Author: ilgrosso
Date: Thu Jan 9 15:57:14 2014
New Revision: 1556848
URL: http://svn.apache.org/r1556848
Log:
[SYNCOPE-474] Allowing self-read via username (even with roles)
Modified:
syncope/branches/1_1_X/console/src/main/java/org/apache/syncope/console/pages/UserRequestModalPage.java
syncope/branches/1_1_X/console/src/main/java/org/apache/syncope/console/pages/panels/UserDetailsPanel.java
syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/rest/data/UserDataBinder.java
Modified:
syncope/branches/1_1_X/console/src/main/java/org/apache/syncope/console/pages/UserRequestModalPage.java
URL:
http://svn.apache.org/viewvc/syncope/branches/1_1_X/console/src/main/java/org/apache/syncope/console/pages/UserRequestModalPage.java?rev=1556848&r1=1556847&r2=1556848&view=diff
==============================================================================
---
syncope/branches/1_1_X/console/src/main/java/org/apache/syncope/console/pages/UserRequestModalPage.java
(original)
+++
syncope/branches/1_1_X/console/src/main/java/org/apache/syncope/console/pages/UserRequestModalPage.java
Thu Jan 9 15:57:14 2014
@@ -47,7 +47,7 @@ public class UserRequestModalPage extend
public UserRequestModalPage(final PageReference callerPageRef, final
ModalWindow window, final UserTO userTO,
final Mode mode) {
- super(callerPageRef, window, userTO, mode, false);
+ super(callerPageRef, window, userTO, mode, true);
setupEditPanel();
}
Modified:
syncope/branches/1_1_X/console/src/main/java/org/apache/syncope/console/pages/panels/UserDetailsPanel.java
URL:
http://svn.apache.org/viewvc/syncope/branches/1_1_X/console/src/main/java/org/apache/syncope/console/pages/panels/UserDetailsPanel.java?rev=1556848&r1=1556847&r2=1556848&view=diff
==============================================================================
---
syncope/branches/1_1_X/console/src/main/java/org/apache/syncope/console/pages/panels/UserDetailsPanel.java
(original)
+++
syncope/branches/1_1_X/console/src/main/java/org/apache/syncope/console/pages/panels/UserDetailsPanel.java
Thu Jan 9 15:57:14 2014
@@ -113,7 +113,6 @@ public class UserDetailsPanel extends Pa
@Override
public void onComponentTag(final Component component, final
ComponentTag tag) {
-
if (userTO.getId() > 0) {
tag.put("style", "display:none;");
}
Modified:
syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/rest/data/UserDataBinder.java
URL:
http://svn.apache.org/viewvc/syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/rest/data/UserDataBinder.java?rev=1556848&r1=1556847&r2=1556848&view=diff
==============================================================================
---
syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/rest/data/UserDataBinder.java
(original)
+++
syncope/branches/1_1_X/core/src/main/java/org/apache/syncope/core/rest/data/UserDataBinder.java
Thu Jan 9 15:57:14 2014
@@ -75,6 +75,15 @@ public class UserDataBinder extends Abst
@Resource(name = "adminUser")
private String adminUser;
+ private void checkPermissions(final SyncopeUser user) {
+ Set<Long> roleIds = user.getRoleIds();
+ Set<Long> adminRoleIds =
EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
+ roleIds.removeAll(adminRoleIds);
+ if (!roleIds.isEmpty()) {
+ throw new UnauthorizedRoleException(roleIds);
+ }
+ }
+
@Transactional(readOnly = true)
public SyncopeUser getUserFromId(final Long userId) {
if (userId == null) {
@@ -87,12 +96,25 @@ public class UserDataBinder extends Abst
}
if
(!user.getUsername().equals(EntitlementUtil.getAuthenticatedUsername())) {
- Set<Long> roleIds = user.getRoleIds();
- Set<Long> adminRoleIds =
EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
- roleIds.removeAll(adminRoleIds);
- if (!roleIds.isEmpty()) {
- throw new UnauthorizedRoleException(roleIds);
- }
+ checkPermissions(user);
+ }
+
+ return user;
+ }
+
+ @Transactional(readOnly = true)
+ public SyncopeUser getUserFromUsername(final String username) {
+ if (username == null) {
+ throw new NotFoundException("Null username");
+ }
+
+ SyncopeUser user = userDAO.find(username);
+ if (user == null) {
+ throw new NotFoundException("User " + username);
+ }
+
+ if (!username.equals(EntitlementUtil.getAuthenticatedUsername())) {
+ checkPermissions(user);
}
return user;
@@ -125,28 +147,6 @@ public class UserDataBinder extends Abst
return PasswordEncoder.verify(password, user.getCipherAlgorithm(),
user.getPassword());
}
- @Transactional(readOnly = true)
- public SyncopeUser getUserFromUsername(final String username) {
- if (username == null) {
- throw new NotFoundException("Null username");
- }
-
- SyncopeUser user = userDAO.find(username);
- if (user == null) {
- throw new NotFoundException("User " + username);
- }
-
- Set<Long> roleIds = user.getRoleIds();
- Set<Long> adminRoleIds =
EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
- roleIds.removeAll(adminRoleIds);
-
- if (!roleIds.isEmpty()) {
- throw new UnauthorizedRoleException(roleIds);
- }
-
- return user;
- }
-
/**
* Get predefined password cipher algorithm from SyncopeConf.
*
