Skip to content

Commit 93b412c

Browse files
computatecomputate
committed
Fixed fine-grained resource permissions
1 parent 819db52 commit 93b412c

File tree

2 files changed

+61
-17
lines changed

2 files changed

+61
-17
lines changed

src/main/java/org/computate/frFR/java/EcrireApiClasse.java

Lines changed: 57 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1804,18 +1804,19 @@ public void ecrireGenApiServiceImpl2(String classeLangueNom) throws Exception {
18041804
tl(5, ")");
18051805
tl(5, ".ssl(config.getBoolean(ConfigKeys.AUTH_SSL))");
18061806
tl(5, ".putHeader(\"Authorization\", String.format(\"Bearer %s\", siteRequest.getUser().principal().getString(\"access_token\")))");
1807+
tl(5, ".expect(ResponsePredicate.status(200))");
18071808
tl(5, ".sendForm(MultiMap.caseInsensitiveMultiMap()");
18081809
tl(7, ".add(\"grant_type\", \"urn:ietf:params:oauth:grant-type:uma-ticket\")");
18091810
tl(7, ".add(\"audience\", config.getString(ConfigKeys.AUTH_CLIENT))");
18101811
tl(7, ".add(\"response_mode\", \"decision\")");
18111812
tl(7, ".add(\"permission\", String.format(\"%s#%s\", ", classeNomSimple, ".CLASS_SIMPLE_NAME, \"", classeApiMethode, "\"))");
18121813
tl(3, ").onFailure(ex -> {");
1813-
tl(4, "String msg = String.format(\"401 UNAUTHORIZED user %s to %s %s\", siteRequest.getUser().attributes().getJsonObject(\"accessToken\").getString(\"preferred_username\"), serviceRequest.getExtra().getString(\"method\"), serviceRequest.getExtra().getString(\"uri\"));");
1814+
tl(4, "String msg = String.format(\"403 FORBIDDEN user %s to %s %s\", siteRequest.getUser().attributes().getJsonObject(\"accessToken\").getString(\"preferred_username\"), serviceRequest.getExtra().getString(\"method\"), serviceRequest.getExtra().getString(\"uri\"));");
18141815
tl(4, "eventHandler.handle(Future.succeededFuture(");
1815-
tl(5, "new ServiceResponse(401, \"UNAUTHORIZED\",");
1816+
tl(5, "new ServiceResponse(403, \"FORBIDDEN\",");
18161817
tl(6, "Buffer.buffer().appendString(");
18171818
tl(7, "new JsonObject()");
1818-
tl(8, ".put(\"errorCode\", \"401\")");
1819+
tl(8, ".put(\"errorCode\", \"403\")");
18191820
tl(8, ".put(\"errorMessage\", msg)");
18201821
tl(8, ".encodePrettily()");
18211822
tl(7, "), MultiMap.caseInsensitiveMultiMap()");
@@ -1824,12 +1825,12 @@ public void ecrireGenApiServiceImpl2(String classeLangueNom) throws Exception {
18241825
tl(3, "}).onSuccess(authorizationDecision -> {");
18251826
tl(4, "try {");
18261827
tl(5, "if(!authorizationDecision.bodyAsJsonObject().getBoolean(\"result\")) {");
1827-
tl(6, "String msg = String.format(\"401 UNAUTHORIZED user %s to %s %s\", siteRequest.getUser().attributes().getJsonObject(\"accessToken\").getString(\"preferred_username\"), serviceRequest.getExtra().getString(\"method\"), serviceRequest.getExtra().getString(\"uri\"));");
1828+
tl(6, "String msg = String.format(\"403 FORBIDDEN user %s to %s %s\", siteRequest.getUser().attributes().getJsonObject(\"accessToken\").getString(\"preferred_username\"), serviceRequest.getExtra().getString(\"method\"), serviceRequest.getExtra().getString(\"uri\"));");
18281829
tl(6, "eventHandler.handle(Future.succeededFuture(");
1829-
tl(7, "new ServiceResponse(401, \"UNAUTHORIZED\",");
1830+
tl(7, "new ServiceResponse(403, \"FORBIDDEN\",");
18301831
tl(8, "Buffer.buffer().appendString(");
18311832
tl(9, "new JsonObject()");
1832-
tl(10, ".put(\"errorCode\", \"401\")");
1833+
tl(10, ".put(\"errorCode\", \"403\")");
18331834
tl(10, ".put(\"errorMessage\", msg)");
18341835
tl(10, ".encodePrettily()");
18351836
tl(9, "), MultiMap.caseInsensitiveMultiMap()");
@@ -1838,12 +1839,12 @@ public void ecrireGenApiServiceImpl2(String classeLangueNom) throws Exception {
18381839
tl(5, "} else {");
18391840
} else {
18401841
tl(3, "authorizationProvider.getAuthorizations(", classeLangueConfig.getString(ConfigCles.var_requeteSite), ".get", classeLangueConfig.getString(ConfigCles.var_Utilisateur), "()).onFailure(ex -> {");
1841-
tl(4, "String msg = String.format(\"401 UNAUTHORIZED user %s to %s %s\", siteRequest.getUser().attributes().getJsonObject(\"accessToken\").getString(\"preferred_username\"), serviceRequest.getExtra().getString(\"method\"), serviceRequest.getExtra().getString(\"uri\"));");
1842+
tl(4, "String msg = String.format(\"403 FORBIDDEN user %s to %s %s\", siteRequest.getUser().attributes().getJsonObject(\"accessToken\").getString(\"preferred_username\"), serviceRequest.getExtra().getString(\"method\"), serviceRequest.getExtra().getString(\"uri\"));");
18421843
tl(4, "eventHandler.handle(Future.succeededFuture(");
1843-
tl(5, "new ServiceResponse(401, \"UNAUTHORIZED\",");
1844+
tl(5, "new ServiceResponse(403, \"FORBIDDEN\",");
18441845
tl(6, "Buffer.buffer().appendString(");
18451846
tl(7, "new JsonObject()");
1846-
tl(8, ".put(\"errorCode\", \"401\")");
1847+
tl(8, ".put(\"errorCode\", \"403\")");
18471848
tl(8, ".put(\"errorMessage\", msg)");
18481849
tl(8, ".encodePrettily()");
18491850
tl(7, "), MultiMap.caseInsensitiveMultiMap()");
@@ -1854,12 +1855,12 @@ public void ecrireGenApiServiceImpl2(String classeLangueNom) throws Exception {
18541855
tl(6, "!Optional.ofNullable(config.getString(ConfigKeys.", classeLangueConfig.getString(ConfigCles.var_AUTH_ROLE_REQUIS), " + \"_", classeNomSimple, "\")).map(v -> RoleBasedAuthorization.create(v).match(", classeLangueConfig.getString(ConfigCles.var_requeteSite), ".get", classeLangueConfig.getString(ConfigCles.var_Utilisateur), "())).orElse(false)");
18551856
tl(6, StringUtils.containsAny(classeApiMethode, "POST", "PUT", "PATCH") ? "||" : "&&", " !Optional.ofNullable(Optional.ofNullable(config.getString(ConfigKeys.", classeLangueConfig.getString(ConfigCles.var_AUTH_ROLE_LIRE_REQUIS), " + \"_", classeNomSimple, "\")).orElse(config.getString(ConfigKeys.", classeLangueConfig.getString(ConfigCles.var_AUTH_ROLE_REQUIS), " + \"_", classeNomSimple, "\"))).map(v -> RoleBasedAuthorization.create(v).match(", classeLangueConfig.getString(ConfigCles.var_requeteSite), ".get", classeLangueConfig.getString(ConfigCles.var_Utilisateur), "())).orElse(false)");
18561857
tl(6, ") {");
1857-
tl(5, "String msg = String.format(\"401 UNAUTHORIZED user %s to %s %s\", siteRequest.getUser().attributes().getJsonObject(\"accessToken\").getString(\"preferred_username\"), serviceRequest.getExtra().getString(\"method\"), serviceRequest.getExtra().getString(\"uri\"));");
1858+
tl(5, "String msg = String.format(\"403 FORBIDDEN user %s to %s %s\", siteRequest.getUser().attributes().getJsonObject(\"accessToken\").getString(\"preferred_username\"), serviceRequest.getExtra().getString(\"method\"), serviceRequest.getExtra().getString(\"uri\"));");
18581859
tl(5, "eventHandler.handle(Future.succeededFuture(");
1859-
tl(6, "new ServiceResponse(401, \"UNAUTHORIZED\",");
1860+
tl(6, "new ServiceResponse(403, \"FORBIDDEN\",");
18601861
tl(7, "Buffer.buffer().appendString(");
18611862
tl(8, "new JsonObject()");
1862-
tl(9, ".put(\"errorCode\", \"401\")");
1863+
tl(9, ".put(\"errorCode\", \"403\")");
18631864
tl(9, ".put(\"errorMessage\", msg)");
18641865
tl(9, ".encodePrettily()");
18651866
tl(8, "), MultiMap.caseInsensitiveMultiMap()");
@@ -1871,8 +1872,46 @@ public void ecrireGenApiServiceImpl2(String classeLangueNom) throws Exception {
18711872
}
18721873
else {
18731874
if(authPolitiqueGranulee) {
1875+
tl(3, "webClient.post(");
1876+
tl(5, "config.getInteger(ConfigKeys.AUTH_PORT)");
1877+
tl(5, ", config.getString(ConfigKeys.AUTH_HOST_NAME)");
1878+
tl(5, ", config.getString(ConfigKeys.AUTH_TOKEN_URI)");
1879+
tl(5, ")");
1880+
tl(5, ".ssl(config.getBoolean(ConfigKeys.AUTH_SSL))");
1881+
tl(5, ".putHeader(\"Authorization\", String.format(\"Bearer %s\", siteRequest.getUser().principal().getString(\"access_token\")))");
1882+
tl(5, ".expect(ResponsePredicate.status(200))");
1883+
tl(5, ".sendForm(MultiMap.caseInsensitiveMultiMap()");
1884+
tl(7, ".add(\"grant_type\", \"urn:ietf:params:oauth:grant-type:uma-ticket\")");
1885+
tl(7, ".add(\"audience\", config.getString(ConfigKeys.AUTH_CLIENT))");
1886+
tl(7, ".add(\"response_mode\", \"decision\")");
1887+
tl(7, ".add(\"permission\", String.format(\"%s#%s\", ", classeNomSimple, ".CLASS_SIMPLE_NAME, \"", classeApiMethode, "\"))");
1888+
tl(3, ").onFailure(ex -> {");
1889+
tl(4, "String msg = String.format(\"403 FORBIDDEN user %s to %s %s\", siteRequest.getUser().attributes().getJsonObject(\"accessToken\").getString(\"preferred_username\"), serviceRequest.getExtra().getString(\"method\"), serviceRequest.getExtra().getString(\"uri\"));");
1890+
tl(4, "eventHandler.handle(Future.succeededFuture(");
1891+
tl(5, "new ServiceResponse(403, \"FORBIDDEN\",");
1892+
tl(6, "Buffer.buffer().appendString(");
1893+
tl(7, "new JsonObject()");
1894+
tl(8, ".put(\"errorCode\", \"403\")");
1895+
tl(8, ".put(\"errorMessage\", msg)");
1896+
tl(8, ".encodePrettily()");
1897+
tl(7, "), MultiMap.caseInsensitiveMultiMap()");
1898+
tl(5, ")");
1899+
tl(4, "));");
1900+
tl(3, "}).onSuccess(authorizationDecision -> {");
18741901
tl(4, "try {");
1875-
tl(5, "{");
1902+
tl(5, "if(!authorizationDecision.bodyAsJsonObject().getBoolean(\"result\")) {");
1903+
tl(6, "String msg = String.format(\"403 FORBIDDEN user %s to %s %s\", siteRequest.getUser().attributes().getJsonObject(\"accessToken\").getString(\"preferred_username\"), serviceRequest.getExtra().getString(\"method\"), serviceRequest.getExtra().getString(\"uri\"));");
1904+
tl(6, "eventHandler.handle(Future.succeededFuture(");
1905+
tl(7, "new ServiceResponse(403, \"FORBIDDEN\",");
1906+
tl(8, "Buffer.buffer().appendString(");
1907+
tl(9, "new JsonObject()");
1908+
tl(10, ".put(\"errorCode\", \"403\")");
1909+
tl(10, ".put(\"errorMessage\", msg)");
1910+
tl(10, ".encodePrettily()");
1911+
tl(9, "), MultiMap.caseInsensitiveMultiMap()");
1912+
tl(7, ")");
1913+
tl(6, "));");
1914+
tl(5, "} else {");
18761915
} else {
18771916
tl(4, "{");
18781917
tl(5, "try {");
@@ -2090,7 +2129,11 @@ else if(classeApiMethode.equals(classeLangueConfig.getString(ConfigCles.var_PUTF
20902129
&& ( classeRoles.size() > 0 || classeRoleLires.size() > 0)
20912130
)
20922131
) {
2093-
tl(3, "});");
2132+
tl(3, "});");
2133+
} else {
2134+
if(authPolitiqueGranulee) {
2135+
tl(3, "});");
2136+
}
20942137
}
20952138

20962139
tl(2, "}).onFailure(ex -> {");

src/main/java/org/computate/frFR/java/IndexerClasse.java

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2455,12 +2455,13 @@ else if(classeEstBase) {
24552455
classeRoleUtilisateur = indexerStockerSolr(classeDoc, "classeRoleUtilisateur", regexTrouve("^" + classeLangueConfig.getString(ConfigCles.var_RoleUtilisateur) + ":\\s*(true)$", classeCommentaire));
24562456
classeRoleChacun = indexerStockerSolr(classeDoc, "classeRoleChacun", regexTrouve("^" + classeLangueConfig.getString(ConfigCles.var_RoleChacun) + ":\\s*(true)$", classeCommentaire));
24572457

2458-
Matcher classeRolesRecherche = Pattern.compile("^" + classeLangueConfig.getString(ConfigCles.var_Role) + "\\.([^:\n]+):\\s*(.*)\\s*", Pattern.MULTILINE).matcher(classeCommentaire);
2458+
Matcher classeRolesRecherche = Pattern.compile("^" + classeLangueConfig.getString(ConfigCles.var_Role) + "(\\.([^:\n]+))?:\\s*(.*)\\s*", Pattern.MULTILINE).matcher(classeCommentaire);
24592459
classeRolesTrouves = classeRolesRecherche.find();
24602460
boolean classeRolesTrouvesActuel = classeRolesTrouves;
24612461
while(classeRolesTrouvesActuel) {
2462-
String classeRoleValeur = classeRolesRecherche.group(2);
2463-
String classeRoleLangue = classeRolesRecherche.group(1);
2462+
String classeRoleValeur = classeRolesRecherche.group(3);
2463+
String classeRoleLangue = classeRolesRecherche.group(2);
2464+
classeRoleLangue = classeRoleLangue == null ? classeLangueNom : classeRoleLangue;
24642465
stockerListeSolr(classeDoc, "classeRoles", classeRoleValeur);
24652466
stockerListeSolr(classeDoc, "classeRolesLangue", classeRoleLangue);
24662467
classeRolesTrouves = true;

0 commit comments

Comments
 (0)