use of com.serotonin.m2m2.vo.role.Role in project ma-core-public by infiniteautomation.
the class ScriptPermissionConverter method jsonWrite.
@Override
public JsonValue jsonWrite(JsonTypeWriter writer, Object value) throws JsonException {
ScriptPermissions permission = (ScriptPermissions) value;
JsonArray roles = new JsonArray();
for (Role role : permission.getRoles()) {
roles.add(role.getXid());
}
return roles;
}
use of com.serotonin.m2m2.vo.role.Role in project ma-core-public by infiniteautomation.
the class UsersService method validate.
@Override
public ProcessResult validate(User existing, User vo) {
PermissionHolder holder = Common.getUser();
ProcessResult result = commonValidation(vo, holder);
boolean hasExplicitEditPermission = hasExplicitEditPermission(holder, existing);
// validate roles
permissionService.validatePermissionHolderRoles(result, "roles", holder, vo.getRoles());
// validate permissions
if (!existing.getReadPermission().equals(vo.getReadPermission())) {
if (!hasExplicitEditPermission) {
result.addContextualMessage("readPermission", "validate.mustHaveExplicitEditPermission");
}
permissionService.validatePermission(result, "readPermission", holder, existing.getReadPermission(), vo.getReadPermission());
}
if (!existing.getEditPermission().equals(vo.getEditPermission())) {
if (!hasExplicitEditPermission) {
result.addContextualMessage("editPermission", "validate.mustHaveExplicitEditPermission");
}
permissionService.validatePermission(result, "editPermission", holder, existing.getEditPermission(), vo.getEditPermission());
}
if (!StringUtils.isBlank(vo.getPassword())) {
Matcher m = Common.EXTRACT_ALGORITHM_HASH.matcher(vo.getPassword());
if (m.matches()) {
String hashOrPassword = m.group(2);
// Can't use same one 2x
if (Common.checkPassword(hashOrPassword, existing.getPassword(), false)) {
result.addMessage("password", new TranslatableMessage("users.validate.cannotUseSamePasswordTwice"));
}
}
}
// Validation for when the user is modifying themselves
if (isSelf(holder, existing)) {
// A user can never disable themselves
if (vo.isDisabled()) {
result.addContextualMessage("disabled", "users.validate.adminDisable");
}
// cannot remove any role from ourselves (unless superadmin)
// checking for added roles is done via validatePermissionHolderRoles() above
Set<Role> heldRoles = holder.getRoles();
Set<Role> newRoles = vo.getRoles();
if (heldRoles.contains(PermissionHolder.SUPERADMIN_ROLE)) {
// cannot remove superadmin from self
if (!newRoles.contains(PermissionHolder.SUPERADMIN_ROLE)) {
result.addContextualMessage("roles", "users.validate.cannotRemoveSuperadminRole");
}
} else {
if (!newRoles.containsAll(heldRoles)) {
result.addContextualMessage("roles", "validate.role.modifyOwnRoles");
}
}
// only allow changing own username if they have the "permissions.user.changeUsername" permission
if (!StringUtils.equals(existing.getUsername(), vo.getUsername())) {
if (!permissionService.hasPermission(holder, changeOwnUsernamePermission.getPermission())) {
result.addMessage("username", new TranslatableMessage("users.validate.cannotChangeOwnUsername"));
}
}
// validate fields that you can only modify if you have explicit edit permission
if (!hasExplicitEditPermission) {
if (!Objects.equals(vo.getEmailVerifiedDate(), existing.getEmailVerifiedDate())) {
result.addContextualMessage("emailVerified", "validate.invalidValue");
}
if (!Objects.equals(vo.getCreated(), existing.getCreated())) {
result.addContextualMessage("created", "validate.invalidValue");
}
if (existing.isSessionExpirationOverride() != vo.isSessionExpirationOverride()) {
result.addContextualMessage("sessionExpirationOverride", "permission.exception.mustBeAdmin");
}
if (existing.getSessionExpirationPeriods() != vo.getSessionExpirationPeriods()) {
result.addContextualMessage("sessionExpirationPeriods", "permission.exception.mustBeAdmin");
}
if (!StringUtils.equals(existing.getSessionExpirationPeriodType(), vo.getSessionExpirationPeriodType())) {
result.addContextualMessage("sessionExpirationPeriodType", "permission.exception.mustBeAdmin");
}
}
}
return result;
}
use of com.serotonin.m2m2.vo.role.Role in project ma-core-public by infiniteautomation.
the class UsersService method commonValidation.
protected ProcessResult commonValidation(User vo, PermissionHolder holder) {
ProcessResult response = new ProcessResult();
if (StringUtils.isBlank(vo.getUsername()))
response.addMessage("username", new TranslatableMessage("validate.required"));
if (!UserDao.getInstance().isUsernameUnique(vo.getUsername(), vo.getId()))
response.addMessage("username", new TranslatableMessage("users.validate.usernameInUse"));
if (StringUtils.isBlank(vo.getEmail()))
response.addMessage("email", new TranslatableMessage("validate.required"));
else if (!UserDao.getInstance().isEmailUnique(vo.getEmail(), vo.getId()))
response.addMessage("email", new TranslatableMessage("users.validate.emailUnique"));
if (StringUtils.isBlank(vo.getPassword())) {
response.addMessage("password", new TranslatableMessage("validate.required"));
} else {
Matcher m = Common.EXTRACT_ALGORITHM_HASH.matcher(vo.getPassword());
if (!m.matches()) {
response.addMessage("password", new TranslatableMessage("validate.illegalValue"));
} else {
String algorithm = m.group(1);
String hashOrPassword = m.group(2);
// Validate against our rules
if (User.PLAIN_TEXT_ALGORITHM.equals(algorithm) || User.NONE_ALGORITHM.equals(algorithm)) {
if (StringUtils.isBlank(hashOrPassword)) {
response.addMessage("password", new TranslatableMessage("validate.required"));
}
try {
passwordService.validatePassword(hashOrPassword);
} catch (PasswordInvalidException e) {
for (TranslatableMessage message : e.getMessages()) {
response.addMessage("password", message);
}
}
}
}
}
if (StringUtils.isBlank(vo.getName())) {
response.addMessage("name", new TranslatableMessage("validate.required"));
} else if (StringValidation.isLengthGreaterThan(vo.getName(), 255)) {
response.addMessage("name", new TranslatableMessage("validate.notLongerThan", 255));
}
// Check field lengths
if (StringValidation.isLengthGreaterThan(vo.getUsername(), 40))
response.addMessage("username", new TranslatableMessage("validate.notLongerThan", 40));
if (StringValidation.isLengthGreaterThan(vo.getEmail(), 255))
response.addMessage("email", new TranslatableMessage("validate.notLongerThan", 255));
if (StringValidation.isLengthGreaterThan(vo.getPhone(), 40))
response.addMessage("phone", new TranslatableMessage("validate.notLongerThan", 40));
if (vo.getReceiveAlarmEmails() == null) {
response.addMessage("receiveAlarmEmails", new TranslatableMessage("validate.required"));
}
String locale = vo.getLocale();
if (StringUtils.isNotEmpty(locale)) {
if (StringValidation.isLengthGreaterThan(locale, 50)) {
response.addMessage("locale", new TranslatableMessage("validate.notLongerThan", 50));
}
try {
new Locale.Builder().setLanguageTag(locale).build();
} catch (IllformedLocaleException e) {
response.addMessage("locale", new TranslatableMessage("validate.invalidValue"));
}
}
String timezone = vo.getTimezone();
if (StringUtils.isNotEmpty(vo.getTimezone())) {
if (StringValidation.isLengthGreaterThan(vo.getTimezone(), 50)) {
response.addMessage("timezone", new TranslatableMessage("validate.notLongerThan", 50));
}
try {
// noinspection ResultOfMethodCallIgnored
ZoneId.of(timezone);
} catch (DateTimeException e) {
response.addMessage("timezone", new TranslatableMessage("validate.invalidValue"));
}
}
// Can't set email verified
if (vo.getEmailVerifiedDate() != null && !permissionService.hasAdminRole(holder)) {
response.addContextualMessage("emailVerified", "validate.invalidValue");
}
if (StringUtils.isNotEmpty(vo.getOrganization())) {
if (StringValidation.isLengthGreaterThan(vo.getOrganization(), 80)) {
response.addMessage("organization", new TranslatableMessage("validate.notLongerThan", 80));
}
}
if (StringUtils.isNotEmpty(vo.getOrganizationalRole())) {
if (StringValidation.isLengthGreaterThan(vo.getOrganizationalRole(), 80)) {
response.addMessage("organizationalRole", new TranslatableMessage("validate.notLongerThan", 80));
}
}
// Every user must have the user role, must be directly assigned otherwise if role inheritance changes the user may lose the role
if (vo.getRoles() != null && !vo.getRoles().contains(PermissionHolder.USER_ROLE)) {
Set<Role> updated = new HashSet<>(vo.getRoles());
updated.add(PermissionHolder.USER_ROLE);
vo.setRoles(Collections.unmodifiableSet(updated));
}
return response;
}
use of com.serotonin.m2m2.vo.role.Role in project ma-core-public by infiniteautomation.
the class H2DatabaseTest method test1AutoIncrement.
@Test
public void test1AutoIncrement() throws SQLException {
DSLContext context = Common.getBean(DatabaseProxy.class).getContext();
Roles r = Roles.ROLES;
context.insertInto(r, r.id, r.xid, r.name).values(10, "xid", "name").execute();
context.insertInto(r, r.xid, r.name).values("test", "test").execute();
RoleVO role = Common.getBean(RoleDao.class).getByXid("test");
assertEquals(11, role.getId());
}
use of com.serotonin.m2m2.vo.role.Role in project ma-core-public by infiniteautomation.
the class MySQLDatabaseTest method test1AutoIncrement.
@Test
public void test1AutoIncrement() throws SQLException {
DSLContext context = Common.getBean(DatabaseProxy.class).getContext();
Roles r = Roles.ROLES;
context.insertInto(r, r.id, r.xid, r.name).values(10, "xid", "name").execute();
context.insertInto(r, r.xid, r.name).values("test", "test").execute();
RoleVO role = Common.getBean(RoleDao.class).getByXid("test");
assertEquals(11, role.getId());
}
Aggregations