This is an automated email from the ASF dual-hosted git repository. myrle pushed a commit to branch develop in repository https://gitbox.apache.org/repos/asf/fineract-cn-identity.git
commit f6b84f2e7560331d8c8e8680f7a44e8f5db88869 Author: mgeiss <mge...@mifos.org> AuthorDate: Tue Aug 8 11:29:24 2017 +0200 group allowed operations by path --- .../src/main/java/TestAuthentication.java | 7 +++--- .../handler/AuthenticationCommandHandler.java | 25 +++++++++++++++++----- .../io/mifos/identity/rest/RoleRestController.java | 2 +- 3 files changed, 25 insertions(+), 9 deletions(-) diff --git a/component-test/src/main/java/TestAuthentication.java b/component-test/src/main/java/TestAuthentication.java index fdab6e5..8e98443 100644 --- a/component-test/src/main/java/TestAuthentication.java +++ b/component-test/src/main/java/TestAuthentication.java @@ -14,6 +14,7 @@ * limitations under the License. */ +import com.google.common.collect.Sets; import io.mifos.anubis.api.v1.client.Anubis; import io.mifos.anubis.api.v1.domain.*; import io.mifos.anubis.test.v1.SystemSecurityEnvironment; @@ -89,9 +90,9 @@ public class TestAuthentication extends AbstractComponentTest { final Set<TokenPermission> expectedTokenPermissions = new HashSet<>(); Collections.addAll(expectedTokenPermissions, - new TokenPermission("identity-v1/permittablegroups/*", Collections.singleton(AllowedOperation.CHANGE)), - new TokenPermission("identity-v1/roles/*", Collections.singleton(AllowedOperation.DELETE)), - new TokenPermission("identity-v1/users/*", Collections.singleton(AllowedOperation.READ))); + new TokenPermission("identity-v1/permittablegroups/*", Sets.newHashSet(AllowedOperation.CHANGE, AllowedOperation.DELETE, AllowedOperation.READ)), + new TokenPermission("identity-v1/roles/*", Sets.newHashSet(AllowedOperation.CHANGE, AllowedOperation.DELETE, AllowedOperation.READ)), + new TokenPermission("identity-v1/users/*", Sets.newHashSet(AllowedOperation.CHANGE, AllowedOperation.DELETE, AllowedOperation.READ))); //This is not a complete list. This is a spot check. Assert.assertTrue("Expected: " + expectedTokenPermissions + "\nActual: " + tokenPermissions, diff --git a/service/src/main/java/io/mifos/identity/internal/command/handler/AuthenticationCommandHandler.java b/service/src/main/java/io/mifos/identity/internal/command/handler/AuthenticationCommandHandler.java index 7b55d7e..d6a6589 100644 --- a/service/src/main/java/io/mifos/identity/internal/command/handler/AuthenticationCommandHandler.java +++ b/service/src/main/java/io/mifos/identity/internal/command/handler/AuthenticationCommandHandler.java @@ -267,16 +267,31 @@ public class AuthenticationCommandHandler { tokenPermissions = getApplicationTokenPermissions(user, sourceApplicationName, callEndpointSet); } + final HashSet<TokenPermission> minifiedTokenPermissions = new HashSet<>( + tokenPermissions + .stream() + .collect(Collectors.toMap(TokenPermission::getPath, + tokenPermission -> tokenPermission, + (currentTokenPermission, newTokenPermission) -> { + newTokenPermission.getAllowedOperations() + .forEach(allowedOperation -> currentTokenPermission.getAllowedOperations().add(allowedOperation)); + return currentTokenPermission; + }) + ) + .values() + ); + + logger.info("Access token for tenant '{}', user '{}', application '{}', and callEndpointSet '{}' being returned containing the permissions '{}'.", TenantContextHolder.identifier().orElse("null"), user.getIdentifier(), sourceApplicationName, callEndpointSet.orElse("null"), - tokenPermissions.toString()); + minifiedTokenPermissions.toString()); final TokenSerializationResult accessToken = getAuthenticationResponse( user.getIdentifier(), - tokenPermissions, + minifiedTokenPermissions, privateSignature, sourceApplicationName); @@ -520,9 +535,9 @@ public class AuthenticationCommandHandler { } private TokenPermission getTokenPermission(final PermittableType permittable) { - return new TokenPermission( - permittable.getPath(), - Collections.singleton(RoleMapper.mapAllowedOperation(AllowedOperationType.fromHttpMethod(permittable.getMethod())))); + final HashSet<AllowedOperation> allowedOperations = new HashSet<>(); + allowedOperations.add(RoleMapper.mapAllowedOperation(AllowedOperationType.fromHttpMethod(permittable.getMethod()))); + return new TokenPermission(permittable.getPath(), allowedOperations); } private TokenSerializationResult getRefreshToken(final UserEntity user, diff --git a/service/src/main/java/io/mifos/identity/rest/RoleRestController.java b/service/src/main/java/io/mifos/identity/rest/RoleRestController.java index 1caceee..4e19fce 100644 --- a/service/src/main/java/io/mifos/identity/rest/RoleRestController.java +++ b/service/src/main/java/io/mifos/identity/rest/RoleRestController.java @@ -83,7 +83,7 @@ public class RoleRestController @RequestMapping(value= PathConstants.IDENTIFIER_RESOURCE_STRING, method = RequestMethod.GET, consumes = {MediaType.ALL_VALUE}, produces = {MediaType.APPLICATION_JSON_VALUE}) - @Permittable(AcceptedTokenType.TENANT) + @Permittable(value = AcceptedTokenType.TENANT, groupId = PermittableGroupIds.ROLE_MANAGEMENT) public @ResponseBody ResponseEntity<Role> get(@PathVariable(PathConstants.IDENTIFIER_PATH_VARIABLE) final String identifier) { return new ResponseEntity<>(checkIdentifier(identifier), HttpStatus.OK); -- To stop receiving notification emails like this one, please contact my...@apache.org.