fineract-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From my...@apache.org
Subject [fineract-cn-identity] 02/05: group allowed operations by path
Date Mon, 22 Jan 2018 15:52:41 GMT
This is an automated email from the ASF dual-hosted git repository.

myrle pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/fineract-cn-identity.git

commit f6b84f2e7560331d8c8e8680f7a44e8f5db88869
Author: mgeiss <mgeiss@mifos.org>
AuthorDate: Tue Aug 8 11:29:24 2017 +0200

    group allowed operations by path
---
 .../src/main/java/TestAuthentication.java          |  7 +++---
 .../handler/AuthenticationCommandHandler.java      | 25 +++++++++++++++++-----
 .../io/mifos/identity/rest/RoleRestController.java |  2 +-
 3 files changed, 25 insertions(+), 9 deletions(-)

diff --git a/component-test/src/main/java/TestAuthentication.java b/component-test/src/main/java/TestAuthentication.java
index fdab6e5..8e98443 100644
--- a/component-test/src/main/java/TestAuthentication.java
+++ b/component-test/src/main/java/TestAuthentication.java
@@ -14,6 +14,7 @@
  * limitations under the License.
  */
 
+import com.google.common.collect.Sets;
 import io.mifos.anubis.api.v1.client.Anubis;
 import io.mifos.anubis.api.v1.domain.*;
 import io.mifos.anubis.test.v1.SystemSecurityEnvironment;
@@ -89,9 +90,9 @@ public class TestAuthentication extends AbstractComponentTest {
 
       final Set<TokenPermission> expectedTokenPermissions = new HashSet<>();
       Collections.addAll(expectedTokenPermissions,
-              new TokenPermission("identity-v1/permittablegroups/*", Collections.singleton(AllowedOperation.CHANGE)),
-              new TokenPermission("identity-v1/roles/*", Collections.singleton(AllowedOperation.DELETE)),
-              new TokenPermission("identity-v1/users/*", Collections.singleton(AllowedOperation.READ)));
+          new TokenPermission("identity-v1/permittablegroups/*", Sets.newHashSet(AllowedOperation.CHANGE,
AllowedOperation.DELETE, AllowedOperation.READ)),
+          new TokenPermission("identity-v1/roles/*", Sets.newHashSet(AllowedOperation.CHANGE,
AllowedOperation.DELETE, AllowedOperation.READ)),
+          new TokenPermission("identity-v1/users/*", Sets.newHashSet(AllowedOperation.CHANGE,
AllowedOperation.DELETE, AllowedOperation.READ)));
       //This is not a complete list.  This is a spot check.
 
       Assert.assertTrue("Expected: " + expectedTokenPermissions + "\nActual: " + tokenPermissions,
diff --git a/service/src/main/java/io/mifos/identity/internal/command/handler/AuthenticationCommandHandler.java
b/service/src/main/java/io/mifos/identity/internal/command/handler/AuthenticationCommandHandler.java
index 7b55d7e..d6a6589 100644
--- a/service/src/main/java/io/mifos/identity/internal/command/handler/AuthenticationCommandHandler.java
+++ b/service/src/main/java/io/mifos/identity/internal/command/handler/AuthenticationCommandHandler.java
@@ -267,16 +267,31 @@ public class AuthenticationCommandHandler {
       tokenPermissions = getApplicationTokenPermissions(user, sourceApplicationName, callEndpointSet);
     }
 
+    final HashSet<TokenPermission> minifiedTokenPermissions = new HashSet<>(
+        tokenPermissions
+            .stream()
+            .collect(Collectors.toMap(TokenPermission::getPath,
+                tokenPermission -> tokenPermission,
+                (currentTokenPermission, newTokenPermission) -> {
+                  newTokenPermission.getAllowedOperations()
+                      .forEach(allowedOperation -> currentTokenPermission.getAllowedOperations().add(allowedOperation));
+                  return currentTokenPermission;
+                })
+            )
+            .values()
+    );
+
+
     logger.info("Access token for tenant '{}', user '{}', application '{}', and callEndpointSet
'{}' being returned containing the permissions '{}'.",
             TenantContextHolder.identifier().orElse("null"),
             user.getIdentifier(),
             sourceApplicationName,
             callEndpointSet.orElse("null"),
-            tokenPermissions.toString());
+            minifiedTokenPermissions.toString());
 
     final TokenSerializationResult accessToken = getAuthenticationResponse(
             user.getIdentifier(),
-            tokenPermissions,
+            minifiedTokenPermissions,
             privateSignature,
             sourceApplicationName);
 
@@ -520,9 +535,9 @@ public class AuthenticationCommandHandler {
   }
 
   private TokenPermission getTokenPermission(final PermittableType permittable) {
-    return new TokenPermission(
-            permittable.getPath(),
-            Collections.singleton(RoleMapper.mapAllowedOperation(AllowedOperationType.fromHttpMethod(permittable.getMethod()))));
+    final HashSet<AllowedOperation> allowedOperations = new HashSet<>();
+    allowedOperations.add(RoleMapper.mapAllowedOperation(AllowedOperationType.fromHttpMethod(permittable.getMethod())));
+    return new TokenPermission(permittable.getPath(), allowedOperations);
   }
 
   private TokenSerializationResult getRefreshToken(final UserEntity user,
diff --git a/service/src/main/java/io/mifos/identity/rest/RoleRestController.java b/service/src/main/java/io/mifos/identity/rest/RoleRestController.java
index 1caceee..4e19fce 100644
--- a/service/src/main/java/io/mifos/identity/rest/RoleRestController.java
+++ b/service/src/main/java/io/mifos/identity/rest/RoleRestController.java
@@ -83,7 +83,7 @@ public class RoleRestController
   @RequestMapping(value= PathConstants.IDENTIFIER_RESOURCE_STRING, method = RequestMethod.GET,
       consumes = {MediaType.ALL_VALUE},
       produces = {MediaType.APPLICATION_JSON_VALUE})
-  @Permittable(AcceptedTokenType.TENANT)
+  @Permittable(value = AcceptedTokenType.TENANT, groupId = PermittableGroupIds.ROLE_MANAGEMENT)
   public @ResponseBody ResponseEntity<Role> get(@PathVariable(PathConstants.IDENTIFIER_PATH_VARIABLE)
final String identifier)
   {
     return new ResponseEntity<>(checkIdentifier(identifier), HttpStatus.OK);

-- 
To stop receiving notification emails like this one, please contact
myrle@apache.org.

Mime
View raw message