Check service admin roles for access

0c3c1f0d · michael.simon · 5c57038a · 0c3c1f0d · 0c3c1f0d · 0c3c1f0d
Commit 0c3c1f0d authored Mar 02, 2015 by michael.simon
--- a/bwreg-jpa/src/main/java/edu/kit/scc/webreg/dao/RoleDao.java
+++ b/bwreg-jpa/src/main/java/edu/kit/scc/webreg/dao/RoleDao.java
@@ -31,5 +31,9 @@ public interface RoleDao extends BaseDao<RoleEntity, Long> {
 	List<RoleEntity> findByUserId(Long userId);

 	void deleteUserRole(Long userId, String roleName);
+
+	Boolean checkUserInRole(Long userId, String roleName);
+
+	Boolean checkAdminUserInRole(Long userId, String roleName);
 	
 }
--- a/bwreg-jpa/src/main/java/edu/kit/scc/webreg/dao/jpa/JpaRoleDao.java
+++ b/bwreg-jpa/src/main/java/edu/kit/scc/webreg/dao/jpa/JpaRoleDao.java
@@ -61,6 +61,24 @@ public class JpaRoleDao extends JpaBaseDao<RoleEntity, Long> implements RoleDao
 				.setParameter("userId", userId).getResultList();
 	}

+    @SuppressWarnings("unchecked")
+	@Override
+	public Boolean checkUserInRole(Long userId, String roleName) {
+		List<RoleEntity> roleList =  em.createQuery("select r.role from UserRoleEntity r where r.user.id = :userId and r.role.name = :roleName")
+				.setParameter("userId", userId).setParameter("roleName", roleName).getResultList();
+		return (roleList.size() > 0 ? Boolean.TRUE : Boolean.FALSE);
+	}
+
+    @SuppressWarnings("unchecked")
+	@Override
+	public Boolean checkAdminUserInRole(Long userId, String roleName) {
+		List<RoleEntity> roleList =  em.createQuery("select u.roles from AdminUserEntity u where u.id = :userId")
+				.setParameter("userId", userId).getResultList();
+		List<RoleEntity> roleList2 =  em.createQuery("select r from RoleEntity r where r.name = :roleName and r in :roleList")
+				.setParameter("roleList", roleList).setParameter("roleName", roleName).getResultList();
+		return (roleList2.size() > 0 ? Boolean.TRUE : Boolean.FALSE);
+	}
+
 	@Override
 	public RoleEntity findWithUsers(Long id) {
 		CriteriaBuilder builder = em.getCriteriaBuilder();

--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/RoleService.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/RoleService.java
@@ -28,5 +28,9 @@ public interface RoleService extends BaseService<RoleEntity, Long> {
 	List<RoleEntity> findByUserId(Long userId);

 	void removeUserFromRole(UserEntity user, String roleName);
+
+	Boolean checkUserInRole(Long userId, String roleName);
+
+	Boolean checkAdminUserInRole(Long userId, String roleName);
 	
 }
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/impl/RoleServiceImpl.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/impl/RoleServiceImpl.java
@@ -53,6 +53,16 @@ public class RoleServiceImpl extends BaseServiceImpl<RoleEntity, Long> implement
 	public List<RoleEntity> findByUserId(Long userId) {
 		return dao.findByUserId(userId);
 	}
+
+	@Override
+	public Boolean checkUserInRole(Long userId, String roleName) {
+		return dao.checkUserInRole(userId, roleName);
+	}
+	
+	@Override
+	public Boolean checkAdminUserInRole(Long userId, String roleName) {
+		return dao.checkAdminUserInRole(userId, roleName);
+	}
 	
 	@Override
 	public RoleEntity findWithUsers(Long id) {

--- a/bwreg-webapp/src/main/java/edu/kit/scc/webreg/rest/ServiceAdminController.java
+++ b/bwreg-webapp/src/main/java/edu/kit/scc/webreg/rest/ServiceAdminController.java
@@ -23,10 +23,15 @@ import javax.ws.rs.core.Context;

 import edu.kit.scc.webreg.dto.entity.RegistryEntityDto;
 import edu.kit.scc.webreg.dto.service.RegistryDtoService;
+import edu.kit.scc.webreg.entity.RoleEntity;
 import edu.kit.scc.webreg.entity.ServiceEntity;
+import edu.kit.scc.webreg.entity.UserEntity;
 import edu.kit.scc.webreg.rest.exc.NoItemFoundException;
+import edu.kit.scc.webreg.rest.exc.UnauthorizedException;
 import edu.kit.scc.webreg.sec.SecurityFilter;
+import edu.kit.scc.webreg.service.AdminUserService;
 import edu.kit.scc.webreg.service.RegistryService;
+import edu.kit.scc.webreg.service.RoleService;
 import edu.kit.scc.webreg.service.ServiceService;
 import edu.kit.scc.webreg.service.UserService;

@@ -41,7 +46,13 @@ public class ServiceAdminController {
 	
 	@Inject
 	private UserService userService;
-	
+
+	@Inject
+	private AdminUserService adminUserService;
+
+	@Inject
+	private RoleService roleService;
+
 	@Inject
 	private ServiceService serviceService;
 	
@@ -49,15 +60,27 @@ public class ServiceAdminController {
 	@Produces({"application/json"})
 	@GET
 	public List<RegistryEntityDto> list(@PathParam("ssn") String ssn, @Context HttpServletRequest request)
-					throws IOException, NoItemFoundException {
+					throws IOException, UnauthorizedException {
 		
 		ServiceEntity serviceEntity = serviceService.findByShortName(ssn);
-		System.out.println("" + request.getAttribute(SecurityFilter.ADMIN_USER_ID));
-		System.out.println("" + request.getAttribute(SecurityFilter.USER_ID));
+
+		if (request.getAttribute(SecurityFilter.USER_ID) != null &&
+				request.getAttribute(SecurityFilter.USER_ID) instanceof Long) {
+			Long userId = (Long) request.getAttribute(SecurityFilter.USER_ID);
+			Boolean check = roleService.checkUserInRole(userId, serviceEntity.getAdminRole().getName());
+			if (! check)
+				throw new UnauthorizedException("No access");
+		}
+		else if (request.getAttribute(SecurityFilter.ADMIN_USER_ID) != null &&
+				request.getAttribute(SecurityFilter.ADMIN_USER_ID) instanceof Long) {
+			Long adminUserId = (Long) request.getAttribute(SecurityFilter.ADMIN_USER_ID);
+			Boolean check = roleService.checkAdminUserInRole(adminUserId, serviceEntity.getAdminRole().getName());
+			if (! check)
+				throw new UnauthorizedException("No access");
+		}
+		
 		List<RegistryEntityDto> deproList = registryDtoService.findRegistriesForDepro(serviceEntity.getShortName());

 		return deproList;
 	}
-
-
 }
--- a/bwreg-webapp/src/main/java/edu/kit/scc/webreg/rest/exc/UnauthorizedException.java
+++ b/bwreg-webapp/src/main/java/edu/kit/scc/webreg/rest/exc/UnauthorizedException.java
+/*******************************************************************************
+ * Copyright (c) 2014 Michael Simon.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the GNU Public License v3.0
+ * which accompanies this distribution, and is available at
+ * http://www.gnu.org/licenses/gpl.html
+ * 
+ * Contributors:
+ *     Michael Simon - initial
+ ******************************************************************************/
+package edu.kit.scc.webreg.rest.exc;
+
+public class UnauthorizedException extends RestInterfaceException {
+
+	private static final long serialVersionUID = 1L;
+
+	public UnauthorizedException(String message) {
+		super(message);
+	}
+
+}
--- a/bwreg-webapp/src/main/java/edu/kit/scc/webreg/rest/exc/UnauthorizedExceptionMapper.java
+++ b/bwreg-webapp/src/main/java/edu/kit/scc/webreg/rest/exc/UnauthorizedExceptionMapper.java
+/*******************************************************************************
+ * Copyright (c) 2014 Michael Simon.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the GNU Public License v3.0
+ * which accompanies this distribution, and is available at
+ * http://www.gnu.org/licenses/gpl.html
+ * 
+ * Contributors:
+ *     Michael Simon - initial
+ ******************************************************************************/
+package edu.kit.scc.webreg.rest.exc;
+
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.ext.ExceptionMapper;
+import javax.ws.rs.ext.Provider;
+
+@Provider
+public class UnauthorizedExceptionMapper implements ExceptionMapper<UnauthorizedException> {
+
+	@Override
+	public Response toResponse(UnauthorizedException ex) {
+		return Response.status(401).entity(ex.getMessage())
+				.type(MediaType.TEXT_PLAIN).build();
+	}
+
+}