Fix RoleUtils methods
This commit is contained in:
parent
02169daeb7
commit
9a9209f9a2
|
@ -51,7 +51,6 @@ public class PageController {
|
|||
// @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
|
||||
@RequestMapping(value = "/page/update", method = RequestMethod.POST)
|
||||
public PortalPage updatePage(@RequestBody PortalPage portalPage) {
|
||||
List<String> roles = rolesUtils.getRoles();
|
||||
if(portalPage == null) {
|
||||
throw new NullPointerException("Update page: portalPage is null");
|
||||
}
|
||||
|
@ -59,8 +58,8 @@ public class PageController {
|
|||
// EXCEPTION - MismatchingContent
|
||||
throw new MismatchingContentException("Update page: Page has no id.");
|
||||
}
|
||||
if(!rolesUtils.isPortalAdmin(roles) || (
|
||||
portalPage.getPortalPid() != null && !rolesUtils.hasUpdateAuthority(roles, portalPage.getPortalType(), portalPage.getPortalPid()))) {
|
||||
if(!rolesUtils.isPortalAdmin() || (
|
||||
portalPage.getPortalPid() != null && !rolesUtils.hasUpdateAuthority(portalPage.getPortalType(), portalPage.getPortalPid()))) {
|
||||
// EXCEPTION - Access denied
|
||||
throw new ForbiddenException("Update page: You are not authorized to update a page for "+portalPage.getPortalType()+
|
||||
(portalPage.getPortalPid()!=null ? " : "+portalPage.getPortalPid() : ""));
|
||||
|
@ -78,7 +77,6 @@ public class PageController {
|
|||
// @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
|
||||
@RequestMapping(value = "/page/save", method = RequestMethod.POST)
|
||||
public PortalPage insertPage(@RequestBody PortalPage portalPage) {
|
||||
List<String> roles = rolesUtils.getRoles();
|
||||
if(portalPage == null) {
|
||||
throw new NullPointerException("Save page: portalPage is null");
|
||||
}
|
||||
|
@ -86,8 +84,8 @@ public class PageController {
|
|||
// EXCEPTION - MismatchingContent
|
||||
throw new MismatchingContentException("Save page: Page has already an id: "+portalPage.getId());
|
||||
}
|
||||
if(!rolesUtils.isPortalAdmin(roles) || (
|
||||
portalPage.getPortalPid() != null && !rolesUtils.hasUpdateAuthority(roles, portalPage.getPortalType(), portalPage.getPortalPid()))) {
|
||||
if(!rolesUtils.isPortalAdmin() || (
|
||||
portalPage.getPortalPid() != null && !rolesUtils.hasUpdateAuthority(portalPage.getPortalType(), portalPage.getPortalPid()))) {
|
||||
// EXCEPTION - Access denied
|
||||
throw new ForbiddenException("Save page: You are not authorized to create a page for "+portalPage.getPortalType()+
|
||||
(portalPage.getPortalPid()!=null ? " : "+portalPage.getPortalPid() : ""));
|
||||
|
@ -132,4 +130,4 @@ public class PageController {
|
|||
// public Page togglePageEntity(@PathVariable(value = "id") String id, @RequestParam String entityId, @RequestParam String status) throws Exception {
|
||||
// return pageService.togglePageEntity(id, entityId, status);
|
||||
// }
|
||||
}
|
||||
}
|
||||
|
|
|
@ -11,6 +11,7 @@ import org.springframework.stereotype.Component;
|
|||
|
||||
@Component
|
||||
public class RolesUtils {
|
||||
|
||||
@Autowired
|
||||
private AuthorizationService authorizationService;
|
||||
|
||||
|
@ -28,54 +29,31 @@ public class RolesUtils {
|
|||
return authorizationService.getAaiId();
|
||||
}
|
||||
|
||||
public boolean isPortalAdmin(List<String> roles) {
|
||||
if(roles == null) {
|
||||
return false;
|
||||
}
|
||||
// log.debug(authorizationService.PORTAL_ADMIN);
|
||||
// log.debug("PortalAdmin: "+roles.contains(authorizationService.PORTAL_ADMIN));
|
||||
return roles.contains(authorizationService.PORTAL_ADMIN);
|
||||
public boolean isPortalAdmin() {
|
||||
return this.authorizationService.getRoles().contains(authorizationService.PORTAL_ADMIN);
|
||||
}
|
||||
|
||||
public boolean isCurator(List<String> roles, String type) {
|
||||
if(roles == null) {
|
||||
return false;
|
||||
}
|
||||
// log.debug(authorizationService.curator(type));
|
||||
// log.debug("Curator in "+type+": "+roles.contains(authorizationService.curator(type)));
|
||||
return roles.contains(authorizationService.curator(type));
|
||||
public boolean isCurator(String type) {
|
||||
return this.authorizationService.getRoles().contains(authorizationService.curator(type));
|
||||
}
|
||||
|
||||
public boolean isManager(List<String> roles, String type, String id) {
|
||||
if(roles == null) {
|
||||
return false;
|
||||
}
|
||||
// log.debug(authorizationService.manager(type, id));
|
||||
// log.debug("Manager in "+type+" - "+id+": "+roles.contains(authorizationService.manager(type, id)));
|
||||
return roles.contains(authorizationService.manager(type, id));
|
||||
public boolean isManager(String type, String id) {
|
||||
return this.authorizationService.getRoles().contains(authorizationService.manager(type, id));
|
||||
}
|
||||
|
||||
public boolean isMember(List<String> roles, String type, String id) {
|
||||
if(roles == null) {
|
||||
return false;
|
||||
}
|
||||
// log.debug(authorizationService.member(type, id));
|
||||
// log.debug("Member in "+type+" - "+id+": "+roles.contains(authorizationService.member(type, id)));
|
||||
return roles.contains(authorizationService.member(type, id));
|
||||
public boolean isMember(String type, String id) {
|
||||
return this.authorizationService.getRoles().contains(authorizationService.member(type, id));
|
||||
}
|
||||
|
||||
public boolean isLoggedIn(List<String> roles) {
|
||||
if(roles == null || roles.contains(authorizationService.ANONYMOUS_USER)) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
public boolean isLoggedIn() {
|
||||
return this.authorizationService.getAaiId() != null;
|
||||
}
|
||||
|
||||
public boolean hasUpdateAuthority(List<String> roles, String type, String id) {
|
||||
return isPortalAdmin(roles) || isCurator(roles, type) || isManager(roles, type, id);
|
||||
public boolean hasUpdateAuthority(String type, String id) {
|
||||
return isPortalAdmin() || isCurator(type) || isManager(type, id);
|
||||
}
|
||||
|
||||
public boolean hasCreateAndDeleteAuthority(List<String> roles, String type) {
|
||||
return isPortalAdmin(roles) || isCurator(roles, type);
|
||||
public boolean hasCreateAndDeleteAuthority(String type) {
|
||||
return isPortalAdmin() || isCurator(type);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -241,8 +241,6 @@ public class PageService {
|
|||
}
|
||||
|
||||
public Boolean deletePages(List<String> pages) throws Exception {
|
||||
List<String> roles = rolesUtils.getRoles();
|
||||
|
||||
for (String id: pages) {
|
||||
Page page = pageDAO.findById(id);
|
||||
|
||||
|
@ -250,8 +248,8 @@ public class PageService {
|
|||
throw new NullPointerException("Delete page: no page with id: "+id);
|
||||
}
|
||||
|
||||
if(!rolesUtils.isPortalAdmin(roles) || (
|
||||
page.getPortalPid() != null && !rolesUtils.hasUpdateAuthority(roles, page.getPortalType(), page.getPortalPid()))) {
|
||||
if(!rolesUtils.isPortalAdmin() || (
|
||||
page.getPortalPid() != null && !rolesUtils.hasUpdateAuthority(page.getPortalType(), page.getPortalPid()))) {
|
||||
// EXCEPTION - Access denied
|
||||
throw new ForbiddenException("Delete page: You are not authorized to delete a page for "+page.getPortalType()+
|
||||
(page.getPortalPid()!=null ? " : "+page.getPortalPid() : ""));
|
||||
|
|
Loading…
Reference in New Issue