Skip to content
This repository was archived by the owner on Dec 9, 2025. It is now read-only.

Commit b26b8da

Browse files
mtwomeymtwomey
authored
Merge pull request #11 from appirio-tech/add_m2m_token_support_for_user_endpoints
refactor and add m2m token support for user endpoints
2 parents ed98819 + 2417637 commit b26b8da

File tree

6 files changed

+709
-475
lines changed

6 files changed

+709
-475
lines changed

src/main/java/com/appirio/tech/core/service/identity/IdentityApplication.java

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -250,8 +250,6 @@ public void run(IdentityConfiguration configuration, Environment environment) th
250250
GroupResource groupResource = new GroupResource(groupDao, groupInformixDao);
251251
environment.jersey().register(groupResource);
252252
environment.jersey().register(groupDao);
253-
// TODO: temporary fix.
254-
userResource.setGroupDAO(groupDao);
255253

256254
// Resources::authorizations
257255
AuthDataStore authDataStore = configuration.getAuthStore().createAuthDataStore();

src/main/java/com/appirio/tech/core/service/identity/resource/GroupResource.java

Lines changed: 12 additions & 59 deletions
Original file line numberDiff line numberDiff line change
@@ -98,11 +98,6 @@ public class GroupResource implements GetResource<Group>, DDLResource<Group> {
9898
*/
9999
private static final String[] writeScopes = {"write:groups", "all:groups"};
100100

101-
/**
102-
* Represents the admin roles
103-
*/
104-
private static final String[] adminRoles = {"administrator"};
105-
106101
/**
107102
* Represents the DAO For Group
108103
*/
@@ -139,7 +134,7 @@ public ApiResponse createObject(
139134
@Context HttpServletRequest request) {
140135
logger.info("createObject()");
141136

142-
checkAccess(authUser, writeScopes, adminRoles);
137+
Utils.checkAccess(authUser, writeScopes, Utils.AdminRoles);
143138

144139
Group group = validateGroup(postRequest);
145140

@@ -185,7 +180,7 @@ public ApiResponse createSecurityGroup(
185180

186181
logger.info("createSecurityGroup()");
187182

188-
checkAccess(authUser, writeScopes, adminRoles);
183+
Utils.checkAccess(authUser, writeScopes, Utils.AdminRoles);
189184

190185
if (postRequest == null) {
191186
throw new APIRuntimeException(SC_BAD_REQUEST, String.format(MSG_TEMPLATE_MANDATORY, "Group"));
@@ -392,7 +387,7 @@ public ApiResponse updateObject(
392387
@Context HttpServletRequest request) {
393388
logger.info("updateObject()");
394389

395-
checkAccess(authUser, writeScopes, adminRoles);
390+
Utils.checkAccess(authUser, writeScopes, Utils.AdminRoles);
396391

397392
Group group = validateGroup(putRequest);
398393

@@ -447,7 +442,7 @@ public ApiResponse deleteObject(
447442
@Context HttpServletRequest request) {
448443
logger.info(String.format("deleteObject(%s)", groupId));
449444

450-
checkAccess(authUser, writeScopes, adminRoles);
445+
Utils.checkAccess(authUser, writeScopes, Utils.AdminRoles);
451446

452447
Group group = getExistingGroup(new TCID(groupId));
453448

@@ -511,7 +506,7 @@ public ApiResponse getObject(
511506
logger.info(String.format("getObject(%s)", groupId));
512507
Group group = getExistingGroup(groupId);
513508

514-
validateAdminRoleOrPrivateGroupMembership(authUser, group, readScopes, adminRoles);
509+
validateAdminRoleOrPrivateGroupMembership(authUser, group, readScopes, Utils.AdminRoles);
515510

516511
return ApiResponseFactory.createFieldSelectorResponse(group, selector);
517512
}
@@ -636,7 +631,7 @@ public ApiResponse getMembers(
636631
// Check group exists
637632
Group group = getExistingGroup(groupId);
638633

639-
validateAdminRoleOrPrivateGroupMembership(authUser, group, readScopes, adminRoles);
634+
validateAdminRoleOrPrivateGroupMembership(authUser, group, readScopes, Utils.AdminRoles);
640635

641636
try {
642637
List<GroupMembership> memberships = groupDao.findMembershipsByGroup(Utils.toLongValue(groupId));
@@ -669,10 +664,10 @@ public ApiResponse getObjects(
669664

670665
logger.info(String.format("getObjects(%s, %s)", memberId, membershipType));
671666

672-
checkAccess(authUser, readScopes, null);
667+
Utils.checkAccess(authUser, readScopes, null);
673668

674669
// for admin and machine token
675-
if (authUser.isMachine() || hasAdminRole(authUser)) {
670+
if (authUser.isMachine() || Utils.hasAdminRole(authUser)) {
676671
if (memberId==null && Utils.isEmpty(membershipType)) {
677672
return ApiResponseFactory.createFieldSelectorResponse(groupDao.findAllGroups(), null);
678673
}
@@ -709,7 +704,7 @@ public ApiResponse addMember(
709704

710705
logger.info("addMember()");
711706

712-
checkAccess(authUser, writeScopes, null);
707+
Utils.checkAccess(authUser, writeScopes, null);
713708

714709
validateMembership(postRequest);
715710

@@ -722,7 +717,7 @@ public ApiResponse addMember(
722717
Group group = getExistingGroup(groupId);
723718

724719
// only admins or self registering users are allowed (if the group allows self register)
725-
if(!authUser.isMachine() && !hasAdminRole(authUser) && !(group.getSelfRegister() && membership.getMemberId().toString().equals(authUser.getUserId().getId()))) {
720+
if(!authUser.isMachine() && !Utils.hasAdminRole(authUser) && !(group.getSelfRegister() && membership.getMemberId().toString().equals(authUser.getUserId().getId()))) {
726721
throw new APIRuntimeException(SC_FORBIDDEN, "Forbidden");
727722
}
728723

@@ -759,7 +754,7 @@ public ApiResponse removeMember(
759754

760755
logger.info(String.format("removeMember(%s, %s)", groupId, membershipId));
761756

762-
checkAccess(authUser, writeScopes, null);
757+
Utils.checkAccess(authUser, writeScopes, null);
763758

764759
long id = Utils.toLongValue(membershipId);
765760
GroupMembership membership = groupDao.findMembership(id);
@@ -770,7 +765,7 @@ public ApiResponse removeMember(
770765
}
771766

772767
// only admins or self registering users are allowed (if the group allows self register)
773-
if(!authUser.isMachine() && !hasAdminRole(authUser) && !(group.getSelfRegister() && membership.getMemberId().toString().equals(authUser.getUserId().getId()))) {
768+
if(!authUser.isMachine() && !Utils.hasAdminRole(authUser) && !(group.getSelfRegister() && membership.getMemberId().toString().equals(authUser.getUserId().getId()))) {
774769
throw new APIRuntimeException(SC_FORBIDDEN, "Forbidden");
775770
}
776771

@@ -812,46 +807,4 @@ private void validateAdminRoleOrPrivateGroupMembership(AuthUser authUser, Group
812807
}
813808
throw new APIRuntimeException(SC_FORBIDDEN, "Forbidden");
814809
}
815-
816-
private void checkAccess(AuthUser authUser, String[] allowedScopes, String[] allowedRoles) {
817-
if (authUser == null) {
818-
throw new APIRuntimeException(SC_BAD_REQUEST, String.format(MSG_TEMPLATE_MANDATORY, "Authentication user"));
819-
}
820-
821-
if (authUser.isMachine()) {
822-
if (allowedScopes == null || allowedScopes.length == 0) {
823-
return;
824-
}
825-
826-
for (String allowedScope : allowedScopes) {
827-
if (authUser.getScope().contains(allowedScope)) {
828-
return;
829-
}
830-
}
831-
} else {
832-
if (allowedRoles == null || allowedRoles.length == 0) {
833-
return;
834-
}
835-
836-
for (String role : allowedRoles) {
837-
if (authUser.getRoles() != null && authUser.getRoles().contains(role)) {
838-
return;
839-
}
840-
}
841-
}
842-
843-
throw new APIRuntimeException(SC_FORBIDDEN, "Forbidden");
844-
}
845-
846-
private boolean hasAdminRole(AuthUser authUser) {
847-
if (authUser.getRoles() != null) {
848-
for (String role : adminRoles) {
849-
if (authUser.getRoles().contains(role)) {
850-
return true;
851-
}
852-
}
853-
}
854-
855-
return false;
856-
}
857810
}

0 commit comments

Comments
 (0)