Skip to content
Snippets Groups Projects
Verified Commit aa0032ed authored by Timm Fitschen's avatar Timm Fitschen
Browse files

WIP: acm grpc

parent fcb1c999
Branches
Tags
2 merge requests!58REL: prepare release 0.7.2,!45F grpc f acm
...@@ -21,9 +21,15 @@ ...@@ -21,9 +21,15 @@
package org.caosdb.server.transaction; package org.caosdb.server.transaction;
import java.util.Iterator;
import java.util.List; import java.util.List;
import java.util.stream.Collectors;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.caosdb.server.accessControl.ACMPermissions;
import org.caosdb.server.accessControl.Role; import org.caosdb.server.accessControl.Role;
import org.caosdb.server.database.backend.transaction.ListRoles; import org.caosdb.server.database.backend.transaction.ListRoles;
import org.caosdb.server.database.proto.ProtoUser;
public class ListRolesTransaction extends AccessControlTransaction { public class ListRolesTransaction extends AccessControlTransaction {
...@@ -31,7 +37,30 @@ public class ListRolesTransaction extends AccessControlTransaction { ...@@ -31,7 +37,30 @@ public class ListRolesTransaction extends AccessControlTransaction {
@Override @Override
protected void transaction() throws Exception { protected void transaction() throws Exception {
roles = execute(new ListRoles(), getAccess()).getRoles(); Subject currentUser = SecurityUtils.getSubject();
roles =
execute(new ListRoles(), getAccess())
.getRoles()
.stream()
.filter(
role ->
currentUser.isPermitted(
ACMPermissions.PERMISSION_RETRIEVE_ROLE_DESCRIPTION(role.name)))
.collect(Collectors.toList());
// remove known users
for (Role role : roles) {
if (role.users != null) {
Iterator<ProtoUser> iterator = role.users.iterator();
while (iterator.hasNext()) {
ProtoUser user = iterator.next();
if (!currentUser.isPermitted(
ACMPermissions.PERMISSION_RETRIEVE_USER_ROLES(user.realm, user.name))) {
iterator.remove();
}
}
}
}
} }
public List<Role> getRoles() { public List<Role> getRoles() {
......
...@@ -48,10 +48,11 @@ public class ListUsersTransaction extends AccessControlTransaction { ...@@ -48,10 +48,11 @@ public class ListUsersTransaction extends AccessControlTransaction {
// remove roles // remove roles
for (ProtoUser user : users) { for (ProtoUser user : users) {
if (!currentUser.isPermitted( if (user.roles != null)
ACMPermissions.PERMISSION_RETRIEVE_USER_ROLES(user.realm, user.name))) { if (!currentUser.isPermitted(
user.roles = null; ACMPermissions.PERMISSION_RETRIEVE_USER_ROLES(user.realm, user.name))) {
} user.roles = null;
}
} }
} }
......
...@@ -22,8 +22,14 @@ ...@@ -22,8 +22,14 @@
*/ */
package org.caosdb.server.transaction; package org.caosdb.server.transaction;
import java.util.Iterator;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.subject.Subject;
import org.caosdb.server.accessControl.ACMPermissions;
import org.caosdb.server.accessControl.Role; import org.caosdb.server.accessControl.Role;
import org.caosdb.server.database.backend.transaction.RetrieveRole; import org.caosdb.server.database.backend.transaction.RetrieveRole;
import org.caosdb.server.database.proto.ProtoUser;
import org.caosdb.server.utils.ServerMessages; import org.caosdb.server.utils.ServerMessages;
public class RetrieveRoleTransaction extends AccessControlTransaction { public class RetrieveRoleTransaction extends AccessControlTransaction {
...@@ -37,10 +43,22 @@ public class RetrieveRoleTransaction extends AccessControlTransaction { ...@@ -37,10 +43,22 @@ public class RetrieveRoleTransaction extends AccessControlTransaction {
@Override @Override
protected void transaction() throws Exception { protected void transaction() throws Exception {
Subject currentUser = SecurityUtils.getSubject();
if (!currentUser.isPermitted(ACMPermissions.PERMISSION_RETRIEVE_ROLE_DESCRIPTION(this.name))) {
throw new AuthorizationException("You are not permitted to retrieve this role");
}
this.role = execute(new RetrieveRole(this.name), getAccess()).getRole(); this.role = execute(new RetrieveRole(this.name), getAccess()).getRole();
if (this.role == null) { if (this.role == null) {
throw ServerMessages.ROLE_DOES_NOT_EXIST; throw ServerMessages.ROLE_DOES_NOT_EXIST;
} }
Iterator<ProtoUser> iterator = this.role.users.iterator();
while (iterator.hasNext()) {
ProtoUser user = iterator.next();
if (!currentUser.isPermitted(
ACMPermissions.PERMISSION_RETRIEVE_USER_ROLES(user.realm, user.name))) {
iterator.remove();
}
}
} }
public Role getRole() { public Role getRole() {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment