Skip to content

Commit 58741ee

Browse files
computatecomputate
authored
Merge pull request #36 from computate/computate
Fixes for fine-grained access control with resource authorizations
2 parents 1895eb0 + a78ff07 commit 58741ee

File tree

1 file changed

+51
-76
lines changed

1 file changed

+51
-76
lines changed

src/main/java/org/computate/frFR/java/EcrireApiClasse.java

Lines changed: 51 additions & 76 deletions
Original file line numberDiff line numberDiff line change
@@ -1992,58 +1992,39 @@ public void ecrireGenApiServiceImpl2(String classeLangueNom) throws Exception {
19921992
tl(4, "try {");
19931993
tl(5, "HttpResponse<Buffer> authorizationDecision = authorizationDecisionResponse.result();");
19941994
tl(5, "JsonArray scopes = authorizationDecisionResponse.failed() ? new JsonArray() : authorizationDecision.bodyAsJsonArray().stream().findFirst().map(decision -> ((JsonObject)decision).getJsonArray(\"scopes\")).orElse(new JsonArray());");
1995-
if(StringUtils.equals(classeApiMethodeMethode, "GET")) {
1996-
tl(5, "{");
1997-
} else {
1998-
if(classeRoleUtilisateur) {
1999-
tl(5, "scopes.add(\"GET\");");
2000-
tl(5, "scopes.add(\"PATCH\");");
2001-
}
2002-
tl(5, "if(authorizationDecisionResponse.failed() || !scopes.contains(\"", classeApiMethodeMethode, "\")) {");
2003-
tl(6, "String msg = String.format(\"403 FORBIDDEN user %s to %s %s\", siteRequest.getUser().attributes().getJsonObject(\"accessToken\").getString(\"preferred_username\"), serviceRequest.getExtra().getString(\"method\"), serviceRequest.getExtra().getString(\"uri\"));");
2004-
tl(6, "eventHandler.handle(Future.succeededFuture(");
2005-
tl(7, "new ServiceResponse(403, \"FORBIDDEN\",");
2006-
tl(8, "Buffer.buffer().appendString(");
2007-
tl(9, "new JsonObject()");
2008-
tl(10, ".put(\"errorCode\", \"403\")");
2009-
tl(10, ".put(\"errorMessage\", msg)");
2010-
tl(10, ".encodePrettily()");
2011-
tl(9, "), MultiMap.caseInsensitiveMultiMap()");
2012-
tl(7, ")");
2013-
tl(6, "));");
2014-
tl(5, "} else {");
2015-
}
20161995
if(classeRessourcesAutorisation.size() > 0) {
2017-
l();
2018-
tl(6, "if(!scopes.contains(\"", classeApiMethodeMethode, "\")) {");
2019-
tl(7, "//");
2020-
tl(7, "List<String> fqs = new ArrayList<>();");
2021-
tl(7, "List<String> groups = Optional.ofNullable(", i18nGlobale.getString(I18n.var_requeteSite), ".getGroups()).orElse(new ArrayList<>());");
1996+
tl(5, "if(!scopes.contains(\"", classeApiMethodeMethode, "\")) {");
1997+
tl(6, "//");
1998+
tl(6, "List<String> fqs = new ArrayList<>();");
1999+
tl(6, "List<String> groups = Optional.ofNullable(", i18nGlobale.getString(I18n.var_requeteSite), ".getGroups()).orElse(new ArrayList<>());");
20222000
for(String classeRessourceAutorisation : classeRessourcesAutorisation) {
20232001

2024-
tl(7, "groups.stream().map(group -> {");
2025-
tl(10, "Matcher mPermission = Pattern.compile(\"^/", StringUtils.substringBefore(classeRessourceAutorisation, "-"), "-(.*)-", classeApiMethodeMethode, "$\").matcher(group);");
2026-
tl(10, "return mPermission.find() ? mPermission.group(1) : null;");
2027-
tl(9, "}).filter(v -> v != null).forEach(", i18nGlobale.getString(I18n.var_valeur), " -> {");
2028-
tl(10, "fqs.add(String.format(\"%s:%s\", \"", StringUtils.substringAfter(classeRessourceAutorisation, "-"), "\", ", i18nGlobale.getString(I18n.var_valeur), "));");
2029-
tl(9, "});");
2002+
tl(6, "groups.stream().map(group -> {");
2003+
tl(9, "Matcher mPermission = Pattern.compile(\"^/", StringUtils.substringBefore(classeRessourceAutorisation, "-"), "-(.*)-", classeApiMethodeMethode, "$\").matcher(group);");
2004+
tl(9, "return mPermission.find() ? mPermission.group(1) : null;");
2005+
tl(8, "}).filter(v -> v != null).forEach(", i18nGlobale.getString(I18n.var_valeur), " -> {");
2006+
tl(9, "fqs.add(String.format(\"%s:%s\", \"", StringUtils.substringAfter(classeRessourceAutorisation, "-"), "\", ", i18nGlobale.getString(I18n.var_valeur), "));");
2007+
tl(8, "});");
20302008
}
2031-
tl(7, "JsonObject authParams = ", i18nGlobale.getString(I18n.var_requeteSite), ".get", i18nGlobale.getString(I18n.var_RequeteService), "().getParams();");
2032-
tl(7, "JsonObject authQuery = authParams.getJsonObject(\"query\");");
2033-
tl(7, "if(authQuery == null) {");
2034-
tl(8, "authQuery = new JsonObject();");
2035-
tl(8, "authParams.put(\"query\", authQuery);");
2036-
tl(7, "}");
2037-
tl(7, "JsonArray fq = authQuery.getJsonArray(\"fq\");");
2038-
tl(7, "if(fq == null) {");
2039-
tl(8, "fq = new JsonArray();");
2040-
tl(8, "authQuery.put(\"fq\", fq);");
2041-
tl(7, "}");
2042-
tl(7, "if(fqs.size() > 0) {");
2043-
tl(8, "fq.add(fqs.stream().collect(Collectors.joining(\" OR \")));");
2044-
tl(8, "scopes.add(\"", classeApiMethodeMethode, "\");");
2045-
tl(7, "}");
2009+
tl(6, "JsonObject authParams = ", i18nGlobale.getString(I18n.var_requeteSite), ".get", i18nGlobale.getString(I18n.var_RequeteService), "().getParams();");
2010+
tl(6, "JsonObject authQuery = authParams.getJsonObject(\"query\");");
2011+
tl(6, "if(authQuery == null) {");
2012+
tl(7, "authQuery = new JsonObject();");
2013+
tl(7, "authParams.put(\"query\", authQuery);");
20462014
tl(6, "}");
2015+
tl(6, "JsonArray fq = authQuery.getJsonArray(\"fq\");");
2016+
tl(6, "if(fq == null) {");
2017+
tl(7, "fq = new JsonArray();");
2018+
tl(7, "authQuery.put(\"fq\", fq);");
2019+
tl(6, "}");
2020+
tl(6, "if(fqs.size() > 0) {");
2021+
tl(7, "fq.add(fqs.stream().collect(Collectors.joining(\" OR \")));");
2022+
tl(7, "scopes.add(\"", classeApiMethodeMethode, "\");");
2023+
tl(6, "}");
2024+
tl(5, "}");
2025+
tl(5, "{");
2026+
} else {
2027+
tl(5, "{");
20472028
}
20482029
tl(6, i18nGlobale.getString(I18n.var_requeteSite), ".setScopes(scopes.stream().map(o -> o.toString()).collect(Collectors.toList()));");
20492030
tl(6, "List<String> scopes2 = ", i18nGlobale.getString(I18n.var_requeteSite), ".getScopes();");
@@ -2211,29 +2192,8 @@ public void ecrireGenApiServiceImpl2(String classeLangueNom) throws Exception {
22112192
tl(4, "try {");
22122193
tl(5, "HttpResponse<Buffer> authorizationDecision = authorizationDecisionResponse.result();");
22132194
tl(5, "JsonArray scopes = authorizationDecisionResponse.failed() ? new JsonArray() : authorizationDecision.bodyAsJsonArray().stream().findFirst().map(decision -> ((JsonObject)decision).getJsonArray(\"scopes\")).orElse(new JsonArray());");
2214-
if(StringUtils.equals(classeApiMethodeMethode, "GET")) {
2215-
tl(5, "{");
2216-
} else {
2217-
if(classeRoleUtilisateur) {
2218-
tl(5, "scopes.add(\"GET\");");
2219-
tl(5, "scopes.add(\"PATCH\");");
2220-
}
2221-
tl(5, "if(authorizationDecisionResponse.failed() ", classeRoleUtilisateur && StringUtils.equals(classeApiMethodeMethode, "PATCH") ? "&&" : "||", " !scopes.contains(\"", classeApiMethodeMethode, "\")) {");
2222-
tl(6, "String msg = String.format(\"403 FORBIDDEN user %s to %s %s\", siteRequest.getUser().attributes().getJsonObject(\"accessToken\").getString(\"preferred_username\"), serviceRequest.getExtra().getString(\"method\"), serviceRequest.getExtra().getString(\"uri\"));");
2223-
tl(6, "eventHandler.handle(Future.succeededFuture(");
2224-
tl(7, "new ServiceResponse(403, \"FORBIDDEN\",");
2225-
tl(8, "Buffer.buffer().appendString(");
2226-
tl(9, "new JsonObject()");
2227-
tl(10, ".put(\"errorCode\", \"403\")");
2228-
tl(10, ".put(\"errorMessage\", msg)");
2229-
tl(10, ".encodePrettily()");
2230-
tl(9, "), MultiMap.caseInsensitiveMultiMap()");
2231-
tl(7, ")");
2232-
tl(6, "));");
2233-
tl(5, "} else {");
2234-
}
22352195
if(classeRessourcesAutorisation.size() > 0) {
2236-
l();
2196+
tl(5, "if(!scopes.contains(\"", classeApiMethodeMethode, "\")) {");
22372197
tl(6, "//");
22382198
tl(6, "List<String> fqs = new ArrayList<>();");
22392199
tl(6, "List<String> groups = Optional.ofNullable(", i18nGlobale.getString(I18n.var_requeteSite), ".getGroups()).orElse(new ArrayList<>());");
@@ -2261,16 +2221,31 @@ public void ecrireGenApiServiceImpl2(String classeLangueNom) throws Exception {
22612221
tl(7, "fq.add(fqs.stream().collect(Collectors.joining(\" OR \")));");
22622222
tl(7, "scopes.add(\"", classeApiMethodeMethode, "\");");
22632223
tl(6, "}");
2264-
l();
2224+
tl(5, "}");
2225+
}
2226+
if(StringUtils.equals(classeApiMethodeMethode, "GET")) {
2227+
tl(5, "{");
2228+
} else {
2229+
if(classeRoleUtilisateur) {
2230+
tl(5, "scopes.add(\"GET\");");
2231+
tl(5, "scopes.add(\"PATCH\");");
2232+
}
2233+
tl(5, "if(authorizationDecisionResponse.failed() && !scopes.contains(\"", classeApiMethodeMethode, "\")) {");
2234+
tl(6, "String msg = String.format(\"403 FORBIDDEN user %s to %s %s\", siteRequest.getUser().attributes().getJsonObject(\"accessToken\").getString(\"preferred_username\"), serviceRequest.getExtra().getString(\"method\"), serviceRequest.getExtra().getString(\"uri\"));");
2235+
tl(6, "eventHandler.handle(Future.succeededFuture(");
2236+
tl(7, "new ServiceResponse(403, \"FORBIDDEN\",");
2237+
tl(8, "Buffer.buffer().appendString(");
2238+
tl(9, "new JsonObject()");
2239+
tl(10, ".put(\"errorCode\", \"403\")");
2240+
tl(10, ".put(\"errorMessage\", msg)");
2241+
tl(10, ".encodePrettily()");
2242+
tl(9, "), MultiMap.caseInsensitiveMultiMap()");
2243+
tl(7, ")");
2244+
tl(6, "));");
2245+
tl(5, "} else {");
22652246
}
22662247
tl(6, i18nGlobale.getString(I18n.var_requeteSite), ".setScopes(scopes.stream().map(o -> o.toString()).collect(Collectors.toList()));");
22672248
tl(6, "List<String> scopes2 = ", i18nGlobale.getString(I18n.var_requeteSite), ".getScopes();");
2268-
// if(classeRoleSession || classeRoleUtilisateur || classeRoleChacun) {
2269-
// tl(6, "if(!scopes2.contains(\"POST\"))");
2270-
// tl(7, "scopes2.add(\"POST\");");
2271-
// tl(6, "if(!scopes2.contains(\"PATCH\"))");
2272-
// tl(7, "scopes2.add(\"PATCH\");");
2273-
// }
22742249
} else {
22752250
tl(3, "authorizationProvider.getAuthorizations(", i18nGlobale.getString(I18n.var_requeteSite), ".get", i18nGlobale.getString(I18n.var_Utilisateur), "()).onFailure(ex -> {");
22762251
tl(4, "String msg = String.format(\"403 FORBIDDEN user %s to %s %s\", siteRequest.getUser().attributes().getJsonObject(\"accessToken\").getString(\"preferred_username\"), serviceRequest.getExtra().getString(\"method\"), serviceRequest.getExtra().getString(\"uri\"));");

0 commit comments

Comments
 (0)