Skip to content

Codecrew / Moya

Go to a project
Commit c3665357 by Antti Tonkyra
Options

Fix some late-night sleep deprived mistakes with permissions :)

1 parent 1eeae2e4
Inline Side-by-side
Showing with 13 additions and 5 deletions
code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/MenuBean.java
...@@ -118,7 +118,7 @@ public class MenuBean implements MenuBeanLocal { ...@@ -118,7 +118,7 @@ public class MenuBean implements MenuBeanLocal {
userprofile.addPage(menuitemfacade.findOrCreate("/user/edit"), UserPermission.VIEW_SELF); userprofile.addPage(menuitemfacade.findOrCreate("/user/edit"), UserPermission.VIEW_SELF);
userprofile.addPage(menuitemfacade.findOrCreate("/user/changePassword"), UserPermission.VIEW_SELF); userprofile.addPage(menuitemfacade.findOrCreate("/user/changePassword"), UserPermission.VIEW_SELF);
userprofile.addPage(menuitemfacade.findOrCreate("/user/gameids"), TournamentPermission.VIEW); userprofile.addPage(menuitemfacade.findOrCreate("/user/gameids"), UserPermission.MODIFY_OWN_GAMEIDS);
userprofile.addPage(menuitemfacade.findOrCreate("/auth/logout"), UserPermission.LOGOUT); userprofile.addPage(menuitemfacade.findOrCreate("/auth/logout"), UserPermission.LOGOUT);
MenuNavigation tournaments = usermenu.addPage(null, null); MenuNavigation tournaments = usermenu.addPage(null, null);
......
code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/UserBean.java
...@@ -526,7 +526,7 @@ public class UserBean implements UserBeanLocal { ...@@ -526,7 +526,7 @@ public class UserBean implements UserBeanLocal {
return evu; return evu;
} }
@Override @Override
@RolesAllowed(SpecialPermission.S_USER) @RolesAllowed(UserPermission.S_MODIFY_OWN_GAMEIDS)
public void addGameID(TournamentGame game, String gameid) { public void addGameID(TournamentGame game, String gameid) {
EventUser u = permbean.getCurrentUser(); EventUser u = permbean.getCurrentUser();
...@@ -541,19 +541,23 @@ public class UserBean implements UserBeanLocal { ...@@ -541,19 +541,23 @@ public class UserBean implements UserBeanLocal {
} }
@Override @Override
@RolesAllowed(SpecialPermission.S_USER) @RolesAllowed(UserPermission.S_MODIFY_OWN_GAMEIDS)
public void removeGameIdById(Integer gameIdId) { public void removeGameIdById(Integer gameIdId) {
GameID gi = gameIDFacade.find(gameIdId); GameID gi = gameIDFacade.find(gameIdId);
// In the future we may edit other peoples' gameids, leave this as a placeholder for now
// At the very least it safeguards the situation if user gets another users gameid in somehow..
if(!permbean.isCurrentUser(gi.getEventUser())) { if(!permbean.isCurrentUser(gi.getEventUser())) {
loggerbean.logMessage(SecurityLogType.permissionDenied, permbean.getCurrentUser(), "User tried to remove GameID from another user: " + gi.getEventUser()); loggerbean.logMessage(SecurityLogType.permissionDenied, permbean.getCurrentUser(), "User tried to remove GameID from another user: " + gi.getEventUser());
throw new EJBAccessException("Not enough rights to remove another users' GameIDs"); throw new EJBAccessException("Not enough rights to remove another users' GameIDs");
} }
gi.getEventUser().getGameIDs().remove(gi); gi.getEventUser().getGameIDs().remove(gi);
gameIDFacade.remove(gi); gameIDFacade.remove(gi);
} }
@Override @Override
@RolesAllowed(SpecialPermission.S_USER) @RolesAllowed(UserPermission.S_VIEW_ALL_GAMEIDS)
public GameID getGameIDByGameAndUser(TournamentGame tg, EventUser user) { public GameID getGameIDByGameAndUser(TournamentGame tg, EventUser user) {
return gameIDFacade.getGameIDByGame(tg, user); return gameIDFacade.getGameIDByGame(tg, user);
} }
......
code/MoyaUtilities/src/main/java/fi/codecrew/moya/enums/apps/UserPermission.java
...@@ -19,7 +19,9 @@ public enum UserPermission implements IAppPermission { ...@@ -19,7 +19,9 @@ public enum UserPermission implements IAppPermission {
READ_ORGROLES, // ("View organization roles"), READ_ORGROLES, // ("View organization roles"),
WRITE_ORGROLES, // ("Modify organization roles"), WRITE_ORGROLES, // ("Modify organization roles"),
VITUTTAAKO, VITUTTAAKO,
LOGGED_IN_USER; LOGGED_IN_USER,
MODIFY_OWN_GAMEIDS,
VIEW_ALL_GAMEIDS;
public static final String S_VIEW_ALL = "USER/VIEW_ALL"; public static final String S_VIEW_ALL = "USER/VIEW_ALL";
public static final String S_MODIFY = "USER/MODIFY"; public static final String S_MODIFY = "USER/MODIFY";
...@@ -37,6 +39,8 @@ public enum UserPermission implements IAppPermission { ...@@ -37,6 +39,8 @@ public enum UserPermission implements IAppPermission {
public static final String S_READ_ORGROLES = "USER/READ_ORGROLES"; public static final String S_READ_ORGROLES = "USER/READ_ORGROLES";
public static final String S_WRITE_ORGROLES = "USER/WRITE_ORGROLES"; public static final String S_WRITE_ORGROLES = "USER/WRITE_ORGROLES";
public static final String S_VITUTTAAKO = "USER/VITUTTAAKO"; public static final String S_VITUTTAAKO = "USER/VITUTTAAKO";
public static final String S_MODIFY_OWN_GAMEIDS = "USER/MODIFY_OWN_GAMEIDS";
public static final String S_VIEW_ALL_GAMEIDS = "USER/VIEW_ALL_GAMEIDS";
private final String fullName; private final String fullName;
private final String key; private final String key;
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!