prepare introduction ldap user
This commit is contained in:
parent
bd20e69e15
commit
53867f47ce
@ -1,2 +1,2 @@
|
|||||||
INSERT INTO domain_option (domain_option_name)
|
ALTER TABLE queue_task ADD COLUMN login_user character varying(48);
|
||||||
VALUES ('php5');
|
ALTER TABLE queue_task ADD COLUMN runas_user character varying(48);
|
||||||
|
@ -919,3 +919,5 @@ ALTER TABLE ONLY domain__domain_option
|
|||||||
ADD CONSTRAINT domain_id_fkey FOREIGN KEY (domain_id)
|
ADD CONSTRAINT domain_id_fkey FOREIGN KEY (domain_id)
|
||||||
REFERENCES domain(domain_id) DEFERRABLE;
|
REFERENCES domain(domain_id) DEFERRABLE;
|
||||||
|
|
||||||
|
ALTER TABLE queue_task ADD COLUMN login_user character varying(48);
|
||||||
|
ALTER TABLE queue_task ADD COLUMN runas_user character varying(48);
|
||||||
|
@ -2,7 +2,6 @@ package de.hsadmin.core.model;
|
|||||||
|
|
||||||
import javax.persistence.EntityManager;
|
import javax.persistence.EntityManager;
|
||||||
|
|
||||||
import de.hsadmin.mods.user.UnixUser;
|
|
||||||
|
|
||||||
public abstract class AbstractEntity {
|
public abstract class AbstractEntity {
|
||||||
|
|
||||||
@ -81,7 +80,7 @@ public abstract class AbstractEntity {
|
|||||||
*
|
*
|
||||||
* @return a restricting JPA-QL expression to limit access to entities
|
* @return a restricting JPA-QL expression to limit access to entities
|
||||||
*/
|
*/
|
||||||
public static String restriction(Class<?> entityClass, UnixUser loginUser) {
|
public static String restriction(Class<?> entityClass, AuthenticatedUser loginUser) {
|
||||||
// hostmasters don't get any restriction
|
// hostmasters don't get any restriction
|
||||||
if (loginUser.hasHostmasterRole())
|
if (loginUser.hasHostmasterRole())
|
||||||
return null;
|
return null;
|
||||||
@ -158,7 +157,7 @@ public abstract class AbstractEntity {
|
|||||||
* @param em
|
* @param em
|
||||||
* @param loginUser
|
* @param loginUser
|
||||||
*/
|
*/
|
||||||
public void initialize(EntityManager em, UnixUser loginUser) {
|
public void initialize(EntityManager em, AuthenticatedUser loginUser) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -166,7 +165,7 @@ public abstract class AbstractEntity {
|
|||||||
* @param em
|
* @param em
|
||||||
* @param loginUser
|
* @param loginUser
|
||||||
*/
|
*/
|
||||||
public void complete(EntityManager em, UnixUser loginUser) {
|
public void complete(EntityManager em, AuthenticatedUser loginUser) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -179,7 +178,7 @@ public abstract class AbstractEntity {
|
|||||||
* @param em
|
* @param em
|
||||||
* @param loginUser
|
* @param loginUser
|
||||||
*/
|
*/
|
||||||
public AbstractEntity merge(EntityManager em, UnixUser loginUser) {
|
public AbstractEntity merge(EntityManager em, AuthenticatedUser loginUser) {
|
||||||
return em.merge(this);
|
return em.merge(this);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -189,7 +188,7 @@ public abstract class AbstractEntity {
|
|||||||
* @param loginUser
|
* @param loginUser
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
public boolean isReadAllowedFor(UnixUser loginUser) {
|
public boolean isReadAllowedFor(AuthenticatedUser loginUser) {
|
||||||
return loginUser.hasHostmasterRole();
|
return loginUser.hasHostmasterRole();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -199,7 +198,7 @@ public abstract class AbstractEntity {
|
|||||||
* @param loginUser
|
* @param loginUser
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
public boolean isWriteAllowedFor(UnixUser loginUser) {
|
public boolean isWriteAllowedFor(AuthenticatedUser loginUser) {
|
||||||
return loginUser.hasHostmasterRole();
|
return loginUser.hasHostmasterRole();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -217,6 +216,6 @@ public abstract class AbstractEntity {
|
|||||||
* @param em
|
* @param em
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
public abstract UnixUser owningUser(EntityManager em);
|
public abstract AuthenticatedUser owningUser(EntityManager em);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -39,7 +39,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
||||||
UnixUser loginUser = transaction.getLoginUser();
|
AuthenticatedUser loginUser = transaction.getLoginUser();
|
||||||
EntityManager entityManager = transaction.getEntityManager();
|
EntityManager entityManager = transaction.getEntityManager();
|
||||||
newEntity.complete(entityManager, loginUser);
|
newEntity.complete(entityManager, loginUser);
|
||||||
entityManager.persist(newEntity);
|
entityManager.persist(newEntity);
|
||||||
@ -56,7 +56,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
|
|||||||
|
|
||||||
public AbstractEntity find(Class<? extends AbstractEntity> entityClass, Object key) throws HSAdminException {
|
public AbstractEntity find(Class<? extends AbstractEntity> entityClass, Object key) throws HSAdminException {
|
||||||
AbstractEntity entity = transaction.getEntityManager().find(entityClass, key);
|
AbstractEntity entity = transaction.getEntityManager().find(entityClass, key);
|
||||||
UnixUser loginUser = transaction.getLoginUser();
|
AuthenticatedUser loginUser = transaction.getLoginUser();
|
||||||
if (!entity.isReadAllowedFor(loginUser)) {
|
if (!entity.isReadAllowedFor(loginUser)) {
|
||||||
throw new AuthorisationException(loginUser, "add", entity);
|
throw new AuthorisationException(loginUser, "add", entity);
|
||||||
}
|
}
|
||||||
@ -96,7 +96,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public List<AbstractEntity> search(Class<? extends AbstractEntity> entityClass, String condition, String orderBy, int limit) throws HSAdminException {
|
public List<AbstractEntity> search(Class<? extends AbstractEntity> entityClass, String condition, String orderBy, int limit) throws HSAdminException {
|
||||||
UnixUser loginUser = transaction.getLoginUser();
|
AuthenticatedUser loginUser = transaction.getLoginUser();
|
||||||
condition = restrict(entityClass, loginUser, condition);
|
condition = restrict(entityClass, loginUser, condition);
|
||||||
Entity entityAnnot = entityClass.getAnnotation(Entity.class);
|
Entity entityAnnot = entityClass.getAnnotation(Entity.class);
|
||||||
String queryString = "SELECT obj FROM " + entityAnnot.name() + " obj";
|
String queryString = "SELECT obj FROM " + entityAnnot.name() + " obj";
|
||||||
@ -118,7 +118,9 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
|
|||||||
}
|
}
|
||||||
setQueryParameter(query, queryString, "loginUser", loginUser);
|
setQueryParameter(query, queryString, "loginUser", loginUser);
|
||||||
setQueryParameter(query, queryString, "loginUserName", loginUser.getName());
|
setQueryParameter(query, queryString, "loginUserName", loginUser.getName());
|
||||||
setQueryParameter(query, queryString, "loginUserPac", loginUser.getPac());
|
if (loginUser instanceof UnixUser) {
|
||||||
|
setQueryParameter(query, queryString, "loginUserPac", ((UnixUser)loginUser).getPac());
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
List<?> res = query.getResultList();
|
List<?> res = query.getResultList();
|
||||||
List<AbstractEntity> ret = new LinkedList<AbstractEntity>();
|
List<AbstractEntity> ret = new LinkedList<AbstractEntity>();
|
||||||
@ -138,7 +140,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
|
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
|
||||||
UnixUser loginUser = transaction.getLoginUser();
|
AuthenticatedUser loginUser = transaction.getLoginUser();
|
||||||
existingEntity = existingEntity.merge(transaction.getEntityManager(), loginUser);
|
existingEntity = existingEntity.merge(transaction.getEntityManager(), loginUser);
|
||||||
if (!existingEntity.isWriteAllowedFor(loginUser)) {
|
if (!existingEntity.isWriteAllowedFor(loginUser)) {
|
||||||
throw new AuthorisationException(loginUser, "update", existingEntity);
|
throw new AuthorisationException(loginUser, "update", existingEntity);
|
||||||
@ -152,7 +154,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public void delete(AbstractEntity existingEntity) throws HSAdminException {
|
public void delete(AbstractEntity existingEntity) throws HSAdminException {
|
||||||
UnixUser loginUser = transaction.getLoginUser();
|
AuthenticatedUser loginUser = transaction.getLoginUser();
|
||||||
EntityManager entityManager = transaction.getEntityManager();
|
EntityManager entityManager = transaction.getEntityManager();
|
||||||
existingEntity = entityManager.find(existingEntity.getClass(), existingEntity.id());
|
existingEntity = entityManager.find(existingEntity.getClass(), existingEntity.id());
|
||||||
if (!existingEntity.isWriteAllowedFor(loginUser)) {
|
if (!existingEntity.isWriteAllowedFor(loginUser)) {
|
||||||
@ -186,7 +188,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
|
|||||||
return procFact;
|
return procFact;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void queueProcessor(Processor proc, UnixUser user, AbstractEntity entity, String action) {
|
protected void queueProcessor(Processor proc, AuthenticatedUser authUser, AbstractEntity entity, String action) {
|
||||||
if (proc == null || proc instanceof NullProcessor) {
|
if (proc == null || proc instanceof NullProcessor) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -194,7 +196,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
|
|||||||
String entityTypeName = entityInfo != null ? entityInfo.name() : entity.getClass().getSimpleName();
|
String entityTypeName = entityInfo != null ? entityInfo.name() : entity.getClass().getSimpleName();
|
||||||
StringBuilder details = new StringBuilder();
|
StringBuilder details = new StringBuilder();
|
||||||
String title = entityTypeName + " (" + entity.createStringKey() + ") " + action;
|
String title = entityTypeName + " (" + entity.createStringKey() + ") " + action;
|
||||||
QueueTask task = new QueueTask(user, title, details.toString(), proc);
|
QueueTask task = new QueueTask(transaction.getLogin(), transaction.getRunas(), title, details.toString(), proc);
|
||||||
transaction.getEntityManager().persist(task);
|
transaction.getEntityManager().persist(task);
|
||||||
transaction.enqueue(entity.getHiveName(), task);
|
transaction.enqueue(entity.getHiveName(), task);
|
||||||
}
|
}
|
||||||
@ -210,7 +212,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
|
|||||||
/**
|
/**
|
||||||
* apply access restriction to JPA-QL condition.
|
* apply access restriction to JPA-QL condition.
|
||||||
*/
|
*/
|
||||||
private String restrict(Class<?> entityClass, UnixUser loginUser, String condition) {
|
private String restrict(Class<?> entityClass, AuthenticatedUser loginUser, String condition) {
|
||||||
String restriction = AbstractEntity.restriction(entityClass, loginUser);
|
String restriction = AbstractEntity.restriction(entityClass, loginUser);
|
||||||
if (restriction == null)
|
if (restriction == null)
|
||||||
return condition;
|
return condition;
|
||||||
|
15
hsarback/src/de/hsadmin/core/model/AuthenticatedUser.java
Normal file
15
hsarback/src/de/hsadmin/core/model/AuthenticatedUser.java
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
package de.hsadmin.core.model;
|
||||||
|
|
||||||
|
public interface AuthenticatedUser {
|
||||||
|
|
||||||
|
public long id();
|
||||||
|
|
||||||
|
public String getName();
|
||||||
|
|
||||||
|
public boolean hasHostmasterRole();
|
||||||
|
|
||||||
|
public boolean hasPacAdminRoleFor(AbstractEntity pac);
|
||||||
|
|
||||||
|
public boolean hasCustomerRoleFor(AbstractEntity customer);
|
||||||
|
|
||||||
|
}
|
@ -1,17 +1,15 @@
|
|||||||
package de.hsadmin.core.model;
|
package de.hsadmin.core.model;
|
||||||
|
|
||||||
import de.hsadmin.mods.user.UnixUser;
|
|
||||||
|
|
||||||
public class AuthorisationException extends HSAdminException {
|
public class AuthorisationException extends HSAdminException {
|
||||||
|
|
||||||
private static final long serialVersionUID = -8125905071037488732L;
|
private static final long serialVersionUID = -8125905071037488732L;
|
||||||
|
|
||||||
private UnixUser user;
|
private AuthenticatedUser user;
|
||||||
private String method;
|
private String method;
|
||||||
private AbstractEntity entity;
|
private AbstractEntity entity;
|
||||||
private String field;
|
private String field;
|
||||||
|
|
||||||
public UnixUser getUser() {
|
public AuthenticatedUser getUser() {
|
||||||
return user;
|
return user;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -27,14 +25,14 @@ public class AuthorisationException extends HSAdminException {
|
|||||||
return field;
|
return field;
|
||||||
}
|
}
|
||||||
|
|
||||||
public AuthorisationException(UnixUser user, String method) {
|
public AuthorisationException(AuthenticatedUser user, String method) {
|
||||||
super("nicht authorisiert fuer " + method + "()");
|
super("nicht authorisiert fuer " + method + "()");
|
||||||
|
|
||||||
this.user = user;
|
this.user = user;
|
||||||
this.method = method;
|
this.method = method;
|
||||||
}
|
}
|
||||||
|
|
||||||
public AuthorisationException(UnixUser user, String method, AbstractEntity entity) {
|
public AuthorisationException(AuthenticatedUser user, String method, AbstractEntity entity) {
|
||||||
super("nicht authorisiert fuer " + method + "("
|
super("nicht authorisiert fuer " + method + "("
|
||||||
+ entity.createStringKey() + ")");
|
+ entity.createStringKey() + ")");
|
||||||
|
|
||||||
@ -43,7 +41,7 @@ public class AuthorisationException extends HSAdminException {
|
|||||||
this.entity = entity;
|
this.entity = entity;
|
||||||
}
|
}
|
||||||
|
|
||||||
public AuthorisationException(UnixUser user, String method, AbstractEntity entity,
|
public AuthorisationException(AuthenticatedUser user, String method, AbstractEntity entity,
|
||||||
String field) {
|
String field) {
|
||||||
super("nicht authorisiert fuer " + method + "("
|
super("nicht authorisiert fuer " + method + "("
|
||||||
+ entity.createStringKey() + "." + field + ")");
|
+ entity.createStringKey() + "." + field + ")");
|
||||||
|
@ -5,8 +5,6 @@ import java.util.List;
|
|||||||
|
|
||||||
import javax.persistence.EntityManager;
|
import javax.persistence.EntityManager;
|
||||||
|
|
||||||
import de.hsadmin.mods.user.UnixUser;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* allows access only for hostmasters, used as fallback wrapper.
|
* allows access only for hostmasters, used as fallback wrapper.
|
||||||
*/
|
*/
|
||||||
@ -98,7 +96,7 @@ public class SecureDefaultModuleImpl extends AbstractModuleImpl {
|
|||||||
public void delete(AbstractEntity detachedEntity) throws HSAdminException {
|
public void delete(AbstractEntity detachedEntity) throws HSAdminException {
|
||||||
Transaction transaction = getTransaction();
|
Transaction transaction = getTransaction();
|
||||||
EntityManager entityManager = transaction.getEntityManager();
|
EntityManager entityManager = transaction.getEntityManager();
|
||||||
UnixUser loginUser = transaction.getLoginUser();
|
AuthenticatedUser loginUser = transaction.getLoginUser();
|
||||||
AbstractEntity attachedEntity = entityManager.find(detachedEntity.getClass(), detachedEntity.id());
|
AbstractEntity attachedEntity = entityManager.find(detachedEntity.getClass(), detachedEntity.id());
|
||||||
if (!attachedEntity.isWriteAllowedFor(loginUser)) {
|
if (!attachedEntity.isWriteAllowedFor(loginUser)) {
|
||||||
throw new AuthorisationException(loginUser, "delete", detachedEntity);
|
throw new AuthorisationException(loginUser, "delete", detachedEntity);
|
||||||
|
@ -28,15 +28,16 @@ public class Transaction {
|
|||||||
|
|
||||||
private EntityManager entityManager;
|
private EntityManager entityManager;
|
||||||
private QueueConnectionFactory queueConnectionFactory;
|
private QueueConnectionFactory queueConnectionFactory;
|
||||||
private String loginName;
|
private String loginUser;
|
||||||
|
private String runasUser;
|
||||||
private Map<String, QueueTaskStore> taskStores;
|
private Map<String, QueueTaskStore> taskStores;
|
||||||
private boolean transactionActive;
|
private boolean transactionActive;
|
||||||
private InitialContext ctx;
|
private InitialContext ctx;
|
||||||
|
|
||||||
public Transaction(String loginName) {
|
public Transaction(String runasName) {
|
||||||
transactionActive = false;
|
transactionActive = false;
|
||||||
this.entityManager = PersistenceManager.getEntityManager("hsadmin");
|
this.entityManager = PersistenceManager.getEntityManager("hsadmin");
|
||||||
this.loginName = loginName;
|
this.runasUser = runasName;
|
||||||
taskStores = new HashMap<String, QueueTaskStore>();
|
taskStores = new HashMap<String, QueueTaskStore>();
|
||||||
try {
|
try {
|
||||||
ctx = new InitialContext();
|
ctx = new InitialContext();
|
||||||
@ -67,11 +68,12 @@ public class Transaction {
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getLoginName() {
|
public String getLogin() {
|
||||||
if (loginName != null) {
|
return loginUser;
|
||||||
return loginName;
|
|
||||||
}
|
}
|
||||||
throw new TechnicalException("no login");
|
|
||||||
|
public String getRunas() {
|
||||||
|
return runasUser;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void enqueue(String hiveName, QueueTask task) {
|
public void enqueue(String hiveName, QueueTask task) {
|
||||||
@ -171,8 +173,8 @@ public class Transaction {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public UnixUser getLoginUser() {
|
public AuthenticatedUser getLoginUser() {
|
||||||
String loginName = getLoginName();
|
String loginName = getRunas();
|
||||||
if (loginName != null && loginName.length() == 2) {
|
if (loginName != null && loginName.length() == 2) {
|
||||||
loginName = Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-" + loginName;
|
loginName = Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-" + loginName;
|
||||||
}
|
}
|
||||||
@ -185,44 +187,44 @@ public class Transaction {
|
|||||||
return unixUser;
|
return unixUser;
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean login(String user, String ticket) throws AuthenticationException {
|
public boolean login(String runasUser, String ticket) throws AuthenticationException {
|
||||||
String ticketUser = TicketValidator.getInstance().validateTicket(ticket);
|
loginUser = TicketValidator.getInstance().validateTicket(ticket);
|
||||||
if (user != null && user.equals(ticketUser)) {
|
if (runasUser != null && runasUser.equals(loginUser)) {
|
||||||
return true; // user himself
|
return true; // user himself
|
||||||
}
|
}
|
||||||
if (ticketUser != null && ticketUser.length() == 2) {
|
if (loginUser != null && loginUser.length() == 2) {
|
||||||
return true; // 2-letter hostmaster
|
return true; // 2-letter hostmaster
|
||||||
}
|
}
|
||||||
String hostmasterAccountPrefix = Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-";
|
String hostmasterAccountPrefix = Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-";
|
||||||
if (ticketUser != null && ticketUser.startsWith(hostmasterAccountPrefix) && ticketUser.length() == 8) {
|
if (loginUser != null && loginUser.startsWith(hostmasterAccountPrefix) && loginUser.length() == 8) {
|
||||||
return true; // hsh01 hostmaster
|
return true; // hsh01 hostmaster
|
||||||
}
|
}
|
||||||
if (ticketUser != null && ticketUser.length() == 5) {
|
if (loginUser != null && loginUser.length() == 5) {
|
||||||
Query userQuery = getEntityManager().createQuery("SELECT u FROM UnixUsers u WHERE u.name = :username");
|
Query userQuery = getEntityManager().createQuery("SELECT u FROM UnixUsers u WHERE u.name = :username");
|
||||||
userQuery.setParameter("username", user);
|
userQuery.setParameter("username", runasUser);
|
||||||
UnixUser unixUser = (UnixUser) userQuery.getSingleResult();
|
UnixUser unixUser = (UnixUser) userQuery.getSingleResult();
|
||||||
String pacName = unixUser.getPac().getName();
|
String pacName = unixUser.getPac().getName();
|
||||||
return ticketUser.equals(pacName); // pac-admin
|
return loginUser.equals(pacName); // pac-admin
|
||||||
}
|
}
|
||||||
String memberAccountPrefix = Config.getInstance().getProperty("accountprefix.customer", "hsh00") + "-";
|
String memberAccountPrefix = Config.getInstance().getProperty("accountprefix.customer", "hsh00") + "-";
|
||||||
if (ticketUser != null && (ticketUser.length() == 3 || (ticketUser.length() >= 9 && ticketUser.startsWith(memberAccountPrefix)))) {
|
if (loginUser != null && (loginUser.length() == 3 || (loginUser.length() >= 9 && loginUser.startsWith(memberAccountPrefix)))) {
|
||||||
Query memberQuery = getEntityManager().createQuery("SELECT c FROM Customers c WHERE c.name = :membername");
|
Query memberQuery = getEntityManager().createQuery("SELECT c FROM Customers c WHERE c.name = :membername");
|
||||||
memberQuery.setParameter("membername", ticketUser.length() == 3 ? (memberAccountPrefix + ticketUser) : ticketUser);
|
memberQuery.setParameter("membername", loginUser.length() == 3 ? (memberAccountPrefix + loginUser) : loginUser);
|
||||||
Customer member = (Customer) memberQuery.getSingleResult();
|
Customer member = (Customer) memberQuery.getSingleResult();
|
||||||
Set<Pac> pacs = member.getPacs();
|
Set<Pac> pacs = member.getPacs();
|
||||||
for (Pac p : pacs) {
|
for (Pac p : pacs) {
|
||||||
if (p.getName().equals(user)) {
|
if (p.getName().equals(runasUser)) {
|
||||||
return true; // member as pac-admin
|
return true; // member as pac-admin
|
||||||
}
|
}
|
||||||
Set<UnixUser> users = p.getUnixUser();
|
Set<UnixUser> users = p.getUnixUser();
|
||||||
for (UnixUser u : users) {
|
for (UnixUser u : users) {
|
||||||
if (u.getName().equals(user)) {
|
if (u.getName().equals(runasUser)) {
|
||||||
return true; // member as pac-user
|
return true; // member as pac-user
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
throw new AuthenticationException("User " + ticketUser + " is not allowed to run as " + user);
|
throw new AuthenticationException("User " + loginUser + " is not allowed to run as " + runasUser);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -20,6 +20,7 @@ import javax.persistence.Transient;
|
|||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
import de.hsadmin.core.model.AnnFieldIO;
|
import de.hsadmin.core.model.AnnFieldIO;
|
||||||
import de.hsadmin.core.model.AnnModuleImpl;
|
import de.hsadmin.core.model.AnnModuleImpl;
|
||||||
|
import de.hsadmin.core.model.AuthenticatedUser;
|
||||||
import de.hsadmin.core.model.ReadWriteAccess;
|
import de.hsadmin.core.model.ReadWriteAccess;
|
||||||
import de.hsadmin.mods.qstat.QTaskModuleImpl;
|
import de.hsadmin.mods.qstat.QTaskModuleImpl;
|
||||||
import de.hsadmin.mods.user.UnixUser;
|
import de.hsadmin.mods.user.UnixUser;
|
||||||
@ -42,6 +43,14 @@ public class QueueTask extends AbstractEntity implements Serializable {
|
|||||||
@ManyToOne(fetch=FetchType.EAGER)
|
@ManyToOne(fetch=FetchType.EAGER)
|
||||||
private UnixUser user;
|
private UnixUser user;
|
||||||
|
|
||||||
|
@AnnFieldIO(rw=ReadWriteAccess.READONLY)
|
||||||
|
@Column(name = "runas_user", columnDefinition = "character varying(48)", nullable = true)
|
||||||
|
private String runasUser;
|
||||||
|
|
||||||
|
@AnnFieldIO(rw=ReadWriteAccess.READONLY)
|
||||||
|
@Column(name = "login_user", columnDefinition = "character varying(48)", nullable = true)
|
||||||
|
private String loginUser;
|
||||||
|
|
||||||
@AnnFieldIO(rw=ReadWriteAccess.READONLY)
|
@AnnFieldIO(rw=ReadWriteAccess.READONLY)
|
||||||
@Column(name = "started", columnDefinition = "date")
|
@Column(name = "started", columnDefinition = "date")
|
||||||
@Temporal(javax.persistence.TemporalType.TIMESTAMP)
|
@Temporal(javax.persistence.TemporalType.TIMESTAMP)
|
||||||
@ -69,8 +78,9 @@ public class QueueTask extends AbstractEntity implements Serializable {
|
|||||||
public QueueTask() {
|
public QueueTask() {
|
||||||
}
|
}
|
||||||
|
|
||||||
public QueueTask(UnixUser user, String title, String details, Processor proc) {
|
public QueueTask(String loginUser, String runasUser, String title, String details, Processor proc) {
|
||||||
this.user = user;
|
this.loginUser = loginUser;
|
||||||
|
this.runasUser = runasUser;
|
||||||
this.title = title;
|
this.title = title;
|
||||||
this.details = details;
|
this.details = details;
|
||||||
this.started = new Date();
|
this.started = new Date();
|
||||||
@ -89,7 +99,7 @@ public class QueueTask extends AbstractEntity implements Serializable {
|
|||||||
* on all merged fields of this entity
|
* on all merged fields of this entity
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public boolean isReadAllowedFor(UnixUser loginUser) {
|
public boolean isReadAllowedFor(AuthenticatedUser loginUser) {
|
||||||
return loginUser.hasHostmasterRole()
|
return loginUser.hasHostmasterRole()
|
||||||
|| loginUser.hasPacAdminRoleFor(getUser().getPac())
|
|| loginUser.hasPacAdminRoleFor(getUser().getPac())
|
||||||
|| loginUser.id() == getUser().id();
|
|| loginUser.id() == getUser().id();
|
||||||
@ -136,6 +146,22 @@ public class QueueTask extends AbstractEntity implements Serializable {
|
|||||||
this.user = user;
|
this.user = user;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public String getRunasUser() {
|
||||||
|
return runasUser;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setRunasUser(String runasUser) {
|
||||||
|
this.runasUser = runasUser;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getLoginUser() {
|
||||||
|
return loginUser;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setLoginUser(String loginUser) {
|
||||||
|
this.loginUser = loginUser;
|
||||||
|
}
|
||||||
|
|
||||||
public Date getStarted() {
|
public Date getStarted() {
|
||||||
return started;
|
return started;
|
||||||
}
|
}
|
||||||
|
@ -28,7 +28,7 @@ public class WaitingTasksProcessor extends AbstractProcessor {
|
|||||||
if (task.getException() == null) {
|
if (task.getException() == null) {
|
||||||
for (WaitingProcessor p : waitingTasks) {
|
for (WaitingProcessor p : waitingTasks) {
|
||||||
QueueTask wTask =
|
QueueTask wTask =
|
||||||
new QueueTask(task.getUser(), task.getTitle() + " / " + p.getTitle(), task.getTitle() + " / " + p.getTitle(), p.getProc());
|
new QueueTask(transaction.getLogin(), transaction.getRunas(), task.getTitle() + " / " + p.getTitle(), task.getTitle() + " / " + p.getTitle(), p.getProc());
|
||||||
transaction.getEntityManager().persist(wTask);
|
transaction.getEntityManager().persist(wTask);
|
||||||
transaction.enqueue(p.getHost(), wTask);
|
transaction.enqueue(p.getHost(), wTask);
|
||||||
}
|
}
|
||||||
|
@ -25,6 +25,7 @@ import javax.persistence.Temporal;
|
|||||||
import javax.persistence.Transient;
|
import javax.persistence.Transient;
|
||||||
|
|
||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
|
import de.hsadmin.core.model.AuthenticatedUser;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
import de.hsadmin.mods.user.UnixUser;
|
import de.hsadmin.mods.user.UnixUser;
|
||||||
|
|
||||||
@ -234,12 +235,12 @@ public class Customer extends AbstractEntity implements Serializable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isReadAllowedFor(UnixUser loginUser) {
|
public boolean isReadAllowedFor(AuthenticatedUser loginUser) {
|
||||||
return loginUser.hasCustomerRoleFor(this);
|
return loginUser.hasCustomerRoleFor(this);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isWriteAllowedFor(UnixUser loginUser) {
|
public boolean isWriteAllowedFor(AuthenticatedUser loginUser) {
|
||||||
return loginUser.hasCustomerRoleFor(this);
|
return loginUser.hasCustomerRoleFor(this);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -24,6 +24,7 @@ import javax.persistence.Table;
|
|||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
import de.hsadmin.core.model.AbstractModuleImpl;
|
import de.hsadmin.core.model.AbstractModuleImpl;
|
||||||
import de.hsadmin.core.model.AnnFieldIO;
|
import de.hsadmin.core.model.AnnFieldIO;
|
||||||
|
import de.hsadmin.core.model.AuthenticatedUser;
|
||||||
import de.hsadmin.core.model.ReadWriteAccess;
|
import de.hsadmin.core.model.ReadWriteAccess;
|
||||||
import de.hsadmin.core.model.SearchFilter;
|
import de.hsadmin.core.model.SearchFilter;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
@ -79,8 +80,10 @@ public abstract class Database extends AbstractEntity implements Serializable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void initialize(EntityManager em, UnixUser loginUser) {
|
public void initialize(EntityManager em, AuthenticatedUser loginUser) {
|
||||||
pac = loginUser.getPac(); // a default useful for the pac admin
|
if (loginUser instanceof UnixUser) {
|
||||||
|
pac = ((UnixUser)loginUser).getPac(); // a default useful for the pac admin
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public void complete(EntityManager em, UnixUser loginUser) {
|
public void complete(EntityManager em, UnixUser loginUser) {
|
||||||
@ -140,7 +143,7 @@ public abstract class Database extends AbstractEntity implements Serializable {
|
|||||||
* determines whether the given user has full read access on all merged fields of this entity
|
* determines whether the given user has full read access on all merged fields of this entity
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public boolean isReadAllowedFor(UnixUser loginUser) {
|
public boolean isReadAllowedFor(AuthenticatedUser loginUser) {
|
||||||
return loginUser.hasPacAdminRoleFor(getPac());
|
return loginUser.hasPacAdminRoleFor(getPac());
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -148,7 +151,7 @@ public abstract class Database extends AbstractEntity implements Serializable {
|
|||||||
* determines whether the given user has full write access on all merged fields of this entity
|
* determines whether the given user has full write access on all merged fields of this entity
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public boolean isWriteAllowedFor(UnixUser loginUser) {
|
public boolean isWriteAllowedFor(AuthenticatedUser loginUser) {
|
||||||
String pacName = pac.getName();
|
String pacName = pac.getName();
|
||||||
if (!name.equals(pacName) && !name.startsWith(pacName + "_"))
|
if (!name.equals(pacName) && !name.startsWith(pacName + "_"))
|
||||||
return false;
|
return false;
|
||||||
|
@ -25,6 +25,7 @@ import javax.persistence.Transient;
|
|||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
import de.hsadmin.core.model.AbstractModuleImpl;
|
import de.hsadmin.core.model.AbstractModuleImpl;
|
||||||
import de.hsadmin.core.model.AnnFieldIO;
|
import de.hsadmin.core.model.AnnFieldIO;
|
||||||
|
import de.hsadmin.core.model.AuthenticatedUser;
|
||||||
import de.hsadmin.core.model.ReadWriteAccess;
|
import de.hsadmin.core.model.ReadWriteAccess;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
import de.hsadmin.mods.user.UnixUser;
|
import de.hsadmin.mods.user.UnixUser;
|
||||||
@ -72,8 +73,10 @@ public abstract class DatabaseUser extends AbstractEntity implements Serializabl
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void initialize(EntityManager em, UnixUser loginUser) {
|
public void initialize(EntityManager em, AuthenticatedUser loginUser) {
|
||||||
pac = loginUser.getPac(); // a default useful for the pac admin
|
if (loginUser instanceof UnixUser) {
|
||||||
|
pac = ((UnixUser)loginUser).getPac(); // a default useful for the pac admin
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public void complete(EntityManager em, UnixUser loginUser) {
|
public void complete(EntityManager em, UnixUser loginUser) {
|
||||||
@ -156,7 +159,7 @@ public abstract class DatabaseUser extends AbstractEntity implements Serializabl
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public DatabaseUser merge(EntityManager em, UnixUser loginUser) {
|
public DatabaseUser merge(EntityManager em, AuthenticatedUser loginUser) {
|
||||||
DatabaseUser dbEntity = (DatabaseUser) super.merge(em, loginUser);
|
DatabaseUser dbEntity = (DatabaseUser) super.merge(em, loginUser);
|
||||||
dbEntity.setPassword(this.getPassword());
|
dbEntity.setPassword(this.getPassword());
|
||||||
return dbEntity;
|
return dbEntity;
|
||||||
@ -180,7 +183,7 @@ public abstract class DatabaseUser extends AbstractEntity implements Serializabl
|
|||||||
* fields of this entity
|
* fields of this entity
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public boolean isReadAllowedFor(UnixUser loginUser) {
|
public boolean isReadAllowedFor(AuthenticatedUser loginUser) {
|
||||||
return loginUser.hasPacAdminRoleFor(getPac());
|
return loginUser.hasPacAdminRoleFor(getPac());
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -189,7 +192,7 @@ public abstract class DatabaseUser extends AbstractEntity implements Serializabl
|
|||||||
* fields of this entity
|
* fields of this entity
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public boolean isWriteAllowedFor(UnixUser loginUser) {
|
public boolean isWriteAllowedFor(AuthenticatedUser loginUser) {
|
||||||
String pacName = pac.getName();
|
String pacName = pac.getName();
|
||||||
if (!name.equals(pacName) && !name.startsWith(pacName + "_"))
|
if (!name.equals(pacName) && !name.startsWith(pacName + "_"))
|
||||||
return false;
|
return false;
|
||||||
|
@ -7,13 +7,13 @@ import javax.persistence.Query;
|
|||||||
|
|
||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
import de.hsadmin.core.model.AbstractModuleImpl;
|
import de.hsadmin.core.model.AbstractModuleImpl;
|
||||||
|
import de.hsadmin.core.model.AuthenticatedUser;
|
||||||
import de.hsadmin.core.model.AuthorisationException;
|
import de.hsadmin.core.model.AuthorisationException;
|
||||||
import de.hsadmin.core.model.HSAdminException;
|
import de.hsadmin.core.model.HSAdminException;
|
||||||
import de.hsadmin.core.model.Transaction;
|
import de.hsadmin.core.model.Transaction;
|
||||||
import de.hsadmin.hostsharing.BasePacType;
|
import de.hsadmin.hostsharing.BasePacType;
|
||||||
import de.hsadmin.hostsharing.MultiOption;
|
import de.hsadmin.hostsharing.MultiOption;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
import de.hsadmin.mods.user.UnixUser;
|
|
||||||
|
|
||||||
public class MySqlDatabaseModuleImpl extends AbstractModuleImpl {
|
public class MySqlDatabaseModuleImpl extends AbstractModuleImpl {
|
||||||
|
|
||||||
@ -29,7 +29,7 @@ public class MySqlDatabaseModuleImpl extends AbstractModuleImpl {
|
|||||||
@Override
|
@Override
|
||||||
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
||||||
Transaction transaction = getTransaction();
|
Transaction transaction = getTransaction();
|
||||||
UnixUser loginUser = transaction.getLoginUser();
|
AuthenticatedUser loginUser = transaction.getLoginUser();
|
||||||
MySqlDatabase database = (MySqlDatabase) newEntity;
|
MySqlDatabase database = (MySqlDatabase) newEntity;
|
||||||
String name = database.getName();
|
String name = database.getName();
|
||||||
String pacPrefix = name.substring(0, 5);
|
String pacPrefix = name.substring(0, 5);
|
||||||
@ -75,7 +75,7 @@ public class MySqlDatabaseModuleImpl extends AbstractModuleImpl {
|
|||||||
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
|
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
|
||||||
Transaction transaction = getTransaction();
|
Transaction transaction = getTransaction();
|
||||||
EntityManager em = transaction.getEntityManager();
|
EntityManager em = transaction.getEntityManager();
|
||||||
UnixUser unixUser = transaction.getLoginUser();
|
AuthenticatedUser unixUser = transaction.getLoginUser();
|
||||||
MySqlDatabase detachtedDB = (MySqlDatabase) existingEntity;
|
MySqlDatabase detachtedDB = (MySqlDatabase) existingEntity;
|
||||||
MySqlDatabase attachedDB = em.find(MySqlDatabase.class, detachtedDB.getId());
|
MySqlDatabase attachedDB = em.find(MySqlDatabase.class, detachtedDB.getId());
|
||||||
if (!attachedDB.getName().equals(detachtedDB.getName())) {
|
if (!attachedDB.getName().equals(detachtedDB.getName())) {
|
||||||
|
@ -7,20 +7,20 @@ import javax.persistence.Query;
|
|||||||
|
|
||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
import de.hsadmin.core.model.AbstractModuleImpl;
|
import de.hsadmin.core.model.AbstractModuleImpl;
|
||||||
|
import de.hsadmin.core.model.AuthenticatedUser;
|
||||||
import de.hsadmin.core.model.AuthorisationException;
|
import de.hsadmin.core.model.AuthorisationException;
|
||||||
import de.hsadmin.core.model.HSAdminException;
|
import de.hsadmin.core.model.HSAdminException;
|
||||||
import de.hsadmin.core.model.Transaction;
|
import de.hsadmin.core.model.Transaction;
|
||||||
import de.hsadmin.hostsharing.BasePacType;
|
import de.hsadmin.hostsharing.BasePacType;
|
||||||
import de.hsadmin.hostsharing.MultiOption;
|
import de.hsadmin.hostsharing.MultiOption;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
import de.hsadmin.mods.user.UnixUser;
|
|
||||||
|
|
||||||
public class MySqlUserModuleImpl extends AbstractModuleImpl {
|
public class MySqlUserModuleImpl extends AbstractModuleImpl {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
||||||
Transaction transaction = getTransaction();
|
Transaction transaction = getTransaction();
|
||||||
UnixUser loginUser = transaction.getLoginUser();
|
AuthenticatedUser loginUser = transaction.getLoginUser();
|
||||||
MySqlUser user = (MySqlUser) newEntity;
|
MySqlUser user = (MySqlUser) newEntity;
|
||||||
String name = user.getName();
|
String name = user.getName();
|
||||||
if (name.length() < 7 || name.charAt(5) != '_') {
|
if (name.length() < 7 || name.charAt(5) != '_') {
|
||||||
|
@ -7,13 +7,13 @@ import javax.persistence.Query;
|
|||||||
|
|
||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
import de.hsadmin.core.model.AbstractModuleImpl;
|
import de.hsadmin.core.model.AbstractModuleImpl;
|
||||||
|
import de.hsadmin.core.model.AuthenticatedUser;
|
||||||
import de.hsadmin.core.model.AuthorisationException;
|
import de.hsadmin.core.model.AuthorisationException;
|
||||||
import de.hsadmin.core.model.HSAdminException;
|
import de.hsadmin.core.model.HSAdminException;
|
||||||
import de.hsadmin.core.model.Transaction;
|
import de.hsadmin.core.model.Transaction;
|
||||||
import de.hsadmin.hostsharing.BasePacType;
|
import de.hsadmin.hostsharing.BasePacType;
|
||||||
import de.hsadmin.hostsharing.MultiOption;
|
import de.hsadmin.hostsharing.MultiOption;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
import de.hsadmin.mods.user.UnixUser;
|
|
||||||
|
|
||||||
public class PgSqlDatabaseModuleImpl extends AbstractModuleImpl {
|
public class PgSqlDatabaseModuleImpl extends AbstractModuleImpl {
|
||||||
|
|
||||||
@ -27,7 +27,7 @@ public class PgSqlDatabaseModuleImpl extends AbstractModuleImpl {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
||||||
UnixUser loginUser = getTransaction().getLoginUser();
|
AuthenticatedUser loginUser = getTransaction().getLoginUser();
|
||||||
PgSqlDatabase database = (PgSqlDatabase) newEntity;
|
PgSqlDatabase database = (PgSqlDatabase) newEntity;
|
||||||
String name = database.getName();
|
String name = database.getName();
|
||||||
String pacPrefix = name.substring(0, 5);
|
String pacPrefix = name.substring(0, 5);
|
||||||
@ -74,17 +74,17 @@ public class PgSqlDatabaseModuleImpl extends AbstractModuleImpl {
|
|||||||
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
|
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
|
||||||
Transaction transaction = getTransaction();
|
Transaction transaction = getTransaction();
|
||||||
EntityManager em = transaction.getEntityManager();
|
EntityManager em = transaction.getEntityManager();
|
||||||
UnixUser unixUser = transaction.getLoginUser();
|
AuthenticatedUser user = transaction.getLoginUser();
|
||||||
PgSqlDatabase detachtedDB = (PgSqlDatabase) existingEntity;
|
PgSqlDatabase detachtedDB = (PgSqlDatabase) existingEntity;
|
||||||
PgSqlDatabase attachedDB = em.find(PgSqlDatabase.class, detachtedDB.getId());
|
PgSqlDatabase attachedDB = em.find(PgSqlDatabase.class, detachtedDB.getId());
|
||||||
if (!attachedDB.getName().equals(detachtedDB.getName())) {
|
if (!attachedDB.getName().equals(detachtedDB.getName())) {
|
||||||
throw new AuthorisationException(unixUser, "update", existingEntity, "name");
|
throw new AuthorisationException(user, "update", existingEntity, "name");
|
||||||
}
|
}
|
||||||
if (!attachedDB.getEncoding().equals(detachtedDB.getEncoding())) {
|
if (!attachedDB.getEncoding().equals(detachtedDB.getEncoding())) {
|
||||||
throw new AuthorisationException(unixUser, "update", existingEntity, "encoding");
|
throw new AuthorisationException(user, "update", existingEntity, "encoding");
|
||||||
}
|
}
|
||||||
if (!attachedDB.getInstance().equals(detachtedDB.getInstance())) {
|
if (!attachedDB.getInstance().equals(detachtedDB.getInstance())) {
|
||||||
throw new AuthorisationException(unixUser, "update", existingEntity, "instance");
|
throw new AuthorisationException(user, "update", existingEntity, "instance");
|
||||||
}
|
}
|
||||||
return super.update(existingEntity);
|
return super.update(existingEntity);
|
||||||
}
|
}
|
||||||
|
@ -7,18 +7,18 @@ import javax.persistence.Query;
|
|||||||
|
|
||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
import de.hsadmin.core.model.AbstractModuleImpl;
|
import de.hsadmin.core.model.AbstractModuleImpl;
|
||||||
|
import de.hsadmin.core.model.AuthenticatedUser;
|
||||||
import de.hsadmin.core.model.AuthorisationException;
|
import de.hsadmin.core.model.AuthorisationException;
|
||||||
import de.hsadmin.core.model.HSAdminException;
|
import de.hsadmin.core.model.HSAdminException;
|
||||||
import de.hsadmin.hostsharing.BasePacType;
|
import de.hsadmin.hostsharing.BasePacType;
|
||||||
import de.hsadmin.hostsharing.MultiOption;
|
import de.hsadmin.hostsharing.MultiOption;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
import de.hsadmin.mods.user.UnixUser;
|
|
||||||
|
|
||||||
public class PgSqlUserModuleImpl extends AbstractModuleImpl {
|
public class PgSqlUserModuleImpl extends AbstractModuleImpl {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
||||||
UnixUser loginUser = getTransaction().getLoginUser();
|
AuthenticatedUser loginUser = getTransaction().getLoginUser();
|
||||||
PgSqlUser user = (PgSqlUser) newEntity;
|
PgSqlUser user = (PgSqlUser) newEntity;
|
||||||
String name = user.getName();
|
String name = user.getName();
|
||||||
if (name.length() < 7 || name.charAt(5) != '_') {
|
if (name.length() < 7 || name.charAt(5) != '_') {
|
||||||
|
@ -11,6 +11,7 @@ import javax.persistence.Query;
|
|||||||
|
|
||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
import de.hsadmin.core.model.AbstractModuleImpl;
|
import de.hsadmin.core.model.AbstractModuleImpl;
|
||||||
|
import de.hsadmin.core.model.AuthenticatedUser;
|
||||||
import de.hsadmin.core.model.AuthorisationException;
|
import de.hsadmin.core.model.AuthorisationException;
|
||||||
import de.hsadmin.core.model.GenericModuleImpl;
|
import de.hsadmin.core.model.GenericModuleImpl;
|
||||||
import de.hsadmin.core.model.HSAdminException;
|
import de.hsadmin.core.model.HSAdminException;
|
||||||
@ -54,8 +55,9 @@ public class DomainModuleImpl extends AbstractModuleImpl {
|
|||||||
@Override
|
@Override
|
||||||
public AbstractEntity initialize(AbstractEntity newEntity) throws AuthorisationException {
|
public AbstractEntity initialize(AbstractEntity newEntity) throws AuthorisationException {
|
||||||
AbstractEntity newDom = super.initialize(newEntity);
|
AbstractEntity newDom = super.initialize(newEntity);
|
||||||
if (newDom instanceof Domain) {
|
final AuthenticatedUser loginUser = getTransaction().getLoginUser();
|
||||||
((Domain) newDom).setUser(getTransaction().getLoginUser());
|
if (newDom instanceof Domain && loginUser instanceof UnixUser) {
|
||||||
|
((Domain) newDom).setUser((UnixUser) loginUser);
|
||||||
return newDom;
|
return newDom;
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
@ -135,7 +137,7 @@ public class DomainModuleImpl extends AbstractModuleImpl {
|
|||||||
final String hiveName = pac.getHive().getHiveName();
|
final String hiveName = pac.getHive().getHiveName();
|
||||||
dom.setDnsMaster(hiveName + ".hostsharing.net");
|
dom.setDnsMaster(hiveName + ".hostsharing.net");
|
||||||
// Standard domainoptions setzen. TODO: Alle defaults über eigene Klasse aus der Datenbank holen.
|
// Standard domainoptions setzen. TODO: Alle defaults über eigene Klasse aus der Datenbank holen.
|
||||||
UnixUser loginUser = getTransaction().getLoginUser();
|
AuthenticatedUser loginUser = getTransaction().getLoginUser();
|
||||||
if (!loginUser.hasHostmasterRole()) {
|
if (!loginUser.hasHostmasterRole()) {
|
||||||
boolean usersDomain = false;
|
boolean usersDomain = false;
|
||||||
boolean otherUserDomain = false;
|
boolean otherUserDomain = false;
|
||||||
@ -207,7 +209,7 @@ public class DomainModuleImpl extends AbstractModuleImpl {
|
|||||||
if (updatedDom.getName() == null || updatedDom.getName().length() == 0) {
|
if (updatedDom.getName() == null || updatedDom.getName().length() == 0) {
|
||||||
throw new HSAdminException("domain name required");
|
throw new HSAdminException("domain name required");
|
||||||
}
|
}
|
||||||
UnixUser loginUser = getTransaction().getLoginUser();
|
AuthenticatedUser loginUser = getTransaction().getLoginUser();
|
||||||
EntityManager em = getTransaction().getEntityManager();
|
EntityManager em = getTransaction().getEntityManager();
|
||||||
Domain oldDom = em.find(Domain.class, updatedDom.getId());
|
Domain oldDom = em.find(Domain.class, updatedDom.getId());
|
||||||
UnixUser admin = updatedDom.getUser();
|
UnixUser admin = updatedDom.getUser();
|
||||||
@ -274,7 +276,7 @@ public class DomainModuleImpl extends AbstractModuleImpl {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private void needsReadAccessOn(AbstractEntity ent, String method) throws AuthorisationException {
|
private void needsReadAccessOn(AbstractEntity ent, String method) throws AuthorisationException {
|
||||||
UnixUser loginUser = getTransaction().getLoginUser();
|
AuthenticatedUser loginUser = getTransaction().getLoginUser();
|
||||||
if (ent instanceof Domain) {
|
if (ent instanceof Domain) {
|
||||||
Domain dom = (Domain) ent;
|
Domain dom = (Domain) ent;
|
||||||
String aLoginUserName = loginUser.getName();
|
String aLoginUserName = loginUser.getName();
|
||||||
@ -293,7 +295,7 @@ public class DomainModuleImpl extends AbstractModuleImpl {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private void needsWriteAccessOn(AbstractEntity entity, String method) throws AuthorisationException {
|
private void needsWriteAccessOn(AbstractEntity entity, String method) throws AuthorisationException {
|
||||||
UnixUser loginUser = getTransaction().getLoginUser();
|
AuthenticatedUser loginUser = getTransaction().getLoginUser();
|
||||||
if (entity instanceof Domain) {
|
if (entity instanceof Domain) {
|
||||||
Domain dom = (Domain) entity;
|
Domain dom = (Domain) entity;
|
||||||
String aLoginUserName = loginUser.getName();
|
String aLoginUserName = loginUser.getName();
|
||||||
|
@ -19,6 +19,7 @@ import javax.persistence.Transient;
|
|||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
import de.hsadmin.core.model.AnnFieldIO;
|
import de.hsadmin.core.model.AnnFieldIO;
|
||||||
import de.hsadmin.core.model.AnnModuleImpl;
|
import de.hsadmin.core.model.AnnModuleImpl;
|
||||||
|
import de.hsadmin.core.model.AuthenticatedUser;
|
||||||
import de.hsadmin.core.model.HSAdminException;
|
import de.hsadmin.core.model.HSAdminException;
|
||||||
import de.hsadmin.core.model.ReadWriteAccess;
|
import de.hsadmin.core.model.ReadWriteAccess;
|
||||||
import de.hsadmin.core.model.SearchFilter;
|
import de.hsadmin.core.model.SearchFilter;
|
||||||
@ -192,12 +193,12 @@ public class EMailAddress extends AbstractEntity implements Serializable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isReadAllowedFor(UnixUser loginUser) {
|
public boolean isReadAllowedFor(AuthenticatedUser loginUser) {
|
||||||
return getDomain().isReadAllowedFor(loginUser);
|
return getDomain().isReadAllowedFor(loginUser);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isWriteAllowedFor(UnixUser loginUser) {
|
public boolean isWriteAllowedFor(AuthenticatedUser loginUser) {
|
||||||
return getDomain().isWriteAllowedFor(loginUser);
|
return getDomain().isWriteAllowedFor(loginUser);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -7,13 +7,13 @@ import javax.persistence.Query;
|
|||||||
|
|
||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
import de.hsadmin.core.model.AbstractModuleImpl;
|
import de.hsadmin.core.model.AbstractModuleImpl;
|
||||||
|
import de.hsadmin.core.model.AuthenticatedUser;
|
||||||
import de.hsadmin.core.model.AuthorisationException;
|
import de.hsadmin.core.model.AuthorisationException;
|
||||||
import de.hsadmin.core.model.HSAdminException;
|
import de.hsadmin.core.model.HSAdminException;
|
||||||
import de.hsadmin.core.model.Transaction;
|
import de.hsadmin.core.model.Transaction;
|
||||||
import de.hsadmin.hostsharing.BasePacType;
|
import de.hsadmin.hostsharing.BasePacType;
|
||||||
import de.hsadmin.mods.dom.Domain;
|
import de.hsadmin.mods.dom.Domain;
|
||||||
import de.hsadmin.mods.dom.DomainOption;
|
import de.hsadmin.mods.dom.DomainOption;
|
||||||
import de.hsadmin.mods.user.UnixUser;
|
|
||||||
|
|
||||||
public class EMailAddressModuleImpl extends AbstractModuleImpl {
|
public class EMailAddressModuleImpl extends AbstractModuleImpl {
|
||||||
|
|
||||||
@ -51,7 +51,7 @@ public class EMailAddressModuleImpl extends AbstractModuleImpl {
|
|||||||
qDomain.setParameter("domName", adr.getDomain().getName());
|
qDomain.setParameter("domName", adr.getDomain().getName());
|
||||||
Domain dom = (Domain) qDomain.getSingleResult();
|
Domain dom = (Domain) qDomain.getSingleResult();
|
||||||
adr.setDomain(dom);
|
adr.setDomain(dom);
|
||||||
UnixUser loginUser = tx.getLoginUser();
|
AuthenticatedUser loginUser = tx.getLoginUser();
|
||||||
if (dom.isPacDomain() && !loginUser.hasHostmasterRole()) {
|
if (dom.isPacDomain() && !loginUser.hasHostmasterRole()) {
|
||||||
throw new AuthorisationException(loginUser, "add", adr);
|
throw new AuthorisationException(loginUser, "add", adr);
|
||||||
}
|
}
|
||||||
@ -79,7 +79,7 @@ public class EMailAddressModuleImpl extends AbstractModuleImpl {
|
|||||||
@Override
|
@Override
|
||||||
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
|
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
|
||||||
Transaction transaction = getTransaction();
|
Transaction transaction = getTransaction();
|
||||||
UnixUser loginUser = transaction.getLoginUser();
|
AuthenticatedUser loginUser = transaction.getLoginUser();
|
||||||
EMailAddress detachedAddr = (EMailAddress) existingEntity;
|
EMailAddress detachedAddr = (EMailAddress) existingEntity;
|
||||||
EntityManager em = transaction.getEntityManager();
|
EntityManager em = transaction.getEntityManager();
|
||||||
EMailAddress attachedAddr = em.find(EMailAddress.class, detachedAddr.getId());
|
EMailAddress attachedAddr = em.find(EMailAddress.class, detachedAddr.getId());
|
||||||
|
@ -20,6 +20,7 @@ import de.hsadmin.core.model.AbstractEntity;
|
|||||||
import de.hsadmin.core.model.AbstractModuleImpl;
|
import de.hsadmin.core.model.AbstractModuleImpl;
|
||||||
import de.hsadmin.core.model.AnnFieldIO;
|
import de.hsadmin.core.model.AnnFieldIO;
|
||||||
import de.hsadmin.core.model.AnnModuleImpl;
|
import de.hsadmin.core.model.AnnModuleImpl;
|
||||||
|
import de.hsadmin.core.model.AuthenticatedUser;
|
||||||
import de.hsadmin.core.model.ReadWriteAccess;
|
import de.hsadmin.core.model.ReadWriteAccess;
|
||||||
import de.hsadmin.core.model.SearchFilter;
|
import de.hsadmin.core.model.SearchFilter;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
@ -66,14 +67,18 @@ public class EMailAlias extends AbstractEntity implements Serializable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void initialize(EntityManager em, UnixUser loginUser) {
|
public void initialize(EntityManager em, AuthenticatedUser loginUser) {
|
||||||
pac = loginUser.getPac();
|
pac = null;
|
||||||
|
name = "";
|
||||||
|
if (loginUser instanceof UnixUser) {
|
||||||
|
pac = ((UnixUser)loginUser).getPac();
|
||||||
name = pac.getName() + "-";
|
name = pac.getName() + "-";
|
||||||
|
}
|
||||||
target = "";
|
target = "";
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void complete(EntityManager em, UnixUser loginUser) {
|
public void complete(EntityManager em, AuthenticatedUser loginUser) {
|
||||||
if (pac == null && name != null && name.length() > 0) {
|
if (pac == null && name != null && name.length() > 0) {
|
||||||
String pacName = name.substring(0, 5);
|
String pacName = name.substring(0, 5);
|
||||||
try {
|
try {
|
||||||
@ -82,7 +87,9 @@ public class EMailAlias extends AbstractEntity implements Serializable {
|
|||||||
Query query = em.createQuery(queryString);
|
Query query = em.createQuery(queryString);
|
||||||
AbstractModuleImpl.setQueryParameter(query, queryString, "loginUser", loginUser);
|
AbstractModuleImpl.setQueryParameter(query, queryString, "loginUser", loginUser);
|
||||||
AbstractModuleImpl.setQueryParameter(query, queryString, "loginUserName", loginUser.getName());
|
AbstractModuleImpl.setQueryParameter(query, queryString, "loginUserName", loginUser.getName());
|
||||||
AbstractModuleImpl.setQueryParameter(query, queryString, "loginUserPac", loginUser.getPac());
|
if (loginUser instanceof UnixUser) {
|
||||||
|
AbstractModuleImpl.setQueryParameter(query, queryString, "loginUserPac", ((UnixUser)loginUser).getPac());
|
||||||
|
}
|
||||||
pac = (Pac) query.getSingleResult();
|
pac = (Pac) query.getSingleResult();
|
||||||
} catch (NoResultException exc) {
|
} catch (NoResultException exc) {
|
||||||
throw new SecurityException("packet '" + pacName + "' not found or access denied");
|
throw new SecurityException("packet '" + pacName + "' not found or access denied");
|
||||||
@ -171,12 +178,12 @@ public class EMailAlias extends AbstractEntity implements Serializable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isReadAllowedFor(UnixUser loginUser) {
|
public boolean isReadAllowedFor(AuthenticatedUser loginUser) {
|
||||||
return loginUser.hasPacAdminRoleFor(getPac());
|
return loginUser.hasPacAdminRoleFor(getPac());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isWriteAllowedFor(UnixUser loginUser) {
|
public boolean isWriteAllowedFor(AuthenticatedUser loginUser) {
|
||||||
String pacName = pac.getName();
|
String pacName = pac.getName();
|
||||||
if (!name.equals(pacName) && !name.startsWith(pacName + "-"))
|
if (!name.equals(pacName) && !name.startsWith(pacName + "-"))
|
||||||
return false;
|
return false;
|
||||||
|
@ -7,13 +7,13 @@ import javax.persistence.Query;
|
|||||||
|
|
||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
import de.hsadmin.core.model.AbstractModuleImpl;
|
import de.hsadmin.core.model.AbstractModuleImpl;
|
||||||
|
import de.hsadmin.core.model.AuthenticatedUser;
|
||||||
import de.hsadmin.core.model.AuthorisationException;
|
import de.hsadmin.core.model.AuthorisationException;
|
||||||
import de.hsadmin.core.model.HSAdminException;
|
import de.hsadmin.core.model.HSAdminException;
|
||||||
import de.hsadmin.core.model.Transaction;
|
import de.hsadmin.core.model.Transaction;
|
||||||
import de.hsadmin.hostsharing.BasePacType;
|
import de.hsadmin.hostsharing.BasePacType;
|
||||||
import de.hsadmin.hostsharing.MultiOption;
|
import de.hsadmin.hostsharing.MultiOption;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
import de.hsadmin.mods.user.UnixUser;
|
|
||||||
|
|
||||||
public class EMailAliasModuleImpl extends AbstractModuleImpl {
|
public class EMailAliasModuleImpl extends AbstractModuleImpl {
|
||||||
|
|
||||||
@ -29,7 +29,7 @@ public class EMailAliasModuleImpl extends AbstractModuleImpl {
|
|||||||
@Override
|
@Override
|
||||||
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
||||||
Transaction transaction = getTransaction();
|
Transaction transaction = getTransaction();
|
||||||
UnixUser loginUser = transaction.getLoginUser();
|
AuthenticatedUser loginUser = transaction.getLoginUser();
|
||||||
EMailAlias alias = (EMailAlias) newEntity;
|
EMailAlias alias = (EMailAlias) newEntity;
|
||||||
String name = alias.getName();
|
String name = alias.getName();
|
||||||
if (name.length() > 5 && (name.charAt(5) != '-') || name.length() == 6) {
|
if (name.length() > 5 && (name.charAt(5) != '-') || name.length() == 6) {
|
||||||
|
@ -27,6 +27,7 @@ import javax.persistence.TemporalType;
|
|||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
import de.hsadmin.core.model.AnnFieldIO;
|
import de.hsadmin.core.model.AnnFieldIO;
|
||||||
import de.hsadmin.core.model.AnnModuleImpl;
|
import de.hsadmin.core.model.AnnModuleImpl;
|
||||||
|
import de.hsadmin.core.model.AuthenticatedUser;
|
||||||
import de.hsadmin.core.model.ReadWriteAccess;
|
import de.hsadmin.core.model.ReadWriteAccess;
|
||||||
import de.hsadmin.hostsharing.BasePacType;
|
import de.hsadmin.hostsharing.BasePacType;
|
||||||
import de.hsadmin.mods.cust.Customer;
|
import de.hsadmin.mods.cust.Customer;
|
||||||
@ -113,7 +114,7 @@ public class Pac extends AbstractEntity implements Serializable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void initialize(EntityManager em, UnixUser loginUser) {
|
public void initialize(EntityManager em, AuthenticatedUser loginUser) {
|
||||||
super.initialize(em, loginUser);
|
super.initialize(em, loginUser);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -12,6 +12,7 @@ import javax.persistence.Query;
|
|||||||
|
|
||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
import de.hsadmin.core.model.AbstractModuleImpl;
|
import de.hsadmin.core.model.AbstractModuleImpl;
|
||||||
|
import de.hsadmin.core.model.AuthenticatedUser;
|
||||||
import de.hsadmin.core.model.AuthorisationException;
|
import de.hsadmin.core.model.AuthorisationException;
|
||||||
import de.hsadmin.core.model.GenericModuleImpl;
|
import de.hsadmin.core.model.GenericModuleImpl;
|
||||||
import de.hsadmin.core.model.HSAdminException;
|
import de.hsadmin.core.model.HSAdminException;
|
||||||
@ -126,7 +127,7 @@ public class PacModuleImpl extends AbstractModuleImpl {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public AbstractEntity update(AbstractEntity entity) throws HSAdminException {
|
public AbstractEntity update(AbstractEntity entity) throws HSAdminException {
|
||||||
UnixUser loginUser = getTransaction().getLoginUser();
|
AuthenticatedUser loginUser = getTransaction().getLoginUser();
|
||||||
if (!(entity instanceof Pac)) {
|
if (!(entity instanceof Pac)) {
|
||||||
throw new AuthorisationException(loginUser, "update", entity);
|
throw new AuthorisationException(loginUser, "update", entity);
|
||||||
}
|
}
|
||||||
@ -234,7 +235,7 @@ public class PacModuleImpl extends AbstractModuleImpl {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private void needsWriteAccessOn(AbstractEntity entity, String method) throws AuthorisationException {
|
private void needsWriteAccessOn(AbstractEntity entity, String method) throws AuthorisationException {
|
||||||
UnixUser loginUser = getTransaction().getLoginUser();
|
AuthenticatedUser loginUser = getTransaction().getLoginUser();
|
||||||
if (entity instanceof Pac) {
|
if (entity instanceof Pac) {
|
||||||
Pac pac = (Pac) entity;
|
Pac pac = (Pac) entity;
|
||||||
String aLoginUserName = loginUser.getName();
|
String aLoginUserName = loginUser.getName();
|
||||||
|
@ -130,7 +130,8 @@ public class PacTasksServlet extends HttpServlet
|
|||||||
if ("pac.delete".equals(parts[0])) {
|
if ("pac.delete".equals(parts[0])) {
|
||||||
proc = factory.createDeleteProcessor(em, pac);
|
proc = factory.createDeleteProcessor(em, pac);
|
||||||
}
|
}
|
||||||
transaction.enqueue(pac.getHiveName(), new QueueTask(pac.owningUser(em), parts[0] + ":" + parts[1], message, proc));
|
final String pacUser = pac.owningUser(em).getName();
|
||||||
|
transaction.enqueue(pac.getHiveName(), new QueueTask(pacUser, pacUser, parts[0] + ":" + parts[1], message, proc));
|
||||||
em.clear();
|
em.clear();
|
||||||
em.flush();
|
em.flush();
|
||||||
transaction.commitTransaction();
|
transaction.commitTransaction();
|
||||||
|
@ -19,15 +19,17 @@ import javax.persistence.Transient;
|
|||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
import de.hsadmin.core.model.AnnFieldIO;
|
import de.hsadmin.core.model.AnnFieldIO;
|
||||||
import de.hsadmin.core.model.AnnModuleImpl;
|
import de.hsadmin.core.model.AnnModuleImpl;
|
||||||
|
import de.hsadmin.core.model.AuthenticatedUser;
|
||||||
import de.hsadmin.core.model.ReadWriteAccess;
|
import de.hsadmin.core.model.ReadWriteAccess;
|
||||||
import de.hsadmin.core.util.Config;
|
import de.hsadmin.core.util.Config;
|
||||||
|
import de.hsadmin.mods.cust.Customer;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
|
|
||||||
@Entity(name = "UnixUsers")
|
@Entity(name = "UnixUsers")
|
||||||
@Table(name = "unixuser")
|
@Table(name = "unixuser")
|
||||||
@SequenceGenerator(name = "UnixUsersSeqGen", sequenceName = "unixuser_unixuser_id_seq")
|
@SequenceGenerator(name = "UnixUsersSeqGen", sequenceName = "unixuser_unixuser_id_seq")
|
||||||
@AnnModuleImpl(de.hsadmin.mods.user.UnixUserModuleImpl.class)
|
@AnnModuleImpl(de.hsadmin.mods.user.UnixUserModuleImpl.class)
|
||||||
public class UnixUser extends AbstractEntity implements Serializable {
|
public class UnixUser extends AbstractEntity implements Serializable, AuthenticatedUser {
|
||||||
|
|
||||||
private static final long serialVersionUID = 7823071611805642906L;
|
private static final long serialVersionUID = 7823071611805642906L;
|
||||||
|
|
||||||
@ -234,14 +236,16 @@ public class UnixUser extends AbstractEntity implements Serializable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void initialize(EntityManager em, UnixUser loginUser) {
|
public void initialize(EntityManager em, AuthenticatedUser loginUser) {
|
||||||
pac = loginUser.getPac(); // a default useful for the pac admin
|
if (loginUser instanceof UnixUser) {
|
||||||
|
pac = ((UnixUser)loginUser).getPac(); // a default useful for the pac admin
|
||||||
// TODO should not be hardcoded, but how?
|
// TODO should not be hardcoded, but how?
|
||||||
homedir = "/home/pacs/" + pac.getName() + "/users/...";
|
homedir = "/home/pacs/" + pac.getName() + "/users/...";
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public UnixUser merge(EntityManager em, UnixUser loginUser) {
|
public UnixUser merge(EntityManager em, AuthenticatedUser loginUser) {
|
||||||
if (homedir == null)
|
if (homedir == null)
|
||||||
homedir = "/home/pacs/" + pac.getName() + "/users/"
|
homedir = "/home/pacs/" + pac.getName() + "/users/"
|
||||||
+ getName().substring(6); // TODO: Hack
|
+ getName().substring(6); // TODO: Hack
|
||||||
@ -270,31 +274,40 @@ public class UnixUser extends AbstractEntity implements Serializable {
|
|||||||
return login.length() == 2 || ((login.startsWith(Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-") && login.length() == 8));
|
return login.length() == 2 || ((login.startsWith(Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-") && login.length() == 8));
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean hasCustomerRoleFor(de.hsadmin.mods.cust.Customer cust) {
|
public boolean hasCustomerRoleFor(AbstractEntity custEntity) {
|
||||||
|
if (custEntity instanceof Customer) {
|
||||||
|
Customer cust = (Customer) custEntity;
|
||||||
return getName().equals(cust.getName()) || hasHostmasterRole();
|
return getName().equals(cust.getName()) || hasHostmasterRole();
|
||||||
|
|
||||||
|
}
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean hasPacAdminRoleFor(Pac pac) {
|
public boolean hasPacAdminRoleFor(AbstractEntity pacEntity) {
|
||||||
|
if (pacEntity instanceof Pac) {
|
||||||
|
Pac pac = (Pac) pacEntity;
|
||||||
return pac != null &&
|
return pac != null &&
|
||||||
(pac.getName().equals(getName())
|
(pac.getName().equals(getName())
|
||||||
|| hasCustomerRoleFor(pac.getCustomer()) );
|
|| hasCustomerRoleFor(pac.getCustomer()) );
|
||||||
}
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isWriteAllowedFor(UnixUser loginUser) {
|
public boolean isWriteAllowedFor(AuthenticatedUser loginUser) {
|
||||||
String pacName = pac.getName();
|
String pacName = pac.getName();
|
||||||
if (!name.equals(pacName) && !name.startsWith(pacName + "-"))
|
if (!name.equals(pacName) && !name.startsWith(pacName + "-"))
|
||||||
return false;
|
return false;
|
||||||
if (super.isWriteAllowedFor(loginUser))
|
if (super.isWriteAllowedFor(loginUser))
|
||||||
return true;
|
return true;
|
||||||
return this.getId() == loginUser.getId() || loginUser.hasPacAdminRoleFor(getPac());
|
return (loginUser instanceof UnixUser && this.getId() == ((UnixUser)loginUser).getId()) || loginUser.hasPacAdminRoleFor(getPac());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isReadAllowedFor(UnixUser loginUser) {
|
public boolean isReadAllowedFor(AuthenticatedUser loginUser) {
|
||||||
if (super.isReadAllowedFor(loginUser))
|
if (super.isReadAllowedFor(loginUser))
|
||||||
return true;
|
return true;
|
||||||
return this.getId() == loginUser.getId() || loginUser.hasPacAdminRoleFor(getPac());
|
return (loginUser instanceof UnixUser && this.getId() == ((UnixUser)loginUser).getId()) || loginUser.hasPacAdminRoleFor(getPac());
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -8,6 +8,7 @@ import javax.persistence.Query;
|
|||||||
|
|
||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
import de.hsadmin.core.model.AbstractModuleImpl;
|
import de.hsadmin.core.model.AbstractModuleImpl;
|
||||||
|
import de.hsadmin.core.model.AuthenticatedUser;
|
||||||
import de.hsadmin.core.model.AuthorisationException;
|
import de.hsadmin.core.model.AuthorisationException;
|
||||||
import de.hsadmin.core.model.HSAdminException;
|
import de.hsadmin.core.model.HSAdminException;
|
||||||
import de.hsadmin.core.model.Transaction;
|
import de.hsadmin.core.model.Transaction;
|
||||||
@ -23,7 +24,10 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
|
|||||||
@Override
|
@Override
|
||||||
public AbstractEntity initialize(AbstractEntity newEntity) throws AuthorisationException {
|
public AbstractEntity initialize(AbstractEntity newEntity) throws AuthorisationException {
|
||||||
UnixUser newUnixUser = (UnixUser) super.initialize(newEntity);
|
UnixUser newUnixUser = (UnixUser) super.initialize(newEntity);
|
||||||
newUnixUser.setName(getTransaction().getLoginUser().getPac().getName() + '-');
|
final AuthenticatedUser loginUser = getTransaction().getLoginUser();
|
||||||
|
if (loginUser instanceof UnixUser) {
|
||||||
|
newUnixUser.setName(((UnixUser)loginUser).getPac().getName() + '-');
|
||||||
|
}
|
||||||
return newUnixUser;
|
return newUnixUser;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -73,7 +77,7 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
|
|||||||
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
||||||
Transaction transaction = getTransaction();
|
Transaction transaction = getTransaction();
|
||||||
EntityManager em = transaction.getEntityManager();
|
EntityManager em = transaction.getEntityManager();
|
||||||
UnixUser loginUser = transaction.getLoginUser();
|
AuthenticatedUser loginUser = transaction.getLoginUser();
|
||||||
// only allow pac which matches the username (TODO: hard coded
|
// only allow pac which matches the username (TODO: hard coded
|
||||||
// Hostsharing convention)
|
// Hostsharing convention)
|
||||||
UnixUser newUnixUser = (UnixUser) newEntity;
|
UnixUser newUnixUser = (UnixUser) newEntity;
|
||||||
@ -153,7 +157,7 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
|
|||||||
@Override
|
@Override
|
||||||
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
|
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
|
||||||
Transaction transaction = getTransaction();
|
Transaction transaction = getTransaction();
|
||||||
UnixUser loginUser = transaction.getLoginUser();
|
AuthenticatedUser loginUser = transaction.getLoginUser();
|
||||||
EntityManager em = transaction.getEntityManager();
|
EntityManager em = transaction.getEntityManager();
|
||||||
UnixUser detachedUnixUser = (UnixUser) existingEntity;
|
UnixUser detachedUnixUser = (UnixUser) existingEntity;
|
||||||
UnixUser attachedUnixUser = em.find(detachedUnixUser.getClass(), detachedUnixUser.getId());
|
UnixUser attachedUnixUser = em.find(detachedUnixUser.getClass(), detachedUnixUser.getId());
|
||||||
@ -226,7 +230,7 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
|
|||||||
// throws an AuthorisationException if the login user has no write acess
|
// throws an AuthorisationException if the login user has no write acess
|
||||||
// on the pac of the given UnixUser
|
// on the pac of the given UnixUser
|
||||||
private boolean hasFullAccessOnPacOf(UnixUser user) {
|
private boolean hasFullAccessOnPacOf(UnixUser user) {
|
||||||
UnixUser loginUser = getTransaction().getLoginUser();
|
AuthenticatedUser loginUser = getTransaction().getLoginUser();
|
||||||
String loginUserName = loginUser.getName();
|
String loginUserName = loginUser.getName();
|
||||||
return loginUser.hasHostmasterRole()
|
return loginUser.hasHostmasterRole()
|
||||||
|| loginUserName.equals(user.getPac().getName())
|
|| loginUserName.equals(user.getPac().getName())
|
||||||
@ -235,22 +239,33 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
|
|||||||
|
|
||||||
// throws an AuthorisationException if the login user has no write acess
|
// throws an AuthorisationException if the login user has no write acess
|
||||||
// on the pac of the given UnixUser
|
// on the pac of the given UnixUser
|
||||||
private void needsFullAccessOnPacOf(UnixUser user, String method)
|
private void needsFullAccessOnPacOf(UnixUser user, String method) throws AuthorisationException {
|
||||||
throws AuthorisationException {
|
|
||||||
if (!hasFullAccessOnPacOf(user))
|
if (!hasFullAccessOnPacOf(user))
|
||||||
throw new AuthorisationException(getTransaction().getLoginUser(), method, user);
|
throw new AuthorisationException(getTransaction().getLoginUser(), method, user);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void needsPartialAccessOnPacOf(UnixUser user, String method) throws AuthorisationException {
|
private void needsPartialAccessOnPacOf(UnixUser user, String method) throws AuthorisationException {
|
||||||
UnixUser loginUser = getTransaction().getLoginUser();
|
if (!hasFullAccessOnPacOf(user)) {
|
||||||
if (!hasFullAccessOnPacOf(user) && loginUser.getPac().id() != user.getPac().id()) {
|
AuthenticatedUser loginUser = getTransaction().getLoginUser();
|
||||||
|
if (loginUser instanceof UnixUser) {
|
||||||
|
UnixUser uxUser = (UnixUser) loginUser;
|
||||||
|
if (uxUser.getPac().id() == user.getPac().id()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
throw new AuthorisationException(loginUser, method, user);
|
throw new AuthorisationException(loginUser, method, user);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void needsFullAccessOnUser(UnixUser user, String method) throws AuthorisationException {
|
private void needsFullAccessOnUser(UnixUser user, String method) throws AuthorisationException {
|
||||||
UnixUser loginUser = getTransaction().getLoginUser();
|
if (!hasFullAccessOnPacOf(user)) {
|
||||||
if (!hasFullAccessOnPacOf(user) && !loginUser.sameIdAs(user)) {
|
AuthenticatedUser loginUser = getTransaction().getLoginUser();
|
||||||
|
if (loginUser instanceof UnixUser) {
|
||||||
|
UnixUser uxUser = (UnixUser) loginUser;
|
||||||
|
if (uxUser.sameIdAs(user)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
throw new AuthorisationException(loginUser, method, user);
|
throw new AuthorisationException(loginUser, method, user);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -260,6 +275,8 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
|
|||||||
return true;
|
return true;
|
||||||
if (shell.equals("/bin/bash"))
|
if (shell.equals("/bin/bash"))
|
||||||
return true;
|
return true;
|
||||||
|
if (shell.equals("/bin/dash"))
|
||||||
|
return true;
|
||||||
if (shell.equals("/bin/csh"))
|
if (shell.equals("/bin/csh"))
|
||||||
return true;
|
return true;
|
||||||
if (shell.equals("/bin/tcsh"))
|
if (shell.equals("/bin/tcsh"))
|
||||||
|
@ -9,13 +9,13 @@ import java.util.List;
|
|||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
|
import de.hsadmin.core.model.AuthenticatedUser;
|
||||||
import de.hsadmin.core.model.AuthenticationException;
|
import de.hsadmin.core.model.AuthenticationException;
|
||||||
import de.hsadmin.core.model.AuthorisationException;
|
import de.hsadmin.core.model.AuthorisationException;
|
||||||
import de.hsadmin.core.model.GenericModuleImpl;
|
import de.hsadmin.core.model.GenericModuleImpl;
|
||||||
import de.hsadmin.core.model.HSAdminException;
|
import de.hsadmin.core.model.HSAdminException;
|
||||||
import de.hsadmin.core.model.ModuleInterface;
|
import de.hsadmin.core.model.ModuleInterface;
|
||||||
import de.hsadmin.core.model.Transaction;
|
import de.hsadmin.core.model.Transaction;
|
||||||
import de.hsadmin.mods.user.UnixUser;
|
|
||||||
|
|
||||||
public abstract class AbstractRemote implements IRemote {
|
public abstract class AbstractRemote implements IRemote {
|
||||||
|
|
||||||
@ -43,7 +43,7 @@ public abstract class AbstractRemote implements IRemote {
|
|||||||
try {
|
try {
|
||||||
if (transaction.login(user, ticket)) {
|
if (transaction.login(user, ticket)) {
|
||||||
final ModuleInterface module = new GenericModuleImpl(transaction);
|
final ModuleInterface module = new GenericModuleImpl(transaction);
|
||||||
final UnixUser unixUser = transaction.getLoginUser();
|
final AuthenticatedUser unixUser = transaction.getLoginUser();
|
||||||
final List<AbstractEntity> list = module.search(getEntityClass(),
|
final List<AbstractEntity> list = module.search(getEntityClass(),
|
||||||
buildQueryCondition(whereParams), null);
|
buildQueryCondition(whereParams), null);
|
||||||
if (list == null) {
|
if (list == null) {
|
||||||
@ -105,7 +105,7 @@ public abstract class AbstractRemote implements IRemote {
|
|||||||
try {
|
try {
|
||||||
if (transaction.login(user, ticket)) {
|
if (transaction.login(user, ticket)) {
|
||||||
final ModuleInterface module = new GenericModuleImpl(transaction);
|
final ModuleInterface module = new GenericModuleImpl(transaction);
|
||||||
final UnixUser unixUser = transaction.getLoginUser();
|
final AuthenticatedUser authUser = transaction.getLoginUser();
|
||||||
final String queryCondition = buildQueryCondition(whereParams);
|
final String queryCondition = buildQueryCondition(whereParams);
|
||||||
if (queryCondition == null || queryCondition.length() == 0) {
|
if (queryCondition == null || queryCondition.length() == 0) {
|
||||||
throw new HSAdminException(
|
throw new HSAdminException(
|
||||||
@ -115,10 +115,10 @@ public abstract class AbstractRemote implements IRemote {
|
|||||||
queryCondition, null);
|
queryCondition, null);
|
||||||
transaction.beginTransaction();
|
transaction.beginTransaction();
|
||||||
for (AbstractEntity e : list) {
|
for (AbstractEntity e : list) {
|
||||||
if (e.isWriteAllowedFor(unixUser)) {
|
if (e.isWriteAllowedFor(authUser)) {
|
||||||
module.delete(e);
|
module.delete(e);
|
||||||
} else {
|
} else {
|
||||||
throw new AuthorisationException(unixUser, "delete", e);
|
throw new AuthorisationException(authUser, "delete", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
transaction.commitTransaction();
|
transaction.commitTransaction();
|
||||||
@ -142,7 +142,7 @@ public abstract class AbstractRemote implements IRemote {
|
|||||||
try {
|
try {
|
||||||
if (transaction.login(user, ticket)) {
|
if (transaction.login(user, ticket)) {
|
||||||
final ModuleInterface module = new GenericModuleImpl(transaction);
|
final ModuleInterface module = new GenericModuleImpl(transaction);
|
||||||
final UnixUser unixUser = transaction.getLoginUser();
|
final AuthenticatedUser unixUser = transaction.getLoginUser();
|
||||||
final ArrayList<Map<String, Object>> result = new ArrayList<Map<String, Object>>();
|
final ArrayList<Map<String, Object>> result = new ArrayList<Map<String, Object>>();
|
||||||
final String queryCondition = buildQueryCondition(whereParams);
|
final String queryCondition = buildQueryCondition(whereParams);
|
||||||
if (queryCondition == null || queryCondition.length() == 0) {
|
if (queryCondition == null || queryCondition.length() == 0) {
|
||||||
|
@ -6,6 +6,7 @@ import java.util.List;
|
|||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
|
import de.hsadmin.core.model.AuthenticatedUser;
|
||||||
import de.hsadmin.core.model.AuthenticationException;
|
import de.hsadmin.core.model.AuthenticationException;
|
||||||
import de.hsadmin.core.model.GenericModuleImpl;
|
import de.hsadmin.core.model.GenericModuleImpl;
|
||||||
import de.hsadmin.core.model.HSAdminException;
|
import de.hsadmin.core.model.HSAdminException;
|
||||||
@ -13,6 +14,7 @@ import de.hsadmin.core.model.Transaction;
|
|||||||
import de.hsadmin.core.util.Config;
|
import de.hsadmin.core.util.Config;
|
||||||
import de.hsadmin.mods.dom.Domain;
|
import de.hsadmin.mods.dom.Domain;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
|
import de.hsadmin.mods.user.UnixUser;
|
||||||
|
|
||||||
public class RoleRemote implements IRemote {
|
public class RoleRemote implements IRemote {
|
||||||
|
|
||||||
@ -25,7 +27,9 @@ public class RoleRemote implements IRemote {
|
|||||||
String role = "USER";
|
String role = "USER";
|
||||||
String accoutPrefixCustomer = Config.getInstance().getProperty("accountprefix.customer");
|
String accoutPrefixCustomer = Config.getInstance().getProperty("accountprefix.customer");
|
||||||
String accoutPrefixHostmaster = Config.getInstance().getProperty("accountprefix.hostmaster");
|
String accoutPrefixHostmaster = Config.getInstance().getProperty("accountprefix.hostmaster");
|
||||||
Pac pac = transaction.getLoginUser().getPac();
|
final AuthenticatedUser loginUser = transaction.getLoginUser();
|
||||||
|
if (loginUser instanceof UnixUser) {
|
||||||
|
Pac pac = ((UnixUser) loginUser).getPac();
|
||||||
String pacName = pac.getName();
|
String pacName = pac.getName();
|
||||||
if (accoutPrefixCustomer.equals(pacName)) {
|
if (accoutPrefixCustomer.equals(pacName)) {
|
||||||
role = "CUSTOMER";
|
role = "CUSTOMER";
|
||||||
@ -43,6 +47,7 @@ public class RoleRemote implements IRemote {
|
|||||||
role = "DOM_ADMIN";
|
role = "DOM_ADMIN";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
List<Map<String, Object>> result = new ArrayList<Map<String,Object>>();
|
List<Map<String, Object>> result = new ArrayList<Map<String,Object>>();
|
||||||
Map<String, Object> record = new HashMap<String, Object>();
|
Map<String, Object> record = new HashMap<String, Object>();
|
||||||
record.put("role", role);
|
record.put("role", role);
|
||||||
|
Loading…
Reference in New Issue
Block a user