public static <ID> boolean hasPermission(ID id, UserDto currentUser, String permission) { log.debug("Computing " + permission + " permission for User " + id + "\n Logged in user: " + currentUser); if (permission.equals("edit")) { if (currentUser == null) return false; boolean isSelf = currentUser.getId().equals(id.toString()); return isSelf || currentUser.isGoodAdmin(); // self or admin; } return false; } }
@Override public Optional<ID> getCurrentAuditor() { UserDto user = currentUser(); if (user == null) return Optional.empty(); return Optional.of(idConverter.toId(user.getId())); } }
public Mono<UserDto> changePassword(ID userId, Mono<ChangePasswordForm> changePasswordForm) { return Mono.zip(findUserById(userId), LecrUtils.currentUser()) .doOnNext(this::ensureEditable) .flatMap(tuple -> Mono.zip( Mono.just(tuple.getT1()), findUserById(toId(tuple.getT2().get().getId())), changePasswordForm) .doOnNext(this::changePassword)) .map(Tuple2::getT1) .flatMap(userRepository::save) .map(AbstractMongoUser::toUserDto); }
@PreAuthorize("isAuthenticated()") public Mono<UserDto> changeEmail(ID userId, Mono<MultiValueMap<String, String>> formData) { log.debug("Changing email of current user ..."); return LecrUtils.currentUser() .doOnNext(currentUser -> { LexUtils.validate(userId.equals(toId(currentUser.get().getId())), "com.naturalprogrammer.spring.wrong.login").go(); }) .then(Mono.zip(findUserById(userId), formData)) .map(this::validateChangeEmail) .flatMap(user -> Mono.zip(Mono.just(user), userRepository .findByEmail(user.getNewEmail()) .map(Optional::of) .defaultIfEmpty(Optional.empty()) )) .map(this::changeEmail) .flatMap(userRepository::save) .map(AbstractMongoUser::toUserDto); }
@Override protected void updateUserFields(User user, User updatedUser, UserDto currentUser) { super.updateUserFields(user, updatedUser, currentUser); user.setName(updatedUser.getName()); LecjUtils.afterCommit(() -> { if (currentUser.getId().equals(user.getId().toString())) currentUser.setTag(user.toTag()); }); }
public Mono<Void> requestEmailChange(ID userId, Mono<EmailForm> emailForm) { return Mono.zip(findUserById(userId), LecrUtils.currentUser()) .doOnNext(this::ensureEditable) .flatMap(tuple -> Mono.zip( Mono.just(tuple.getT1()), findUserById(toId(tuple.getT2().get().getId())), emailForm) .doOnNext(this::requestEmailChange)) .map(Tuple2::getT1) .flatMap(userRepository::save) .doOnNext(this::mailChangeEmailLink) .then(); }
/** * Updates the fields of the users. Override this if you have more fields. */ protected void updateUserFields(U user, U updatedUser, UserDto currentUser) { log.debug("Updating user fields for user: " + user); // Another good admin must be logged in to edit roles if (currentUser.isGoodAdmin() && !currentUser.getId().equals(user.getId().toString())) { log.debug("Updating roles for user: " + user); // update the roles if (user.getRoles().equals(updatedUser.getRoles())) // roles are same return; if (updatedUser.hasRole(UserUtils.Role.UNVERIFIED)) { if (!user.hasRole(UserUtils.Role.UNVERIFIED)) { makeUnverified(user); // make user unverified } } else { if (user.hasRole(UserUtils.Role.UNVERIFIED)) user.getRoles().remove(UserUtils.Role.UNVERIFIED); // make user verified } user.setRoles(updatedUser.getRoles()); user.setCredentialsUpdatedMillis(System.currentTimeMillis()); } }
/** * Updates the fields of the users. Override this if you have more fields. */ protected void updateUserFields(U user, U updatedUser, UserDto currentUser) { log.debug("Updating user fields for user: " + user); // Another good admin must be logged in to edit roles if (currentUser.isGoodAdmin() && !currentUser.getId().equals(user.getId().toString())) { log.debug("Updating roles for user: " + user); // update the roles if (user.getRoles().equals(updatedUser.getRoles())) // roles are same return; if (updatedUser.hasRole(UserUtils.Role.UNVERIFIED)) { if (!user.hasRole(UserUtils.Role.UNVERIFIED)) { makeUnverified(user); // make user unverified } } else { if (user.hasRole(UserUtils.Role.UNVERIFIED)) user.getRoles().remove(UserUtils.Role.UNVERIFIED); // make user verified } user.setRoles(updatedUser.getRoles()); user.setCredentialsUpdatedMillis(System.currentTimeMillis()); } }
/** * Changes the password. */ @UserEditPermission @Transactional(propagation=Propagation.REQUIRED, readOnly=false) public String changePassword(U user, @Valid ChangePasswordForm changePasswordForm) { log.debug("Changing password for user: " + user); // Get the old password of the logged in user (logged in user may be an ADMIN) UserDto currentUser = LecwUtils.currentUser(); U loggedIn = userRepository.findById(toId(currentUser.getId())).get(); String oldPassword = loggedIn.getPassword(); // checks LexUtils.ensureFound(user); LexUtils.validateField("changePasswordForm.oldPassword", passwordEncoder.matches(changePasswordForm.getOldPassword(), oldPassword), "com.naturalprogrammer.spring.wrong.password").go(); // sets the password user.setPassword(passwordEncoder.encode(changePasswordForm.getPassword())); user.setCredentialsUpdatedMillis(System.currentTimeMillis()); userRepository.save(user); log.debug("Changed password for user: " + user); return user.toUserDto().getUsername(); }
LexUtils.validate(userId.equals(toId(currentUser.getId())), "com.naturalprogrammer.spring.wrong.login").go();