Merge branch 'feature/shibui-2394' of bitbucket.org:unicon/shib-idp-u…

…i into feature/shibui-2394
TIER · Oct 31, 2022 · 7ea6418 · 7ea6418
2 parents 8dcfb12 + a603d19
commit 7ea6418
Show file tree

Hide file tree

Showing 7 changed files with 70 additions and 3 deletions.
diff --git a/...va/edu/internet2/tier/shibboleth/admin/ui/security/permission/IPersistentEntityTuple.java b/...va/edu/internet2/tier/shibboleth/admin/ui/security/permission/IPersistentEntityTuple.java
@@ -0,0 +1,22 @@
+package edu.internet2.tier.shibboleth.admin.ui.security.permission;
+
+import java.io.Serializable;
+
+/**
+ * Will be used as a key for PersmissionEvaluator return types
+ */
+public interface IPersistentEntityTuple extends Serializable {
+    /**
+     * Returns the database id of the database-entity. The id may originally be string, int, long, etc - it will be up to implementing
+     * code to correctly hand the id based on the type of entity when using the id to fetch.
+     * @return String the id of the entity.
+     */
+    String getId();
+
+    /**
+     * The persistant entity type associated with the id
+     * @return the class of the database entity that the id is associated with
+     */
+    Class getType();
+
+}
diff --git a/...du/internet2/tier/shibboleth/admin/ui/security/permission/IShibUiPermissionEvaluator.java b/...du/internet2/tier/shibboleth/admin/ui/security/permission/IShibUiPermissionEvaluator.java
@@ -0,0 +1,24 @@
+package edu.internet2.tier.shibboleth.admin.ui.security.permission;
+
+import org.springframework.security.access.PermissionEvaluator;
+import org.springframework.security.core.Authentication;
+
+import java.util.Collection;
+import java.util.Map;
+
+public interface IShibUiPermissionEvaluator extends PermissionEvaluator {
+//
+//    /**
+//     * For a given permission, find all the persistant entities a user has rights to.
+//     */
+//    Collection getPersistentEntitiesWithPermission(Authentication authentication, Object permission);
+//
+//    /**
+//     * Get ALL persistent entities that user has access to
+//     * @param authentication
+//     * @return a map. The key value will be the entity tuple and the value portions will be the set of permissions a user has on those objects
+//     */
+//    Map<IPersistentEntityTuple, Object> getPersistentEntities(Authentication authentication);
+
+    Collection getPersistentEntities(Authentication authentication, ShibUiType type, PermissionType permissionType);
+}
diff --git a/.../main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/PermissionType.java b/.../main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/PermissionType.java
@@ -0,0 +1,5 @@
+package edu.internet2.tier.shibboleth.admin.ui.security.permission;
+
+public enum PermissionType {
+    admin, enable, approver, user;
+}
diff --git a/...c/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/ShibUiService.java b/...c/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/ShibUiService.java
@@ -0,0 +1,4 @@
+package edu.internet2.tier.shibboleth.admin.ui.security.permission;
+
+public class ShibUiService {
+}
diff --git a/.../src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/ShibUiType.java b/.../src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/ShibUiType.java
@@ -0,0 +1,5 @@
+package edu.internet2.tier.shibboleth.admin.ui.security.permission;
+
+public enum ShibUiType {
+    approvable, entityDescriptor
+}
diff --git a/...nd/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java b/...nd/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java
@@ -18,6 +18,7 @@
 import lombok.NoArgsConstructor;
 import org.apache.commons.lang.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
@@ -108,6 +109,10 @@ public Optional<User> findByUsername(String username) {
         return userRepository.findByUsername(username);
     }
 
+    public Authentication getCurrentUserAuthentication() {
+        return SecurityContextHolder.getContext().getAuthentication();
+    }
+
     public User getCurrentUser() {
         //TODO: Consider returning an Optional here
         User user = null;

diff --git a/...n/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java b/...n/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
@@ -181,9 +181,11 @@ public EntityDescriptorRepresentation changeApproveStatusOfEntityDescriptor(Stri
         if (status) { // approve
             int approvedCount = ed.approvedCount();
             List<Approvers> approversList = groupService.find(ed.getIdOfOwner()).getApproversList();
-            if (!approversList.isEmpty() && approversList.size() > approvedCount) {
-                Approvers approvers = approversList.get(
-                                approvedCount); // yea for index zero - use the count to get the next approvers
+            if (approversList.isEmpty() && userService.currentUserIsAdmin()){
+                ed.setApproved(true);
+                ed = entityDescriptorRepository.save(ed);
+            } else if (!approversList.isEmpty() && approversList.size() > approvedCount) {
+                Approvers approvers = approversList.get(approvedCount); // yea for index zero - use the count to get the next approvers
                 if (!userService.currentUserCanApprove(approvers.getApproverGroups())) {
                     throw new ForbiddenException("You do not have the permissions necessary to approve this entity descriptor.");
                 }