Skip to content
This repository was archived by the owner on Dec 9, 2025. It is now read-only.

refactor and add m2m token support for user endpoints #11

Merged
mtwomey merged 1 commit into from
Jun 12, 2020
Merged

refactor and add m2m token support for user endpoints #11

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions src/main/java/com/appirio/tech/core/service/identity/IdentityApplication.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -250,8 +250,6 @@ public void run(IdentityConfiguration configuration, Environment environment) th
GroupResource groupResource = new GroupResource(groupDao, groupInformixDao);
environment.jersey().register(groupResource);
environment.jersey().register(groupDao);
// TODO: temporary fix.
userResource.setGroupDAO(groupDao);

// Resources::authorizations
AuthDataStore authDataStore = configuration.getAuthStore().createAuthDataStore();
Expand Down
71 changes: 12 additions & 59 deletions src/main/java/com/appirio/tech/core/service/identity/resource/GroupResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,11 +98,6 @@ public class GroupResource implements GetResource<Group>, DDLResource<Group> {
*/
private static final String[] writeScopes = {"write:groups", "all:groups"};

/**
* Represents the admin roles
*/
private static final String[] adminRoles = {"administrator"};

/**
* Represents the DAO For Group
*/
Expand Down Expand Up @@ -139,7 +134,7 @@ public ApiResponse createObject(
@Context HttpServletRequest request) {
logger.info("createObject()");

checkAccess(authUser, writeScopes, adminRoles);
Utils.checkAccess(authUser, writeScopes, Utils.AdminRoles);

Group group = validateGroup(postRequest);

Expand Down Expand Up @@ -185,7 +180,7 @@ public ApiResponse createSecurityGroup(

logger.info("createSecurityGroup()");

checkAccess(authUser, writeScopes, adminRoles);
Utils.checkAccess(authUser, writeScopes, Utils.AdminRoles);

if (postRequest == null) {
throw new APIRuntimeException(SC_BAD_REQUEST, String.format(MSG_TEMPLATE_MANDATORY, "Group"));
Expand Down Expand Up @@ -392,7 +387,7 @@ public ApiResponse updateObject(
@Context HttpServletRequest request) {
logger.info("updateObject()");

checkAccess(authUser, writeScopes, adminRoles);
Utils.checkAccess(authUser, writeScopes, Utils.AdminRoles);

Group group = validateGroup(putRequest);

Expand Down Expand Up @@ -447,7 +442,7 @@ public ApiResponse deleteObject(
@Context HttpServletRequest request) {
logger.info(String.format("deleteObject(%s)", groupId));

checkAccess(authUser, writeScopes, adminRoles);
Utils.checkAccess(authUser, writeScopes, Utils.AdminRoles);

Group group = getExistingGroup(new TCID(groupId));

Expand Down Expand Up @@ -511,7 +506,7 @@ public ApiResponse getObject(
logger.info(String.format("getObject(%s)", groupId));
Group group = getExistingGroup(groupId);

validateAdminRoleOrPrivateGroupMembership(authUser, group, readScopes, adminRoles);
validateAdminRoleOrPrivateGroupMembership(authUser, group, readScopes, Utils.AdminRoles);

return ApiResponseFactory.createFieldSelectorResponse(group, selector);
}
Expand Down Expand Up @@ -636,7 +631,7 @@ public ApiResponse getMembers(
// Check group exists
Group group = getExistingGroup(groupId);

validateAdminRoleOrPrivateGroupMembership(authUser, group, readScopes, adminRoles);
validateAdminRoleOrPrivateGroupMembership(authUser, group, readScopes, Utils.AdminRoles);

try {
List<GroupMembership> memberships = groupDao.findMembershipsByGroup(Utils.toLongValue(groupId));
Expand Down Expand Up @@ -669,10 +664,10 @@ public ApiResponse getObjects(

logger.info(String.format("getObjects(%s, %s)", memberId, membershipType));

checkAccess(authUser, readScopes, null);
Utils.checkAccess(authUser, readScopes, null);

// for admin and machine token
if (authUser.isMachine() || hasAdminRole(authUser)) {
if (authUser.isMachine() || Utils.hasAdminRole(authUser)) {
if (memberId==null && Utils.isEmpty(membershipType)) {
return ApiResponseFactory.createFieldSelectorResponse(groupDao.findAllGroups(), null);
}
Expand Down Expand Up @@ -709,7 +704,7 @@ public ApiResponse addMember(

logger.info("addMember()");

checkAccess(authUser, writeScopes, null);
Utils.checkAccess(authUser, writeScopes, null);

validateMembership(postRequest);

Expand All @@ -722,7 +717,7 @@ public ApiResponse addMember(
Group group = getExistingGroup(groupId);

// only admins or self registering users are allowed (if the group allows self register)
if(!authUser.isMachine() && !hasAdminRole(authUser) && !(group.getSelfRegister() && membership.getMemberId().toString().equals(authUser.getUserId().getId()))) {
if(!authUser.isMachine() && !Utils.hasAdminRole(authUser) && !(group.getSelfRegister() && membership.getMemberId().toString().equals(authUser.getUserId().getId()))) {
throw new APIRuntimeException(SC_FORBIDDEN, "Forbidden");
}

Expand Down Expand Up @@ -759,7 +754,7 @@ public ApiResponse removeMember(

logger.info(String.format("removeMember(%s, %s)", groupId, membershipId));

checkAccess(authUser, writeScopes, null);
Utils.checkAccess(authUser, writeScopes, null);

long id = Utils.toLongValue(membershipId);
GroupMembership membership = groupDao.findMembership(id);
Expand All @@ -770,7 +765,7 @@ public ApiResponse removeMember(
}

// only admins or self registering users are allowed (if the group allows self register)
if(!authUser.isMachine() && !hasAdminRole(authUser) && !(group.getSelfRegister() && membership.getMemberId().toString().equals(authUser.getUserId().getId()))) {
if(!authUser.isMachine() && !Utils.hasAdminRole(authUser) && !(group.getSelfRegister() && membership.getMemberId().toString().equals(authUser.getUserId().getId()))) {
throw new APIRuntimeException(SC_FORBIDDEN, "Forbidden");
}

Expand Down Expand Up @@ -812,46 +807,4 @@ private void validateAdminRoleOrPrivateGroupMembership(AuthUser authUser, Group
}
throw new APIRuntimeException(SC_FORBIDDEN, "Forbidden");
}

private void checkAccess(AuthUser authUser, String[] allowedScopes, String[] allowedRoles) {
if (authUser == null) {
throw new APIRuntimeException(SC_BAD_REQUEST, String.format(MSG_TEMPLATE_MANDATORY, "Authentication user"));
}

if (authUser.isMachine()) {
if (allowedScopes == null || allowedScopes.length == 0) {
return;
}

for (String allowedScope : allowedScopes) {
if (authUser.getScope().contains(allowedScope)) {
return;
}
}
} else {
if (allowedRoles == null || allowedRoles.length == 0) {
return;
}

for (String role : allowedRoles) {
if (authUser.getRoles() != null && authUser.getRoles().contains(role)) {
return;
}
}
}

throw new APIRuntimeException(SC_FORBIDDEN, "Forbidden");
}

private boolean hasAdminRole(AuthUser authUser) {
if (authUser.getRoles() != null) {
for (String role : adminRoles) {
if (authUser.getRoles().contains(role)) {
return true;
}
}
}

return false;
}
}
Loading