Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add zone admin to be able to invoke all /Users and /Groups end points
We converted them to use expressions Remove classes and configurations no longer needed https://www.pivotaltracker.com/story/show/98490322 [#98490322]
- Loading branch information
Showing
11 changed files
with
226 additions
and
255 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
59 changes: 59 additions & 0 deletions
59
scim/src/main/java/org/cloudfoundry/identity/uaa/scim/security/GroupRoleCheck.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,59 @@ | |||
/* | |||
* ***************************************************************************** | |||
* Cloud Foundry | |||
* Copyright (c) [2009-2015] Pivotal Software, Inc. All Rights Reserved. | |||
* This product is licensed to you under the Apache License, Version 2.0 (the "License"). | |||
* You may not use this product except in compliance with the License. | |||
* | |||
* This product includes a number of subcomponents with | |||
* separate copyright notices and license terms. Your use of these | |||
* subcomponents is subject to the terms and conditions of the | |||
* subcomponent's license, as noted in the LICENSE file. | |||
* ***************************************************************************** | |||
*/ | |||
|
|||
package org.cloudfoundry.identity.uaa.scim.security; | |||
|
|||
|
|||
import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; | |||
import org.cloudfoundry.identity.uaa.scim.ScimGroupMember; | |||
import org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager; | |||
import org.cloudfoundry.identity.uaa.util.UaaUrlUtils; | |||
import org.springframework.security.core.Authentication; | |||
import org.springframework.security.core.context.SecurityContextHolder; | |||
|
|||
import javax.servlet.http.HttpServletRequest; | |||
|
|||
public class GroupRoleCheck { | |||
|
|||
private final ScimGroupMembershipManager manager; | |||
|
|||
public GroupRoleCheck(ScimGroupMembershipManager manager) { | |||
this.manager = manager; | |||
} | |||
|
|||
public boolean isGroupWriter(HttpServletRequest request, int pathVariableIndex) { | |||
return isGroupRole(request, pathVariableIndex, ScimGroupMember.Role.WRITER); | |||
} | |||
|
|||
public boolean isGroupReader(HttpServletRequest request, int pathVariableIndex) { | |||
return isGroupRole(request, pathVariableIndex, ScimGroupMember.Role.READER); | |||
} | |||
|
|||
public boolean isGroupMember(HttpServletRequest request, int pathVariableIndex) { | |||
return isGroupRole(request, pathVariableIndex, ScimGroupMember.Role.MEMBER); | |||
} | |||
|
|||
public boolean isGroupRole(HttpServletRequest request, int pathVariableIndex, ScimGroupMember.Role role) { | |||
Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); | |||
if ( authentication!=null && authentication.getPrincipal() instanceof UaaPrincipal) { | |||
String userId = ((UaaPrincipal) authentication.getPrincipal()).getId(); | |||
String groupId = UaaUrlUtils.extractPathVariableFromUrl(pathVariableIndex, request.getPathInfo()); | |||
if (manager.getMembers(groupId, role).contains(new ScimGroupMember(userId))) { | |||
return true; | |||
} | |||
} | |||
return false; | |||
} | |||
|
|||
} |
80 changes: 0 additions & 80 deletions
80
scim/src/main/java/org/cloudfoundry/identity/uaa/scim/security/GroupVoter.java
This file was deleted.
Oops, something went wrong.
66 changes: 0 additions & 66 deletions
66
scim/src/main/java/org/cloudfoundry/identity/uaa/scim/security/UserVoter.java
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.