for now, make give all users the role of a HOSTMASTER

2019-04-25 12:56:51 +02:00 · 2019-04-25 12:56:51 +02:00 · fb3b79cfc4
commit fb3b79cfc4
parent 3e30cf2d17
8 changed files with 48 additions and 17 deletions
--- a/src/main/java/org/hostsharing/hsadminng/HsadminNgApp.java
+++ b/src/main/java/org/hostsharing/hsadminng/HsadminNgApp.java
@ -1,11 +1,11 @@
 package org.hostsharing.hsadminng;

+import io.github.jhipster.config.JHipsterConstants;
+import org.apache.commons.lang3.StringUtils;
 import org.hostsharing.hsadminng.config.ApplicationProperties;
 import org.hostsharing.hsadminng.config.DefaultProfileUtil;
-
-import io.github.jhipster.config.JHipsterConstants;
-
-import org.apache.commons.lang3.StringUtils;
+import org.hostsharing.hsadminng.security.SecurityUtils;
+import org.hostsharing.hsadminng.service.accessfilter.Role;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.SpringApplication;
@ -41,6 +41,10 @@ public class HsadminNgApp {
     */
    @PostConstruct
    public void initApplication() {
+
+        // TODO: remove this hack once proper user roles are implemented
+        SecurityUtils.addUserRole(null, null, Role.HOSTMASTER);
+
        Collection<String> activeProfiles = Arrays.asList(env.getActiveProfiles());
        if (activeProfiles.contains(JHipsterConstants.SPRING_PROFILE_DEVELOPMENT) && activeProfiles.contains(JHipsterConstants.SPRING_PROFILE_PRODUCTION)) {
            log.error("You have misconfigured your application! It should not run " +
--- a/src/main/java/org/hostsharing/hsadminng/security/AuthoritiesConstants.java
+++ b/src/main/java/org/hostsharing/hsadminng/security/AuthoritiesConstants.java
@ -5,8 +5,12 @@ package org.hostsharing.hsadminng.security;
 */
 public final class AuthoritiesConstants {

+    public static final String HOSTMASTER = "ROLE_HOSTMASTER";
+
    public static final String ADMIN = "ROLE_ADMIN";

+    public static final String SUPPORTER = "ROLE_SUPPORTER";
+
    public static final String USER = "ROLE_USER";

    public static final String ANONYMOUS = "ROLE_ANONYMOUS";
--- a/src/main/java/org/hostsharing/hsadminng/service/accessfilter/JSonDeserializerWithAccessFilter.java
+++ b/src/main/java/org/hostsharing/hsadminng/service/accessfilter/JSonDeserializerWithAccessFilter.java
@ -3,10 +3,7 @@ package org.hostsharing.hsadminng.service.accessfilter;
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.TreeNode;
 import com.fasterxml.jackson.databind.DeserializationContext;
-import com.fasterxml.jackson.databind.node.ArrayNode;
-import com.fasterxml.jackson.databind.node.IntNode;
-import com.fasterxml.jackson.databind.node.LongNode;
-import com.fasterxml.jackson.databind.node.TextNode;
+import com.fasterxml.jackson.databind.node.*;
 import org.apache.commons.lang3.NotImplementedException;
 import org.apache.commons.lang3.ObjectUtils;
 import org.hostsharing.hsadminng.service.util.ReflectionUtil;
@ -60,7 +57,7 @@ public class JSonDeserializerWithAccessFilter<T> extends JSonAccessFilter<T> {
    }

    private void overwriteUnmodifiedFieldsWithCurrentValues(final Object currentDto) {
-        if ( currentDto == null ) {
+        if (currentDto == null) {
            return;
        }
        for (Field field : currentDto.getClass().getDeclaredFields()) {
@ -79,21 +76,30 @@ public class JSonDeserializerWithAccessFilter<T> extends JSonAccessFilter<T> {

    private Object readValue(final TreeNode treeNode, final String fieldName, final Class<?> fieldClass) {
        final TreeNode fieldNode = treeNode.get(fieldName);
+        if (fieldNode instanceof NullNode) {
+            return null;
+        }
        if (fieldNode instanceof TextNode) {
            return ((TextNode) fieldNode).asText();
-        } else if (fieldNode instanceof IntNode) {
+        }
+        if (fieldNode instanceof IntNode) {
            return ((IntNode) fieldNode).asInt();
-        } else if (fieldNode instanceof LongNode) {
+        }
+        if (fieldNode instanceof LongNode) {
            return ((LongNode) fieldNode).asLong();
-        } else if (fieldNode instanceof ArrayNode && LocalDate.class.isAssignableFrom(fieldClass)) {
+        }
+        if (fieldNode instanceof ArrayNode && LocalDate.class.isAssignableFrom(fieldClass)) {
            return LocalDate.of(((ArrayNode) fieldNode).get(0).asInt(), ((ArrayNode) fieldNode).get(1).asInt(), ((ArrayNode) fieldNode).get(2).asInt());
-        } else {
+        }
+        {
            throw new NotImplementedException("property type not yet implemented: " + fieldNode + " -> " + fieldName + ": " + fieldClass);
        }
    }

    private void writeValue(final T dto, final Field field, final Object value) {
-        if (field.getType().isAssignableFrom(value.getClass())) {
+        if (value == null) {
+            ReflectionUtil.setValue(dto, field, null);
+        } else if (field.getType().isAssignableFrom(value.getClass())) {
            ReflectionUtil.setValue(dto, field, value);
        } else if (Integer.class.isAssignableFrom(field.getType()) || int.class.isAssignableFrom(field.getType())) {
            ReflectionUtil.setValue(dto, field, ((Number) value).intValue());
@ -121,7 +127,7 @@ public class JSonDeserializerWithAccessFilter<T> extends JSonAccessFilter<T> {
                            throw new BadRequestAlertException("Referencing field " + toDisplay(field) + " prohibited for current user role " + role, toDisplay(field), "referencingProhibited");
                        }
                    }
-                } else if (isUpdate(field, dto, currentDto) && !getLoginUserRole().isAllowedToUpdate(field)){
+                } else if (isUpdate(field, dto, currentDto) && !getLoginUserRole().isAllowedToUpdate(field)) {
                    throw new BadRequestAlertException("Update of field " + toDisplay(field) + " prohibited for current user role " + role, toDisplay(field), "updateProhibited");
                }
            }
--- a/src/main/resources/.h2.server.properties
+++ b/src/main/resources/.h2.server.properties
@ -1,5 +1,5 @@
 #H2 Server Properties
-#Wed Apr 03 13:36:25 CEST 2019
+#Thu Apr 25 12:42:42 CEST 2019
 0=JHipster H2 (Memory)|org.h2.Driver|jdbc\:h2\:mem\:hsadminng|hsadminNg
 webAllowOthers=true
 webPort=8082
--- a/src/main/resources/config/liquibase/authorities.csv
+++ b/src/main/resources/config/liquibase/authorities.csv
@ -1,3 +1,5 @@
 name
+ROLE_HOSTMASTER
 ROLE_ADMIN
+ROLE_SUPPORTER
 ROLE_USER
--- a/src/main/resources/config/liquibase/users_authorities.csv
+++ b/src/main/resources/config/liquibase/users_authorities.csv
@ -1,4 +1,5 @@
 user_id;authority_name
+1;ROLE_HOSTMASTER
 1;ROLE_ADMIN
 1;ROLE_USER
 3;ROLE_ADMIN
--- a/src/test/java/org/hostsharing/hsadminng/service/accessfilter/JSonBuilder.java
+++ b/src/test/java/org/hostsharing/hsadminng/service/accessfilter/JSonBuilder.java
@ -21,7 +21,7 @@ public class JSonBuilder {
    }

    private static String inQuotes(Object value) {
-        return "\"" + value.toString() + "\"";
+        return value != null ? "\"" + value.toString() + "\"" : "null";
    }

 }
--- a/src/test/java/org/hostsharing/hsadminng/service/accessfilter/JSonDeserializerWithAccessFilterUnitTest.java
+++ b/src/test/java/org/hostsharing/hsadminng/service/accessfilter/JSonDeserializerWithAccessFilterUnitTest.java
@ -72,6 +72,20 @@ public class JSonDeserializerWithAccessFilterUnitTest {
        given(jsonParser.getCodec()).willReturn(codec);
    }

+    @Test
+    public void shouldDeserializeNullField() throws IOException {
+        // given
+        givenJSonTree(asJSon(
+            ImmutablePair.of("id", 1234L),
+            ImmutablePair.of("openStringField", null)));
+
+        // when
+        GivenDto actualDto = new JSonDeserializerWithAccessFilter<>(ctx, jsonParser, null, GivenDto.class).deserialize();
+
+        // then
+        assertThat(actualDto.openStringField).isNull();
+    }
+
    @Test
    public void shouldDeserializeStringField() throws IOException {
        // given