Skip to content

Commit a4fa3c6

Browse files
computatecomputate
committed
Implements fine-grain auth for individual resource search by group
1 parent fa7b8a4 commit a4fa3c6

File tree

5 files changed

+200
-183
lines changed

5 files changed

+200
-183
lines changed

src/main/java/org/computate/frFR/java/EcrireApiClasse.java

Lines changed: 74 additions & 66 deletions
Original file line numberDiff line numberDiff line change
@@ -1952,47 +1952,45 @@ public void ecrireGenApiServiceImpl2(String classeLangueNom) throws Exception {
19521952
tl(5, ".putHeader(\"Authorization\", String.format(\"Bearer %s\", siteRequest.getUser().principal().getString(\"access_token\")))");
19531953
tl(5, ".sendForm(form)");
19541954
tl(5, ".expecting(HttpResponseExpectation.SC_OK)");
1955-
if(classeApiMethode.contains(i18nGlobale.getString(I18n.var_PageEdition))
1956-
|| classeApiMethode.contains(i18nGlobale.getString(I18n.var_PageAffichage))
1957-
|| classeApiMethode.contains(i18nGlobale.getString(I18n.var_PageUtilisateur))
1958-
) {
1959-
tl(3, ".onComplete(authorizationDecisionResult -> {");
1960-
tl(4, "HttpResponse<Buffer> authorizationDecision = authorizationDecisionResult.result();");
1961-
tl(4, "try {");
1962-
tl(5, "JsonArray scopes = Optional.ofNullable(authorizationDecision).map(decision -> decision.bodyAsJsonArray().stream().findFirst().map(d -> ((JsonObject)d).getJsonArray(\"scopes\")).orElse(new JsonArray())).orElse(new JsonArray());");
1963-
tl(5, "if(scopes != null) {");
1964-
tl(6, i18nGlobale.getString(I18n.var_requeteSite), ".setScopes(scopes.stream().map(o -> o.toString()).collect(Collectors.toList()));");
1965-
} else {
1966-
tl(3, ".onFailure(ex -> {");
1967-
tl(4, "String msg = String.format(\"403 FORBIDDEN user %s to %s %s\", siteRequest.getUser().attributes().getJsonObject(\"accessToken\").getString(\"preferred_username\"), serviceRequest.getExtra().getString(\"method\"), serviceRequest.getExtra().getString(\"uri\"));");
1968-
tl(4, "eventHandler.handle(Future.succeededFuture(");
1969-
tl(5, "new ServiceResponse(403, \"FORBIDDEN\",");
1970-
tl(6, "Buffer.buffer().appendString(");
1971-
tl(7, "new JsonObject()");
1972-
tl(8, ".put(\"errorCode\", \"403\")");
1973-
tl(8, ".put(\"errorMessage\", msg)");
1974-
tl(8, ".encodePrettily()");
1975-
tl(7, "), MultiMap.caseInsensitiveMultiMap()");
1976-
tl(5, ")");
1977-
tl(4, "));");
1978-
tl(3, "}).onSuccess(authorizationDecision -> {");
1979-
tl(4, "try {");
1980-
tl(5, "JsonArray scopes = authorizationDecision.bodyAsJsonArray().stream().findFirst().map(decision -> ((JsonObject)decision).getJsonArray(\"scopes\")).orElse(new JsonArray());");
1955+
tl(3, ".onComplete(authorizationDecisionResponse -> {");
1956+
tl(4, "try {");
1957+
tl(5, "HttpResponse<Buffer> authorizationDecision = authorizationDecisionResponse.result();");
1958+
tl(5, "JsonArray scopes = authorizationDecisionResponse.failed() ? new JsonArray() : authorizationDecision.bodyAsJsonArray().stream().findFirst().map(decision -> ((JsonObject)decision).getJsonArray(\"scopes\")).orElse(new JsonArray());");
1959+
if(classeRessourcesAutorisation.size() > 0) {
1960+
l();
19811961
tl(5, "if(!scopes.contains(\"", classeApiMethodeMethode, "\")) {");
1982-
tl(6, "String msg = String.format(\"403 FORBIDDEN user %s to %s %s\", siteRequest.getUser().attributes().getJsonObject(\"accessToken\").getString(\"preferred_username\"), serviceRequest.getExtra().getString(\"method\"), serviceRequest.getExtra().getString(\"uri\"));");
1983-
tl(6, "eventHandler.handle(Future.succeededFuture(");
1984-
tl(7, "new ServiceResponse(403, \"FORBIDDEN\",");
1985-
tl(8, "Buffer.buffer().appendString(");
1986-
tl(9, "new JsonObject()");
1987-
tl(10, ".put(\"errorCode\", \"403\")");
1988-
tl(10, ".put(\"errorMessage\", msg)");
1989-
tl(10, ".encodePrettily()");
1990-
tl(9, "), MultiMap.caseInsensitiveMultiMap()");
1991-
tl(7, ")");
1992-
tl(6, "));");
1993-
tl(5, "} else {");
1994-
tl(6, i18nGlobale.getString(I18n.var_requeteSite), ".setScopes(scopes.stream().map(o -> o.toString()).collect(Collectors.toList()));");
1962+
tl(6, "//");
1963+
tl(6, "List<String> fqs = new ArrayList<>();");
1964+
tl(6, "List<String> groups = Optional.ofNullable(", i18nGlobale.getString(I18n.var_requeteSite), ".getGroups()).orElse(new ArrayList<>());");
1965+
for(String classeRessourceAutorisation : classeRessourcesAutorisation) {
1966+
1967+
tl(6, "groups.stream().map(group -> {");
1968+
tl(9, "Matcher mPermission = Pattern.compile(\"^/", StringUtils.substringBefore(classeRessourceAutorisation, "-"), "-(.*)-", classeApiMethodeMethode, "$\").matcher(group);");
1969+
tl(9, "return mPermission.find() ? mPermission.group(1) : null;");
1970+
tl(8, "}).filter(v -> v != null).forEach(", i18nGlobale.getString(I18n.var_valeur), " -> {");
1971+
tl(9, "fqs.add(String.format(\"%s:%s\", \"", StringUtils.substringAfter(classeRessourceAutorisation, "-"), "\", ", i18nGlobale.getString(I18n.var_valeur), "));");
1972+
tl(8, "});");
1973+
}
1974+
tl(6, "JsonObject params = ", i18nGlobale.getString(I18n.var_requeteSite), ".get", i18nGlobale.getString(I18n.var_RequeteService), "().getParams();");
1975+
tl(6, "JsonObject query = params.getJsonObject(\"query\");");
1976+
tl(6, "if(query == null) {");
1977+
tl(7, "query = new JsonObject();");
1978+
tl(7, "params.put(\"query\", query);");
1979+
tl(6, "}");
1980+
tl(6, "JsonArray fq = query.getJsonArray(\"fq\");");
1981+
tl(6, "if(fq == null) {");
1982+
tl(7, "fq = new JsonArray();");
1983+
tl(7, "query.put(\"fq\", fq);");
1984+
tl(6, "}");
1985+
tl(6, "if(fqs.size() > 0) {");
1986+
tl(7, "fq.add(fqs.stream().collect(Collectors.joining(\" OR \")));");
1987+
tl(7, "scopes.add(\"", classeApiMethodeMethode, "\");");
1988+
tl(6, "}");
1989+
tl(5, "}");
1990+
l();
19951991
}
1992+
tl(5, "{");
1993+
tl(6, i18nGlobale.getString(I18n.var_requeteSite), ".setScopes(scopes.stream().map(o -> o.toString()).collect(Collectors.toList()));");
19961994
} else {
19971995
tl(3, "authorizationProvider.getAuthorizations(", i18nGlobale.getString(I18n.var_requeteSite), ".get", i18nGlobale.getString(I18n.var_Utilisateur), "()).onFailure(ex -> {");
19981996
tl(4, "String msg = String.format(\"403 FORBIDDEN user %s to %s %s\", siteRequest.getUser().attributes().getJsonObject(\"accessToken\").getString(\"preferred_username\"), serviceRequest.getExtra().getString(\"method\"), serviceRequest.getExtra().getString(\"uri\"));");
@@ -2169,34 +2167,44 @@ public void ecrireGenApiServiceImpl2(String classeLangueNom) throws Exception {
21692167
tl(5, ".putHeader(\"Authorization\", String.format(\"Bearer %s\", siteRequest.getUser().principal().getString(\"access_token\")))");
21702168
tl(5, ".sendForm(form)");
21712169
tl(5, ".expecting(HttpResponseExpectation.SC_OK)");
2172-
tl(3, ".onFailure(ex -> {");
2173-
tl(4, "String msg = String.format(\"403 FORBIDDEN user %s to %s %s\", siteRequest.getUser().attributes().getJsonObject(\"accessToken\").getString(\"preferred_username\"), serviceRequest.getExtra().getString(\"method\"), serviceRequest.getExtra().getString(\"uri\"));");
2174-
tl(4, "eventHandler.handle(Future.succeededFuture(");
2175-
tl(5, "new ServiceResponse(403, \"FORBIDDEN\",");
2176-
tl(6, "Buffer.buffer().appendString(");
2177-
tl(7, "new JsonObject()");
2178-
tl(8, ".put(\"errorCode\", \"403\")");
2179-
tl(8, ".put(\"errorMessage\", msg)");
2180-
tl(8, ".encodePrettily()");
2181-
tl(7, "), MultiMap.caseInsensitiveMultiMap()");
2182-
tl(5, ")");
2183-
tl(4, "));");
2184-
tl(3, "}).onSuccess(authorizationDecision -> {");
2170+
tl(3, ".onComplete(authorizationDecisionResponse -> {");
21852171
tl(4, "try {");
2186-
tl(5, "JsonArray scopes = authorizationDecision.bodyAsJsonArray().stream().findFirst().map(decision -> ((JsonObject)decision).getJsonArray(\"scopes\")).orElse(new JsonArray());");
2187-
tl(5, "if(!scopes.contains(\"", classeApiMethodeMethode, "\")) {");
2188-
tl(6, "String msg = String.format(\"403 FORBIDDEN user %s to %s %s\", siteRequest.getUser().attributes().getJsonObject(\"accessToken\").getString(\"preferred_username\"), serviceRequest.getExtra().getString(\"method\"), serviceRequest.getExtra().getString(\"uri\"));");
2189-
tl(6, "eventHandler.handle(Future.succeededFuture(");
2190-
tl(7, "new ServiceResponse(403, \"FORBIDDEN\",");
2191-
tl(8, "Buffer.buffer().appendString(");
2192-
tl(9, "new JsonObject()");
2193-
tl(10, ".put(\"errorCode\", \"403\")");
2194-
tl(10, ".put(\"errorMessage\", msg)");
2195-
tl(10, ".encodePrettily()");
2196-
tl(9, "), MultiMap.caseInsensitiveMultiMap()");
2197-
tl(7, ")");
2198-
tl(6, "));");
2199-
tl(5, "} else {");
2172+
tl(5, "HttpResponse<Buffer> authorizationDecision = authorizationDecisionResponse.result();");
2173+
tl(5, "JsonArray scopes = authorizationDecisionResponse.failed() ? new JsonArray() : authorizationDecision.bodyAsJsonArray().stream().findFirst().map(decision -> ((JsonObject)decision).getJsonArray(\"scopes\")).orElse(new JsonArray());");
2174+
if(classeRessourcesAutorisation.size() > 0) {
2175+
l();
2176+
tl(5, "if(!scopes.contains(\"", classeApiMethodeMethode, "\")) {");
2177+
tl(6, "//");
2178+
tl(6, "List<String> fqs = new ArrayList<>();");
2179+
tl(6, "List<String> groups = Optional.ofNullable(", i18nGlobale.getString(I18n.var_requeteSite), ".getGroups()).orElse(new ArrayList<>());");
2180+
for(String classeRessourceAutorisation : classeRessourcesAutorisation) {
2181+
2182+
tl(6, "groups.stream().map(group -> {");
2183+
tl(9, "Matcher mPermission = Pattern.compile(\"^/", StringUtils.substringBefore(classeRessourceAutorisation, "-"), "-(.*)-", classeApiMethodeMethode, "$\").matcher(group);");
2184+
tl(9, "return mPermission.find() ? mPermission.group(1) : null;");
2185+
tl(8, "}).filter(v -> v != null).forEach(", i18nGlobale.getString(I18n.var_valeur), " -> {");
2186+
tl(9, "fqs.add(String.format(\"%s:%s\", \"", StringUtils.substringAfter(classeRessourceAutorisation, "-"), "\", ", i18nGlobale.getString(I18n.var_valeur), "));");
2187+
tl(8, "});");
2188+
}
2189+
tl(6, "JsonObject params = ", i18nGlobale.getString(I18n.var_requeteSite), ".get", i18nGlobale.getString(I18n.var_RequeteService), "().getParams();");
2190+
tl(6, "JsonObject query = params.getJsonObject(\"query\");");
2191+
tl(6, "if(query == null) {");
2192+
tl(7, "query = new JsonObject();");
2193+
tl(7, "params.put(\"query\", query);");
2194+
tl(6, "}");
2195+
tl(6, "JsonArray fq = query.getJsonArray(\"fq\");");
2196+
tl(6, "if(fq == null) {");
2197+
tl(7, "fq = new JsonArray();");
2198+
tl(7, "query.put(\"fq\", fq);");
2199+
tl(6, "}");
2200+
tl(6, "if(fqs.size() > 0) {");
2201+
tl(7, "fq.add(fqs.stream().collect(Collectors.joining(\" OR \")));");
2202+
tl(7, "scopes.add(\"", classeApiMethodeMethode, "\");");
2203+
tl(6, "}");
2204+
tl(5, "}");
2205+
l();
2206+
}
2207+
tl(5, "{");
22002208
tl(6, i18nGlobale.getString(I18n.var_requeteSite), ".setScopes(scopes.stream().map(o -> o.toString()).collect(Collectors.toList()));");
22012209
} else {
22022210
tl(3, "authorizationProvider.getAuthorizations(", i18nGlobale.getString(I18n.var_requeteSite), ".get", i18nGlobale.getString(I18n.var_Utilisateur), "()).onFailure(ex -> {");

src/main/java/org/computate/frFR/java/EcrireGenClasse.java

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -207,9 +207,7 @@ public class EcrireGenClasse extends EcrireClasse {
207207
*/
208208
protected String classeVarSauvegardes;
209209

210-
/**
211-
* Var.enUS: classVarId
212-
*/
210+
protected List<String> classeRessourcesAutorisation;
213211
protected String classeVarId;
214212
protected String classeVarIdSuffixeSolr;
215213

src/main/java/org/computate/frFR/java/EcrirePageClasse.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3869,7 +3869,7 @@ else if(entiteAttribuer) {
38693869
auteurPageJs.tl(4, "}");
38703870
}
38713871
auteurPageJs.tl(3, "});");
3872-
auteurPageJs.tl(2, "} else {");
3872+
auteurPageJs.tl(2, "} else if(document.getElementById(('htmBody", i18nPage.getString(I18n.var_Graphique), i18nPage.getString(I18n.var_Emplacement), classePageNomSimple, "')) {");
38733873
auteurPageJs.tl(3, "window.map", classeNomSimple, " = L.map('htmBody", i18nPage.getString(I18n.var_Graphique), i18nPage.getString(I18n.var_Emplacement), classePageNomSimple, "', {");
38743874
auteurPageJs.tl(4, "position: 'topright'");
38753875
auteurPageJs.tl(4, ", zoomControl: true");

src/main/java/org/computate/frFR/java/EcrireToutesClasses.java

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -259,6 +259,7 @@ public void ecrireGenClasse(JsonObject doc, String langueNom) throws Exception {
259259
classeVarInheritClePrimaire = doc.getString("classeVarInheritClePrimaire_" + langueNom + "_stored_string");
260260
classeVarInheritClePrimaireCapitalise = StringUtils.capitalize(classeVarInheritClePrimaire);
261261
classeVarSauvegardes = doc.getString("classeVarSauvegardes_" + langueNom + "_stored_string");
262+
classeRessourcesAutorisation = Optional.ofNullable(doc.getJsonArray("classeRessourcesAutorisation_stored_strings")).orElse(new JsonArray()).stream().map(v -> (String)v).collect(Collectors.toList()).stream().map(v -> (String)v).collect(Collectors.toList());
262263
classeVarId = doc.getString("classeVarId_" + langueNom + "_stored_string");
263264
classeVarIdSuffixeSolr = doc.getString("classeVarIdSuffixeSolr_stored_string");
264265
classeVarCleUnique = doc.getString("classeVarCleUnique_" + langueNom + "_stored_string");

0 commit comments

Comments
 (0)