Example 1 with ReadableGroup
use of com.salesmanager.shop.model.security.ReadableGroup in project shopizer by shopizer-ecommerce.
the class UserFacadeImpl method authorizeStore.
@Override
public boolean authorizeStore(MerchantStore store, String path) {
Validate.notNull(store, "MerchantStore cannot be null");
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (!StringUtils.isBlank(path) && path.contains(PRIVATE_PATH)) {
Validate.notNull(authentication, "Don't call ths method if a user is not authenticated");
try {
String currentPrincipalName = authentication.getName();
LOGGER.info("Principal " + currentPrincipalName);
ReadableUser readableUser = findByUserName(currentPrincipalName, languageService.defaultLanguage());
// ReadableUser readableUser = findByUserName(currentPrincipalName, store.getCode(), store.getDefaultLanguage());
if (readableUser == null) {
return false;
}
// current user match;
String merchant = readableUser.getMerchant();
// user store is store request param
if (store.getCode().equalsIgnoreCase(merchant)) {
return true;
}
// is superadmin
for (ReadableGroup group : readableUser.getGroups()) {
if (Constants.GROUP_SUPERADMIN.equals(group.getName())) {
return true;
}
}
boolean authorized = false;
// user store can be parent and requested store is child
// get parent
// TODO CACHE
MerchantStore parent = null;
if (store.getParent() != null) {
parent = merchantStoreService.getParent(merchant);
}
// user can be in parent
if (parent != null && parent.getCode().equals(store.getCode())) {
authorized = true;
}
// else false
return authorized;
} catch (Exception e) {
throw new UnauthorizedException("Cannot authorize user " + authentication.getPrincipal().toString() + " for store " + store.getCode(), e.getMessage());
}
}
return true;
}
Also used :
ReadableGroup(com.salesmanager.shop.model.security.ReadableGroup)
ReadableUser(com.salesmanager.shop.model.user.ReadableUser)
Authentication(org.springframework.security.core.Authentication)
UnauthorizedException(com.salesmanager.shop.store.api.exception.UnauthorizedException)
MerchantStore(com.salesmanager.core.model.merchant.MerchantStore)
ServiceException(com.salesmanager.core.business.exception.ServiceException)
ServiceRuntimeException(com.salesmanager.shop.store.api.exception.ServiceRuntimeException)
ConversionRuntimeException(com.salesmanager.shop.store.api.exception.ConversionRuntimeException)
ResourceNotFoundException(com.salesmanager.shop.store.api.exception.ResourceNotFoundException)
OperationNotAllowedException(com.salesmanager.shop.store.api.exception.OperationNotAllowedException)
UnauthorizedException(com.salesmanager.shop.store.api.exception.UnauthorizedException)
GenericRuntimeException(com.salesmanager.shop.store.api.exception.GenericRuntimeException)
ConversionException(com.salesmanager.core.business.exception.ConversionException)
Example 2 with ReadableGroup
use of com.salesmanager.shop.model.security.ReadableGroup in project shopizer by shopizer-ecommerce.
the class UserFacadeImpl method authorizedStore.
@Override
public boolean authorizedStore(String userName, String merchantStoreCode) {
try {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
Set<String> roles = authentication.getAuthorities().stream().map(r -> r.getAuthority()).collect(Collectors.toSet());
ReadableUser readableUser = findByUserName(userName, languageService.defaultLanguage());
// unless superadmin
for (ReadableGroup group : readableUser.getGroups()) {
if (Constants.GROUP_SUPERADMIN.equals(group.getName())) {
return true;
}
}
boolean authorized = false;
User user = userService.findByStore(readableUser.getId(), merchantStoreCode);
if (user != null) {
authorized = true;
} else {
user = userService.getByUserName(userName);
}
if (user != null && !authorized) {
// get parent
MerchantStore store = merchantStoreService.getParent(merchantStoreCode);
// user can be in parent
MerchantStore st = user.getMerchantStore();
if (store != null && st.getCode().equals(store.getCode())) {
authorized = true;
}
}
return authorized;
} catch (Exception e) {
throw new ServiceRuntimeException("Cannot authorize user " + userName + " for store " + merchantStoreCode, e.getMessage());
}
}
Also used :
PermissionService(com.salesmanager.core.business.services.user.PermissionService)
Date(java.util.Date)
EmailConstants(com.salesmanager.shop.constants.EmailConstants)
LoggerFactory(org.slf4j.LoggerFactory)
Autowired(org.springframework.beans.factory.annotation.Autowired)
StringUtils(org.apache.commons.lang3.StringUtils)
LanguageService(com.salesmanager.core.business.services.reference.language.LanguageService)
ReadableUser(com.salesmanager.shop.model.user.ReadableUser)
ServiceException(com.salesmanager.core.business.exception.ServiceException)
MerchantStore(com.salesmanager.core.model.merchant.MerchantStore)
Locale(java.util.Locale)
Map(java.util.Map)
GenericEntityList(com.salesmanager.core.model.common.GenericEntityList)
SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder)
MerchantStoreService(com.salesmanager.core.business.services.merchant.MerchantStoreService)
ReadableGroup(com.salesmanager.shop.model.security.ReadableGroup)
Set(java.util.Set)
ReadableUserList(com.salesmanager.shop.model.user.ReadableUserList)
ReadableUserPopulator(com.salesmanager.shop.populator.user.ReadableUserPopulator)
UUID(java.util.UUID)
Page(org.springframework.data.domain.Page)
Collectors(java.util.stream.Collectors)
List(java.util.List)
PersistableGroup(com.salesmanager.shop.model.security.PersistableGroup)
CollectionUtils(org.springframework.util.CollectionUtils)
ServiceRuntimeException(com.salesmanager.shop.store.api.exception.ServiceRuntimeException)
Optional(java.util.Optional)
AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)
Authentication(org.springframework.security.core.Authentication)
EmailService(com.salesmanager.core.business.services.system.EmailService)
Async(org.springframework.scheduling.annotation.Async)
Email(com.salesmanager.core.business.modules.email.Email)
Group(com.salesmanager.core.model.user.Group)
Constants(com.salesmanager.shop.constants.Constants)
DateUtil(com.salesmanager.shop.utils.DateUtil)
CredentialsReset(com.salesmanager.core.model.common.CredentialsReset)
ReadablePermission(com.salesmanager.shop.model.security.ReadablePermission)
ArrayList(java.util.ArrayList)
Inject(javax.inject.Inject)
Language(com.salesmanager.core.model.reference.language.Language)
ConversionRuntimeException(com.salesmanager.shop.store.api.exception.ConversionRuntimeException)
Permission(com.salesmanager.core.model.user.Permission)
ResourceNotFoundException(com.salesmanager.shop.store.api.exception.ResourceNotFoundException)
LabelUtils(com.salesmanager.shop.utils.LabelUtils)
Service(org.springframework.stereotype.Service)
Qualifier(org.springframework.beans.factory.annotation.Qualifier)
EmailUtils(com.salesmanager.shop.utils.EmailUtils)
UserPassword(com.salesmanager.shop.model.user.UserPassword)
User(com.salesmanager.core.model.user.User)
Criteria(com.salesmanager.core.model.common.Criteria)
OperationNotAllowedException(com.salesmanager.shop.store.api.exception.OperationNotAllowedException)
Validate(org.jsoup.helper.Validate)
Logger(org.slf4j.Logger)
UserFacade(com.salesmanager.shop.store.controller.user.facade.UserFacade)
ImageFilePath(com.salesmanager.shop.utils.ImageFilePath)
UnauthorizedException(com.salesmanager.shop.store.api.exception.UnauthorizedException)
UserService(com.salesmanager.core.business.services.user.UserService)
PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder)
PersistableUserPopulator(com.salesmanager.shop.populator.user.PersistableUserPopulator)
GenericRuntimeException(com.salesmanager.shop.store.api.exception.GenericRuntimeException)
ConversionException(com.salesmanager.core.business.exception.ConversionException)
PersistableUser(com.salesmanager.shop.model.user.PersistableUser)
FilePathUtils(com.salesmanager.shop.utils.FilePathUtils)
UserCriteria(com.salesmanager.core.model.user.UserCriteria)
SecurityFacade(com.salesmanager.shop.store.controller.security.facade.SecurityFacade)
ReadableGroup(com.salesmanager.shop.model.security.ReadableGroup)
ReadableUser(com.salesmanager.shop.model.user.ReadableUser)
ReadableUser(com.salesmanager.shop.model.user.ReadableUser)
User(com.salesmanager.core.model.user.User)
PersistableUser(com.salesmanager.shop.model.user.PersistableUser)
Authentication(org.springframework.security.core.Authentication)
MerchantStore(com.salesmanager.core.model.merchant.MerchantStore)
ServiceException(com.salesmanager.core.business.exception.ServiceException)
ServiceRuntimeException(com.salesmanager.shop.store.api.exception.ServiceRuntimeException)
ConversionRuntimeException(com.salesmanager.shop.store.api.exception.ConversionRuntimeException)
ResourceNotFoundException(com.salesmanager.shop.store.api.exception.ResourceNotFoundException)
OperationNotAllowedException(com.salesmanager.shop.store.api.exception.OperationNotAllowedException)
UnauthorizedException(com.salesmanager.shop.store.api.exception.UnauthorizedException)
GenericRuntimeException(com.salesmanager.shop.store.api.exception.GenericRuntimeException)
ConversionException(com.salesmanager.core.business.exception.ConversionException)
ServiceRuntimeException(com.salesmanager.shop.store.api.exception.ServiceRuntimeException)
Example 3 with ReadableGroup
use of com.salesmanager.shop.model.security.ReadableGroup in project shopizer by shopizer-ecommerce.
the class UserFacadeImpl method convertUserToReadableUser.
private ReadableUser convertUserToReadableUser(Language lang, User user) {
ReadableUserPopulator populator = new ReadableUserPopulator();
try {
ReadableUser readableUser = new ReadableUser();
readableUser = populator.populate(user, readableUser, user.getMerchantStore(), lang);
List<Integer> groupIds = readableUser.getGroups().stream().map(ReadableGroup::getId).map(Long::intValue).collect(Collectors.toList());
List<ReadablePermission> permissions = findPermissionsByGroups(groupIds);
readableUser.setPermissions(permissions);
return readableUser;
} catch (ConversionException e) {
throw new ConversionRuntimeException(e);
}
}
Also used :
ReadableGroup(com.salesmanager.shop.model.security.ReadableGroup)
ReadablePermission(com.salesmanager.shop.model.security.ReadablePermission)
ConversionException(com.salesmanager.core.business.exception.ConversionException)
ReadableUser(com.salesmanager.shop.model.user.ReadableUser)
ReadableUserPopulator(com.salesmanager.shop.populator.user.ReadableUserPopulator)
ConversionRuntimeException(com.salesmanager.shop.store.api.exception.ConversionRuntimeException)
Example 4 with ReadableGroup
use of com.salesmanager.shop.model.security.ReadableGroup in project shopizer by shopizer-ecommerce.
the class ReadableCustomerMapper method merge.
@Override
public ReadableCustomer merge(Customer source, ReadableCustomer target, MerchantStore store, Language language) {
if (source.getId() != null && source.getId() > 0) {
target.setId(source.getId());
}
target.setEmailAddress(source.getEmailAddress());
if (StringUtils.isNotEmpty(source.getNick())) {
target.setUserName(source.getNick());
}
if (source.getDefaultLanguage() != null) {
target.setLanguage(source.getDefaultLanguage().getCode());
}
if (source.getGender() != null) {
target.setGender(source.getGender().name());
}
if (StringUtils.isNotEmpty(source.getProvider())) {
target.setProvider(source.getProvider());
}
if (source.getBilling() != null) {
Address address = new Address();
address.setAddress(source.getBilling().getAddress());
address.setCity(source.getBilling().getCity());
address.setCompany(source.getBilling().getCompany());
address.setFirstName(source.getBilling().getFirstName());
address.setLastName(source.getBilling().getLastName());
address.setPostalCode(source.getBilling().getPostalCode());
address.setPhone(source.getBilling().getTelephone());
if (source.getBilling().getCountry() != null) {
address.setCountry(source.getBilling().getCountry().getIsoCode());
}
if (source.getBilling().getZone() != null) {
address.setZone(source.getBilling().getZone().getCode());
}
if (source.getBilling().getState() != null) {
address.setStateProvince(source.getBilling().getState());
}
target.setFirstName(address.getFirstName());
target.setLastName(address.getLastName());
target.setBilling(address);
}
if (source.getCustomerReviewAvg() != null) {
target.setRating(source.getCustomerReviewAvg().doubleValue());
}
if (source.getCustomerReviewCount() != null) {
target.setRatingCount(source.getCustomerReviewCount().intValue());
}
if (source.getDelivery() != null) {
Address address = new Address();
address.setCity(source.getDelivery().getCity());
address.setAddress(source.getDelivery().getAddress());
address.setCompany(source.getDelivery().getCompany());
address.setFirstName(source.getDelivery().getFirstName());
address.setLastName(source.getDelivery().getLastName());
address.setPostalCode(source.getDelivery().getPostalCode());
address.setPhone(source.getDelivery().getTelephone());
if (source.getDelivery().getCountry() != null) {
address.setCountry(source.getDelivery().getCountry().getIsoCode());
}
if (source.getDelivery().getZone() != null) {
address.setZone(source.getDelivery().getZone().getCode());
}
if (source.getDelivery().getState() != null) {
address.setStateProvince(source.getDelivery().getState());
}
target.setDelivery(address);
} else {
target.setDelivery(target.getBilling());
}
if (source.getAttributes() != null) {
for (CustomerAttribute attribute : source.getAttributes()) {
ReadableCustomerAttribute readableAttribute = new ReadableCustomerAttribute();
readableAttribute.setId(attribute.getId());
readableAttribute.setTextValue(attribute.getTextValue());
ReadableCustomerOption option = new ReadableCustomerOption();
option.setId(attribute.getCustomerOption().getId());
option.setCode(attribute.getCustomerOption().getCode());
CustomerOptionDescription d = new CustomerOptionDescription();
d.setDescription(attribute.getCustomerOption().getDescriptionsSettoList().get(0).getDescription());
d.setName(attribute.getCustomerOption().getDescriptionsSettoList().get(0).getName());
option.setDescription(d);
readableAttribute.setCustomerOption(option);
ReadableCustomerOptionValue optionValue = new ReadableCustomerOptionValue();
optionValue.setId(attribute.getCustomerOptionValue().getId());
CustomerOptionValueDescription vd = new CustomerOptionValueDescription();
vd.setDescription(attribute.getCustomerOptionValue().getDescriptionsSettoList().get(0).getDescription());
vd.setName(attribute.getCustomerOptionValue().getDescriptionsSettoList().get(0).getName());
optionValue.setCode(attribute.getCustomerOptionValue().getCode());
optionValue.setDescription(vd);
readableAttribute.setCustomerOptionValue(optionValue);
target.getAttributes().add(readableAttribute);
}
if (source.getGroups() != null) {
for (Group group : source.getGroups()) {
ReadableGroup readableGroup = new ReadableGroup();
readableGroup.setId(group.getId().longValue());
readableGroup.setName(group.getGroupName());
readableGroup.setType(group.getGroupType().name());
target.getGroups().add(readableGroup);
}
}
}
return target;
}
Also used :
CustomerOptionDescription(com.salesmanager.shop.model.customer.attribute.CustomerOptionDescription)
ReadableGroup(com.salesmanager.shop.model.security.ReadableGroup)
Group(com.salesmanager.core.model.user.Group)
ReadableGroup(com.salesmanager.shop.model.security.ReadableGroup)
Address(com.salesmanager.shop.model.customer.address.Address)
ReadableCustomerOptionValue(com.salesmanager.shop.model.customer.attribute.ReadableCustomerOptionValue)
ReadableCustomerAttribute(com.salesmanager.shop.model.customer.attribute.ReadableCustomerAttribute)
CustomerAttribute(com.salesmanager.core.model.customer.attribute.CustomerAttribute)
ReadableCustomerOption(com.salesmanager.shop.model.customer.attribute.ReadableCustomerOption)
CustomerOptionValueDescription(com.salesmanager.shop.model.customer.attribute.CustomerOptionValueDescription)
ReadableCustomerAttribute(com.salesmanager.shop.model.customer.attribute.ReadableCustomerAttribute)
Example 5 with ReadableGroup
use of com.salesmanager.shop.model.security.ReadableGroup in project shopizer by shopizer-ecommerce.
the class SecurityApi method groups.
/**
* Load groups Requires service user authentication
*
* @return
*/
@GetMapping("/private/groups")
public List<ReadableGroup> groups() {
List<Group> groups = groupService.list();
List<ReadableGroup> readableGroups = new ArrayList<ReadableGroup>();
for (Group group : groups) {
ReadableGroup readableGroup = new ReadableGroup();
readableGroup.setName(group.getGroupName());
readableGroup.setId(group.getId().longValue());
readableGroup.setType(group.getGroupType().name());
readableGroups.add(readableGroup);
}
return readableGroups;
}
Also used :
ReadableGroup(com.salesmanager.shop.model.security.ReadableGroup)
Group(com.salesmanager.core.model.user.Group)
ReadableGroup(com.salesmanager.shop.model.security.ReadableGroup)
ArrayList(java.util.ArrayList)
GetMapping(org.springframework.web.bind.annotation.GetMapping)
Aggregations
ReadableGroup (com.salesmanager.shop.model.security.ReadableGroup)7
Group (com.salesmanager.core.model.user.Group)5
ConversionException (com.salesmanager.core.business.exception.ConversionException)4
ReadableUser (com.salesmanager.shop.model.user.ReadableUser)4
ConversionRuntimeException (com.salesmanager.shop.store.api.exception.ConversionRuntimeException)3
ServiceException (com.salesmanager.core.business.exception.ServiceException)2
CustomerAttribute (com.salesmanager.core.model.customer.attribute.CustomerAttribute)2
MerchantStore (com.salesmanager.core.model.merchant.MerchantStore)2
Address (com.salesmanager.shop.model.customer.address.Address)2
CustomerOptionDescription (com.salesmanager.shop.model.customer.attribute.CustomerOptionDescription)2
CustomerOptionValueDescription (com.salesmanager.shop.model.customer.attribute.CustomerOptionValueDescription)2
ReadableCustomerAttribute (com.salesmanager.shop.model.customer.attribute.ReadableCustomerAttribute)2
ReadableCustomerOption (com.salesmanager.shop.model.customer.attribute.ReadableCustomerOption)2
ReadableCustomerOptionValue (com.salesmanager.shop.model.customer.attribute.ReadableCustomerOptionValue)2
ReadablePermission (com.salesmanager.shop.model.security.ReadablePermission)2
ReadableUserPopulator (com.salesmanager.shop.populator.user.ReadableUserPopulator)2
GenericRuntimeException (com.salesmanager.shop.store.api.exception.GenericRuntimeException)2
OperationNotAllowedException (com.salesmanager.shop.store.api.exception.OperationNotAllowedException)2
ResourceNotFoundException (com.salesmanager.shop.store.api.exception.ResourceNotFoundException)2
ServiceRuntimeException (com.salesmanager.shop.store.api.exception.ServiceRuntimeException)2
