#18: Group resource, groups handling in ACL, groups returned in users

2025-12-16 11:15:07 +00:00 · 2016-03-19 19:41:28 +01:00
parent 43a1575187
commit a5ce5bf9ec
27 changed files with 725 additions and 133 deletions
--- a/docs-web-common/src/main/java/com/sismics/security/AnonymousPrincipal.java
+++ b/docs-web-common/src/main/java/com/sismics/security/AnonymousPrincipal.java
@@ -1,10 +1,10 @@
 package com.sismics.security;

-import java.util.List;
+import java.util.Set;

 import org.joda.time.DateTimeZone;

-import com.google.common.collect.Lists;
+import jersey.repackaged.com.google.common.collect.Sets;

 /**
 * Anonymous principal.
@@ -56,7 +56,7 @@ public class AnonymousPrincipal implements IPrincipal {
    }

    @Override
-    public List<String> getGroupIdList() {
-        return Lists.newArrayList();
+    public Set<String> getGroupIdSet() {
+        return Sets.newHashSet();
    }
 }
--- a/docs-web-common/src/main/java/com/sismics/security/IPrincipal.java
+++ b/docs-web-common/src/main/java/com/sismics/security/IPrincipal.java
@@ -1,7 +1,7 @@
 package com.sismics.security;

 import java.security.Principal;
-import java.util.List;
+import java.util.Set;

 import org.joda.time.DateTimeZone;

@@ -31,7 +31,7 @@ public interface IPrincipal extends Principal {
     * 
     * @return List of group ID
     */
-    public List<String> getGroupIdList();
+    public Set<String> getGroupIdSet();
    
    /**
     * Returns the timezone of the principal.
--- a/docs-web-common/src/main/java/com/sismics/security/UserPrincipal.java
+++ b/docs-web-common/src/main/java/com/sismics/security/UserPrincipal.java
@@ -1,12 +1,9 @@
 package com.sismics.security;

-import java.util.List;
 import java.util.Set;

 import org.joda.time.DateTimeZone;

-import jersey.repackaged.com.google.common.collect.Lists;
-
 /**
 * Authenticated users principal.
 * 
@@ -38,6 +35,11 @@ public class UserPrincipal implements IPrincipal {
     */
    private Set<String> baseFunctionSet;
    
+    /**
+     * User groups.
+     */
+    private Set<String> groupIdSet;
+    
    /**
     * Constructor of UserPrincipal.
     * 
@@ -99,8 +101,11 @@ public class UserPrincipal implements IPrincipal {
    }

    @Override
-    public List<String> getGroupIdList() {
-        // TODO Real groups
-        return Lists.newArrayList("members");
+    public Set<String> getGroupIdSet() {
+        return groupIdSet;
+    }
+    
+    public void setGroupIdSet(Set<String> groupIdSet) {
+        this.groupIdSet = groupIdSet;
    }
 }
--- a/docs-web-common/src/main/java/com/sismics/util/filter/TokenBasedSecurityFilter.java
+++ b/docs-web-common/src/main/java/com/sismics/util/filter/TokenBasedSecurityFilter.java
@@ -3,6 +3,7 @@ package com.sismics.util.filter;
 import java.io.IOException;
 import java.text.MessageFormat;
 import java.util.Date;
+import java.util.List;
 import java.util.Set;

 import javax.servlet.Filter;
@@ -20,14 +21,18 @@ import org.slf4j.LoggerFactory;

 import com.sismics.docs.core.constant.Constants;
 import com.sismics.docs.core.dao.jpa.AuthenticationTokenDao;
+import com.sismics.docs.core.dao.jpa.GroupDao;
 import com.sismics.docs.core.dao.jpa.RoleBaseFunctionDao;
 import com.sismics.docs.core.dao.jpa.UserDao;
+import com.sismics.docs.core.dao.jpa.criteria.GroupCriteria;
+import com.sismics.docs.core.dao.jpa.dto.GroupDto;
 import com.sismics.docs.core.model.jpa.AuthenticationToken;
 import com.sismics.docs.core.model.jpa.User;
-import com.sismics.docs.core.util.TransactionUtil;
 import com.sismics.security.AnonymousPrincipal;
 import com.sismics.security.UserPrincipal;

+import jersey.repackaged.com.google.common.collect.Sets;
+
 /**
 * This filter is used to authenticate the user having an active session via an authentication token stored in database.
 * The filter extracts the authentication token stored in a cookie.
@@ -113,10 +118,6 @@ public class TokenBasedSecurityFilter implements Filter {
                User user = userDao.getById(authenticationToken.getUserId());
                if (user != null && user.getDeleteDate() == null) {
                    injectAuthenticatedUser(request, user);
-                    
-                    // Update the last connection date
-                    authenticationTokenDao.updateLastConnectionDate(authenticationToken.getId());
-                    TransactionUtil.commit();
                } else {
                    injectAnonymousUser(request);
                }
@@ -158,6 +159,17 @@ public class TokenBasedSecurityFilter implements Filter {
        Set<String> baseFunctionSet = userBaseFuction.findByRoleId(user.getRoleId());
        userPrincipal.setBaseFunctionSet(baseFunctionSet);
        
+        // Add groups
+        GroupDao groupDao = new GroupDao();
+        List<GroupDto> groupDtoList = groupDao.findByCriteria(new GroupCriteria()
+                .setUserId(user.getId())
+                .setRecursive(true), null);
+        Set<String> groupIdSet = Sets.newHashSet();
+        for (GroupDto groupDto : groupDtoList) {
+            groupIdSet.add(groupDto.getId());
+        }
+        userPrincipal.setGroupIdSet(groupIdSet);
+        
        // Add email
        userPrincipal.setEmail(user.getEmail());