Search in sources :

Example 6 with AdminRole

use of org.broadleafcommerce.openadmin.server.security.domain.AdminRole in project BroadleafCommerce by BroadleafCommerce.

the class AdminExternalLoginStateFilter method saveAdminUser.

protected void saveAdminUser(BroadleafExternalAuthenticationUserDetails broadleafUser, AdminUser user) {
    // Name, login, password, email are required.
    user.setLogin(broadleafUser.getUsername());
    user.setUnencodedPassword(broadleafUser.getPassword());
    if (user.getUnencodedPassword() == null) {
        // If Spring is configured to erase credentials, then this will always be null
        // Set the username as a default password here.
        user.setUnencodedPassword(user.getLogin());
    }
    StringBuffer name = new StringBuffer();
    if (broadleafUser.getFirstName() != null && broadleafUser.getFirstName().trim().length() > 0) {
        name.append(broadleafUser.getFirstName().trim());
        name.append(" ");
    }
    if (broadleafUser.getLastName() != null && broadleafUser.getLastName().trim().length() > 0) {
        name.append(broadleafUser.getLastName().trim());
    }
    user.setName(name.toString());
    user.setEmail(broadleafUser.getEmail());
    Set<AdminRole> roleSet = user.getAllRoles();
    // First, remove all roles associated with the user if they already existed
    if (roleSet != null) {
        roleSet.clear();
    } else {
        roleSet = new HashSet<AdminRole>();
        user.setAllRoles(roleSet);
    }
    // Now add the appropriate roles back in
    List<AdminRole> availableRoles = adminSecurityService.readAllAdminRoles();
    if (availableRoles != null) {
        HashMap<String, AdminRole> roleMap = new HashMap<String, AdminRole>();
        for (AdminRole role : availableRoles) {
            roleMap.put(role.getName(), role);
        }
        Collection<GrantedAuthority> authorities = broadleafUser.getAuthorities();
        for (GrantedAuthority authority : authorities) {
            if (roleMap.get(authority.getAuthority()) != null) {
                roleSet.add(roleMap.get(authority.getAuthority()));
            }
        }
    }
    // Save the user data and all of the roles...
    adminSecurityService.saveAdminUser(user);
}
Also used : HashMap(java.util.HashMap) GrantedAuthority(org.springframework.security.core.GrantedAuthority) AdminRole(org.broadleafcommerce.openadmin.server.security.domain.AdminRole)

Example 7 with AdminRole

use of org.broadleafcommerce.openadmin.server.security.domain.AdminRole in project BroadleafCommerce by BroadleafCommerce.

the class AdminRoleDataProvider method createAdminRole.

@DataProvider(name = "setupAdminRole")
public static Object[][] createAdminRole() {
    AdminRole adminRole = new AdminRoleImpl();
    adminRole.setName("TestAdminUserRole");
    adminRole.setDescription("Test Admin Role");
    return new Object[][] { new Object[] { adminRole } };
}
Also used : AdminRoleImpl(org.broadleafcommerce.openadmin.server.security.domain.AdminRoleImpl) AdminRole(org.broadleafcommerce.openadmin.server.security.domain.AdminRole) DataProvider(org.testng.annotations.DataProvider)

Example 8 with AdminRole

use of org.broadleafcommerce.openadmin.server.security.domain.AdminRole in project BroadleafCommerce by BroadleafCommerce.

the class AdminNavigationServiceImpl method isUserAuthorizedToViewSection.

@Override
public boolean isUserAuthorizedToViewSection(AdminUser adminUser, AdminSection section) {
    List<AdminPermission> authorizedPermissions = section.getPermissions();
    Set<String> authorizedPermissionNames = null;
    if (authorizedPermissions != null) {
        authorizedPermissionNames = new HashSet<>((authorizedPermissions.size() * 2));
        for (AdminPermission authorizedPermission : authorizedPermissions) {
            authorizedPermissionNames.add(authorizedPermission.getName());
            authorizedPermissionNames.add(parseForAllPermission(authorizedPermission.getName()));
        }
    }
    boolean response = false;
    if (!CollectionUtils.isEmpty(adminUser.getAllRoles())) {
        for (AdminRole role : adminUser.getAllRoles()) {
            for (AdminPermission permission : role.getAllPermissions()) {
                if (checkPermissions(authorizedPermissionNames, permission.getName())) {
                    response = true;
                }
            }
        }
    }
    if (!response && !CollectionUtils.isEmpty(adminUser.getAllPermissions())) {
        for (AdminPermission permission : adminUser.getAllPermissions()) {
            if (checkPermissions(authorizedPermissionNames, permission.getName())) {
                response = true;
            }
        }
    }
    if (!response) {
        for (String defaultPermission : AdminSecurityService.DEFAULT_PERMISSIONS) {
            if (checkPermissions(authorizedPermissionNames, defaultPermission)) {
                response = true;
            }
        }
    }
    if (response) {
        for (SectionAuthorization sectionAuthorization : additionalSectionAuthorizations) {
            if (!sectionAuthorization.isUserAuthorizedToViewSection(adminUser, section)) {
                response = false;
                break;
            }
        }
    }
    return response;
}
Also used : AdminPermission(org.broadleafcommerce.openadmin.server.security.domain.AdminPermission) AdminRole(org.broadleafcommerce.openadmin.server.security.domain.AdminRole)

Example 9 with AdminRole

use of org.broadleafcommerce.openadmin.server.security.domain.AdminRole in project BroadleafCommerce by BroadleafCommerce.

the class AdminUserProvisioningServiceImpl method provisionAdminUser.

@Override
public AdminUserDetails provisionAdminUser(BroadleafExternalAuthenticationUserDetails details) {
    HashSet<String> parsedRoleNames = parseRolesFromUserDetails(details);
    HashSet<AdminRole> parsedRoles = new HashSet<AdminRole>();
    List<AdminRole> adminRoles = securityService.readAllAdminRoles();
    if (adminRoles != null) {
        for (AdminRole role : adminRoles) {
            if (parsedRoleNames.contains(role.getName())) {
                parsedRoles.add(role);
            }
        }
    }
    Set<SimpleGrantedAuthority> adminUserAuthorities = extractAdminUserAuthorities(parsedRoles);
    AdminUser adminUser = securityService.readAdminUserByUserName(details.getUsername());
    if (adminUser == null) {
        adminUser = new AdminUserImpl();
        adminUser.setLogin(details.getUsername());
    }
    if (StringUtils.isNotBlank(details.getEmail())) {
        adminUser.setEmail(details.getEmail());
    }
    StringBuilder name = new StringBuilder();
    if (StringUtils.isNotBlank(details.getFirstName())) {
        name.append(details.getFirstName()).append(" ");
    }
    if (StringUtils.isNotBlank(details.getLastName())) {
        name.append(details.getLastName());
    }
    String fullName = name.toString();
    if (StringUtils.isNotBlank(fullName)) {
        adminUser.setName(fullName);
    } else {
        adminUser.setName(details.getUsername());
    }
    // set the roles for the admin user to our new set of roles
    adminUser.setAllRoles(new HashSet<>(parsedRoles));
    // Add optional support for things like Multi-Tenant, etc...
    adminExternalLoginExtensionManager.getProxy().performAdditionalAuthenticationTasks(adminUser, details);
    // Save the user data and all of the roles...
    adminUser = securityService.saveAdminUser(adminUser);
    return new AdminUserDetails(adminUser.getId(), details.getUsername(), "", true, true, true, true, adminUserAuthorities);
}
Also used : SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) AdminUserImpl(org.broadleafcommerce.openadmin.server.security.domain.AdminUserImpl) AdminUser(org.broadleafcommerce.openadmin.server.security.domain.AdminUser) AdminRole(org.broadleafcommerce.openadmin.server.security.domain.AdminRole) HashSet(java.util.HashSet)

Aggregations

AdminRole (org.broadleafcommerce.openadmin.server.security.domain.AdminRole)9 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)3 ArrayList (java.util.ArrayList)2 HashSet (java.util.HashSet)2 AdminPermission (org.broadleafcommerce.openadmin.server.security.domain.AdminPermission)2 AdminUser (org.broadleafcommerce.openadmin.server.security.domain.AdminUser)2 HashMap (java.util.HashMap)1 Query (javax.persistence.Query)1 AdminRoleImpl (org.broadleafcommerce.openadmin.server.security.domain.AdminRoleImpl)1 AdminUserImpl (org.broadleafcommerce.openadmin.server.security.domain.AdminUserImpl)1 GrantedAuthority (org.springframework.security.core.GrantedAuthority)1 Rollback (org.springframework.test.annotation.Rollback)1 DataProvider (org.testng.annotations.DataProvider)1 Test (org.testng.annotations.Test)1