Author: tchemit Date: 2012-06-16 22:33:49 +0200 (Sat, 16 Jun 2012) New Revision: 3493 Url: http://chorem.org/repositories/revision/pollen/3493 Log: move security stuff in SecurityService Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/PollCommentService.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/PollResultsService.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/PollService.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/SecurityService.java trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/VoteService.java trunk/pollen-services/src/main/resources/i18n/pollen-services_en_GB.properties trunk/pollen-services/src/main/resources/i18n/pollen-services_fr_FR.properties Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/PollCommentService.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/PollCommentService.java 2012-06-16 12:38:50 UTC (rev 3492) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/PollCommentService.java 2012-06-16 20:33:49 UTC (rev 3493) @@ -67,7 +67,6 @@ // creates the poll comment Comment commentCreated = dao.create( -// Comment.PROPERTY_POLL, pollToUpdate, Comment.PROPERTY_POST_DATE, comment.getPostDate(), Comment.PROPERTY_AUTHOR, comment.getAuthor(), Comment.PROPERTY_TEXT, comment.getText() @@ -146,37 +145,6 @@ return result; } - public boolean isCanDeleteComment(Comment comment, - PollAccount pollAccount, - UserAccount userAccount, - boolean isPollCreator) { - - boolean result = false; - - PollAccount commentAccount = comment.getPollAccount(); - - if (isPollCreator) { - - // poll creator has admin rights on his poll - result = true; - } else if (userAccount != null) { - - // loggued - boolean isAdmin = userAccount.isAdministrator(); -// boolean isCommentAccount = userAccount.equals(commentAccount.getUserAccount()); - - // pollen admin or comment owner (linked by user account) - result = isAdmin || - userAccount.equals(commentAccount.getUserAccount()); - - } else if (pollAccount != null) { - - // comment owner (linked by poll account) - result = pollAccount.equals(commentAccount); - } - return result; - } - public List<Comment> getComments(TopiaFilterPagerUtil.FilterPagerBean pager, String pollId) { Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/PollResultsService.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/PollResultsService.java 2012-06-16 12:38:50 UTC (rev 3492) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/PollResultsService.java 2012-06-16 20:33:49 UTC (rev 3493) @@ -372,114 +372,6 @@ return val; } - -// /** -// * Retourne la liste des résultats d'un sondage sous forme de DTOs. -// * -// * @param poll le sondage (entitée Poll) -// * @return la liste des DTO Result -// */ -// protected List<PollResult> createPollResults(Poll poll) { -// List<PollResult> results = Lists.newArrayList(); -// for (Result res : poll.getResult()) { -// PollResult dto = new PollResult(); -// dto.setId(res.getTopiaId()); -// dto.setPollId(poll.getPollId()); -// String resName = res.getName(); -// dto.setName(resName); -// dto.setHidden(resName != null && -// resName.startsWith(NumberMethod.HIDDEN_PREFIX)); -// dto.setValue(res.getResultValue()); -// dto.setByGroup(res.isByGroup()); -// dto.setChoiceType(poll.getChoiceType()); -// dto.setVoteCountingType(poll.getVoteCountingType()); -// results.add(dto); -// } -// return results; -// } - -// /** -// * Création des résultats de sondage à partir d'un dto de résultats de -// * sondage. -// * -// * @param ePoll poll à remplir -// * @param dto le dto des résultats de sondage. -// */ -// protected void populateResultEntities(Poll ePoll, -// VoteCountingResultDTO dto) { -// for (ChoiceDTO choice : dto.getChoices()) { -// -// ResultDAO daoResult = getDAO(Result.class); -// Result eResult = create(daoResult); -// -// Choice eChoice = ePoll.getChoiceByTopiaId(choice.getIdChoice()); -// -// ePoll.addResult(eResult); -// -// eResult.setName(eChoice.getName()); -// eResult.setByGroup(dto.isByGroup()); -// eResult.setPoll(ePoll); -// eResult.setResultValue(String.valueOf(choice.getValue())); -// eResult.setVoteCountingType(dto.getTypeVoteCounting()); -// } -// } - -// /** -// * Retourne vrai si le sondage a des résultats. -// * -// * @param poll le sondage -// * @param type type de dépouillement -// * @return vrai si le sondage a des résultats -// */ -// protected boolean hasResults(Poll poll, VoteCountingType type) { -// boolean hasresult = false; -// -// if (!poll.isResultEmpty()) { -// -// if (type == null) { -// hasresult = true; -// } else { -// for (Result result : poll.getResult()) { -// if (type.equals(result.getVoteCountingType())) { -// hasresult = true; -// break; -// } -// } -// } -// } -// return hasresult; -// } - -// public String importPoll(String filePath) { -// return importPoll(filePath, null); -// } -// -// public String importPoll(String filePath, UserAccount user) { -// String topiaId = ""; -// -// // Import du sondage -// ServiceExport serviceExport = new ServiceExportImpl(); -// PollExportDTO pollExportDTO = serviceExport.executeImport(filePath); -// -// // Transformation du sondage -// // FIXME do not call a Service from an other one -// PollService servicePoll = newService(PollService.class); -// org.chorem.pollen.business.dto.PollDTO poll = DataVoteCountingConverter -// .createPollDTO(pollExportDTO.getPoll()); -// -// // Enregistrement du sondage -// if (user != null) { -// poll.setUserId(user.getId()); -// } -// topiaId = servicePoll.createPoll(poll); -// -// if (log.isInfoEnabled()) { -// log.info("Poll imported: " + topiaId); -// } -// -// return topiaId; -// } - /** * Retourne une chaîne contenant les résultats du sondage. * Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/PollService.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/PollService.java 2012-06-16 12:38:50 UTC (rev 3492) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/PollService.java 2012-06-16 20:33:49 UTC (rev 3493) @@ -870,20 +870,6 @@ return result; } -// public File getPollChoiceImageFile(String pollId, -// String choiceId, -// boolean thumb) { -// File imageDirectory = getConfiguration().getImageDirectory(); -// File pollDirectory = new File(imageDirectory, pollId); -// -// if (thumb) { -// choiceId = THUMB_PREFIX + choiceId; -// } -// File result = new File(pollDirectory, choiceId); -// -// return result; -// } - /** * given the location of an image, gets his name as a thumb image. * Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/SecurityService.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/SecurityService.java 2012-06-16 12:38:50 UTC (rev 3492) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/SecurityService.java 2012-06-16 20:33:49 UTC (rev 3493) @@ -24,20 +24,29 @@ import com.google.common.base.Preconditions; import com.google.common.collect.Sets; +import org.apache.commons.lang3.ObjectUtils; import org.apache.commons.lang3.StringUtils; import org.chorem.pollen.PollenTechnicalException; import org.chorem.pollen.bean.PollUri; +import org.chorem.pollen.business.persistence.Comment; +import org.chorem.pollen.business.persistence.PersonToList; +import org.chorem.pollen.business.persistence.PersonToListDAO; import org.chorem.pollen.business.persistence.Poll; import org.chorem.pollen.business.persistence.PollAccount; import org.chorem.pollen.business.persistence.PollAccountDAO; +import org.chorem.pollen.business.persistence.UserAccount; +import org.chorem.pollen.business.persistence.Vote; import org.chorem.pollen.common.PollType; import org.chorem.pollen.services.PollenServiceSupport; import org.chorem.pollen.services.exceptions.PollNotFoundException; import org.chorem.pollen.services.exceptions.UnauthorizedPollAccessException; import org.nuiton.topia.TopiaException; +import java.util.Date; import java.util.Set; +import static org.nuiton.i18n.I18n.n_; + /** * Service to manager security. * @@ -46,6 +55,22 @@ */ public class SecurityService extends PollenServiceSupport { + public boolean isCreator(Poll poll, + PollUri uriId, + UserAccount pollenUserAccount) { + + PollAccount creator = poll.getCreator(); + + boolean result = creator.getAccountId().equals(uriId.getAccountId()); + if (!result) { + + // try to match userAccount + result = ObjectUtils.equals(pollenUserAccount, + creator.getUserAccount()); + } + return result; + } + /** * To define meaning of a accountId. * @@ -138,7 +163,6 @@ throw new PollenTechnicalException( "Could not obtain restricted pollAccount", e); } - } } @@ -225,4 +249,137 @@ return result; } + public String isCanShowResult(Poll poll, + SecurityService.AccountIdRole accountIdRole) { + + // check now poll results can be displayed + + boolean publicResults = poll.isPublicResults(); + boolean continuousResults = poll.isContinuousResults(); + + if (!continuousResults && !poll.isClosed()) { + + // results are not continuous and poll is not closed + return n_("pollen.security.error.poll.not.closed.and.results.not.continuous"); + } + + if (!publicResults && + accountIdRole != SecurityService.AccountIdRole.CREATOR) { + + // poll results are private, only poll admin can see results + return n_("pollen.security.error.poll.result.private.and.access.not.granted"); + } + + boolean pollIsFree = PollType.FREE == poll.getPollType(); + + if (publicResults && + !pollIsFree && + !SecurityService.NONE_FREE_ACCOUNT_ID_ROLES.contains(accountIdRole)) { + + // on none free poll, only creator or restricted user can have it + return n_("pollen.security.error.poll.not.free.and.access.not.granted"); + } + return null; + } + + /** + * Vote is allowed if {@code poll} is running and {@code pollAccount} is + * defined in the {@code poll} restricted list if it's not a {@link PollType#FREE} + * poll. The account must be defined previously using + * {@link PollService#getPollAccountEditable(String, UserAccount, Poll)} to + * have a proper link between userAccount and pollAccount even if not already + * created in dabase. The poll creator can't vote. The token is just use + * for moderate purpose. + * + * @param poll Poll + * @param accountEditable Account to check + * @return true if vote is allowed, false otherwise + */ + public boolean isVoteAllowed(Poll poll, PollAccount accountEditable) { + + Preconditions.checkNotNull(poll); + Preconditions.checkNotNull(accountEditable); + + Date now = serviceContext.getCurrentTime(); + + boolean result; + if (poll.getCreator().equals(accountEditable)) { + + // The creator user can't vote + result = false; + } else { + + // The poll must be running and account allowed for restricted poll + result = poll.isRunning(now); + if (poll.getPollType() != PollType.FREE) { + + PersonToListDAO dao = getDAO(PersonToList.class); + PersonToList personToList = + dao.findByPollAndAccount(poll, accountEditable); + + result &= personToList != null; + } + } + return result; + } + + public boolean isUpdateAllowed(Poll poll, String voteId, + String accountId, UserAccount userConnected) { + + Date now = serviceContext.getCurrentTime(); + + boolean result = false; + + Vote vote = poll.getVoteByTopiaId(voteId); + + // can only modify a vote if poll is running. + if (vote != null && poll.isRunning(now)) { + PollAccount votePollAccount = vote.getPollAccount(); + + // si le votant du vote correspond au votant actuel (pollAccountId) + if (accountId != null + && accountId.equals(votePollAccount.getAccountId())) { + result = true; + } + + // si l'utilisateur du vote correspond à l'utilisateur actuel (user) + if (userConnected != null) { + UserAccount voteUserAccount = votePollAccount.getUserAccount(); + result = userConnected.equals(voteUserAccount); + } + } + return result; + } + + public boolean isCanDeleteComment(Comment comment, + PollAccount pollAccount, + UserAccount userAccount, + boolean isPollCreator) { + + boolean result = false; + + PollAccount commentAccount = comment.getPollAccount(); + + if (isPollCreator) { + + // poll creator has admin rights on his poll + result = true; + } else if (userAccount != null) { + + // loggued + boolean isAdmin = userAccount.isAdministrator(); +// boolean isCommentAccount = userAccount.equals(commentAccount.getUserAccount()); + + // pollen admin or comment owner (linked by user account) + result = isAdmin || + userAccount.equals(commentAccount.getUserAccount()); + + } else if (pollAccount != null) { + + // comment owner (linked by poll account) + result = pollAccount.equals(commentAccount); + } + return result; + } + } Modified: trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/VoteService.java =================================================================== --- trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/VoteService.java 2012-06-16 12:38:50 UTC (rev 3492) +++ trunk/pollen-services/src/main/java/org/chorem/pollen/services/impl/VoteService.java 2012-06-16 20:33:49 UTC (rev 3493) @@ -49,7 +49,6 @@ import org.nuiton.topia.TopiaException; import org.nuiton.topia.persistence.TopiaFilterPagerUtil; -import java.util.Date; import java.util.List; import java.util.Map; @@ -321,7 +320,6 @@ delete(voteToChoiceDao, voteToChoice); } -// Poll poll = entityToDelete.getPoll(); PollAccount voteAccount = entityToDelete.getPollAccount(); if (PollType.FREE == poll.getPollType()) { @@ -378,75 +376,6 @@ } } - /** - * Vote is allowed if {@code poll} is running and {@code pollAccount} is - * defined in the {@code poll} restricted list if it's not a {@link PollType#FREE} - * poll. The account must be defined previously using - * {@link PollService#getPollAccountEditable(String, UserAccount, Poll)} to - * have a proper link between userAccount and pollAccount even if not already - * created in dabase. The poll creator can't vote. The token is just use - * for moderate purpose. - * - * @param poll Poll - * @param accountEditable Account to check - * @return true if vote is allowed, false otherwise - */ - public boolean isVoteAllowed(Poll poll, PollAccount accountEditable) { - - Preconditions.checkNotNull(poll); - Preconditions.checkNotNull(accountEditable); - - Date now = serviceContext.getCurrentTime(); - - boolean result; - if (poll.getCreator().equals(accountEditable)) { - - // The creator user can't vote - result = false; - } else { - - // The poll must be running and account allowed for restricted poll - result = poll.isRunning(now); - if (poll.getPollType() != PollType.FREE) { - - PersonToListDAO dao = getDAO(PersonToList.class); - PersonToList personToList = - dao.findByPollAndAccount(poll, accountEditable); - - result &= personToList != null; - } - } - return result; - } - - public boolean isUpdateAllowed(Poll poll, String voteId, - String accountId, UserAccount userConnected) { - - Date now = serviceContext.getCurrentTime(); - - boolean result = false; - - Vote vote = poll.getVoteByTopiaId(voteId); - - // can only modify a vote if poll is running. - if (vote != null && poll.isRunning(now)) { - PollAccount votePollAccount = vote.getPollAccount(); - - // si le votant du vote correspond au votant actuel (pollAccountId) - if (accountId != null - && accountId.equals(votePollAccount.getAccountId())) { - result = true; - } - - // si l'utilisateur du vote correspond à l'utilisateur actuel (user) - if (userConnected != null) { - UserAccount voteUserAccount = votePollAccount.getUserAccount(); - result = userConnected.equals(voteUserAccount); - } - } - return result; - } - public boolean hasAlreadyVoted(Poll poll, String votingId) { try { VoteDAO dao = getDAO(Vote.class); @@ -510,4 +439,4 @@ pollResultsService.generateResult(poll); } -} //voteservice +} Modified: trunk/pollen-services/src/main/resources/i18n/pollen-services_en_GB.properties =================================================================== --- trunk/pollen-services/src/main/resources/i18n/pollen-services_en_GB.properties 2012-06-16 12:38:50 UTC (rev 3492) +++ trunk/pollen-services/src/main/resources/i18n/pollen-services_en_GB.properties 2012-06-16 20:33:49 UTC (rev 3493) @@ -44,3 +44,6 @@ pollen.feed.updateVoteTitle=Vote modified for '%s' pollen.info.admin.created=Super admin was created with login %1$s pollen.info.admin.exists=Super admin already exists +pollen.security.error.poll.not.closed.and.results.not.continuous=The poll is not closed and results are not continuous +pollen.security.error.poll.not.free.and.access.not.granted=You can not access to this non free poll +pollen.security.error.poll.result.private.and.access.not.granted=Results of the poll are private and you do not have credentials to see them Modified: trunk/pollen-services/src/main/resources/i18n/pollen-services_fr_FR.properties =================================================================== --- trunk/pollen-services/src/main/resources/i18n/pollen-services_fr_FR.properties 2012-06-16 12:38:50 UTC (rev 3492) +++ trunk/pollen-services/src/main/resources/i18n/pollen-services_fr_FR.properties 2012-06-16 20:33:49 UTC (rev 3493) @@ -44,3 +44,6 @@ pollen.feed.updateVoteTitle=Vote modifié de '%s' pollen.info.admin.created=Le super admin a été créé avec l'identifiant %1$s. pollen.info.admin.exists=Le super admin existe déjà +pollen.security.error.poll.not.closed.and.results.not.continuous=Vous n'avez pas accès aux résultats de ce sondage (résultats non continus et sondage non fermé) +pollen.security.error.poll.not.free.and.access.not.granted=Vous n'avez pas accès à ce sondage restreint +pollen.security.error.poll.result.private.and.access.not.granted=Vous n'avez pas accès aux résultats privés de ce sondage