use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.
the class PersistenceSecurityImpl method setQueryParam.
@Override
public void setQueryParam(Query query, String paramName) {
if (paramName.startsWith(CONSTRAINT_PARAM_SESSION_ATTR)) {
UserSession userSession = userSessionSource.getUserSession();
String attrName = paramName.substring(CONSTRAINT_PARAM_SESSION_ATTR.length());
if (CONSTRAINT_PARAM_USER_LOGIN.equals(attrName)) {
String userLogin = userSession.getSubstitutedUser() != null ? userSession.getSubstitutedUser().getLogin() : userSession.getUser().getLogin();
query.setParameter(paramName, userLogin);
} else if (CONSTRAINT_PARAM_USER_ID.equals(attrName)) {
UUID userId = userSession.getSubstitutedUser() != null ? userSession.getSubstitutedUser().getId() : userSession.getUser().getId();
query.setParameter(paramName, userId);
} else if (CONSTRAINT_PARAM_USER_GROUP_ID.equals(attrName)) {
Object groupId = userSession.getSubstitutedUser() == null ? userSession.getUser().getGroup().getId() : userSession.getSubstitutedUser().getGroup().getId();
query.setParameter(paramName, groupId);
} else {
Serializable value = userSession.getAttribute(attrName);
query.setParameter(paramName, value);
}
}
}
use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.
the class ServiceInterceptorTest method testNewThread.
@Test
public void testNewThread() throws Exception {
ServiceInterceptorTestService service = AppBeans.get(ServiceInterceptorTestService.class);
UserSessions userSessions = AppBeans.get(UserSessions.class);
// workaround for test security setup
Field startedField = AppContext.class.getDeclaredField("started");
startedField.setAccessible(true);
startedField.set(null, true);
AppContext.setSecurityContext(AppContext.NO_USER_CONTEXT);
UserSession userSession = new UserSession(AppContext.NO_USER_CONTEXT.getSessionId(), new User(), Collections.emptyList(), Locale.ENGLISH, true);
userSessions.add(userSession);
try {
appender.getMessages().clear();
service.declarativeTransactionNewThread();
assertEquals(0, appender.getMessages().stream().filter(s -> s.contains("from another service")).count());
appender.getMessages().clear();
try {
service.executeWithExceptionNewThread();
} catch (Exception e) {
assertTrue(e instanceof RemoteException && ((RemoteException) e).getFirstCauseException() instanceof TestingService.TestException);
}
} finally {
userSessions.remove(userSession);
startedField.set(null, false);
}
}
use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.
the class ConstraintTest method test.
@Test
public void test() throws LoginException {
LoginWorker lw = AppBeans.get(LoginWorker.NAME);
UserSession userSession = lw.login(USER_LOGIN, passwordEncryption.getPlainHash(USER_PASSW), Locale.getDefault());
assertNotNull(userSession);
List<ConstraintData> constraints = userSession.getConstraints("sys$Server");
assertEquals(2, constraints.size());
List<ConstraintData> roleConstraints = userSession.getConstraints("sec$UserRole");
assertEquals(1, roleConstraints.size());
UserSessionSource uss = AppBeans.get(UserSessionSource.class);
UserSession savedUserSession = uss.getUserSession();
((TestUserSessionSource) uss).setUserSession(userSession);
try {
DataManager dm = AppBeans.get(DataManager.NAME);
LoadContext loadContext = new LoadContext(Server.class).setQuery(new LoadContext.Query("select s from sys$Server s"));
List<Server> list = dm.loadList(loadContext);
for (Server server : list) {
if (server.getId().equals(serverId))
fail("Constraints have not taken effect for some reason");
}
// test constraint that contains session parameter
loadContext = new LoadContext(UserRole.class).setQuery(new LoadContext.Query("select ur from sec$UserRole ur"));
List<UserRole> userRoles = dm.loadList(loadContext);
if (!userRoles.isEmpty()) {
fail("Constraint with session attribute failed");
}
} finally {
((TestUserSessionSource) uss).setUserSession(savedUserSession);
}
}
use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.
the class DataManagerCommitConstraintTest method testUpdateConstraintNotPassed.
@Test
public void testUpdateConstraintNotPassed() throws LoginException {
LoginWorker lw = AppBeans.get(LoginWorker.NAME);
DataManager dataManager = AppBeans.get(DataManager.NAME);
UserSession userSession = lw.login("constraintuserupdate", passwordEncryption.getPlainHash(PASSWORD), Locale.getDefault());
assertNotNull(userSession);
UserSessionSource uss = AppBeans.get(UserSessionSource.class);
UserSession savedUserSession = uss.getUserSession();
((TestUserSessionSource) uss).setUserSession(userSession);
try {
dataManager = dataManager.secure();
User user = dataManager.load(new LoadContext<>(User.class).setId(testUserUpdate1.getId()).setView(View.LOCAL));
user.setName("newName");
dataManager.commit(user);
fail();
} catch (RowLevelSecurityException e) {
User user = dataManager.load(new LoadContext<>(User.class).setId(testUserUpdate1.getId()).setView(View.LOCAL));
assertEquals(user.getName(), "oldName");
} finally {
((TestUserSessionSource) uss).setUserSession(savedUserSession);
}
}
use of com.haulmont.cuba.security.global.UserSession in project cuba by cuba-platform.
the class DataManagerCommitConstraintTest method testUpdateConstraintPassed.
@Test
public void testUpdateConstraintPassed() throws LoginException {
LoginWorker lw = AppBeans.get(LoginWorker.NAME);
DataManager dataManager = AppBeans.get(DataManager.NAME);
UserSession userSession = lw.login("constraintuserupdate", passwordEncryption.getPlainHash(PASSWORD), Locale.getDefault());
assertNotNull(userSession);
UserSessionSource uss = AppBeans.get(UserSessionSource.class);
UserSession savedUserSession = uss.getUserSession();
((TestUserSessionSource) uss).setUserSession(userSession);
try {
dataManager = dataManager.secure();
User user = dataManager.load(new LoadContext<>(User.class).setId(testUserUpdate2.getId()).setView(View.LOCAL));
user.setName("newName");
dataManager.commit(user);
user = dataManager.load(new LoadContext<>(User.class).setId(testUserUpdate2.getId()).setView(View.LOCAL));
assertEquals(user.getName(), "newName");
user = dataManager.load(new LoadContext<>(User.class).setId(testUserUpdate3.getId()).setView(View.LOCAL));
user.setName("newName");
user.setActive(true);
dataManager.commit(user);
user = dataManager.load(new LoadContext<>(User.class).setId(testUserUpdate3.getId()).setView(View.LOCAL));
assertEquals(user.getName(), "newName");
} finally {
((TestUserSessionSource) uss).setUserSession(savedUserSession);
}
}
Aggregations