#395 feature - Implemented pack section

Roberto Sánchez

2014-01-22 79121484b7e6f721f5435a102018152a164ed655

 securis/src/main/java/net/curisit/securis/services/PackResource.java
..
..
@@ -1,8 +1,10 @@
1
1
 package net.curisit.securis.services;
2
2
 
3
+import java.security.Principal;
3
4
 import java.util.Date;
4
5
 import java.util.List;
5
6
 
7
+import javax.annotation.security.RolesAllowed;
6
8
 import javax.inject.Inject;
7
9
 import javax.inject.Provider;
8
10
 import javax.persistence.EntityManager;
..
..
@@ -23,10 +25,10 @@
23
25
 import javax.ws.rs.core.Response.Status;
24
26
 
25
27
 import net.curisit.integrity.commons.Utils;
26
-import net.curisit.integrity.exception.CurisException;
27
28
 import net.curisit.securis.DefaultExceptionHandler;
28
29
 import net.curisit.securis.db.Pack;
29
-import net.curisit.securis.db.User;
30
+import net.curisit.securis.security.BasicSecurityContext;
31
+import net.curisit.securis.security.Securable;
30
32
 import net.curisit.securis.utils.TokenHelper;
31
33
 
32
34
 import org.slf4j.Logger;
..
..
@@ -59,17 +61,35 @@
59
61
 	 */
60
62
 	@GET
61
63
 	@Path("/")
64
+	@Securable
62
65
 	@Produces(
63
66
 		{ MediaType.APPLICATION_JSON })
64
-	public Response index() {
67
+	public Response index(@Context BasicSecurityContext bsc) {
65
68
 		log.info("Getting packs list ");
66
69
 
67
70
 		EntityManager em = emProvider.get();
68
-		TypedQuery<Pack> q = em.createNamedQuery("list-packs-by-orgs", Pack.class);
71
+		// TypedQuery<Pack> q = em.createNamedQuery("list-packs-by-orgs", Pack.class);
72
+
73
+		TypedQuery<Pack> q;
74
+		if (bsc.isUserInRole(BasicSecurityContext.ROL_ADMIN)) {
75
+			log.info("Getting all packs for user: " + bsc.getUserPrincipal());
76
+			q = em.createNamedQuery("list-packs", Pack.class);
77
+		} else {
78
+			q = em.createNamedQuery("list-packs-by-orgs", Pack.class);
79
+			if (bsc.getOrganizationsIds() == null)
80
+				Response.ok().build();
81
+			// log.info("Getting only {} orgs for user: {}", securityContext.getOrganizationsIds(), securityContext.getUserPrincipal());
82
+			q.setParameter("list_ids", bsc.getOrganizationsIds());
83
+		}
69
84
 
70
85
 		List<Pack> list = q.getResultList();
71
86
 
72
87
 		return Response.ok(list).build();
88
+	}
89
+
90
+	private Response generateErrorUnathorizedAccess(Pack pack, Principal user) {
91
+		log.error("Pack with id {} not accesible by user {}", pack, user);
92
+		return Response.status(Status.UNAUTHORIZED).header(DefaultExceptionHandler.ERROR_MESSAGE_HEADER, "Unathorized access to pack").build();
73
93
 	}
74
94
 
75
95
 	/**
..
..
@@ -78,9 +98,10 @@
78
98
 	 */
79
99
 	@GET
80
100
 	@Path("/{packId}")
101
+	@Securable
81
102
 	@Produces(
82
103
 		{ MediaType.APPLICATION_JSON })
83
-	public Response get(@PathParam("packId") String packId, @HeaderParam(TokenHelper.TOKEN_HEADER_PÀRAM) String token) {
104
+	public Response get(@PathParam("packId") String packId, @Context BasicSecurityContext bsc) {
84
105
 		log.info("Getting pack data for id: {}: ", packId);
85
106
 		if (packId == null || packId.equals("")) {
86
107
 			log.error("Pack ID is mandatory");
..
..
@@ -88,16 +109,23 @@
88
109
 		}
89
110
 
90
111
 		EntityManager em = emProvider.get();
91
-		Pack lt = em.find(Pack.class, Integer.parseInt(packId));
92
-		if (lt == null) {
112
+		Pack pack = em.find(Pack.class, Integer.parseInt(packId));
113
+		if (pack == null) {
93
114
 			log.error("Pack with id {} not found in DB", packId);
94
115
 			return Response.status(Status.NOT_FOUND).build();
95
116
 		}
96
-		return Response.ok(lt).build();
117
+		if (bsc.isUserInRole(BasicSecurityContext.ROL_ADVANCE)) {
118
+			if (bsc.getOrganizationsIds() == null || !bsc.getOrganizationsIds().contains(pack.getOrgId())) {
119
+				return generateErrorUnathorizedAccess(pack, bsc.getUserPrincipal());
120
+			}
121
+		}
122
+		return Response.ok(pack).build();
97
123
 	}
98
124
 
99
125
 	@POST
100
126
 	@Path("/")
127
+	@Securable
128
+	@RolesAllowed(BasicSecurityContext.ROL_ADMIN)
101
129
 	@Consumes(MediaType.APPLICATION_JSON)
102
130
 	@Produces(
103
131
 		{ MediaType.APPLICATION_JSON })
..
..
@@ -112,21 +140,12 @@
112
140
 		return Response.ok(pack).build();
113
141
 	}
114
142
 
115
-	private User getUser(String username, EntityManager em) throws CurisException {
116
-		User user = null;
117
-		if (username != null) {
118
-			user = em.find(User.class, username);
119
-			if (user == null) {
120
-				throw new CurisException("User not found");
121
-			}
122
-		}
123
-		return user;
124
-	}
125
-
126
143
 	@PUT
127
144
 	@POST
128
145
 	@Path("/{packId}")
129
146
 	@Transactional
147
+	@Securable
148
+	@RolesAllowed(BasicSecurityContext.ROL_ADMIN)
130
149
 	@Consumes(MediaType.APPLICATION_JSON)
131
150
 	@Produces(
132
151
 		{ MediaType.APPLICATION_JSON })
..
..
@@ -141,6 +160,8 @@
141
160
 
142
161
 	@DELETE
143
162
 	@Path("/{packId}")
163
+	@Securable
164
+	@RolesAllowed(BasicSecurityContext.ROL_ADMIN)
144
165
 	@Transactional
145
166
 	@Produces(
146
167
 		{ MediaType.APPLICATION_JSON })