[Pollen-commits] r3902 - in trunk: pollen-persistence/src/main/java/org/chorem/pollen/persistence/entity pollen-persistence/src/main/xmi pollen-rest-api/src/main/java/org/chorem/pollen/rest/api pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1 pollen-rest-api/src/test/java/org/chorem/pollen/rest/api pollen-services/src/main/java/org/chorem/pollen/services pollen-services/src/main/java/org/chorem/pollen/services/service pollen-services/src/main/java/org/chorem/pollen/services/service/security polle

Author: tchemit Date: 2014-05-04 02:18:39 +0200 (Sun, 04 May 2014) New Revision: 3902 Url: http://forge.chorem.org/projects/pollen/repository/revisions/3902 Log: continue dev + begin of implements correct security Added: trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/RoleRequired.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/PollenApplicationContext.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/test/FakePollenApplicationContext.java Removed: trunk/pollen-services/src/main/java/org/chorem/pollen/services/test/PollenApplication.java Modified: trunk/pollen-persistence/src/main/java/org/chorem/pollen/persistence/entity/PollTopiaDao.java trunk/pollen-persistence/src/main/xmi/pollen.zargo trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRender.java trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiApplicationContext.java trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiApplicationListener.java trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiRequestContext.java trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiRequestFilter.java trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/ChoiceService.java trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/CommentService.java trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/FavoriteListService.java trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/PollService.java trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/PollenUserService.java trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/VoteCountingService.java trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/VoteService.java trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/VoterListService.java trunk/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/AbstractPollenRestApiTest.java trunk/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/PollServiceTest.java trunk/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/PollenUserServiceTest.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/PollenFixtures.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/AuthService.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/ChoiceService.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/CommentService.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/FavoriteListService.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/FixturesService.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/PollService.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/PollenServiceSupport.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/PollenUserService.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/VoteService.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/VoterListService.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/security/DefaultPollenSecurityContext.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/security/PollenSecurityContext.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/security/PollenSecurityRealm.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/security/PollenUnauthorizedException.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityRole.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/test/FakePollenSecurityContext.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/test/FakePollenServiceContext.java trunk/pollen-services/src/main/resources/fixtures.yaml trunk/pollen-services/src/test/java/org/chorem/pollen/service/AbstractPollenServiceTest.java trunk/pollen-services/src/test/java/org/chorem/pollen/service/PollServiceTest.java Modified: trunk/pollen-persistence/src/main/java/org/chorem/pollen/persistence/entity/PollTopiaDao.java =================================================================== --- trunk/pollen-persistence/src/main/java/org/chorem/pollen/persistence/entity/PollTopiaDao.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-persistence/src/main/java/org/chorem/pollen/persistence/entity/PollTopiaDao.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -23,6 +23,7 @@ * #L% */ +import com.google.common.collect.ImmutableSet; import com.google.common.collect.Sets; import java.util.Set; @@ -48,5 +49,9 @@ return Sets.newHashSet(); } + public Set<Poll> findAllFreePolls() { + return ImmutableSet.copyOf(forPollTypeEquals(PollType.FREE).findAll()); + + } } Modified: trunk/pollen-persistence/src/main/xmi/pollen.zargo =================================================================== (Binary files differ) Modified: trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRender.java =================================================================== --- trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRender.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRender.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -111,16 +111,28 @@ map = toMap(model, includeCollection); } - Gson gson = new GsonBuilder().registerTypeAdapter(Date.class, new JsonSerializer<Date>() { + GsonBuilder gsonBuilder = new GsonBuilder().registerTypeAdapter(Date.class, new JsonSerializer<Date>() { @Override - public JsonElement serialize(Date src, Type typeOfSrc, JsonSerializationContext context) { + public JsonElement serialize(Date src, Type typeOfSrc, JsonSerializationContext c) { + JsonElement result; + if (src == null) { - return JsonNull.INSTANCE; + result = JsonNull.INSTANCE; + } else { + result = new JsonPrimitive(src.getTime()); } - return new JsonPrimitive(src.getTime()); + return result; } + }); - }).create(); + PollenRestApiApplicationContext applicationContext = + PollenRestApiRequestFilter.getApplicationContext(context.getServletContext()); + boolean devMode = applicationContext.getApplicationConfig().isDevMode(); + if (devMode) { + gsonBuilder.setPrettyPrinting(); + } + Gson gson = gsonBuilder.create(); + String json = gson.toJson(map); PrintWriter out = context.getOut(); out.print(json); Modified: trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiApplicationContext.java =================================================================== --- trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiApplicationContext.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiApplicationContext.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -31,8 +31,10 @@ import org.chorem.pollen.persistence.PollenPersistenceContext; import org.chorem.pollen.persistence.PollenTopiaApplicationContext; import org.chorem.pollen.persistence.PollenTopiaPersistenceContext; +import org.chorem.pollen.persistence.entity.PollenPrincipal; import org.chorem.pollen.persistence.entity.SessionToken; import org.chorem.pollen.services.DefaultPollenServiceContext; +import org.chorem.pollen.services.PollenApplicationContext; import org.chorem.pollen.services.PollenServiceContext; import org.chorem.pollen.services.config.PollenServiceConfig; import org.chorem.pollen.services.exception.EntityNotFoundException; @@ -55,7 +57,7 @@ * @author tchemit <chemit@codelutin.com> * @since 2.0 */ -public class PollenRestApiApplicationContext implements Closeable { +public class PollenRestApiApplicationContext implements Closeable, PollenApplicationContext { private static Log log = LogFactory.getLog(PollenRestApiApplicationContext.class); @@ -95,14 +97,17 @@ this.closed = new AtomicBoolean(false); } + @Override public PollenTopiaApplicationContext getTopiaApplicationContext() { return topiaApplicationContext; } + @Override public PollenServiceConfig getApplicationConfig() { return applicationConfig; } + @Override public PollenTopiaPersistenceContext newPersistenceContext() { PollenTopiaPersistenceContext persistenceContext = topiaApplicationContext.newPersistenceContext(); @@ -110,6 +115,7 @@ } + @Override public PollenServiceContext newServiceContext(PollenPersistenceContext persistenceContext, Locale locale) { DefaultPollenServiceContext newServiceContext = new DefaultPollenServiceContext(); @@ -121,9 +127,10 @@ } - public PollenSecurityContext newSecurityContext(SessionToken sessionToken) { + @Override + public PollenSecurityContext newSecurityContext(SessionToken sessionToken, PollenPrincipal mainPrincipal) { - return DefaultPollenSecurityContext.newContext(sessionToken); + return DefaultPollenSecurityContext.newContext(sessionToken, mainPrincipal); } Modified: trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiApplicationListener.java =================================================================== --- trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiApplicationListener.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiApplicationListener.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -24,6 +24,8 @@ */ import org.apache.commons.beanutils.Converter; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.chorem.pollen.persistence.PollenEntityEnum; import org.debux.webmotion.server.WebMotionServerListener; import org.debux.webmotion.server.call.Call; @@ -45,12 +47,13 @@ */ public class PollenRestApiApplicationListener implements WebMotionServerListener { + /** Logger. */ + private static final Log log = LogFactory.getLog(PollenRestApiApplicationListener.class); + @Override public void onStart(Mapping mapping, ServerContext serverContext) { - // --- - // init converters - // --- + // --- init converters --- // serverContext.addConverter(new Converter() { @Override @@ -95,9 +98,7 @@ serverContext.addConverter(entityconverter, entityClass); } - // --- - // init injectors - // --- + // --- init injectors --- // serverContext.addInjector(new ExecutorParametersInjectorHandler.Injector() { @Override @@ -113,9 +114,7 @@ } }); - // --- - // init application context - // --- + // --- init application context --- // PollenRestApiApplicationContext applicationContext = PollenRestApiApplicationContext.getApplicationContext(); @@ -146,5 +145,4 @@ applicationContext.close(); } } - } Modified: trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiRequestContext.java =================================================================== --- trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiRequestContext.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiRequestContext.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -53,6 +53,10 @@ serviceContext.setSecurityContext(securityContext); } + public PollenSecurityContext getSecurityContext() { + return serviceContext.getSecurityContext(); + } + public AuthService getAuthService() { return serviceContext.newService(AuthService.class); } Modified: trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiRequestFilter.java =================================================================== --- trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiRequestFilter.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/PollenRestApiRequestFilter.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -23,19 +23,25 @@ * #L% */ -import org.apache.commons.lang3.StringUtils; import org.chorem.pollen.persistence.PollenPersistenceContext; +import org.chorem.pollen.persistence.entity.PollenPrincipal; import org.chorem.pollen.persistence.entity.SessionToken; import org.chorem.pollen.services.PollenServiceContext; import org.chorem.pollen.services.exception.InvalidSessionTokenException; import org.chorem.pollen.services.service.security.PollenSecurityContext; +import org.chorem.pollen.services.service.security.SecurityRole; +import org.chorem.pollen.services.service.security.SecurityService; import org.debux.webmotion.server.WebMotionFilter; +import org.debux.webmotion.server.call.Call; import org.debux.webmotion.server.call.HttpContext; +import org.debux.webmotion.server.mapping.Mapping; import javax.servlet.ServletContext; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import java.lang.reflect.Method; import java.util.Locale; +import java.util.Map; /** * Inject {@link PollenRestApiRequestContext} in services. @@ -53,6 +59,8 @@ public static final String REQUEST_AUTH_PARAMETER = "auth"; + public static final String REQUEST_CREDENTIAL_PARAMETER = "credential"; + public static PollenRestApiApplicationContext getApplicationContext(ServletContext servletContext) { PollenRestApiApplicationContext result = (PollenRestApiApplicationContext) servletContext.getAttribute(APPLICATION_CONTEXT_PARAMETER); @@ -86,7 +94,7 @@ request.setAttribute(REQUEST_POLLEN_CONNECTED_USER, sessionToken); } - public void inject(HttpContext context) throws InvalidSessionTokenException { + public void inject(Call call, HttpContext context) throws InvalidSessionTokenException { PollenRestApiApplicationContext applicationContext = getApplicationContext(context.getServletContext()); @@ -101,10 +109,10 @@ PollenRestApiRequestContext requestContext = new PollenRestApiRequestContext(); requestContext.setServiceContext(serviceContext); + prepareSecurityContext(call, context, applicationContext, requestContext); + setRequestContext(context.getRequest(), requestContext); - addSecurityContext(context, applicationContext, requestContext); - doProcess(); HttpServletResponse response = context.getResponse(); @@ -112,24 +120,75 @@ response.addHeader(HttpContext.HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); } - protected void addSecurityContext(HttpContext context, - PollenRestApiApplicationContext applicationContext, - PollenRestApiRequestContext serviceContext) throws InvalidSessionTokenException { + @Override + public void doProcess() { + super.doProcess(); + } - String[] strings = context.getParameters().get(REQUEST_AUTH_PARAMETER); + @Override + public void doProcess(Mapping mapping, Call call) { + super.doProcess(mapping, call); + } - String authParam = strings == null || strings.length < 1 ? null : strings[0]; + protected void prepareSecurityContext(Call call, + HttpContext httpContext, + PollenRestApiApplicationContext applicationContext, + PollenRestApiRequestContext requestContext) throws InvalidSessionTokenException { - SessionToken sessionToken = null; + // --- Create security context --- // + PollenSecurityContext securityContext = createSecurityContext( + httpContext, + applicationContext, + requestContext); - if (StringUtils.isNotBlank(authParam)) { + requestContext.setSecurityContext(securityContext); - // find out the userId from this auth + SecurityService securityService = requestContext.getSecurityService(); - sessionToken = serviceContext.getAuthService().getUserByAuth(authParam); + Method method = call.getExecutor().getMethod(); + + // --- Check roles --- // + + boolean needRole = method.isAnnotationPresent(RoleRequired.class); + if (needRole) { + RoleRequired roleAnnotation = method.getAnnotation(RoleRequired.class); + SecurityRole roleName = roleAnnotation.value(); + + securityService.checkRole(roleName); } + + } + + protected PollenSecurityContext createSecurityContext(HttpContext context, + PollenRestApiApplicationContext applicationContext, + PollenRestApiRequestContext pollenRestApiRequestContext) throws InvalidSessionTokenException { + + SecurityService securityService = pollenRestApiRequestContext.getSecurityService(); + + Map<String, String[]> parameters = context.getParameters(); + + // get session token + SessionToken sessionToken; + { + + String[] strings = parameters.get(REQUEST_AUTH_PARAMETER); + String authParam = strings == null || strings.length < 1 ? null : strings[0]; + sessionToken = securityService.getSessionTokenByToken(authParam); + } + + // get mainPrincipal + PollenPrincipal mainPrincipal; + { + + String[] strings = parameters.get(REQUEST_CREDENTIAL_PARAMETER); + String credentialParam = strings == null || strings.length < 1 ? null : strings[0]; + mainPrincipal = securityService.getPollenPrincipalById(credentialParam); + } + PollenSecurityContext securityContext = - applicationContext.newSecurityContext(sessionToken); - serviceContext.setSecurityContext(securityContext); + applicationContext.newSecurityContext(sessionToken, mainPrincipal); + + return securityContext; } + } Added: trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/RoleRequired.java =================================================================== --- trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/RoleRequired.java (rev 0) +++ trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/RoleRequired.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -0,0 +1,22 @@ +package org.chorem.pollen.rest.api; + +import org.chorem.pollen.services.service.security.SecurityRole; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +/** + * Created on 5/3/14. + * + * @author Tony Chemit <chemit@codelutin.com> + * @since 2.0 + */ +@Target(ElementType.METHOD) +@Retention(RetentionPolicy.RUNTIME) +public @interface RoleRequired { + + SecurityRole value(); + +} Property changes on: trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/RoleRequired.java ___________________________________________________________________ Added: svn:keywords + Author Date Id Revision Added: svn:eol-style + native Modified: trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/ChoiceService.java =================================================================== --- trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/ChoiceService.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/ChoiceService.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -39,28 +39,26 @@ public class ChoiceService extends WebMotionController { public List<Choice> getChoices(PollenRestApiRequestContext context, String pollId) { - context.getSecurityService().prepareSubject((String) null); List<Choice> choices = context.getChoiceService().getChoices(pollId); return choices; } public Choice getChoice(PollenRestApiRequestContext context, String pollId, String choiceId) { - context.getSecurityService().prepareSubject(choiceId); - return context.getChoiceService().getChoice(pollId, choiceId); + Choice choice = context.getChoiceService().getChoice(pollId, choiceId); + return choice; } public Choice addChoice(PollenRestApiRequestContext context, String pollId, Choice choice) throws InvalidFormException { - context.getSecurityService().prepareSubject(pollId); - return context.getChoiceService().addChoice(pollId, choice); + Choice createdChoice = context.getChoiceService().addChoice(pollId, choice); + return createdChoice; } public Choice editChoice(PollenRestApiRequestContext context, String pollId, Choice choice) throws InvalidFormException { - context.getSecurityService().prepareSubject(choice); - return context.getChoiceService().editChoice(pollId, choice); + Choice editedChoice = context.getChoiceService().editChoice(pollId, choice); + return editedChoice; } public void deleteChoice(PollenRestApiRequestContext context, String pollId, String choiceId) { - context.getSecurityService().prepareSubject(choiceId); context.getChoiceService().deleteChoice(pollId, choiceId); } } \ No newline at end of file Modified: trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/CommentService.java =================================================================== --- trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/CommentService.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/CommentService.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -39,28 +39,26 @@ public class CommentService extends WebMotionController { public List<Comment> getComments(PollenRestApiRequestContext context, String pollId) { - context.getSecurityService().prepareSubject(pollId); List<Comment> comments = context.getCommentService().getComments(pollId); return comments; } public Comment getComment(PollenRestApiRequestContext context, String pollId, String commentId) { - context.getSecurityService().prepareSubject(commentId); - return context.getCommentService().getComment(pollId, commentId); + Comment comment = context.getCommentService().getComment(pollId, commentId); + return comment; } public Comment addComment(PollenRestApiRequestContext context, String pollId, Comment comment) throws InvalidFormException { - context.getSecurityService().prepareSubject(pollId); - return context.getCommentService().addComment(pollId, comment); + Comment createdComment = context.getCommentService().addComment(pollId, comment); + return createdComment; } public Comment editComment(PollenRestApiRequestContext context, String pollId, Comment comment) throws InvalidFormException { - context.getSecurityService().prepareSubject(comment); - return context.getCommentService().editComment(pollId, comment); + Comment editedComment = context.getCommentService().editComment(pollId, comment); + return editedComment; } public void deleteComment(PollenRestApiRequestContext context, String pollId, String commentId) { - context.getSecurityService().prepareSubject(commentId); context.getCommentService().deleteComment(pollId, commentId); } } Modified: trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/FavoriteListService.java =================================================================== --- trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/FavoriteListService.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/FavoriteListService.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -26,8 +26,10 @@ import org.chorem.pollen.persistence.entity.FavoriteList; import org.chorem.pollen.persistence.entity.FavoriteListMember; import org.chorem.pollen.rest.api.PollenRestApiRequestContext; +import org.chorem.pollen.rest.api.RoleRequired; import org.chorem.pollen.services.exception.FavoriteListImportException; import org.chorem.pollen.services.exception.InvalidFormException; +import org.chorem.pollen.services.service.security.SecurityRole; import org.debux.webmotion.server.WebMotionController; import java.io.File; @@ -42,53 +44,73 @@ */ public class FavoriteListService extends WebMotionController { - public List<FavoriteList> getFavoriteLists(PollenRestApiRequestContext context, String userId) { - List<FavoriteList> favoriteLists = context.getFavoriteListService().getFavoriteLists(userId); + @RoleRequired(SecurityRole.connected) + public List<FavoriteList> getFavoriteLists(PollenRestApiRequestContext context) { + List<FavoriteList> favoriteLists = context.getFavoriteListService().getFavoriteLists(); return favoriteLists; } - public FavoriteList getFavoriteList(PollenRestApiRequestContext context, String userId, String favoriteListId) { - return context.getFavoriteListService().getFavoriteList(userId, favoriteListId); + @RoleRequired(SecurityRole.connected) + public FavoriteList getFavoriteList(PollenRestApiRequestContext context, String favoriteListId) { + FavoriteList favoriteList = context.getFavoriteListService().getFavoriteList(favoriteListId); + return favoriteList; } - public FavoriteList createFavoriteList(PollenRestApiRequestContext context, String userId, FavoriteList favoriteList) throws InvalidFormException { - return context.getFavoriteListService().createFavoriteList(userId, favoriteList); + @RoleRequired(SecurityRole.connected) + public FavoriteList createFavoriteList(PollenRestApiRequestContext context, FavoriteList favoriteList) throws InvalidFormException { + FavoriteList createdFavoriteList = context.getFavoriteListService().createFavoriteList(favoriteList); + return createdFavoriteList; } - public FavoriteList editFavoriteList(PollenRestApiRequestContext context, String userId, FavoriteList favoriteList) throws InvalidFormException { - return context.getFavoriteListService().editFavoriteList(userId, favoriteList); + @RoleRequired(SecurityRole.connected) + public FavoriteList editFavoriteList(PollenRestApiRequestContext context, FavoriteList favoriteList) throws InvalidFormException { + FavoriteList editedFavoriteList = context.getFavoriteListService().editFavoriteList(favoriteList); + return editedFavoriteList; } - public void deleteFavoriteList(PollenRestApiRequestContext context, String userId, String favoriteListId) { - context.getFavoriteListService().deleteFavoriteList(userId, favoriteListId); + @RoleRequired(SecurityRole.connected) + public void deleteFavoriteList(PollenRestApiRequestContext context, String favoriteListId) { + context.getFavoriteListService().deleteFavoriteList(favoriteListId); } - public int importFavoriteListMembersFromCsv(PollenRestApiRequestContext context, String userId, String favoriteListId, File csvFile) throws FavoriteListImportException { - return context.getFavoriteListService().importFavoriteListMembersFromCsv(userId, favoriteListId, csvFile); + @RoleRequired(SecurityRole.connected) + public int importFavoriteListMembersFromCsv(PollenRestApiRequestContext context, String favoriteListId, File csvFile) throws FavoriteListImportException { + int i = context.getFavoriteListService().importFavoriteListMembersFromCsv(favoriteListId, csvFile); + return i; } - public int importFavoriteListMembersFromLdap(PollenRestApiRequestContext context, String userId, String favoriteListId, String ldap) throws FavoriteListImportException { - return context.getFavoriteListService().importFavoriteListMembersFromLdap(userId, favoriteListId, ldap); + @RoleRequired(SecurityRole.connected) + public int importFavoriteListMembersFromLdap(PollenRestApiRequestContext context, String favoriteListId, String ldap) throws FavoriteListImportException { + int i = context.getFavoriteListService().importFavoriteListMembersFromLdap(favoriteListId, ldap); + return i; } - public LinkedHashSet<FavoriteListMember> getMembers(PollenRestApiRequestContext context, String userId, String favoriteListId) { - LinkedHashSet<FavoriteListMember> members = context.getFavoriteListService().getFavoriteListMembers(userId, favoriteListId); + @RoleRequired(SecurityRole.connected) + public LinkedHashSet<FavoriteListMember> getMembers(PollenRestApiRequestContext context, String favoriteListId) { + LinkedHashSet<FavoriteListMember> members = context.getFavoriteListService().getFavoriteListMembers(favoriteListId); return members; } - public FavoriteListMember getMember(PollenRestApiRequestContext context, String userId, String favoriteListId, String memberId) { - return context.getFavoriteListService().getFavoriteListMember(userId, favoriteListId, memberId); + @RoleRequired(SecurityRole.connected) + public FavoriteListMember getMember(PollenRestApiRequestContext context, String favoriteListId, String memberId) { + FavoriteListMember member = context.getFavoriteListService().getFavoriteListMember(favoriteListId, memberId); + return member; } - public FavoriteListMember addMember(PollenRestApiRequestContext context, String userId, String favoriteListId, FavoriteListMember member) throws InvalidFormException { - return context.getFavoriteListService().addFavoriteListMember(userId, favoriteListId, member); + @RoleRequired(SecurityRole.connected) + public FavoriteListMember addMember(PollenRestApiRequestContext context, String favoriteListId, FavoriteListMember member) throws InvalidFormException { + FavoriteListMember createdMember = context.getFavoriteListService().addFavoriteListMember(favoriteListId, member); + return createdMember; } - public FavoriteListMember editMember(PollenRestApiRequestContext context, String userId, String favoriteListId, FavoriteListMember member) throws InvalidFormException { - return context.getFavoriteListService().editFavoriteListMember(userId, favoriteListId, member); + @RoleRequired(SecurityRole.connected) + public FavoriteListMember editMember(PollenRestApiRequestContext context, String favoriteListId, FavoriteListMember member) throws InvalidFormException { + FavoriteListMember editedMember = context.getFavoriteListService().editFavoriteListMember(favoriteListId, member); + return editedMember; } - public void removeMember(PollenRestApiRequestContext context, String userId, String favoriteListId, String memberId) { - context.getFavoriteListService().removeFavoriteListMember(userId, favoriteListId, memberId); + @RoleRequired(SecurityRole.connected) + public void removeMember(PollenRestApiRequestContext context, String favoriteListId, String memberId) { + context.getFavoriteListService().removeFavoriteListMember(favoriteListId, memberId); } } Modified: trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/PollService.java =================================================================== --- trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/PollService.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/PollService.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -25,7 +25,9 @@ import org.chorem.pollen.persistence.entity.Poll; import org.chorem.pollen.rest.api.PollenRestApiRequestContext; +import org.chorem.pollen.rest.api.RoleRequired; import org.chorem.pollen.services.exception.InvalidFormException; +import org.chorem.pollen.services.service.security.SecurityRole; import org.debux.webmotion.server.WebMotionController; import java.io.File; @@ -40,60 +42,64 @@ public class PollService extends WebMotionController { public Poll getNewPoll(PollenRestApiRequestContext context) { - return context.getPollService().getNewPoll(); + Poll newPoll = context.getPollService().getNewPoll(); + return newPoll; } + @RoleRequired(SecurityRole.administrator) public Set<Poll> getPolls(PollenRestApiRequestContext context) { Set<Poll> polls = context.getPollService().getPolls(); return polls; } + @RoleRequired(SecurityRole.connected) public Set<Poll> getCreatedPolls(PollenRestApiRequestContext context) { Set<Poll> polls = context.getPollService().getCreatedPolls(); return polls; } + @RoleRequired(SecurityRole.connected) public Set<Poll> getInvitedPolls(PollenRestApiRequestContext context) { Set<Poll> polls = context.getPollService().getInvitedPolls(); return polls; } + @RoleRequired(SecurityRole.connected) public Set<Poll> getParticipatedPolls(PollenRestApiRequestContext context) { Set<Poll> polls = context.getPollService().getParticipatedPolls(); return polls; } public Poll getPoll(PollenRestApiRequestContext context, String pollId) { - context.getSecurityService().prepareSubject((String) null); - return context.getPollService().getPoll(pollId); + Poll poll = context.getPollService().getPoll(pollId); + return poll; } public Poll createPoll(PollenRestApiRequestContext context, Poll poll) throws InvalidFormException { - return context.getPollService().createPoll(poll); + Poll createdPoll = context.getPollService().createPoll(poll); + return createdPoll; } public Poll editPoll(PollenRestApiRequestContext context, Poll poll) throws InvalidFormException { - context.getSecurityService().prepareSubject(poll); - return context.getPollService().editPoll(poll); + Poll editedPoll = context.getPollService().editPoll(poll); + return editedPoll; } public void deletePoll(PollenRestApiRequestContext context, String pollId) { - context.getSecurityService().prepareSubject(pollId); context.getPollService().deletePoll(pollId); } public Poll clonePoll(PollenRestApiRequestContext context, String pollId) { - context.getSecurityService().prepareSubject(pollId); - return context.getPollService().clonePoll(pollId); + Poll clonedPoll = context.getPollService().clonePoll(pollId); + return clonedPoll; } public void closePoll(PollenRestApiRequestContext context, String pollId) { - context.getSecurityService().prepareSubject(pollId); context.getPollService().closePoll(pollId); } public File exportPoll(PollenRestApiRequestContext context, String pollId) { - context.getSecurityService().prepareSubject(pollId); - return context.getPollService().exportPoll(pollId); + File exportedPollFile = context.getPollService().exportPoll(pollId); + return exportedPollFile; } } Modified: trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/PollenUserService.java =================================================================== --- trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/PollenUserService.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/PollenUserService.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -25,9 +25,11 @@ import org.chorem.pollen.persistence.entity.PollenUser; import org.chorem.pollen.rest.api.PollenRestApiRequestContext; +import org.chorem.pollen.rest.api.RoleRequired; import org.chorem.pollen.services.exception.InvalidFormException; import org.chorem.pollen.services.exception.UserInvalidEmailActivationTokenException; import org.chorem.pollen.services.exception.UserInvalidPasswordException; +import org.chorem.pollen.services.service.security.SecurityRole; import org.debux.webmotion.server.WebMotionController; import java.util.List; @@ -40,25 +42,29 @@ */ public class PollenUserService extends WebMotionController { + @RoleRequired(SecurityRole.administrator) public List<PollenUser> getUsers(PollenRestApiRequestContext context) { List<PollenUser> users = context.getPollenUserService().getUsers(); return users; } public PollenUser getUser(PollenRestApiRequestContext context, String userId) { - return context.getPollenUserService().getUser(userId); + PollenUser user = context.getPollenUserService().getUser(userId); + return user; } public PollenUser createUser(PollenRestApiRequestContext context, PollenUser user, boolean generatePassword) throws InvalidFormException { - return context.getPollenUserService().createUser(user, generatePassword); + PollenUser createdUser = context.getPollenUserService().createUser(user, generatePassword); + return createdUser; } public PollenUser editUser(PollenRestApiRequestContext context, PollenUser user) throws InvalidFormException { - return context.getPollenUserService().editUser(user); + PollenUser editedUser = context.getPollenUserService().editUser(user); + return editedUser; } public void deleteUser(PollenRestApiRequestContext context, String userId) throws InvalidFormException { Modified: trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/VoteCountingService.java =================================================================== --- trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/VoteCountingService.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/VoteCountingService.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -36,6 +36,7 @@ public class VoteCountingService extends WebMotionController { public PollResult getResult(PollenRestApiRequestContext context, String pollId) { - return context.getVoteCountingService().getResult(pollId); + PollResult result = context.getVoteCountingService().getResult(pollId); + return result; } } Modified: trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/VoteService.java =================================================================== --- trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/VoteService.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/VoteService.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -39,28 +39,26 @@ public class VoteService extends WebMotionController { public List<Vote> getVotes(PollenRestApiRequestContext context, String pollId) { - context.getSecurityService().prepareSubject(pollId); List<Vote> votes = context.getVoteService().getVotes(pollId); return votes; } public Vote getVote(PollenRestApiRequestContext context, String pollId, String voteId) { - context.getSecurityService().prepareSubject(voteId); - return context.getVoteService().getVote(pollId, voteId); + Vote vote = context.getVoteService().getVote(pollId, voteId); + return vote; } public Vote addVote(PollenRestApiRequestContext context, String pollId, Vote vote) throws InvalidFormException { - context.getSecurityService().prepareSubject(pollId); - return context.getVoteService().addVote(pollId, vote); + Vote createdVote = context.getVoteService().addVote(pollId, vote); + return createdVote; } public Vote editVote(PollenRestApiRequestContext context, String pollId, Vote vote) throws InvalidFormException { - context.getSecurityService().prepareSubject(vote); - return context.getVoteService().editVote(pollId, vote); + Vote editedVote = context.getVoteService().editVote(pollId, vote); + return editedVote; } public void deleteVote(PollenRestApiRequestContext context, String pollId, String voteId) { - context.getSecurityService().prepareSubject(voteId); context.getVoteService().deleteVote(pollId, voteId); } } Modified: trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/VoterListService.java =================================================================== --- trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/VoterListService.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-rest-api/src/main/java/org/chorem/pollen/rest/api/v1/VoterListService.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -26,7 +26,9 @@ import org.chorem.pollen.persistence.entity.VoterList; import org.chorem.pollen.persistence.entity.VoterListMember; import org.chorem.pollen.rest.api.PollenRestApiRequestContext; +import org.chorem.pollen.rest.api.RoleRequired; import org.chorem.pollen.services.exception.InvalidFormException; +import org.chorem.pollen.services.service.security.SecurityRole; import org.debux.webmotion.server.WebMotionController; import java.util.List; @@ -40,59 +42,57 @@ */ public class VoterListService extends WebMotionController { - public VoterList importFavoriteList(PollenRestApiRequestContext context, String userId, String pollId, String favoriteListId) { - return context.getVoterListService().importFavoriteList(userId, pollId, favoriteListId); + @RoleRequired(SecurityRole.connected) + public VoterList importFavoriteList(PollenRestApiRequestContext context, String pollId, String favoriteListId) { + VoterList importVoterList = context.getVoterListService().importFavoriteList(pollId, favoriteListId); + return importVoterList; } public List<VoterList> getVoterLists(PollenRestApiRequestContext context, String pollId) { - context.getSecurityService().prepareSubject(pollId); List<VoterList> voterLists = context.getVoterListService().getVoterLists(pollId); return voterLists; } public VoterList getVoterList(PollenRestApiRequestContext context, String pollId, String voterListId) { - context.getSecurityService().prepareSubject(voterListId); - return context.getVoterListService().getVoterList(pollId, voterListId); + VoterList voterList = context.getVoterListService().getVoterList(pollId, voterListId); + return voterList; } public VoterList createVoterList(PollenRestApiRequestContext context, String pollId, VoterList voterList) throws InvalidFormException { - context.getSecurityService().prepareSubject(pollId); - return context.getVoterListService().addVoterList(pollId, voterList); + VoterList createdVoterList = context.getVoterListService().addVoterList(pollId, voterList); + return createdVoterList; } public VoterList editVoterList(PollenRestApiRequestContext context, String pollId, VoterList voterList) throws InvalidFormException { - context.getSecurityService().prepareSubject(voterList); - return context.getVoterListService().editVoterList(pollId, voterList); + VoterList editedVoterList = context.getVoterListService().editVoterList(pollId, voterList); + return editedVoterList; } public void deleteVoterList(PollenRestApiRequestContext context, String pollId, String voterListId) { - context.getSecurityService().prepareSubject(voterListId); context.getVoterListService().deleteVoterList(pollId, voterListId); } public Set<VoterListMember> getMembers(PollenRestApiRequestContext context, String pollId, String voterListId) { - context.getSecurityService().prepareSubject(voterListId); Set<VoterListMember> members = context.getVoterListService().getVoterListMembers(pollId, voterListId); return members; } public VoterListMember getMember(PollenRestApiRequestContext context, String pollId, String voterListId, String memberId) { - context.getSecurityService().prepareSubject(memberId); - return context.getVoterListService().getVoterListMember(pollId, voterListId, memberId); + VoterListMember member = context.getVoterListService().getVoterListMember(pollId, voterListId, memberId); + return member; } public VoterListMember addMember(PollenRestApiRequestContext context, String pollId, String voterListId, VoterListMember member) throws InvalidFormException { - context.getSecurityService().prepareSubject(member); - return context.getVoterListService().addVoterListMember(pollId, voterListId, member); + VoterListMember createdMember = context.getVoterListService().addVoterListMember(pollId, voterListId, member); + return createdMember; } public VoterListMember editMember(PollenRestApiRequestContext context, String pollId, String voterListId, VoterListMember member) throws InvalidFormException { - context.getSecurityService().prepareSubject(member); - return context.getVoterListService().editVoterListMember(pollId, voterListId, member); + VoterListMember editedMember = context.getVoterListService().editVoterListMember(pollId, voterListId, member); + return editedMember; } public void deleteMember(PollenRestApiRequestContext context, String pollId, String voterListId, String memberId) { - context.getSecurityService().prepareSubject(memberId); context.getVoterListService().deleteVoterListMember(pollId, voterListId, memberId); } } Modified: trunk/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/AbstractPollenRestApiTest.java =================================================================== --- trunk/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/AbstractPollenRestApiTest.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/AbstractPollenRestApiTest.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -23,24 +23,22 @@ * #L% */ -import org.apache.commons.io.FileUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.chorem.pollen.persistence.PollenPersistenceContext; +import org.chorem.pollen.persistence.entity.PollenPrincipal; import org.chorem.pollen.persistence.entity.SessionToken; import org.chorem.pollen.services.PollenServiceContext; -import org.chorem.pollen.services.config.PollenServiceConfig; import org.chorem.pollen.services.service.security.PollenSecurityContext; +import org.chorem.pollen.services.test.FakePollenApplicationContext; import org.chorem.pollen.services.test.FakePollenSecurityContext; import org.chorem.pollen.services.test.FakePollenServiceContext; -import org.chorem.pollen.services.test.PollenApplication; import org.debux.webmotion.unittest.WebMotionTest; import org.junit.After; import org.junit.Before; import org.junit.Rule; import org.nuiton.util.DateUtil; -import java.io.File; import java.io.IOException; import java.util.Locale; @@ -56,8 +54,13 @@ private static final Log log = LogFactory.getLog(AbstractPollenRestApiTest.class); @Rule - public final PollenApplication application = new PollenApplication("pollen-rest-api.properties"); + public final FakePollenApplicationContext application = new FakePollenApplicationContext("pollen-rest-api.properties"); + @Override + protected int getPort() { + return application.getPort(); + } + protected void loadFixtures(String fixturesSetName) { PollenRestApiApplicationContext applicationContext = PollenRestApiApplicationContext.getApplicationContext(); @@ -76,24 +79,26 @@ public void startServer() throws Exception { PollenRestApiApplicationContext applicationContext = - new PollenRestApiApplicationContext(application.getConfiguration(), - application.getApplicationContext()) { + new PollenRestApiApplicationContext(application.getApplicationConfig(), + application.getTopiaApplicationContext()) { @Override public PollenServiceContext newServiceContext(PollenPersistenceContext persistenceContext, Locale locale) { FakePollenServiceContext serviceContext = FakePollenServiceContext.newServiceContext( DateUtil.createDate(1, 1, 2014), Locale.FRANCE, - application.getConfiguration(), - application.getApplicationContext(), - application.newPersistenceContext(), - new FakePollenSecurityContext()); + application.getApplicationConfig(), + application.getTopiaApplicationContext(), + application.newPersistenceContext()); return serviceContext; } @Override - public PollenSecurityContext newSecurityContext(SessionToken sessionToken) { - return new FakePollenSecurityContext(); + public PollenSecurityContext newSecurityContext(SessionToken sessionToken, PollenPrincipal mainPrincipal) { + FakePollenSecurityContext securityContext = new FakePollenSecurityContext(); + securityContext.setMainPrincipal(mainPrincipal); + securityContext.setSessionToken(sessionToken); + return securityContext; } }; applicationContext.init(); @@ -118,16 +123,19 @@ server.destroy(); } - protected void saveTestResult(String content) throws IOException { + protected void showTestResult(String content) throws IOException { String testName = application.getMethodName(); - - PollenServiceConfig applicationConfig = PollenRestApiApplicationContext.getApplicationContext().getApplicationConfig(); - File dataDirectory = applicationConfig.getDataDirectory(); - File resultFile = new File(dataDirectory, testName); - FileUtils.write(resultFile, content); if (log.isInfoEnabled()) { - log.info("ResultFile: " + resultFile); + log.info("test *" + testName + "* result\n" + content); } + +// PollenServiceConfig applicationConfig = PollenRestApiApplicationContext.getTopiaApplicationContext().getApplicationConfig(); +// File dataDirectory = applicationConfig.getDataDirectory(); +// File resultFile = new File(dataDirectory, testName); +// FileUtils.write(resultFile, content); +// if (log.isInfoEnabled()) { +// log.info("ResultFile: " + resultFile); +// } } } Modified: trunk/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/PollServiceTest.java =================================================================== --- trunk/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/PollServiceTest.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/PollServiceTest.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -6,6 +6,7 @@ import org.chorem.pollen.persistence.entity.Poll; import org.chorem.pollen.persistence.entity.PollType; import org.chorem.pollen.persistence.entity.VoteVisibility; +import org.chorem.pollen.services.PollenFixtures; import org.junit.Before; import org.junit.Ignore; import org.junit.Test; @@ -21,7 +22,6 @@ * @author Tony Chemit <chemit@codelutin.com> * @since 2.0 */ -@Ignore public class PollServiceTest extends AbstractPollenRestApiTest { @Before @@ -34,49 +34,55 @@ public void getPollsNew() throws URISyntaxException, IOException { Request request = createRequest("/v1/polls/new").Get(); String content = request.execute().returnContent().asString(); - saveTestResult(content); + showTestResult(content); assertNotNull(content); } + @Ignore @Test public void getPolls() throws URISyntaxException, IOException { + + //TODO Login as admin before Request request = createRequest("/v1/polls").Get(); String content = request.execute().returnContent().asString(); - saveTestResult(content); + showTestResult(content); assertNotNull(content); } + @Ignore @Test public void getPollsCreated() throws URISyntaxException, IOException { Request request = createRequest("/v1/polls/created").Get(); String content = request.execute().returnContent().asString(); - saveTestResult(content); + showTestResult(content); assertNotNull(content); } + @Ignore @Test public void getPollsInvited() throws URISyntaxException, IOException { Request request = createRequest("/v1/polls/invited").Get(); String content = request.execute().returnContent().asString(); - saveTestResult(content); + showTestResult(content); assertNotNull(content); } + @Ignore @Test public void getPollsParticipated() throws URISyntaxException, IOException { Request request = createRequest("/v1/polls/participated").Get(); String content = request.execute().returnContent().asString(); - saveTestResult(content); + showTestResult(content); assertNotNull(content); } @Test public void getPoll() throws URISyntaxException, IOException { - Poll poll = fixture("poll_simplePoll"); + Poll poll = fixture(PollenFixtures.POLL_NORMAL_ID); String pollId = poll.getTopiaId(); Request request = createRequest("/v1/polls/" + pollId).Get(); String content = request.execute().returnContent().asString(); - saveTestResult(content); + showTestResult(content); assertNotNull(content); } @@ -94,62 +100,63 @@ addParameter("poll.choice[0].name", "choiceA"). Post(); String content = request.execute().returnContent().asString(); - saveTestResult(content); + showTestResult(content); assertNotNull(content); } @Ignore @Test public void putPoll() throws URISyntaxException, IOException { - Poll poll = fixture("poll_simplePoll"); + Poll poll = fixture(PollenFixtures.POLL_NORMAL_ID); String pollId = poll.getTopiaId(); Request request = createRequest("/v1/polls/" + pollId).Put(); String content = request.execute().returnContent().asString(); - saveTestResult(content); + showTestResult(content); assertNotNull(content); } - @Ignore @Test public void deletePoll() throws URISyntaxException, IOException { - Poll poll = fixture("poll_simplePoll"); + Poll poll = fixture(PollenFixtures.POLL_NORMAL_ID); String pollId = poll.getTopiaId(); - Request request = createRequest("/v1/polls/" + pollId).Delete(); + Request request = createRequest("/v1/polls/" + pollId) + .addParameter(PollenRestApiRequestFilter.REQUEST_CREDENTIAL_PARAMETER, poll.getCreator().getTopiaId()) + .Delete(); String content = request.execute().returnContent().asString(); - saveTestResult(content); + showTestResult(content); assertNotNull(content); } @Ignore @Test public void clonePoll() throws URISyntaxException, IOException { - Poll poll = fixture("poll_simplePoll"); + Poll poll = fixture(PollenFixtures.POLL_NORMAL_ID); String pollId = poll.getTopiaId(); Request request = createRequest("/v1/polls/" + pollId).Post(); String content = request.execute().returnContent().asString(); - saveTestResult(content); + showTestResult(content); assertNotNull(content); } @Ignore @Test public void exportPoll() throws URISyntaxException, IOException { - Poll poll = fixture("poll_simplePoll"); + Poll poll = fixture(PollenFixtures.POLL_NORMAL_ID); String pollId = poll.getTopiaId(); Request request = createRequest("/v1/polls/" + pollId + "/export").Get(); String content = request.execute().returnContent().asString(); - saveTestResult(content); + showTestResult(content); assertNotNull(content); } @Ignore @Test public void closePoll() throws URISyntaxException, IOException { - Poll poll = fixture("poll_simplePoll"); + Poll poll = fixture(PollenFixtures.POLL_NORMAL_ID); String pollId = poll.getTopiaId(); Request request = createRequest("/v1/polls/" + pollId + "/close").Post(); String content = request.execute().returnContent().asString(); - saveTestResult(content); + showTestResult(content); assertNotNull(content); } } Modified: trunk/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/PollenUserServiceTest.java =================================================================== --- trunk/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/PollenUserServiceTest.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-rest-api/src/test/java/org/chorem/pollen/rest/api/PollenUserServiceTest.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -50,7 +50,7 @@ Request request = createRequest("/v1/users").Get(); String content = request.execute().returnContent().asString(); - saveTestResult(content); + showTestResult(content); assertTrue(content.contains("email")); } @@ -59,7 +59,7 @@ String userId = ""; Request request = createRequest("/v1/users/" + userId).Get(); String content = request.execute().returnContent().asString(); - saveTestResult(content); + showTestResult(content); assertTrue(content.contains("email")); } @@ -68,7 +68,7 @@ public void postUser() throws Exception { Request request = createRequest("/v1/users").Post(); String content = request.execute().returnContent().asString(); - saveTestResult(content); + showTestResult(content); assertTrue(content.contains("email2")); } @@ -78,7 +78,7 @@ String userId = ""; Request request = createRequest("/v1/users/" + userId).Get(); String content = request.execute().returnContent().asString(); - saveTestResult(content); + showTestResult(content); assertTrue(content.contains("email3")); } @@ -88,7 +88,7 @@ String userId = ""; Request request = createRequest("/v1/users/" + userId).Delete(); String content = request.execute().returnContent().asString(); - saveTestResult(content); + showTestResult(content); assertTrue(content.contains("OK!")); } @@ -99,7 +99,7 @@ String token = ""; Request request = createRequest("/v1/users/" + userId + "?token=" + token).Put(); String content = request.execute().returnContent().asString(); - saveTestResult(content); + showTestResult(content); assertTrue(content.contains("OK!")); } } Added: trunk/pollen-services/src/main/java/org/chorem/pollen/services/PollenApplicationContext.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/PollenApplicationContext.java (rev 0) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/PollenApplicationContext.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -0,0 +1,30 @@ +package org.chorem.pollen.services; + +import org.chorem.pollen.persistence.PollenPersistenceContext; +import org.chorem.pollen.persistence.PollenTopiaApplicationContext; +import org.chorem.pollen.persistence.PollenTopiaPersistenceContext; +import org.chorem.pollen.persistence.entity.PollenPrincipal; +import org.chorem.pollen.persistence.entity.SessionToken; +import org.chorem.pollen.services.config.PollenServiceConfig; +import org.chorem.pollen.services.service.security.PollenSecurityContext; + +import java.util.Locale; + +/** + * Created on 5/4/14. + * + * @author Tony Chemit <chemit@codelutin.com> + * @since 2.0 + */ +public interface PollenApplicationContext { + + PollenTopiaApplicationContext getTopiaApplicationContext(); + + PollenServiceConfig getApplicationConfig(); + + PollenTopiaPersistenceContext newPersistenceContext(); + + PollenServiceContext newServiceContext(PollenPersistenceContext persistenceContext, Locale locale); + + PollenSecurityContext newSecurityContext(SessionToken sessionToken, PollenPrincipal mainPrincipal); +} Property changes on: trunk/pollen-services/src/main/java/org/chorem/pollen/services/PollenApplicationContext.java ___________________________________________________________________ Added: svn:keywords + Author Date Id Revision Added: svn:eol-style + native Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/PollenFixtures.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/PollenFixtures.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/PollenFixtures.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -45,6 +45,8 @@ public class PollenFixtures { + public static final String POLL_NORMAL_ID = "poll_normal"; + protected Map<String, Object> fixtures; public PollenFixtures(String fixturesName) { Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/AuthService.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/AuthService.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/AuthService.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -30,7 +30,6 @@ import org.chorem.pollen.persistence.entity.SessionToken; import org.chorem.pollen.persistence.entity.SessionTokenTopiaDao; import org.chorem.pollen.services.exception.EntityNotFoundException; -import org.chorem.pollen.services.exception.InvalidSessionTokenException; import org.chorem.pollen.services.exception.UserInvalidPasswordException; /** @@ -104,14 +103,4 @@ commit(); } - public SessionToken getUserByAuth(String authParam) throws InvalidSessionTokenException { - - SessionToken sessionToken = getSessionTokenDao().findByTopiaId(authParam); - if (sessionToken == null) { - throw new InvalidSessionTokenException(); - } - - return sessionToken; - } - } Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/ChoiceService.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/ChoiceService.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/ChoiceService.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -56,7 +56,7 @@ public Choice getChoice(String pollId, String choiceId) { Preconditions.checkNotNull(pollId); Preconditions.checkNotNull(choiceId); - checkPermission(PermissionVerb.editChoice, choiceId); + checkPermission(PermissionVerb.readChoice, choiceId); Poll poll = getPollService().getPoll(pollId); Choice result = getChoice(poll, choiceId); @@ -69,7 +69,7 @@ checkIsNotPersisted(choice); Poll poll = getPollService().getPoll(pollId); - checkPermission(PermissionVerb.addChoice, pollId); + checkPermission(PermissionVerb.editPoll, pollId); checkChoiceForm(poll, choice); @@ -138,7 +138,7 @@ choiceToPersist = choiceDao.newInstance(); // create a new principal - PollenPrincipal principal = getSecurityService().generatePrincipal(); + PollenPrincipal principal = getSecurityService().generatePollenPrincipal(); PollenPrincipal creator = choice.getCreator(); if (creator != null) { Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/CommentService.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/CommentService.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/CommentService.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -148,7 +148,7 @@ // -- author -- // - PollenPrincipal author = getSecurityService().generatePrincipal(); + PollenPrincipal author = getSecurityService().generatePollenPrincipal(); toSave.setAuthor(author); poll.addComment(toSave); Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/FavoriteListService.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/FavoriteListService.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/FavoriteListService.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -65,31 +65,29 @@ */ public class FavoriteListService extends PollenServiceSupport { - public List<FavoriteList> getFavoriteLists(String userId) { - Preconditions.checkNotNull(userId); - PollenUser user = getUserService().getUser(userId); + public List<FavoriteList> getFavoriteLists() { + PollenUser user = getConnectedUser(); List<FavoriteList> result = user.getFavoriteList(); return result; } - public FavoriteList getFavoriteList(String userId, String favoriteListId) { - Preconditions.checkNotNull(userId); + public FavoriteList getFavoriteList(String favoriteListId) { + Preconditions.checkNotNull(favoriteListId); - PollenUser user = getUserService().getUser(userId); + PollenUser user = getConnectedUser(); FavoriteList result = getFavoriteList(user, favoriteListId); return result; } - public FavoriteList createFavoriteList(String userId, - FavoriteList favoriteList) throws InvalidFormException { - Preconditions.checkNotNull(userId); + public FavoriteList createFavoriteList(FavoriteList favoriteList) throws InvalidFormException { + Preconditions.checkNotNull(favoriteList); checkIsNotPersisted(favoriteList); - PollenUser user = getUserService().getUser(userId); + PollenUser user = getConnectedUser(); checkFavoriteListForm(user, favoriteList); @@ -103,13 +101,12 @@ return toSave; } - public FavoriteList editFavoriteList(String userId, - FavoriteList favoriteList) throws InvalidFormException { + public FavoriteList editFavoriteList(FavoriteList favoriteList) throws InvalidFormException { Preconditions.checkNotNull(favoriteList); checkIsPersisted(favoriteList); // get user - PollenUser user = getUserService().getUser(userId); + PollenUser user = getConnectedUser(); // get list to save FavoriteList toSave = getFavoriteList(user, favoriteList.getTopiaId()); @@ -124,11 +121,11 @@ return toSave; } - public void deleteFavoriteList(String userId, String favoriteListId) { - Preconditions.checkNotNull(userId); + public void deleteFavoriteList(String favoriteListId) { + Preconditions.checkNotNull(favoriteListId); - PollenUser user = getUserService().getUser(userId); + PollenUser user = getConnectedUser(); FavoriteList persisted = getFavoriteList(user, favoriteListId); @@ -138,23 +135,23 @@ commit(); } - public LinkedHashSet<FavoriteListMember> getFavoriteListMembers(String userId, String favoriteListId) { - Preconditions.checkNotNull(userId); + public LinkedHashSet<FavoriteListMember> getFavoriteListMembers(String favoriteListId) { + Preconditions.checkNotNull(favoriteListId); - PollenUser user = getUserService().getUser(userId); + PollenUser user = getConnectedUser(); FavoriteList favoriteList = getFavoriteList(user, favoriteListId); return favoriteList.getMember(); } - public FavoriteListMember getFavoriteListMember(String userId, String favoriteListId, String memberId) { - Preconditions.checkNotNull(userId); + public FavoriteListMember getFavoriteListMember(String favoriteListId, String memberId) { + Preconditions.checkNotNull(favoriteListId); Preconditions.checkNotNull(memberId); - PollenUser user = getUserService().getUser(userId); + PollenUser user = getConnectedUser(); FavoriteList favoriteList = getFavoriteList(user, favoriteListId); @@ -162,15 +159,14 @@ return result; } - public FavoriteListMember addFavoriteListMember(String userId, - String favoriteListId, + public FavoriteListMember addFavoriteListMember(String favoriteListId, FavoriteListMember member) throws InvalidFormException { - Preconditions.checkNotNull(userId); + Preconditions.checkNotNull(favoriteListId); Preconditions.checkNotNull(member); checkIsNotPersisted(member); - PollenUser user = getUserService().getUser(userId); + PollenUser user = getConnectedUser(); FavoriteList favoriteList = getFavoriteList(user, favoriteListId); @@ -187,16 +183,15 @@ return newMember; } - public FavoriteListMember editFavoriteListMember(String userId, - String favoriteListId, + public FavoriteListMember editFavoriteListMember(String favoriteListId, FavoriteListMember member) throws InvalidFormException { - Preconditions.checkNotNull(userId); + Preconditions.checkNotNull(favoriteListId); Preconditions.checkNotNull(member); checkIsPersisted(member); - PollenUser user = getUserService().getUser(userId); + PollenUser user = getConnectedUser(); FavoriteList favoriteList = getFavoriteList(user, favoriteListId); @@ -214,14 +209,13 @@ return toSave; } - public void removeFavoriteListMember(String userId, - String favoriteListId, + public void removeFavoriteListMember(String favoriteListId, String memberId) { - Preconditions.checkNotNull(userId); + Preconditions.checkNotNull(favoriteListId); Preconditions.checkNotNull(memberId); - PollenUser user = getUserService().getUser(userId); + PollenUser user = getConnectedUser(); FavoriteList favoriteList = getFavoriteList(user, favoriteListId); @@ -233,14 +227,13 @@ commit(); } - public int importFavoriteListMembersFromCsv(String userId, - String favoriteListId, + public int importFavoriteListMembersFromCsv(String favoriteListId, File file) throws FavoriteListImportException { - Preconditions.checkNotNull(userId); + Preconditions.checkNotNull(favoriteListId); Preconditions.checkNotNull(file); - PollenUser user = getUserService().getUser(userId); + PollenUser user = getConnectedUser(); FavoriteList favoriteList = getFavoriteList(user, favoriteListId); @@ -332,13 +325,12 @@ return result; } - public int importFavoriteListMembersFromLdap(String userId, - String favoriteListId, + public int importFavoriteListMembersFromLdap(String favoriteListId, String ldap) throws FavoriteListImportException { Preconditions.checkNotNull(favoriteListId); Preconditions.checkNotNull(ldap); - PollenUser user = getUserService().getUser(userId); + PollenUser user = getConnectedUser(); FavoriteList favoriteList = getFavoriteList(user, favoriteListId); Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/FixturesService.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/FixturesService.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/FixturesService.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -29,9 +29,12 @@ import org.apache.commons.logging.LogFactory; import org.chorem.pollen.persistence.PollenPersistenceContext; import org.chorem.pollen.persistence.PollenTopiaApplicationContext; +import org.chorem.pollen.persistence.entity.Poll; import org.chorem.pollen.persistence.entity.PollenUser; import org.chorem.pollen.persistence.entity.PollenUserTopiaDao; import org.chorem.pollen.services.PollenFixtures; +import org.chorem.pollen.services.PollenTechnicalException; +import org.chorem.pollen.services.exception.InvalidFormException; import java.util.Collection; import java.util.Map; @@ -90,9 +93,26 @@ for (PollenUser user : users) { user.setPassword(serviceContext.encodePassword(user.getPassword())); - userDao.create(user); + PollenUser createdUser = userDao.create(user); + user.setTopiaId(createdUser.getTopiaId()); } + PollService pollService = newService(PollService.class); + + Collection<Poll> polls = fixtures.fixture("polls"); + + for (Poll poll : polls) { + + try { + Poll createdPoll = pollService.createPoll(poll); + poll.setTopiaId(createdPoll.getTopiaId()); + poll.setCreator(createdPoll.getCreator()); + poll.setChoice(createdPoll.getChoice()); + } catch (InvalidFormException e) { + throw new PollenTechnicalException(e); + } + } + persistenceContext.commit(); Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/PollService.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/PollService.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/PollService.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -39,9 +39,9 @@ import org.chorem.pollen.persistence.entity.VoterListMember; import org.chorem.pollen.services.exception.InvalidFormException; import org.chorem.pollen.services.service.security.PermissionVerb; -import org.chorem.pollen.services.service.security.SecurityRole; import java.io.File; +import java.util.HashSet; import java.util.List; import java.util.Set; @@ -55,8 +55,6 @@ public ImmutableSet<Poll> getPolls() { - //TODO Reput this -// checkRole(SecurityRole.administrator); List<Poll> polls = getPollDao().findAll(); return ImmutableSet.<Poll>builder().addAll(polls).build(); @@ -64,7 +62,6 @@ public ImmutableSet<Poll> getCreatedPolls() { - checkRole(SecurityRole.connected); PollenUser connectedUser = getConnectedUser(); Set<Poll> polls = getPollDao().findAllCreated(connectedUser); return ImmutableSet.<Poll>builder().addAll(polls).build(); @@ -73,7 +70,6 @@ public ImmutableSet<Poll> getInvitedPolls() { - checkRole(SecurityRole.connected); PollenUser connectedUser = getConnectedUser(); Set<Poll> polls = getPollDao().findAllInvited(connectedUser); return ImmutableSet.<Poll>builder().addAll(polls).build(); @@ -82,7 +78,6 @@ public ImmutableSet<Poll> getParticipatedPolls() { - checkRole(SecurityRole.connected); PollenUser connectedUser = getConnectedUser(); Set<Poll> polls = getPollDao().findAllParticipated(connectedUser); return ImmutableSet.<Poll>builder().addAll(polls).build(); @@ -224,7 +219,7 @@ toSave = dao.newInstance(); PollenPrincipal creatorToPersist = - getSecurityService().generatePrincipal(); + getSecurityService().generatePollenPrincipal(); toSave.setCreator(creatorToPersist); } @@ -311,6 +306,7 @@ // validate choices + Set<String> choiceNames = new HashSet<>(); int choiceIndex = 0; for (Choice choice : poll.getChoice()) { @@ -326,11 +322,20 @@ case TEXT: - checkNotBlank(errors, - choiceField + Choice.PROPERTY_NAME, - choice.getName(), - "choice name can not be empty"); + boolean checkNotBlank = checkNotBlank(errors, + choiceField + Choice.PROPERTY_NAME, + choice.getName(), + "choice name can not be empty"); + if (checkNotBlank) { + + // check duplicated name + + check(errors, + choiceField + Choice.PROPERTY_NAME, + choiceNames.add(choice.getName()), + "Duplicated choice name"); + } break; case DATE: throw new IllegalStateException("Not implemented"); Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/PollenServiceSupport.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/PollenServiceSupport.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/PollenServiceSupport.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -47,7 +47,6 @@ import org.chorem.pollen.services.exception.EntityNotFoundException; import org.chorem.pollen.services.service.mail.EmailService; import org.chorem.pollen.services.service.security.PermissionVerb; -import org.chorem.pollen.services.service.security.SecurityRole; import org.chorem.pollen.services.service.security.SecurityService; import org.nuiton.topia.persistence.TopiaEntity; import org.nuiton.util.StringUtil; @@ -67,9 +66,9 @@ protected PollenServiceContext serviceContext; - public String createPermission(PermissionVerb verb, String id) { - return ":" + verb.name() + ":" + id; - } +// public String createPermission(PermissionVerb verb, String id) { +// return ":" + verb.name() + ":" + id; +// } @Override public void setServiceContext(PollenServiceContext serviceContext) { @@ -217,14 +216,10 @@ } protected void checkPermission(PermissionVerb verb, String id) { - String permission = createPermission(verb, id); - serviceContext.getSecurityContext().checkPermission(permission); + String permission = getSecurityService().createPermission(verb, id); + getSecurityService().checkPermission(permission); } - protected void checkRole(SecurityRole role) { - serviceContext.getSecurityContext().checkRole(role); - } - protected void checkNotNull(Object object) { Preconditions.checkNotNull(object); } Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/PollenUserService.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/PollenUserService.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/PollenUserService.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -32,7 +32,6 @@ import org.chorem.pollen.services.exception.InvalidFormException; import org.chorem.pollen.services.exception.UserInvalidEmailActivationTokenException; import org.chorem.pollen.services.exception.UserInvalidPasswordException; -import org.chorem.pollen.services.service.security.SecurityRole; import java.util.List; import java.util.Objects; @@ -47,13 +46,13 @@ public List<PollenUser> getUsers() { - checkRole(SecurityRole.administrator); List<PollenUser> pollenUsers = getPollenUserDao().findAll(); return pollenUsers; } public PollenUser getUser(String userId) { + checkNotNull(userId); PollenUser result = getPollenUserDao().forTopiaIdEquals(userId).findUniqueOrNull(); @@ -63,6 +62,7 @@ } public PollenUser getUserByLogin(String login) { + checkNotNull(login); PollenUser result = getPollenUserDao().forLoginEquals(login).findUniqueOrNull(); @@ -71,6 +71,7 @@ } public PollenUser createUser(PollenUser user, boolean generatePassword) throws InvalidFormException { + checkNotNull(user); checkIsNotPersisted(user); checkPollenUserForm(user); @@ -81,9 +82,11 @@ commit(); //TODO Notify user created return result; + } public PollenUser editUser(PollenUser user) throws InvalidFormException { + checkNotNull(user); checkIsPersisted(user); checkPollenUserForm(user); @@ -94,19 +97,23 @@ commit(); //TODO Notify user edited return result; + } public void deleteUser(String userId) { + checkNotNull(userId); PollenUser user = getUser(userId); getPollenUserDao().delete(user); commit(); + } public void changePassword(String userId, String oldPassword, String newPassword) throws UserInvalidPasswordException { + checkNotNull(userId); checkNotNull(oldPassword); checkNotNull(newPassword); @@ -126,6 +133,7 @@ getPollenUserDao().update(user); commit(); //TODO Notify PasswordChanged + } public void validateUserEmail(String userId, @@ -148,6 +156,7 @@ getPollenUserDao().update(user); commit(); + } public void createDefaultUsers() throws InvalidFormException { @@ -163,6 +172,7 @@ user.setPassword("admin"); createUser(user, false); } + } protected void checkPollenUserForm(PollenUser user) throws InvalidFormException { @@ -215,6 +225,7 @@ throw new InvalidFormException(errors); } + } protected PollenUser savePollenUser(PollenUser user, boolean generatePassword) { @@ -274,5 +285,6 @@ } return toSave; + } } Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/VoteService.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/VoteService.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/VoteService.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -152,7 +152,7 @@ // -- author -- // -// PollenPrincipal author = getSecurityService().generatePrincipal(); +// PollenPrincipal author = getSecurityService().generatePollenPrincipal(); // toSave.setAuthor(author); poll.addVote(toSave); Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/VoterListService.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/VoterListService.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/VoterListService.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -48,14 +48,14 @@ */ public class VoterListService extends PollenServiceSupport { - public VoterList importFavoriteList(String userId, String pollId, + public VoterList importFavoriteList(String pollId, String favoriteListId) { Preconditions.checkNotNull(pollId); Preconditions.checkNotNull(favoriteListId); Poll poll = getPollService().getPoll(pollId); - FavoriteList favoriteList = getFavoriteListService().getFavoriteList(userId, favoriteListId); + FavoriteList favoriteList = getFavoriteListService().getFavoriteList(favoriteListId); VoterListTopiaDao dao = getVoterListDao(); VoterList result = dao.newInstance(); Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/security/DefaultPollenSecurityContext.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/security/DefaultPollenSecurityContext.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/security/DefaultPollenSecurityContext.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -23,15 +23,12 @@ * #L% */ -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.shiro.subject.SimplePrincipalCollection; import org.apache.shiro.subject.Subject; +import org.chorem.pollen.persistence.entity.PollenPrincipal; import org.chorem.pollen.persistence.entity.PollenUser; import org.chorem.pollen.persistence.entity.SessionToken; import java.io.Serializable; -import java.util.Set; /** * TODO @@ -43,27 +40,38 @@ private static final long serialVersionUID = 1L; - /** Logger. */ - private static final Log log = LogFactory.getLog(DefaultPollenSecurityContext.class); + /** + * Computed shiro subject. + */ + protected transient Subject subject; - protected Subject subject; - /** * Connected user account. * <p/> * Can be {@code null} if user is not connected. - * - * @since 2.0 */ - protected final SessionToken sessionToken; + protected SessionToken sessionToken; - public static PollenSecurityContext newContext(SessionToken sessionToken) { - PollenSecurityContext result = new DefaultPollenSecurityContext( - sessionToken); + /** + * Main principal (mainly to acquire credentials on a data). + * <p/> + * Can be {@code null} if no credentials is required. + */ + protected PollenPrincipal mainPrincipal; + + public static PollenSecurityContext newContext(SessionToken sessionToken, PollenPrincipal mainPrincipal) { + DefaultPollenSecurityContext result = new DefaultPollenSecurityContext(); + result.setSessionToken(sessionToken); + result.setMainPrincipal(mainPrincipal); return result; } @Override + public PollenPrincipal getMainPrincipal() { + return mainPrincipal; + } + + @Override public Subject getSubject() { return subject; } @@ -75,7 +83,7 @@ @Override public PollenUser getPollenUser() { - return isConnected() ? sessionToken.getPollenUser() : null; + return sessionToken != null ? sessionToken.getPollenUser() : null; } @Override @@ -93,55 +101,15 @@ this.subject = subject; } - @Override - public void checkPermission(String permission) { - if (log.isInfoEnabled()) { - log.info("Check permission: " + permission); - } - - boolean valid = getSubject().isPermitted(permission); - - if (!valid) { - throw new PollenInvalidPermissionException(permission); - } - + public void setSessionToken(SessionToken sessionToken) { + this.sessionToken = sessionToken; + // force to reload subject + this.subject = null; } - @Override - public void checkRole(SecurityRole role) { - - boolean valid = false; - switch (role) { - - case anonymous: - valid = true; - break; - case connected: - valid = isConnected(); - break; - case administrator: - valid = isAdmin(); - break; - } - -// //FIXME Find out how to push roles to subject... -// boolean valid = getSubject().hasRole(role.name()); - - if (!valid) { - throw new PollenUnauthorizedException(role); - } + public void setMainPrincipal(PollenPrincipal mainPrincipal) { + this.mainPrincipal = mainPrincipal; + // force to reload subject + this.subject = null; } - - @Override - public Subject newSubject(Set<SecurityRole> roles, Set<String> permissions) { - //TODO Add roles to subject - SimplePrincipalCollection principalCollection = new SimplePrincipalCollection(); - principalCollection.addAll(permissions, "pollenRealm"); - Subject result = new Subject.Builder().principals(principalCollection).buildSubject(); - return result; - } - - protected DefaultPollenSecurityContext(SessionToken sessionToken) { - this.sessionToken = sessionToken; - } } Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/security/PollenSecurityContext.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/security/PollenSecurityContext.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/security/PollenSecurityContext.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -1,11 +1,10 @@ package org.chorem.pollen.services.service.security; import org.apache.shiro.subject.Subject; +import org.chorem.pollen.persistence.entity.PollenPrincipal; import org.chorem.pollen.persistence.entity.PollenUser; import org.chorem.pollen.persistence.entity.SessionToken; -import java.util.Set; - /** * Created on 5/1/14. * @@ -14,10 +13,17 @@ */ public interface PollenSecurityContext { - Subject getSubject(); + /** + * Get an extra credential, this is needed for protected resources, for example an private poll. + * + * @return optional credential given. + */ + PollenPrincipal getMainPrincipal(); SessionToken getSessionToken(); + Subject getSubject(); + PollenUser getPollenUser(); boolean isConnected(); @@ -26,9 +32,4 @@ void setSubject(Subject subject); - void checkPermission(String permission); - - void checkRole(SecurityRole role); - - Subject newSubject(Set<SecurityRole> roles, Set<String> permissions); } Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/security/PollenSecurityRealm.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/security/PollenSecurityRealm.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/security/PollenSecurityRealm.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -29,14 +29,18 @@ import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authz.AuthorizationInfo; +import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; -import org.chorem.pollen.services.PollenService; +import org.chorem.pollen.persistence.PollenTopiaPersistenceContext; +import org.chorem.pollen.services.PollenApplicationContext; import org.chorem.pollen.services.PollenServiceContext; import org.chorem.pollen.services.exception.EntityNotFoundException; import org.chorem.pollen.services.exception.UserInvalidPasswordException; import org.chorem.pollen.services.service.AuthService; +import java.util.Locale; + /** * TODO * <p/> @@ -45,21 +49,22 @@ * @author tchemit <chemit@codelutin.com> * @since 2.0 */ -public class PollenSecurityRealm extends AuthorizingRealm implements PollenService { +public class PollenSecurityRealm extends AuthorizingRealm { - protected PollenServiceContext serviceContext; + protected PollenApplicationContext applicationContext; - @Override - public void setServiceContext(PollenServiceContext serviceContext) { - this.serviceContext = serviceContext; + public void setApplicationContext(PollenApplicationContext applicationContext) { + this.applicationContext = applicationContext; } @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { - principals.getPrimaryPrincipal(); + SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(); - return null; + simpleAuthorizationInfo.setStringPermissions(principals.asSet()); + + return simpleAuthorizationInfo; } @Override @@ -69,16 +74,24 @@ String username = upToken.getUsername(); char[] password = upToken.getPassword(); - AuthService authService = serviceContext.newService(AuthService.class); + PollenTopiaPersistenceContext persistenceContext = applicationContext.newPersistenceContext(); + try { - authService.login(username, new String(password)); - } catch (EntityNotFoundException e) { - throw new AuthenticationException(e); - } catch (UserInvalidPasswordException e) { - throw new AuthenticationException(e); + PollenServiceContext serviceContext = applicationContext.newServiceContext(persistenceContext, Locale.FRANCE); + + AuthService authService = serviceContext.newService(AuthService.class); + try { + authService.login(username, new String(password)); + } catch (EntityNotFoundException e) { + throw new AuthenticationException(e); + } catch (UserInvalidPasswordException e) { + throw new AuthenticationException(e); + } + SimpleAuthenticationInfo result = + new SimpleAuthenticationInfo(username, password, getName()); + return result; + } finally { + persistenceContext.closeContext(); } - SimpleAuthenticationInfo result = - new SimpleAuthenticationInfo(username, password, getName()); - return result; } } Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/security/PollenUnauthorizedException.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/security/PollenUnauthorizedException.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/security/PollenUnauthorizedException.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -12,13 +12,13 @@ private static final long serialVersionUID = 1L; - protected final SecurityRole role; + protected final String role; - public PollenUnauthorizedException(SecurityRole role) { + public PollenUnauthorizedException(String role) { this.role = role; } - public SecurityRole getRole() { + public String getRole() { return role; } } Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityRole.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityRole.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityRole.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -7,7 +7,6 @@ * @since 2.0 */ public enum SecurityRole { - anonymous, connected, administrator } Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/service/security/SecurityService.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -23,26 +23,29 @@ * #L% */ +import com.google.common.base.Joiner; import com.google.common.base.Preconditions; -import com.google.common.collect.Maps; import com.google.common.collect.Sets; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.shiro.subject.SimplePrincipalCollection; import org.apache.shiro.subject.Subject; import org.chorem.pollen.persistence.entity.Choice; import org.chorem.pollen.persistence.entity.Comment; +import org.chorem.pollen.persistence.entity.FavoriteList; import org.chorem.pollen.persistence.entity.Poll; import org.chorem.pollen.persistence.entity.PollenPrincipal; import org.chorem.pollen.persistence.entity.PollenPrincipalTopiaDao; import org.chorem.pollen.persistence.entity.PollenUser; -import org.chorem.pollen.persistence.entity.Polls; +import org.chorem.pollen.persistence.entity.SessionToken; import org.chorem.pollen.persistence.entity.Vote; -import org.chorem.pollen.persistence.entity.VoterListMember; +import org.chorem.pollen.services.PollenTechnicalException; +import org.chorem.pollen.services.exception.InvalidSessionTokenException; import org.chorem.pollen.services.service.PollenServiceSupport; import org.nuiton.topia.persistence.TopiaEntity; -import java.util.Date; -import java.util.EnumSet; +import java.util.HashSet; import java.util.List; -import java.util.Map; import java.util.Set; /** @@ -53,213 +56,309 @@ */ public class SecurityService extends PollenServiceSupport { - public PollenPrincipal generatePrincipal() { + /** Logger. */ + private static final Log log = LogFactory.getLog(SecurityService.class); + + public PollenPrincipal generatePollenPrincipal() { + PollenPrincipalTopiaDao pollenPrincipalDao = getPersistenceContext().getPollenPrincipalDao(); PollenPrincipal principal = pollenPrincipalDao.newInstance(); principal.setCreationDate(serviceContext.getNow()); pollenPrincipalDao.create(principal); return principal; + } - public void prepareSubject(TopiaEntity entity) { - Preconditions.checkNotNull(entity); - prepareSubject(entity.getTopiaId()); + public SessionToken getSessionTokenByToken(String token) throws InvalidSessionTokenException { + + SessionToken sessionToken = null; + if (token != null) { + sessionToken = getSessionTokenDao().forTokenEquals(token).findUniqueOrNull(); + if (sessionToken == null) { + throw new InvalidSessionTokenException(); + } + } + return sessionToken; + } - public void prepareSubject(String principalId) { + public PollenPrincipal getPollenPrincipalById(String principalId) { + + PollenPrincipal principal = null; + if (principalId != null) { + principal = getPollenPrincipalDao().forTopiaIdEquals(principalId).findUniqueOrNull(); + checkEntityExists(PollenPrincipal.class, principal, principalId); + } + return principal; + + } + + public String createPermission(PermissionVerb verb, String id) { + + return ":" + verb.name() + ":" + id; + + } + + public void checkRole(SecurityRole roleName) { + + checkNotNull(roleName); + PollenSecurityContext securityContext = serviceContext.getSecurityContext(); - Preconditions.checkNotNull(securityContext); - PollenUser pollenUser = securityContext.getPollenUser(); - Subject subject = getSubject(principalId, pollenUser); - securityContext.setSubject(subject); + switch (roleName) { + + case connected: + + if (!securityContext.isConnected()) { + throw new PollenUnauthorizedException("connected"); + } + break; + + case administrator: + + if (!securityContext.isAdmin()) { + throw new PollenUnauthorizedException("administrator"); + } + break; + + default: + + throw new PollenTechnicalException("can't handler security role: " + roleName); + + } + } - protected Subject getSubject(String principalId, PollenUser user) { - Set<String> permissions = Sets.newHashSet(); + public void checkPermission(String permission) { - boolean userConnected = user != null; - boolean userIsAdmin = userConnected && user.isAdministrator(); + Subject subject = getSubject(); - Set<SecurityRole> roles = EnumSet.noneOf(SecurityRole.class); - if (userConnected) { - roles.add(SecurityRole.connected); - if (userIsAdmin) { - roles.add(SecurityRole.administrator); + if (log.isInfoEnabled()) { + log.info("Check permission: " + permission); + } + + boolean valid = subject.isPermitted(permission); + + if (!valid) { + throw new PollenInvalidPermissionException(permission); + } + + } + + protected Subject getSubject() { + + PollenSecurityContext securityContext = serviceContext.getSecurityContext(); + Preconditions.checkNotNull(securityContext); + + Subject subject = securityContext.getSubject(); + + if (subject == null) { + + // Generate all principals from given security context + Set<String> permissions = generatePermissions(securityContext); + + if (log.isInfoEnabled()) { + log.info("All permissions:\n" + Joiner.on("\n").join(permissions)); } - } else { - roles.add(SecurityRole.anonymous); + + // Create Subject + SimplePrincipalCollection principalCollection = new SimplePrincipalCollection(); + principalCollection.addAll(permissions, "pollenRealm"); + subject = new Subject. + Builder(). + authenticated(securityContext.isConnected()). + principals(principalCollection). + buildSubject(); + + securityContext.setSubject(subject); } + return subject; + + } + + protected Set<String> generatePermissions(PollenSecurityContext securityContext) { + + boolean userIsAdmin = securityContext.isAdmin(); + + Set<String> permissions = Sets.newHashSet(); + if (userIsAdmin) { permissions.add("*:*:*"); - } else { + return permissions; + } - Set<PollenPrincipal> principals = Sets.newHashSet(); + PollenPrincipal pollenPrincipal = securityContext.getMainPrincipal(); + PollenUser user = securityContext.getPollenUser(); - PollenPrincipalTopiaDao pollenPrincipalDao = - getPersistenceContext().getPollenPrincipalDao(); + // Get read data - if (principalId != null) { - PollenPrincipal pollenPrincipal = - pollenPrincipalDao.findByTopiaId(principalId); - principals.add(pollenPrincipal); + Set<Poll> polls = getPollDao().findAllFreePolls(); + + for (Poll poll : polls) { + + permissions.add(createSubjectPermission(PermissionVerb.readPoll, poll)); + permissions.add(createSubjectPermission(PermissionVerb.readPoll, poll)); + + if (poll.isChoiceNotEmpty()) { + for (Choice choice : poll.getChoice()) { + permissions.add(createSubjectPermission(PermissionVerb.readChoice, choice)); + } } - if (userConnected) { + if (poll.isCommentNotEmpty()) { + for (Comment comment : poll.getComment()) { + permissions.add(createSubjectPermission(PermissionVerb.readComment, comment)); + } + } - // find all principals - List<PollenPrincipal> allByPollenUser = - pollenPrincipalDao.forPollenUserEquals(user).findAll(); - principals.addAll(allByPollenUser); + if (poll.isVoteNotEmpty()) { + for (Vote vote : poll.getVote()) { + permissions.add(createSubjectPermission(PermissionVerb.readVote, vote)); + } } + } - Map<PollenPrincipal, TopiaEntity> principalTopiaEntityMap = Maps.newHashMap(); + if (user != null && pollenPrincipal != null) { - for (PollenPrincipal principal : principals) { + // no user connected, nor main principal given + // get all public objects - // find out which entity is using this principal - TopiaEntity entity = getPrincipalEntity(principal); - principalTopiaEntityMap.put(principal, entity); + return permissions; - if (entity instanceof Poll) { + } - // add all poll entities - Poll poll = (Poll) entity; + // Collect all principals - if (!poll.isChoiceEmpty()) { - for (Choice choice : poll.getChoice()) { - principalTopiaEntityMap.put(choice.getCreator(), choice); - } - } + Set<PollenPrincipal> principals = Sets.newHashSet(); - if (!poll.isCommentEmpty()) { - for (Comment comment : poll.getComment()) { - principalTopiaEntityMap.put(comment.getAuthor(), comment); - } - } + if (pollenPrincipal != null) { + principals.add(pollenPrincipal); + } - if (!poll.isVoteEmpty()) { - for (Vote vote : poll.getVote()) { - principalTopiaEntityMap.put(vote.getVoter(), vote); - } - } - } - } + if (user != null) { - Date now = serviceContext.getNow(); - for (Map.Entry<PollenPrincipal, TopiaEntity> entry : principalTopiaEntityMap.entrySet()) { - TopiaEntity entity = entry.getValue(); + // get all principal of the connected user + List<PollenPrincipal> allByPollenUser = + getPollenPrincipalDao().forPollenUserEquals(user).findAll(); + principals.addAll(allByPollenUser); + } - if (entity instanceof Choice) { - permissions.add(createWildcardSubjectPermission(entity)); - continue; + PrincipalByType principalByType = resolvePrincipals(principals); + + for (FavoriteList favoriteList : principalByType.favoriteLists) { + permissions.add(createWildcardSubjectPermission(favoriteList)); + } + + for (Comment comment : principalByType.comments) { + permissions.add(createWildcardSubjectPermission(comment)); + } + + for (Choice choice : principalByType.choices) { + + // can only read or edit the choice (only poll creator can delete a choice) + permissions.add(createSubjectPermission(PermissionVerb.readChoice, choice)); + permissions.add(createSubjectPermission(PermissionVerb.editChoice, choice)); + } + + for (Poll poll : principalByType.polls) { + + // creator has all rights on the poll, choices and comments, but can only read votes + permissions.add(createWildcardSubjectPermission(poll)); + + if (poll.isChoiceNotEmpty()) { + for (Choice choice : poll.getChoice()) { + permissions.add(createWildcardSubjectPermission(choice)); } - if (entity instanceof Comment) { - permissions.add(createWildcardSubjectPermission(entity)); - continue; + } + if (poll.isCommentNotEmpty()) { + for (Comment comment : poll.getComment()) { + permissions.add(createWildcardSubjectPermission(comment)); } - if (entity instanceof Vote) { - permissions.add(createWildcardSubjectPermission(entity)); - continue; + } + if (poll.isVoteNotEmpty()) { + for (Vote vote : poll.getVote()) { + permissions.add(createSubjectPermission(PermissionVerb.readVote, vote)); } - if (entity instanceof Poll) { - //TODO Get alls possible permissions on poll + } + } - Poll poll = (Poll) entity; + return permissions; - Set<VoterListMember> members = Polls.getAllVoters(poll); + } - boolean freePoll = Polls.isPollFree(poll); + protected PrincipalByType resolvePrincipals(Set<PollenPrincipal> principals) { - if (freePoll) { + PrincipalByType principalByType = new PrincipalByType(); + for (PollenPrincipal principal : principals) { + resolvePrincipal(principalByType, principal); + } + return principalByType; - // everybody can read poll ? - permissions.add(createSubjectPermission(PermissionVerb.readPoll, entity)); - } else { + } - // only his creator / participants / voters can read it + class PrincipalByType { - for (VoterListMember member : members) { - permissions.add(createSubjectPermission(member.getTopiaId(), PermissionVerb.readPoll, entity)); - } - } + Set<Poll> polls = new HashSet<>(); - // add editVote / deleteVote for any voter - if (!poll.isVoteEmpty()) { - for (Vote vote : poll.getVote()) { - String id = vote.getVoter().getTopiaId(); - permissions.add(createSubjectPermission(id, PermissionVerb.editVote, vote)); - permissions.add(createSubjectPermission(id, PermissionVerb.deleteVote, vote)); - } - } + Set<Choice> choices = new HashSet<>(); - //TODO Not do this here, but later in business code -// if (poll.isAddChoiceRunning(now)) { -// -// permissions.add(createSubjectPermission(PermissionVerb.addChoice, entity)); -// } -// -// if (poll.getCommentVisibility() != CommentVisibility.NOBODY) { -// //FIXME Should see with voter ? -// permissions.add(createSubjectPermission(PermissionVerb.addComment, entity)); -// } -// -// if (poll.isRunning(now)) { -// permissions.add(createSubjectPermission(PermissionVerb.addVote, entity)); -// } + Set<Comment> comments = new HashSet<>(); - //TODO Do for editVote,... - } - } - } - Subject subject = serviceContext.getSecurityContext().newSubject(roles, permissions); - return subject; + Set<Vote> votes = new HashSet<>(); + + Set<FavoriteList> favoriteLists = new HashSet<>(); + } - protected TopiaEntity getPrincipalEntity(PollenPrincipal principal) { + protected void resolvePrincipal(PrincipalByType principalByType, PollenPrincipal principal) { - TopiaEntity result = null; - // try a poll Poll poll = getPollDao().forCreatorEquals(principal).findUniqueOrNull(); - if (poll == null) { + if (poll != null) { + principalByType.polls.add(poll); + return; + } - // try a choice - Choice choice = getChoiceDao().forCreatorEquals(principal).findUniqueOrNull(); - if (choice == null) { + Choice choice = getChoiceDao().forCreatorEquals(principal).findUniqueOrNull(); + if (choice != null) { + principalByType.choices.add(choice); + return; + } - // try a vote - Vote vote = getVoteDao().forVoterEquals(principal).findUniqueOrNull(); - if (vote == null) { + Vote vote = getVoteDao().forVoterEquals(principal).findUniqueOrNull(); + if (vote != null) { + principalByType.votes.add(vote); + return; + } - // try a comment - Comment comment = getCommentDao().forAuthorEquals(principal).findUniqueOrNull(); - if (comment != null) { - result = comment; - } - } else { - result = vote; - } - } else { - result = choice; - } - } else { - result = poll; + Comment comment = getCommentDao().forAuthorEquals(principal).findUniqueOrNull(); + if (comment != null) { + principalByType.comments.add(comment); + return; } - Preconditions.checkNotNull(result); - return result; + FavoriteList favoriteList = getFavoriteListDao().forOwnerEquals(principal).findUniqueOrNull(); + if (favoriteList != null) { + principalByType.favoriteLists.add(favoriteList); + } + } protected String createSubjectPermission(String people, PermissionVerb verb, TopiaEntity entity) { + return people + ":" + verb.name() + ":" + entity.getTopiaId(); + } protected String createSubjectPermission(PermissionVerb verb, TopiaEntity entity) { + return createSubjectPermission("*", verb, entity); + } protected String createWildcardSubjectPermission(TopiaEntity entity) { + return "*:*:" + entity.getTopiaId(); + } } Copied: trunk/pollen-services/src/main/java/org/chorem/pollen/services/test/FakePollenApplicationContext.java (from rev 3895, trunk/pollen-services/src/main/java/org/chorem/pollen/services/test/PollenApplication.java) =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/test/FakePollenApplicationContext.java (rev 0) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/test/FakePollenApplicationContext.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -0,0 +1,219 @@ +package org.chorem.pollen.services.test; + +/* + * #%L + * ToPIA :: JUnit + * $Id$ + * $HeadURL: http://svn.nuiton.org/svn/topia/trunk/topia-junit/src/main/java/org/nuiton/t... $ + * %% + * Copyright (C) 2004 - 2014 CodeLutin + * %% + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Lesser Public License for more details. + * + * You should have received a copy of the GNU General Lesser Public + * License along with this program. If not, see + * <http://www.gnu.org/licenses/lgpl-3.0.html>. + * #L% + */ + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.shiro.SecurityUtils; +import org.apache.shiro.mgt.DefaultSecurityManager; +import org.chorem.pollen.persistence.PollenPersistenceContext; +import org.chorem.pollen.persistence.PollenTopiaApplicationContext; +import org.chorem.pollen.persistence.PollenTopiaPersistenceContext; +import org.chorem.pollen.persistence.entity.PollenPrincipal; +import org.chorem.pollen.persistence.entity.SessionToken; +import org.chorem.pollen.services.PollenApplicationContext; +import org.chorem.pollen.services.PollenFixtures; +import org.chorem.pollen.services.PollenServiceContext; +import org.chorem.pollen.services.config.PollenServiceConfig; +import org.chorem.pollen.services.config.PollenServiceConfigOption; +import org.chorem.pollen.services.service.FixturesService; +import org.chorem.pollen.services.service.security.PollenSecurityRealm; +import org.junit.rules.TestWatcher; +import org.junit.runner.Description; +import org.nuiton.topia.junit.ConfigurationHelper; +import org.nuiton.util.DateUtil; + +import java.io.File; +import java.util.LinkedList; +import java.util.List; +import java.util.Locale; +import java.util.Map; +import java.util.Properties; +import java.util.concurrent.atomic.AtomicInteger; + +/** + * @author Tony Chemit <chemit@codelutin.com> + * @since 2.0 + */ +public class FakePollenApplicationContext extends TestWatcher implements PollenApplicationContext { + + /** Logger. */ + private static final Log log = LogFactory.getLog(FakePollenApplicationContext.class); + + private File testBasedir; + + protected List<PollenTopiaPersistenceContext> openedTransactions = new LinkedList<>(); + + private PollenTopiaApplicationContext applicationContext; + + private PollenServiceConfig configuration; + + private final String configurationPath; + + protected PollenFixtures fixtures; + + protected String methodName; + + protected static AtomicInteger portNumberCounter = new AtomicInteger(9999); + + protected int currentPortNumber; + + public FakePollenApplicationContext(String configurationPath) { + this.configurationPath = configurationPath; + } + + public int getPort() { + return currentPortNumber; + } + + @Override + protected void starting(Description description) { + + PollenSecurityRealm realm = new PollenSecurityRealm(); + realm.setApplicationContext(this); + + DefaultSecurityManager securityManager = new DefaultSecurityManager(realm); + SecurityUtils.setSecurityManager(securityManager); + + currentPortNumber = portNumberCounter.getAndIncrement(); + + methodName = description.getMethodName(); + + // get test directory + testBasedir = ConfigurationHelper.getTestSpecificDirectory( + description.getTestClass(), + description.getMethodName()); + + if (log.isDebugEnabled()) { + log.debug("testBasedir: " + testBasedir); + } + + // create configuration + + Properties defaultvalues = new Properties(); + defaultvalues.put(PollenServiceConfigOption.DATA_DIRECTORY.getKey(), testBasedir.getAbsolutePath()); + + configuration = new PollenServiceConfig(configurationPath, defaultvalues); + + Map<String, String> topiaProperties = configuration.getTopiaProperties(); + applicationContext = new PollenTopiaApplicationContext(topiaProperties); + + } + + @Override + public void finished(Description description) { + + if (applicationContext != null && !applicationContext.isClosed()) { + + for (PollenTopiaPersistenceContext openedTransaction : openedTransactions) { + + if (log.isTraceEnabled()) { + log.trace("closing transaction " + openedTransaction); + } + + openedTransaction.closeContext(); + + } + + if (log.isTraceEnabled()) { + log.trace("closing transaction " + applicationContext); + } + + applicationContext.closeContext(); + + } + } + + public File getTestBasedir() { + return testBasedir; + } + + @Override + public PollenTopiaApplicationContext getTopiaApplicationContext() { + return applicationContext; + } + + @Override + public PollenServiceConfig getApplicationConfig() { + return configuration; + } + + @Override + public PollenTopiaPersistenceContext newPersistenceContext() { + + PollenTopiaPersistenceContext persistenceContext; + + persistenceContext = applicationContext.newPersistenceContext(); + + if (log.isTraceEnabled()) { + log.trace("opened transaction " + persistenceContext); + } + + openedTransactions.add(persistenceContext); + + return persistenceContext; + + } + + @Override + public FakePollenServiceContext newServiceContext(PollenPersistenceContext persistenceContext, Locale locale) { + + FakePollenServiceContext serviceContext = FakePollenServiceContext.newServiceContext( + DateUtil.createDate(1, 1, 2014), + Locale.FRANCE, + getApplicationConfig(), + getTopiaApplicationContext(), + newPersistenceContext()); + return serviceContext; + + } + + @Override + public FakePollenSecurityContext newSecurityContext(SessionToken sessionToken, PollenPrincipal mainPrincipal) { + FakePollenSecurityContext securityContext = new FakePollenSecurityContext(); + securityContext.setMainPrincipal(mainPrincipal); + securityContext.setSessionToken(sessionToken); + return securityContext; + } + + public String getMethodName() { + return methodName; + } + + public void loadFixtures(PollenServiceContext serviceContext, String fixturesSetName) { + + FixturesService fixturesService = serviceContext.newService(FixturesService.class); + + fixtures = fixturesService.loadFixtures(fixturesSetName); + + } + + public <E> E fixture(String id) { + + return fixtures.fixture(id); + + } + +} Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/test/FakePollenSecurityContext.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/test/FakePollenSecurityContext.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/test/FakePollenSecurityContext.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -1,39 +1,21 @@ package org.chorem.pollen.services.test; import org.apache.shiro.subject.Subject; -import org.chorem.pollen.persistence.entity.PollenUser; -import org.chorem.pollen.persistence.entity.SessionToken; -import org.chorem.pollen.services.service.security.PollenSecurityContext; -import org.chorem.pollen.services.service.security.SecurityRole; +import org.chorem.pollen.services.service.security.DefaultPollenSecurityContext; -import java.util.Set; - /** * Created on 5/1/14. * * @author Tony Chemit <chemit@codelutin.com> * @since 2.0 */ -public class FakePollenSecurityContext implements PollenSecurityContext { +public class FakePollenSecurityContext extends DefaultPollenSecurityContext { - @Override - public Subject getSubject() { - return null; - } + private static final long serialVersionUID = 1L; @Override - public SessionToken getSessionToken() { - return null; - } - - @Override - public PollenUser getPollenUser() { - return null; - } - - @Override public boolean isConnected() { - return false; + return true; } @Override @@ -43,22 +25,7 @@ @Override public void setSubject(Subject subject) { - + this.subject = subject; } - @Override - public void checkPermission(String permission) { - // no check - } - - @Override - public void checkRole(SecurityRole role) { - // no check - } - - @Override - public Subject newSubject(Set<SecurityRole> roles, Set<String> permissions) { - // no security - return null; - } } Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/test/FakePollenServiceContext.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/test/FakePollenServiceContext.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/test/FakePollenServiceContext.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -30,7 +30,6 @@ import org.chorem.pollen.persistence.PollenTopiaPersistenceContext; import org.chorem.pollen.services.DefaultPollenServiceContext; import org.chorem.pollen.services.config.PollenServiceConfig; -import org.chorem.pollen.services.service.security.PollenSecurityContext; import java.util.Date; import java.util.Locale; @@ -47,13 +46,12 @@ Locale locale, PollenServiceConfig serviceConfig, PollenTopiaApplicationContext applicationcontext, - PollenTopiaPersistenceContext persistenceContext, - PollenSecurityContext securityContext) { + PollenTopiaPersistenceContext persistenceContext) { FakePollenServiceContext serviceContext = new FakePollenServiceContext(); serviceContext.setPersistenceContext(persistenceContext); serviceContext.setPollenServiceConfig(serviceConfig); serviceContext.setTopiaApplicationContext(applicationcontext); - serviceContext.setSecurityContext(securityContext); + serviceContext.setSecurityContext(new FakePollenSecurityContext()); serviceContext.setLocale(locale); serviceContext.setDate(now); return serviceContext; Deleted: trunk/pollen-services/src/main/java/org/chorem/pollen/services/test/PollenApplication.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/test/PollenApplication.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/test/PollenApplication.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -1,169 +0,0 @@ -package org.chorem.pollen.services.test; - -/* - * #%L - * ToPIA :: JUnit - * $Id$ - * $HeadURL: http://svn.nuiton.org/svn/topia/trunk/topia-junit/src/main/java/org/nuiton/t... $ - * %% - * Copyright (C) 2004 - 2014 CodeLutin - * %% - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Lesser Public License for more details. - * - * You should have received a copy of the GNU General Lesser Public - * License along with this program. If not, see - * <http://www.gnu.org/licenses/lgpl-3.0.html>. - * #L% - */ - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.chorem.pollen.persistence.PollenTopiaApplicationContext; -import org.chorem.pollen.persistence.PollenTopiaPersistenceContext; -import org.chorem.pollen.services.PollenFixtures; -import org.chorem.pollen.services.PollenServiceContext; -import org.chorem.pollen.services.config.PollenServiceConfig; -import org.chorem.pollen.services.config.PollenServiceConfigOption; -import org.chorem.pollen.services.service.FixturesService; -import org.junit.rules.TestWatcher; -import org.junit.runner.Description; -import org.nuiton.topia.junit.ConfigurationHelper; - -import java.io.File; -import java.util.LinkedList; -import java.util.List; -import java.util.Map; -import java.util.Properties; - -/** - * @author Tony Chemit <chemit@codelutin.com> - * @since 2.0 - */ -public class PollenApplication extends TestWatcher { - - /** Logger. */ - private static final Log log = LogFactory.getLog(PollenApplication.class); - - private File testBasedir; - - protected List<PollenTopiaPersistenceContext> openedTransactions = new LinkedList<>(); - - private PollenTopiaApplicationContext applicationContext; - - private PollenServiceConfig configuration; - - private final String configurationPath; - - protected PollenFixtures fixtures; - - protected String methodName; - - public PollenApplication(String configurationPath) { - this.configurationPath = configurationPath; - } - - @Override - protected void starting(Description description) { - - methodName = description.getMethodName(); - - // get test directory - testBasedir = ConfigurationHelper.getTestSpecificDirectory( - description.getTestClass(), - description.getMethodName()); - - if (log.isDebugEnabled()) { - log.debug("testBasedir: " + testBasedir); - } - - // create configuration - - Properties defaultvalues = new Properties(); - defaultvalues.put(PollenServiceConfigOption.DATA_DIRECTORY.getKey(), testBasedir.getAbsolutePath()); - - configuration = new PollenServiceConfig(configurationPath, defaultvalues); - - Map<String, String> topiaProperties = configuration.getTopiaProperties(); - applicationContext = new PollenTopiaApplicationContext(topiaProperties); - - } - - @Override - public void finished(Description description) { - - if (applicationContext != null && !applicationContext.isClosed()) { - - for (PollenTopiaPersistenceContext openedTransaction : openedTransactions) { - - if (log.isTraceEnabled()) { - log.trace("closing transaction " + openedTransaction); - } - - openedTransaction.closeContext(); - - } - - if (log.isTraceEnabled()) { - log.trace("closing transaction " + applicationContext); - } - - applicationContext.closeContext(); - - } - } - - public File getTestBasedir() { - return testBasedir; - } - - public PollenTopiaApplicationContext getApplicationContext() { - return applicationContext; - } - - public PollenServiceConfig getConfiguration() { - return configuration; - } - - public String getMethodName() { - return methodName; - } - - public PollenTopiaPersistenceContext newPersistenceContext() { - - PollenTopiaPersistenceContext persistenceContext; - - persistenceContext = applicationContext.newPersistenceContext(); - - if (log.isTraceEnabled()) { - log.trace("opened transaction " + persistenceContext); - } - - openedTransactions.add(persistenceContext); - - return persistenceContext; - - } - - public void loadFixtures(PollenServiceContext serviceContext, String fixturesSetName) { - - FixturesService fixturesService = serviceContext.newService(FixturesService.class); - - fixtures = fixturesService.loadFixtures(fixturesSetName); - - } - - public <E> E fixture(String id) { - - return fixtures.fixture(id); - - } - -} Modified: trunk/pollen-services/src/main/resources/fixtures.yaml =================================================================== --- trunk/pollen-services/src/main/resources/fixtures.yaml 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-services/src/main/resources/fixtures.yaml 2014-05-04 00:18:39 UTC (rev 3902) @@ -38,9 +38,9 @@ voteVisibility: EVERYBODY commentVisibility: EVERYBODY resultVisibility: EVERYBODY -# creator: !pollen-principal -# name: poll creator -# email: poll_creator@pollen.chorem.org + creator: !pollen-principal + name: poll creator + email: poll_creator@pollen.chorem.org choice: - &normal_choixA !choice name: choixA Modified: trunk/pollen-services/src/test/java/org/chorem/pollen/service/AbstractPollenServiceTest.java =================================================================== --- trunk/pollen-services/src/test/java/org/chorem/pollen/service/AbstractPollenServiceTest.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-services/src/test/java/org/chorem/pollen/service/AbstractPollenServiceTest.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -26,12 +26,10 @@ import com.google.common.collect.Multimap; import org.chorem.pollen.services.PollenService; import org.chorem.pollen.services.exception.InvalidFormException; -import org.chorem.pollen.services.test.FakePollenSecurityContext; +import org.chorem.pollen.services.test.FakePollenApplicationContext; import org.chorem.pollen.services.test.FakePollenServiceContext; -import org.chorem.pollen.services.test.PollenApplication; import org.junit.Assert; import org.junit.Rule; -import org.nuiton.util.DateUtil; import java.util.Locale; @@ -40,7 +38,7 @@ protected static final double DELTA = 0.0001; @Rule - public final PollenApplication application = new PollenApplication("pollen-services.properties"); + public final FakePollenApplicationContext application = new FakePollenApplicationContext("pollen-services.properties"); protected FakePollenServiceContext serviceContext; @@ -57,13 +55,7 @@ protected FakePollenServiceContext getServiceContext() { if (serviceContext == null) { - serviceContext = FakePollenServiceContext.newServiceContext( - DateUtil.createDate(1, 1, 2014), - Locale.FRANCE, - application.getConfiguration(), - application.getApplicationContext(), - application.newPersistenceContext(), - new FakePollenSecurityContext()); + serviceContext = application.newServiceContext(application.newPersistenceContext(), Locale.FRANCE); } return serviceContext; Modified: trunk/pollen-services/src/test/java/org/chorem/pollen/service/PollServiceTest.java =================================================================== --- trunk/pollen-services/src/test/java/org/chorem/pollen/service/PollServiceTest.java 2014-05-02 15:30:54 UTC (rev 3901) +++ trunk/pollen-services/src/test/java/org/chorem/pollen/service/PollServiceTest.java 2014-05-04 00:18:39 UTC (rev 3902) @@ -33,7 +33,7 @@ import org.chorem.pollen.services.service.ChoiceService; import org.chorem.pollen.services.service.PollService; import org.chorem.pollen.services.service.VoterListService; -import org.chorem.pollen.services.service.security.SecurityService; +import org.chorem.pollen.services.service.security.PollenInvalidPermissionException; import org.chorem.pollen.services.test.FakePollenSecurityContext; import org.junit.Assert; import org.junit.Before; @@ -65,14 +65,6 @@ } @Test - public void createPoll() throws InvalidFormException { - Poll poll = fixture("poll_normal"); - - Poll createdPoll = service.createPoll(poll); - Assert.assertNotNull(createdPoll); - } - - @Test public void testCreateFreePoll() throws InvalidFormException { Poll poll = service.getNewPoll(); @@ -81,6 +73,7 @@ try { service.createPoll(poll); + Assert.fail(); } catch (InvalidFormException e) { // missing title // missing choice @@ -94,6 +87,7 @@ try { service.createPoll(poll); + Assert.fail(); } catch (InvalidFormException e) { // missing choice type assertErrorKeyFound(e, "choice[0].choiceType"); @@ -102,6 +96,7 @@ choice1.setChoiceType(ChoiceType.TEXT); try { service.createPoll(poll); + Assert.fail(); } catch (InvalidFormException e) { // missing choice name assertErrorKeyFound(e, "choice[0].name"); @@ -119,6 +114,7 @@ try { service.createPoll(poll); + Assert.fail(); } catch (InvalidFormException e) { // duplicated choice name assertErrorKeyFound(e, "choice[1].name"); @@ -131,8 +127,6 @@ Assert.assertNotNull(createdPoll); Assert.assertNotNull(createdPoll.getTopiaId()); - newService(SecurityService.class).prepareSubject(createdPoll.getCreator().getTopiaId()); - Poll reloadedPoll = service.getPoll(createdPoll.getTopiaId()); Assert.assertEquals(createdPoll, reloadedPoll); @@ -199,6 +193,7 @@ try { service.createPoll(poll); + Assert.fail(); } catch (InvalidFormException e) { // missing voterList assertErrorKeyFound(e, "voterList"); @@ -211,6 +206,7 @@ try { service.createPoll(poll); + Assert.fail(); } catch (InvalidFormException e) { // missing name // missing weight @@ -226,6 +222,7 @@ try { service.createPoll(poll); + Assert.fail(); } catch (InvalidFormException e) { // missing member name // missing member email @@ -238,6 +235,7 @@ try { service.createPoll(poll); + Assert.fail(); } catch (InvalidFormException e) { // invalid member email assertErrorKeyFound(e, "voterList[0].member[0].email"); @@ -253,6 +251,7 @@ try { service.createPoll(poll); + Assert.fail(); } catch (InvalidFormException e) { // same name // same email @@ -266,6 +265,16 @@ Assert.assertNotNull(createdPoll); Assert.assertNotNull(createdPoll.getTopiaId()); + try { + service.getPoll(createdPoll.getTopiaId()); + Assert.fail(); + } catch (PollenInvalidPermissionException e) { + Assert.assertTrue(true); + } + + FakePollenSecurityContext securityContext = (FakePollenSecurityContext) serviceContext.getSecurityContext(); + securityContext.setMainPrincipal(createdPoll.getCreator()); + Poll reloadedPoll = service.getPoll(createdPoll.getTopiaId()); Assert.assertEquals(createdPoll, reloadedPoll);