From fab2885e4e53e112494da04e83667612b0b3e58b Mon Sep 17 00:00:00 2001
From: mlinha <mlinha@students.zcu.cz>
Date: Mon, 4 May 2020 17:38:37 +0200
Subject: [PATCH 1/2] re #7978 added functionality of only showing assemblies
with correct role (same as user), added functionality of showing only logged
in users's configurations in "Rychle k"
---
.../vldc/aswi/configuration/AppConfig.java | 1 +
.../vldc/aswi/dao/AssemblyRepository.java | 9 +++-
.../aswi/dao/ConfigurationRepository.java | 9 +++-
.../vldc/aswi/service/AssemblyManager.java | 6 +++
.../aswi/service/AssemblyManagerImpl.java | 9 ++++
.../service/ConfigurationManagerImpl.java | 34 ++++++++++----
.../java/vldc/aswi/service/RoleManager.java | 7 +++
.../vldc/aswi/service/RoleManagerImpl.java | 10 ++++
.../java/vldc/aswi/utils/AuthControl.java | 46 +++++++++++++++++++
.../web/controller/AssemblyController.java | 27 +++++++++--
.../controller/ConfigurationController.java | 17 +++++++
.../aswi/web/controller/IndexController.java | 18 +++++++-
12 files changed, 176 insertions(+), 17 deletions(-)
create mode 100644 src/main/java/vldc/aswi/utils/AuthControl.java
diff --git a/src/main/java/vldc/aswi/configuration/AppConfig.java b/src/main/java/vldc/aswi/configuration/AppConfig.java
index 6afbdc40..fcf074d0 100644
--- a/src/main/java/vldc/aswi/configuration/AppConfig.java
+++ b/src/main/java/vldc/aswi/configuration/AppConfig.java
@@ -81,6 +81,7 @@ public class AppConfig extends WebSecurityConfigurerAdapter implements WebMvcCon
@Override
protected void configure(HttpSecurity http) throws Exception {
+ // TODO: 04.05.2020 Error pages
http
.authorizeRequests()
.mvcMatchers("/login").permitAll()
diff --git a/src/main/java/vldc/aswi/dao/AssemblyRepository.java b/src/main/java/vldc/aswi/dao/AssemblyRepository.java
index c89f624d..bbce2f59 100644
--- a/src/main/java/vldc/aswi/dao/AssemblyRepository.java
+++ b/src/main/java/vldc/aswi/dao/AssemblyRepository.java
@@ -3,6 +3,7 @@ package vldc.aswi.dao;
import org.springframework.data.repository.CrudRepository;
import org.springframework.stereotype.Repository;
import vldc.aswi.domain.Assembly;
+import vldc.aswi.domain.Role;
import java.util.List;
@@ -27,8 +28,14 @@ public interface AssemblyRepository extends CrudRepository<Assembly, Long> {
Assembly findFirst1ByOrderByAssemblyOrder();
/**
- * Find assemblies order by order
+ * Find assemblies, order by order
* @return ordered assemblies
*/
List<Assembly> getByOrderByAssemblyOrderAsc();
+
+ /**
+ * Find assemblies with role, order by order
+ * @return ordered assemblies
+ */
+ List<Assembly> getByRolesContainingOrderByAssemblyOrderAsc(Role role);
}
diff --git a/src/main/java/vldc/aswi/dao/ConfigurationRepository.java b/src/main/java/vldc/aswi/dao/ConfigurationRepository.java
index 5560e0c9..f3350125 100644
--- a/src/main/java/vldc/aswi/dao/ConfigurationRepository.java
+++ b/src/main/java/vldc/aswi/dao/ConfigurationRepository.java
@@ -2,8 +2,8 @@ package vldc.aswi.dao;
import org.springframework.data.repository.CrudRepository;
import org.springframework.stereotype.Repository;
-import vldc.aswi.domain.Assembly;
import vldc.aswi.domain.Configuration;
+import vldc.aswi.domain.User;
import java.util.List;
@@ -26,4 +26,11 @@ public interface ConfigurationRepository extends CrudRepository<Configuration, L
* @return List of configurations.
*/
List<Configuration> getByAssemblyId(Long assemblyId);
+
+ /**
+ * Get list of configurations by user.
+ * @param user - user.
+ * @return List of configurations.
+ */
+ List<Configuration> getByUserEquals(User user);
}
diff --git a/src/main/java/vldc/aswi/service/AssemblyManager.java b/src/main/java/vldc/aswi/service/AssemblyManager.java
index 67528712..9f7b7685 100644
--- a/src/main/java/vldc/aswi/service/AssemblyManager.java
+++ b/src/main/java/vldc/aswi/service/AssemblyManager.java
@@ -56,4 +56,10 @@ public interface AssemblyManager {
* @return True if delete was successful, otherwise false.
*/
boolean deleteAssembly(Long id);
+
+ /**
+ * Get all Assemblies from database with role, ordered.
+ * @return List of assemblies.
+ */
+ List<Assembly> getAssembliesWithRoleOrdered(Role role);
}
diff --git a/src/main/java/vldc/aswi/service/AssemblyManagerImpl.java b/src/main/java/vldc/aswi/service/AssemblyManagerImpl.java
index 47be775f..0d751ff2 100644
--- a/src/main/java/vldc/aswi/service/AssemblyManagerImpl.java
+++ b/src/main/java/vldc/aswi/service/AssemblyManagerImpl.java
@@ -77,6 +77,15 @@ public class AssemblyManagerImpl implements AssemblyManager {
return this.assemblyRepository.getByOrderByAssemblyOrderAsc();
}
+ /**
+ * Get all Assemblies from database with role, ordered.
+ * @return List of assemblies.
+ */
+ @Override
+ public List<Assembly> getAssembliesWithRoleOrdered(Role role) {
+ return this.assemblyRepository.getByRolesContainingOrderByAssemblyOrderAsc(role);
+ }
+
/**
* Get assembly by id.
* @param id - ID of assembly.
diff --git a/src/main/java/vldc/aswi/service/ConfigurationManagerImpl.java b/src/main/java/vldc/aswi/service/ConfigurationManagerImpl.java
index 6f71d2aa..a59be6a8 100644
--- a/src/main/java/vldc/aswi/service/ConfigurationManagerImpl.java
+++ b/src/main/java/vldc/aswi/service/ConfigurationManagerImpl.java
@@ -5,20 +5,20 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.event.ContextRefreshedEvent;
import org.springframework.context.event.EventListener;
import org.springframework.core.annotation.Order;
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;
import vldc.aswi.dao.*;
import vldc.aswi.dao.parameter.ParameterInConfigurationRepository;
-import vldc.aswi.dao.parameter.ParameterTypeRepository;
-import vldc.aswi.domain.Assembly;
-import vldc.aswi.domain.Configuration;
-import vldc.aswi.domain.Function;
+import vldc.aswi.domain.*;
import vldc.aswi.domain.parameter.ParameterInConfiguration;
import vldc.aswi.service.parameter.ParameterInConfigurationManager;
import vldc.aswi.service.parameter.ParameterTypeManager;
+import vldc.aswi.utils.AuthControl;
import javax.transaction.Transactional;
import java.util.ArrayList;
-import java.util.LinkedList;
import java.util.List;
@Service
@@ -83,9 +83,18 @@ public class ConfigurationManagerImpl implements ConfigurationManager {
*/
@Override
public List<Configuration> getConfigurations() {
- List<Configuration> retVal = new LinkedList<>();
- this.configurationRepository.findAll().forEach(retVal::add);
- return retVal;
+ Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+ String username;
+ if (!(authentication instanceof AnonymousAuthenticationToken)) {
+ username = authentication.getName();
+ }
+ else {
+ // TODO: 04.05.2020 error message, user not authenticated
+ return null;
+ }
+ User user = userRepository.findByUsername(username);
+
+ return configurationRepository.getByUserEquals(user);
}
/**
@@ -106,7 +115,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager {
*/
@Override
public Configuration saveConfiguration(Configuration newConfiguration, String id) {
- if(id.equals("")) {
+ if (id.equals("")) {
return addConfiguration(newConfiguration);
}
else {
@@ -158,12 +167,17 @@ public class ConfigurationManagerImpl implements ConfigurationManager {
* @return saved configuration
*/
private Configuration addConfiguration(Configuration newConfiguration) {
+ Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+ String username = AuthControl.getUserName();
+ if (username == null) {
+ // TODO: 04.05.2020 error message, user not authenticated
+ }
Configuration configuration = new Configuration();
Assembly assembly = assemblyRepository.getById(newConfiguration.getAssembly().getId());
configuration.setAssembly(assembly);
configuration.setName(newConfiguration.getName());
configuration.setTableName(newConfiguration.getTableName());
- configuration.setUser(userRepository.getById((long) 1));
+ configuration.setUser(userRepository.findByUsername(username));
Configuration savedConfiguration = configurationRepository.save(configuration);
savedConfiguration.setParametersInConfiguration(new ArrayList<>());
diff --git a/src/main/java/vldc/aswi/service/RoleManager.java b/src/main/java/vldc/aswi/service/RoleManager.java
index b739e67e..18de5b98 100644
--- a/src/main/java/vldc/aswi/service/RoleManager.java
+++ b/src/main/java/vldc/aswi/service/RoleManager.java
@@ -20,4 +20,11 @@ public interface RoleManager {
* @param name Name of role.
*/
void addRole(String name);
+
+ /**
+ * Get role from database by name.
+ * @param name name of the role
+ * @return List of roles.
+ */
+ public Role getRole(String name);
}
diff --git a/src/main/java/vldc/aswi/service/RoleManagerImpl.java b/src/main/java/vldc/aswi/service/RoleManagerImpl.java
index 14a08243..53d07b67 100644
--- a/src/main/java/vldc/aswi/service/RoleManagerImpl.java
+++ b/src/main/java/vldc/aswi/service/RoleManagerImpl.java
@@ -62,4 +62,14 @@ public class RoleManagerImpl implements RoleManager {
this.roleRepository.findAll().forEach(retVal::add);
return retVal;
}
+
+ /**
+ * Get role from database by name.
+ * @param name name of the role
+ * @return List of roles.
+ */
+ @Override
+ public Role getRole(String name) {
+ return roleRepository.getByName(name);
+ }
}
diff --git a/src/main/java/vldc/aswi/utils/AuthControl.java b/src/main/java/vldc/aswi/utils/AuthControl.java
new file mode 100644
index 00000000..3994cc40
--- /dev/null
+++ b/src/main/java/vldc/aswi/utils/AuthControl.java
@@ -0,0 +1,46 @@
+package vldc.aswi.utils;
+
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+
+import java.util.Set;
+import java.util.stream.Collectors;
+
+/**
+ * Classed used for getting names and roles of logged in users
+ */
+public class AuthControl {
+
+ /**
+ * Gets the name of current user
+ * @return name of current user
+ */
+ public static String getRoleName() {
+ Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+ Set<String> roles;
+ if (!(authentication instanceof AnonymousAuthenticationToken)) {
+ roles = authentication.getAuthorities().stream()
+ .map(GrantedAuthority::getAuthority).collect(Collectors.toSet());
+ return roles.iterator().next().replace("ROLE_", "");
+ } else {
+ // TODO: 04.05.2020 error message, user not authenticated
+ return null;
+ }
+ }
+
+ /**
+ * Gets the role name of the current user
+ * @return role name of the current user
+ */
+ public static String getUserName() {
+ Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+ if (!(authentication instanceof AnonymousAuthenticationToken)) {
+ return authentication.getName();
+ } else {
+ // TODO: 04.05.2020 error message, user not authenticated
+ return null;
+ }
+ }
+}
diff --git a/src/main/java/vldc/aswi/web/controller/AssemblyController.java b/src/main/java/vldc/aswi/web/controller/AssemblyController.java
index b7ebc7bb..5c347e4d 100644
--- a/src/main/java/vldc/aswi/web/controller/AssemblyController.java
+++ b/src/main/java/vldc/aswi/web/controller/AssemblyController.java
@@ -1,6 +1,10 @@
package vldc.aswi.web.controller;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.validation.BindingResult;
@@ -12,21 +16,21 @@ import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.support.RedirectAttributes;
-import vldc.aswi.domain.Assembly;
-import vldc.aswi.domain.Configuration;
-import vldc.aswi.domain.Location;
-import vldc.aswi.domain.Operator;
+import vldc.aswi.domain.*;
import vldc.aswi.domain.parameter.Parameter;
import vldc.aswi.domain.parameter.ParameterInConfiguration;
import vldc.aswi.service.*;
import vldc.aswi.service.parameter.ParameterManager;
import vldc.aswi.service.parameter.ParameterTypeManager;
+import vldc.aswi.utils.AuthControl;
import vldc.aswi.validators.AssemblyValidator;
import vldc.aswi.utils.Utils;
import javax.validation.Valid;
import java.util.ArrayList;
import java.util.Comparator;
+import java.util.Set;
+import java.util.stream.Collectors;
/**
* Controller for assemblies and configurations
@@ -104,6 +108,21 @@ public class AssemblyController extends BasicController {
Assembly assembly = this.assemblyManager.getAssemblyById(Long.parseLong(id));
+ // TODO: 04.05.2020 error page when id doesn't exist
+
+ String roleName = AuthControl.getRoleName();
+
+ if (roleName == null) {
+ // TODO: 04.05.2020 error message, user not authenticated
+ }
+
+ Role role = roleManager.getRole(roleName);
+
+ if (!assembly.getRoles().contains(role)) {
+ // TODO: 04.05.2020 Error page, wrong role
+ return new ModelAndView("redirect:/");
+ }
+
Configuration configuration = new Configuration();
configuration.setAssembly(assembly);
diff --git a/src/main/java/vldc/aswi/web/controller/ConfigurationController.java b/src/main/java/vldc/aswi/web/controller/ConfigurationController.java
index df252936..64264ecf 100644
--- a/src/main/java/vldc/aswi/web/controller/ConfigurationController.java
+++ b/src/main/java/vldc/aswi/web/controller/ConfigurationController.java
@@ -1,6 +1,9 @@
package vldc.aswi.web.controller;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.validation.BindingResult;
@@ -14,6 +17,7 @@ import vldc.aswi.domain.Location;
import vldc.aswi.domain.Operator;
import vldc.aswi.domain.parameter.ParameterInConfiguration;
import vldc.aswi.service.ConfigurationManager;
+import vldc.aswi.utils.AuthControl;
import vldc.aswi.utils.Utils;
import javax.validation.Valid;
@@ -44,6 +48,18 @@ public class ConfigurationController extends BasicController{
Configuration configuration = configurationManager.getConfigurationById(Long.parseLong(id));
+ // TODO: 04.05.2020 error page when id doesn't exist
+
+ String userName = AuthControl.getUserName();
+
+ if (userName == null) {
+ // TODO: 04.05.2020 error message, user not authenticated
+ }
+ else if (!userName.equals(configuration.getUser().getUsername())) {
+ // TODO: 04.05.2020 error page wrong user
+ return new ModelAndView("redirect:/");
+ }
+
List<ParameterInConfiguration> parametersInConfiguration = new ArrayList<>(configuration.getParametersInConfiguration());
configuration.setParametersInConfiguration(parametersInConfiguration);
@@ -69,6 +85,7 @@ public class ConfigurationController extends BasicController{
ModelAndView modelAndView = new ModelAndView();
if (bindingResult.hasErrors()) {
+ // TODO: 04.05.2020 Error message
modelAndView.setViewName("redirect:/");
return modelAndView;
diff --git a/src/main/java/vldc/aswi/web/controller/IndexController.java b/src/main/java/vldc/aswi/web/controller/IndexController.java
index 5a744493..dbfc60e7 100644
--- a/src/main/java/vldc/aswi/web/controller/IndexController.java
+++ b/src/main/java/vldc/aswi/web/controller/IndexController.java
@@ -6,10 +6,13 @@ import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.servlet.ModelAndView;
import vldc.aswi.domain.Assembly;
+import vldc.aswi.domain.Role;
import vldc.aswi.domain.parameter.Parameter;
import vldc.aswi.service.AssemblyManager;
import vldc.aswi.service.ConfigurationManager;
+import vldc.aswi.service.RoleManager;
import vldc.aswi.service.SqlQueryManager;
+import vldc.aswi.utils.AuthControl;
import javax.validation.Valid;
import java.util.ArrayList;
@@ -44,6 +47,12 @@ public class IndexController extends BasicController {
@Autowired
private ConfigurationManager configurationManager;
+ /**
+ * Autowired role manager
+ */
+ @Autowired
+ private RoleManager roleManager;
+
/**
* Shows index page
* @return modelAndView with index page
@@ -54,8 +63,15 @@ public class IndexController extends BasicController {
ModelMap modelMap = modelAndView.getModelMap();
- List<Assembly> assemblies = assemblyManager.getAssembliesOrdered();
+ String roleName = AuthControl.getRoleName();
+
+ if (roleName == null) {
+ // TODO: 04.05.2020 error message, user not authenticated
+ }
+
+ Role role = roleManager.getRole(roleName);
+ List<Assembly> assemblies = assemblyManager.getAssembliesWithRoleOrdered(role);
modelMap.addAttribute("assemblies", assemblies);
modelMap.addAttribute("attributes", createAttributesString(assemblies));
--
GitLab
From 38350f557ae3f7a74c810bd694e5932bda9a40ae Mon Sep 17 00:00:00 2001
From: mlinha <mlinha@students.zcu.cz>
Date: Mon, 4 May 2020 17:46:37 +0200
Subject: [PATCH 2/2] re #7978 minor code improvements
---
.../aswi/service/ConfigurationManagerImpl.java | 14 +++-----------
1 file changed, 3 insertions(+), 11 deletions(-)
diff --git a/src/main/java/vldc/aswi/service/ConfigurationManagerImpl.java b/src/main/java/vldc/aswi/service/ConfigurationManagerImpl.java
index a59be6a8..7c62fdec 100644
--- a/src/main/java/vldc/aswi/service/ConfigurationManagerImpl.java
+++ b/src/main/java/vldc/aswi/service/ConfigurationManagerImpl.java
@@ -5,9 +5,6 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.event.ContextRefreshedEvent;
import org.springframework.context.event.EventListener;
import org.springframework.core.annotation.Order;
-import org.springframework.security.authentication.AnonymousAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;
import vldc.aswi.dao.*;
import vldc.aswi.dao.parameter.ParameterInConfigurationRepository;
@@ -83,15 +80,11 @@ public class ConfigurationManagerImpl implements ConfigurationManager {
*/
@Override
public List<Configuration> getConfigurations() {
- Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
- String username;
- if (!(authentication instanceof AnonymousAuthenticationToken)) {
- username = authentication.getName();
- }
- else {
+ String username = AuthControl.getUserName();
+ if (username == null) {
// TODO: 04.05.2020 error message, user not authenticated
- return null;
}
+
User user = userRepository.findByUsername(username);
return configurationRepository.getByUserEquals(user);
@@ -167,7 +160,6 @@ public class ConfigurationManagerImpl implements ConfigurationManager {
* @return saved configuration
*/
private Configuration addConfiguration(Configuration newConfiguration) {
- Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
String username = AuthControl.getUserName();
if (username == null) {
// TODO: 04.05.2020 error message, user not authenticated
--
GitLab