[FEAT] update role management
This commit is contained in:
parent
7b5e034ac2
commit
6d05b3444c
@ -187,7 +187,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
|
||||
final MySecurityContext userContext,
|
||||
final List<String> roles) throws SystemException {
|
||||
for (final String role : roles) {
|
||||
if (userContext.isUserInRole(this.applicationName, role)) {
|
||||
if (userContext.isUserInRole(this.applicationName + "/" + role)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@ -245,7 +245,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
|
||||
user.type = UserByToken.TYPE_USER;
|
||||
final Object rowRight = ret.getClaim("right");
|
||||
if (rowRight != null) {
|
||||
LOGGER.info("Detect right in Authentication Filer: {}", rowRight);
|
||||
LOGGER.info("Detect right in Authentication Filter: {}", rowRight);
|
||||
user.right = (Map<String, Map<String, Object>>) ret.getClaim("right");
|
||||
/*
|
||||
if (rights.containsKey(this.applicationName)) {
|
||||
|
||||
@ -26,17 +26,7 @@ public class MySecurityContext implements SecurityContext {
|
||||
return this.contextPrincipale;
|
||||
}
|
||||
|
||||
public boolean isUserInRole(final String group, final String role) {
|
||||
if (this.contextPrincipale.userByToken != null) {
|
||||
final Object value = this.contextPrincipale.userByToken.getRight(group, role);
|
||||
if (value instanceof final Boolean ret) {
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public Object getUserInRole(final String group, final String role) {
|
||||
public Object getRightOfRoleInGroup(final String group, final String role) {
|
||||
if (this.contextPrincipale.userByToken != null) {
|
||||
return this.contextPrincipale.userByToken.getRight(group, role);
|
||||
}
|
||||
@ -57,10 +47,95 @@ public class MySecurityContext implements SecurityContext {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Not sure the Long type is definitive.
|
||||
public Long getUserID() {
|
||||
if (this.contextPrincipale.userByToken != null) {
|
||||
return this.contextPrincipale.userByToken.id;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public boolean checkRightInGroup(
|
||||
final String group,
|
||||
final String role,
|
||||
final boolean needRead,
|
||||
final boolean needWrite) {
|
||||
if ("USER".equals(role)) {
|
||||
if (groupExist(group)) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
// get associated Roles:
|
||||
final Object rightPart = getRightOfRoleInGroup(group, role);
|
||||
LOGGER.info("detect : {}", rightPart);
|
||||
long dataRight = 0;
|
||||
if (rightPart instanceof final Long rightPartCasted) {
|
||||
dataRight = rightPartCasted;
|
||||
} else if (rightPart instanceof final Integer rightPartCasted) {
|
||||
dataRight = rightPartCasted;
|
||||
}
|
||||
if (dataRight == PartRight.READ_WRITE.getValue()) {
|
||||
return true;
|
||||
}
|
||||
if (!needRead && needWrite && dataRight == PartRight.WRITE.getValue()) {
|
||||
return true;
|
||||
}
|
||||
if (needRead && !needWrite && dataRight == PartRight.READ.getValue()) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isUserInRole(final String role) {
|
||||
// TODO Auto-generated method stub
|
||||
return isUserInRole("???", role);
|
||||
String roleEdit = role;
|
||||
boolean needRead = false;
|
||||
boolean needWrite = false;
|
||||
// Check if the API overwrite the right needed for this API.
|
||||
if (roleEdit.contains(":")) {
|
||||
if (roleEdit.endsWith(":w")) {
|
||||
try {
|
||||
roleEdit = roleEdit.substring(0, roleEdit.length() - 2);
|
||||
} catch (final IndexOutOfBoundsException ex) {
|
||||
LOGGER.error("Fail to extract role of '{}'", role);
|
||||
ex.printStackTrace();
|
||||
return false;
|
||||
}
|
||||
needWrite = true;
|
||||
} else if (roleEdit.endsWith(":r")) {
|
||||
try {
|
||||
roleEdit = roleEdit.substring(0, roleEdit.length() - 2);
|
||||
} catch (final IndexOutOfBoundsException ex) {
|
||||
LOGGER.error("Fail to extract role of '{}'", role);
|
||||
ex.printStackTrace();
|
||||
return false;
|
||||
}
|
||||
needRead = true;
|
||||
} else if (roleEdit.endsWith(":rw")) {
|
||||
try {
|
||||
roleEdit = roleEdit.substring(0, roleEdit.length() - 3);
|
||||
} catch (final IndexOutOfBoundsException ex) {
|
||||
LOGGER.error("Fail to extract role of '{}'", role);
|
||||
ex.printStackTrace();
|
||||
return false;
|
||||
}
|
||||
needRead = true;
|
||||
needWrite = true;
|
||||
} else {
|
||||
LOGGER.error("Request check right of an unknow right mode: {} (after ':')", roleEdit);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
if (roleEdit.contains("/")) {
|
||||
final String[] elements = roleEdit.split("/");
|
||||
return checkRightInGroup(elements[0], elements[1], needRead, needWrite);
|
||||
}
|
||||
// Special case, if the token is valid, it is an USER ...
|
||||
if ("USER".equals(roleEdit)) {
|
||||
return true;
|
||||
}
|
||||
return checkRightInGroup("?system?", roleEdit, needRead, needWrite);
|
||||
}
|
||||
|
||||
public Object getRole(final String role) {
|
||||
|
||||
30
src/org/kar/archidata/filter/PartRight.java
Normal file
30
src/org/kar/archidata/filter/PartRight.java
Normal file
@ -0,0 +1,30 @@
|
||||
package org.kar.archidata.filter;
|
||||
|
||||
import com.fasterxml.jackson.annotation.JsonValue;
|
||||
|
||||
public enum PartRight {
|
||||
NONE(0), //
|
||||
READ(1), //
|
||||
WRITE(2), //
|
||||
READ_WRITE(3);
|
||||
|
||||
private final int value;
|
||||
|
||||
PartRight(final int value) {
|
||||
this.value = value;
|
||||
}
|
||||
|
||||
@JsonValue
|
||||
public int getValue() {
|
||||
return this.value;
|
||||
}
|
||||
|
||||
public static PartRight fromValue(final int value) {
|
||||
for (final PartRight element : values()) {
|
||||
if (element.getValue() == value) {
|
||||
return element;
|
||||
}
|
||||
}
|
||||
throw new IllegalArgumentException("PartRight: Unknown value: " + value);
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user