Adding support for user role check

4be10a8b · Tor-Einar Skog · 793d7e87 · 4be10a8b · 4be10a8b · 4be10a8b
Commit 4be10a8b authored 11 years ago by Tor-Einar Skog
--- a/src/main/java/no/bioforsk/vips/logic/controller/LoginController.java
+++ b/src/main/java/no/bioforsk/vips/logic/controller/LoginController.java
@@ -3,6 +3,7 @@ package no.bioforsk.vips.logic.controller;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Locale;
 import java.util.Map;
 import javax.servlet.ServletException;
@@ -14,6 +15,8 @@ import javax.ws.rs.client.ClientBuilder;
 import javax.ws.rs.client.WebTarget;
 import javax.ws.rs.core.Response;
 import no.bioforsk.vips.coremanager.service.ManagerResource;
+import no.bioforsk.vips.logic.entity.UserVipslogicRole;
+import no.bioforsk.vips.logic.session.SessionControllerGetter;
 import no.bioforsk.vips.logic.util.ServletUtil;
 import org.jboss.resteasy.client.jaxrs.ResteasyWebTarget;

@@ -72,6 +75,8 @@ public class LoginController extends HttpServlet {
                    Map user = resp.readEntity(HashMap.class);
                    if(user != null)
                    {
+                        List<UserVipslogicRole> roles = SessionControllerGetter.getUserBean().getUserVipslogicRole((Integer)user.get("vipsCoreUserId"));
+                        user.put("roles", roles);
                        request.getSession().setAttribute("user", user);
                        response.sendRedirect(new StringBuilder("http://").append(ServletUtil.getServerName(request)).append(nextPage).toString());
                    }

--- a/src/main/java/no/bioforsk/vips/logic/controller/PointOfInterestController.java
+++ b/src/main/java/no/bioforsk/vips/logic/controller/PointOfInterestController.java
 package no.bioforsk.vips.logic.controller;

 import java.io.IOException;
+import java.util.List;
 import java.util.Map;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import no.bioforsk.vips.logic.entity.PointOfInterestWeatherStation;
 import no.bioforsk.vips.logic.session.SessionControllerGetter;

 /**
@@ -39,7 +41,15 @@ public class PointOfInterestController extends HttpServlet {
            String pointOfInterestId = request.getParameter("pointOfInterestId");
            if(pointOfInterestId == null)
            {
-                request.getSession().setAttribute("weatherStations", SessionControllerGetter.getPointOfInterestBean().getWeatherstationsForUser(userId));
+                List<PointOfInterestWeatherStation> weatherStations;
+                if(SessionControllerGetter.getUserBean().isSuperUser(userInfo)){
+                    weatherStations = SessionControllerGetter.getPointOfInterestBean().getAllWeatherStations();
+                }
+                else
+                {
+                    weatherStations = SessionControllerGetter.getPointOfInterestBean().getWeatherstationsForUser(userId);
+                }
+                request.getSession().setAttribute("weatherStations", weatherStations);
                request.getRequestDispatcher("/weatherstationlist.ftl").forward(request, response);
            }
            else

--- a/src/main/java/no/bioforsk/vips/logic/entity/PointOfInterestWeatherStation.java
+++ b/src/main/java/no/bioforsk/vips/logic/entity/PointOfInterestWeatherStation.java
@@ -24,7 +24,7 @@ import no.bioforsk.vips.logic.util.Globals;
 @Table(name = "point_of_interest_weather_station")
 @XmlRootElement
 @NamedQueries({
-    @NamedQuery(name = "PointOfInterestWeatherStation.findAll", query = "SELECT p FROM PointOfInterestWeatherStation p"),
+    @NamedQuery(name = "PointOfInterestWeatherStation.findAll", query = "SELECT p FROM PointOfInterest p WHERE p.pointOfInterestType.pointOfInterestTypeId=1"),
    @NamedQuery(name = "PointOfInterestWeatherStation.findByPointOfInterestId", query = "SELECT p FROM PointOfInterest p WHERE p.pointOfInterestId = :pointOfInterestId AND p.pointOfInterestType.pointOfInterestTypeId=1"),
    @NamedQuery(name = "PointOfInterestWeatherStation.findByUserId", query = "SELECT p FROM PointOfInterest p WHERE p.pointOfInterestType.pointOfInterestTypeId=1 AND p.pointOfInterestId IN(SELECT up.pointOfInterest.pointOfInterestId FROM UserPointOfInterest up WHERE up.userPointOfInterestPK.userId = :userId)")
 })

--- a/src/main/java/no/bioforsk/vips/logic/session/PointOfInterestBean.java
+++ b/src/main/java/no/bioforsk/vips/logic/session/PointOfInterestBean.java
@@ -42,6 +42,12 @@ public class PointOfInterestBean {
        return q.getResultList();
    }
    
+    public List<PointOfInterestWeatherStation> getAllWeatherStations()
+    {
+        Query q = em.createNamedQuery("PointOfInterestWeatherStation.findAll");
+        return q.getResultList();
+    }
+    
    /**
     * 
     * @param pointOfInterestId

--- a/src/main/java/no/bioforsk/vips/logic/session/SessionControllerGetter.java
+++ b/src/main/java/no/bioforsk/vips/logic/session/SessionControllerGetter.java
@@ -26,6 +26,21 @@ public class SessionControllerGetter {
        }
    }
    
+    public static UserBean getUserBean()
+    {
+        try
+        {
+            InitialContext ic = new InitialContext();
+            UserBean retVal = (UserBean) ic.lookup(SessionControllerGetter.getJndiPath(UserBean.class));
+
+            return retVal;
+        }catch(NamingException ne)
+        {
+            System.out.println("Could not find " + UserBean.class.getSimpleName());
+            return null;
+        }
+    }
+    
    private static String getJndiPath(Class obj)
    {
        String retVal = SessionControllerGetter.JNDI_PATH + obj.getSimpleName();

--- a/src/main/java/no/bioforsk/vips/logic/session/UserBean.java
+++ b/src/main/java/no/bioforsk/vips/logic/session/UserBean.java
+package no.bioforsk.vips.logic.session;
+
+import java.util.List;
+import java.util.Map;
+import javax.ejb.LocalBean;
+import javax.ejb.Stateless;
+import javax.persistence.EntityManager;
+import javax.persistence.PersistenceContext;
+import javax.persistence.Query;
+import no.bioforsk.vips.logic.entity.UserVipslogicRole;
+import no.bioforsk.vips.logic.util.Globals;
+
+/**
+ * Handles user stuff, credentials
+ * @copyright 2013 <a href="http://www.bioforsk.no/">Bioforsk</a>
+ * @author Tor-Einar Skog <tor-einar.skog@bioforsk.no>
+ */
+@LocalBean
+@Stateless
+public class UserBean {
+    @PersistenceContext(unitName="VIPSLogic-PU")
+    EntityManager em;
+    
+    /**
+     * 
+     * @param userId
+     * @return list of roles for this user
+     */
+    public List<UserVipslogicRole> getUserVipslogicRole(Integer userId)
+    {
+        Query q = em.createNamedQuery("UserVipslogicRole.findByUserId", UserVipslogicRole.class);
+        q.setParameter("userId", userId);
+        return q.getResultList();
+    }
+    
+    public boolean isSuperUser(Map userInfo)
+    {
+        List<UserVipslogicRole> roles = (List<UserVipslogicRole>) userInfo.get("roles");
+        for(UserVipslogicRole role : roles)
+        {
+            if(role.getVipslogicRole().getVipslogicRoleId().equals(Globals.ROLE_SUPERUSER))
+                return true;
+        }
+        return false;
+    }
+}
--- a/src/main/java/no/bioforsk/vips/logic/util/Globals.java
+++ b/src/main/java/no/bioforsk/vips/logic/util/Globals.java
@@ -22,4 +22,8 @@ public class Globals {
    // Point of interest type IDs
    public static final Integer POI_TYPE_WEATHERSTATION=1;
    
+    // User roles
+    public static final Integer ROLE_SUPERUSER = 1;
+    public static final Integer ROLE_ORGANIZATION_ADMINISTRATOR = 2;
+    
 }