@Override public Optional<GlobalRole> getGlobalRoleForAccount(Account account) { return roleRepository.findGlobalRoleByAccount(account.id()) .flatMap(rolesService::getGlobalRole); }
@Override public <T> T load(PreferencesType<T> preferencesType, T defaultValue) { // Gets the current account Account account = securityService.getCurrentAccount(); if (account != null) { return repository.find(account.id(), preferencesType.getClass().getName()) .map(preferencesType::fromStorage) .orElse(defaultValue); } else { // Not logged return defaultValue; } }
@Override public Collection<ProjectRoleAssociation> getProjectPermissionsForAccount(Account account) { return roleRepository.findProjectRoleAssociationsByAccount( account.id(), rolesService::getProjectRoleAssociation ) .stream() // Filter by authorisation .filter(projectRoleAssociation -> securityService.isProjectFunctionGranted( projectRoleAssociation.getProjectId(), ProjectAuthorisationMgt.class )) // OK .collect(Collectors.toList()); }
@Override public <T> void store(PreferencesType<T> preferencesType, T value) { // Gets the current account Account account = securityService.getCurrentAccount(); if (account != null) { repository.store( account.id(), preferencesType.getClass().getName(), preferencesType.forStorage(value) ); } } }
@Override public List<Account> getAccounts() { securityService.checkGlobalFunction(AccountManagement.class); return accountRepository.findAll(authenticationSourceService::getAuthenticationSource) .stream() .map(account -> account.withGroups(accountGroupRepository.findByAccount(account.id()))) .collect(Collectors.toList()); }
private Optional<GlobalPermission> getGlobalPermission(Account account) { Optional<String> roleId = roleRepository.findGlobalRoleByAccount(account.id()); if (roleId.isPresent()) { Optional<GlobalRole> globalRole = rolesService.getGlobalRole(roleId.get()); if (globalRole.isPresent()) { return Optional.of( new GlobalPermission( account.asPermissionTarget(), globalRole.get() ) ); } } return Optional.empty(); }
private Optional<ProjectPermission> getProjectPermission(ID projectId, Account account) { Optional<ProjectRoleAssociation> roleAssociationOptional = roleRepository.findProjectRoleAssociationsByAccount( account.id(), projectId.getValue(), rolesService::getProjectRoleAssociation ); if (roleAssociationOptional.isPresent()) { return Optional.of( new ProjectPermission( projectId, account.asPermissionTarget(), roleAssociationOptional.get().getProjectRole() ) ); } else { return Optional.empty(); } }
public PermissionTarget asPermissionTarget() { return new PermissionTarget( PermissionTargetType.ACCOUNT, id(), getName(), getFullName() ); } }
@Override protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { String rawPassword = (String) authentication.getCredentials(); boolean ok = accountRepository.checkPassword( ((AccountUserDetails) userDetails).getAccount().id(), encodedPassword -> passwordEncoder.matches(rawPassword, encodedPassword) ); if (!ok) { throw new BadCredentialsException("Incorrect password"); } }
@Override public boolean isProjectFavourite(Project project) { return securityService.isProjectFunctionGranted(project, ProjectView.class) && securityService.getAccount().filter(account -> account.getId().isSet()) .map(account -> repository.isProjectFavourite( account.id(), project.id() )).orElse(false); }
@Override public void setProjectFavourite(Project project, boolean favourite) { if (securityService.isProjectFunctionGranted(project, ProjectView.class)) { securityService.getAccount().ifPresent(account -> repository.setProjectFavourite(account.id(), project.id(), favourite) ); } } }
@Override public Account withACL(AuthenticatedAccount raw) { return raw.getAccount() // Global role .withGlobalRole( roleRepository.findGlobalRoleByAccount(raw.getAccount().id()).flatMap(rolesService::getGlobalRole) ) // Project roles .withProjectRoles( roleRepository.findProjectRoleAssociationsByAccount(raw.getAccount().id(), rolesService::getProjectRoleAssociation) ) // Groups from the repository .withGroups( accountGroupRepository.findByAccount(raw.getAccount().id()).stream() .map(this::groupWithACL) .collect(Collectors.toList()) ) // Group contributions .withGroups( accountGroupContributors.stream() .flatMap(accountGroupContributor -> accountGroupContributor.collectGroups(raw).stream()) .map(this::groupWithACL) .collect(Collectors.toList()) ) // OK .lock(); }
@Override public Account create(AccountInput input) { Account account = create( input, "password" ); accountRepository.setPassword(account.id(), passwordEncoder.encode(input.getPassword())); return account; }
@Override public Ack changePassword(PasswordChange input) { // Checks the account Account account = securityService.getCurrentAccount(); if (account == null) { throw new AccessDeniedException("Must be logged to change password."); } else if (!account.getAuthenticationSource().isAllowingPasswordChange()) { throw new AccessDeniedException("Password change is not allowed from ontrack."); } else if (!accountRepository.checkPassword( account.id(), encodedPassword -> passwordEncoder.matches(input.getOldPassword(), encodedPassword) )) { throw new UserOldPasswordException(); } else { accountRepository.setPassword( account.id(), passwordEncoder.encode(input.getNewPassword()) ); return Ack.OK; } } }
protected Account doCreateAccountWithGlobalRole(String role) throws Exception { Account account = doCreateAccount(); return asUser().with(AccountManagement.class).call(() -> { accountService.saveGlobalPermission( PermissionTargetType.ACCOUNT, account.id(), new PermissionInput(role) ); return accountService.withACL( AuthenticatedAccount.of(account) ); }); }
protected Account doCreateAccountWithProjectRole(Project project, String role) throws Exception { Account account = doCreateAccount(); return asUser().with(project, ProjectAuthorisationMgt.class).call(() -> { accountService.saveProjectPermission( project.getId(), PermissionTargetType.ACCOUNT, account.id(), new PermissionInput(role) ); return accountService.withACL( AuthenticatedAccount.of(account) ); }); }
@Override public Account create(AccountInput input, String authenticationSourceMode) { securityService.checkGlobalFunction(AccountManagement.class); // Creates the account Account account = Account.of( input.getName(), input.getFullName(), input.getEmail(), SecurityRole.USER, authenticationSourceService.getAuthenticationSource(authenticationSourceMode) ); // Saves it account = accountRepository.newAccount(account); // Account groups accountGroupRepository.linkAccountToGroups(account.id(), input.getGroups()); // OK return account; }
@Override public Account updateAccount(ID accountId, AccountInput input) { securityService.checkGlobalFunction(AccountManagement.class); // Gets the existing account Account account = getAccount(accountId); // Checks if default admin if (account.isDefaultAdmin() && !StringUtils.equals(account.getName(), input.getName())) { throw new AccountDefaultAdminCannotUpdateNameException(); } // Updates it account = account.update(input); // Saves it accountRepository.saveAccount(account); // Updating the password? if (StringUtils.isNotBlank(input.getPassword())) { accountRepository.setPassword(accountId.getValue(), passwordEncoder.encode(input.getPassword())); } // Account groups accountGroupRepository.linkAccountToGroups(account.id(), input.getGroups()); // OK return getAccount(accountId); }
@Override public void saveAccount(Account account) { try { getNamedParameterJdbcTemplate().update( "UPDATE ACCOUNTS SET NAME = :name, FULLNAME = :fullName, EMAIL = :email " + "WHERE ID = :id", params("id", account.id()) .addValue("name", account.getName()) .addValue("fullName", account.getFullName()) .addValue("email", account.getEmail()) ); } catch (DuplicateKeyException ex) { throw new AccountNameAlreadyDefinedException(account.getName()); } }