http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java index 60249f2..d24b678 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java @@ -40,8 +40,8 @@ import org.apache.syncope.common.lib.to.GroupTO; import org.apache.syncope.common.lib.to.ProvisioningResult; import org.apache.syncope.common.lib.types.AnyTypeKind; import org.apache.syncope.common.lib.types.ClientExceptionType; -import org.apache.syncope.common.lib.types.Entitlement; import org.apache.syncope.common.lib.types.PatchOperation; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.misc.utils.RealmUtils; import org.apache.syncope.core.persistence.api.dao.GroupDAO; import org.apache.syncope.core.persistence.api.dao.UserDAO; @@ -95,25 +95,25 @@ public class GroupLogic extends AbstractAnyLogic<GroupTO, GroupPatch> { } } - @PreAuthorize("hasRole('" + Entitlement.GROUP_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.GROUP_READ + "')") @Transactional(readOnly = true) @Override public GroupTO read(final Long key) { return binder.getGroupTO(key); } - @PreAuthorize("isAuthenticated() and not(hasRole('" + Entitlement.ANONYMOUS + "'))") + @PreAuthorize("isAuthenticated() and not(hasRole('" + StandardEntitlement.ANONYMOUS + "'))") @Transactional(readOnly = true) public List<GroupTO> own() { return CollectionUtils.collect( userDAO.findAllGroups(userDAO.find(AuthContextUtils.getUsername())), new Transformer<Group, GroupTO>() { - @Override - public GroupTO transform(final Group input) { - return binder.getGroupTO(input, true); - } - }, new ArrayList<GroupTO>()); + @Override + public GroupTO transform(final Group input) { + return binder.getGroupTO(input, true); + } + }, new ArrayList<GroupTO>()); } @PreAuthorize("isAuthenticated()") @@ -135,30 +135,30 @@ public class GroupLogic extends AbstractAnyLogic<GroupTO, GroupPatch> { page, size, orderBy), new Transformer<Group, GroupTO>() { - @Override - public GroupTO transform(final Group input) { - return binder.getGroupTO(input, details); - } - }, new ArrayList<GroupTO>()); + @Override + public GroupTO transform(final Group input) { + return binder.getGroupTO(input, details); + } + }, new ArrayList<GroupTO>()); } - @PreAuthorize("hasRole('" + Entitlement.GROUP_SEARCH + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.GROUP_SEARCH + "')") @Transactional(readOnly = true) @Override public int searchCount(final SearchCond searchCondition, final List<String> realms) { return searchDAO.count( - getEffectiveRealms(AuthContextUtils.getAuthorizations().get(Entitlement.GROUP_SEARCH), realms), + getEffectiveRealms(AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_SEARCH), realms), searchCondition, AnyTypeKind.GROUP); } - @PreAuthorize("hasRole('" + Entitlement.GROUP_SEARCH + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.GROUP_SEARCH + "')") @Transactional(readOnly = true) @Override public List<GroupTO> search(final SearchCond searchCondition, final int page, final int size, final List<OrderByClause> orderBy, final List<String> realms, final boolean details) { List<Group> matchingGroups = searchDAO.search( - getEffectiveRealms(AuthContextUtils.getAuthorizations().get(Entitlement.GROUP_SEARCH), realms), + getEffectiveRealms(AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_SEARCH), realms), searchCondition, page, size, orderBy, AnyTypeKind.GROUP); return CollectionUtils.collect(matchingGroups, new Transformer<Group, GroupTO>() { @@ -169,7 +169,7 @@ public class GroupLogic extends AbstractAnyLogic<GroupTO, GroupPatch> { }, new ArrayList<GroupTO>()); } - @PreAuthorize("hasRole('" + Entitlement.GROUP_CREATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.GROUP_CREATE + "')") @Override public ProvisioningResult<GroupTO> create(final GroupTO groupTO, final boolean nullPriorityAsync) { Pair<GroupTO, List<LogicActions>> before = beforeCreate(groupTO); @@ -179,7 +179,7 @@ public class GroupLogic extends AbstractAnyLogic<GroupTO, GroupPatch> { } Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.GROUP_CREATE), + AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_CREATE), Collections.singleton(before.getLeft().getRealm())); securityChecks(effectiveRealms, before.getLeft().getRealm(), null); @@ -189,7 +189,7 @@ public class GroupLogic extends AbstractAnyLogic<GroupTO, GroupPatch> { return after(binder.getGroupTO(created.getKey()), created.getRight(), before.getRight()); } - @PreAuthorize("hasRole('" + Entitlement.GROUP_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.GROUP_UPDATE + "')") @Override public ProvisioningResult<GroupTO> update(final GroupPatch groupPatch, final boolean nullPriorityAsync) { GroupTO groupTO = binder.getGroupTO(groupPatch.getKey()); @@ -199,7 +199,7 @@ public class GroupLogic extends AbstractAnyLogic<GroupTO, GroupPatch> { Set<String> requestedRealms = new HashSet<>(); requestedRealms.add(before.getLeft().getRealm().getValue()); Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.USER_UPDATE), + AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), requestedRealms); securityChecks(effectiveRealms, before.getLeft().getRealm().getValue(), before.getLeft().getKey()); } @@ -209,14 +209,14 @@ public class GroupLogic extends AbstractAnyLogic<GroupTO, GroupPatch> { return after(binder.getGroupTO(updated.getKey()), updated.getRight(), before.getRight()); } - @PreAuthorize("hasRole('" + Entitlement.GROUP_DELETE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.GROUP_DELETE + "')") @Override public ProvisioningResult<GroupTO> delete(final Long key, final boolean nullPriorityAsync) { GroupTO group = binder.getGroupTO(key); Pair<GroupTO, List<LogicActions>> before = beforeDelete(group); Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.GROUP_DELETE), + AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_DELETE), Collections.singleton(before.getLeft().getRealm())); securityChecks(effectiveRealms, before.getLeft().getRealm(), before.getLeft().getKey()); @@ -241,13 +241,13 @@ public class GroupLogic extends AbstractAnyLogic<GroupTO, GroupPatch> { return after(groupTO, statuses, before.getRight()); } - @PreAuthorize("hasRole('" + Entitlement.GROUP_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.GROUP_UPDATE + "')") @Override public GroupTO unlink(final Long key, final Collection<String> resources) { // security checks GroupTO group = binder.getGroupTO(key); Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.GROUP_UPDATE), + AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_UPDATE), Collections.singleton(group.getRealm())); securityChecks(effectiveRealms, group.getRealm(), group.getKey()); @@ -264,13 +264,13 @@ public class GroupLogic extends AbstractAnyLogic<GroupTO, GroupPatch> { return binder.getGroupTO(provisioningManager.unlink(patch)); } - @PreAuthorize("hasRole('" + Entitlement.GROUP_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.GROUP_UPDATE + "')") @Override public GroupTO link(final Long key, final Collection<String> resources) { // security checks GroupTO group = binder.getGroupTO(key); Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.GROUP_UPDATE), + AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_UPDATE), Collections.singleton(group.getRealm())); securityChecks(effectiveRealms, group.getRealm(), group.getKey()); @@ -287,7 +287,7 @@ public class GroupLogic extends AbstractAnyLogic<GroupTO, GroupPatch> { return binder.getGroupTO(provisioningManager.link(patch)); } - @PreAuthorize("hasRole('" + Entitlement.GROUP_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.GROUP_UPDATE + "')") @Override public ProvisioningResult<GroupTO> unassign( final Long key, final Collection<String> resources, final boolean nullPriorityAsync) { @@ -295,7 +295,7 @@ public class GroupLogic extends AbstractAnyLogic<GroupTO, GroupPatch> { // security checks GroupTO group = binder.getGroupTO(key); Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.GROUP_UPDATE), + AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_UPDATE), Collections.singleton(group.getRealm())); securityChecks(effectiveRealms, group.getRealm(), group.getKey()); @@ -312,7 +312,7 @@ public class GroupLogic extends AbstractAnyLogic<GroupTO, GroupPatch> { return update(patch, nullPriorityAsync); } - @PreAuthorize("hasRole('" + Entitlement.GROUP_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.GROUP_UPDATE + "')") @Override public ProvisioningResult<GroupTO> assign( final Long key, @@ -324,7 +324,7 @@ public class GroupLogic extends AbstractAnyLogic<GroupTO, GroupPatch> { // security checks GroupTO group = binder.getGroupTO(key); Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.GROUP_UPDATE), + AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_UPDATE), Collections.singleton(group.getRealm())); securityChecks(effectiveRealms, group.getRealm(), group.getKey()); @@ -341,7 +341,7 @@ public class GroupLogic extends AbstractAnyLogic<GroupTO, GroupPatch> { return update(patch, nullPriorityAsync); } - @PreAuthorize("hasRole('" + Entitlement.GROUP_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.GROUP_UPDATE + "')") @Override public ProvisioningResult<GroupTO> deprovision( final Long key, final Collection<String> resources, final boolean nullPriorityAsync) { @@ -349,7 +349,7 @@ public class GroupLogic extends AbstractAnyLogic<GroupTO, GroupPatch> { // security checks GroupTO group = binder.getGroupTO(key); Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.GROUP_UPDATE), + AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_UPDATE), Collections.singleton(group.getRealm())); securityChecks(effectiveRealms, group.getRealm(), group.getKey()); @@ -361,7 +361,7 @@ public class GroupLogic extends AbstractAnyLogic<GroupTO, GroupPatch> { return result; } - @PreAuthorize("hasRole('" + Entitlement.GROUP_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.GROUP_UPDATE + "')") @Override public ProvisioningResult<GroupTO> provision( final Long key, @@ -373,7 +373,7 @@ public class GroupLogic extends AbstractAnyLogic<GroupTO, GroupPatch> { // security checks GroupTO group = binder.getGroupTO(key); Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.GROUP_UPDATE), + AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_UPDATE), Collections.singleton(group.getRealm())); securityChecks(effectiveRealms, group.getRealm(), group.getKey());
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/LoggerLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/LoggerLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/LoggerLogic.java index 30e7374..7b2842d 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/LoggerLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/LoggerLogic.java @@ -47,7 +47,7 @@ import org.apache.syncope.common.lib.types.TaskType; import org.apache.syncope.common.lib.types.UnmatchingRule; import org.apache.syncope.common.lib.types.AnyTypeKind; import org.apache.syncope.common.lib.types.AuditElements; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.persistence.api.dao.ExternalResourceDAO; import org.apache.syncope.core.persistence.api.dao.LoggerDAO; import org.apache.syncope.core.persistence.api.dao.NotFoundException; @@ -99,32 +99,32 @@ public class LoggerLogic extends AbstractTransactionalLogic<LoggerTO> { }, new ArrayList<LoggerTO>()); } - @PreAuthorize("hasRole('" + Entitlement.LOG_LIST + "') and authentication.details.domain == " + @PreAuthorize("hasRole('" + StandardEntitlement.LOG_LIST + "') and authentication.details.domain == " + "T(org.apache.syncope.common.lib.SyncopeConstants).MASTER_DOMAIN") @Transactional(readOnly = true) public List<LoggerTO> listLogs() { return list(LoggerType.LOG); } - @PreAuthorize("hasRole('" + Entitlement.AUDIT_LIST + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.AUDIT_LIST + "')") @Transactional(readOnly = true) public List<AuditLoggerName> listAudits() { return CollectionUtils.collect( IteratorUtils.filteredIterator(list(LoggerType.AUDIT).iterator(), PredicateUtils.notNullPredicate()), new Transformer<LoggerTO, AuditLoggerName>() { - @Override - public AuditLoggerName transform(final LoggerTO logger) { - AuditLoggerName result = null; - try { - result = AuditLoggerName.fromLoggerName(logger.getKey()); - } catch (Exception e) { - LOG.warn("Unexpected audit logger name: {}", logger.getKey(), e); - } + @Override + public AuditLoggerName transform(final LoggerTO logger) { + AuditLoggerName result = null; + try { + result = AuditLoggerName.fromLoggerName(logger.getKey()); + } catch (Exception e) { + LOG.warn("Unexpected audit logger name: {}", logger.getKey(), e); + } - return result; - } - }, new ArrayList<AuditLoggerName>()); + return result; + } + }, new ArrayList<AuditLoggerName>()); } private void throwInvalidLogger(final LoggerType type) { @@ -134,7 +134,7 @@ public class LoggerLogic extends AbstractTransactionalLogic<LoggerTO> { throw sce; } - @PreAuthorize("hasRole('" + Entitlement.LOG_READ + "') and authentication.details.domain == " + @PreAuthorize("hasRole('" + StandardEntitlement.LOG_READ + "') and authentication.details.domain == " + "T(org.apache.syncope.common.lib.SyncopeConstants).MASTER_DOMAIN") @Transactional(readOnly = true) public LoggerTO readLog(final String name) { @@ -146,7 +146,7 @@ public class LoggerLogic extends AbstractTransactionalLogic<LoggerTO> { throw new NotFoundException("Logger " + name); } - @PreAuthorize("hasRole('" + Entitlement.AUDIT_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.AUDIT_READ + "')") @Transactional(readOnly = true) public LoggerTO readAudit(final String name) { for (final AuditLoggerName logger : listAudits()) { @@ -192,13 +192,13 @@ public class LoggerLogic extends AbstractTransactionalLogic<LoggerTO> { return result; } - @PreAuthorize("hasRole('" + Entitlement.LOG_SET_LEVEL + "') and authentication.details.domain == " + @PreAuthorize("hasRole('" + StandardEntitlement.LOG_SET_LEVEL + "') and authentication.details.domain == " + "T(org.apache.syncope.common.lib.SyncopeConstants).MASTER_DOMAIN") public LoggerTO setLogLevel(final String name, final Level level) { return setLevel(name, level, LoggerType.LOG); } - @PreAuthorize("hasRole('" + Entitlement.AUDIT_ENABLE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.AUDIT_ENABLE + "')") public void enableAudit(final AuditLoggerName auditLoggerName) { try { setLevel(auditLoggerName.toLoggerName(), Level.DEBUG, LoggerType.AUDIT); @@ -234,13 +234,13 @@ public class LoggerLogic extends AbstractTransactionalLogic<LoggerTO> { return loggerToDelete; } - @PreAuthorize("hasRole('" + Entitlement.LOG_DELETE + "') and authentication.details.domain == " + @PreAuthorize("hasRole('" + StandardEntitlement.LOG_DELETE + "') and authentication.details.domain == " + "T(org.apache.syncope.common.lib.SyncopeConstants).MASTER_DOMAIN") public LoggerTO deleteLog(final String name) { return delete(name, LoggerType.LOG); } - @PreAuthorize("hasRole('" + Entitlement.AUDIT_DISABLE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.AUDIT_DISABLE + "')") public void disableAudit(final AuditLoggerName auditLoggerName) { try { delete(auditLoggerName.toLoggerName(), LoggerType.AUDIT); @@ -253,7 +253,8 @@ public class LoggerLogic extends AbstractTransactionalLogic<LoggerTO> { } } - @PreAuthorize("hasRole('" + Entitlement.AUDIT_LIST + "') or hasRole('" + Entitlement.NOTIFICATION_LIST + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.AUDIT_LIST + "') or hasRole('" + + StandardEntitlement.NOTIFICATION_LIST + "')") public List<EventCategoryTO> listAuditEvents() { // use set to avoid duplications or null elements Set<EventCategoryTO> events = new HashSet<>(); http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/NotificationLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/NotificationLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/NotificationLogic.java index cb1f041..fc4c8ac 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/NotificationLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/NotificationLogic.java @@ -25,7 +25,7 @@ import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.Transformer; import org.apache.commons.lang3.ArrayUtils; import org.apache.syncope.common.lib.to.NotificationTO; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.persistence.api.dao.NotFoundException; import org.apache.syncope.core.persistence.api.dao.NotificationDAO; import org.apache.syncope.core.persistence.api.entity.Notification; @@ -43,7 +43,7 @@ public class NotificationLogic extends AbstractTransactionalLogic<NotificationTO @Autowired private NotificationDataBinder binder; - @PreAuthorize("hasRole('" + Entitlement.NOTIFICATION_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.NOTIFICATION_READ + "')") public NotificationTO read(final Long notificationKey) { Notification notification = notificationDAO.find(notificationKey); if (notification == null) { @@ -55,7 +55,7 @@ public class NotificationLogic extends AbstractTransactionalLogic<NotificationTO return binder.getNotificationTO(notification); } - @PreAuthorize("hasRole('" + Entitlement.NOTIFICATION_LIST + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.NOTIFICATION_LIST + "')") public List<NotificationTO> list() { return CollectionUtils.collect(notificationDAO.findAll(), new Transformer<Notification, NotificationTO>() { @@ -66,12 +66,12 @@ public class NotificationLogic extends AbstractTransactionalLogic<NotificationTO }, new ArrayList<NotificationTO>()); } - @PreAuthorize("hasRole('" + Entitlement.NOTIFICATION_CREATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.NOTIFICATION_CREATE + "')") public NotificationTO create(final NotificationTO notificationTO) { return binder.getNotificationTO(notificationDAO.save(binder.create(notificationTO))); } - @PreAuthorize("hasRole('" + Entitlement.NOTIFICATION_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.NOTIFICATION_UPDATE + "')") public NotificationTO update(final NotificationTO notificationTO) { Notification notification = notificationDAO.find(notificationTO.getKey()); if (notification == null) { @@ -85,7 +85,7 @@ public class NotificationLogic extends AbstractTransactionalLogic<NotificationTO return binder.getNotificationTO(notification); } - @PreAuthorize("hasRole('" + Entitlement.NOTIFICATION_DELETE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.NOTIFICATION_DELETE + "')") public NotificationTO delete(final Long notificationKey) { Notification notification = notificationDAO.find(notificationKey); if (notification == null) { http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/PolicyLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/PolicyLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/PolicyLogic.java index 0b4ac92..8f8baa5 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/PolicyLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/PolicyLogic.java @@ -28,8 +28,8 @@ import org.apache.syncope.common.lib.policy.AbstractPolicyTO; import org.apache.syncope.common.lib.policy.AccountPolicyTO; import org.apache.syncope.common.lib.policy.PasswordPolicyTO; import org.apache.syncope.common.lib.policy.SyncPolicyTO; -import org.apache.syncope.common.lib.types.Entitlement; import org.apache.syncope.common.lib.types.PolicyType; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.persistence.api.dao.NotFoundException; import org.apache.syncope.core.persistence.api.dao.PolicyDAO; import org.apache.syncope.core.persistence.api.entity.policy.AccountPolicy; @@ -50,7 +50,7 @@ public class PolicyLogic extends AbstractTransactionalLogic<AbstractPolicyTO> { @Autowired private PolicyDataBinder binder; - @PreAuthorize("hasRole('" + Entitlement.POLICY_CREATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.POLICY_CREATE + "')") public <T extends AbstractPolicyTO> T create(final T policyTO) { return binder.getPolicyTO(policyDAO.save(binder.getPolicy(null, policyTO))); } @@ -61,7 +61,7 @@ public class PolicyLogic extends AbstractTransactionalLogic<AbstractPolicyTO> { return binder.getPolicyTO(savedPolicy); } - @PreAuthorize("hasRole('" + Entitlement.POLICY_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.POLICY_UPDATE + "')") public PasswordPolicyTO update(final PasswordPolicyTO policyTO) { Policy policy = policyDAO.find(policyTO.getKey()); if (!(policy instanceof PasswordPolicy)) { @@ -71,7 +71,7 @@ public class PolicyLogic extends AbstractTransactionalLogic<AbstractPolicyTO> { return update(policyTO, policy); } - @PreAuthorize("hasRole('" + Entitlement.POLICY_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.POLICY_UPDATE + "')") public AccountPolicyTO update(final AccountPolicyTO policyTO) { Policy policy = policyDAO.find(policyTO.getKey()); if (!(policy instanceof AccountPolicy)) { @@ -81,7 +81,7 @@ public class PolicyLogic extends AbstractTransactionalLogic<AbstractPolicyTO> { return update(policyTO, policy); } - @PreAuthorize("hasRole('" + Entitlement.POLICY_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.POLICY_UPDATE + "')") public SyncPolicyTO update(final SyncPolicyTO policyTO) { Policy policy = policyDAO.find(policyTO.getKey()); if (!(policy instanceof SyncPolicy)) { @@ -91,7 +91,7 @@ public class PolicyLogic extends AbstractTransactionalLogic<AbstractPolicyTO> { return update(policyTO, policy); } - @PreAuthorize("hasRole('" + Entitlement.POLICY_LIST + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.POLICY_LIST + "')") public <T extends AbstractPolicyTO> List<T> list(final PolicyType type) { return CollectionUtils.collect(policyDAO.find(type), new Transformer<Policy, T>() { @@ -102,7 +102,7 @@ public class PolicyLogic extends AbstractTransactionalLogic<AbstractPolicyTO> { }, new ArrayList<T>()); } - @PreAuthorize("hasRole('" + Entitlement.POLICY_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.POLICY_READ + "')") public <T extends AbstractPolicyTO> T read(final Long key) { Policy policy = policyDAO.find(key); if (policy == null) { @@ -112,7 +112,7 @@ public class PolicyLogic extends AbstractTransactionalLogic<AbstractPolicyTO> { return binder.getPolicyTO(policy); } - @PreAuthorize("hasRole('" + Entitlement.POLICY_DELETE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.POLICY_DELETE + "')") public <T extends AbstractPolicyTO> T delete(final Long key) { Policy policy = policyDAO.find(key); if (policy == null) { http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/RealmLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/RealmLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/RealmLogic.java index 6d4b02c..0b27a0f 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/RealmLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/RealmLogic.java @@ -25,7 +25,7 @@ import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.Transformer; import org.apache.commons.lang3.ArrayUtils; import org.apache.syncope.common.lib.to.RealmTO; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.persistence.api.dao.NotFoundException; import org.apache.syncope.core.persistence.api.dao.RealmDAO; import org.apache.syncope.core.persistence.api.entity.Realm; @@ -43,7 +43,7 @@ public class RealmLogic extends AbstractTransactionalLogic<RealmTO> { @Autowired private RealmDataBinder binder; - @PreAuthorize("hasRole('" + Entitlement.REALM_LIST + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.REALM_LIST + "')") public List<RealmTO> list(final String fullPath) { Realm realm = realmDAO.find(fullPath); if (realm == null) { @@ -61,12 +61,12 @@ public class RealmLogic extends AbstractTransactionalLogic<RealmTO> { }, new ArrayList<RealmTO>()); } - @PreAuthorize("hasRole('" + Entitlement.REALM_CREATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.REALM_CREATE + "')") public RealmTO create(final String parentPath, final RealmTO realmTO) { return binder.getRealmTO(realmDAO.save(binder.create(parentPath, realmTO))); } - @PreAuthorize("hasRole('" + Entitlement.REALM_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.REALM_UPDATE + "')") public RealmTO update(final RealmTO realmTO) { Realm realm = realmDAO.find(realmTO.getFullPath()); if (realm == null) { @@ -81,7 +81,7 @@ public class RealmLogic extends AbstractTransactionalLogic<RealmTO> { return binder.getRealmTO(realm); } - @PreAuthorize("hasRole('" + Entitlement.REALM_DELETE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.REALM_DELETE + "')") public RealmTO delete(final String fullPath) { Realm realm = realmDAO.find(fullPath); if (realm == null) { http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/RelationshipTypeLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/RelationshipTypeLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/RelationshipTypeLogic.java index 7df2755..3c6bfa6 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/RelationshipTypeLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/RelationshipTypeLogic.java @@ -26,7 +26,7 @@ import org.apache.commons.collections4.Transformer; import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.StringUtils; import org.apache.syncope.common.lib.to.RelationshipTypeTO; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.persistence.api.dao.NotFoundException; import org.apache.syncope.core.persistence.api.dao.RelationshipTypeDAO; import org.apache.syncope.core.persistence.api.entity.RelationshipType; @@ -44,7 +44,7 @@ public class RelationshipTypeLogic extends AbstractTransactionalLogic<Relationsh @Autowired private RelationshipTypeDAO relationshipTypeDAO; - @PreAuthorize("hasRole('" + Entitlement.RELATIONSHIPTYPE_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.RELATIONSHIPTYPE_READ + "')") public RelationshipTypeTO read(final String key) { RelationshipType relationshipType = relationshipTypeDAO.find(key); if (relationshipType == null) { @@ -56,24 +56,24 @@ public class RelationshipTypeLogic extends AbstractTransactionalLogic<Relationsh return binder.getRelationshipTypeTO(relationshipType); } - @PreAuthorize("hasRole('" + Entitlement.RELATIONSHIPTYPE_LIST + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.RELATIONSHIPTYPE_LIST + "')") public List<RelationshipTypeTO> list() { return CollectionUtils.collect(relationshipTypeDAO.findAll(), new Transformer<RelationshipType, RelationshipTypeTO>() { - @Override - public RelationshipTypeTO transform(final RelationshipType input) { - return binder.getRelationshipTypeTO(input); - } - }, new ArrayList<RelationshipTypeTO>()); + @Override + public RelationshipTypeTO transform(final RelationshipType input) { + return binder.getRelationshipTypeTO(input); + } + }, new ArrayList<RelationshipTypeTO>()); } - @PreAuthorize("hasRole('" + Entitlement.RELATIONSHIPTYPE_CREATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.RELATIONSHIPTYPE_CREATE + "')") public RelationshipTypeTO create(final RelationshipTypeTO relationshipTypeTO) { return binder.getRelationshipTypeTO(relationshipTypeDAO.save(binder.create(relationshipTypeTO))); } - @PreAuthorize("hasRole('" + Entitlement.RELATIONSHIPTYPE_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.RELATIONSHIPTYPE_UPDATE + "')") public RelationshipTypeTO update(final RelationshipTypeTO relationshipTypeTO) { RelationshipType relationshipType = relationshipTypeDAO.find(relationshipTypeTO.getKey()); if (relationshipType == null) { @@ -87,7 +87,7 @@ public class RelationshipTypeLogic extends AbstractTransactionalLogic<Relationsh return binder.getRelationshipTypeTO(relationshipType); } - @PreAuthorize("hasRole('" + Entitlement.RELATIONSHIPTYPE_DELETE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.RELATIONSHIPTYPE_DELETE + "')") public RelationshipTypeTO delete(final String key) { RelationshipType relationshipType = relationshipTypeDAO.find(key); if (relationshipType == null) { http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/ReportLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/ReportLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/ReportLogic.java index 29cd65a..38a1463 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/ReportLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/ReportLogic.java @@ -55,9 +55,9 @@ import org.apache.syncope.core.provisioning.api.job.JobNamer; import org.apache.syncope.core.provisioning.api.job.JobInstanceLoader; import org.apache.syncope.core.logic.report.TextSerializer; import org.apache.syncope.common.lib.to.AbstractExecTO; -import org.apache.syncope.common.lib.types.Entitlement; import org.apache.syncope.common.lib.types.JobAction; import org.apache.syncope.common.lib.types.JobStatusType; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.xmlgraphics.util.MimeConstants; import org.quartz.JobKey; import org.quartz.Scheduler; @@ -84,7 +84,7 @@ public class ReportLogic extends AbstractJobLogic<ReportTO> { @Autowired private EntityFactory entityFactory; - @PreAuthorize("hasRole('" + Entitlement.REPORT_CREATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.REPORT_CREATE + "')") public ReportTO create(final ReportTO reportTO) { Report report = entityFactory.newEntity(Report.class); binder.getReport(report, reportTO); @@ -103,7 +103,7 @@ public class ReportLogic extends AbstractJobLogic<ReportTO> { return binder.getReportTO(report); } - @PreAuthorize("hasRole('" + Entitlement.REPORT_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.REPORT_UPDATE + "')") public ReportTO update(final ReportTO reportTO) { Report report = reportDAO.find(reportTO.getKey()); if (report == null) { @@ -126,7 +126,7 @@ public class ReportLogic extends AbstractJobLogic<ReportTO> { return binder.getReportTO(report); } - @PreAuthorize("hasRole('" + Entitlement.REPORT_LIST + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.REPORT_LIST + "')") public List<ReportTO> list() { return CollectionUtils.collect(reportDAO.findAll(), new Transformer<Report, ReportTO>() { @@ -138,7 +138,7 @@ public class ReportLogic extends AbstractJobLogic<ReportTO> { }, new ArrayList<ReportTO>()); } - @PreAuthorize("hasRole('" + Entitlement.REPORT_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.REPORT_READ + "')") public ReportTO read(final Long reportKey) { Report report = reportDAO.find(reportKey); if (report == null) { @@ -147,7 +147,7 @@ public class ReportLogic extends AbstractJobLogic<ReportTO> { return binder.getReportTO(report); } - @PreAuthorize("hasRole('" + Entitlement.REPORT_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.REPORT_READ + "')") @Transactional(readOnly = true) public ReportExecTO readExecution(final Long executionKey) { ReportExec reportExec = reportExecDAO.find(executionKey); @@ -157,7 +157,7 @@ public class ReportLogic extends AbstractJobLogic<ReportTO> { return binder.getReportExecTO(reportExec); } - @PreAuthorize("hasRole('" + Entitlement.REPORT_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.REPORT_READ + "')") public void exportExecutionResult(final OutputStream os, final ReportExec reportExec, final ReportExecExportFormat format) { @@ -223,7 +223,7 @@ public class ReportLogic extends AbstractJobLogic<ReportTO> { } } - @PreAuthorize("hasRole('" + Entitlement.REPORT_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.REPORT_READ + "')") public ReportExec getAndCheckReportExec(final Long executionKey) { ReportExec reportExec = reportExecDAO.find(executionKey); if (reportExec == null) { @@ -239,7 +239,7 @@ public class ReportLogic extends AbstractJobLogic<ReportTO> { return reportExec; } - @PreAuthorize("hasRole('" + Entitlement.REPORT_EXECUTE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.REPORT_EXECUTE + "')") public ReportExecTO execute(final Long reportKey) { Report report = reportDAO.find(reportKey); if (report == null) { @@ -268,7 +268,7 @@ public class ReportLogic extends AbstractJobLogic<ReportTO> { return result; } - @PreAuthorize("hasRole('" + Entitlement.REPORT_DELETE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.REPORT_DELETE + "')") public ReportTO delete(final Long reportKey) { Report report = reportDAO.find(reportKey); if (report == null) { @@ -281,7 +281,7 @@ public class ReportLogic extends AbstractJobLogic<ReportTO> { return deletedReport; } - @PreAuthorize("hasRole('" + Entitlement.REPORT_DELETE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.REPORT_DELETE + "')") public ReportExecTO deleteExecution(final Long executionKey) { ReportExec reportExec = reportExecDAO.find(executionKey); if (reportExec == null) { @@ -324,12 +324,12 @@ public class ReportLogic extends AbstractJobLogic<ReportTO> { } @Override - @PreAuthorize("hasRole('" + Entitlement.REPORT_LIST + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.REPORT_LIST + "')") public <E extends AbstractExecTO> List<E> listJobs(final JobStatusType type, final Class<E> reference) { return super.listJobs(type, reference); } - @PreAuthorize("hasRole('" + Entitlement.REPORT_EXECUTE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.REPORT_EXECUTE + "')") public void actionJob(final Long reportKey, final JobAction action) { Report report = reportDAO.find(reportKey); if (report == null) { http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java index b4795f6..8825e67 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java @@ -38,7 +38,7 @@ import org.apache.syncope.common.lib.to.ConnObjectTO; import org.apache.syncope.common.lib.to.ResourceTO; import org.apache.syncope.common.lib.types.AnyTypeKind; import org.apache.syncope.common.lib.types.ClientExceptionType; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.persistence.api.dao.DuplicateException; import org.apache.syncope.core.persistence.api.dao.ExternalResourceDAO; import org.apache.syncope.core.persistence.api.dao.NotFoundException; @@ -109,7 +109,7 @@ public class ResourceLogic extends AbstractTransactionalLogic<ResourceTO> { @Autowired private ConnectorFactory connFactory; - @PreAuthorize("hasRole('" + Entitlement.RESOURCE_CREATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.RESOURCE_CREATE + "')") public ResourceTO create(final ResourceTO resourceTO) { if (StringUtils.isBlank(resourceTO.getKey())) { SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.RequiredValuesMissing); @@ -135,7 +135,7 @@ public class ResourceLogic extends AbstractTransactionalLogic<ResourceTO> { return binder.getResourceTO(resource); } - @PreAuthorize("hasRole('" + Entitlement.RESOURCE_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.RESOURCE_UPDATE + "')") public ResourceTO update(final ResourceTO resourceTO) { ExternalResource resource = resourceDAO.find(resourceTO.getKey()); if (resource == null) { @@ -156,7 +156,7 @@ public class ResourceLogic extends AbstractTransactionalLogic<ResourceTO> { return binder.getResourceTO(resource); } - @PreAuthorize("hasRole('" + Entitlement.RESOURCE_DELETE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.RESOURCE_DELETE + "')") public ResourceTO delete(final String resourceName) { ExternalResource resource = resourceDAO.find(resourceName); if (resource == null) { @@ -170,7 +170,7 @@ public class ResourceLogic extends AbstractTransactionalLogic<ResourceTO> { return resourceToDelete; } - @PreAuthorize("hasRole('" + Entitlement.RESOURCE_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.RESOURCE_READ + "')") @Transactional(readOnly = true) public ResourceTO read(final String resourceName) { ExternalResource resource = resourceDAO.find(resourceName); @@ -212,7 +212,7 @@ public class ResourceLogic extends AbstractTransactionalLogic<ResourceTO> { return ImmutableTriple.of(resource, anyType, provision); } - @PreAuthorize("hasRole('" + Entitlement.RESOURCE_GET_CONNOBJECT + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.RESOURCE_GET_CONNOBJECT + "')") @Transactional(readOnly = true) public ConnObjectTO readConnObject(final String key, final String anyTypeKey, final Long anyKey) { Triple<ExternalResource, AnyType, Provision> init = connObjectInit(key, anyTypeKey); @@ -268,7 +268,7 @@ public class ResourceLogic extends AbstractTransactionalLogic<ResourceTO> { return connObjectUtils.getConnObjectTO(connectorObject); } - @PreAuthorize("hasRole('" + Entitlement.RESOURCE_LIST_CONNOBJECT + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.RESOURCE_LIST_CONNOBJECT + "')") @Transactional(readOnly = true) public Pair<SearchResult, List<ConnObjectTO>> listConnObjects(final String key, final String anyTypeKey, final Integer size, final String pagedResultsCookie, final List<OrderByClause> orderBy) { @@ -304,7 +304,7 @@ public class ResourceLogic extends AbstractTransactionalLogic<ResourceTO> { return ImmutablePair.of(searchResult[0], connObjects); } - @PreAuthorize("hasRole('" + Entitlement.CONNECTOR_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.CONNECTOR_READ + "')") @Transactional(readOnly = true) public void check(final ResourceTO resourceTO) { ConnInstance connInstance = connInstanceDAO.find(resourceTO.getConnector()); http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/RoleLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/RoleLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/RoleLogic.java index cfe2c5b..60f65a0 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/RoleLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/RoleLogic.java @@ -25,7 +25,7 @@ import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.Transformer; import org.apache.commons.lang3.ArrayUtils; import org.apache.syncope.common.lib.to.RoleTO; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.persistence.api.dao.NotFoundException; import org.apache.syncope.core.persistence.api.dao.RoleDAO; import org.apache.syncope.core.persistence.api.entity.Role; @@ -43,7 +43,7 @@ public class RoleLogic extends AbstractTransactionalLogic<RoleTO> { @Autowired private RoleDAO roleDAO; - @PreAuthorize("hasRole('" + Entitlement.ROLE_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.ROLE_READ + "')") public RoleTO read(final Long roleKey) { Role role = roleDAO.find(roleKey); if (role == null) { @@ -55,7 +55,7 @@ public class RoleLogic extends AbstractTransactionalLogic<RoleTO> { return binder.getRoleTO(role); } - @PreAuthorize("hasRole('" + Entitlement.ROLE_LIST + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.ROLE_LIST + "')") public List<RoleTO> list() { return CollectionUtils.collect(roleDAO.findAll(), new Transformer<Role, RoleTO>() { @@ -66,12 +66,12 @@ public class RoleLogic extends AbstractTransactionalLogic<RoleTO> { }, new ArrayList<RoleTO>()); } - @PreAuthorize("hasRole('" + Entitlement.ROLE_CREATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.ROLE_CREATE + "')") public RoleTO create(final RoleTO roleTO) { return binder.getRoleTO(roleDAO.save(binder.create(roleTO))); } - @PreAuthorize("hasRole('" + Entitlement.ROLE_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.ROLE_UPDATE + "')") public RoleTO update(final RoleTO roleTO) { Role role = roleDAO.find(roleTO.getKey()); if (role == null) { @@ -85,7 +85,7 @@ public class RoleLogic extends AbstractTransactionalLogic<RoleTO> { return binder.getRoleTO(role); } - @PreAuthorize("hasRole('" + Entitlement.ROLE_DELETE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.ROLE_DELETE + "')") public RoleTO delete(final Long roleKey) { Role role = roleDAO.find(roleKey); if (role == null) { http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/SchemaLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/SchemaLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/SchemaLogic.java index f3b1b09..a57f2e1 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/SchemaLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/SchemaLogic.java @@ -31,8 +31,8 @@ import org.apache.syncope.common.lib.to.DerSchemaTO; import org.apache.syncope.common.lib.to.PlainSchemaTO; import org.apache.syncope.common.lib.to.VirSchemaTO; import org.apache.syncope.common.lib.types.ClientExceptionType; -import org.apache.syncope.common.lib.types.Entitlement; import org.apache.syncope.common.lib.types.SchemaType; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.persistence.api.dao.AnyTypeClassDAO; import org.apache.syncope.core.persistence.api.dao.DerSchemaDAO; import org.apache.syncope.core.persistence.api.dao.DuplicateException; @@ -89,7 +89,7 @@ public class SchemaLogic extends AbstractTransactionalLogic<AbstractSchemaTO> { return found; } - @PreAuthorize("hasRole('" + Entitlement.SCHEMA_CREATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.SCHEMA_CREATE + "')") @SuppressWarnings("unchecked") public <T extends AbstractSchemaTO> T create(final SchemaType schemaType, final T schemaTO) { if (StringUtils.isBlank(schemaTO.getKey())) { @@ -122,7 +122,7 @@ public class SchemaLogic extends AbstractTransactionalLogic<AbstractSchemaTO> { return created; } - @PreAuthorize("hasRole('" + Entitlement.SCHEMA_DELETE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.SCHEMA_DELETE + "')") public void delete(final SchemaType schemaType, final String schemaName) { if (!doesSchemaExist(schemaType, schemaName)) { throw new NotFoundException(schemaType + "/" + schemaName); @@ -154,11 +154,11 @@ public class SchemaLogic extends AbstractTransactionalLogic<AbstractSchemaTO> { clazz == null ? virSchemaDAO.findAll() : virSchemaDAO.findByAnyTypeClass(clazz), new Transformer<VirSchema, T>() { - @Override - public T transform(final VirSchema input) { - return (T) binder.getVirSchemaTO(input); - } - }, new ArrayList<T>()); + @Override + public T transform(final VirSchema input) { + return (T) binder.getVirSchemaTO(input); + } + }, new ArrayList<T>()); break; case DERIVED: @@ -166,11 +166,11 @@ public class SchemaLogic extends AbstractTransactionalLogic<AbstractSchemaTO> { clazz == null ? derSchemaDAO.findAll() : derSchemaDAO.findByAnyTypeClass(clazz), new Transformer<DerSchema, T>() { - @Override - public T transform(final DerSchema input) { - return (T) binder.getDerSchemaTO(input); - } - }, new ArrayList<T>()); + @Override + public T transform(final DerSchema input) { + return (T) binder.getDerSchemaTO(input); + } + }, new ArrayList<T>()); break; case PLAIN: @@ -179,11 +179,11 @@ public class SchemaLogic extends AbstractTransactionalLogic<AbstractSchemaTO> { clazz == null ? plainSchemaDAO.findAll() : plainSchemaDAO.findByAnyTypeClass(clazz), new Transformer<PlainSchema, T>() { - @Override - public T transform(final PlainSchema input) { - return (T) binder.getPlainSchemaTO(input); - } - }, new ArrayList<T>()); + @Override + public T transform(final PlainSchema input) { + return (T) binder.getPlainSchemaTO(input); + } + }, new ArrayList<T>()); } return result; @@ -225,7 +225,7 @@ public class SchemaLogic extends AbstractTransactionalLogic<AbstractSchemaTO> { return read; } - @PreAuthorize("hasRole('" + Entitlement.SCHEMA_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.SCHEMA_UPDATE + "')") public <T extends AbstractSchemaTO> void update(final SchemaType schemaType, final T schemaTO) { if (!doesSchemaExist(schemaType, schemaTO.getKey())) { throw new NotFoundException(schemaType + "/" + schemaTO.getKey()); http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/SecurityQuestionLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/SecurityQuestionLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/SecurityQuestionLogic.java index 8004c52..fb45942 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/SecurityQuestionLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/SecurityQuestionLogic.java @@ -25,7 +25,7 @@ import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.Transformer; import org.apache.commons.lang3.ArrayUtils; import org.apache.syncope.common.lib.to.SecurityQuestionTO; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.persistence.api.dao.NotFoundException; import org.apache.syncope.core.persistence.api.dao.SecurityQuestionDAO; import org.apache.syncope.core.persistence.api.dao.UserDAO; @@ -72,12 +72,12 @@ public class SecurityQuestionLogic extends AbstractTransactionalLogic<SecurityQu return binder.getSecurityQuestionTO(securityQuestion); } - @PreAuthorize("hasRole('" + Entitlement.SECURITY_QUESTION_CREATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.SECURITY_QUESTION_CREATE + "')") public SecurityQuestionTO create(final SecurityQuestionTO securityQuestionTO) { return binder.getSecurityQuestionTO(securityQuestionDAO.save(binder.create(securityQuestionTO))); } - @PreAuthorize("hasRole('" + Entitlement.SECURITY_QUESTION_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.SECURITY_QUESTION_UPDATE + "')") public SecurityQuestionTO update(final SecurityQuestionTO securityQuestionTO) { SecurityQuestion securityQuestion = securityQuestionDAO.find(securityQuestionTO.getKey()); if (securityQuestion == null) { @@ -92,7 +92,7 @@ public class SecurityQuestionLogic extends AbstractTransactionalLogic<SecurityQu return binder.getSecurityQuestionTO(securityQuestion); } - @PreAuthorize("hasRole('" + Entitlement.SECURITY_QUESTION_DELETE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.SECURITY_QUESTION_DELETE + "')") public SecurityQuestionTO delete(final Long securityQuestionId) { SecurityQuestion securityQuestion = securityQuestionDAO.find(securityQuestionId); if (securityQuestion == null) { @@ -106,7 +106,7 @@ public class SecurityQuestionLogic extends AbstractTransactionalLogic<SecurityQu return deleted; } - @PreAuthorize("isAnonymous() or hasRole('" + Entitlement.ANONYMOUS + "')") + @PreAuthorize("isAnonymous() or hasRole('" + StandardEntitlement.ANONYMOUS + "')") public SecurityQuestionTO read(final String username) { if (username == null) { throw new NotFoundException("Null username"); http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/SyncopeLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/SyncopeLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/SyncopeLogic.java index 480efc1..dcd24ad 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/SyncopeLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/SyncopeLogic.java @@ -18,6 +18,7 @@ */ package org.apache.syncope.core.logic; +import org.apache.syncope.core.misc.EntitlementsHolder; import java.io.IOException; import java.lang.reflect.Method; import java.net.URI; @@ -128,6 +129,8 @@ public class SyncopeLogic extends AbstractLogic<SyncopeTO> { syncopeTO.setVirAttrCache(virAttrCache.getClass().getName()); syncopeTO.setPasswordGenerator(passwordGenerator.getClass().getName()); + syncopeTO.getEntitlements().addAll(EntitlementsHolder.getInstance().getValues()); + syncopeTO.getReportlets().addAll(implLookup.getClassNames(Type.REPORTLET)); syncopeTO.getAccountRules().addAll(implLookup.getClassNames(Type.ACCOUNT_RULE)); syncopeTO.getPasswordRules().addAll(implLookup.getClassNames(Type.PASSWORD_RULE)); http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/TaskLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/TaskLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/TaskLogic.java index 3c9647e..3e716d6 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/TaskLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/TaskLogic.java @@ -34,9 +34,9 @@ import org.apache.syncope.common.lib.to.SyncTaskTO; import org.apache.syncope.common.lib.to.TaskExecTO; import org.apache.syncope.common.lib.types.AnyTypeKind; import org.apache.syncope.common.lib.types.ClientExceptionType; -import org.apache.syncope.common.lib.types.Entitlement; import org.apache.syncope.common.lib.types.JobAction; import org.apache.syncope.common.lib.types.JobStatusType; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.common.lib.types.TaskType; import org.apache.syncope.core.persistence.api.dao.NotFoundException; import org.apache.syncope.core.persistence.api.dao.TaskDAO; @@ -94,7 +94,7 @@ public class TaskLogic extends AbstractJobLogic<AbstractTaskTO> { @Autowired private TaskUtilsFactory taskUtilsFactory; - @PreAuthorize("hasRole('" + Entitlement.TASK_CREATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.TASK_CREATE + "')") public <T extends SchedTaskTO> T createSchedTask(final T taskTO) { TaskUtils taskUtils = taskUtilsFactory.getInstance(taskTO); @@ -116,12 +116,12 @@ public class TaskLogic extends AbstractJobLogic<AbstractTaskTO> { return binder.getTaskTO(task, taskUtils); } - @PreAuthorize("hasRole('" + Entitlement.TASK_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.TASK_UPDATE + "')") public SyncTaskTO updateSync(final SyncTaskTO taskTO) { return updateSched(taskTO); } - @PreAuthorize("hasRole('" + Entitlement.TASK_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.TASK_UPDATE + "')") public <T extends SchedTaskTO> T updateSched(final SchedTaskTO taskTO) { SchedTask task = taskDAO.find(taskTO.getKey()); if (task == null) { @@ -148,14 +148,14 @@ public class TaskLogic extends AbstractJobLogic<AbstractTaskTO> { return binder.getTaskTO(task, taskUtils); } - @PreAuthorize("hasRole('" + Entitlement.TASK_LIST + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.TASK_LIST + "')") public int count( final TaskType type, final String resource, final AnyTypeKind anyTypeKind, final Long anyTypeKey) { return taskDAO.count(type, resourceDAO.find(resource), anyTypeKind, anyTypeKey); } - @PreAuthorize("hasRole('" + Entitlement.TASK_LIST + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.TASK_LIST + "')") @SuppressWarnings("unchecked") public <T extends AbstractTaskTO> List<T> list( final TaskType type, final String resource, final AnyTypeKind anyTypeKind, final Long anyTypeKey, @@ -174,7 +174,7 @@ public class TaskLogic extends AbstractJobLogic<AbstractTaskTO> { }, new ArrayList<T>()); } - @PreAuthorize("hasRole('" + Entitlement.TASK_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.TASK_READ + "')") public <T extends AbstractTaskTO> T read(final Long taskKey) { Task task = taskDAO.find(taskKey); if (task == null) { @@ -183,7 +183,7 @@ public class TaskLogic extends AbstractJobLogic<AbstractTaskTO> { return binder.getTaskTO(task, taskUtilsFactory.getInstance(task)); } - @PreAuthorize("hasRole('" + Entitlement.TASK_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.TASK_READ + "')") public TaskExecTO readExecution(final Long execKey) { TaskExec taskExec = taskExecDAO.find(execKey); if (taskExec == null) { @@ -192,7 +192,7 @@ public class TaskLogic extends AbstractJobLogic<AbstractTaskTO> { return binder.getTaskExecTO(taskExec); } - @PreAuthorize("hasRole('" + Entitlement.TASK_EXECUTE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.TASK_EXECUTE + "')") public TaskExecTO execute(final Long taskKey, final boolean dryRun) { Task task = taskDAO.find(taskKey); if (task == null) { @@ -245,7 +245,7 @@ public class TaskLogic extends AbstractJobLogic<AbstractTaskTO> { return result; } - @PreAuthorize("hasRole('" + Entitlement.TASK_DELETE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.TASK_DELETE + "')") public <T extends AbstractTaskTO> T delete(final Long taskKey) { Task task = taskDAO.find(taskKey); if (task == null) { @@ -266,7 +266,7 @@ public class TaskLogic extends AbstractJobLogic<AbstractTaskTO> { return taskToDelete; } - @PreAuthorize("hasRole('" + Entitlement.TASK_DELETE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.TASK_DELETE + "')") public TaskExecTO deleteExecution(final Long execKey) { TaskExec taskExec = taskExecDAO.find(execKey); if (taskExec == null) { @@ -310,12 +310,12 @@ public class TaskLogic extends AbstractJobLogic<AbstractTaskTO> { } @Override - @PreAuthorize("hasRole('" + Entitlement.TASK_LIST + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.TASK_LIST + "')") public <E extends AbstractExecTO> List<E> listJobs(final JobStatusType type, final Class<E> reference) { return super.listJobs(type, reference); } - @PreAuthorize("hasRole('" + Entitlement.TASK_EXECUTE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.TASK_EXECUTE + "')") public void actionJob(final Long taskKey, final JobAction action) { Task task = taskDAO.find(taskKey); if (task == null) { http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java index 22b7ab5..e505f3c 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java @@ -42,8 +42,8 @@ import org.apache.syncope.common.lib.to.ProvisioningResult; import org.apache.syncope.common.lib.to.UserTO; import org.apache.syncope.common.lib.types.AnyTypeKind; import org.apache.syncope.common.lib.types.ClientExceptionType; -import org.apache.syncope.common.lib.types.Entitlement; import org.apache.syncope.common.lib.types.PatchOperation; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.persistence.api.dao.NotFoundException; import org.apache.syncope.core.persistence.api.dao.GroupDAO; import org.apache.syncope.core.persistence.api.dao.UserDAO; @@ -87,27 +87,27 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { @Autowired protected SyncopeLogic syncopeLogic; - @PreAuthorize("hasRole('" + Entitlement.USER_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.USER_READ + "')") @Transactional(readOnly = true) public String getUsername(final Long key) { return binder.getUserTO(key).getUsername(); } - @PreAuthorize("hasRole('" + Entitlement.USER_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.USER_READ + "')") @Transactional(readOnly = true) public Long getKey(final String username) { return binder.getUserTO(username).getKey(); } - @PreAuthorize("hasRole('" + Entitlement.USER_LIST + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.USER_LIST + "')") @Transactional(readOnly = true) @Override public int count(final List<String> realms) { return userDAO.count( - getEffectiveRealms(AuthContextUtils.getAuthorizations().get(Entitlement.USER_LIST), realms)); + getEffectiveRealms(AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_LIST), realms)); } - @PreAuthorize("hasRole('" + Entitlement.USER_LIST + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.USER_LIST + "')") @Transactional(readOnly = true) @Override public List<UserTO> list( @@ -115,15 +115,15 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { final List<String> realms, final boolean details) { return CollectionUtils.collect(userDAO.findAll( - getEffectiveRealms(AuthContextUtils.getAuthorizations().get(Entitlement.USER_LIST), realms), + getEffectiveRealms(AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_LIST), realms), page, size, orderBy), new Transformer<User, UserTO>() { - @Override - public UserTO transform(final User input) { - return binder.returnUserTO(binder.getUserTO(input, details)); - } - }, new ArrayList<UserTO>()); + @Override + public UserTO transform(final User input) { + return binder.returnUserTO(binder.getUserTO(input, details)); + } + }, new ArrayList<UserTO>()); } @PreAuthorize("isAuthenticated()") @@ -134,30 +134,30 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { binder.returnUserTO(binder.getAuthenticatedUserTO())); } - @PreAuthorize("hasRole('" + Entitlement.USER_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.USER_READ + "')") @Transactional(readOnly = true) @Override public UserTO read(final Long key) { return binder.returnUserTO(binder.getUserTO(key)); } - @PreAuthorize("hasRole('" + Entitlement.USER_SEARCH + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.USER_SEARCH + "')") @Transactional(readOnly = true) @Override public int searchCount(final SearchCond searchCondition, final List<String> realms) { return searchDAO.count( - getEffectiveRealms(AuthContextUtils.getAuthorizations().get(Entitlement.USER_SEARCH), realms), + getEffectiveRealms(AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_SEARCH), realms), searchCondition, AnyTypeKind.USER); } - @PreAuthorize("hasRole('" + Entitlement.USER_SEARCH + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.USER_SEARCH + "')") @Transactional(readOnly = true) @Override public List<UserTO> search(final SearchCond searchCondition, final int page, final int size, final List<OrderByClause> orderBy, final List<String> realms, final boolean details) { List<User> matchingUsers = searchDAO.search( - getEffectiveRealms(AuthContextUtils.getAuthorizations().get(Entitlement.USER_SEARCH), realms), + getEffectiveRealms(AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_SEARCH), realms), searchCondition, page, size, orderBy, AnyTypeKind.USER); return CollectionUtils.collect(matchingUsers, new Transformer<User, UserTO>() { @@ -168,20 +168,20 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { }, new ArrayList<UserTO>()); } - @PreAuthorize("isAnonymous() or hasRole('" + Entitlement.ANONYMOUS + "')") + @PreAuthorize("isAnonymous() or hasRole('" + StandardEntitlement.ANONYMOUS + "')") public ProvisioningResult<UserTO> selfCreate( final UserTO userTO, final boolean storePassword, final boolean nullPriorityAsync) { return doCreate(userTO, storePassword, true, nullPriorityAsync); } - @PreAuthorize("hasRole('" + Entitlement.USER_CREATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.USER_CREATE + "')") @Override public ProvisioningResult<UserTO> create(final UserTO userTO, final boolean nullPriorityAsync) { return doCreate(userTO, true, false, nullPriorityAsync); } - @PreAuthorize("hasRole('" + Entitlement.USER_CREATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.USER_CREATE + "')") public ProvisioningResult<UserTO> create( final UserTO userTO, final boolean storePassword, final boolean nullPriorityAsync) { @@ -202,7 +202,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { if (!self) { Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.USER_CREATE), + AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_CREATE), Collections.singleton(before.getLeft().getRealm())); securityChecks(effectiveRealms, before.getLeft().getRealm(), null); } @@ -213,14 +213,14 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { return after(binder.returnUserTO(binder.getUserTO(created.getKey())), created.getRight(), before.getRight()); } - @PreAuthorize("isAuthenticated() and not(hasRole('" + Entitlement.ANONYMOUS + "'))") + @PreAuthorize("isAuthenticated() and not(hasRole('" + StandardEntitlement.ANONYMOUS + "'))") public ProvisioningResult<UserTO> selfUpdate(final UserPatch userPatch, final boolean nullPriorityAsync) { UserTO userTO = binder.getAuthenticatedUserTO(); userPatch.setKey(userTO.getKey()); return doUpdate(userPatch, true, nullPriorityAsync); } - @PreAuthorize("hasRole('" + Entitlement.USER_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public ProvisioningResult<UserTO> update(final UserPatch userPatch, final boolean nullPriorityAsync) { return doUpdate(userPatch, false, nullPriorityAsync); @@ -239,7 +239,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { Set<String> requestedRealms = new HashSet<>(); requestedRealms.add(before.getLeft().getRealm().getValue()); Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.USER_UPDATE), + AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), requestedRealms); securityChecks(effectiveRealms, before.getLeft().getRealm().getValue(), before.getLeft().getKey()); } @@ -273,12 +273,12 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { return updated; } - @PreAuthorize("hasRole('" + Entitlement.USER_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") public ProvisioningResult<UserTO> status(final StatusPatch statusPatch, final boolean nullPriorityAsync) { // security checks UserTO toUpdate = binder.getUserTO(statusPatch.getKey()); Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.USER_UPDATE), + AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), Collections.singleton(toUpdate.getRealm())); securityChecks(effectiveRealms, toUpdate.getRealm(), toUpdate.getKey()); @@ -290,7 +290,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { Collections.<LogicActions>emptyList()); } - @PreAuthorize("hasRole('" + Entitlement.MUST_CHANGE_PASSWORD + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.MUST_CHANGE_PASSWORD + "')") public ProvisioningResult<UserTO> changePassword(final String password, final boolean nullPriorityAsync) { UserPatch userPatch = new UserPatch(); userPatch.setPassword(new PasswordPatch.Builder().value(password).build()); @@ -298,7 +298,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { return selfUpdate(userPatch, nullPriorityAsync); } - @PreAuthorize("isAnonymous() or hasRole('" + Entitlement.ANONYMOUS + "')") + @PreAuthorize("isAnonymous() or hasRole('" + StandardEntitlement.ANONYMOUS + "')") @Transactional public void requestPasswordReset(final String username, final String securityAnswer) { if (username == null) { @@ -319,7 +319,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { provisioningManager.requestPasswordReset(user.getKey()); } - @PreAuthorize("isAnonymous() or hasRole('" + Entitlement.ANONYMOUS + "')") + @PreAuthorize("isAnonymous() or hasRole('" + StandardEntitlement.ANONYMOUS + "')") @Transactional public void confirmPasswordReset(final String token, final String password) { User user = userDAO.findByToken(token); @@ -329,13 +329,13 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { provisioningManager.confirmPasswordReset(user.getKey(), token, password); } - @PreAuthorize("isAuthenticated() and not(hasRole('" + Entitlement.ANONYMOUS + "'))") + @PreAuthorize("isAuthenticated() and not(hasRole('" + StandardEntitlement.ANONYMOUS + "'))") public ProvisioningResult<UserTO> selfDelete(final boolean nullPriorityAsync) { UserTO userTO = binder.getAuthenticatedUserTO(); return doDelete(userTO, true, nullPriorityAsync); } - @PreAuthorize("hasRole('" + Entitlement.USER_DELETE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.USER_DELETE + "')") @Override public ProvisioningResult<UserTO> delete(final Long key, final boolean nullPriorityAsync) { UserTO userTO = binder.getUserTO(key); @@ -349,7 +349,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { if (!self) { Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.USER_DELETE), + AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_DELETE), Collections.singleton(before.getLeft().getRealm())); securityChecks(effectiveRealms, before.getLeft().getRealm(), before.getLeft().getKey()); } @@ -380,13 +380,13 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { return after(binder.returnUserTO(deletedTO), statuses, before.getRight()); } - @PreAuthorize("hasRole('" + Entitlement.USER_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public UserTO unlink(final Long key, final Collection<String> resources) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.USER_UPDATE), + AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), Collections.singleton(user.getRealm())); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); @@ -403,13 +403,13 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { return binder.returnUserTO(binder.getUserTO(provisioningManager.unlink(patch))); } - @PreAuthorize("hasRole('" + Entitlement.USER_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public UserTO link(final Long key, final Collection<String> resources) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.USER_UPDATE), + AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), Collections.singleton(user.getRealm())); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); @@ -426,7 +426,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { return binder.returnUserTO(binder.getUserTO(provisioningManager.link(patch))); } - @PreAuthorize("hasRole('" + Entitlement.USER_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public ProvisioningResult<UserTO> unassign( final Long key, final Collection<String> resources, final boolean nullPriorityAsync) { @@ -434,7 +434,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.USER_UPDATE), + AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), Collections.singleton(user.getRealm())); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); @@ -451,7 +451,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { return update(patch, nullPriorityAsync); } - @PreAuthorize("hasRole('" + Entitlement.USER_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public ProvisioningResult<UserTO> assign( final Long key, @@ -463,7 +463,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.USER_UPDATE), + AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), Collections.singleton(user.getRealm())); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); @@ -485,7 +485,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { return update(patch, nullPriorityAsync); } - @PreAuthorize("hasRole('" + Entitlement.USER_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public ProvisioningResult<UserTO> deprovision( final Long key, final Collection<String> resources, final boolean nullPriorityAsync) { @@ -493,7 +493,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.USER_UPDATE), + AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), Collections.singleton(user.getRealm())); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); @@ -505,7 +505,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { return result; } - @PreAuthorize("hasRole('" + Entitlement.USER_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public ProvisioningResult<UserTO> provision( final Long key, @@ -517,7 +517,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = getEffectiveRealms( - AuthContextUtils.getAuthorizations().get(Entitlement.USER_UPDATE), + AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), Collections.singleton(user.getRealm())); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/UserWorkflowLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/UserWorkflowLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/UserWorkflowLogic.java index 9e0b45b..59af419 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/UserWorkflowLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/UserWorkflowLogic.java @@ -26,7 +26,7 @@ import org.apache.syncope.common.lib.patch.AnyPatch; import org.apache.syncope.common.lib.patch.UserPatch; import org.apache.syncope.common.lib.to.UserTO; import org.apache.syncope.common.lib.to.WorkflowFormTO; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.persistence.api.dao.UserDAO; import org.apache.syncope.core.persistence.api.entity.task.PropagationTask; import org.apache.syncope.core.persistence.api.entity.user.User; @@ -58,13 +58,13 @@ public class UserWorkflowLogic extends AbstractTransactionalLogic<WorkflowFormTO @Autowired private UserDAO userDAO; - @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_FORM_CLAIM + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.WORKFLOW_FORM_CLAIM + "')") @Transactional(rollbackFor = { Throwable.class }) public WorkflowFormTO claimForm(final String taskId) { return uwfAdapter.claimForm(taskId); } - @PreAuthorize("hasRole('" + Entitlement.USER_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") public UserTO executeWorkflowTask(final UserTO userTO, final String taskId) { WorkflowResult<Long> updated = uwfAdapter.execute(userTO, taskId); @@ -81,27 +81,29 @@ public class UserWorkflowLogic extends AbstractTransactionalLogic<WorkflowFormTO return binder.getUserTO(updated.getResult()); } - @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_FORM_READ + "') and hasRole('" + Entitlement.USER_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.WORKFLOW_FORM_READ + "') and hasRole('" + + StandardEntitlement.USER_READ + "')") @Transactional(rollbackFor = { Throwable.class }) public WorkflowFormTO getFormForUser(final Long key) { User user = userDAO.authFind(key); return uwfAdapter.getForm(user.getWorkflowId()); } - @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_FORM_LIST + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.WORKFLOW_FORM_LIST + "')") @Transactional(rollbackFor = { Throwable.class }) public List<WorkflowFormTO> getForms() { return uwfAdapter.getForms(); } - @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_FORM_READ + "') and hasRole('" + Entitlement.USER_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.WORKFLOW_FORM_READ + "') and hasRole('" + + StandardEntitlement.USER_READ + "')") @Transactional(rollbackFor = { Throwable.class }) public List<WorkflowFormTO> getForms(final Long key, final String formName) { User user = userDAO.authFind(key); return uwfAdapter.getForms(user.getWorkflowId(), formName); } - @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_FORM_SUBMIT + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.WORKFLOW_FORM_SUBMIT + "')") @Transactional(rollbackFor = { Throwable.class }) public UserTO submitForm(final WorkflowFormTO form) { WorkflowResult<? extends AnyPatch> updated = uwfAdapter.submitForm(form); http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/WorkflowLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/WorkflowLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/WorkflowLogic.java index 58777f7..8b6d530 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/WorkflowLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/WorkflowLogic.java @@ -22,7 +22,7 @@ import java.io.OutputStream; import java.lang.reflect.Method; import javax.ws.rs.core.MediaType; import org.apache.syncope.common.lib.AbstractBaseBean; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.workflow.api.AnyObjectWorkflowAdapter; import org.apache.syncope.core.workflow.api.GroupWorkflowAdapter; import org.apache.syncope.core.workflow.api.UserWorkflowAdapter; @@ -57,19 +57,19 @@ public class WorkflowLogic extends AbstractTransactionalLogic<AbstractBaseBean> : WorkflowDefinitionFormat.XML; } - @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_DEF_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.WORKFLOW_DEF_READ + "')") @Transactional(readOnly = true) public void exportAnyObjectDefinition(final MediaType format, final OutputStream os) { exportDefinition(awfAdapter, getFormat(format), os); } - @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_DEF_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.WORKFLOW_DEF_READ + "')") @Transactional(readOnly = true) public void exportUserDefinition(final MediaType format, final OutputStream os) { exportDefinition(uwfAdapter, getFormat(format), os); } - @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_DEF_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.WORKFLOW_DEF_READ + "')") @Transactional(readOnly = true) public void exportGroupDefinition(final MediaType format, final OutputStream os) { exportDefinition(gwfAdapter, getFormat(format), os); @@ -79,19 +79,19 @@ public class WorkflowLogic extends AbstractTransactionalLogic<AbstractBaseBean> adapter.exportDiagram(os); } - @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_DEF_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.WORKFLOW_DEF_READ + "')") @Transactional(readOnly = true) public void exportAnyObjectDiagram(final OutputStream os) { exportDiagram(awfAdapter, os); } - @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_DEF_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.WORKFLOW_DEF_READ + "')") @Transactional(readOnly = true) public void exportUserDiagram(final OutputStream os) { exportDiagram(uwfAdapter, os); } - @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_DEF_READ + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.WORKFLOW_DEF_READ + "')") @Transactional(readOnly = true) public void exportGroupDiagram(final OutputStream os) { exportDiagram(gwfAdapter, os); @@ -103,17 +103,17 @@ public class WorkflowLogic extends AbstractTransactionalLogic<AbstractBaseBean> adapter.importDefinition(format, definition); } - @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_DEF_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.WORKFLOW_DEF_UPDATE + "')") public void importAnyObjectDefinition(final MediaType format, final String definition) { importDefinition(awfAdapter, getFormat(format), definition); } - @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_DEF_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.WORKFLOW_DEF_UPDATE + "')") public void importUserDefinition(final MediaType format, final String definition) { importDefinition(uwfAdapter, getFormat(format), definition); } - @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_DEF_UPDATE + "')") + @PreAuthorize("hasRole('" + StandardEntitlement.WORKFLOW_DEF_UPDATE + "')") public void importGroupDefinition(final MediaType format, final String definition) { importDefinition(gwfAdapter, getFormat(format), definition); }
