[Lada-commits] [PATCH 1 of 4] Refactored Authorization
Wald Commits
scm-commit at wald.intevation.org
Fri Jan 8 12:10:28 CET 2016
# HG changeset patch
# User Raimund Renkert <raimund.renkert at intevation.de>
# Date 1452251126 -3600
# Node ID fa922101a462df6d996c9cce1472550a2e1a0a09
# Parent 59c51da59b30ba0f0cd47769e6aeafeeef4ffe76
Refactored Authorization.
* Introduced "authorizer"
* Attribute and datatype depended authorization
diff -r 59c51da59b30 -r fa922101a462 src/main/java/de/intevation/lada/importer/laf/LafWriter.java
--- a/src/main/java/de/intevation/lada/importer/laf/LafWriter.java Fri Dec 18 18:01:00 2015 +0100
+++ b/src/main/java/de/intevation/lada/importer/laf/LafWriter.java Fri Jan 08 12:05:26 2016 +0100
@@ -85,7 +85,7 @@
* @return success
*/
public boolean writeProbe(UserInfo userInfo, LProbe probe, ProbeTranslation probeTranslation) {
- if (!authorization.isAuthorized(userInfo, probe)) {
+ if (!authorization.isAuthorized(userInfo, probe, LProbe.class)) {
errors.add(new ReportItem("auth", "not authorized", 699));
return false;
}
diff -r 59c51da59b30 -r fa922101a462 src/main/java/de/intevation/lada/rest/KommentarMService.java
--- a/src/main/java/de/intevation/lada/rest/KommentarMService.java Fri Dec 18 18:01:00 2015 +0100
+++ b/src/main/java/de/intevation/lada/rest/KommentarMService.java Fri Jan 08 12:05:26 2016 +0100
@@ -118,10 +118,8 @@
LMessung.class,
id,
"land");
- if (!authorization.isAuthorized(authorization.getInfo(request), messung)) {
- if (!authorization.isAuthorized(id, LMessung.class)) {
- return new Response(false, 699, null);
- }
+ if (!authorization.isAuthorized(request, messung, RequestMethod.GET, LMessung.class)) {
+ return new Response(false, 699, null);
}
QueryBuilder<LKommentarM> builder =
@@ -159,10 +157,8 @@
LMessung.class,
kommentar.getMessungsId(),
"land");
- if (!authorization.isAuthorized(authorization.getInfo(request), messung)) {
- if (!authorization.isAuthorized(messung.getId(), LMessung.class)) {
- return new Response(false, 699, null);
- }
+ if (!authorization.isAuthorized(request, messung, RequestMethod.GET, LMessung.class)) {
+ return new Response(false, 699, null);
}
return authorization.filter(
diff -r 59c51da59b30 -r fa922101a462 src/main/java/de/intevation/lada/rest/MesswertService.java
--- a/src/main/java/de/intevation/lada/rest/MesswertService.java Fri Dec 18 18:01:00 2015 +0100
+++ b/src/main/java/de/intevation/lada/rest/MesswertService.java Fri Jan 08 12:05:26 2016 +0100
@@ -153,10 +153,13 @@
LMessung.class,
id,
"land");
- if (!authorization.isAuthorized(authorization.getInfo(request), messung)) {
- if (!authorization.isAuthorized(id, LMessung.class)) {
- return new Response(false, 697, null);
- }
+ if (!authorization.isAuthorized(
+ request,
+ messung,
+ RequestMethod.GET,
+ LMessung.class)
+ ) {
+ return new Response(false, 697, null);
}
QueryBuilder<LMesswert> builder =
new QueryBuilder<LMesswert>(
@@ -193,10 +196,13 @@
LMessung.class,
messwert.getMessungsId(),
"land");
- if (!authorization.isAuthorized(authorization.getInfo(request), messung)) {
- if (!authorization.isAuthorized(messung.getId(), LMessung.class)) {
- return new Response(false, 699, null);
- }
+ if (!authorization.isAuthorized(
+ request,
+ messung,
+ RequestMethod.GET,
+ LMessung.class)
+ ) {
+ return new Response(false, 699, null);
}
Violation violation = validator.validate(messwert);
if (violation.hasErrors() || violation.hasWarnings()) {
diff -r 59c51da59b30 -r fa922101a462 src/main/java/de/intevation/lada/rest/ProbeService.java
--- a/src/main/java/de/intevation/lada/rest/ProbeService.java Fri Dec 18 18:01:00 2015 +0100
+++ b/src/main/java/de/intevation/lada/rest/ProbeService.java Fri Jan 08 12:05:26 2016 +0100
@@ -238,13 +238,13 @@
boolean readOnly =
authorization.isReadOnly((Integer)entry.get("id"));
entry.put("readonly", readOnly);
- UserInfo ui = authorization.getInfo(request);
QueryBuilder<LProbe> builder = new QueryBuilder<LProbe>(
defaultRepo.entityManager("land"), LProbe.class);
builder.and("id", (Integer)entry.get("id"));
Response r = defaultRepo.filter(builder.getQuery(), "land");
List<LProbe> probe = (List<LProbe>)r.getData();
- entry.put("owner", authorization.isAuthorized(ui, probe.get(0)));
+ entry.put("owner", authorization.isAuthorized(
+ request, probe.get(0), RequestMethod.GET, LProbe.class));
}
return new Response(true, 200, subList, result.size());
}
diff -r 59c51da59b30 -r fa922101a462 src/main/java/de/intevation/lada/rest/StatusService.java
--- a/src/main/java/de/intevation/lada/rest/StatusService.java Fri Dec 18 18:01:00 2015 +0100
+++ b/src/main/java/de/intevation/lada/rest/StatusService.java Fri Jan 08 12:05:26 2016 +0100
@@ -146,10 +146,12 @@
LMessung.class,
id,
"land");
- if (!authorization.isAuthorized(authorization.getInfo(request), messung)) {
- if (!authorization.isAuthorized(id, LMessung.class)) {
- return new Response(false, 697, null);
- }
+ if (!authorization.isAuthorized(
+ request,
+ messung,
+ RequestMethod.GET,
+ LMessung.class)) {
+ return new Response(false, 697, null);
}
QueryBuilder<LStatusProtokoll> builder =
@@ -227,14 +229,6 @@
@Context HttpServletRequest request,
LStatusProtokoll status
) {
- if (!authorization.isAuthorized(
- request,
- status,
- RequestMethod.POST,
- LStatusProtokoll.class)
- ) {
- return new Response(false, 699, null);
- }
UserInfo userInfo = authorization.getInfo(request);
LMessung messung = defaultRepo.getByIdPlain(
LMessung.class, status.getMessungsId(), "land");
diff -r 59c51da59b30 -r fa922101a462 src/main/java/de/intevation/lada/util/auth/Authorization.java
--- a/src/main/java/de/intevation/lada/util/auth/Authorization.java Fri Dec 18 18:01:00 2015 +0100
+++ b/src/main/java/de/intevation/lada/util/auth/Authorization.java Fri Jan 08 12:05:26 2016 +0100
@@ -20,7 +20,7 @@
public <T> Response filter(Object source, Response data, Class<T> clazz);
public <T> boolean isAuthorized(
Object source, Object data, RequestMethod method, Class<T> clazz);
- public <T> boolean isAuthorized(int id, Class<T> clazz);
- public boolean isAuthorized(UserInfo userInfo, Object data);
+ //public <T> boolean isAuthorized(int id, Class<T> clazz);
+ public <T> boolean isAuthorized(UserInfo userInfo, Object data, Class<T> clazz);
boolean isReadOnly(Integer probeId);
}
diff -r 59c51da59b30 -r fa922101a462 src/main/java/de/intevation/lada/util/auth/Authorizer.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/main/java/de/intevation/lada/util/auth/Authorizer.java Fri Jan 08 12:05:26 2016 +0100
@@ -0,0 +1,18 @@
+package de.intevation.lada.util.auth;
+
+import de.intevation.lada.util.rest.RequestMethod;
+import de.intevation.lada.util.rest.Response;
+
+public interface Authorizer {
+
+ public <T> boolean isAuthorized(
+ Object data,
+ RequestMethod method,
+ UserInfo userInfo,
+ Class<T> clazz);
+
+ public <T> Response filter(
+ Response data,
+ UserInfo userInfo,
+ Class<T> clazz);
+}
diff -r 59c51da59b30 -r fa922101a462 src/main/java/de/intevation/lada/util/auth/BaseAuthorizer.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/main/java/de/intevation/lada/util/auth/BaseAuthorizer.java Fri Jan 08 12:05:26 2016 +0100
@@ -0,0 +1,83 @@
+package de.intevation.lada.util.auth;
+
+import java.util.List;
+
+import javax.inject.Inject;
+import javax.persistence.EntityManager;
+
+import de.intevation.lada.model.land.LMessung;
+import de.intevation.lada.model.land.LProbe;
+import de.intevation.lada.model.land.LStatusProtokoll;
+import de.intevation.lada.util.annotation.RepositoryConfig;
+import de.intevation.lada.util.data.QueryBuilder;
+import de.intevation.lada.util.data.Repository;
+import de.intevation.lada.util.data.RepositoryType;
+import de.intevation.lada.util.rest.Response;
+
+public abstract class BaseAuthorizer implements Authorizer {
+
+ /**
+ * The Repository used to read from Database.
+ */
+ @Inject
+ @RepositoryConfig(type=RepositoryType.RO)
+ protected Repository repository;
+
+ /**
+ * Get the authorization of a single probe.
+ *
+ * @param userInfo The user information.
+ * @param probe The probe to authorize.
+ */
+ protected boolean getAuthorization(UserInfo userInfo, LProbe probe) {
+ if (userInfo.getMessstellen().contains(probe.getMstId())) {
+ return true;
+ }
+ else {
+ return false;
+ }
+ }
+
+ /**
+ * Test whether a probe is readonly.
+ *
+ * @param probeId The probe Id.
+ * @return True if the probe is readonly.
+ */
+ public boolean isProbeReadOnly(Integer probeId) {
+ EntityManager manager = repository.entityManager("land");
+ QueryBuilder<LMessung> builder =
+ new QueryBuilder<LMessung>(
+ manager,
+ LMessung.class);
+ builder.and("probeId", probeId);
+ Response response = repository.filter(builder.getQuery(), "land");
+ @SuppressWarnings("unchecked")
+ List<LMessung> messungen = (List<LMessung>) response.getData();
+ for (int i = 0; i < messungen.size(); i++) {
+ if (messungen.get(i).getStatus() == null) {
+ return false;
+ }
+ LStatusProtokoll status = repository.getByIdPlain(
+ LStatusProtokoll.class, messungen.get(i).getStatus(), "land");
+ if (status.getStatusWert() != 0 && status.getStatusWert() != 4) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ public boolean isMessungReadOnly(Integer messungsId) {
+ LMessung messung =
+ repository.getByIdPlain(LMessung.class, messungsId, "land");
+ if (messung.getStatus() == null) {
+ return false;
+ }
+ LStatusProtokoll status = repository.getByIdPlain(
+ LStatusProtokoll.class,
+ messung.getStatus(),
+ "land");
+ return (status.getStatusWert() != 0 && status.getStatusWert() != 4);
+ }
+
+}
diff -r 59c51da59b30 -r fa922101a462 src/main/java/de/intevation/lada/util/auth/DefaultAuthorization.java
--- a/src/main/java/de/intevation/lada/util/auth/DefaultAuthorization.java Fri Dec 18 18:01:00 2015 +0100
+++ b/src/main/java/de/intevation/lada/util/auth/DefaultAuthorization.java Fri Jan 08 12:05:26 2016 +0100
@@ -83,12 +83,11 @@
* @return true
*/
@Override
- public boolean isAuthorized(UserInfo userInfo, Object data) {
+ public <T> boolean isAuthorized(
+ UserInfo userInfo,
+ Object data,
+ Class<T> clazz) {
return true;
}
- @Override
- public <T> boolean isAuthorized(int id, Class<T> clazz) {
- return true;
- }
}
diff -r 59c51da59b30 -r fa922101a462 src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java
--- a/src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java Fri Dec 18 18:01:00 2015 +0100
+++ b/src/main/java/de/intevation/lada/util/auth/HeaderAuthorization.java Fri Jan 08 12:05:26 2016 +0100
@@ -7,23 +7,30 @@
*/
package de.intevation.lada.util.auth;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
+import javax.annotation.PostConstruct;
import javax.inject.Inject;
import javax.persistence.EntityManager;
import javax.servlet.http.HttpServletRequest;
-import org.apache.log4j.Logger;
-
+import de.intevation.lada.model.land.LKommentarM;
+import de.intevation.lada.model.land.LKommentarP;
import de.intevation.lada.model.land.LMessung;
+import de.intevation.lada.model.land.LMesswert;
+import de.intevation.lada.model.land.LOrtszuordnung;
import de.intevation.lada.model.land.LProbe;
import de.intevation.lada.model.land.LStatusProtokoll;
+import de.intevation.lada.model.land.LZusatzWert;
import de.intevation.lada.model.stamm.Auth;
-import de.intevation.lada.model.stamm.AuthLstUmw;
+import de.intevation.lada.model.stamm.DatensatzErzeuger;
+import de.intevation.lada.model.stamm.MessprogrammKategorie;
+import de.intevation.lada.model.stamm.Ort;
+import de.intevation.lada.model.stamm.Probenehmer;
import de.intevation.lada.util.annotation.AuthorizationConfig;
import de.intevation.lada.util.annotation.RepositoryConfig;
import de.intevation.lada.util.data.QueryBuilder;
@@ -41,18 +48,38 @@
public class HeaderAuthorization implements Authorization {
/**
- * The logger used in this class.
- */
- @Inject
- private Logger logger;
-
- /**
* The Repository used to read from Database.
*/
@Inject
@RepositoryConfig(type=RepositoryType.RO)
private Repository repository;
+ @SuppressWarnings("rawtypes")
+ private Map<Class, Authorizer> authorizers;
+ @Inject ProbeAuthorizer probeAuthorizer;
+ @Inject MessungAuthorizer messungAuthorizer;
+ @Inject ProbeIdAuthorizer pIdAuthorizer;
+ @Inject MessungIdAuthorizer mIdAuthorizer;
+ @Inject NetzbetreiberAuthorizer netzAuthorizer;
+
+ @SuppressWarnings("rawtypes")
+ @PostConstruct
+ public void init() {
+ authorizers = new HashMap<Class, Authorizer>();
+ authorizers.put(LProbe.class, probeAuthorizer);
+ authorizers.put(LMessung.class, messungAuthorizer);
+ authorizers.put(LOrtszuordnung.class, pIdAuthorizer);
+ authorizers.put(LKommentarP.class, pIdAuthorizer);
+ authorizers.put(LZusatzWert.class, pIdAuthorizer);
+ authorizers.put(LKommentarM.class, mIdAuthorizer);
+ authorizers.put(LMesswert.class, mIdAuthorizer);
+ authorizers.put(LStatusProtokoll.class, mIdAuthorizer);
+ authorizers.put(Probenehmer.class, netzAuthorizer);
+ authorizers.put(DatensatzErzeuger.class, netzAuthorizer);
+ authorizers.put(MessprogrammKategorie.class, netzAuthorizer);
+ authorizers.put(Ort.class, netzAuthorizer);
+ }
+
/**
* Request user informations using the HttpServletRequest.
*
@@ -89,44 +116,12 @@
if (userInfo == null) {
return data;
}
- if (clazz == LProbe.class) {
- return this.authorizeProbe(userInfo, data);
+ Authorizer authorizer = authorizers.get(clazz);
+ //This is a hack... Allows wildcard for unknown classes.
+ if (authorizer == null) {
+ return data;
}
- if (clazz == LMessung.class) {
- return this.authorizeMessung(userInfo, data);
- }
- Method[] methods = clazz.getMethods();
- for (Method method: methods) {
- if (method.getName().equals("getProbeId")) {
- return this.authorizeWithProbeId(userInfo, data, clazz);
- }
- if (method.getName().equals("getMessungsId")) {
- return this.authorizeWithMessungsId(userInfo, data, clazz);
- }
- }
- return data;
- }
-
- @Override
- public <T> boolean isAuthorized(int id, Class<T> clazz) {
- if (clazz == LMessung.class) {
- LMessung messung = repository.getByIdPlain(
- LMessung.class,
- id,
- "land");
- if (messung.getStatus() == null) {
- return false;
- }
- LStatusProtokoll status = repository.getByIdPlain(
- LStatusProtokoll.class,
- messung.getStatus(),
- "land");
- if (status.getStatusWert() == 0) {
- return false;
- }
- return true;
- }
- return false;
+ return authorizer.filter(data, userInfo, clazz);
}
/**
@@ -149,97 +144,12 @@
if (userInfo == null) {
return false;
}
- if (clazz == LProbe.class) {
- LProbe probe = (LProbe)data;
- if (method == RequestMethod.POST) {
- return getAuthorization(userInfo, probe);
- }
- else if (method == RequestMethod.PUT ||
- method == RequestMethod.DELETE) {
- return !isReadOnly(probe.getId());
- }
- else {
- return false;
- }
- }
- else if (clazz == LMessung.class) {
- LMessung messung = (LMessung)data;
- Response response =
- repository.getById(LProbe.class, messung.getProbeId(), "land");
- LProbe probe = (LProbe)response.getData();
- if (method == RequestMethod.POST) {
- return getAuthorization(userInfo, probe);
- }
- else if (method == RequestMethod.PUT ||
- method == RequestMethod.DELETE) {
- return !this.isMessungReadOnly(messung) &&
- getAuthorization(userInfo, probe);
- }
- }
- else {
- Method[] methods = clazz.getMethods();
- for (Method m: methods) {
- if (m.getName().equals("getProbeId")) {
- Integer id;
- try {
- id = (Integer) m.invoke(data);
- } catch (IllegalAccessException | IllegalArgumentException
- | InvocationTargetException e) {
- logger.warn(e.getCause() + ": " + e.getMessage());
- return false;
- }
- Response response =
- repository.getById(LProbe.class, id, "land");
- LProbe probe = (LProbe)response.getData();
- return !isReadOnly(id) && getAuthorization(userInfo, probe);
-
- }
- if (m.getName().equals("getMessungsId")) {
- Integer id;
- try {
- id = (Integer) m.invoke(data);
- } catch (IllegalAccessException | IllegalArgumentException
- | InvocationTargetException e) {
- logger.warn(e.getCause() + ": " + e.getMessage());
- return false;
- }
- Response mResponse =
- repository.getById(LMessung.class, id, "land");
- LMessung messung = (LMessung)mResponse.getData();
- Response pResponse =
- repository.getById(
- LProbe.class,
- messung.getProbeId(),
- "land");
- LProbe probe = (LProbe)pResponse.getData();
- if (messung.getStatus() == null) {
- return false;
- }
- LStatusProtokoll status = repository.getByIdPlain(
- LStatusProtokoll.class,
- messung.getStatus(),
- "land");
- return status.getStatusWert() == 0 &&
- getAuthorization(userInfo, probe);
- }
- }
- }
- return true;
- }
-
- /**
- * Get the authorization of a single probe.
- *
- * @param userInfo The user information.
- * @param probe The probe to authorize.
- */
- private boolean getAuthorization(UserInfo userInfo, LProbe probe) {
- if (userInfo.getMessstellen().contains(probe.getMstId())) {
+ Authorizer authorizer = authorizers.get(clazz);
+ //This is a hack... Allows wildcard for unknown classes.
+ if (authorizer == null) {
return true;
}
- else {
- return false;
- }
+ return authorizer.isAuthorized(data, method, userInfo, clazz);
}
/**
@@ -285,304 +195,6 @@
}
/**
- * Authorize data that has a messungsId Attribute.
- *
- * @param userInfo The user information.
- * @param data The Response object containing the data.
- * @param clazz The data object class.
- * @return A Response object containing the data.
- */
- @SuppressWarnings("unchecked")
- private <T> Response authorizeWithMessungsId(
- UserInfo userInfo,
- Response data,
- Class<T> clazz
- ) {
- if (data.getData() instanceof List<?>) {
- List<Object> objects = new ArrayList<Object>();
- for (Object object :(List<Object>)data.getData()) {
- objects.add(authorizeSingleWithMessungsId(userInfo, object, clazz));
- }
- data.setData(objects);
- }
- else {
- Object object = data.getData();
- data.setData(authorizeSingleWithMessungsId(userInfo, object, clazz));
- }
- return data;
- }
-
- /**
- * Authorize data that has a probeId Attribute.
- *
- * @param userInfo The user information.
- * @param data The Response object containing the data.
- * @param clazz The data object class.
- * @return A Response object containing the data.
- */
- @SuppressWarnings("unchecked")
- private <T> Response authorizeWithProbeId(
- UserInfo userInfo,
- Response data,
- Class<T> clazz
- ) {
- if (data.getData() instanceof List<?>) {
- List<Object> objects = new ArrayList<Object>();
- for (Object object :(List<Object>)data.getData()) {
- objects.add(authorizeSingleWithProbeId(
- userInfo,
- object,
- clazz));
- }
- data.setData(objects);
- }
- else {
- Object object = data.getData();
- data.setData(authorizeSingleWithProbeId(userInfo, object, clazz));
- }
- return data;
- }
-
- /**
- * Authorize a single data object that has a messungsId Attribute.
- *
- * @param userInfo The user information.
- * @param data The Response object containing the data.
- * @param clazz The data object class.
- * @return A Response object containing the data.
- */
- private <T> Object authorizeSingleWithMessungsId(
- UserInfo userInfo,
- Object data,
- Class<T> clazz
- ) {
- try {
- Method getMessungsId = clazz.getMethod("getMessungsId");
- Integer id = (Integer)getMessungsId.invoke(data);
- LMessung messung =
- (LMessung)repository.getById(
- LMessung.class, id, "land").getData();
- LProbe probe =
- (LProbe)repository.getById(
- LProbe.class, messung.getProbeId(), "land").getData();
-
- boolean readOnly = true;
- boolean owner = false;
- if (!userInfo.getNetzbetreiber().contains(
- probe.getNetzbetreiberId())) {
- owner = false;
- readOnly = true;
- }
- else {
- if (userInfo.getMessstellen().contains(probe.getMstId())) {
- owner = true;
- }
- else {
- owner = false;
- }
- readOnly = this.isMessungReadOnly(messung);
- }
-
- Method setOwner = clazz.getMethod("setOwner", boolean.class);
- Method setReadonly = clazz.getMethod("setReadonly", boolean.class);
- setOwner.invoke(data, owner);
- setReadonly.invoke(data, readOnly);
- } catch (NoSuchMethodException | SecurityException
- | IllegalAccessException | IllegalArgumentException
- | InvocationTargetException e) {
- return null;
- }
- return data;
- }
-
- /**
- * Authorize a single data object that has a probeId Attribute.
- *
- * @param userInfo The user information.
- * @param data The Response object containing the data.
- * @param clazz The data object class.
- * @return A Response object containing the data.
- */
- private <T> Object authorizeSingleWithProbeId(
- UserInfo userInfo,
- Object data,
- Class<T> clazz
- ) {
- try {
- Method getProbeId = clazz.getMethod("getProbeId");
- Integer id = null;
- if (getProbeId != null) {
- id = (Integer) getProbeId.invoke(data);
- }
- else {
- return null;
- }
- LProbe probe =
- (LProbe)repository.getById(LProbe.class, id, "land").getData();
-
- boolean readOnly = true;
- boolean owner = false;
- if (!userInfo.getNetzbetreiber().contains(
- probe.getNetzbetreiberId())) {
- owner = false;
- readOnly = true;
- }
- else {
- if (userInfo.getMessstellen().contains(probe.getMstId())) {
- owner = true;
- }
- else {
- owner = false;
- }
- readOnly = this.isReadOnly(id);
- }
-
- Method setOwner = clazz.getMethod("setOwner", boolean.class);
- Method setReadonly = clazz.getMethod("setReadonly", boolean.class);
- setOwner.invoke(data, owner);
- setReadonly.invoke(data, readOnly);
- } catch (NoSuchMethodException | SecurityException
- | IllegalAccessException | IllegalArgumentException
- | InvocationTargetException e) {
- return null;
- }
- return data;
- }
-
- /**
- * Authorize probe objects.
- *
- * @param userInfo The user information.
- * @param data The Response object containing the probe objects.
- * @return A Response object containing the data.
- */
- @SuppressWarnings("unchecked")
- private Response authorizeProbe(UserInfo userInfo, Response data) {
- if (data.getData() instanceof List<?>) {
- List<LProbe> proben = new ArrayList<LProbe>();
- for (LProbe probe :(List<LProbe>)data.getData()) {
- proben.add(authorizeSingleProbe(userInfo, probe));
- }
- data.setData(proben);
- }
- else if (data.getData() instanceof LProbe) {
- LProbe probe = (LProbe)data.getData();
- data.setData(authorizeSingleProbe(userInfo, probe));
- }
- return data;
- }
-
- /**
- * Authorize a sinle probe object.
- *
- * @param userInfo The user information.
- * @param probe The probe object.
- * @return The probe.
- */
- private LProbe authorizeSingleProbe(UserInfo userInfo, LProbe probe) {
- if (!userInfo.getNetzbetreiber().contains(probe.getNetzbetreiberId())) {
- probe.setOwner(false);
- probe.setReadonly(true);
- return probe;
- }
- if (userInfo.getMessstellen().contains(probe.getMstId())) {
- probe.setOwner(true);
- }
- else {
- probe.setOwner(false);
- }
- probe.setReadonly(this.isReadOnly(probe.getId()));
- return probe;
- }
-
- /**
- * Authorize messung objects.
- *
- * @param userInfo The user information.
- * @param data The Response object containing the messung objects.
- * @return A Response object containing the data.
- */
- @SuppressWarnings("unchecked")
- private Response authorizeMessung(UserInfo userInfo, Response data) {
- if (data.getData() instanceof List<?>) {
- List<LMessung> messungen = new ArrayList<LMessung>();
- for (LMessung messung :(List<LMessung>)data.getData()) {
- messungen.add(authorizeSingleMessung(userInfo, messung));
- }
- data.setData(messungen);
- }
- else if (data.getData() instanceof LMessung) {
- LMessung messung = (LMessung)data.getData();
- data.setData(authorizeSingleMessung(userInfo, messung));
- }
- return data;
- }
-
- /**
- * Authorize a sinle messung object.
- *
- * @param userInfo The user information.
- * @param messung The messung object.
- * @return The messung.
- */
- private LMessung authorizeSingleMessung(
- UserInfo userInfo,
- LMessung messung
- ) {
- LProbe probe =
- (LProbe)repository.getById(
- LProbe.class, messung.getProbeId(), "land").getData();
- if (!userInfo.getNetzbetreiber().contains(probe.getNetzbetreiberId())) {
- messung.setOwner(false);
- messung.setReadonly(true);
- return messung;
- }
- if (userInfo.getMessstellen().contains(probe.getMstId())) {
- messung.setOwner(true);
- }
- else {
- messung.setOwner(false);
- }
- if (messung.getStatus() == null) {
- messung.setReadonly(false);
- }
- else {
- LStatusProtokoll status = repository.getByIdPlain(
- LStatusProtokoll.class,
- messung.getStatus(),
- "land");
- messung.setReadonly(
- status.getStatusWert() != 0 && status.getStatusWert() != 4);
- }
-
- boolean statusEdit = false;
- if (userInfo.getFunktionen().contains(3)) {
- QueryBuilder<AuthLstUmw> lstFilter = new QueryBuilder<AuthLstUmw>(
- repository.entityManager("stamm"),
- AuthLstUmw.class);
- lstFilter.or("lstId", userInfo.getMessstellen());
- List<AuthLstUmw> lsts =
- repository.filterPlain(lstFilter.getQuery(), "stamm");
- for (int i = 0; i < lsts.size(); i++) {
- if (lsts.get(i).getUmwId().equals(probe.getUmwId())) {
- statusEdit = true;
- }
- }
- }
- else if (userInfo.getFunktionen().contains(2) &&
- userInfo.getNetzbetreiber().contains(probe.getNetzbetreiberId())) {
- statusEdit = true;
- }
- else if (userInfo.getFunktionen().contains(1) &&
- userInfo.getMessstellen().contains(probe.getMstId())) {
- statusEdit = true;
- }
- messung.setStatusEdit(statusEdit);
-
- return messung;
- }
-
- /**
* Test whether a probe is readonly.
*
* @param probeId The probe Id.
@@ -620,25 +232,16 @@
* @return True if the user is authorized else returns false.
*/
@Override
- public boolean isAuthorized(UserInfo userInfo, Object data) {
- if (data instanceof LProbe) {
- return getAuthorization(userInfo, (LProbe)data);
+ public <T> boolean isAuthorized(
+ UserInfo userInfo,
+ Object data,
+ Class<T> clazz
+ ) {
+ Authorizer authorizer = authorizers.get(clazz);
+ //This is a hack... Allows wildcard for unknown classes.
+ if (authorizer == null) {
+ return true;
}
- else if (data instanceof LMessung) {
- LProbe probe = repository.getByIdPlain(LProbe.class, ((LMessung)data).getProbeId(), "land");
- return getAuthorization(userInfo, probe);
- }
- return false;
- }
-
- private boolean isMessungReadOnly(LMessung messung) {
- if (messung.getStatus() == null) {
- return false;
- }
- LStatusProtokoll status = repository.getByIdPlain(
- LStatusProtokoll.class,
- messung.getStatus(),
- "land");
- return (status.getStatusWert() != 0 && status.getStatusWert() != 4);
+ return authorizer.isAuthorized(data, RequestMethod.GET, userInfo, clazz);
}
}
diff -r 59c51da59b30 -r fa922101a462 src/main/java/de/intevation/lada/util/auth/MessungAuthorizer.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/main/java/de/intevation/lada/util/auth/MessungAuthorizer.java Fri Jan 08 12:05:26 2016 +0100
@@ -0,0 +1,120 @@
+package de.intevation.lada.util.auth;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import de.intevation.lada.model.land.LMessung;
+import de.intevation.lada.model.land.LProbe;
+import de.intevation.lada.model.land.LStatusProtokoll;
+import de.intevation.lada.model.stamm.AuthLstUmw;
+import de.intevation.lada.util.data.QueryBuilder;
+import de.intevation.lada.util.rest.RequestMethod;
+import de.intevation.lada.util.rest.Response;
+
+public class MessungAuthorizer extends BaseAuthorizer {
+
+ @Override
+ public <T> boolean isAuthorized(
+ Object data,
+ RequestMethod method,
+ UserInfo userInfo,
+ Class<T> clazz
+ ) {
+ LMessung messung = (LMessung)data;
+ Response response =
+ repository.getById(LProbe.class, messung.getProbeId(), "land");
+ LProbe probe = (LProbe)response.getData();
+ if (method == RequestMethod.PUT ||
+ method == RequestMethod.DELETE) {
+ return !this.isMessungReadOnly(messung.getId()) &&
+ getAuthorization(userInfo, probe);
+ }
+ return getAuthorization(userInfo, probe);
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ public <T> Response filter(
+ Response data,
+ UserInfo userInfo,
+ Class<T> clazz
+ ) {
+ if (data.getData() instanceof List<?>) {
+ List<LMessung> messungen = new ArrayList<LMessung>();
+ for (LMessung messung :(List<LMessung>)data.getData()) {
+ messungen.add(setAuthData(userInfo, messung));
+ }
+ data.setData(messungen);
+ }
+ else if (data.getData() instanceof LMessung) {
+ LMessung messung = (LMessung)data.getData();
+ data.setData(setAuthData(userInfo, messung));
+ }
+ return data;
+ }
+
+ /**
+ * Authorize a sinle messung object.
+ *
+ * @param userInfo The user information.
+ * @param messung The messung object.
+ * @return The messung.
+ */
+ private LMessung setAuthData(
+ UserInfo userInfo,
+ LMessung messung
+ ) {
+ LProbe probe =
+ (LProbe)repository.getById(
+ LProbe.class, messung.getProbeId(), "land").getData();
+ if (!userInfo.getNetzbetreiber().contains(probe.getNetzbetreiberId())) {
+ messung.setOwner(false);
+ messung.setReadonly(true);
+ return messung;
+ }
+ if (userInfo.getMessstellen().contains(probe.getMstId())) {
+ messung.setOwner(true);
+ }
+ else {
+ messung.setOwner(false);
+ }
+ if (messung.getStatus() == null) {
+ messung.setReadonly(false);
+ }
+ else {
+ LStatusProtokoll status = repository.getByIdPlain(
+ LStatusProtokoll.class,
+ messung.getStatus(),
+ "land");
+ messung.setReadonly(
+ status.getStatusWert() != 0 && status.getStatusWert() != 4);
+ }
+
+ boolean statusEdit = false;
+ if (userInfo.getFunktionen().contains(3)) {
+ QueryBuilder<AuthLstUmw> lstFilter = new QueryBuilder<AuthLstUmw>(
+ repository.entityManager("stamm"),
+ AuthLstUmw.class);
+ lstFilter.or("lstId", userInfo.getMessstellen());
+ List<AuthLstUmw> lsts =
+ repository.filterPlain(lstFilter.getQuery(), "stamm");
+ for (int i = 0; i < lsts.size(); i++) {
+ if (lsts.get(i).getUmwId().equals(probe.getUmwId())) {
+ statusEdit = true;
+ }
+ }
+ }
+ else if (userInfo.getFunktionen().contains(2) &&
+ userInfo.getNetzbetreiber().contains(probe.getNetzbetreiberId())) {
+ statusEdit = true;
+ }
+ else if (userInfo.getFunktionen().contains(1) &&
+ userInfo.getMessstellen().contains(probe.getMstId())) {
+ statusEdit = true;
+ }
+ messung.setStatusEdit(statusEdit);
+
+ return messung;
+ }
+
+}
diff -r 59c51da59b30 -r fa922101a462 src/main/java/de/intevation/lada/util/auth/MessungIdAuthorizer.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/main/java/de/intevation/lada/util/auth/MessungIdAuthorizer.java Fri Jan 08 12:05:26 2016 +0100
@@ -0,0 +1,131 @@
+package de.intevation.lada.util.auth;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.List;
+
+import de.intevation.lada.model.land.LMessung;
+import de.intevation.lada.model.land.LProbe;
+import de.intevation.lada.model.land.LStatusProtokoll;
+import de.intevation.lada.util.rest.RequestMethod;
+import de.intevation.lada.util.rest.Response;
+
+public class MessungIdAuthorizer extends BaseAuthorizer {
+
+ @Override
+ public <T> boolean isAuthorized(
+ Object data,
+ RequestMethod method,
+ UserInfo userInfo,
+ Class<T> clazz
+ ) {
+ Method m;
+ try {
+ m = clazz.getMethod("getMessungsId");
+ } catch (NoSuchMethodException | SecurityException e1) {
+ return false;
+ }
+ Integer id;
+ try {
+ id = (Integer) m.invoke(data);
+ } catch (IllegalAccessException |
+ IllegalArgumentException |
+ InvocationTargetException e
+ ) {
+ return false;
+ }
+ LMessung messung = repository.getByIdPlain(LMessung.class, id, "land");
+ LProbe probe = repository.getByIdPlain(
+ LProbe.class,
+ messung.getProbeId(),
+ "land");
+ if (messung.getStatus() == null) {
+ return false;
+ }
+ LStatusProtokoll status = repository.getByIdPlain(
+ LStatusProtokoll.class,
+ messung.getStatus(),
+ "land");
+ return (method == RequestMethod.POST ||
+ method == RequestMethod.PUT ||
+ method == RequestMethod.DELETE ||
+ status.getStatusWert() != 0) &&
+ getAuthorization(userInfo, probe);
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ public <T> Response filter(
+ Response data,
+ UserInfo userInfo,
+ Class<T> clazz
+ ) {
+ if (data.getData() instanceof List<?>) {
+ List<Object> objects = new ArrayList<Object>();
+ for (Object object :(List<Object>)data.getData()) {
+ objects.add(setAuthData(userInfo, object, clazz));
+ }
+ data.setData(objects);
+ }
+ else {
+ Object object = data.getData();
+ data.setData(setAuthData(userInfo, object, clazz));
+ }
+ return data;
+ }
+
+ /**
+ * Authorize a single data object that has a messungsId Attribute.
+ *
+ * @param userInfo The user information.
+ * @param data The Response object containing the data.
+ * @param clazz The data object class.
+ * @return A Response object containing the data.
+ */
+ private <T> Object setAuthData(
+ UserInfo userInfo,
+ Object data,
+ Class<T> clazz
+ ) {
+ try {
+ Method getMessungsId = clazz.getMethod("getMessungsId");
+ Integer id = (Integer)getMessungsId.invoke(data);
+ LMessung messung = repository.getByIdPlain(
+ LMessung.class,
+ id,
+ "land");
+ LProbe probe = repository.getByIdPlain(
+ LProbe.class,
+ messung.getProbeId(),
+ "land");
+
+ boolean readOnly = true;
+ boolean owner = false;
+ if (!userInfo.getNetzbetreiber().contains(
+ probe.getNetzbetreiberId())) {
+ owner = false;
+ readOnly = true;
+ }
+ else {
+ if (userInfo.getMessstellen().contains(probe.getMstId())) {
+ owner = true;
+ }
+ else {
+ owner = false;
+ }
+ readOnly = this.isMessungReadOnly(messung.getId());
+ }
+
+ Method setOwner = clazz.getMethod("setOwner", boolean.class);
+ Method setReadonly = clazz.getMethod("setReadonly", boolean.class);
+ setOwner.invoke(data, owner);
+ setReadonly.invoke(data, readOnly);
+ } catch (NoSuchMethodException | SecurityException
+ | IllegalAccessException | IllegalArgumentException
+ | InvocationTargetException e) {
+ return null;
+ }
+ return data;
+ }
+}
diff -r 59c51da59b30 -r fa922101a462 src/main/java/de/intevation/lada/util/auth/NetzbetreiberAuthorizer.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/main/java/de/intevation/lada/util/auth/NetzbetreiberAuthorizer.java Fri Jan 08 12:05:26 2016 +0100
@@ -0,0 +1,49 @@
+package de.intevation.lada.util.auth;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+
+import de.intevation.lada.util.rest.RequestMethod;
+import de.intevation.lada.util.rest.Response;
+
+public class NetzbetreiberAuthorizer extends BaseAuthorizer {
+
+ @Override
+ public <T> boolean isAuthorized(
+ Object data,
+ RequestMethod method,
+ UserInfo userInfo,
+ Class<T> clazz
+ ) {
+ Method m;
+ try {
+ m = clazz.getMethod("getNetzbetreiberId");
+ } catch (NoSuchMethodException | SecurityException e1) {
+ return false;
+ }
+ String id;
+ try {
+ id = (String) m.invoke(data);
+ } catch (IllegalAccessException |
+ IllegalArgumentException |
+ InvocationTargetException e
+ ) {
+ return false;
+ }
+ return (method == RequestMethod.POST ||
+ method == RequestMethod.PUT ||
+ method == RequestMethod.DELETE) &&
+ userInfo.getNetzbetreiber().contains(id) &&
+ userInfo.getFunktionen().contains(4);
+ }
+
+ @Override
+ public <T> Response filter(
+ Response data,
+ UserInfo userInfo,
+ Class<T> clazz
+ ) {
+ return data;
+ }
+
+}
diff -r 59c51da59b30 -r fa922101a462 src/main/java/de/intevation/lada/util/auth/ProbeAuthorizer.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/main/java/de/intevation/lada/util/auth/ProbeAuthorizer.java Fri Jan 08 12:05:26 2016 +0100
@@ -0,0 +1,73 @@
+package de.intevation.lada.util.auth;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import de.intevation.lada.model.land.LProbe;
+import de.intevation.lada.util.rest.RequestMethod;
+import de.intevation.lada.util.rest.Response;
+
+public class ProbeAuthorizer extends BaseAuthorizer {
+
+ @Override
+ public <T> boolean isAuthorized(
+ Object data,
+ RequestMethod method,
+ UserInfo userInfo,
+ Class<T> clazz
+ ) {
+ LProbe probe = (LProbe)data;
+ if (method == RequestMethod.POST) {
+ return getAuthorization(userInfo, probe);
+ }
+ else if (method == RequestMethod.PUT ||
+ method == RequestMethod.DELETE) {
+ return !isProbeReadOnly(probe.getId());
+ }
+ return false;
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ public <T> Response filter(
+ Response data,
+ UserInfo userInfo,
+ Class<T> clazz
+ ) {
+ if (data.getData() instanceof List<?>) {
+ List<LProbe> proben = new ArrayList<LProbe>();
+ for (LProbe probe :(List<LProbe>)data.getData()) {
+ proben.add(setAuthData(userInfo, probe));
+ }
+ data.setData(proben);
+ }
+ else if (data.getData() instanceof LProbe) {
+ LProbe probe = (LProbe)data.getData();
+ data.setData(setAuthData(userInfo, probe));
+ }
+ return data;
+ }
+
+ /**
+ * Set authorization data for the current probe object.
+ *
+ * @param userInfo The user information.
+ * @param probe The probe object.
+ * @return The probe.
+ */
+ private LProbe setAuthData(UserInfo userInfo, LProbe probe) {
+ if (!userInfo.getNetzbetreiber().contains(probe.getNetzbetreiberId())) {
+ probe.setOwner(false);
+ probe.setReadonly(true);
+ return probe;
+ }
+ if (userInfo.getMessstellen().contains(probe.getMstId())) {
+ probe.setOwner(true);
+ }
+ else {
+ probe.setOwner(false);
+ }
+ probe.setReadonly(this.isProbeReadOnly(probe.getId()));
+ return probe;
+ }
+}
diff -r 59c51da59b30 -r fa922101a462 src/main/java/de/intevation/lada/util/auth/ProbeIdAuthorizer.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/main/java/de/intevation/lada/util/auth/ProbeIdAuthorizer.java Fri Jan 08 12:05:26 2016 +0100
@@ -0,0 +1,114 @@
+package de.intevation.lada.util.auth;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.List;
+
+import de.intevation.lada.model.land.LProbe;
+import de.intevation.lada.util.rest.RequestMethod;
+import de.intevation.lada.util.rest.Response;
+
+public class ProbeIdAuthorizer extends BaseAuthorizer {
+
+ @Override
+ public <T> boolean isAuthorized(
+ Object data,
+ RequestMethod method,
+ UserInfo userInfo,
+ Class<T> clazz
+ ) {
+ Method m;
+ try {
+ m = clazz.getMethod("getProbeId");
+ } catch (NoSuchMethodException | SecurityException e1) {
+ return false;
+ }
+ Integer id;
+ try {
+ id = (Integer) m.invoke(data);
+ } catch (IllegalAccessException |
+ IllegalArgumentException |
+ InvocationTargetException e
+ ) {
+ return false;
+ }
+ LProbe probe =
+ repository.getByIdPlain(LProbe.class, id, "land");
+ return !isProbeReadOnly(id) && getAuthorization(userInfo, probe);
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ public <T> Response filter(
+ Response data,
+ UserInfo userInfo,
+ Class<T> clazz
+ ) {
+ if (data.getData() instanceof List<?>) {
+ List<Object> objects = new ArrayList<Object>();
+ for (Object object :(List<Object>)data.getData()) {
+ objects.add(setAuthData(userInfo, object, clazz));
+ }
+ data.setData(objects);
+ }
+ else {
+ Object object = data.getData();
+ data.setData(setAuthData(userInfo, object, clazz));
+ }
+ return data;
+ }
+ /**
+ * Authorize a single data object that has a probeId Attribute.
+ *
+ * @param userInfo The user information.
+ * @param data The Response object containing the data.
+ * @param clazz The data object class.
+ * @return A Response object containing the data.
+ */
+ private <T> Object setAuthData(
+ UserInfo userInfo,
+ Object data,
+ Class<T> clazz
+ ) {
+ try {
+ Method getProbeId = clazz.getMethod("getProbeId");
+ Integer id = null;
+ if (getProbeId != null) {
+ id = (Integer) getProbeId.invoke(data);
+ }
+ else {
+ return null;
+ }
+ LProbe probe =
+ (LProbe)repository.getById(LProbe.class, id, "land").getData();
+
+ boolean readOnly = true;
+ boolean owner = false;
+ if (!userInfo.getNetzbetreiber().contains(
+ probe.getNetzbetreiberId())) {
+ owner = false;
+ readOnly = true;
+ }
+ else {
+ if (userInfo.getMessstellen().contains(probe.getMstId())) {
+ owner = true;
+ }
+ else {
+ owner = false;
+ }
+ readOnly = this.isProbeReadOnly(id);
+ }
+
+ Method setOwner = clazz.getMethod("setOwner", boolean.class);
+ Method setReadonly = clazz.getMethod("setReadonly", boolean.class);
+ setOwner.invoke(data, owner);
+ setReadonly.invoke(data, readOnly);
+ } catch (NoSuchMethodException | SecurityException
+ | IllegalAccessException | IllegalArgumentException
+ | InvocationTargetException e) {
+ return null;
+ }
+ return data;
+ }
+}
diff -r 59c51da59b30 -r fa922101a462 src/main/java/de/intevation/lada/util/auth/TestAuthorization.java
--- a/src/main/java/de/intevation/lada/util/auth/TestAuthorization.java Fri Dec 18 18:01:00 2015 +0100
+++ b/src/main/java/de/intevation/lada/util/auth/TestAuthorization.java Fri Jan 08 12:05:26 2016 +0100
@@ -49,7 +49,7 @@
}
@Override
- public boolean isAuthorized(UserInfo userInfo, Object data) {
+ public <T> boolean isAuthorized(UserInfo userInfo, Object data, Class<T> clazz) {
return true;
}
@@ -57,10 +57,4 @@
public boolean isReadOnly(Integer probeId) {
return false;
}
-
- @Override
- public <T> boolean isAuthorized(int id, Class<T> clazz) {
- return true;
- }
-
}
More information about the Lada-commits
mailing list