use of com.webank.wedatasphere.qualitis.entity.Permission in project Qualitis by WeBankFinTech.
the class PermissionServiceImpl method getAllPermission.
@Override
public GeneralResponse<GetAllResponse<PermissionResponse>> getAllPermission(PageRequest request) throws UnExpectedRequestException {
// Check Arguments
PageRequest.checkRequest(request);
int page = request.getPage();
int size = request.getSize();
List<Permission> permissions = permissionDao.findAllPermission(page, size);
long total = permissionDao.countAll();
GetAllResponse<PermissionResponse> getAllPermissionResponse = new GetAllResponse<>();
getAllPermissionResponse.setTotal(total);
getAllPermissionResponse.setData(permissions.stream().map(p -> new PermissionResponse(p)).collect(Collectors.toList()));
LOGGER.info("Succeed to get all permission, page: {}, size: {}, permissions: {}, current_user: {}", page, size, getAllPermissionResponse, HttpUtils.getUserName(httpServletRequest));
return new GeneralResponse<>("200", "{&FIND_ALL_PERMISSIONS_SUCCESSFULLY}", getAllPermissionResponse);
}
use of com.webank.wedatasphere.qualitis.entity.Permission in project Qualitis by WeBankFinTech.
the class RolePermissionServiceImpl method addRolePermission.
@Override
@Transactional(rollbackFor = { RuntimeException.class, UnExpectedRequestException.class })
public GeneralResponse<RolePermissionResponse> addRolePermission(AddRolePermissionRequest request) throws UnExpectedRequestException {
// Check Arguments
checkRequest(request);
// Check existence of role and permission
long roleId = request.getRoleId();
long permissionId = request.getPermissionId();
Role roleInDb = roleDao.findById(roleId);
if (roleInDb == null) {
throw new UnExpectedRequestException("role id {&DOES_NOT_EXIST}, request: " + request);
}
Permission permissionInDb = permissionDao.findById(permissionId);
if (permissionInDb == null) {
throw new UnExpectedRequestException("permission id {&DOES_NOT_EXIST}, request: " + request);
}
RolePermission rolePermissionInDb = rolePermissionDao.findByRoleAndPermission(roleInDb, permissionInDb);
if (rolePermissionInDb != null) {
throw new UnExpectedRequestException("role and permission {&ALREADY_EXIST}, request: " + request);
}
// Save new role permission
RolePermission newRolePermission = new RolePermission();
newRolePermission.setPermission(permissionInDb);
newRolePermission.setRole(roleInDb);
newRolePermission.setId(UuidGenerator.generate());
RolePermission savedRolePermission = rolePermissionDao.saveRolePermission(newRolePermission);
RolePermissionResponse response = new RolePermissionResponse(savedRolePermission);
LOGGER.info("Succeed to add role_permission, response: {}, current_user: {}", response, HttpUtils.getUserName(httpServletRequest));
return new GeneralResponse<>("200", "{&ADD_ROLE_PERMISSION_SUCCESSFULLY}", response);
}
use of com.webank.wedatasphere.qualitis.entity.Permission in project Qualitis by WeBankFinTech.
the class Filter1AuthorizationFilter method doFilter.
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
String requestUrl = request.getRequestURI();
// Pass if file upload url accepted
AntPathMatcher matcher = new AntPathMatcher();
for (String uploadUrl : uploadUrlList) {
if (matcher.match(uploadUrl, requestUrl)) {
filterChain.doFilter(request, response);
return;
}
}
BodyReaderHttpServletRequestWrapper requestWrapper = new BodyReaderHttpServletRequestWrapper(request);
printReceiveLog(requestWrapper);
if (NOT_FILTER_METHOD.equals(requestWrapper.getMethod())) {
filterChain.doFilter(requestWrapper, response);
return;
}
HttpSession session = requestWrapper.getSession();
if (!permitUrlList.contains(requestUrl)) {
Object permissionObj = session.getAttribute("permissions");
Object user = session.getAttribute("user");
if (null == permissionObj || null == user) {
String username = request.getRemoteUser();
if (username == null) {
// Redirect to login page
LOGGER.info("Can not get username from sso, it will redirect to local login page");
writeRedirectHome(response);
} else {
// 查询数据库,看用户是否存在
User userInDb = userDao.findByUsername(username);
if (userInDb != null) {
// 放入session
loginService.addToSession(username, request);
((HttpServletResponse) response).sendRedirect(frontEndConfig.getHomePage());
} else {
// 自动创建用户
LOGGER.warn("user: {}, do not exist, trying to create user", username);
try {
userService.autoAddUser(username);
loginService.addToSession(username, request);
((HttpServletResponse) response).sendRedirect(frontEndConfig.getHomePage());
} catch (RoleNotFoundException e) {
LOGGER.error("Failed to auto add user, cause by: Failed to get role [PROJECTOR]", e);
}
}
}
return;
}
List<Permission> permissions = (List<Permission>) permissionObj;
String method = requestWrapper.getMethod();
if (!checkPermission(requestUrl, method, permissions)) {
writeForbidden("no permissions", response);
LOGGER.warn("User: {} failed to access url: {}, caused by: No permissions", user, requestWrapper.getRequestURI());
return;
}
}
Object user = session.getAttribute("user");
LOGGER.info("User: {} succeed to access url: {}", user, requestWrapper.getRequestURI());
filterChain.doFilter(requestWrapper, response);
}
use of com.webank.wedatasphere.qualitis.entity.Permission in project Qualitis by WeBankFinTech.
the class PermissionDaoTest method test.
@Test
@Transactional
public void test() {
// 保存是否成功
Permission entity = new Permission();
entity.setUrl("/junit/**");
entity.setMethod("GET");
Permission saveEntity = dao.savePermission(entity);
assertTrue(saveEntity.getId() != 0);
// 总数量大于0
long size = dao.countAll();
assertTrue(size > 0);
// 分页查询有结果
List<Permission> datas = dao.findAllPermission(0, 5);
assertTrue(datas.size() > 0);
// 保存到数据库的对象是否和保存的值一致
Permission findByIdEntity = dao.findById(saveEntity.getId());
assertNotNull(findByIdEntity);
assertEquals(findByIdEntity.getUrl(), saveEntity.getUrl());
// 根据username查询的数据库对象是否和保存的值一致
Permission findByFieldsEntity = dao.findByMethodAndUrl(saveEntity.getMethod(), saveEntity.getUrl());
assertNotNull(findByFieldsEntity);
assertEquals(findByFieldsEntity.getMethod(), saveEntity.getMethod());
// 删除后,是否还能找到对象
dao.deletePermission(saveEntity);
Permission deleteEntity = dao.findById(saveEntity.getId());
assertNull(deleteEntity);
}
use of com.webank.wedatasphere.qualitis.entity.Permission in project Qualitis by WeBankFinTech.
the class RolePermissionDaoTest method test.
@Test
@Transactional
public void test() {
Permission savePermission = savePermission();
Role saveRole = saveRole();
// 保存是否成功
RolePermission entity = new RolePermission();
entity.setId(UuidGenerator.generate());
entity.setPermission(savePermission);
entity.setRole(saveRole);
RolePermission saveEntity = dao.saveRolePermission(entity);
assertNotNull(saveEntity.getId());
// 总数量大于0
long size = dao.countAll();
assertTrue(size > 0);
// 分页查询有结果
List<RolePermission> datas = dao.findAllRolePermission(0, 5);
assertTrue(datas.size() > 0);
// 保存到数据库的对象是否和保存的值一致
RolePermission findByIdEntity = dao.findByUuid(saveEntity.getId());
assertNotNull(findByIdEntity);
assertEquals(findByIdEntity.getPermission().getUrl(), saveEntity.getPermission().getUrl());
assertEquals(findByIdEntity.getRole().getName(), saveEntity.getRole().getName());
RolePermission findByRoleAndPermissionEntity = dao.findByRoleAndPermission(saveRole, savePermission);
assertNotNull(findByRoleAndPermissionEntity);
assertEquals(findByRoleAndPermissionEntity.getPermission().getUrl(), saveEntity.getPermission().getUrl());
assertEquals(findByRoleAndPermissionEntity.getRole().getName(), saveEntity.getRole().getName());
// 根据username查询的数据库对象是否和保存的值一致
List<RolePermission> findByRoleEntity = dao.findByRole(saveRole);
assertTrue(findByRoleEntity.size() > 0);
assertEquals(findByRoleEntity.get(0).getPermission().getUrl(), saveEntity.getPermission().getUrl());
// 根据username查询的数据库对象是否和保存的值一致
List<RolePermission> findByPermissionEntity = dao.findByPermission(savePermission);
assertTrue(findByPermissionEntity.size() > 0);
assertEquals(findByPermissionEntity.get(0).getRole().getName(), saveEntity.getRole().getName());
// 删除后,是否还能找到对象
dao.deleteRolePermission(saveEntity);
RolePermission deleteEntity = dao.findByUuid(saveEntity.getId());
assertNull(deleteEntity);
}
Aggregations