Search in sources :

Example 6 with Permission

use of com.webank.wedatasphere.qualitis.entity.Permission in project Qualitis by WeBankFinTech.

the class UserSpecPermissionServiceImpl method modifyUserSpecPermission.

@Override
@Transactional(rollbackFor = { RuntimeException.class, UnExpectedRequestException.class })
public GeneralResponse<?> modifyUserSpecPermission(ModifyUserSpecPermissionRequest request) throws UnExpectedRequestException {
    // Check Arguments
    checkRequest(request);
    // Find user permission by id
    String uuid = request.getUuid();
    UserSpecPermission userSpecPermissionInDb = userSpecPermissionDao.findByUuid(uuid);
    if (userSpecPermissionInDb == null) {
        throw new UnExpectedRequestException("user_spec_permission id {&DOES_NOT_EXIST}, request: " + request);
    }
    LOGGER.info("Succeed to find user_permission. uuid: {}, user_id: {}, permission_id: {}, current_user: {}", uuid, userSpecPermissionInDb.getUser().getId(), userSpecPermissionInDb.getPermission().getId(), HttpUtils.getUserName(httpServletRequest));
    // Check existence of user and permission
    long userId = request.getUserId();
    long permissionId = request.getPermissionId();
    User userInDb = userDao.findById(userId);
    if (userInDb == null) {
        throw new UnExpectedRequestException("user id {&DOES_NOT_EXIST}, request: " + request);
    }
    Permission permissionInDb = permissionDao.findById(permissionId);
    if (permissionInDb == null) {
        throw new UnExpectedRequestException("permission id {&DOES_NOT_EXIST}, request: " + request);
    }
    UserSpecPermission userIdAndPermissionIdInDb = userSpecPermissionDao.findByUserAndPermission(userInDb, permissionInDb);
    if (userIdAndPermissionIdInDb != null) {
        throw new UnExpectedRequestException("user id and permission id {&ALREADY_EXIST}, request: " + request);
    }
    // Save user permission
    userSpecPermissionInDb.setPermission(permissionInDb);
    userSpecPermissionInDb.setUser(userInDb);
    UserSpecPermission savedUserSpecPermission = userSpecPermissionDao.saveUserSpecPermission(userSpecPermissionInDb);
    LOGGER.info("Succeed to find user_permission. uuid: {}, user_id: {}, permission_id: {}, current_user: {}", uuid, savedUserSpecPermission.getUser().getId(), savedUserSpecPermission.getPermission().getId(), HttpUtils.getUserName(httpServletRequest));
    return new GeneralResponse<>("200", "{&MODIFY_USER_SPEC_PERMISSION_SUCCESSFULLY}", null);
}
Also used : GeneralResponse(com.webank.wedatasphere.qualitis.response.GeneralResponse) UnExpectedRequestException(com.webank.wedatasphere.qualitis.exception.UnExpectedRequestException) User(com.webank.wedatasphere.qualitis.entity.User) UserSpecPermission(com.webank.wedatasphere.qualitis.entity.UserSpecPermission) Permission(com.webank.wedatasphere.qualitis.entity.Permission) UserSpecPermission(com.webank.wedatasphere.qualitis.entity.UserSpecPermission) Transactional(org.springframework.transaction.annotation.Transactional)

Example 7 with Permission

use of com.webank.wedatasphere.qualitis.entity.Permission in project Qualitis by WeBankFinTech.

the class Filter1AuthorizationFilter method checkPermission.

/**
 * Return true if pass permissions, otherwise return false
 * @param url
 * @param method
 * @param permissions
 * @return
 */
private boolean checkPermission(String url, String method, List<Permission> permissions) {
    AntPathMatcher matcher = new AntPathMatcher();
    List<Permission> left = permissions.stream().filter((Permission p) -> matcher.match(p.getUrl(), url) && method.equals(p.getMethod())).collect(Collectors.toList());
    return !left.isEmpty();
}
Also used : Permission(com.webank.wedatasphere.qualitis.entity.Permission) AntPathMatcher(org.springframework.util.AntPathMatcher)

Example 8 with Permission

use of com.webank.wedatasphere.qualitis.entity.Permission in project Qualitis by WeBankFinTech.

the class UserSpecPermissionServiceImpl method addUserSpecPermission.

@Override
@Transactional(rollbackFor = { RuntimeException.class, UnExpectedRequestException.class })
public GeneralResponse<UserSpecPermissionResponse> addUserSpecPermission(AddUserSpecPermissionRequest request) throws UnExpectedRequestException {
    // Check Arguments
    checkRequest(request);
    // Check existence of user permission
    long userId = request.getUserId();
    long permissionId = request.getPermissionId();
    User userInDb = userDao.findById(userId);
    if (userInDb == null) {
        throw new UnExpectedRequestException("user id {&DOES_NOT_EXIST}, request: " + request);
    }
    Permission permissionInDb = permissionDao.findById(permissionId);
    if (permissionInDb == null) {
        throw new UnExpectedRequestException("permission id {&DOES_NOT_EXIST}, request: " + request);
    }
    UserSpecPermission userSpecPermissionInDb = userSpecPermissionDao.findByUserAndPermission(userInDb, permissionInDb);
    if (userSpecPermissionInDb != null) {
        throw new UnExpectedRequestException("user id and permission id {&ALREADY_EXIST}, request: " + request);
    }
    // Save new user permissions
    UserSpecPermission newUserSpecPermission = new UserSpecPermission();
    newUserSpecPermission.setUser(userInDb);
    newUserSpecPermission.setPermission(permissionInDb);
    newUserSpecPermission.setId(UuidGenerator.generate());
    UserSpecPermission savedUserSpecPermission = userSpecPermissionDao.saveUserSpecPermission(newUserSpecPermission);
    UserSpecPermissionResponse response = new UserSpecPermissionResponse(savedUserSpecPermission);
    LOGGER.info("Succeed to add user_permission, response: {}, current_user: {}", response, HttpUtils.getUserName(httpServletRequest));
    return new GeneralResponse<>("200", "{&ADD_USER_SPEC_PERMISSION_SUCCESSFULLY}", response);
}
Also used : GeneralResponse(com.webank.wedatasphere.qualitis.response.GeneralResponse) UnExpectedRequestException(com.webank.wedatasphere.qualitis.exception.UnExpectedRequestException) User(com.webank.wedatasphere.qualitis.entity.User) UserSpecPermission(com.webank.wedatasphere.qualitis.entity.UserSpecPermission) Permission(com.webank.wedatasphere.qualitis.entity.Permission) UserSpecPermissionResponse(com.webank.wedatasphere.qualitis.response.UserSpecPermissionResponse) UserSpecPermission(com.webank.wedatasphere.qualitis.entity.UserSpecPermission) Transactional(org.springframework.transaction.annotation.Transactional)

Example 9 with Permission

use of com.webank.wedatasphere.qualitis.entity.Permission in project Qualitis by WeBankFinTech.

the class LoginServiceImpl method addPermissionsToSession.

private void addPermissionsToSession(User userInDb, HttpServletRequest httpServletRequest) {
    List<Permission> userAllPermission = new ArrayList<>();
    // Add roles's permissions of user
    for (Role role : userInDb.getRoles()) {
        for (Permission permission : role.getPermissions()) {
            userAllPermission.add(permission);
        }
    }
    // Add permissions of user
    for (Permission permission : userInDb.getSpecPermissions()) {
        userAllPermission.add(permission);
    }
    // Put permissions into session
    HttpSession session = httpServletRequest.getSession();
    session.setAttribute("permissions", userAllPermission);
}
Also used : Role(com.webank.wedatasphere.qualitis.entity.Role) HttpSession(javax.servlet.http.HttpSession) Permission(com.webank.wedatasphere.qualitis.entity.Permission) ArrayList(java.util.ArrayList)

Example 10 with Permission

use of com.webank.wedatasphere.qualitis.entity.Permission in project Qualitis by WeBankFinTech.

the class PermissionServiceImpl method modifyPermission.

@Override
@Transactional(rollbackFor = { RuntimeException.class, UnExpectedRequestException.class })
public GeneralResponse<?> modifyPermission(ModifyPermissionRequest request) throws UnExpectedRequestException {
    // Check Arguments
    checkRequest(request);
    Long id = request.getPermissionId();
    String method = request.getMethod().trim();
    String url = request.getUrl().trim();
    Permission permissionInDb = permissionDao.findById(id);
    if (permissionInDb == null) {
        throw new UnExpectedRequestException("{&PERMISSION_ID_NOT_EXIST}, request: " + request);
    }
    LOGGER.info("Succeed to find permission, permissionId: {}, method: {}, url: {}, current_user: {}", permissionInDb.getId(), permissionInDb.getMethod(), permissionInDb.getUrl(), HttpUtils.getUserName(httpServletRequest));
    permissionInDb.setUrl(url);
    permissionInDb.setMethod(method);
    permissionDao.savePermission(permissionInDb);
    LOGGER.info("Succeed to modify permission, permissionId: {}, method: {}, url: {}, current_user: {}", id, method, url, HttpUtils.getUserName(httpServletRequest));
    return new GeneralResponse<>("200", "{&MODIFY_PERMISSION_SUCCESSFULLY}", null);
}
Also used : GeneralResponse(com.webank.wedatasphere.qualitis.response.GeneralResponse) UnExpectedRequestException(com.webank.wedatasphere.qualitis.exception.UnExpectedRequestException) UserSpecPermission(com.webank.wedatasphere.qualitis.entity.UserSpecPermission) Permission(com.webank.wedatasphere.qualitis.entity.Permission) RolePermission(com.webank.wedatasphere.qualitis.entity.RolePermission) Transactional(org.springframework.transaction.annotation.Transactional)

Aggregations

Permission (com.webank.wedatasphere.qualitis.entity.Permission)16 Transactional (org.springframework.transaction.annotation.Transactional)10 RolePermission (com.webank.wedatasphere.qualitis.entity.RolePermission)8 UserSpecPermission (com.webank.wedatasphere.qualitis.entity.UserSpecPermission)8 GeneralResponse (com.webank.wedatasphere.qualitis.response.GeneralResponse)8 UnExpectedRequestException (com.webank.wedatasphere.qualitis.exception.UnExpectedRequestException)7 Role (com.webank.wedatasphere.qualitis.entity.Role)4 User (com.webank.wedatasphere.qualitis.entity.User)4 Test (org.junit.Test)3 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)3 PermissionResponse (com.webank.wedatasphere.qualitis.response.PermissionResponse)2 ArrayList (java.util.ArrayList)2 HttpSession (javax.servlet.http.HttpSession)2 AntPathMatcher (org.springframework.util.AntPathMatcher)2 GetAllResponse (com.webank.wedatasphere.qualitis.response.GetAllResponse)1 RolePermissionResponse (com.webank.wedatasphere.qualitis.response.RolePermissionResponse)1 UserSpecPermissionResponse (com.webank.wedatasphere.qualitis.response.UserSpecPermissionResponse)1 List (java.util.List)1 RoleNotFoundException (javax.management.relation.RoleNotFoundException)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1