| .. | .. |
|---|
| 4 | 4 | import java.util.Date; |
|---|
| 5 | 5 | import java.util.List; |
|---|
| 6 | 6 | |
|---|
| 7 | +import javax.annotation.security.RolesAllowed; |
|---|
| 7 | 8 | import javax.inject.Inject; |
|---|
| 8 | 9 | import javax.inject.Provider; |
|---|
| 9 | 10 | import javax.persistence.EntityManager; |
|---|
| .. | .. |
|---|
| 27 | 28 | import net.curisit.securis.SecurisErrorHandler; |
|---|
| 28 | 29 | import net.curisit.securis.db.Organization; |
|---|
| 29 | 30 | import net.curisit.securis.db.User; |
|---|
| 31 | +import net.curisit.securis.security.BasicSecurityContext; |
|---|
| 32 | +import net.curisit.securis.security.Securable; |
|---|
| 30 | 33 | import net.curisit.securis.utils.TokenHelper; |
|---|
| 31 | 34 | |
|---|
| 35 | +import org.jboss.resteasy.spi.ResteasyProviderFactory; |
|---|
| 32 | 36 | import org.slf4j.Logger; |
|---|
| 33 | 37 | import org.slf4j.LoggerFactory; |
|---|
| 34 | 38 | |
|---|
| .. | .. |
|---|
| 45 | 49 | private static final Logger log = LoggerFactory.getLogger(OrganizationResource.class); |
|---|
| 46 | 50 | |
|---|
| 47 | 51 | @Inject |
|---|
| 48 | | - TokenHelper tokenHelper; |
|---|
| 49 | | - |
|---|
| 50 | | - @Inject |
|---|
| 51 | | - Provider<EntityManager> emProvider; |
|---|
| 52 | + private Provider<EntityManager> emProvider; |
|---|
| 52 | 53 | |
|---|
| 53 | 54 | public OrganizationResource() { |
|---|
| 54 | 55 | } |
|---|
| .. | .. |
|---|
| 61 | 62 | @Path("/") |
|---|
| 62 | 63 | @Produces( |
|---|
| 63 | 64 | { MediaType.APPLICATION_JSON }) |
|---|
| 64 | | - public Response index() { |
|---|
| 65 | + @Securable |
|---|
| 66 | + // @RolesAllowed(SecurityContextWrapper.ROL_ADVANCE) |
|---|
| 67 | + public Response index(@Context BasicSecurityContext bsc) { |
|---|
| 65 | 68 | log.info("Getting organizations list "); |
|---|
| 66 | 69 | |
|---|
| 70 | + // log.info("User orgs: {}", request.getAttribute("oser_orgs")); |
|---|
| 71 | + BasicSecurityContext bsc2 = ResteasyProviderFactory.getContextData(BasicSecurityContext.class); |
|---|
| 72 | + log.info("bsc: {}", bsc); |
|---|
| 73 | + log.info("bsc2: {}", bsc2); |
|---|
| 74 | + // log.info("securityContext: {}", scw); |
|---|
| 75 | + log.info("securityContext ROL_ADMIN?: {}", bsc.isUserInRole(BasicSecurityContext.ROL_ADMIN)); |
|---|
| 67 | 76 | EntityManager em = emProvider.get(); |
|---|
| 68 | | - TypedQuery<Organization> q = em.createNamedQuery("list-organizations", Organization.class); |
|---|
| 77 | + TypedQuery<Organization> q; |
|---|
| 78 | + if (bsc.isUserInRole(BasicSecurityContext.ROL_ADMIN)) { |
|---|
| 79 | + log.info("GEtting all orgs for user: " + bsc.getUserPrincipal()); |
|---|
| 80 | + q = em.createNamedQuery("list-organizations", Organization.class); |
|---|
| 81 | + } else { |
|---|
| 82 | + q = em.createNamedQuery("list-organizations", Organization.class); |
|---|
| 83 | + // if (securityContext.getOrganizationsIds() == null) |
|---|
| 84 | + // Response.ok().build(); |
|---|
| 85 | + // log.info("Getting only {} orgs for user: {}", securityContext.getOrganizationsIds(), securityContext.getUserPrincipal()); |
|---|
| 86 | + // q = em.createNamedQuery("list-organizations-by-ids", Organization.class); |
|---|
| 87 | + // q.setParameter("list_ids", securityContext.getOrganizationsIds()); |
|---|
| 88 | + } |
|---|
| 69 | 89 | |
|---|
| 70 | 90 | List<Organization> list = q.getResultList(); |
|---|
| 71 | 91 | |
|---|
| .. | .. |
|---|
| 80 | 100 | @Path("/{orgid}") |
|---|
| 81 | 101 | @Produces( |
|---|
| 82 | 102 | { MediaType.APPLICATION_JSON }) |
|---|
| 103 | + @Securable |
|---|
| 83 | 104 | public Response get(@PathParam("orgid") String orgid, @HeaderParam(TokenHelper.TOKEN_HEADER_PÀRAM) String token) { |
|---|
| 84 | 105 | log.info("Getting organization data for id: {}: ", orgid); |
|---|
| 85 | 106 | if (orgid == null || orgid.equals("")) { |
|---|
| 86 | 107 | log.error("Organization ID is mandatory"); |
|---|
| 87 | 108 | return Response.status(Status.NOT_FOUND).build(); |
|---|
| 88 | 109 | } |
|---|
| 110 | + // if (!securityContext.isOrgAccesible(Integer.parseInt(orgid))) { |
|---|
| 111 | + // log.error("Organization with id {} not accessible for user: {}", orgid, securityContext.getUserPrincipal()); |
|---|
| 112 | + // return Response.status(Status.UNAUTHORIZED).build(); |
|---|
| 113 | + // } |
|---|
| 89 | 114 | |
|---|
| 90 | 115 | EntityManager em = emProvider.get(); |
|---|
| 91 | 116 | Organization lt = em.find(Organization.class, Integer.parseInt(orgid)); |
|---|
| .. | .. |
|---|
| 111 | 136 | @Produces( |
|---|
| 112 | 137 | { MediaType.APPLICATION_JSON }) |
|---|
| 113 | 138 | @Transactional |
|---|
| 139 | + @Securable |
|---|
| 140 | + @RolesAllowed(BasicSecurityContext.ROL_ADMIN) |
|---|
| 114 | 141 | public Response create(Organization org, @HeaderParam(TokenHelper.TOKEN_HEADER_PÀRAM) String token) { |
|---|
| 115 | 142 | log.info("Creating new organization"); |
|---|
| 116 | 143 | EntityManager em = emProvider.get(); |
|---|
| .. | .. |
|---|
| 151 | 178 | @Consumes(MediaType.APPLICATION_JSON) |
|---|
| 152 | 179 | @Produces( |
|---|
| 153 | 180 | { MediaType.APPLICATION_JSON }) |
|---|
| 181 | + @Securable |
|---|
| 182 | + @RolesAllowed(BasicSecurityContext.ROL_ADMIN) |
|---|
| 154 | 183 | public Response modify(Organization org, @PathParam("orgid") String orgid, @HeaderParam(TokenHelper.TOKEN_HEADER_PÀRAM) String token) { |
|---|
| 155 | 184 | log.info("Modifying organization with id: {}", orgid); |
|---|
| 156 | 185 | EntityManager em = emProvider.get(); |
|---|
| .. | .. |
|---|
| 201 | 230 | @Transactional |
|---|
| 202 | 231 | @Produces( |
|---|
| 203 | 232 | { MediaType.APPLICATION_JSON }) |
|---|
| 233 | + @Securable |
|---|
| 234 | + @RolesAllowed(BasicSecurityContext.ROL_ADMIN) |
|---|
| 204 | 235 | public Response delete(@PathParam("orgid") String orgid, @Context HttpServletRequest request) { |
|---|
| 205 | 236 | log.info("Deleting organization with id: {}", orgid); |
|---|
| 206 | 237 | EntityManager em = emProvider.get(); |
|---|
