Commit 882ead99 authored by Valentin Suhnjov's avatar Valentin Suhnjov

RIHAKB-130. Remove Role_* classes

parent c32ede69
package ee.eesti.riha.rest.dao;
import java.util.List;
import org.springframework.cache.annotation.Cacheable;
import ee.eesti.riha.rest.model.readonly.Role_right;
public interface Role_rightRepository {
@Cacheable(cacheNames = "role_rights", key = "#name")
List<Role_right> getByName(String name);
@Cacheable(cacheNames = "role_rights", key = "#role_right_id")
Role_right getById(Integer role_right_id);
}
package ee.eesti.riha.rest.dao;
import java.util.List;
import org.hibernate.Session;
import org.hibernate.SessionFactory;
import org.hibernate.criterion.Restrictions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import ee.eesti.riha.rest.model.readonly.Role_right;
//TODO use getCurrentSession, add @Transactional, should use better cache implementation
//to work with transactions, EhCahce maybe?
@Component
public class Role_rightRepositoryImpl implements Role_rightRepository {
@Autowired
SessionFactory sessionFactory;
private static final Logger LOG = LoggerFactory.getLogger(Role_rightRepositoryImpl.class);
@Override
public List<Role_right> getByName(String name) {
LOG.info("Role_rightRepository.getByName called");
return getByNameHelper(name);
}
@Override
public Role_right getById(Integer role_right_id) {
LOG.info("Role_rightRepository.getById called");
return getByIdHelper(role_right_id);
}
private List<Role_right> getByNameHelper(String name) {
Session session = sessionFactory.openSession();
try {
List<Role_right> roles = session.createCriteria(Role_right.class).add(Restrictions.eq("role_name", name)).list();
if (roles == null) {
LOG.info("No such role found, using AUTHENTICATED instead.");
roles = session.createCriteria(Role_right.class).add(Restrictions.eq("role_name", "AUTHENTICATED")).list();
}
return roles;
} finally {
session.flush();
session.close();
}
}
private Role_right getByIdHelper(Integer id) {
Session session = sessionFactory.openSession();
try {
Role_right role = (Role_right) session.get(Role_right.class, id);
return role;
} finally {
session.flush();
session.close();
}
}
}
package ee.eesti.riha.rest.logic;
import java.util.ArrayList;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import ee.eesti.riha.rest.auth.AuthInfo;
import ee.eesti.riha.rest.dao.KindRepository;
import ee.eesti.riha.rest.dao.Role_rightRepository;
import ee.eesti.riha.rest.error.ErrorCodes;
import ee.eesti.riha.rest.error.RihaRestError;
import ee.eesti.riha.rest.error.RihaRestException;
import ee.eesti.riha.rest.logic.util.JsonHelper;
import ee.eesti.riha.rest.model.readonly.Role_right;
@Component
public class Role_rightCalculator {
// permission for all elements
public static final int ALL = 2;
// permission for elements with same owner
public static final int SAME_OWNER = 1;
public static final int NONE = 0;
@Autowired
KindRepository kindRepository;
@Autowired
Role_rightRepository roleRepository;
private static final Logger LOG = LoggerFactory.getLogger(Role_rightCalculator.class);
public Role_right calculate(AuthInfo authInfo, Integer kindId, Integer accessRestriction) {
List<Role_right> defaultRights = roleRepository.getByName("DEFAULT");
List<Role_right> authenticatedRights = roleRepository.getByName("AUTHENTICATED");
List<Role_right> roleRights = roleRepository.getByName(authInfo.getRole_code());
LOG.info("ACCESS RESTRICTION " + accessRestriction);
LOG.info("" + defaultRights);
LOG.info("" + authenticatedRights);
LOG.info("" + roleRights);
defaultRights = filterRoles(defaultRights, kindId, accessRestriction);
authenticatedRights = filterRoles(authenticatedRights, kindId, accessRestriction);
roleRights = filterRoles(roleRights, kindId, accessRestriction);
LOG.info("" + defaultRights);
LOG.info("" + authenticatedRights);
LOG.info("" + roleRights);
Role_right roleRight = calculateRoleRight(kindId, defaultRights, authenticatedRights, roleRights);
LOG.info(JsonHelper.GSON.toJson(roleRight));
return roleRight;
}
private Role_right calculateRoleRight(Integer kindId, List<Role_right> defaultRights,
List<Role_right> authenticatedRights, List<Role_right> roleRights) {
if (defaultRights.size() > 1 || authenticatedRights.size() > 1 || roleRights.size() > 1) {
throw new IllegalArgumentException("Filter role_rights should have no more than 1 element");
}
return calculateRoleRight(kindId, getFirst(defaultRights), getFirst(authenticatedRights), getFirst(roleRights));
}
private static final Role_right NOTHING = new Role_right(Integer.MIN_VALUE, Integer.MIN_VALUE, "NOTHING",
Integer.MIN_VALUE, NONE, NONE, NONE, NONE);
private Role_right calculateRoleRight(Integer kindId, Role_right defaultRight, Role_right authenticatedRight,
Role_right roleRight) {
Role_right calculatedRight = null;
// final int CALCULATED_ID = 999999;
LOG.info("KIND_ID " + kindId);
LOG.info("DEFAULT " + defaultRight);
if (defaultRight == null) {
defaultRight = NOTHING;
}
if (authenticatedRight == null) {
authenticatedRight = NOTHING;
}
if (roleRight != null) {
calculatedRight = new Role_right(roleRight.getRole_right_id(), kindId, roleRight.getRole_name(),
max(defaultRight.getAccess_restriction(), authenticatedRight.getAccess_restriction(),
roleRight.getAccess_restriction()),
max(defaultRight.getRead(), authenticatedRight.getRead(), roleRight.getRead()),
max(defaultRight.getCreate(), authenticatedRight.getCreate(), roleRight.getCreate()),
max(defaultRight.getUpdate(), authenticatedRight.getUpdate(), roleRight.getUpdate()),
max(defaultRight.getDelete(), authenticatedRight.getDelete(), roleRight.getDelete()));
} else if (authenticatedRight != null) {
calculatedRight = new Role_right(authenticatedRight.getRole_right_id(), kindId,
authenticatedRight.getRole_name(),
Math.max(defaultRight.getAccess_restriction(), authenticatedRight.getAccess_restriction()),
Math.max(defaultRight.getRead(), authenticatedRight.getRead()),
Math.max(defaultRight.getCreate(), authenticatedRight.getCreate()),
Math.max(defaultRight.getUpdate(), authenticatedRight.getUpdate()),
Math.max(defaultRight.getDelete(), authenticatedRight.getDelete()));
} else {
calculatedRight = defaultRight;
}
return calculatedRight;
}
private List<Role_right> filterRoles(List<Role_right> roles, Integer kindId, Integer accessRestriction) {
List<Role_right> roleRights = new ArrayList<>();
for (Role_right role : roles) {
if (role.getKind_id().equals(kindId)
&& toInt(role.getAccess_restriction()) >= toInt(accessRestriction)) {
roleRights.add(role);
}
}
return roleRights;
}
// public <T> void canRead(T item, Role_right roleRight) throws RihaRestException {
//
// if (item == null || item.getClass() == Comment.class) {
// // special case
// return;
// }
// boolean canRead = false;
// if (item instanceof BaseModel) {
// BaseModel bm = (BaseModel) item;
// if (toInt(bm.getAccess_restriction()) <= toInt(roleRight.getAccess_restriction())) {
// canRead = true;
// }
// }
//
// if (!canRead) {
// throw new RihaRestException(readDenied(roleRight.getRole_name(), null));
// }
// }
public void canRead(Role_right roleRight, AuthInfo authInfo, String owner) throws RihaRestException {
boolean canRead = false;
if (roleRight.getRead() == ALL) {
canRead = true;
}
if (roleRight.getRead() == SAME_OWNER && authInfo.getOrg_code().equals(owner)) {
canRead = true;
}
if (!canRead) {
throw new RihaRestException(readDenied(roleRight.getRole_name(), owner));
}
}
public void canCreate(Role_right roleRight, AuthInfo authInfo, String owner) throws RihaRestException {
boolean canCreate = false;
if (roleRight.getCreate() == ALL) {
canCreate = true;
}
if (roleRight.getCreate() == SAME_OWNER && authInfo.getOrg_code().equals(owner)) {
canCreate = true;
}
if (!canCreate) {
throw new RihaRestException(createDenied(roleRight.getRole_name(), owner));
}
}
public void canUpdate(Role_right roleRight, AuthInfo authInfo, String owner) throws RihaRestException {
boolean canUpdate = false;
if (roleRight.getUpdate() == ALL) {
canUpdate = true;
}
if (roleRight.getUpdate() == SAME_OWNER && authInfo.getOrg_code().equals(owner)) {
canUpdate = true;
}
if (!canUpdate) {
throw new RihaRestException(updateDenied(roleRight.getRole_name(), owner));
}
}
public void canDelete(Role_right roleRight, AuthInfo authInfo, String owner) throws RihaRestException {
boolean canDelete = false;
if (roleRight.getDelete() == ALL) {
canDelete = true;
}
if (roleRight.getDelete() == SAME_OWNER && authInfo.getOrg_code().equals(owner)) {
canDelete = true;
}
if (!canDelete) {
throw new RihaRestException(deleteDenied(roleRight.getRole_name(), owner));
}
}
private static int max(int a, int b, int c) {
return Math.max(a, Math.max(b, c));
}
private static int toInt(Integer num) {
if (num == null) {
return 0;
}
return num.intValue();
}
private static <T> T getFirst(List<T> elements) {
if (elements != null && elements.size() > 0) {
return elements.get(0);
}
return null;
}
private static RihaRestError readDenied(String role, String owner) {
return accessDenied(ErrorCodes.NOT_AUTHORIZED_FOR_READ,
ErrorCodes.NOT_AUTHORIZED_FOR_READ_MSG, role, owner);
}
private static RihaRestError createDenied(String role, String owner) {
return accessDenied(ErrorCodes.NOT_AUTHORIZED_FOR_CREATE,
ErrorCodes.NOT_AUTHORIZED_FOR_CREATE_MSG, role, owner);
}
private static RihaRestError updateDenied(String role, String owner) {
return accessDenied(ErrorCodes.NOT_AUTHORIZED_FOR_UPDATE,
ErrorCodes.NOT_AUTHORIZED_FOR_UPDATE_MSG, role, owner);
}
private static RihaRestError deleteDenied(String role, String owner) {
return accessDenied(ErrorCodes.NOT_AUTHORIZED_FOR_DELETE,
ErrorCodes.NOT_AUTHORIZED_FOR_DELETE_MSG, role, owner);
}
private static RihaRestError accessDenied(int errcode, String errmsg, String role, String owner) {
RihaRestError error = new RihaRestError();
error.setErrcode(errcode);
error.setErrmsg(errmsg + role);
error.setErrtrace("Asutus: " + owner);
return error;
}
}
package ee.eesti.riha.rest.dao;
import static org.junit.Assert.*;
import java.util.List;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cache.Cache;
import org.springframework.cache.CacheManager;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import ee.eesti.riha.rest.model.readonly.Kind;
import ee.eesti.riha.rest.model.readonly.Role_right;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration("classpath*: **/test-applicationContext.xml")
public class TestRole_rightRepository {
@Autowired
GenericDAO<Kind> noLogicDAO;
@Autowired
CacheManager cacheManager;
@Autowired
Role_rightRepository roleRepository;
Cache roleRightsCache;
private static final String AUTHENTICATED = "AUTHENTICATED";
@Before
public void beforeTest() {
roleRightsCache = cacheManager.getCache("role_rights");
// for some reason cache is not empty before test
roleRightsCache.clear();
// roleRepository.getByName(AUTHENTICATED);
}
@After
public void afterTest() {
roleRightsCache.clear();
}
@Test
public void testCacheGetByWrongName() throws Exception {
String name = "wrongNameHere123";
// assertNull(roleRightsCache.get(name, Role_right.class));
assertNull(roleRightsCache.get(name, List.class));
assertEquals("{}", roleRightsCache.getNativeCache().toString());
List<Role_right> roleRights = roleRepository.getByName(name);
assertNotNull(roleRights);
assertTrue(roleRights.isEmpty());
// expect cache to contain spring.cache.support.NullValue
System.out.println(roleRightsCache.getNativeCache());
assertNotEquals("{}", roleRightsCache.getNativeCache().toString());
assertTrue(roleRightsCache.getNativeCache().toString().contains("[]"));
}
@Test
public void testCacheGetByName() throws Exception {
String name = AUTHENTICATED;
// assertNull(roleRightsCache.get(name, Role_right.class));
assertNull(roleRightsCache.get(name, List.class));
List<Role_right> roles = roleRepository.getByName(name);
List<Role_right> roleFromCache = roleRightsCache.get(name, List.class);
assertNotNull(roles);
assertNotNull(roleFromCache);
assertEquals(roles.get(0).getRole_right_id(), roleFromCache.get(0).getRole_right_id());
assertEquals(roles.get(0).getKind_id(), roleFromCache.get(0).getKind_id());
}
}
package ee.eesti.riha.rest.logic;
import static org.junit.Assert.*;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Matchers;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import ee.eesti.riha.rest.auth.AuthInfo;
import ee.eesti.riha.rest.dao.KindRepository;
import ee.eesti.riha.rest.error.RihaRestException;
import ee.eesti.riha.rest.model.readonly.Role_right;
import static ee.eesti.riha.rest.logic.Role_rightCalculator.*;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration("classpath*: **/test-applicationContext.xml")
public class TestRole_rightCalculator {
@Autowired
Role_rightCalculator roleCalculator;
@Autowired
KindRepository kindRepository;
int infosystemId;
AuthInfo authInfo = new AuthInfo("Test_kood", "test_asutus", "ROLL_RIHA_ADMINISTRAATOR", "testToken123");
@Before
public void beforeTest() {
infosystemId = kindRepository.getByName("infosystem").getKind_id();
}
@Test
public void testDoCalculateRights_accessRestrictionTooHigh_thenNoRights() {
int accessRestriction = 11;
Role_right calculated = roleCalculator.calculate(authInfo, infosystemId, accessRestriction);
assertNotNull(calculated);
System.out.println(calculated);
// no rights because accessRestriction too high
assertEquals(NONE, (int) calculated.getCreate());
assertEquals(NONE, (int) calculated.getRead());
assertEquals(NONE, (int) calculated.getUpdate());
assertEquals(NONE, (int) calculated.getDelete());
}
@Test
public void testDoCalculateRights_default() {
int accessRestriction = 0;
Role_right calculated = roleCalculator.calculate(AuthInfo.DEFAULT, infosystemId, accessRestriction);
assertNotNull(calculated);
System.out.println(calculated);
// no rights because accessRestriction too high
assertEquals(NONE, (int) calculated.getCreate());
assertEquals(ALL, (int) calculated.getRead());
assertEquals(NONE, (int) calculated.getUpdate());
assertEquals(NONE, (int) calculated.getDelete());
}
@Test
public void testDoCalculateRights_authenticated() {
AuthInfo testAuthInfo = new AuthInfo("TEST", "TEST", "AUTHENTICATED", "testToken123");
int accessRestriction = 0;
Role_right calculated = roleCalculator.calculate(testAuthInfo, infosystemId, accessRestriction);
assertNotNull(calculated);
System.out.println(calculated);
// no rights because accessRestriction too high
assertEquals(NONE, (int) calculated.getCreate());
assertEquals(ALL, (int) calculated.getRead());
assertEquals(NONE, (int) calculated.getUpdate());
assertEquals(NONE, (int) calculated.getDelete());
}
@Test
public void testDoCalculateRights_rihaAdmin() {
int accessRestriction = 0;
Role_right calculated = roleCalculator.calculate(authInfo, infosystemId, accessRestriction);
assertNotNull(calculated);
System.out.println(calculated);
// no rights because accessRestriction too high
assertEquals(ALL, (int) calculated.getCreate());
assertEquals(ALL, (int) calculated.getRead());
assertEquals(ALL, (int) calculated.getUpdate());
assertEquals(ALL, (int) calculated.getDelete());
}
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment