branch feature/10218-modification-user created (now 19a45e9)
This is an automated email from the git hooks/post-receive script. New change to branch feature/10218-modification-user in repository coselmar. See https://gitlab.nuiton.org/codelutin/coselmar.git at 19a45e9 Allow to see user information for Admin, and for Supervisor when user is a client This branch includes the following new commits: new 19a45e9 Allow to see user information for Admin, and for Supervisor when user is a client The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 19a45e9fe3c8684a20a4f0346a11827f87d50e58 Author: Yannick Martel <martel@©odelutin.com> Date: Wed Apr 10 11:25:43 2019 +0200 Allow to see user information for Admin, and for Supervisor when user is a client -- To stop receiving notification emails like this one, please contact codelutin.com SCM administrator <admin+scm@codelutin.com>.
This is an automated email from the git hooks/post-receive script. New commit to branch feature/10218-modification-user in repository coselmar. See https://gitlab.nuiton.org/codelutin/coselmar.git commit 19a45e9fe3c8684a20a4f0346a11827f87d50e58 Author: Yannick Martel <martel@©odelutin.com> Date: Wed Apr 10 11:25:43 2019 +0200 Allow to see user information for Admin, and for Supervisor when user is a client --- .../coselmar/services/v1/UsersWebService.java | 40 +++++++++++++++++----- 1 file changed, 32 insertions(+), 8 deletions(-) diff --git a/coselmar-rest/src/main/java/fr/ifremer/coselmar/services/v1/UsersWebService.java b/coselmar-rest/src/main/java/fr/ifremer/coselmar/services/v1/UsersWebService.java index 7732715..8b3fc00 100644 --- a/coselmar-rest/src/main/java/fr/ifremer/coselmar/services/v1/UsersWebService.java +++ b/coselmar-rest/src/main/java/fr/ifremer/coselmar/services/v1/UsersWebService.java @@ -83,9 +83,34 @@ public class UsersWebService extends CoselmarWebServiceSupport { // Check authentication String authorization = getContext().getHeader("Authorization"); - CoselmarUser user = checkUserAuthentication(authorization); + CoselmarUser curentUser = checkUserAuthentication(authorization); + + // Rebuild fullId + String fullId = getFullIdFromShort(CoselmarUser.class, userId); + UserBean userBean; + if (fullId.equals(curentUser.getTopiaId())) { + // Current user is asking for his info : ok + userBean = BeanEntityConverter.toBean(userId, curentUser); + } else { + // Current user wanna see an other profile ; only allowed to Admin or Supervisor (if it user is a client) + + // Get the asked user + CoselmarUser askedUser = getCoselmarUserDao().forTopiaIdEquals(fullId).findAny(); + + boolean isAdmin = curentUser.getRole() == CoselmarUserRole.ADMIN; + boolean isSupervisor4Client = (curentUser.getRole() == CoselmarUserRole.SUPERVISOR && askedUser.getRole() == CoselmarUserRole.CLIENT); + + if (!isAdmin && !isSupervisor4Client) { + if (log.isDebugEnabled()) { + String message = String.format("A non admin, non supervisor user is trying to access user info with shortId '%s'", userId); + log.debug(message); + } + throw new UnauthorizedException("Not allowed to see user infos"); + } + // Retrieve asked user + userBean = BeanEntityConverter.toBean(userId, askedUser); + } - UserBean userBean = BeanEntityConverter.toBean(userId, user); return userBean; } @@ -134,7 +159,7 @@ public class UsersWebService extends CoselmarWebServiceSupport { List<UserBean> result = new ArrayList<>(usersPage.getElements().size()); for (CoselmarUser user : usersPage.getElements()) { - String userLightId = getPersistenceContext().getTopiaIdFactory().getRandomPart(user.getTopiaId()); + String userLightId = getShortIdFromFull(user.getTopiaId()); UserBean userBean = BeanEntityConverter.toBean(userLightId, user); result.add(userBean); } @@ -183,7 +208,7 @@ public class UsersWebService extends CoselmarWebServiceSupport { List<UserBean> result = new ArrayList<>(userList.size()); for (CoselmarUser user : userList) { - String userLightId = getPersistenceContext().getTopiaIdFactory().getRandomPart(user.getTopiaId()); + String userLightId = getShortIdFromFull(user.getTopiaId()); UserBean userBean = BeanEntityConverter.toBean(userLightId, user); result.add(userBean); } @@ -375,8 +400,7 @@ public class UsersWebService extends CoselmarWebServiceSupport { JWTSigner.Options signerOption = new JWTSigner.Options(); signerOption.setAlgorithm(Algorithm.HS384); - String userTopiaId = user.getTopiaId(); - String shortId = getPersistenceContext().getTopiaIdFactory().getRandomPart(userTopiaId); + String shortId = getShortIdFromFull(user.getTopiaId()); Map<String, Object> claims = UserWebToken.toJwtClaims(shortId, user.getFirstname(), user.getName(), user.getRole().name()); String webToken = jwtSigner.sign(claims, signerOption); @@ -428,7 +452,7 @@ public class UsersWebService extends CoselmarWebServiceSupport { commit(); LostPasswordMail lostPasswordMail = new LostPasswordMail(getServicesContext().getLocale()); - String shortId = getPersistenceContext().getTopiaIdFactory().getRandomPart(user.getTopiaId()); + String shortId = getShortIdFromFull(user.getTopiaId()); UserBean userBean = BeanEntityConverter.toBean(shortId, user); lostPasswordMail.setUser(userBean); lostPasswordMail.setPassword(password); @@ -473,7 +497,7 @@ public class UsersWebService extends CoselmarWebServiceSupport { List<UserBean> users = new ArrayList<>(userList.size()); for (CoselmarUser user : userList) { - String userLightId = getPersistenceContext().getTopiaIdFactory().getRandomPart(user.getTopiaId()); + String userLightId = getShortIdFromFull(user.getTopiaId()); UserBean userBean = BeanEntityConverter.toBean(userLightId, user); users.add(userBean); } -- To stop receiving notification emails like this one, please contact codelutin.com SCM administrator <admin+scm@codelutin.com>.
participants (1)
-
codelutin.com scm