|
1
|
package eu.etaxonomy.cdm.persistence.hibernate.permission;
|
|
2
|
|
|
3
|
import java.util.UUID;
|
|
4
|
|
|
5
|
import org.springframework.security.access.vote.RoleVoter;
|
|
6
|
import org.springframework.security.core.GrantedAuthority;
|
|
7
|
import org.springframework.util.Assert;
|
|
8
|
|
|
9
|
import eu.etaxonomy.cdm.model.common.GrantedAuthorityImpl;
|
|
10
|
import eu.etaxonomy.cdm.persistence.dao.common.IGrantedAuthorityDao;
|
|
11
|
|
|
12
|
/**
|
|
13
|
* The role prefix 'ROLE_' is defined in the spring security
|
|
14
|
* <code>RoleVoter</code>
|
|
15
|
*
|
|
16
|
* @author a.kohlbecker
|
|
17
|
* @date Oct 5, 2012
|
|
18
|
*
|
|
19
|
*
|
|
20
|
*/
|
|
21
|
public class Role implements GrantedAuthority, IGrantedAuthorityConverter {
|
|
22
|
|
|
23
|
private static final long serialVersionUID = -2244354513663448504L;
|
|
24
|
|
|
25
|
/**
|
|
26
|
* The role prefix 'ROLE_' is defined in the spring security
|
|
27
|
* {@link RoleVoter}
|
|
28
|
*/
|
|
29
|
private static final String ROLE_PREFIX = "ROLE_";
|
|
30
|
|
|
31
|
public final static Role ROLE_ADMIN = new Role(UUID.fromString("56eac992-67ba-40be-896c-4e992ca2afc0"), "ROLE_ADMIN");
|
|
32
|
public final static Role ROLE_PROJECT_MANAGER = new Role(UUID.fromString("9eabd2c6-0590-4a1e-95f5-99cc58b63aa7"), "ROLE_PROJECT_MANAGER");
|
|
33
|
public final static Role ROLE_USER_MANAGER = new Role(UUID.fromString("9eabd2c6-0590-4a1e-95f5-99cc58b63aa7"), "ROLE_USER_MANAGER");
|
|
34
|
public final static Role ROLE_PUBLISH = new Role(UUID.fromString("9ffa7879-cc67-4592-a14a-b251cccde1a7"), "ROLE_PUBLISH");
|
|
35
|
|
|
36
|
private final UUID uuid;
|
|
37
|
|
|
38
|
public UUID getUuid() {
|
|
39
|
return uuid;
|
|
40
|
}
|
|
41
|
|
|
42
|
private final String authority;
|
|
43
|
|
|
44
|
public Role(UUID uuid, String authority) {
|
|
45
|
this.uuid = uuid;
|
|
46
|
this.authority = authority;
|
|
47
|
}
|
|
48
|
|
|
49
|
/**
|
|
50
|
* <b>WARNING:</b> This method must only be used when there is nothing in
|
|
51
|
* hibernate to be flushed to the database. Otherwise you risk of getting
|
|
52
|
* into an endless loop. Alternatively you can use
|
|
53
|
* {@link #asNewGrantedAuthority()}
|
|
54
|
*
|
|
55
|
*
|
|
56
|
* @return either an instance which already is persited to the database or a
|
|
57
|
* fresh not persisted instance of {@link GrantedAuthorityImpl} for
|
|
58
|
* the Role.
|
|
59
|
*/
|
|
60
|
public GrantedAuthorityImpl asGrantedAuthority(IGrantedAuthorityDao grantedAuthorityDao) {
|
|
61
|
GrantedAuthorityImpl grantedAuthority = grantedAuthorityDao.findByUuid(uuid);
|
|
62
|
if (grantedAuthority == null) {
|
|
63
|
grantedAuthority = asNewGrantedAuthority();
|
|
64
|
} else {
|
|
65
|
Assert.isTrue(authority.equals(grantedAuthority.getAuthority()), "the persisted Authority with uuid " + uuid + " is not '" + authority + "'" );
|
|
66
|
}
|
|
67
|
return grantedAuthority;
|
|
68
|
}
|
|
69
|
|
|
70
|
/**
|
|
71
|
* @return a fresh <b>not persisted instance</b> of {@link GrantedAuthorityImpl}
|
|
72
|
* for the Role.
|
|
73
|
*/
|
|
74
|
@Override
|
|
75
|
public GrantedAuthorityImpl asNewGrantedAuthority() {
|
|
76
|
GrantedAuthorityImpl grantedAuthority;
|
|
77
|
grantedAuthority = GrantedAuthorityImpl.NewInstance();
|
|
78
|
grantedAuthority.setUuid(uuid);
|
|
79
|
grantedAuthority.setAuthority(authority);
|
|
80
|
return grantedAuthority;
|
|
81
|
}
|
|
82
|
|
|
83
|
public static Role fromGrantedAuthority(GrantedAuthorityImpl grantedAuthority){
|
|
84
|
String authorityString = grantedAuthority.getAuthority();
|
|
85
|
Assert.isTrue(authorityString.matches("^" + ROLE_PREFIX +"\\w*$"), "invalid role prefix of authority " + authorityString + "[" + grantedAuthority.getUuid() + "]");
|
|
86
|
return new Role(grantedAuthority.getUuid(), authorityString);
|
|
87
|
}
|
|
88
|
|
|
89
|
public static Role fromString(String authorityString){
|
|
90
|
Assert.isTrue(authorityString.matches("^" + ROLE_PREFIX +"\\w*$"), "invalid role prefix of authority " + authorityString);
|
|
91
|
Role role = null;
|
|
92
|
if(authorityString.equals(ROLE_ADMIN.authority)){
|
|
93
|
return ROLE_ADMIN;
|
|
94
|
} else
|
|
95
|
if(authorityString.equals(ROLE_PROJECT_MANAGER.authority)){
|
|
96
|
return ROLE_PROJECT_MANAGER;
|
|
97
|
} else
|
|
98
|
if(authorityString.equals(ROLE_PUBLISH.authority)){
|
|
99
|
return ROLE_PUBLISH;
|
|
100
|
} else
|
|
101
|
if(authorityString.equals(ROLE_USER_MANAGER.authority)){
|
|
102
|
return ROLE_USER_MANAGER;
|
|
103
|
}
|
|
104
|
Assert.notNull(role, "The given auhtority #" + authorityString + "' does not match any known role");
|
|
105
|
return role;
|
|
106
|
}
|
|
107
|
|
|
108
|
@Override
|
|
109
|
public String getAuthority() {
|
|
110
|
return authority;
|
|
111
|
}
|
|
112
|
|
|
113
|
@Override
|
|
114
|
public String toString(){
|
|
115
|
return getAuthority();
|
|
116
|
}
|
|
117
|
|
|
118
|
}
|