syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ilgro...@apache.org
Subject svn commit: r1324610 - in /incubator/syncope/trunk: client/src/main/java/org/syncope/types/AuditElements.java core/src/main/java/org/syncope/core/rest/controller/RoleController.java core/src/test/java/org/syncope/core/rest/RoleTestITCase.java
Date Wed, 11 Apr 2012 07:46:36 GMT
Author: ilgrosso
Date: Wed Apr 11 07:46:35 2012
New Revision: 1324610

URL: http://svn.apache.org/viewvc?rev=1324610&view=rev
Log:
[SYNCOPE-55] Reworked provided patch

Modified:
    incubator/syncope/trunk/client/src/main/java/org/syncope/types/AuditElements.java
    incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/RoleController.java
    incubator/syncope/trunk/core/src/test/java/org/syncope/core/rest/RoleTestITCase.java

Modified: incubator/syncope/trunk/client/src/main/java/org/syncope/types/AuditElements.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/client/src/main/java/org/syncope/types/AuditElements.java?rev=1324610&r1=1324609&r2=1324610&view=diff
==============================================================================
--- incubator/syncope/trunk/client/src/main/java/org/syncope/types/AuditElements.java (original)
+++ incubator/syncope/trunk/client/src/main/java/org/syncope/types/AuditElements.java Wed
Apr 11 07:46:35 2012
@@ -161,6 +161,7 @@ public final class AuditElements {
         list,
         create,
         read,
+        selfRead,
         update,
         delete,
         parent,
@@ -230,7 +231,8 @@ public final class AuditElements {
         read,
         update,
         delete,
-        isCreateAllowed,}
+        isCreateAllowed,
+    }
 
     public enum WorkflowSubCategory {
 

Modified: incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/RoleController.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/RoleController.java?rev=1324610&r1=1324609&r2=1324610&view=diff
==============================================================================
--- incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/RoleController.java
(original)
+++ incubator/syncope/trunk/core/src/main/java/org/syncope/core/rest/controller/RoleController.java
Wed Apr 11 07:46:35 2012
@@ -25,7 +25,9 @@ import javassist.NotFoundException;
 import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
+import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -35,7 +37,9 @@ import org.syncope.client.to.RoleTO;
 import org.syncope.client.validation.SyncopeClientCompositeErrorException;
 import org.syncope.core.audit.AuditManager;
 import org.syncope.core.persistence.beans.role.SyncopeRole;
+import org.syncope.core.persistence.beans.user.SyncopeUser;
 import org.syncope.core.persistence.dao.RoleDAO;
+import org.syncope.core.persistence.dao.UserDAO;
 import org.syncope.core.rest.data.RoleDataBinder;
 import org.syncope.core.util.EntitlementUtil;
 import org.syncope.types.AuditElements.Category;
@@ -53,6 +57,9 @@ public class RoleController extends Abst
     private RoleDAO roleDAO;
 
     @Autowired
+    private UserDAO userDAO;
+
+    @Autowired
     private RoleDataBinder roleDataBinder;
 
     @PreAuthorize("hasRole('ROLE_CREATE')")
@@ -82,7 +89,7 @@ public class RoleController extends Abst
 
         SyncopeRole role = roleDAO.find(roleId);
         if (role == null) {
-            throw new NotFoundException("Role " + String.valueOf(roleId));
+            throw new NotFoundException("Role " + roleId);
         }
 
         Set<Long> allowedRoleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
@@ -97,6 +104,7 @@ public class RoleController extends Abst
     }
 
     @RequestMapping(method = RequestMethod.GET, value = "/list")
+    @Transactional(readOnly = true)
     public List<RoleTO> list() {
         List<SyncopeRole> roles = roleDAO.findAll();
         List<RoleTO> roleTOs = new ArrayList<RoleTO>();
@@ -112,6 +120,7 @@ public class RoleController extends Abst
 
     @PreAuthorize("hasRole('ROLE_READ')")
     @RequestMapping(method = RequestMethod.GET, value = "/parent/{roleId}")
+    @Transactional(readOnly = true)
     public RoleTO parent(@PathVariable("roleId") final Long roleId)
             throws NotFoundException, UnauthorizedRoleException {
 
@@ -139,6 +148,7 @@ public class RoleController extends Abst
 
     @PreAuthorize("hasRole('ROLE_READ')")
     @RequestMapping(method = RequestMethod.GET, value = "/children/{roleId}")
+    @Transactional(readOnly = true)
     public List<RoleTO> children(@PathVariable("roleId") final Long roleId) {
         Set<Long> allowedRoleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
 
@@ -158,12 +168,13 @@ public class RoleController extends Abst
 
     @PreAuthorize("hasRole('ROLE_READ')")
     @RequestMapping(method = RequestMethod.GET, value = "/read/{roleId}")
+    @Transactional(readOnly = true)
     public RoleTO read(@PathVariable("roleId") final Long roleId)
             throws NotFoundException, UnauthorizedRoleException {
 
         SyncopeRole role = roleDAO.find(roleId);
         if (role == null) {
-            throw new NotFoundException(String.valueOf(roleId));
+            throw new NotFoundException("Role " + roleId);
         }
 
         Set<Long> allowedRoleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
@@ -177,6 +188,34 @@ public class RoleController extends Abst
         return roleDataBinder.getRoleTO(role);
     }
 
+    @PreAuthorize("isAuthenticated()")
+    @RequestMapping(method = RequestMethod.GET, value = "/selfRead/{roleId}")
+    @Transactional(readOnly = true)
+    public RoleTO selfRead(@PathVariable("roleId") final Long roleId)
+            throws NotFoundException, UnauthorizedRoleException {
+
+        SyncopeRole role = roleDAO.find(roleId);
+        if (role == null) {
+            throw new NotFoundException("Role " + roleId);
+        }
+        SyncopeUser authUser = userDAO.find(SecurityContextHolder.getContext().getAuthentication().getName());
+        if (authUser == null) {
+            throw new NotFoundException("Authenticated user "
+                    + SecurityContextHolder.getContext().getAuthentication().getName());
+        }
+
+        Set<Long> allowedRoleIds = EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
+        allowedRoleIds.addAll(authUser.getRoleIds());
+        if (!allowedRoleIds.contains(role.getId())) {
+            throw new UnauthorizedRoleException(role.getId());
+        }
+
+        auditManager.audit(Category.role, RoleSubCategory.selfRead, Result.success,
+                "Successfully read own role: " + role.getId());
+
+        return roleDataBinder.getRoleTO(role);
+    }
+
     @PreAuthorize("hasRole('ROLE_UPDATE')")
     @RequestMapping(method = RequestMethod.POST, value = "/update")
     public RoleTO update(@RequestBody final RoleMod roleMod) throws NotFoundException, UnauthorizedRoleException
{

Modified: incubator/syncope/trunk/core/src/test/java/org/syncope/core/rest/RoleTestITCase.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/core/src/test/java/org/syncope/core/rest/RoleTestITCase.java?rev=1324610&r1=1324609&r2=1324610&view=diff
==============================================================================
--- incubator/syncope/trunk/core/src/test/java/org/syncope/core/rest/RoleTestITCase.java (original)
+++ incubator/syncope/trunk/core/src/test/java/org/syncope/core/rest/RoleTestITCase.java Wed
Apr 11 07:46:35 2012
@@ -22,14 +22,19 @@ import static org.junit.Assert.*;
 
 import java.util.Arrays;
 import java.util.List;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.impl.client.DefaultHttpClient;
 import org.junit.Test;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.client.HttpStatusCodeException;
+import org.syncope.client.http.PreemptiveAuthHttpRequestFactory;
 import org.syncope.client.mod.AttributeMod;
 import org.syncope.client.mod.RoleMod;
 import org.syncope.client.to.AttributeTO;
 import org.syncope.client.to.RoleTO;
+import org.syncope.client.to.UserTO;
 import org.syncope.client.validation.SyncopeClientCompositeErrorException;
+import org.syncope.client.validation.SyncopeClientException;
 import org.syncope.types.SyncopeClientExceptionType;
 
 public class RoleTestITCase extends AbstractTest {
@@ -149,6 +154,37 @@ public class RoleTestITCase extends Abst
     }
 
     @Test
+    public void selfRead() {
+        UserTO userTO = restTemplate.getForObject(BASE_URL + "user/read/{userId}", UserTO.class,
1);
+        assertNotNull(userTO);
+
+        assertTrue(userTO.getMembershipMap().containsKey(1L));
+        assertFalse(userTO.getMembershipMap().containsKey(3L));
+
+        PreemptiveAuthHttpRequestFactory requestFactory = ((PreemptiveAuthHttpRequestFactory)
restTemplate.
+                getRequestFactory());
+        ((DefaultHttpClient) requestFactory.getHttpClient()).getCredentialsProvider().setCredentials(
+                requestFactory.getAuthScope(), new UsernamePasswordCredentials("user1", "password"));
+
+        SyncopeClientException exception = null;
+        try {
+            restTemplate.getForObject(BASE_URL + "role/selfRead/{roleId}", RoleTO.class,
3);
+            fail();
+        } catch (SyncopeClientCompositeErrorException e) {
+            exception = e.getException(SyncopeClientExceptionType.UnauthorizedRole);
+        }
+        assertNotNull(exception);
+
+        RoleTO roleTO = restTemplate.getForObject(BASE_URL + "role/selfRead/{roleId}", RoleTO.class,
1);
+        assertNotNull(roleTO);
+        assertNotNull(roleTO.getAttributes());
+        assertFalse(roleTO.getAttributes().isEmpty());
+
+        // restore admin authentication
+        super.setupRestTemplate();
+    }
+
+    @Test
     public void update() {
         RoleTO roleTO = new RoleTO();
         roleTO.setName("latestRole");



Mime
View raw message