -> " + fieldName + ": " + fieldClass);
} }
} }
private void writeValue(final T dto, final Field field, final Object value) { private void writeValue(final T dto, final Field field, final Object value) {
if (field.getType().isAssignableFrom(value.getClass())) { if (value == null) {
ReflectionUtil.setValue(dto, field, null);
} else if (field.getType().isAssignableFrom(value.getClass())) {
ReflectionUtil.setValue(dto, field, value); ReflectionUtil.setValue(dto, field, value);
} else if (Integer.class.isAssignableFrom(field.getType()) || int.class.isAssignableFrom(field.getType())) { } else if (Integer.class.isAssignableFrom(field.getType()) || int.class.isAssignableFrom(field.getType())) {
ReflectionUtil.setValue(dto, field, ((Number) value).intValue()); ReflectionUtil.setValue(dto, field, ((Number) value).intValue());
@ -121,7 +127,7 @@ public class JSonDeserializerWithAccessFilter<T> extends JSonAccessFilter<T> {
throw new BadRequestAlertException("Referencing field " + toDisplay(field) + " prohibited for current user role " + role, toDisplay(field), "referencingProhibited"); throw new BadRequestAlertException("Referencing field " + toDisplay(field) + " prohibited for current user role " + role, toDisplay(field), "referencingProhibited");
} }
} }
} else if (isUpdate(field, dto, currentDto) && !getLoginUserRole().isAllowedToUpdate(field)){ } else if (isUpdate(field, dto, currentDto) && !getLoginUserRole().isAllowedToUpdate(field)) {
throw new BadRequestAlertException("Update of field " + toDisplay(field) + " prohibited for current user role " + role, toDisplay(field), "updateProhibited"); throw new BadRequestAlertException("Update of field " + toDisplay(field) + " prohibited for current user role " + role, toDisplay(field), "updateProhibited");
} }
} }

2
src/main/resources/.h2.server.properties
View File

@ -1,5 +1,5 @@
#H2 Server Properties #H2 Server Properties
#Wed Apr 03 13:36:25 CEST 2019 #Thu Apr 25 12:42:42 CEST 2019
0=JHipster H2 (Memory)|org.h2.Driver|jdbc\:h2\:mem\:hsadminng|hsadminNg 0=JHipster H2 (Memory)|org.h2.Driver|jdbc\:h2\:mem\:hsadminng|hsadminNg
webAllowOthers=true webAllowOthers=true
webPort=8082 webPort=8082

2
src/main/resources/config/liquibase/authorities.csv
View File

@ -1,3 +1,5 @@
name name
ROLE_HOSTMASTER
ROLE_ADMIN ROLE_ADMIN
ROLE_SUPPORTER
ROLE_USER ROLE_USER

1 name
2 ROLE_HOSTMASTER
3 ROLE_ADMIN
4 ROLE_SUPPORTER
5 ROLE_USER

1
src/main/resources/config/liquibase/users_authorities.csv
View File

@ -1,4 +1,5 @@
user_id;authority_name user_id;authority_name
1;ROLE_HOSTMASTER
1;ROLE_ADMIN 1;ROLE_ADMIN
1;ROLE_USER 1;ROLE_USER
3;ROLE_ADMIN 3;ROLE_ADMIN

1 user_id authority_name
2 1 ROLE_HOSTMASTER
3 1 ROLE_ADMIN
4 1 ROLE_USER
5 3 ROLE_ADMIN

2
src/test/java/org/hostsharing/hsadminng/service/accessfilter/JSonBuilder.java
View File

@ -21,7 +21,7 @@ public class JSonBuilder {
} }
private static String inQuotes(Object value) { private static String inQuotes(Object value) {
return "\"" + value.toString() + "\""; return value != null ? "\"" + value.toString() + "\"" : "null";
} }
} }

14
src/test/java/org/hostsharing/hsadminng/service/accessfilter/JSonDeserializerWithAccessFilterUnitTest.java
View File

@ -72,6 +72,20 @@ public class JSonDeserializerWithAccessFilterUnitTest {
given(jsonParser.getCodec()).willReturn(codec); given(jsonParser.getCodec()).willReturn(codec);
} }
@Test
public void shouldDeserializeNullField() throws IOException {
// given
givenJSonTree(asJSon(
ImmutablePair.of("id", 1234L),
ImmutablePair.of("openStringField", null)));
// when
GivenDto actualDto = new JSonDeserializerWithAccessFilter<>(ctx, jsonParser, null, GivenDto.class).deserialize();
// then
assertThat(actualDto.openStringField).isNull();
}
@Test @Test
public void shouldDeserializeStringField() throws IOException { public void shouldDeserializeStringField() throws IOException {
// given // given