User Substitution enhancement jmix-projects/jmix-security#111

CurrentUserSubstitution interface introduced. It is responsible for getting substituted user information. The CurrentAuthentication interface now contains method for getting authenticated user only;
UserSubstitutionManagerImpl implementation moved to core module;
UserSubstitutionProvider interface introduced with 2 implementations: in-memory (jmix-core) and database (jmix-securitydata);
UI component for selecting substituted user changed from combo-box to suggestion field (in substitution editor);
Non-persistent UserSubstitution object;

reports-rest/src/main/java/io/jmix/reportsrest/controller/ReportRestControllerManager.java

@@ -24,7 +24,7 @@
 import com.haulmont.yarg.util.converter.ObjectToStringConverter;
 import io.jmix.core.*;
 import io.jmix.core.metamodel.model.MetaClass;
-import io.jmix.core.security.CurrentAuthentication;
+import io.jmix.core.usersubstitution.CurrentUserSubstitution;
 import io.jmix.reports.ParameterClassResolver;
 import io.jmix.reports.ReportSecurityManager;
 import io.jmix.reports.entity.*;
@@ -69,7 +69,7 @@ public class ReportRestControllerManager {
     @Autowired
     protected FetchPlanRepository fetchPlanRepository;
     @Autowired
-    protected CurrentAuthentication currentAuthentication;
+    protected CurrentUserSubstitution currentUserSubstitution;
 
     public String loadGroup(String entityId) {
         checkCanReadEntity(metadata.getClass(ReportGroup.class));
@@ -112,7 +112,7 @@ public String loadReportsList() {
         reportSecurityManager.applySecurityPolicies(
                 loadContext,
                 null,
-                currentAuthentication.getCurrentOrSubstitutedUser());
+                currentUserSubstitution.getEffectiveUser());
         List<Report> reports = dataManager.loadList(loadContext);
 
         List<ReportInfo> objects = reports.stream()
@@ -191,7 +191,7 @@ protected Report loadReportInternal(String entityId) {
                 .setQueryString("select r from report_Report r where r.id = :id and r.restAccess = true")
                 .setParameter("id", getReportIdFromString(entityId));
 
-        reportSecurityManager.applySecurityPolicies(loadContext, null, currentAuthentication.getCurrentOrSubstitutedUser());
+        reportSecurityManager.applySecurityPolicies(loadContext, null, currentUserSubstitution.getEffectiveUser());
 
         Report report = dataManager.load(loadContext);
 

reports-ui/src/main/java/io/jmix/reportsui/action/AbstractPrintFormAction.java

@@ -19,7 +19,7 @@
 import io.jmix.core.*;
 import io.jmix.core.common.util.ParamsMap;
 import io.jmix.core.metamodel.model.MetaClass;
-import io.jmix.core.security.CurrentAuthentication;
+import io.jmix.core.usersubstitution.CurrentUserSubstitution;
 import io.jmix.reports.PrototypesLoader;
 import io.jmix.reports.ReportSecurityManager;
 import io.jmix.reports.app.ParameterPrototype;
@@ -68,7 +68,7 @@ public abstract class AbstractPrintFormAction extends AbstractAction {
     protected FetchPlanRepository fetchPlanRepository;
 
     @Autowired
-    protected CurrentAuthentication currentAuthentication;
+    protected CurrentUserSubstitution currentUserSubstitution;
 
     @Autowired
     protected UiReportRunner uiReportRunner;
@@ -97,7 +97,7 @@ protected void openRunReportScreen(Screen screen, Object selectedValue, MetaClas
                                        @Nullable String outputFileName) {
         List<Report> reports = reportSecurityManager.getAvailableReports(
                 screen.getId(),
-                currentAuthentication.getCurrentOrSubstitutedUser(),
+                currentUserSubstitution.getEffectiveUser(),
                 inputValueMetaClass);
 
         ScreenContext screenContext = UiControllerUtils.getScreenContext(screen);

reports-ui/src/main/java/io/jmix/reportsui/screen/report/history/ReportExecutionDialog.java

@@ -19,7 +19,7 @@
 import io.jmix.core.LoadContext;
 import io.jmix.core.MetadataTools;
 import io.jmix.core.metamodel.model.MetaClass;
-import io.jmix.core.security.CurrentAuthentication;
+import io.jmix.core.usersubstitution.CurrentUserSubstitution;
 import io.jmix.reports.ReportSecurityManager;
 import io.jmix.reports.entity.Report;
 import io.jmix.reports.entity.ReportGroup;
@@ -63,7 +63,7 @@ public class ReportExecutionDialog extends StandardLookup<Report> {
     @Autowired
     protected DateField<Date> filterUpdatedDate;
     @Autowired
-    protected CurrentAuthentication currentAuthentication;
+    protected CurrentUserSubstitution currentUserSubstitution;
 
     @Autowired
     protected MetadataTools metadataTools;
@@ -76,7 +76,7 @@ public class ReportExecutionDialog extends StandardLookup<Report> {
     @Install(to = "reportsDl", target = Target.DATA_LOADER)
     protected List<Report> reportsDlLoadDelegate(LoadContext<Report> loadContext) {
         return reportSecurityManager.getAvailableReports(screenParameter,
-                currentAuthentication.getCurrentOrSubstitutedUser(),
+                currentUserSubstitution.getEffectiveUser(),
                 metaClassParameter);
     }
 
@@ -96,7 +96,7 @@ protected void onApplyFilterBtnClick(Button.ClickEvent event) {
 
     protected void filterReports() {
         List<Report> reports = reportSecurityManager.getAvailableReports(screenParameter,
-                currentAuthentication.getCurrentOrSubstitutedUser(),
+                currentUserSubstitution.getEffectiveUser(),
                 metaClassParameter)
                 .stream()
                 .filter(this::filterReport)

reports-ui/src/main/java/io/jmix/reportsui/screen/report/run/ReportRun.java

@@ -21,7 +21,7 @@
 import io.jmix.core.Messages;
 import io.jmix.core.MetadataTools;
 import io.jmix.core.metamodel.model.MetaClass;
-import io.jmix.core.security.CurrentAuthentication;
+import io.jmix.core.usersubstitution.CurrentUserSubstitution;
 import io.jmix.reports.ReportSecurityManager;
 import io.jmix.reports.entity.Report;
 import io.jmix.reports.entity.ReportGroup;
@@ -59,7 +59,7 @@ public class ReportRun extends StandardLookup<Report> {
     protected CollectionContainer<Report> reportsDc;
 
     @Autowired
-    protected CurrentAuthentication currentAuthentication;
+    protected CurrentUserSubstitution currentUserSubstitution;
 
     @Autowired
     protected TextField<String> nameFilter;
@@ -121,7 +121,7 @@ public void onInit(InitEvent event) {
     protected void onBeforeShow(BeforeShowEvent event) {
         List<Report> reports = this.reports;
         if (reports == null) {
-            reports = reportSecurityManager.getAvailableReports(screenParameter, currentAuthentication.getCurrentOrSubstitutedUser(),
+            reports = reportSecurityManager.getAvailableReports(screenParameter, currentUserSubstitution.getEffectiveUser(),
                     metaClassParameter);
         }
 
@@ -173,7 +173,7 @@ protected void filterReports() {
         Date dateFilterValue = updatedDateFilter.getValue();
 
         List<Report> reports =
-                reportSecurityManager.getAvailableReports(screenParameter, currentAuthentication.getCurrentOrSubstitutedUser(),
+                reportSecurityManager.getAvailableReports(screenParameter, currentUserSubstitution.getEffectiveUser(),
                         metaClassParameter)
                         .stream()
                         .filter(report -> {

reports-ui/src/main/java/io/jmix/reportsui/screen/report/run/ShowChartScreen.java

@@ -19,7 +19,7 @@
 import com.haulmont.yarg.reporting.ReportOutputDocument;
 import io.jmix.core.Messages;
 import io.jmix.core.common.util.ParamsMap;
-import io.jmix.core.security.CurrentAuthentication;
+import io.jmix.core.usersubstitution.CurrentUserSubstitution;
 import io.jmix.reports.ReportSecurityManager;
 import io.jmix.reports.entity.Report;
 import io.jmix.reports.entity.ReportOutputType;
@@ -97,7 +97,7 @@ public class ShowChartScreen extends Screen {
     private EntityComboBox<ReportTemplate> reportTemplateComboBox;
 
     @Autowired
-    private CurrentAuthentication currentAuthentication;
+    private CurrentUserSubstitution currentUserSubstitution;
 
     @Autowired
     private CollectionContainer<Report> reportsDc;
@@ -155,7 +155,7 @@ public void onReportsDlPostLoad(CollectionLoader.PostLoadEvent<Report> event) {
         List<Report> entities = event.getLoadedEntities();
         List<Report> availableReports = reportSecurityManager.getAvailableReports(
                 null,
-                currentAuthentication.getCurrentOrSubstitutedUser(),
+                currentUserSubstitution.getEffectiveUser(),
                 null);
         entities.retainAll(availableReports);
         reportsDc.setItems(entities);

reports-ui/src/main/java/io/jmix/reportsui/screen/report/run/ShowPivotTableScreen.java

@@ -21,7 +21,7 @@
 import io.jmix.core.common.util.ParamsMap;
 import io.jmix.core.entity.KeyValueEntity;
 import io.jmix.core.impl.StandardSerialization;
-import io.jmix.core.security.CurrentAuthentication;
+import io.jmix.core.usersubstitution.CurrentUserSubstitution;
 import io.jmix.reports.ReportSecurityManager;
 import io.jmix.reports.entity.PivotTableData;
 import io.jmix.reports.entity.Report;
@@ -86,7 +86,7 @@ public class ShowPivotTableScreen extends Screen {
     protected ScreenValidation screenValidation;
 
     @Autowired
-    protected CurrentAuthentication currentAuthentication;
+    protected CurrentUserSubstitution currentUserSubstitution;
 
     @Autowired
     private CollectionContainer<Report> reportsDc;
@@ -131,7 +131,7 @@ public void onReportsDlPostLoad(CollectionLoader.PostLoadEvent<Report> event) {
         List<Report> entities = event.getLoadedEntities();
         List<Report> availableReports = reportSecurityManager.getAvailableReports(
                 null,
-                currentAuthentication.getCurrentOrSubstitutedUser(),
+                currentUserSubstitution.getEffectiveUser(),
                 null);
         entities.retainAll(availableReports);
         reportsDc.setItems(entities);