use of com.webank.wedatasphere.qualitis.entity.Permission in project Qualitis by WeBankFinTech.
the class UserSpecPermissionServiceImpl method modifyUserSpecPermission.
@Override
@Transactional(rollbackFor = { RuntimeException.class, UnExpectedRequestException.class })
public GeneralResponse<?> modifyUserSpecPermission(ModifyUserSpecPermissionRequest request) throws UnExpectedRequestException {
// Check Arguments
checkRequest(request);
// Find user permission by id
String uuid = request.getUuid();
UserSpecPermission userSpecPermissionInDb = userSpecPermissionDao.findByUuid(uuid);
if (userSpecPermissionInDb == null) {
throw new UnExpectedRequestException("user_spec_permission id {&DOES_NOT_EXIST}, request: " + request);
}
LOGGER.info("Succeed to find user_permission. uuid: {}, user_id: {}, permission_id: {}, current_user: {}", uuid, userSpecPermissionInDb.getUser().getId(), userSpecPermissionInDb.getPermission().getId(), HttpUtils.getUserName(httpServletRequest));
// Check existence of user and permission
long userId = request.getUserId();
long permissionId = request.getPermissionId();
User userInDb = userDao.findById(userId);
if (userInDb == null) {
throw new UnExpectedRequestException("user id {&DOES_NOT_EXIST}, request: " + request);
}
Permission permissionInDb = permissionDao.findById(permissionId);
if (permissionInDb == null) {
throw new UnExpectedRequestException("permission id {&DOES_NOT_EXIST}, request: " + request);
}
UserSpecPermission userIdAndPermissionIdInDb = userSpecPermissionDao.findByUserAndPermission(userInDb, permissionInDb);
if (userIdAndPermissionIdInDb != null) {
throw new UnExpectedRequestException("user id and permission id {&ALREADY_EXIST}, request: " + request);
}
// Save user permission
userSpecPermissionInDb.setPermission(permissionInDb);
userSpecPermissionInDb.setUser(userInDb);
UserSpecPermission savedUserSpecPermission = userSpecPermissionDao.saveUserSpecPermission(userSpecPermissionInDb);
LOGGER.info("Succeed to find user_permission. uuid: {}, user_id: {}, permission_id: {}, current_user: {}", uuid, savedUserSpecPermission.getUser().getId(), savedUserSpecPermission.getPermission().getId(), HttpUtils.getUserName(httpServletRequest));
return new GeneralResponse<>("200", "{&MODIFY_USER_SPEC_PERMISSION_SUCCESSFULLY}", null);
}
use of com.webank.wedatasphere.qualitis.entity.Permission in project Qualitis by WeBankFinTech.
the class Filter1AuthorizationFilter method checkPermission.
/**
* Return true if pass permissions, otherwise return false
* @param url
* @param method
* @param permissions
* @return
*/
private boolean checkPermission(String url, String method, List<Permission> permissions) {
AntPathMatcher matcher = new AntPathMatcher();
List<Permission> left = permissions.stream().filter((Permission p) -> matcher.match(p.getUrl(), url) && method.equals(p.getMethod())).collect(Collectors.toList());
return !left.isEmpty();
}
use of com.webank.wedatasphere.qualitis.entity.Permission in project Qualitis by WeBankFinTech.
the class UserSpecPermissionServiceImpl method addUserSpecPermission.
@Override
@Transactional(rollbackFor = { RuntimeException.class, UnExpectedRequestException.class })
public GeneralResponse<UserSpecPermissionResponse> addUserSpecPermission(AddUserSpecPermissionRequest request) throws UnExpectedRequestException {
// Check Arguments
checkRequest(request);
// Check existence of user permission
long userId = request.getUserId();
long permissionId = request.getPermissionId();
User userInDb = userDao.findById(userId);
if (userInDb == null) {
throw new UnExpectedRequestException("user id {&DOES_NOT_EXIST}, request: " + request);
}
Permission permissionInDb = permissionDao.findById(permissionId);
if (permissionInDb == null) {
throw new UnExpectedRequestException("permission id {&DOES_NOT_EXIST}, request: " + request);
}
UserSpecPermission userSpecPermissionInDb = userSpecPermissionDao.findByUserAndPermission(userInDb, permissionInDb);
if (userSpecPermissionInDb != null) {
throw new UnExpectedRequestException("user id and permission id {&ALREADY_EXIST}, request: " + request);
}
// Save new user permissions
UserSpecPermission newUserSpecPermission = new UserSpecPermission();
newUserSpecPermission.setUser(userInDb);
newUserSpecPermission.setPermission(permissionInDb);
newUserSpecPermission.setId(UuidGenerator.generate());
UserSpecPermission savedUserSpecPermission = userSpecPermissionDao.saveUserSpecPermission(newUserSpecPermission);
UserSpecPermissionResponse response = new UserSpecPermissionResponse(savedUserSpecPermission);
LOGGER.info("Succeed to add user_permission, response: {}, current_user: {}", response, HttpUtils.getUserName(httpServletRequest));
return new GeneralResponse<>("200", "{&ADD_USER_SPEC_PERMISSION_SUCCESSFULLY}", response);
}
use of com.webank.wedatasphere.qualitis.entity.Permission in project Qualitis by WeBankFinTech.
the class LoginServiceImpl method addPermissionsToSession.
private void addPermissionsToSession(User userInDb, HttpServletRequest httpServletRequest) {
List<Permission> userAllPermission = new ArrayList<>();
// Add roles's permissions of user
for (Role role : userInDb.getRoles()) {
for (Permission permission : role.getPermissions()) {
userAllPermission.add(permission);
}
}
// Add permissions of user
for (Permission permission : userInDb.getSpecPermissions()) {
userAllPermission.add(permission);
}
// Put permissions into session
HttpSession session = httpServletRequest.getSession();
session.setAttribute("permissions", userAllPermission);
}
use of com.webank.wedatasphere.qualitis.entity.Permission in project Qualitis by WeBankFinTech.
the class PermissionServiceImpl method modifyPermission.
@Override
@Transactional(rollbackFor = { RuntimeException.class, UnExpectedRequestException.class })
public GeneralResponse<?> modifyPermission(ModifyPermissionRequest request) throws UnExpectedRequestException {
// Check Arguments
checkRequest(request);
Long id = request.getPermissionId();
String method = request.getMethod().trim();
String url = request.getUrl().trim();
Permission permissionInDb = permissionDao.findById(id);
if (permissionInDb == null) {
throw new UnExpectedRequestException("{&PERMISSION_ID_NOT_EXIST}, request: " + request);
}
LOGGER.info("Succeed to find permission, permissionId: {}, method: {}, url: {}, current_user: {}", permissionInDb.getId(), permissionInDb.getMethod(), permissionInDb.getUrl(), HttpUtils.getUserName(httpServletRequest));
permissionInDb.setUrl(url);
permissionInDb.setMethod(method);
permissionDao.savePermission(permissionInDb);
LOGGER.info("Succeed to modify permission, permissionId: {}, method: {}, url: {}, current_user: {}", id, method, url, HttpUtils.getUserName(httpServletRequest));
return new GeneralResponse<>("200", "{&MODIFY_PERMISSION_SUCCESSFULLY}", null);
}
Aggregations