Project

General

Profile

Revision fa4763c1

IDfa4763c17759b7979bc106c5706a8ea297f09343
Parent ad4999ae
Child 7f87310a

Added by Andreas Kohlbecker over 1 year ago

ref #7972 FirstdataInserter adding ROLE_REMOTING to the editor groups

View differences:

cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/persistence/hibernate/permission/Role.java
2 2

  
3 3
import java.util.UUID;
4 4

  
5
import org.springframework.security.access.vote.RoleVoter;
6 5
import org.springframework.security.core.GrantedAuthority;
7 6
import org.springframework.util.Assert;
8 7

  
......
32 31
    public final static Role ROLE_PROJECT_MANAGER = new Role(UUID.fromString("9eabd2c6-0590-4a1e-95f5-99cc58b63aa7"), "ROLE_PROJECT_MANAGER");
33 32
    public final static Role ROLE_USER_MANAGER = new Role(UUID.fromString("9eabd2c6-0590-4a1e-95f5-99cc58b63aa7"), "ROLE_USER_MANAGER");
34 33
    public final static Role ROLE_PUBLISH = new Role(UUID.fromString("9ffa7879-cc67-4592-a14a-b251cccde1a7"), "ROLE_PUBLISH");
34
    public final static Role ROLE_REMOTING = new Role(UUID.fromString("be004bf6-0498-48e3-9f06-ff93fc9cdc9a"), "ROLE_REMOTING");
35 35

  
36 36
    private final UUID uuid;
37 37

  
cdmlib-services/src/main/java/eu/etaxonomy/cdm/api/application/FirstDataInserter.java
181 181
            logger.info("inserting first data");
182 182
            checkAdminUser();
183 183
            checkDefaultGroups();
184
            assureRole_REMOTING_forEditors();
184 185
            checkMetadata();
185 186
            firstDataInserted = true;
186 187

  
......
286 287
        return admin;
287 288
    }
288 289

  
290
    /**
291
     * Assures the {@link Role#ROLE_REMOTING} exists.
292
     * <p>
293
     * If the role is missing in the db it will be created and added to the Groups <code>Editor</code> and <code>EditorExtendedCreate</code>.
294
     * <p>
295
     * The role will however not be added to the editor groups in case the role exist but is missing from one of these groups. This allows removal
296
     * of the role from the editor groups to withdraw the remote editing permission from editors in general for a project.
297
     * <p>
298
     * see https://dev.e-taxonomy.eu/redmine/issues/7972
299
     */
300
    private void assureRole_REMOTING_forEditors(){
301

  
302
        if(!roleExists(Role.ROLE_REMOTING)){
303
            GrantedAuthorityImpl roleRemoting = assureRole(Role.ROLE_REMOTING);
304
            Group groupEditor = groupService.load(Group.GROUP_EDITOR_UUID);
305
            groupEditor.addGrantedAuthority(roleRemoting);
306
            groupService.saveOrUpdate(groupEditor);
307
            Group groupEditorExtendedCreate = groupService.load(Group.GROUP_EDITOR_EXTENDED_CREATE_UUID);
308
            groupEditorExtendedCreate.addGrantedAuthority(roleRemoting);
309
            groupService.saveOrUpdate(groupEditorExtendedCreate);
310
        }
311
    }
312

  
289 313
    private void checkAdminRole(User admin) {
290 314
        Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
291 315

  
......
301 325
        }
302 326

  
303 327
        if(!hasRoleAdmin){
304
            authorities.add(getRoleAdmin());
328
            authorities.add(assureRole(Role.ROLE_ADMIN));
305 329
            admin.setGrantedAuthorities(authorities);
306 330
            progressMonitor.subTask("Creating Admins Role");
307 331
            userService.saveOrUpdate(admin);
......
312 336
    /**
313 337
     * @return
314 338
     */
315
    private GrantedAuthorityImpl getRoleAdmin() {
316
        GrantedAuthorityImpl role_admin = grantedAuthorityService.find(Role.ROLE_ADMIN.getUuid());
317
        if(role_admin == null){
318
            role_admin = Role.ROLE_ADMIN.asNewGrantedAuthority();
339
    private GrantedAuthorityImpl assureRole(Role role) {
340
        GrantedAuthorityImpl roleLoaded = grantedAuthorityService.find(role.getUuid());
341
        if(roleLoaded == null){
342
            roleLoaded = grantedAuthorityService.save(role.asNewGrantedAuthority());
319 343
        }
320
        return role_admin;
344
        return roleLoaded;
345
    }
346

  
347
    private boolean roleExists(Role role) {
348
        GrantedAuthorityImpl roleLoaded = grantedAuthorityService.find(role.getUuid());
349
        return roleLoaded != null;
321 350
    }
322 351

  
323 352
    private void createMetadata(){

Also available in: Unified diff

Add picture from clipboard (Maximum size: 40 MB)