# HG changeset patch
# User ymh <ymh.work@gmail.com>
# Date 1383817338 -3600
# Node ID e65766f81b15a9875cf326bc9749388ded18d09e
# Parent  793eece3691eb9ce5f5cbc8e60e60d181161d8a1
Add authorities list edit.

diff -r 793eece3691e -r e65766f81b15 server/src/main/java/org/iri_research/renkan/Constants.java
--- a/server/src/main/java/org/iri_research/renkan/Constants.java	Mon Nov 04 15:56:44 2013 +0100
+++ b/server/src/main/java/org/iri_research/renkan/Constants.java	Thu Nov 07 10:42:18 2013 +0100
@@ -79,4 +79,25 @@
         }
     }
 
+
+    public final static String ROLE_USER = "ROLE_USER";
+    
+    public final static List<String> USER_ROLES_SELECT = Collections
+            .unmodifiableList(new ArrayList<String>() {
+                private static final long serialVersionUID = -3041530185134732199L;
+                {
+                    add("ROLE_ADMIN");
+                    add("ROLE_SPACES_ADMIN");
+                    add("ROLE_GROUPS_ADMIN");
+                }
+            });
+
+    public final static List<String> USER_ROLES_ALL = Collections
+            .unmodifiableList(new ArrayList<String>() {
+                private static final long serialVersionUID = -3041530185134732199L;
+                {
+                    add(ROLE_USER);
+                    addAll(USER_ROLES_SELECT);
+                }
+            });
 }
diff -r 793eece3691e -r e65766f81b15 server/src/main/java/org/iri_research/renkan/forms/UserForm.java
--- a/server/src/main/java/org/iri_research/renkan/forms/UserForm.java	Mon Nov 04 15:56:44 2013 +0100
+++ b/server/src/main/java/org/iri_research/renkan/forms/UserForm.java	Thu Nov 07 10:42:18 2013 +0100
@@ -1,6 +1,8 @@
 package org.iri_research.renkan.forms;
 
+import java.util.ArrayList;
 import java.util.Date;
+import java.util.List;
 
 import org.iri_research.renkan.Constants;
 import org.iri_research.renkan.models.User;
@@ -22,6 +24,7 @@
     private boolean locked;
     private String password;
     private String passwordConfirm;
+    private List<String> userAuthorities;
 
     private UsersRepository usersRepository;
     
@@ -45,6 +48,7 @@
             this.expirationDate = model.getExpirationDate();
             this.enabled = model.isEnabled();
             this.locked = model.isLocked();
+            this.userAuthorities = model.getUserAuthorities()!=null?new ArrayList<String>(model.getUserAuthorities()):new ArrayList<String>();
         }
     }
 
@@ -105,6 +109,7 @@
         this.model.setExpirationDate(this.expirationDate);
         this.model.setEnabled(this.enabled);
         this.model.setLocked(this.locked);
+        this.model.setUserAuthorities((this.userAuthorities!=null && !this.userAuthorities.isEmpty())?new ArrayList<String>(this.userAuthorities):null);
         if(this.password != null && this.password.length() > 0) {
             this.model.setPassword(this.passwordEncoder.encode(this.password));
         }
@@ -148,4 +153,12 @@
         this.usersRepository = usersRepository;
     }
 
+    public List<String> getUserAuthorities() {
+        return userAuthorities;
+    }
+
+    public void setUserAuthorities(List<String> userAuthorities) {
+        this.userAuthorities = userAuthorities;
+    }
+
 }
diff -r 793eece3691e -r e65766f81b15 server/src/main/java/org/iri_research/renkan/forms/UserFormValidator.java
--- a/server/src/main/java/org/iri_research/renkan/forms/UserFormValidator.java	Mon Nov 04 15:56:44 2013 +0100
+++ b/server/src/main/java/org/iri_research/renkan/forms/UserFormValidator.java	Thu Nov 07 10:42:18 2013 +0100
@@ -1,5 +1,6 @@
 package org.iri_research.renkan.forms;
 
+import org.iri_research.renkan.Constants;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Component;
@@ -37,7 +38,10 @@
         if(userForm.getId() == null && (pswd == null || pswd.length() == 0)) {
             errors.rejectValue("password", "renkan.error.password.missing");
         }
-
+        
+        if(!Constants.USER_ROLES_ALL.containsAll(userForm.getUserAuthorities())) {
+            errors.rejectValue("userAuthorities", "renkan.error.authorities.bad_value", "Bad role value");
+        }
     }
 
 }
diff -r 793eece3691e -r e65766f81b15 server/src/main/java/org/iri_research/renkan/models/User.java
--- a/server/src/main/java/org/iri_research/renkan/models/User.java	Mon Nov 04 15:56:44 2013 +0100
+++ b/server/src/main/java/org/iri_research/renkan/models/User.java	Thu Nov 07 10:42:18 2013 +0100
@@ -1,11 +1,15 @@
 package org.iri_research.renkan.models;
 
+import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Date;
+import java.util.List;
 
+import org.iri_research.renkan.Constants;
 import org.springframework.data.mongodb.core.mapping.Document;
 import org.springframework.data.mongodb.core.mapping.Field;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 
 import com.fasterxml.jackson.annotation.JsonFormat;
@@ -26,10 +30,10 @@
     @Field("expiration_date")
     @JsonFormat(shape = JsonFormat.Shape.STRING, pattern = "yyyy-MM-dd'T'HH:mm:ss.SSSZ", timezone = "GMT")
     private Date expirationDate;
-
     private boolean locked;
-
     private String password;
+    @Field("authorities")
+    private List<String> userAuthorities;
 
     public User() {
     }
@@ -41,8 +45,17 @@
 
     @Override
     public Collection<? extends GrantedAuthority> getAuthorities() {
-        // TODO Auto-generated method stub
-        return null;
+        List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
+        boolean hasUserRole = false;
+        for (String role : this.getUserAuthorities()) {
+            hasUserRole = hasUserRole || Constants.ROLE_USER.equals(role);
+            authorities.add(new SimpleGrantedAuthority(role));
+        }
+        if(!hasUserRole) {
+            authorities.add(new SimpleGrantedAuthority(Constants.ROLE_USER));
+        }
+        
+        return authorities;
     }
 
     public String getAvatar() {
@@ -72,6 +85,15 @@
     }
 
     @Override
+    protected String getRawKeyPart() {
+        return "";
+    }
+
+    public List<String> getUserAuthorities() {
+        return userAuthorities;
+    }
+
+    @Override
     @JsonIgnore
     public String getUsername() {
         return this.title;
@@ -127,13 +149,12 @@
         this.locked = locked;
     }
 
-    @Override
-    protected String getRawKeyPart() {
-        return "";
-    }
-
     public void setPassword(String password) {
         this.password = password;
     }
 
+    public void setUserAuthorities(List<String> userAuthorities) {
+        this.userAuthorities = userAuthorities;
+    }
+
 }
diff -r 793eece3691e -r e65766f81b15 server/src/main/webapp/WEB-INF/applicationContext.xml
--- a/server/src/main/webapp/WEB-INF/applicationContext.xml	Mon Nov 04 15:56:44 2013 +0100
+++ b/server/src/main/webapp/WEB-INF/applicationContext.xml	Thu Nov 07 10:42:18 2013 +0100
@@ -51,10 +51,7 @@
 	
 	<!-- Configures the annotation-driven Spring MVC Controller programming model.
 	Note that, with Spring 3.0, this tag works in Servlet MVC only!  -->
-    <bean class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" id="renkanPasswordEncoder" name="renkanPasswordEncoder" scope="prototype">
-        <constructor-arg name="strength" value="10" type="int"/>
-    </bean>
-
+	
     <!-- Loads MongoDB configuraton -->
     <import resource="mongo-config.xml"/>
     <import resource="spring-security.xml"/>
diff -r 793eece3691e -r e65766f81b15 server/src/main/webapp/WEB-INF/i18n/messages.properties
--- a/server/src/main/webapp/WEB-INF/i18n/messages.properties	Mon Nov 04 15:56:44 2013 +0100
+++ b/server/src/main/webapp/WEB-INF/i18n/messages.properties	Thu Nov 07 10:42:18 2013 +0100
@@ -77,12 +77,14 @@
 renkanAdmin.form.locked = Locked
 renkanAdmin.form.password = Password
 renkanAdmin.form.passwordConfirm = Confirm password
+renkanAdmin.form.roles = Roles
 renkanAdmin.form.user.submit = Ok
 
 renkan.error.title.empty = Title must not be empty or null
 renkan.error.bin_config.json = bin config field must contain a valid json
 renkan.error.password.equals = Password and Password confimation do not match
 renkan.error.password.missing = Password missing
+renkan.error.authorities.bad_value = Bad value for role
 
 
 renkanAuth.log_in = Log in
@@ -98,3 +100,8 @@
 renkanHeader.admin = administration
 renkanHeader.home = home
 
+renkan.user.roles.ROLE_USER = User
+renkan.user.roles.ROLE_ADMIN = Admin
+renkan.user.roles.ROLE_SPACES_ADMIN = Space admin
+renkan.user.roles.ROLE_GROUPS_ADMIN = Groups admin
+
diff -r 793eece3691e -r e65766f81b15 server/src/main/webapp/WEB-INF/i18n/messages_en.properties
--- a/server/src/main/webapp/WEB-INF/i18n/messages_en.properties	Mon Nov 04 15:56:44 2013 +0100
+++ b/server/src/main/webapp/WEB-INF/i18n/messages_en.properties	Thu Nov 07 10:42:18 2013 +0100
@@ -86,6 +86,7 @@
 renkanAdmin.form.locked = Locked
 renkanAdmin.form.password = Password
 renkanAdmin.form.passwordConfirm = Confirm password
+renkanAdmin.form.roles = Roles
 renkanAdmin.form.user.submit = Ok
 
 
@@ -93,6 +94,7 @@
 renkan.error.bin_config.json = bin config field must contain a valid json
 renkan.error.password.equals = Password and Password confimation do not match
 renkan.error.password.missing = Password missing
+renkan.error.authorities.bad_value = Bad value for role
 
 
 renkanAuth.log_in = Log in
@@ -107,3 +109,9 @@
 renkanHeader.logout = logout
 renkanHeader.admin = administration
 renkanHeader.home = home
+
+renkan.user.roles.ROLE_USER = User
+renkan.user.roles.ROLE_ADMIN = Admin
+renkan.user.roles.ROLE_SPACES_ADMIN = Space admin
+renkan.user.roles.ROLE_GROUPS_ADMIN = Groups admin
+
diff -r 793eece3691e -r e65766f81b15 server/src/main/webapp/WEB-INF/i18n/messages_fr.properties
--- a/server/src/main/webapp/WEB-INF/i18n/messages_fr.properties	Mon Nov 04 15:56:44 2013 +0100
+++ b/server/src/main/webapp/WEB-INF/i18n/messages_fr.properties	Thu Nov 07 10:42:18 2013 +0100
@@ -84,7 +84,7 @@
 renkanAdmin.form.locked = Verrouillé
 renkanAdmin.form.password = Mot de passe
 renkanAdmin.form.passwordConfirm = Conf. mot de passe
-
+renkanAdmin.form.roles = Rôles
 renkanAdmin.form.user.submit = Ok
 
 
@@ -92,7 +92,7 @@
 renkan.error.bin_config.json = le champ bin config doit contenir un json valide
 renkan.error.password.equals = Le mot de passe et sa confimation ne corresponde pas
 renkan.error.password.missing = Mot de passe manquant
-
+renkan.error.authorities.bad_value = Mauvaise valeur de rôle
 
 renkanAuth.log_in = Connection
 renkanAuth.username = Identifiant :
@@ -106,3 +106,9 @@
 renkanHeader.logout = déconnexion
 renkanHeader.admin = administration
 renkanHeader.home = accueil
+
+renkan.user.roles.ROLE_USER = Utilisateur
+renkan.user.roles.ROLE_ADMIN = Administrateur
+renkan.user.roles.ROLE_SPACES_ADMIN =  Admin. espace
+renkan.user.roles.ROLE_GROUPS_ADMIN = Admin. groupes
+
diff -r 793eece3691e -r e65766f81b15 server/src/main/webapp/WEB-INF/spring-security.xml
--- a/server/src/main/webapp/WEB-INF/spring-security.xml	Mon Nov 04 15:56:44 2013 +0100
+++ b/server/src/main/webapp/WEB-INF/spring-security.xml	Thu Nov 07 10:42:18 2013 +0100
@@ -28,7 +28,12 @@
         <property name="ignoreUnresolvablePlaceholders" value="true"/>
         <property name="IgnoreResourceNotFound" value="true"/>
     </bean>
+
+    <bean class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" id="renkanPasswordEncoder">
+        <constructor-arg name="strength" value="10" type="int"/>
+    </bean>
     
+    <bean class="org.iri_research.renkan.services.RenkanUserDetailsService" id="renkanUserDetailsService" />
  
     <security:http auto-config="true" use-expressions="true">
         <security:intercept-url pattern="/admin" access="hasRole('ROLE_ADMIN')" />
@@ -38,12 +43,21 @@
     </security:http>
  
     <security:authentication-manager>
-	    <security:authentication-provider>
-	        <security:password-encoder hash="sha-256"/>
+        <security:authentication-provider>
+            <security:password-encoder hash="sha-256"/>
             <security:user-service>
                 <security:user name="${user.admin.name}" password="${user.admin.password}" authorities="ROLE_ADMIN, ROLE_USER"/>
-		    </security:user-service>
-	    </security:authentication-provider>
+            </security:user-service>
+        </security:authentication-provider>
+        <security:authentication-provider user-service-ref='renkanUserDetailsService'>
+            <security:password-encoder ref="renkanPasswordEncoder" />
+        </security:authentication-provider>
     </security:authentication-manager>
+    <!--security:authentication-manager>
+        <security:authentication-provider user-service-ref='renkanUserDetailsService'>
+            <security:password-encoder ref="renkanPasswordEncoder" />
+        </security:authentication-provider>
+    </security:authentication-manager-->
+
  
 </beans>
\ No newline at end of file
diff -r 793eece3691e -r e65766f81b15 server/src/main/webapp/WEB-INF/spring-servlet.xml
--- a/server/src/main/webapp/WEB-INF/spring-servlet.xml	Mon Nov 04 15:56:44 2013 +0100
+++ b/server/src/main/webapp/WEB-INF/spring-servlet.xml	Thu Nov 07 10:42:18 2013 +0100
@@ -67,6 +67,4 @@
         <property name="characterEncoding" value="UTF-8"/>
         <property name="redirectHttp10Compatible" value="false" />
     </bean>
-    
-    
 </beans>
\ No newline at end of file
diff -r 793eece3691e -r e65766f81b15 server/src/main/webapp/WEB-INF/templates/fragment/pageFragment.html
--- a/server/src/main/webapp/WEB-INF/templates/fragment/pageFragment.html	Mon Nov 04 15:56:44 2013 +0100
+++ b/server/src/main/webapp/WEB-INF/templates/fragment/pageFragment.html	Thu Nov 07 10:42:18 2013 +0100
@@ -14,8 +14,8 @@
             <div sec:authorize="isAnonymous()" class="header-nav"><a href="auth/login.html" th:href="@{/auth/login}" th:text="#{renkanHeader.login}">login</a></div>
             <div sec:authorize="isAuthenticated()" class="header-nav">
                 <img src="../../../static/img/user.png" th:src="@{/static/img/user.png}" id="header-nav-user-avatar"/><span sec:authentication="name">username</span>&nbsp;|
-                <a sec:authorize="hasRole('ROLE_USER')" href="" th:href="@{/}" th:text="#{renkanHeader.home}">home</a>&nbsp;|
-                <a sec:authorize="hasRole('ROLE_ADMIN')" href="admin/adminIndex.html" th:href="@{/admin}" th:text="#{renkanHeader.admin}">admin</a>&nbsp;|            
+                <span sec:authorize="hasRole('ROLE_USER')"><a href="" th:href="@{/}" th:text="#{renkanHeader.home}">home</a>&nbsp;|</span>
+                <span sec:authorize="hasRole('ROLE_ADMIN')"><a href="admin/adminIndex.html" th:href="@{/admin}" th:text="#{renkanHeader.admin}">admin</a>&nbsp;|</span>
                 <a href="renkanIndex.html" th:href="@{/j_spring_security_logout}" th:text="#{renkanHeader.logout}">logout</a>
             </div>
             <div id="header-clear"></div>
diff -r 793eece3691e -r e65766f81b15 server/src/main/webapp/WEB-INF/templates/fragment/userForm.html
--- a/server/src/main/webapp/WEB-INF/templates/fragment/userForm.html	Mon Nov 04 15:56:44 2013 +0100
+++ b/server/src/main/webapp/WEB-INF/templates/fragment/userForm.html	Thu Nov 07 10:42:18 2013 +0100
@@ -130,6 +130,12 @@
          <label for="locked" th:text="#{renkanAdmin.form.locked}">Locked: </label> 
          <input type="checkbox" th:field="*{locked}" /> 
        </div>
+       <div>
+           <label for="userAuthorities" th:text="#{renkanAdmin.form.roles}">Roles: </label>
+           <select th:field="*{userAuthorities}" multiple="multiple">
+               <option th:each="role: ${T(org.iri_research.renkan.Constants).USER_ROLES_SELECT}" th:value="${role}"  th:text="#{${'renkan.user.roles.'+role}}">USER_ROLE</option>
+           </select>
+       </div>
        <div class="submit"> 
          <button type="submit" name="save" th:text="#{renkanAdmin.form.user.submit}">Save</button>
          <!--button type="button" name="cancel" th:text="#{renkanAdmin.form.user.cancel}" th:onclick="location">Cancel</button-->