From ef7eb92f78ed8ab6f1ee5b91a0f23645229d44db Mon Sep 17 00:00:00 2001 From: chasegawa Date: Fri, 28 Oct 2022 15:03:53 -0700 Subject: [PATCH 1/4] SHIBUI-2394 Changes for 2440 odd behavior in fetch lists for action required screens --- .../admin/ui/service/JPAEntityDescriptorServiceImpl.java | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java index b40c934cd..b57e517dd 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java @@ -181,9 +181,11 @@ public EntityDescriptorRepresentation changeApproveStatusOfEntityDescriptor(Stri if (status) { // approve int approvedCount = ed.approvedCount(); List approversList = groupService.find(ed.getIdOfOwner()).getApproversList(); - if (!approversList.isEmpty() && approversList.size() > approvedCount) { - Approvers approvers = approversList.get( - approvedCount); // yea for index zero - use the count to get the next approvers + if (approversList.isEmpty() && userService.currentUserIsAdmin()){ + ed.setApproved(true); + ed = entityDescriptorRepository.save(ed); + } else if (!approversList.isEmpty() && approversList.size() > approvedCount) { + Approvers approvers = approversList.get(approvedCount); // yea for index zero - use the count to get the next approvers if (!userService.currentUserCanApprove(approvers.getApproverGroups())) { throw new ForbiddenException("You do not have the permissions necessary to approve this entity descriptor."); } From c203f51cf9f5d6e3e89110fa06489aaffd121e52 Mon Sep 17 00:00:00 2001 From: Dmitriy Kopylenko Date: Mon, 31 Oct 2022 12:10:12 -0400 Subject: [PATCH 2/4] Wip of the authorization API --- .../service/IPersistentEntityTupple.java | 14 ++++++++++++ .../service/IShibUiPermissionEvaluator.java | 22 +++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IPersistentEntityTupple.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IShibUiPermissionEvaluator.java diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IPersistentEntityTupple.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IPersistentEntityTupple.java new file mode 100644 index 000000000..c79c7b513 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IPersistentEntityTupple.java @@ -0,0 +1,14 @@ +package edu.internet2.tier.shibboleth.admin.ui.security.service; + +import java.io.Serializable; + +/** + * Will be used as a key for PersmissionEvaluator return types + */ +public interface IPersistentEntityTupple extends Serializable { + + String getId(); + + Class getType(); + +} diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IShibUiPermissionEvaluator.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IShibUiPermissionEvaluator.java new file mode 100644 index 000000000..2482f34fd --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IShibUiPermissionEvaluator.java @@ -0,0 +1,22 @@ +package edu.internet2.tier.shibboleth.admin.ui.security.service; + +import org.springframework.security.access.PermissionEvaluator; +import org.springframework.security.core.Authentication; + +import java.util.Collection; +import java.util.Map; + +public interface IShibUiPermissionEvaluator extends PermissionEvaluator { + + Collection getPersistentEntitiesWithPermission(Authentication authentication, Object permission); + + /** + * Get ALL persistent entities that user has access to + * @param authentication + * @return + */ + Map getPersistentEntities(Authentication authentication); + + Map getPersistentEntities(Authentication authentication, Class clazz); + +} From 3902884298595c5fff1ef5b1089826dd60559fff Mon Sep 17 00:00:00 2001 From: Dmitriy Kopylenko Date: Mon, 31 Oct 2022 12:12:29 -0400 Subject: [PATCH 3/4] Typo rename --- ...sistentEntityTupple.java => IPersistentEntityTuple.java} | 2 +- .../ui/security/service/IShibUiPermissionEvaluator.java | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) rename backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/{IPersistentEntityTupple.java => IPersistentEntityTuple.java} (76%) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IPersistentEntityTupple.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IPersistentEntityTuple.java similarity index 76% rename from backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IPersistentEntityTupple.java rename to backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IPersistentEntityTuple.java index c79c7b513..7bc796793 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IPersistentEntityTupple.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IPersistentEntityTuple.java @@ -5,7 +5,7 @@ /** * Will be used as a key for PersmissionEvaluator return types */ -public interface IPersistentEntityTupple extends Serializable { +public interface IPersistentEntityTuple extends Serializable { String getId(); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IShibUiPermissionEvaluator.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IShibUiPermissionEvaluator.java index 2482f34fd..0f4a144bf 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IShibUiPermissionEvaluator.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IShibUiPermissionEvaluator.java @@ -15,8 +15,8 @@ public interface IShibUiPermissionEvaluator extends PermissionEvaluator { * @param authentication * @return */ - Map getPersistentEntities(Authentication authentication); + Map getPersistentEntities(Authentication authentication); + + Map getPersistentEntities(Authentication authentication, Class clazz); - Map getPersistentEntities(Authentication authentication, Class clazz); - } From a603d19b65cb4bf9fc011a40f30dfdb20b96ff92 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 31 Oct 2022 12:40:30 -0700 Subject: [PATCH 4/4] SHIBUI-2394 Changes for abstracting permission stuff --- .../permission/IPersistentEntityTuple.java | 22 +++++++++++++++++ .../IShibUiPermissionEvaluator.java | 24 +++++++++++++++++++ .../security/permission/PermissionType.java | 5 ++++ .../ui/security/permission/ShibUiService.java | 4 ++++ .../ui/security/permission/ShibUiType.java | 5 ++++ .../service/IPersistentEntityTuple.java | 14 ----------- .../service/IShibUiPermissionEvaluator.java | 22 ----------------- .../ui/security/service/UserService.java | 5 ++++ 8 files changed, 65 insertions(+), 36 deletions(-) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/IPersistentEntityTuple.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/IShibUiPermissionEvaluator.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/PermissionType.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/ShibUiService.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/ShibUiType.java delete mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IPersistentEntityTuple.java delete mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IShibUiPermissionEvaluator.java diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/IPersistentEntityTuple.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/IPersistentEntityTuple.java new file mode 100644 index 000000000..d8ed1b4f4 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/IPersistentEntityTuple.java @@ -0,0 +1,22 @@ +package edu.internet2.tier.shibboleth.admin.ui.security.permission; + +import java.io.Serializable; + +/** + * Will be used as a key for PersmissionEvaluator return types + */ +public interface IPersistentEntityTuple extends Serializable { + /** + * Returns the database id of the database-entity. The id may originally be string, int, long, etc - it will be up to implementing + * code to correctly hand the id based on the type of entity when using the id to fetch. + * @return String the id of the entity. + */ + String getId(); + + /** + * The persistant entity type associated with the id + * @return the class of the database entity that the id is associated with + */ + Class getType(); + +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/IShibUiPermissionEvaluator.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/IShibUiPermissionEvaluator.java new file mode 100644 index 000000000..6d3bb1944 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/IShibUiPermissionEvaluator.java @@ -0,0 +1,24 @@ +package edu.internet2.tier.shibboleth.admin.ui.security.permission; + +import org.springframework.security.access.PermissionEvaluator; +import org.springframework.security.core.Authentication; + +import java.util.Collection; +import java.util.Map; + +public interface IShibUiPermissionEvaluator extends PermissionEvaluator { +// +// /** +// * For a given permission, find all the persistant entities a user has rights to. +// */ +// Collection getPersistentEntitiesWithPermission(Authentication authentication, Object permission); +// +// /** +// * Get ALL persistent entities that user has access to +// * @param authentication +// * @return a map. The key value will be the entity tuple and the value portions will be the set of permissions a user has on those objects +// */ +// Map getPersistentEntities(Authentication authentication); + + Collection getPersistentEntities(Authentication authentication, ShibUiType type, PermissionType permissionType); +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/PermissionType.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/PermissionType.java new file mode 100644 index 000000000..a0bf59af2 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/PermissionType.java @@ -0,0 +1,5 @@ +package edu.internet2.tier.shibboleth.admin.ui.security.permission; + +public enum PermissionType { + admin, enable, approver, user; +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/ShibUiService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/ShibUiService.java new file mode 100644 index 000000000..9a8271402 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/ShibUiService.java @@ -0,0 +1,4 @@ +package edu.internet2.tier.shibboleth.admin.ui.security.permission; + +public class ShibUiService { +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/ShibUiType.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/ShibUiType.java new file mode 100644 index 000000000..250f54eb3 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/permission/ShibUiType.java @@ -0,0 +1,5 @@ +package edu.internet2.tier.shibboleth.admin.ui.security.permission; + +public enum ShibUiType { + approvable, entityDescriptor +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IPersistentEntityTuple.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IPersistentEntityTuple.java deleted file mode 100644 index 7bc796793..000000000 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IPersistentEntityTuple.java +++ /dev/null @@ -1,14 +0,0 @@ -package edu.internet2.tier.shibboleth.admin.ui.security.service; - -import java.io.Serializable; - -/** - * Will be used as a key for PersmissionEvaluator return types - */ -public interface IPersistentEntityTuple extends Serializable { - - String getId(); - - Class getType(); - -} diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IShibUiPermissionEvaluator.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IShibUiPermissionEvaluator.java deleted file mode 100644 index 0f4a144bf..000000000 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IShibUiPermissionEvaluator.java +++ /dev/null @@ -1,22 +0,0 @@ -package edu.internet2.tier.shibboleth.admin.ui.security.service; - -import org.springframework.security.access.PermissionEvaluator; -import org.springframework.security.core.Authentication; - -import java.util.Collection; -import java.util.Map; - -public interface IShibUiPermissionEvaluator extends PermissionEvaluator { - - Collection getPersistentEntitiesWithPermission(Authentication authentication, Object permission); - - /** - * Get ALL persistent entities that user has access to - * @param authentication - * @return - */ - Map getPersistentEntities(Authentication authentication); - - Map getPersistentEntities(Authentication authentication, Class clazz); - -} diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java index 44de0f9d6..684be9009 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java @@ -18,6 +18,7 @@ import lombok.NoArgsConstructor; import org.apache.commons.lang.StringUtils; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; @@ -108,6 +109,10 @@ public Optional findByUsername(String username) { return userRepository.findByUsername(username); } + public Authentication getCurrentUserAuthentication() { + return SecurityContextHolder.getContext().getAuthentication(); + } + public User getCurrentUser() { //TODO: Consider returning an Optional here User user = null;