From 319214de2c0667b627918b11b45c735a996852e9 Mon Sep 17 00:00:00 2001 From: Bill Smith Date: Fri, 18 Jan 2019 14:18:15 -0700 Subject: [PATCH] [SHIBUI-1058] Added a method to hide ServiceEnabled from non-admins. --- ...tadataSourcesUiDefinitionController.groovy | 4 +++- .../service/JsonSchemaBuilderService.groovy | 24 +++++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataSourcesUiDefinitionController.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataSourcesUiDefinitionController.groovy index d138f3a57..d9b72fa45 100644 --- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataSourcesUiDefinitionController.groovy +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataSourcesUiDefinitionController.groovy @@ -13,6 +13,7 @@ import org.springframework.web.bind.annotation.RequestMapping import org.springframework.web.bind.annotation.RestController import javax.annotation.PostConstruct +import java.security.Principal import static edu.internet2.tier.shibboleth.admin.ui.jsonschema.JsonSchemaLocationLookup.metadataSourcesSchema import static org.springframework.http.HttpStatus.INTERNAL_SERVER_ERROR @@ -42,9 +43,10 @@ class MetadataSourcesUiDefinitionController { JsonSchemaBuilderService jsonSchemaBuilderService @GetMapping - ResponseEntity getUiDefinitionJsonSchema() { + ResponseEntity getUiDefinitionJsonSchema(Principal principal) { try { def parsedJson = jacksonObjectMapper.readValue(this.jsonSchemaLocation.url, Map) + jsonSchemaBuilderService.hideServiceEnabledFromNonAdmins(parsedJson, principal) jsonSchemaBuilderService.addReleaseAttributesToJson(parsedJson['properties']['attributeRelease']['widget']) jsonSchemaBuilderService.addRelyingPartyOverridesToJson(parsedJson['properties']['relyingPartyOverrides']) jsonSchemaBuilderService.addRelyingPartyOverridesCollectionDefinitionsToJson(parsedJson["definitions"]) diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JsonSchemaBuilderService.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JsonSchemaBuilderService.groovy index b98bcab26..8a4fccbf3 100644 --- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JsonSchemaBuilderService.groovy +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JsonSchemaBuilderService.groovy @@ -1,8 +1,13 @@ package edu.internet2.tier.shibboleth.admin.ui.service import edu.internet2.tier.shibboleth.admin.ui.configuration.CustomPropertiesConfiguration +import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository +import groovy.json.JsonOutput +import org.apache.commons.lang.StringUtils import org.springframework.beans.factory.annotation.Autowired +import java.security.Principal + /** * @author Bill Smith (wsmith@unicon.net) */ @@ -11,6 +16,12 @@ class JsonSchemaBuilderService { @Autowired CustomPropertiesConfiguration customPropertiesConfiguration + UserRepository userRepository; + + JsonSchemaBuilderService(UserRepository userRepository) { + this.userRepository = userRepository + } + void addReleaseAttributesToJson(Object json) { json['data'] = customPropertiesConfiguration.getAttributes().collect { [key: it['name'], label: it['displayName']] @@ -62,4 +73,17 @@ class JsonSchemaBuilderService { json[(String) it['name']] = definition } } + + void hideServiceEnabledFromNonAdmins(Map json, Principal principal) { + if (principal != null && StringUtils.isNotBlank(principal.getName())) { + def user = userRepository.findByUsername(principal.getName()) + if (user.isPresent() && user.get().role != 'ROLE_ADMIN') { + // user isn't an admin, so hide 'ServiceEnabled' + Map serviceEnabled = (HashMap) json['properties']['serviceEnabled'] + serviceEnabled['type'] = 'hidden' + serviceEnabled.remove('title') + serviceEnabled.remove('description') + } + } + } }