From 2dd11948adc5911892ca936b8f69a92da504cd78 Mon Sep 17 00:00:00 2001 From: Peter Hormanns Date: Wed, 21 Jun 2023 20:54:50 +0200 Subject: [PATCH] stable version becomes master --- hsarback/database/schema.sql | 2 - .../de/hsadmin/remote/AbstractRemote.java | 11 ++-- .../java/de/hsadmin/remote/RoleRemote.java | 37 ++++++------ .../JsonPillarServlet.java | 2 +- .../de/hsadmin/servlets/PacTasksServlet.java | 3 +- hsarback/src/main/webapp/WEB-INF/web.xml | 2 +- .../de/hsadmin/core/model/AbstractEntity.java | 14 ++--- .../core/model/AbstractModuleImpl.java | 20 +++---- .../core/model/AuthorisationException.java | 10 ++-- .../core/model/SecureDefaultModuleImpl.java | 2 +- .../de/hsadmin/core/model/Transaction.java | 56 +++++++++---------- .../java/de/hsadmin/core/qserv/QueueTask.java | 32 +---------- .../core/qserv/WaitingTasksProcessor.java | 2 +- .../java/de/hsadmin/mods/cust/Customer.java | 5 +- .../java/de/hsadmin/mods/db/Database.java | 11 ++-- .../java/de/hsadmin/mods/db/DatabaseUser.java | 13 ++--- .../mods/db/MySqlDatabaseModuleImpl.java | 6 +- .../hsadmin/mods/db/MySqlUserModuleImpl.java | 4 +- .../mods/db/PgSqlDatabaseModuleImpl.java | 12 ++-- .../hsadmin/mods/db/PgSqlUserModuleImpl.java | 4 +- .../de/hsadmin/mods/dom/DomainModuleImpl.java | 14 ++--- .../de/hsadmin/mods/email/EMailAddress.java | 4 +- .../mods/email/EMailAddressModuleImpl.java | 6 +- .../de/hsadmin/mods/email/EMailAlias.java | 21 +++---- .../mods/email/EMailAliasModuleImpl.java | 4 +- .../main/java/de/hsadmin/mods/pac/Pac.java | 3 +- .../de/hsadmin/mods/pac/PacModuleImpl.java | 5 +- .../java/de/hsadmin/mods/user/UnixUser.java | 45 ++++++--------- .../hsadmin/mods/user/UnixUserModuleImpl.java | 37 ++++-------- 29 files changed, 148 insertions(+), 239 deletions(-) rename hsarback/src/main/java/de/hsadmin/{pillar => servlets}/JsonPillarServlet.java (99%) diff --git a/hsarback/database/schema.sql b/hsarback/database/schema.sql index db0ddba..a0de244 100644 --- a/hsarback/database/schema.sql +++ b/hsarback/database/schema.sql @@ -921,5 +921,3 @@ ALTER TABLE ONLY domain__domain_option ADD CONSTRAINT domain_id_fkey FOREIGN KEY (domain_id) REFERENCES domain(domain_id) DEFERRABLE; -ALTER TABLE queue_task ADD COLUMN login_user character varying(48); -ALTER TABLE queue_task ADD COLUMN runas_user character varying(48); diff --git a/hsarback/src/main/java/de/hsadmin/remote/AbstractRemote.java b/hsarback/src/main/java/de/hsadmin/remote/AbstractRemote.java index 06d62de..1f95e67 100644 --- a/hsarback/src/main/java/de/hsadmin/remote/AbstractRemote.java +++ b/hsarback/src/main/java/de/hsadmin/remote/AbstractRemote.java @@ -9,7 +9,6 @@ import java.util.List; import java.util.Map; import de.hsadmin.core.model.AbstractEntity; -import de.hsadmin.core.model.AuthenticatedUser; import de.hsadmin.core.model.AuthenticationException; import de.hsadmin.core.model.AuthorisationException; import de.hsadmin.core.model.GenericModuleImpl; @@ -44,7 +43,7 @@ public abstract class AbstractRemote implements IRemote { try { if (transaction.login(user, ticket)) { final ModuleInterface module = new GenericModuleImpl(transaction); - final AuthenticatedUser unixUser = transaction.getLoginUser(); + final UnixUser unixUser = transaction.getLoginUser(); final List list = module.search(getEntityClass(), buildQueryCondition(whereParams), null); if (list == null) { @@ -106,7 +105,7 @@ public abstract class AbstractRemote implements IRemote { try { if (transaction.login(user, ticket)) { final ModuleInterface module = new GenericModuleImpl(transaction); - final AuthenticatedUser authUser = transaction.getLoginUser(); + final UnixUser unixUser = transaction.getLoginUser(); final String queryCondition = buildQueryCondition(whereParams); if (queryCondition == null || queryCondition.length() == 0) { throw new HSAdminException( @@ -116,10 +115,10 @@ public abstract class AbstractRemote implements IRemote { queryCondition, null); transaction.beginTransaction(); for (AbstractEntity e : list) { - if (e.isWriteAllowedFor(authUser)) { + if (e.isWriteAllowedFor(unixUser)) { module.delete(e); } else { - throw new AuthorisationException(authUser, "delete", e); + throw new AuthorisationException(unixUser, "delete", e); } } transaction.commitTransaction(); @@ -143,7 +142,7 @@ public abstract class AbstractRemote implements IRemote { try { if (transaction.login(user, ticket)) { final ModuleInterface module = new GenericModuleImpl(transaction); - final AuthenticatedUser unixUser = transaction.getLoginUser(); + final UnixUser unixUser = transaction.getLoginUser(); final ArrayList> result = new ArrayList>(); final String queryCondition = buildQueryCondition(whereParams); if (queryCondition == null || queryCondition.length() == 0) { diff --git a/hsarback/src/main/java/de/hsadmin/remote/RoleRemote.java b/hsarback/src/main/java/de/hsadmin/remote/RoleRemote.java index e7f0a07..41349d4 100644 --- a/hsarback/src/main/java/de/hsadmin/remote/RoleRemote.java +++ b/hsarback/src/main/java/de/hsadmin/remote/RoleRemote.java @@ -6,7 +6,6 @@ import java.util.List; import java.util.Map; import de.hsadmin.core.model.AbstractEntity; -import de.hsadmin.core.model.AuthenticatedUser; import de.hsadmin.core.model.AuthenticationException; import de.hsadmin.core.model.GenericModuleImpl; import de.hsadmin.core.model.Transaction; @@ -14,7 +13,6 @@ import de.hsadmin.core.util.Config; import de.hsadmin.core.util.HSAdminException; import de.hsadmin.mods.dom.Domain; import de.hsadmin.mods.pac.Pac; -import de.hsadmin.mods.user.UnixUser; public class RoleRemote implements IRemote { @@ -27,25 +25,22 @@ public class RoleRemote implements IRemote { String role = "USER"; String accoutPrefixCustomer = Config.getInstance().getProperty("accountprefix.customer"); String accoutPrefixHostmaster = Config.getInstance().getProperty("accountprefix.hostmaster"); - final AuthenticatedUser loginUser = transaction.getLoginUser(); - if (loginUser instanceof UnixUser) { - Pac pac = ((UnixUser) loginUser).getPac(); - String pacName = pac.getName(); - if (accoutPrefixCustomer.equals(pacName)) { - role = "CUSTOMER"; - } - if (accoutPrefixHostmaster.equals(pacName)) { - role = "HOSTMASTER"; - } - if (user.equals(pacName)) { - role = "PAC_ADMIN_DW"; - } - if (role.equals("USER")) { - GenericModuleImpl module = new GenericModuleImpl(transaction); - List list = module.search(Domain.class, "obj.user.name = '" + user + "'", null); - if (list != null && list.size() > 0) { - role = "DOM_ADMIN"; - } + Pac pac = transaction.getLoginUser().getPac(); + String pacName = pac.getName(); + if (accoutPrefixCustomer.equals(pacName)) { + role = "CUSTOMER"; + } + if (accoutPrefixHostmaster.equals(pacName)) { + role = "HOSTMASTER"; + } + if (user.equals(pacName)) { + role = "PAC_ADMIN_DW"; + } + if (role.equals("USER")) { + GenericModuleImpl module = new GenericModuleImpl(transaction); + List list = module.search(Domain.class, "obj.user.name = '" + user + "'", null); + if (list != null && list.size() > 0) { + role = "DOM_ADMIN"; } } List> result = new ArrayList>(); diff --git a/hsarback/src/main/java/de/hsadmin/pillar/JsonPillarServlet.java b/hsarback/src/main/java/de/hsadmin/servlets/JsonPillarServlet.java similarity index 99% rename from hsarback/src/main/java/de/hsadmin/pillar/JsonPillarServlet.java rename to hsarback/src/main/java/de/hsadmin/servlets/JsonPillarServlet.java index 78bd670..f15b183 100644 --- a/hsarback/src/main/java/de/hsadmin/pillar/JsonPillarServlet.java +++ b/hsarback/src/main/java/de/hsadmin/servlets/JsonPillarServlet.java @@ -1,4 +1,4 @@ -package de.hsadmin.pillar; +package de.hsadmin.servlets; import java.io.IOException; import java.io.PrintWriter; diff --git a/hsarback/src/main/java/de/hsadmin/servlets/PacTasksServlet.java b/hsarback/src/main/java/de/hsadmin/servlets/PacTasksServlet.java index 68bc98b..1f10503 100644 --- a/hsarback/src/main/java/de/hsadmin/servlets/PacTasksServlet.java +++ b/hsarback/src/main/java/de/hsadmin/servlets/PacTasksServlet.java @@ -132,8 +132,7 @@ public class PacTasksServlet extends HttpServlet if ("pac.delete".equals(parts[0])) { proc = factory.createDeleteProcessor(em, pac); } - final String pacUser = pac.owningUser(em).getName(); - transaction.enqueue(pac.getHiveName(), new QueueTask(pacUser, pacUser, parts[0] + ":" + parts[1], message, proc)); + transaction.enqueue(pac.getHiveName(), new QueueTask(pac.owningUser(em), parts[0] + ":" + parts[1], message, proc)); em.clear(); em.flush(); transaction.commitTransaction(); diff --git a/hsarback/src/main/webapp/WEB-INF/web.xml b/hsarback/src/main/webapp/WEB-INF/web.xml index 3b189a3..a0178f5 100644 --- a/hsarback/src/main/webapp/WEB-INF/web.xml +++ b/hsarback/src/main/webapp/WEB-INF/web.xml @@ -39,7 +39,7 @@ PillarServlet - de.hsadmin.pillar.JsonPillarServlet + de.hsadmin.servlets.JsonPillarServlet diff --git a/qserv/src/main/java/de/hsadmin/core/model/AbstractEntity.java b/qserv/src/main/java/de/hsadmin/core/model/AbstractEntity.java index cb1e440..398f4df 100644 --- a/qserv/src/main/java/de/hsadmin/core/model/AbstractEntity.java +++ b/qserv/src/main/java/de/hsadmin/core/model/AbstractEntity.java @@ -82,7 +82,7 @@ public abstract class AbstractEntity { * * @return a restricting JPA-QL expression to limit access to entities */ - public static String restriction(Class entityClass, AuthenticatedUser loginUser) { + public static String restriction(Class entityClass, UnixUser loginUser) { // hostmasters don't get any restriction if (loginUser.hasHostmasterRole()) return null; @@ -159,7 +159,7 @@ public abstract class AbstractEntity { * @param em * @param loginUser */ - public void initialize(EntityManager em, AuthenticatedUser loginUser) { + public void initialize(EntityManager em, UnixUser loginUser) { } /** @@ -167,7 +167,7 @@ public abstract class AbstractEntity { * @param em * @param loginUser */ - public void complete(EntityManager em, AuthenticatedUser loginUser) { + public void complete(EntityManager em, UnixUser loginUser) { } /** @@ -180,7 +180,7 @@ public abstract class AbstractEntity { * @param em * @param loginUser */ - public AbstractEntity merge(EntityManager em, AuthenticatedUser loginUser) { + public AbstractEntity merge(EntityManager em, UnixUser loginUser) { return em.merge(this); } @@ -190,7 +190,7 @@ public abstract class AbstractEntity { * @param loginUser * @return */ - public boolean isReadAllowedFor(AuthenticatedUser loginUser) { + public boolean isReadAllowedFor(UnixUser loginUser) { return loginUser.hasHostmasterRole(); } @@ -200,7 +200,7 @@ public abstract class AbstractEntity { * @param loginUser * @return */ - public boolean isWriteAllowedFor(AuthenticatedUser loginUser) { + public boolean isWriteAllowedFor(UnixUser loginUser) { return loginUser.hasHostmasterRole(); } @@ -218,6 +218,6 @@ public abstract class AbstractEntity { * @param em * @return */ - public abstract AuthenticatedUser owningUser(EntityManager em); + public abstract UnixUser owningUser(EntityManager em); } diff --git a/qserv/src/main/java/de/hsadmin/core/model/AbstractModuleImpl.java b/qserv/src/main/java/de/hsadmin/core/model/AbstractModuleImpl.java index b4fb960..eadb74a 100644 --- a/qserv/src/main/java/de/hsadmin/core/model/AbstractModuleImpl.java +++ b/qserv/src/main/java/de/hsadmin/core/model/AbstractModuleImpl.java @@ -41,7 +41,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface { } public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException { - AuthenticatedUser loginUser = transaction.getLoginUser(); + UnixUser loginUser = transaction.getLoginUser(); EntityManager entityManager = transaction.getEntityManager(); newEntity.complete(entityManager, loginUser); entityManager.persist(newEntity); @@ -58,7 +58,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface { public AbstractEntity find(Class entityClass, Object key) throws HSAdminException { AbstractEntity entity = transaction.getEntityManager().find(entityClass, key); - AuthenticatedUser loginUser = transaction.getLoginUser(); + UnixUser loginUser = transaction.getLoginUser(); if (!entity.isReadAllowedFor(loginUser)) { throw new AuthorisationException(loginUser, "add", entity); } @@ -98,7 +98,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface { } public List search(Class entityClass, String condition, String orderBy, int limit) throws HSAdminException { - AuthenticatedUser loginUser = transaction.getLoginUser(); + UnixUser loginUser = transaction.getLoginUser(); condition = restrict(entityClass, loginUser, condition); Entity entityAnnot = entityClass.getAnnotation(Entity.class); String queryString = "SELECT obj FROM " + entityAnnot.name() + " obj"; @@ -120,9 +120,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface { } setQueryParameter(query, queryString, "loginUser", loginUser); setQueryParameter(query, queryString, "loginUserName", loginUser.getName()); - if (loginUser instanceof UnixUser) { - setQueryParameter(query, queryString, "loginUserPac", ((UnixUser)loginUser).getPac()); - } + setQueryParameter(query, queryString, "loginUserPac", loginUser.getPac()); try { List res = query.getResultList(); List ret = new LinkedList(); @@ -142,7 +140,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface { } public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException { - AuthenticatedUser loginUser = transaction.getLoginUser(); + UnixUser loginUser = transaction.getLoginUser(); existingEntity = existingEntity.merge(transaction.getEntityManager(), loginUser); if (!existingEntity.isWriteAllowedFor(loginUser)) { throw new AuthorisationException(loginUser, "update", existingEntity); @@ -156,7 +154,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface { } public void delete(AbstractEntity existingEntity) throws HSAdminException { - AuthenticatedUser loginUser = transaction.getLoginUser(); + UnixUser loginUser = transaction.getLoginUser(); EntityManager entityManager = transaction.getEntityManager(); existingEntity = entityManager.find(existingEntity.getClass(), existingEntity.id()); if (!existingEntity.isWriteAllowedFor(loginUser)) { @@ -192,7 +190,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface { return procFact; } - protected void queueProcessor(Processor proc, AuthenticatedUser authUser, AbstractEntity entity, String action) { + protected void queueProcessor(Processor proc, UnixUser user, AbstractEntity entity, String action) { if (proc == null || proc instanceof NullProcessor) { return; } @@ -200,7 +198,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface { String entityTypeName = entityInfo != null ? entityInfo.name() : entity.getClass().getSimpleName(); StringBuilder details = new StringBuilder(); String title = entityTypeName + " (" + entity.createStringKey() + ") " + action; - QueueTask task = new QueueTask(transaction.getLogin(), transaction.getRunas(), title, details.toString(), proc); + QueueTask task = new QueueTask(user, title, details.toString(), proc); transaction.getEntityManager().persist(task); transaction.enqueue(entity.getHiveName(), task); } @@ -216,7 +214,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface { /** * apply access restriction to JPA-QL condition. */ - private String restrict(Class entityClass, AuthenticatedUser loginUser, String condition) { + private String restrict(Class entityClass, UnixUser loginUser, String condition) { String restriction = AbstractEntity.restriction(entityClass, loginUser); if (restriction == null) return condition; diff --git a/qserv/src/main/java/de/hsadmin/core/model/AuthorisationException.java b/qserv/src/main/java/de/hsadmin/core/model/AuthorisationException.java index b488512..cca6db3 100644 --- a/qserv/src/main/java/de/hsadmin/core/model/AuthorisationException.java +++ b/qserv/src/main/java/de/hsadmin/core/model/AuthorisationException.java @@ -7,12 +7,12 @@ public class AuthorisationException extends HSAdminException { private static final long serialVersionUID = -8125905071037488732L; - private AuthenticatedUser user; + private UnixUser user; private String method; private AbstractEntity entity; private String field; - public AuthenticatedUser getUser() { + public UnixUser getUser() { return user; } @@ -28,14 +28,14 @@ public class AuthorisationException extends HSAdminException { return field; } - public AuthorisationException(AuthenticatedUser user, String method) { + public AuthorisationException(UnixUser user, String method) { super("nicht authorisiert fuer " + method + "()"); this.user = user; this.method = method; } - public AuthorisationException(AuthenticatedUser user, String method, AbstractEntity entity) { + public AuthorisationException(UnixUser user, String method, AbstractEntity entity) { super("nicht authorisiert fuer " + method + "(" + entity.createStringKey() + ")"); @@ -44,7 +44,7 @@ public class AuthorisationException extends HSAdminException { this.entity = entity; } - public AuthorisationException(AuthenticatedUser user, String method, AbstractEntity entity, + public AuthorisationException(UnixUser user, String method, AbstractEntity entity, String field) { super("nicht authorisiert fuer " + method + "(" + entity.createStringKey() + "." + field + ")"); diff --git a/qserv/src/main/java/de/hsadmin/core/model/SecureDefaultModuleImpl.java b/qserv/src/main/java/de/hsadmin/core/model/SecureDefaultModuleImpl.java index 71f37d9..270d6e1 100644 --- a/qserv/src/main/java/de/hsadmin/core/model/SecureDefaultModuleImpl.java +++ b/qserv/src/main/java/de/hsadmin/core/model/SecureDefaultModuleImpl.java @@ -99,7 +99,7 @@ public class SecureDefaultModuleImpl extends AbstractModuleImpl { public void delete(AbstractEntity detachedEntity) throws HSAdminException { Transaction transaction = getTransaction(); EntityManager entityManager = transaction.getEntityManager(); - AuthenticatedUser loginUser = transaction.getLoginUser(); + UnixUser loginUser = transaction.getLoginUser(); AbstractEntity attachedEntity = entityManager.find(detachedEntity.getClass(), detachedEntity.id()); if (!attachedEntity.isWriteAllowedFor(loginUser)) { throw new AuthorisationException(loginUser, "delete", detachedEntity); diff --git a/qserv/src/main/java/de/hsadmin/core/model/Transaction.java b/qserv/src/main/java/de/hsadmin/core/model/Transaction.java index 25b818b..75b87f3 100644 --- a/qserv/src/main/java/de/hsadmin/core/model/Transaction.java +++ b/qserv/src/main/java/de/hsadmin/core/model/Transaction.java @@ -28,16 +28,15 @@ public class Transaction { private EntityManager entityManager; private QueueConnectionFactory queueConnectionFactory; - private String loginUser; - private String runasUser; + private String loginName; private Map taskStores; private boolean transactionActive; private InitialContext ctx; - public Transaction(String runasName) { + public Transaction(String loginName) { transactionActive = false; this.entityManager = PersistenceManager.getEntityManager("hsadmin"); - this.runasUser = runasName; + this.loginName = loginName; taskStores = new HashMap(); try { ctx = new InitialContext(); @@ -67,13 +66,12 @@ public class Transaction { } return null; } - - public String getLogin() { - return loginUser; - } - public String getRunas() { - return runasUser; + public String getLoginName() { + if (loginName != null) { + return loginName; + } + throw new TechnicalException("no login"); } public void enqueue(String hiveName, QueueTask task) { @@ -90,6 +88,7 @@ public class Transaction { for (String hive : taskStores.keySet()) { QueueTaskStore store = taskStores.get(hive); String queueName = "hsadminSystem-" + hive; +// queueName = "hsadminSystem-h99"; // FIXME nicht committen !!! Queue jmsSystemQueue = lookupJMSQueue(queueName); QueueClient qClient = null; try { @@ -172,15 +171,10 @@ public class Transaction { } } - public AuthenticatedUser getLoginUser() { - String loginName = getRunas(); + public UnixUser getLoginUser() { + String loginName = getLoginName(); if (loginName != null && loginName.length() == 2) { - final LdapDAO ldapDAO = new LdapDAO(); - return ldapDAO.read(loginName); - } - if (loginName != null && loginName.length() > 4 && loginName.charAt(3) == '-') { - final LdapDAO ldapDAO = new LdapDAO(); - return ldapDAO.read(loginName); + loginName = Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-" + loginName; } if (loginName != null && loginName.length() == 3) { loginName = Config.getInstance().getProperty("accountprefix.customer", "hsh00") + "-" + loginName; @@ -191,44 +185,44 @@ public class Transaction { return unixUser; } - public boolean login(String runasUser, String ticket) throws AuthenticationException { - loginUser = TicketValidator.getInstance().validateTicket(ticket); - if (runasUser != null && runasUser.equals(loginUser)) { + public boolean login(String user, String ticket) throws AuthenticationException { + String ticketUser = TicketValidator.getInstance().validateTicket(ticket); + if (user != null && user.equals(ticketUser)) { return true; // user himself } - if (loginUser != null && loginUser.length() == 2) { + if (ticketUser != null && ticketUser.length() == 2) { return true; // 2-letter hostmaster } String hostmasterAccountPrefix = Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-"; - if (loginUser != null && loginUser.startsWith(hostmasterAccountPrefix) && loginUser.length() == 8) { + if (ticketUser != null && ticketUser.startsWith(hostmasterAccountPrefix) && ticketUser.length() == 8) { return true; // hsh01 hostmaster } - if (loginUser != null && loginUser.length() == 5) { + if (ticketUser != null && ticketUser.length() == 5) { Query userQuery = getEntityManager().createQuery("SELECT u FROM UnixUsers u WHERE u.name = :username"); - userQuery.setParameter("username", runasUser); + userQuery.setParameter("username", user); UnixUser unixUser = (UnixUser) userQuery.getSingleResult(); String pacName = unixUser.getPac().getName(); - return loginUser.equals(pacName); // pac-admin + return ticketUser.equals(pacName); // pac-admin } String memberAccountPrefix = Config.getInstance().getProperty("accountprefix.customer", "hsh00") + "-"; - if (loginUser != null && (loginUser.length() == 3 || (loginUser.length() >= 9 && loginUser.startsWith(memberAccountPrefix)))) { + if (ticketUser != null && (ticketUser.length() == 3 || (ticketUser.length() >= 9 && ticketUser.startsWith(memberAccountPrefix)))) { Query memberQuery = getEntityManager().createQuery("SELECT c FROM Customers c WHERE c.name = :membername"); - memberQuery.setParameter("membername", loginUser.length() == 3 ? (memberAccountPrefix + loginUser) : loginUser); + memberQuery.setParameter("membername", ticketUser.length() == 3 ? (memberAccountPrefix + ticketUser) : ticketUser); Customer member = (Customer) memberQuery.getSingleResult(); Set pacs = member.getPacs(); for (Pac p : pacs) { - if (p.getName().equals(runasUser)) { + if (p.getName().equals(user)) { return true; // member as pac-admin } Set users = p.getUnixUser(); for (UnixUser u : users) { - if (u.getName().equals(runasUser)) { + if (u.getName().equals(user)) { return true; // member as pac-user } } } } - throw new AuthenticationException("User " + loginUser + " is not allowed to run as " + runasUser); + throw new AuthenticationException("User " + ticketUser + " is not allowed to run as " + user); } } diff --git a/qserv/src/main/java/de/hsadmin/core/qserv/QueueTask.java b/qserv/src/main/java/de/hsadmin/core/qserv/QueueTask.java index be5bc06..23cc72c 100644 --- a/qserv/src/main/java/de/hsadmin/core/qserv/QueueTask.java +++ b/qserv/src/main/java/de/hsadmin/core/qserv/QueueTask.java @@ -20,7 +20,6 @@ import javax.persistence.Transient; import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AnnFieldIO; import de.hsadmin.core.model.AnnModuleImpl; -import de.hsadmin.core.model.AuthenticatedUser; import de.hsadmin.core.model.ReadWriteAccess; import de.hsadmin.mods.qstat.QTaskModuleImpl; import de.hsadmin.mods.user.UnixUser; @@ -42,14 +41,6 @@ public class QueueTask extends AbstractEntity implements Serializable { @JoinColumn(name="user_id", columnDefinition="integer", nullable=true) @ManyToOne(fetch=FetchType.EAGER) private UnixUser user; - - @AnnFieldIO(rw=ReadWriteAccess.READONLY) - @Column(name = "runas_user", columnDefinition = "character varying(48)", nullable = true) - private String runasUser; - - @AnnFieldIO(rw=ReadWriteAccess.READONLY) - @Column(name = "login_user", columnDefinition = "character varying(48)", nullable = true) - private String loginUser; @AnnFieldIO(rw=ReadWriteAccess.READONLY) @Column(name = "started", columnDefinition = "date") @@ -78,9 +69,8 @@ public class QueueTask extends AbstractEntity implements Serializable { public QueueTask() { } - public QueueTask(String loginUser, String runasUser, String title, String details, Processor proc) { - this.loginUser = loginUser; - this.runasUser = runasUser; + public QueueTask(UnixUser user, String title, String details, Processor proc) { + this.user = user; this.title = title; this.details = details; this.started = new Date(); @@ -99,7 +89,7 @@ public class QueueTask extends AbstractEntity implements Serializable { * on all merged fields of this entity */ @Override - public boolean isReadAllowedFor(AuthenticatedUser loginUser) { + public boolean isReadAllowedFor(UnixUser loginUser) { return loginUser.hasHostmasterRole() || loginUser.hasPacAdminRoleFor(getUser().getPac()) || loginUser.id() == getUser().id(); @@ -146,22 +136,6 @@ public class QueueTask extends AbstractEntity implements Serializable { this.user = user; } - public String getRunasUser() { - return runasUser; - } - - public void setRunasUser(String runasUser) { - this.runasUser = runasUser; - } - - public String getLoginUser() { - return loginUser; - } - - public void setLoginUser(String loginUser) { - this.loginUser = loginUser; - } - public Date getStarted() { return started; } diff --git a/qserv/src/main/java/de/hsadmin/core/qserv/WaitingTasksProcessor.java b/qserv/src/main/java/de/hsadmin/core/qserv/WaitingTasksProcessor.java index cf02677..54b6539 100644 --- a/qserv/src/main/java/de/hsadmin/core/qserv/WaitingTasksProcessor.java +++ b/qserv/src/main/java/de/hsadmin/core/qserv/WaitingTasksProcessor.java @@ -28,7 +28,7 @@ public class WaitingTasksProcessor extends AbstractProcessor { if (task.getException() == null) { for (WaitingProcessor p : waitingTasks) { QueueTask wTask = - new QueueTask(transaction.getLogin(), transaction.getRunas(), task.getTitle() + " / " + p.getTitle(), task.getTitle() + " / " + p.getTitle(), p.getProc()); + new QueueTask(task.getUser(), task.getTitle() + " / " + p.getTitle(), task.getTitle() + " / " + p.getTitle(), p.getProc()); transaction.getEntityManager().persist(wTask); transaction.enqueue(p.getHost(), wTask); } diff --git a/qserv/src/main/java/de/hsadmin/mods/cust/Customer.java b/qserv/src/main/java/de/hsadmin/mods/cust/Customer.java index 80eadd0..677d151 100644 --- a/qserv/src/main/java/de/hsadmin/mods/cust/Customer.java +++ b/qserv/src/main/java/de/hsadmin/mods/cust/Customer.java @@ -25,7 +25,6 @@ import javax.persistence.Temporal; import javax.persistence.Transient; import de.hsadmin.core.model.AbstractEntity; -import de.hsadmin.core.model.AuthenticatedUser; import de.hsadmin.mods.pac.Pac; import de.hsadmin.mods.user.UnixUser; @@ -235,12 +234,12 @@ public class Customer extends AbstractEntity implements Serializable { } @Override - public boolean isReadAllowedFor(AuthenticatedUser loginUser) { + public boolean isReadAllowedFor(UnixUser loginUser) { return loginUser.hasCustomerRoleFor(this); } @Override - public boolean isWriteAllowedFor(AuthenticatedUser loginUser) { + public boolean isWriteAllowedFor(UnixUser loginUser) { return loginUser.hasCustomerRoleFor(this); } diff --git a/qserv/src/main/java/de/hsadmin/mods/db/Database.java b/qserv/src/main/java/de/hsadmin/mods/db/Database.java index 4e36d8e..5d25610 100644 --- a/qserv/src/main/java/de/hsadmin/mods/db/Database.java +++ b/qserv/src/main/java/de/hsadmin/mods/db/Database.java @@ -24,7 +24,6 @@ import javax.persistence.Table; import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractModuleImpl; import de.hsadmin.core.model.AnnFieldIO; -import de.hsadmin.core.model.AuthenticatedUser; import de.hsadmin.core.model.ReadWriteAccess; import de.hsadmin.mods.pac.Pac; import de.hsadmin.mods.user.UnixUser; @@ -78,10 +77,8 @@ public abstract class Database extends AbstractEntity implements Serializable { } @Override - public void initialize(EntityManager em, AuthenticatedUser loginUser) { - if (loginUser instanceof UnixUser) { - pac = ((UnixUser)loginUser).getPac(); // a default useful for the pac admin - } + public void initialize(EntityManager em, UnixUser loginUser) { + pac = loginUser.getPac(); // a default useful for the pac admin } public void complete(EntityManager em, UnixUser loginUser) { @@ -141,7 +138,7 @@ public abstract class Database extends AbstractEntity implements Serializable { * determines whether the given user has full read access on all merged fields of this entity */ @Override - public boolean isReadAllowedFor(AuthenticatedUser loginUser) { + public boolean isReadAllowedFor(UnixUser loginUser) { return loginUser.hasPacAdminRoleFor(getPac()); } @@ -149,7 +146,7 @@ public abstract class Database extends AbstractEntity implements Serializable { * determines whether the given user has full write access on all merged fields of this entity */ @Override - public boolean isWriteAllowedFor(AuthenticatedUser loginUser) { + public boolean isWriteAllowedFor(UnixUser loginUser) { String pacName = pac.getName(); if (!name.equals(pacName) && !name.startsWith(pacName + "_")) return false; diff --git a/qserv/src/main/java/de/hsadmin/mods/db/DatabaseUser.java b/qserv/src/main/java/de/hsadmin/mods/db/DatabaseUser.java index 5d9fbae..0e21fd2 100644 --- a/qserv/src/main/java/de/hsadmin/mods/db/DatabaseUser.java +++ b/qserv/src/main/java/de/hsadmin/mods/db/DatabaseUser.java @@ -25,7 +25,6 @@ import javax.persistence.Transient; import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractModuleImpl; import de.hsadmin.core.model.AnnFieldIO; -import de.hsadmin.core.model.AuthenticatedUser; import de.hsadmin.core.model.ReadWriteAccess; import de.hsadmin.mods.pac.Pac; import de.hsadmin.mods.user.UnixUser; @@ -73,10 +72,8 @@ public abstract class DatabaseUser extends AbstractEntity implements Serializabl } @Override - public void initialize(EntityManager em, AuthenticatedUser loginUser) { - if (loginUser instanceof UnixUser) { - pac = ((UnixUser)loginUser).getPac(); // a default useful for the pac admin - } + public void initialize(EntityManager em, UnixUser loginUser) { + pac = loginUser.getPac(); // a default useful for the pac admin } public void complete(EntityManager em, UnixUser loginUser) { @@ -159,7 +156,7 @@ public abstract class DatabaseUser extends AbstractEntity implements Serializabl } @Override - public DatabaseUser merge(EntityManager em, AuthenticatedUser loginUser) { + public DatabaseUser merge(EntityManager em, UnixUser loginUser) { DatabaseUser dbEntity = (DatabaseUser) super.merge(em, loginUser); dbEntity.setPassword(this.getPassword()); return dbEntity; @@ -183,7 +180,7 @@ public abstract class DatabaseUser extends AbstractEntity implements Serializabl * fields of this entity */ @Override - public boolean isReadAllowedFor(AuthenticatedUser loginUser) { + public boolean isReadAllowedFor(UnixUser loginUser) { return loginUser.hasPacAdminRoleFor(getPac()); } @@ -192,7 +189,7 @@ public abstract class DatabaseUser extends AbstractEntity implements Serializabl * fields of this entity */ @Override - public boolean isWriteAllowedFor(AuthenticatedUser loginUser) { + public boolean isWriteAllowedFor(UnixUser loginUser) { String pacName = pac.getName(); if (!name.equals(pacName) && !name.startsWith(pacName + "_")) return false; diff --git a/qserv/src/main/java/de/hsadmin/mods/db/MySqlDatabaseModuleImpl.java b/qserv/src/main/java/de/hsadmin/mods/db/MySqlDatabaseModuleImpl.java index 421a64b..6e6da29 100644 --- a/qserv/src/main/java/de/hsadmin/mods/db/MySqlDatabaseModuleImpl.java +++ b/qserv/src/main/java/de/hsadmin/mods/db/MySqlDatabaseModuleImpl.java @@ -7,13 +7,13 @@ import javax.persistence.Query; import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractModuleImpl; -import de.hsadmin.core.model.AuthenticatedUser; import de.hsadmin.core.model.AuthorisationException; import de.hsadmin.core.model.Transaction; import de.hsadmin.core.util.HSAdminException; import de.hsadmin.hostsharing.BasePacType; import de.hsadmin.hostsharing.MultiOption; import de.hsadmin.mods.pac.Pac; +import de.hsadmin.mods.user.UnixUser; public class MySqlDatabaseModuleImpl extends AbstractModuleImpl { @@ -29,7 +29,7 @@ public class MySqlDatabaseModuleImpl extends AbstractModuleImpl { @Override public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException { Transaction transaction = getTransaction(); - AuthenticatedUser loginUser = transaction.getLoginUser(); + UnixUser loginUser = transaction.getLoginUser(); MySqlDatabase database = (MySqlDatabase) newEntity; String name = database.getName(); String pacPrefix = name.substring(0, 5); @@ -75,7 +75,7 @@ public class MySqlDatabaseModuleImpl extends AbstractModuleImpl { public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException { Transaction transaction = getTransaction(); EntityManager em = transaction.getEntityManager(); - AuthenticatedUser unixUser = transaction.getLoginUser(); + UnixUser unixUser = transaction.getLoginUser(); MySqlDatabase detachtedDB = (MySqlDatabase) existingEntity; MySqlDatabase attachedDB = em.find(MySqlDatabase.class, detachtedDB.getId()); if (!attachedDB.getName().equals(detachtedDB.getName())) { diff --git a/qserv/src/main/java/de/hsadmin/mods/db/MySqlUserModuleImpl.java b/qserv/src/main/java/de/hsadmin/mods/db/MySqlUserModuleImpl.java index e1a2538..d51164c 100644 --- a/qserv/src/main/java/de/hsadmin/mods/db/MySqlUserModuleImpl.java +++ b/qserv/src/main/java/de/hsadmin/mods/db/MySqlUserModuleImpl.java @@ -7,20 +7,20 @@ import javax.persistence.Query; import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractModuleImpl; -import de.hsadmin.core.model.AuthenticatedUser; import de.hsadmin.core.model.AuthorisationException; import de.hsadmin.core.model.Transaction; import de.hsadmin.core.util.HSAdminException; import de.hsadmin.hostsharing.BasePacType; import de.hsadmin.hostsharing.MultiOption; import de.hsadmin.mods.pac.Pac; +import de.hsadmin.mods.user.UnixUser; public class MySqlUserModuleImpl extends AbstractModuleImpl { @Override public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException { Transaction transaction = getTransaction(); - AuthenticatedUser loginUser = transaction.getLoginUser(); + UnixUser loginUser = transaction.getLoginUser(); MySqlUser user = (MySqlUser) newEntity; String name = user.getName(); if (name.length() < 7 || name.charAt(5) != '_') { diff --git a/qserv/src/main/java/de/hsadmin/mods/db/PgSqlDatabaseModuleImpl.java b/qserv/src/main/java/de/hsadmin/mods/db/PgSqlDatabaseModuleImpl.java index 4b6c791..0e047b7 100644 --- a/qserv/src/main/java/de/hsadmin/mods/db/PgSqlDatabaseModuleImpl.java +++ b/qserv/src/main/java/de/hsadmin/mods/db/PgSqlDatabaseModuleImpl.java @@ -7,13 +7,13 @@ import javax.persistence.Query; import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractModuleImpl; -import de.hsadmin.core.model.AuthenticatedUser; import de.hsadmin.core.model.AuthorisationException; import de.hsadmin.core.model.Transaction; import de.hsadmin.core.util.HSAdminException; import de.hsadmin.hostsharing.BasePacType; import de.hsadmin.hostsharing.MultiOption; import de.hsadmin.mods.pac.Pac; +import de.hsadmin.mods.user.UnixUser; public class PgSqlDatabaseModuleImpl extends AbstractModuleImpl { @@ -27,7 +27,7 @@ public class PgSqlDatabaseModuleImpl extends AbstractModuleImpl { @Override public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException { - AuthenticatedUser loginUser = getTransaction().getLoginUser(); + UnixUser loginUser = getTransaction().getLoginUser(); PgSqlDatabase database = (PgSqlDatabase) newEntity; String name = database.getName(); String pacPrefix = name.substring(0, 5); @@ -74,17 +74,17 @@ public class PgSqlDatabaseModuleImpl extends AbstractModuleImpl { public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException { Transaction transaction = getTransaction(); EntityManager em = transaction.getEntityManager(); - AuthenticatedUser user = transaction.getLoginUser(); + UnixUser unixUser = transaction.getLoginUser(); PgSqlDatabase detachtedDB = (PgSqlDatabase) existingEntity; PgSqlDatabase attachedDB = em.find(PgSqlDatabase.class, detachtedDB.getId()); if (!attachedDB.getName().equals(detachtedDB.getName())) { - throw new AuthorisationException(user, "update", existingEntity, "name"); + throw new AuthorisationException(unixUser, "update", existingEntity, "name"); } if (!attachedDB.getEncoding().equals(detachtedDB.getEncoding())) { - throw new AuthorisationException(user, "update", existingEntity, "encoding"); + throw new AuthorisationException(unixUser, "update", existingEntity, "encoding"); } if (!attachedDB.getInstance().equals(detachtedDB.getInstance())) { - throw new AuthorisationException(user, "update", existingEntity, "instance"); + throw new AuthorisationException(unixUser, "update", existingEntity, "instance"); } return super.update(existingEntity); } diff --git a/qserv/src/main/java/de/hsadmin/mods/db/PgSqlUserModuleImpl.java b/qserv/src/main/java/de/hsadmin/mods/db/PgSqlUserModuleImpl.java index 2e09285..b8222bd 100644 --- a/qserv/src/main/java/de/hsadmin/mods/db/PgSqlUserModuleImpl.java +++ b/qserv/src/main/java/de/hsadmin/mods/db/PgSqlUserModuleImpl.java @@ -7,18 +7,18 @@ import javax.persistence.Query; import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractModuleImpl; -import de.hsadmin.core.model.AuthenticatedUser; import de.hsadmin.core.model.AuthorisationException; import de.hsadmin.core.util.HSAdminException; import de.hsadmin.hostsharing.BasePacType; import de.hsadmin.hostsharing.MultiOption; import de.hsadmin.mods.pac.Pac; +import de.hsadmin.mods.user.UnixUser; public class PgSqlUserModuleImpl extends AbstractModuleImpl { @Override public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException { - AuthenticatedUser loginUser = getTransaction().getLoginUser(); + UnixUser loginUser = getTransaction().getLoginUser(); PgSqlUser user = (PgSqlUser) newEntity; String name = user.getName(); if (name.length() < 7 || name.charAt(5) != '_') { diff --git a/qserv/src/main/java/de/hsadmin/mods/dom/DomainModuleImpl.java b/qserv/src/main/java/de/hsadmin/mods/dom/DomainModuleImpl.java index 843af90..3a8c8c4 100644 --- a/qserv/src/main/java/de/hsadmin/mods/dom/DomainModuleImpl.java +++ b/qserv/src/main/java/de/hsadmin/mods/dom/DomainModuleImpl.java @@ -11,7 +11,6 @@ import javax.persistence.Query; import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractModuleImpl; -import de.hsadmin.core.model.AuthenticatedUser; import de.hsadmin.core.model.AuthorisationException; import de.hsadmin.core.model.GenericModuleImpl; import de.hsadmin.core.util.HSAdminException; @@ -59,9 +58,8 @@ public class DomainModuleImpl extends AbstractModuleImpl { @Override public AbstractEntity initialize(AbstractEntity newEntity) throws AuthorisationException { AbstractEntity newDom = super.initialize(newEntity); - final AuthenticatedUser loginUser = getTransaction().getLoginUser(); - if (newDom instanceof Domain && loginUser instanceof UnixUser) { - ((Domain) newDom).setUser((UnixUser) loginUser); + if (newDom instanceof Domain) { + ((Domain) newDom).setUser(getTransaction().getLoginUser()); return newDom; } return null; @@ -141,7 +139,7 @@ public class DomainModuleImpl extends AbstractModuleImpl { final String hiveName = pac.getHive().getHiveName(); dom.setDnsMaster(hiveName + ".hostsharing.net"); // Standard domainoptions setzen. TODO: Alle defaults über eigene Klasse aus der Datenbank holen. - AuthenticatedUser loginUser = getTransaction().getLoginUser(); + UnixUser loginUser = getTransaction().getLoginUser(); if (!loginUser.hasHostmasterRole()) { boolean usersDomain = false; boolean otherUserDomain = false; @@ -213,7 +211,7 @@ public class DomainModuleImpl extends AbstractModuleImpl { if (updatedDom.getName() == null || updatedDom.getName().length() == 0) { throw new HSAdminException("domain name required"); } - AuthenticatedUser loginUser = getTransaction().getLoginUser(); + UnixUser loginUser = getTransaction().getLoginUser(); EntityManager em = getTransaction().getEntityManager(); Domain oldDom = em.find(Domain.class, updatedDom.getId()); UnixUser admin = updatedDom.getUser(); @@ -277,7 +275,7 @@ public class DomainModuleImpl extends AbstractModuleImpl { } private void needsReadAccessOn(AbstractEntity ent, String method) throws AuthorisationException { - AuthenticatedUser loginUser = getTransaction().getLoginUser(); + UnixUser loginUser = getTransaction().getLoginUser(); if (ent instanceof Domain) { Domain dom = (Domain) ent; String aLoginUserName = loginUser.getName(); @@ -296,7 +294,7 @@ public class DomainModuleImpl extends AbstractModuleImpl { } private void needsWriteAccessOn(AbstractEntity entity, String method) throws AuthorisationException { - AuthenticatedUser loginUser = getTransaction().getLoginUser(); + UnixUser loginUser = getTransaction().getLoginUser(); if (entity instanceof Domain) { Domain dom = (Domain) entity; String aLoginUserName = loginUser.getName(); diff --git a/qserv/src/main/java/de/hsadmin/mods/email/EMailAddress.java b/qserv/src/main/java/de/hsadmin/mods/email/EMailAddress.java index c167b79..440d42e 100644 --- a/qserv/src/main/java/de/hsadmin/mods/email/EMailAddress.java +++ b/qserv/src/main/java/de/hsadmin/mods/email/EMailAddress.java @@ -192,12 +192,12 @@ public class EMailAddress extends AbstractEntity implements Serializable { } @Override - public boolean isReadAllowedFor(AuthenticatedUser loginUser) { + public boolean isReadAllowedFor(UnixUser loginUser) { return getDomain().isReadAllowedFor(loginUser); } @Override - public boolean isWriteAllowedFor(AuthenticatedUser loginUser) { + public boolean isWriteAllowedFor(UnixUser loginUser) { return getDomain().isWriteAllowedFor(loginUser); } diff --git a/qserv/src/main/java/de/hsadmin/mods/email/EMailAddressModuleImpl.java b/qserv/src/main/java/de/hsadmin/mods/email/EMailAddressModuleImpl.java index e52c220..f029791 100644 --- a/qserv/src/main/java/de/hsadmin/mods/email/EMailAddressModuleImpl.java +++ b/qserv/src/main/java/de/hsadmin/mods/email/EMailAddressModuleImpl.java @@ -7,13 +7,13 @@ import javax.persistence.Query; import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractModuleImpl; -import de.hsadmin.core.model.AuthenticatedUser; import de.hsadmin.core.model.AuthorisationException; import de.hsadmin.core.model.Transaction; import de.hsadmin.core.util.HSAdminException; import de.hsadmin.hostsharing.BasePacType; import de.hsadmin.mods.dom.Domain; import de.hsadmin.mods.dom.DomainOption; +import de.hsadmin.mods.user.UnixUser; public class EMailAddressModuleImpl extends AbstractModuleImpl { @@ -51,7 +51,7 @@ public class EMailAddressModuleImpl extends AbstractModuleImpl { qDomain.setParameter("domName", adr.getDomain().getName()); Domain dom = (Domain) qDomain.getSingleResult(); adr.setDomain(dom); - AuthenticatedUser loginUser = tx.getLoginUser(); + UnixUser loginUser = tx.getLoginUser(); if (dom.isPacDomain() && !loginUser.hasHostmasterRole()) { throw new AuthorisationException(loginUser, "add", adr); } @@ -79,7 +79,7 @@ public class EMailAddressModuleImpl extends AbstractModuleImpl { @Override public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException { Transaction transaction = getTransaction(); - AuthenticatedUser loginUser = transaction.getLoginUser(); + UnixUser loginUser = transaction.getLoginUser(); EMailAddress detachedAddr = (EMailAddress) existingEntity; EntityManager em = transaction.getEntityManager(); EMailAddress attachedAddr = em.find(EMailAddress.class, detachedAddr.getId()); diff --git a/qserv/src/main/java/de/hsadmin/mods/email/EMailAlias.java b/qserv/src/main/java/de/hsadmin/mods/email/EMailAlias.java index 0946553..f7c3fef 100644 --- a/qserv/src/main/java/de/hsadmin/mods/email/EMailAlias.java +++ b/qserv/src/main/java/de/hsadmin/mods/email/EMailAlias.java @@ -20,7 +20,6 @@ import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractModuleImpl; import de.hsadmin.core.model.AnnFieldIO; import de.hsadmin.core.model.AnnModuleImpl; -import de.hsadmin.core.model.AuthenticatedUser; import de.hsadmin.core.model.ReadWriteAccess; import de.hsadmin.core.model.SearchFilter; import de.hsadmin.mods.pac.Pac; @@ -67,18 +66,14 @@ public class EMailAlias extends AbstractEntity implements Serializable { } @Override - public void initialize(EntityManager em, AuthenticatedUser loginUser) { - pac = null; - name = ""; - if (loginUser instanceof UnixUser) { - pac = ((UnixUser)loginUser).getPac(); - name = pac.getName() + "-"; - } + public void initialize(EntityManager em, UnixUser loginUser) { + pac = loginUser.getPac(); + name = pac.getName() + "-"; target = ""; } @Override - public void complete(EntityManager em, AuthenticatedUser loginUser) { + public void complete(EntityManager em, UnixUser loginUser) { if (pac == null && name != null && name.length() > 0) { String pacName = name.substring(0, 5); try { @@ -87,9 +82,7 @@ public class EMailAlias extends AbstractEntity implements Serializable { Query query = em.createQuery(queryString); AbstractModuleImpl.setQueryParameter(query, queryString, "loginUser", loginUser); AbstractModuleImpl.setQueryParameter(query, queryString, "loginUserName", loginUser.getName()); - if (loginUser instanceof UnixUser) { - AbstractModuleImpl.setQueryParameter(query, queryString, "loginUserPac", ((UnixUser)loginUser).getPac()); - } + AbstractModuleImpl.setQueryParameter(query, queryString, "loginUserPac", loginUser.getPac()); pac = (Pac) query.getSingleResult(); } catch (NoResultException exc) { throw new SecurityException("packet '" + pacName + "' not found or access denied"); @@ -178,12 +171,12 @@ public class EMailAlias extends AbstractEntity implements Serializable { } @Override - public boolean isReadAllowedFor(AuthenticatedUser loginUser) { + public boolean isReadAllowedFor(UnixUser loginUser) { return loginUser.hasPacAdminRoleFor(getPac()); } @Override - public boolean isWriteAllowedFor(AuthenticatedUser loginUser) { + public boolean isWriteAllowedFor(UnixUser loginUser) { String pacName = pac.getName(); if (!name.equals(pacName) && !name.startsWith(pacName + "-")) return false; diff --git a/qserv/src/main/java/de/hsadmin/mods/email/EMailAliasModuleImpl.java b/qserv/src/main/java/de/hsadmin/mods/email/EMailAliasModuleImpl.java index 0e5b9e7..e4fb47c 100644 --- a/qserv/src/main/java/de/hsadmin/mods/email/EMailAliasModuleImpl.java +++ b/qserv/src/main/java/de/hsadmin/mods/email/EMailAliasModuleImpl.java @@ -7,13 +7,13 @@ import javax.persistence.Query; import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractModuleImpl; -import de.hsadmin.core.model.AuthenticatedUser; import de.hsadmin.core.model.AuthorisationException; import de.hsadmin.core.model.Transaction; import de.hsadmin.core.util.HSAdminException; import de.hsadmin.hostsharing.BasePacType; import de.hsadmin.hostsharing.MultiOption; import de.hsadmin.mods.pac.Pac; +import de.hsadmin.mods.user.UnixUser; public class EMailAliasModuleImpl extends AbstractModuleImpl { @@ -29,7 +29,7 @@ public class EMailAliasModuleImpl extends AbstractModuleImpl { @Override public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException { Transaction transaction = getTransaction(); - AuthenticatedUser loginUser = transaction.getLoginUser(); + UnixUser loginUser = transaction.getLoginUser(); EMailAlias alias = (EMailAlias) newEntity; String name = alias.getName(); if (name.length() > 5 && (name.charAt(5) != '-') || name.length() == 6) { diff --git a/qserv/src/main/java/de/hsadmin/mods/pac/Pac.java b/qserv/src/main/java/de/hsadmin/mods/pac/Pac.java index 66936fd..c97386d 100644 --- a/qserv/src/main/java/de/hsadmin/mods/pac/Pac.java +++ b/qserv/src/main/java/de/hsadmin/mods/pac/Pac.java @@ -27,7 +27,6 @@ import javax.persistence.TemporalType; import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AnnFieldIO; import de.hsadmin.core.model.AnnModuleImpl; -import de.hsadmin.core.model.AuthenticatedUser; import de.hsadmin.core.model.ReadWriteAccess; import de.hsadmin.hostsharing.BasePacType; import de.hsadmin.mods.cust.Customer; @@ -114,7 +113,7 @@ public class Pac extends AbstractEntity implements Serializable { } @Override - public void initialize(EntityManager em, AuthenticatedUser loginUser) { + public void initialize(EntityManager em, UnixUser loginUser) { super.initialize(em, loginUser); } diff --git a/qserv/src/main/java/de/hsadmin/mods/pac/PacModuleImpl.java b/qserv/src/main/java/de/hsadmin/mods/pac/PacModuleImpl.java index ced45b0..04061ff 100644 --- a/qserv/src/main/java/de/hsadmin/mods/pac/PacModuleImpl.java +++ b/qserv/src/main/java/de/hsadmin/mods/pac/PacModuleImpl.java @@ -12,7 +12,6 @@ import javax.persistence.Query; import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractModuleImpl; -import de.hsadmin.core.model.AuthenticatedUser; import de.hsadmin.core.model.AuthorisationException; import de.hsadmin.core.model.GenericModuleImpl; import de.hsadmin.core.util.HSAdminException; @@ -132,7 +131,7 @@ public class PacModuleImpl extends AbstractModuleImpl { @Override public AbstractEntity update(AbstractEntity entity) throws HSAdminException { - AuthenticatedUser loginUser = getTransaction().getLoginUser(); + UnixUser loginUser = getTransaction().getLoginUser(); if (!(entity instanceof Pac)) { throw new AuthorisationException(loginUser, "update", entity); } @@ -240,7 +239,7 @@ public class PacModuleImpl extends AbstractModuleImpl { } private void needsWriteAccessOn(AbstractEntity entity, String method) throws AuthorisationException { - AuthenticatedUser loginUser = getTransaction().getLoginUser(); + UnixUser loginUser = getTransaction().getLoginUser(); if (entity instanceof Pac) { Pac pac = (Pac) entity; String aLoginUserName = loginUser.getName(); diff --git a/qserv/src/main/java/de/hsadmin/mods/user/UnixUser.java b/qserv/src/main/java/de/hsadmin/mods/user/UnixUser.java index c769c45..e553f70 100644 --- a/qserv/src/main/java/de/hsadmin/mods/user/UnixUser.java +++ b/qserv/src/main/java/de/hsadmin/mods/user/UnixUser.java @@ -19,17 +19,15 @@ import javax.persistence.Transient; import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AnnFieldIO; import de.hsadmin.core.model.AnnModuleImpl; -import de.hsadmin.core.model.AuthenticatedUser; import de.hsadmin.core.model.ReadWriteAccess; import de.hsadmin.core.util.Config; -import de.hsadmin.mods.cust.Customer; import de.hsadmin.mods.pac.Pac; @Entity(name = "UnixUsers") @Table(name = "unixuser") @SequenceGenerator(name = "UnixUsersSeqGen", sequenceName = "unixuser_unixuser_id_seq") @AnnModuleImpl(de.hsadmin.mods.user.UnixUserModuleImpl.class) -public class UnixUser extends AbstractEntity implements Serializable, AuthenticatedUser { +public class UnixUser extends AbstractEntity implements Serializable { private static final long serialVersionUID = 7823071611805642906L; @@ -266,16 +264,14 @@ public class UnixUser extends AbstractEntity implements Serializable, Authentica } @Override - public void initialize(EntityManager em, AuthenticatedUser loginUser) { - if (loginUser instanceof UnixUser) { - pac = ((UnixUser)loginUser).getPac(); // a default useful for the pac admin - // TODO should not be hardcoded, but how? - homedir = "/home/pacs/" + pac.getName() + "/users/..."; - } + public void initialize(EntityManager em, UnixUser loginUser) { + pac = loginUser.getPac(); // a default useful for the pac admin + // TODO should not be hardcoded, but how? + homedir = "/home/pacs/" + pac.getName() + "/users/..."; } @Override - public UnixUser merge(EntityManager em, AuthenticatedUser loginUser) { + public UnixUser merge(EntityManager em, UnixUser loginUser) { if (homedir == null) homedir = "/home/pacs/" + pac.getName() + "/users/" + getName().substring(6); // TODO: Hack @@ -304,40 +300,31 @@ public class UnixUser extends AbstractEntity implements Serializable, Authentica return login.length() == 2 || ((login.startsWith(Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-") && login.length() == 8)); } - public boolean hasCustomerRoleFor(AbstractEntity custEntity) { - if (custEntity instanceof Customer) { - Customer cust = (Customer) custEntity; - return getName().equals(cust.getName()) || hasHostmasterRole(); - - } - return false; + public boolean hasCustomerRoleFor(de.hsadmin.mods.cust.Customer cust) { + return getName().equals(cust.getName()) || hasHostmasterRole(); } - public boolean hasPacAdminRoleFor(AbstractEntity pacEntity) { - if (pacEntity instanceof Pac) { - Pac pac = (Pac) pacEntity; - return pac != null && - (pac.getName().equals(getName()) - || hasCustomerRoleFor(pac.getCustomer()) ); - } - return false; + public boolean hasPacAdminRoleFor(Pac pac) { + return pac != null && + (pac.getName().equals(getName()) + || hasCustomerRoleFor(pac.getCustomer()) ); } @Override - public boolean isWriteAllowedFor(AuthenticatedUser loginUser) { + public boolean isWriteAllowedFor(UnixUser loginUser) { String pacName = pac.getName(); if (!name.equals(pacName) && !name.startsWith(pacName + "-")) return false; if (super.isWriteAllowedFor(loginUser)) return true; - return (loginUser instanceof UnixUser && this.getId() == ((UnixUser)loginUser).getId()) || loginUser.hasPacAdminRoleFor(getPac()); + return this.getId() == loginUser.getId() || loginUser.hasPacAdminRoleFor(getPac()); } @Override - public boolean isReadAllowedFor(AuthenticatedUser loginUser) { + public boolean isReadAllowedFor(UnixUser loginUser) { if (super.isReadAllowedFor(loginUser)) return true; - return (loginUser instanceof UnixUser && this.getId() == ((UnixUser)loginUser).getId()) || loginUser.hasPacAdminRoleFor(getPac()); + return this.getId() == loginUser.getId() || loginUser.hasPacAdminRoleFor(getPac()); } /** diff --git a/qserv/src/main/java/de/hsadmin/mods/user/UnixUserModuleImpl.java b/qserv/src/main/java/de/hsadmin/mods/user/UnixUserModuleImpl.java index 6b8adbf..e8cf334 100644 --- a/qserv/src/main/java/de/hsadmin/mods/user/UnixUserModuleImpl.java +++ b/qserv/src/main/java/de/hsadmin/mods/user/UnixUserModuleImpl.java @@ -8,7 +8,6 @@ import javax.persistence.Query; import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractModuleImpl; -import de.hsadmin.core.model.AuthenticatedUser; import de.hsadmin.core.model.AuthorisationException; import de.hsadmin.core.model.Transaction; import de.hsadmin.core.util.HSAdminException; @@ -25,10 +24,7 @@ public class UnixUserModuleImpl extends AbstractModuleImpl { @Override public AbstractEntity initialize(AbstractEntity newEntity) throws AuthorisationException { UnixUser newUnixUser = (UnixUser) super.initialize(newEntity); - final AuthenticatedUser loginUser = getTransaction().getLoginUser(); - if (loginUser instanceof UnixUser) { - newUnixUser.setName(((UnixUser)loginUser).getPac().getName() + '-'); - } + newUnixUser.setName(getTransaction().getLoginUser().getPac().getName() + '-'); return newUnixUser; } @@ -78,7 +74,7 @@ public class UnixUserModuleImpl extends AbstractModuleImpl { public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException { Transaction transaction = getTransaction(); EntityManager em = transaction.getEntityManager(); - AuthenticatedUser loginUser = transaction.getLoginUser(); + UnixUser loginUser = transaction.getLoginUser(); // only allow pac which matches the username (TODO: hard coded // Hostsharing convention) UnixUser newUnixUser = (UnixUser) newEntity; @@ -162,7 +158,7 @@ public class UnixUserModuleImpl extends AbstractModuleImpl { @Override public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException { Transaction transaction = getTransaction(); - AuthenticatedUser loginUser = transaction.getLoginUser(); + UnixUser loginUser = transaction.getLoginUser(); EntityManager em = transaction.getEntityManager(); UnixUser detachedUnixUser = (UnixUser) existingEntity; UnixUser attachedUnixUser = em.find(detachedUnixUser.getClass(), detachedUnixUser.getId()); @@ -255,7 +251,7 @@ public class UnixUserModuleImpl extends AbstractModuleImpl { // throws an AuthorisationException if the login user has no write acess // on the pac of the given UnixUser private boolean hasFullAccessOnPacOf(UnixUser user) { - AuthenticatedUser loginUser = getTransaction().getLoginUser(); + UnixUser loginUser = getTransaction().getLoginUser(); String loginUserName = loginUser.getName(); return loginUser.hasHostmasterRole() || loginUserName.equals(user.getPac().getName()) @@ -264,33 +260,22 @@ public class UnixUserModuleImpl extends AbstractModuleImpl { // throws an AuthorisationException if the login user has no write acess // on the pac of the given UnixUser - private void needsFullAccessOnPacOf(UnixUser user, String method) throws AuthorisationException { + private void needsFullAccessOnPacOf(UnixUser user, String method) + throws AuthorisationException { if (!hasFullAccessOnPacOf(user)) throw new AuthorisationException(getTransaction().getLoginUser(), method, user); } private void needsPartialAccessOnPacOf(UnixUser user, String method) throws AuthorisationException { - if (!hasFullAccessOnPacOf(user)) { - AuthenticatedUser loginUser = getTransaction().getLoginUser(); - if (loginUser instanceof UnixUser) { - UnixUser uxUser = (UnixUser) loginUser; - if (uxUser.getPac().id() == user.getPac().id()) { - return; - } - } + UnixUser loginUser = getTransaction().getLoginUser(); + if (!hasFullAccessOnPacOf(user) && loginUser.getPac().id() != user.getPac().id()) { throw new AuthorisationException(loginUser, method, user); } } private void needsFullAccessOnUser(UnixUser user, String method) throws AuthorisationException { - if (!hasFullAccessOnPacOf(user)) { - AuthenticatedUser loginUser = getTransaction().getLoginUser(); - if (loginUser instanceof UnixUser) { - UnixUser uxUser = (UnixUser) loginUser; - if (uxUser.sameIdAs(user)) { - return; - } - } + UnixUser loginUser = getTransaction().getLoginUser(); + if (!hasFullAccessOnPacOf(user) && !loginUser.sameIdAs(user)) { throw new AuthorisationException(loginUser, method, user); } } @@ -300,8 +285,6 @@ public class UnixUserModuleImpl extends AbstractModuleImpl { return true; if (shell.equals("/bin/bash")) return true; - if (shell.equals("/bin/dash")) - return true; if (shell.equals("/bin/csh")) return true; if (shell.equals("/bin/tcsh"))