public/docs
1
0
Fork 0
mirror of https://github.com/sismics/docs.git synced 2025-12-21 05:31:42 +00:00
Code Issues Releases Wiki Activity

#18: Group resource, groups handling in ACL, groups returned in users

Browse Source
This commit is contained in:
jendib
2016-03-19 19:41:28 +01:00
parent 43a1575187
commit a5ce5bf9ec
27 changed files with 725 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
docs-web-common/src/main/java/com/sismics/util/filter/TokenBasedSecurityFilter.java
View File

@@ -3,6 +3,7 @@ package com.sismics.util.filter;
import java.io.IOException;
import java.text.MessageFormat;
import java.util.Date;
import java.util.List;
import java.util.Set;
import javax.servlet.Filter;
@@ -20,14 +21,18 @@ import org.slf4j.LoggerFactory;
import com.sismics.docs.core.constant.Constants;
import com.sismics.docs.core.dao.jpa.AuthenticationTokenDao;
import com.sismics.docs.core.dao.jpa.GroupDao;
import com.sismics.docs.core.dao.jpa.RoleBaseFunctionDao;
import com.sismics.docs.core.dao.jpa.UserDao;
import com.sismics.docs.core.dao.jpa.criteria.GroupCriteria;
import com.sismics.docs.core.dao.jpa.dto.GroupDto;
import com.sismics.docs.core.model.jpa.AuthenticationToken;
import com.sismics.docs.core.model.jpa.User;
import com.sismics.docs.core.util.TransactionUtil;
import com.sismics.security.AnonymousPrincipal;
import com.sismics.security.UserPrincipal;
import jersey.repackaged.com.google.common.collect.Sets;
/**
* This filter is used to authenticate the user having an active session via an authentication token stored in database.
* The filter extracts the authentication token stored in a cookie.
@@ -113,10 +118,6 @@ public class TokenBasedSecurityFilter implements Filter {
User user = userDao.getById(authenticationToken.getUserId());
if (user != null && user.getDeleteDate() == null) {
injectAuthenticatedUser(request, user);
// Update the last connection date
authenticationTokenDao.updateLastConnectionDate(authenticationToken.getId());
TransactionUtil.commit();
} else {
injectAnonymousUser(request);
}
@@ -158,6 +159,17 @@ public class TokenBasedSecurityFilter implements Filter {
Set<String> baseFunctionSet = userBaseFuction.findByRoleId(user.getRoleId());
userPrincipal.setBaseFunctionSet(baseFunctionSet);
// Add groups
GroupDao groupDao = new GroupDao();
List<GroupDto> groupDtoList = groupDao.findByCriteria(new GroupCriteria()
.setUserId(user.getId())
.setRecursive(true), null);
Set<String> groupIdSet = Sets.newHashSet();
for (GroupDto groupDto : groupDtoList) {
groupIdSet.add(groupDto.getId());
}
userPrincipal.setGroupIdSet(groupIdSet);
// Add email
userPrincipal.setEmail(user.getEmail());