[SHIBUI-1058]

Added a method to hide ServiceEnabled from non-admins.
TIER · Jan 18, 2019 · 319214d · 319214d
1 parent 7bbf91a
commit 319214d
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 1 deletion.
diff --git a/...nternet2/tier/shibboleth/admin/ui/controller/MetadataSourcesUiDefinitionController.groovy b/...nternet2/tier/shibboleth/admin/ui/controller/MetadataSourcesUiDefinitionController.groovy
@@ -13,6 +13,7 @@ import org.springframework.web.bind.annotation.RequestMapping
 import org.springframework.web.bind.annotation.RestController
 
 import javax.annotation.PostConstruct
+import java.security.Principal
 
 import static edu.internet2.tier.shibboleth.admin.ui.jsonschema.JsonSchemaLocationLookup.metadataSourcesSchema
 import static org.springframework.http.HttpStatus.INTERNAL_SERVER_ERROR
@@ -42,9 +43,10 @@ class MetadataSourcesUiDefinitionController {
     JsonSchemaBuilderService jsonSchemaBuilderService
 
     @GetMapping
-    ResponseEntity<?> getUiDefinitionJsonSchema() {
+    ResponseEntity<?> getUiDefinitionJsonSchema(Principal principal) {
         try {
             def parsedJson = jacksonObjectMapper.readValue(this.jsonSchemaLocation.url, Map)
+            jsonSchemaBuilderService.hideServiceEnabledFromNonAdmins(parsedJson, principal)
             jsonSchemaBuilderService.addReleaseAttributesToJson(parsedJson['properties']['attributeRelease']['widget'])
             jsonSchemaBuilderService.addRelyingPartyOverridesToJson(parsedJson['properties']['relyingPartyOverrides'])
             jsonSchemaBuilderService.addRelyingPartyOverridesCollectionDefinitionsToJson(parsedJson["definitions"])

diff --git a/...ain/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JsonSchemaBuilderService.groovy b/...ain/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JsonSchemaBuilderService.groovy
@@ -1,8 +1,13 @@
 package edu.internet2.tier.shibboleth.admin.ui.service
 
 import edu.internet2.tier.shibboleth.admin.ui.configuration.CustomPropertiesConfiguration
+import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository
+import groovy.json.JsonOutput
+import org.apache.commons.lang.StringUtils
 import org.springframework.beans.factory.annotation.Autowired
 
+import java.security.Principal
+
 /**
  * @author Bill Smith (wsmith@unicon.net)
  */
@@ -11,6 +16,12 @@ class JsonSchemaBuilderService {
     @Autowired
     CustomPropertiesConfiguration customPropertiesConfiguration
 
+    UserRepository userRepository;
+
+    JsonSchemaBuilderService(UserRepository userRepository) {
+        this.userRepository = userRepository
+    }
+
     void addReleaseAttributesToJson(Object json) {
         json['data'] = customPropertiesConfiguration.getAttributes().collect {
             [key: it['name'], label: it['displayName']]
@@ -62,4 +73,17 @@ class JsonSchemaBuilderService {
             json[(String) it['name']] = definition
         }
     }
+
+    void hideServiceEnabledFromNonAdmins(Map json, Principal principal) {
+        if (principal != null && StringUtils.isNotBlank(principal.getName())) {
+            def user = userRepository.findByUsername(principal.getName())
+            if (user.isPresent() && user.get().role != 'ROLE_ADMIN') {
+                // user isn't an admin, so hide 'ServiceEnabled'
+                Map<String, String> serviceEnabled = (HashMap) json['properties']['serviceEnabled']
+                serviceEnabled['type'] = 'hidden'
+                serviceEnabled.remove('title')
+                serviceEnabled.remove('description')
+            }
+        }
+    }
 }