hostsharing/hs.hsadmin.ng
1
0
Fork 0
Code Activity

separated MockSecurityContext into SecurityContextMock+SecurityContextMock

Browse Source
This commit is contained in:
Michael Hoennig
2019-05-10 17:21:50 +02:00
parent 72e79e2134
commit a2b90b0a36
22 changed files with 236 additions and 179 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/main/java/org/hostsharing/hsadminng/service/accessfilter/JSonAccessFilter.java
View File

@ -4,7 +4,7 @@ package org.hostsharing.hsadminng.service.accessfilter;
import static com.google.common.base.Verify.verify;
import static com.google.common.collect.Sets.union;
import static java.util.Collections.EMPTY_SET;
import static org.thymeleaf.util.SetUtils.singletonSet;
import static java.util.Collections.emptySet;
import org.hostsharing.hsadminng.security.SecurityUtils;
import org.hostsharing.hsadminng.service.IdToDtoResolver;
@ -71,7 +71,7 @@ abstract class JSonAccessFilter<T> {
final Field parentIdField = determineFieldWithAnnotation(dto.getClass(), ParentId.class);
if (parentIdField == null) {
return singletonSet(Role.ANYBODY);
return emptySet();
}
final ParentId parentIdAnnot = parentIdField.getAnnotation(ParentId.class);
@ -88,12 +88,12 @@ abstract class JSonAccessFilter<T> {
private Set<Role> getLoginUserDirectRolesFor(final Class<?> dtoClass, final Long id) {
if (!SecurityUtils.isAuthenticated()) {
return singletonSet(Role.ANYBODY);
return emptySet();
}
final EntityTypeId entityTypeId = dtoClass.getAnnotation(EntityTypeId.class);
if (entityTypeId == null) {
return singletonSet(Role.ANYBODY); // TODO mhoennig: all of such singletonSets -> emptySet
return emptySet();
}
return userRoleAssignmentService.getEffectiveRoleOfCurrentUser(entityTypeId.value(), id);

6
src/main/java/org/hostsharing/hsadminng/service/accessfilter/JSonDeserializationWithAccessFilter.java
View File

@ -160,13 +160,13 @@ public class JSonDeserializationWithAccessFilter<T> extends JSonAccessFilter<T>
if (!field.equals(parentIdField)) {
throw new BadRequestAlertException(
"Initialization of field " + toDisplay(field)
+ " prohibited for current user roles "
+ " prohibited for current user role(s): "
+ Joiner.on("+").join(roles),
toDisplay(field),
"initializationProhibited");
} else {
throw new BadRequestAlertException(
"Referencing field " + toDisplay(field) + " prohibited for current user roles "
"Referencing field " + toDisplay(field) + " prohibited for current user role(s): "
+ Joiner.on("+").join(roles),
toDisplay(field),
"referencingProhibited");
@ -174,7 +174,7 @@ public class JSonDeserializationWithAccessFilter<T> extends JSonAccessFilter<T>
}
} else if (!Role.toBeIgnoredForUpdates(field) && !isAllowedToUpdate(getLoginUserRoles(), field)) {
throw new BadRequestAlertException(
"Update of field " + toDisplay(field) + " prohibited for current user roles "
"Update of field " + toDisplay(field) + " prohibited for current user role(s): "
+ Joiner.on("+").join(roles),
toDisplay(field),
"updateProhibited");

2
src/main/java/org/hostsharing/hsadminng/service/accessfilter/JSonSerializationWithAccessFilter.java
View File

@ -86,7 +86,7 @@ public class JSonSerializationWithAccessFilter<T> extends JSonAccessFilter<T> {
return true;
}
}
return false;
return Role.ANYBODY.isAllowedToRead(field);
}
}

2
src/main/java/org/hostsharing/hsadminng/service/accessfilter/Role.java
View File

@ -139,7 +139,7 @@ public enum Role {
* @return true if this role is independent of a target object, false otherwise.
*/
public boolean isIndependent() {
return this != NOBODY && covers(Role.SUPPORTER);
return this != NOBODY && (this == ANYBODY || covers(Role.SUPPORTER));
}
/**