Add authorities list edit.
--- a/server/src/main/java/org/iri_research/renkan/Constants.java Mon Nov 04 15:56:44 2013 +0100
+++ b/server/src/main/java/org/iri_research/renkan/Constants.java Thu Nov 07 10:42:18 2013 +0100
@@ -79,4 +79,25 @@
}
}
+
+ public final static String ROLE_USER = "ROLE_USER";
+
+ public final static List<String> USER_ROLES_SELECT = Collections
+ .unmodifiableList(new ArrayList<String>() {
+ private static final long serialVersionUID = -3041530185134732199L;
+ {
+ add("ROLE_ADMIN");
+ add("ROLE_SPACES_ADMIN");
+ add("ROLE_GROUPS_ADMIN");
+ }
+ });
+
+ public final static List<String> USER_ROLES_ALL = Collections
+ .unmodifiableList(new ArrayList<String>() {
+ private static final long serialVersionUID = -3041530185134732199L;
+ {
+ add(ROLE_USER);
+ addAll(USER_ROLES_SELECT);
+ }
+ });
}
--- a/server/src/main/java/org/iri_research/renkan/forms/UserForm.java Mon Nov 04 15:56:44 2013 +0100
+++ b/server/src/main/java/org/iri_research/renkan/forms/UserForm.java Thu Nov 07 10:42:18 2013 +0100
@@ -1,6 +1,8 @@
package org.iri_research.renkan.forms;
+import java.util.ArrayList;
import java.util.Date;
+import java.util.List;
import org.iri_research.renkan.Constants;
import org.iri_research.renkan.models.User;
@@ -22,6 +24,7 @@
private boolean locked;
private String password;
private String passwordConfirm;
+ private List<String> userAuthorities;
private UsersRepository usersRepository;
@@ -45,6 +48,7 @@
this.expirationDate = model.getExpirationDate();
this.enabled = model.isEnabled();
this.locked = model.isLocked();
+ this.userAuthorities = model.getUserAuthorities()!=null?new ArrayList<String>(model.getUserAuthorities()):new ArrayList<String>();
}
}
@@ -105,6 +109,7 @@
this.model.setExpirationDate(this.expirationDate);
this.model.setEnabled(this.enabled);
this.model.setLocked(this.locked);
+ this.model.setUserAuthorities((this.userAuthorities!=null && !this.userAuthorities.isEmpty())?new ArrayList<String>(this.userAuthorities):null);
if(this.password != null && this.password.length() > 0) {
this.model.setPassword(this.passwordEncoder.encode(this.password));
}
@@ -148,4 +153,12 @@
this.usersRepository = usersRepository;
}
+ public List<String> getUserAuthorities() {
+ return userAuthorities;
+ }
+
+ public void setUserAuthorities(List<String> userAuthorities) {
+ this.userAuthorities = userAuthorities;
+ }
+
}
--- a/server/src/main/java/org/iri_research/renkan/forms/UserFormValidator.java Mon Nov 04 15:56:44 2013 +0100
+++ b/server/src/main/java/org/iri_research/renkan/forms/UserFormValidator.java Thu Nov 07 10:42:18 2013 +0100
@@ -1,5 +1,6 @@
package org.iri_research.renkan.forms;
+import org.iri_research.renkan.Constants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
@@ -37,7 +38,10 @@
if(userForm.getId() == null && (pswd == null || pswd.length() == 0)) {
errors.rejectValue("password", "renkan.error.password.missing");
}
-
+
+ if(!Constants.USER_ROLES_ALL.containsAll(userForm.getUserAuthorities())) {
+ errors.rejectValue("userAuthorities", "renkan.error.authorities.bad_value", "Bad role value");
+ }
}
}
--- a/server/src/main/java/org/iri_research/renkan/models/User.java Mon Nov 04 15:56:44 2013 +0100
+++ b/server/src/main/java/org/iri_research/renkan/models/User.java Thu Nov 07 10:42:18 2013 +0100
@@ -1,11 +1,15 @@
package org.iri_research.renkan.models;
+import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
+import java.util.List;
+import org.iri_research.renkan.Constants;
import org.springframework.data.mongodb.core.mapping.Document;
import org.springframework.data.mongodb.core.mapping.Field;
import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import com.fasterxml.jackson.annotation.JsonFormat;
@@ -26,10 +30,10 @@
@Field("expiration_date")
@JsonFormat(shape = JsonFormat.Shape.STRING, pattern = "yyyy-MM-dd'T'HH:mm:ss.SSSZ", timezone = "GMT")
private Date expirationDate;
-
private boolean locked;
-
private String password;
+ @Field("authorities")
+ private List<String> userAuthorities;
public User() {
}
@@ -41,8 +45,17 @@
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
- // TODO Auto-generated method stub
- return null;
+ List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
+ boolean hasUserRole = false;
+ for (String role : this.getUserAuthorities()) {
+ hasUserRole = hasUserRole || Constants.ROLE_USER.equals(role);
+ authorities.add(new SimpleGrantedAuthority(role));
+ }
+ if(!hasUserRole) {
+ authorities.add(new SimpleGrantedAuthority(Constants.ROLE_USER));
+ }
+
+ return authorities;
}
public String getAvatar() {
@@ -72,6 +85,15 @@
}
@Override
+ protected String getRawKeyPart() {
+ return "";
+ }
+
+ public List<String> getUserAuthorities() {
+ return userAuthorities;
+ }
+
+ @Override
@JsonIgnore
public String getUsername() {
return this.title;
@@ -127,13 +149,12 @@
this.locked = locked;
}
- @Override
- protected String getRawKeyPart() {
- return "";
- }
-
public void setPassword(String password) {
this.password = password;
}
+ public void setUserAuthorities(List<String> userAuthorities) {
+ this.userAuthorities = userAuthorities;
+ }
+
}
--- a/server/src/main/webapp/WEB-INF/applicationContext.xml Mon Nov 04 15:56:44 2013 +0100
+++ b/server/src/main/webapp/WEB-INF/applicationContext.xml Thu Nov 07 10:42:18 2013 +0100
@@ -51,10 +51,7 @@
<!-- Configures the annotation-driven Spring MVC Controller programming model.
Note that, with Spring 3.0, this tag works in Servlet MVC only! -->
- <bean class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" id="renkanPasswordEncoder" name="renkanPasswordEncoder" scope="prototype">
- <constructor-arg name="strength" value="10" type="int"/>
- </bean>
-
+
<!-- Loads MongoDB configuraton -->
<import resource="mongo-config.xml"/>
<import resource="spring-security.xml"/>
--- a/server/src/main/webapp/WEB-INF/i18n/messages.properties Mon Nov 04 15:56:44 2013 +0100
+++ b/server/src/main/webapp/WEB-INF/i18n/messages.properties Thu Nov 07 10:42:18 2013 +0100
@@ -77,12 +77,14 @@
renkanAdmin.form.locked = Locked
renkanAdmin.form.password = Password
renkanAdmin.form.passwordConfirm = Confirm password
+renkanAdmin.form.roles = Roles
renkanAdmin.form.user.submit = Ok
renkan.error.title.empty = Title must not be empty or null
renkan.error.bin_config.json = bin config field must contain a valid json
renkan.error.password.equals = Password and Password confimation do not match
renkan.error.password.missing = Password missing
+renkan.error.authorities.bad_value = Bad value for role
renkanAuth.log_in = Log in
@@ -98,3 +100,8 @@
renkanHeader.admin = administration
renkanHeader.home = home
+renkan.user.roles.ROLE_USER = User
+renkan.user.roles.ROLE_ADMIN = Admin
+renkan.user.roles.ROLE_SPACES_ADMIN = Space admin
+renkan.user.roles.ROLE_GROUPS_ADMIN = Groups admin
+
--- a/server/src/main/webapp/WEB-INF/i18n/messages_en.properties Mon Nov 04 15:56:44 2013 +0100
+++ b/server/src/main/webapp/WEB-INF/i18n/messages_en.properties Thu Nov 07 10:42:18 2013 +0100
@@ -86,6 +86,7 @@
renkanAdmin.form.locked = Locked
renkanAdmin.form.password = Password
renkanAdmin.form.passwordConfirm = Confirm password
+renkanAdmin.form.roles = Roles
renkanAdmin.form.user.submit = Ok
@@ -93,6 +94,7 @@
renkan.error.bin_config.json = bin config field must contain a valid json
renkan.error.password.equals = Password and Password confimation do not match
renkan.error.password.missing = Password missing
+renkan.error.authorities.bad_value = Bad value for role
renkanAuth.log_in = Log in
@@ -107,3 +109,9 @@
renkanHeader.logout = logout
renkanHeader.admin = administration
renkanHeader.home = home
+
+renkan.user.roles.ROLE_USER = User
+renkan.user.roles.ROLE_ADMIN = Admin
+renkan.user.roles.ROLE_SPACES_ADMIN = Space admin
+renkan.user.roles.ROLE_GROUPS_ADMIN = Groups admin
+
--- a/server/src/main/webapp/WEB-INF/i18n/messages_fr.properties Mon Nov 04 15:56:44 2013 +0100
+++ b/server/src/main/webapp/WEB-INF/i18n/messages_fr.properties Thu Nov 07 10:42:18 2013 +0100
@@ -84,7 +84,7 @@
renkanAdmin.form.locked = Verrouillé
renkanAdmin.form.password = Mot de passe
renkanAdmin.form.passwordConfirm = Conf. mot de passe
-
+renkanAdmin.form.roles = Rôles
renkanAdmin.form.user.submit = Ok
@@ -92,7 +92,7 @@
renkan.error.bin_config.json = le champ bin config doit contenir un json valide
renkan.error.password.equals = Le mot de passe et sa confimation ne corresponde pas
renkan.error.password.missing = Mot de passe manquant
-
+renkan.error.authorities.bad_value = Mauvaise valeur de rôle
renkanAuth.log_in = Connection
renkanAuth.username = Identifiant :
@@ -106,3 +106,9 @@
renkanHeader.logout = déconnexion
renkanHeader.admin = administration
renkanHeader.home = accueil
+
+renkan.user.roles.ROLE_USER = Utilisateur
+renkan.user.roles.ROLE_ADMIN = Administrateur
+renkan.user.roles.ROLE_SPACES_ADMIN = Admin. espace
+renkan.user.roles.ROLE_GROUPS_ADMIN = Admin. groupes
+
--- a/server/src/main/webapp/WEB-INF/spring-security.xml Mon Nov 04 15:56:44 2013 +0100
+++ b/server/src/main/webapp/WEB-INF/spring-security.xml Thu Nov 07 10:42:18 2013 +0100
@@ -28,7 +28,12 @@
<property name="ignoreUnresolvablePlaceholders" value="true"/>
<property name="IgnoreResourceNotFound" value="true"/>
</bean>
+
+ <bean class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" id="renkanPasswordEncoder">
+ <constructor-arg name="strength" value="10" type="int"/>
+ </bean>
+ <bean class="org.iri_research.renkan.services.RenkanUserDetailsService" id="renkanUserDetailsService" />
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/admin" access="hasRole('ROLE_ADMIN')" />
@@ -38,12 +43,21 @@
</security:http>
<security:authentication-manager>
- <security:authentication-provider>
- <security:password-encoder hash="sha-256"/>
+ <security:authentication-provider>
+ <security:password-encoder hash="sha-256"/>
<security:user-service>
<security:user name="${user.admin.name}" password="${user.admin.password}" authorities="ROLE_ADMIN, ROLE_USER"/>
- </security:user-service>
- </security:authentication-provider>
+ </security:user-service>
+ </security:authentication-provider>
+ <security:authentication-provider user-service-ref='renkanUserDetailsService'>
+ <security:password-encoder ref="renkanPasswordEncoder" />
+ </security:authentication-provider>
</security:authentication-manager>
+ <!--security:authentication-manager>
+ <security:authentication-provider user-service-ref='renkanUserDetailsService'>
+ <security:password-encoder ref="renkanPasswordEncoder" />
+ </security:authentication-provider>
+ </security:authentication-manager-->
+
</beans>
\ No newline at end of file
--- a/server/src/main/webapp/WEB-INF/spring-servlet.xml Mon Nov 04 15:56:44 2013 +0100
+++ b/server/src/main/webapp/WEB-INF/spring-servlet.xml Thu Nov 07 10:42:18 2013 +0100
@@ -67,6 +67,4 @@
<property name="characterEncoding" value="UTF-8"/>
<property name="redirectHttp10Compatible" value="false" />
</bean>
-
-
</beans>
\ No newline at end of file
--- a/server/src/main/webapp/WEB-INF/templates/fragment/pageFragment.html Mon Nov 04 15:56:44 2013 +0100
+++ b/server/src/main/webapp/WEB-INF/templates/fragment/pageFragment.html Thu Nov 07 10:42:18 2013 +0100
@@ -14,8 +14,8 @@
<div sec:authorize="isAnonymous()" class="header-nav"><a href="auth/login.html" th:href="@{/auth/login}" th:text="#{renkanHeader.login}">login</a></div>
<div sec:authorize="isAuthenticated()" class="header-nav">
<img src="../../../static/img/user.png" th:src="@{/static/img/user.png}" id="header-nav-user-avatar"/><span sec:authentication="name">username</span> |
- <a sec:authorize="hasRole('ROLE_USER')" href="" th:href="@{/}" th:text="#{renkanHeader.home}">home</a> |
- <a sec:authorize="hasRole('ROLE_ADMIN')" href="admin/adminIndex.html" th:href="@{/admin}" th:text="#{renkanHeader.admin}">admin</a> |
+ <span sec:authorize="hasRole('ROLE_USER')"><a href="" th:href="@{/}" th:text="#{renkanHeader.home}">home</a> |</span>
+ <span sec:authorize="hasRole('ROLE_ADMIN')"><a href="admin/adminIndex.html" th:href="@{/admin}" th:text="#{renkanHeader.admin}">admin</a> |</span>
<a href="renkanIndex.html" th:href="@{/j_spring_security_logout}" th:text="#{renkanHeader.logout}">logout</a>
</div>
<div id="header-clear"></div>
--- a/server/src/main/webapp/WEB-INF/templates/fragment/userForm.html Mon Nov 04 15:56:44 2013 +0100
+++ b/server/src/main/webapp/WEB-INF/templates/fragment/userForm.html Thu Nov 07 10:42:18 2013 +0100
@@ -130,6 +130,12 @@
<label for="locked" th:text="#{renkanAdmin.form.locked}">Locked: </label>
<input type="checkbox" th:field="*{locked}" />
</div>
+ <div>
+ <label for="userAuthorities" th:text="#{renkanAdmin.form.roles}">Roles: </label>
+ <select th:field="*{userAuthorities}" multiple="multiple">
+ <option th:each="role: ${T(org.iri_research.renkan.Constants).USER_ROLES_SELECT}" th:value="${role}" th:text="#{${'renkan.user.roles.'+role}}">USER_ROLE</option>
+ </select>
+ </div>
<div class="submit">
<button type="submit" name="save" th:text="#{renkanAdmin.form.user.submit}">Save</button>
<!--button type="button" name="cancel" th:text="#{renkanAdmin.form.user.cancel}" th:onclick="location">Cancel</button-->