Commit 61b87f9b authored by redmitry@list.ru's avatar redmitry@list.ru

protect Contacts

parent 6b20af89
......@@ -37,12 +37,8 @@ import java.io.OutputStreamWriter;
import java.io.UnsupportedEncodingException;
import java.io.Writer;
import java.net.URLDecoder;
import java.security.Principal;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.PostConstruct;
import javax.annotation.security.PermitAll;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
......@@ -61,10 +57,6 @@ import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.StreamingOutput;
import org.keycloak.KeycloakPrincipal;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.AccessToken.Access;
/**
* @author Dmitry Repchevsky
......@@ -162,6 +154,46 @@ public class OpenEBenchService {
return Response.ok(privilege, MediaType.APPLICATION_JSON).build();
}
@GET
@Path("/Contact")
@PermitAll
@Produces(MediaType.APPLICATION_JSON)
public Response getContacts(@Context SecurityContext sc) {
StreamingOutput stream = (OutputStream out) -> {
try (Writer writer = new BufferedWriter(new OutputStreamWriter(out, "UTF-8"))) {
dao.getContacts(writer, sc);
} catch(Exception ex) {
Logger.getLogger(OpenEBenchService.class.getName()).log(Level.SEVERE, null, ex);
}
};
return Response.ok(stream, MediaType.APPLICATION_JSON).build();
}
@GET
@Path("/Contact/{id : .*}")
@PermitAll
@Produces(MediaType.APPLICATION_JSON)
public Response getContact(@Context SecurityContext sc,
@PathParam("id")
@Parameter(description = "contact id",
example = "OEBC00200001FO")
@Encoded final String id) {
final String contact = dao.getContact(id, sc);
if (contact == null) {
return Response.status(Status.NOT_FOUND).build();
}
if ("{}".equals(contact)) {
return Response.status(Status.UNAUTHORIZED).build();
}
return Response.ok(contact, MediaType.APPLICATION_JSON).build();
}
@GET
@Path("/{collection}")
@PermitAll
......
......@@ -195,6 +195,60 @@ public class Database {
}
}
public String getContact(final String id, final SecurityContext sc) {
try {
final MongoDatabase mdb = mc.getDatabase(uri.getDatabase());
final MongoCollection<Document> contacts = mdb.getCollection("Contact");
final Document contact = contacts.find(Filters.eq("_id", id)).first();
if (contact != null && checkPrivilegeAccess(contact, sc)) {
return contact.toJson();
}
return "{}";
} catch(Exception ex) {
Logger.getLogger(Database.class.getName()).log(Level.SEVERE, null, ex);
}
return null;
}
public void getContacts(final Writer writer, final SecurityContext sc) {
try {
MongoDatabase mdb = mc.getDatabase(uri.getDatabase());
final MongoCollection<Document> contacts = mdb.getCollection("Contact");
final JsonWriter jwriter = new ReusableJsonWriter(writer);
try {
jwriter.writeStartArray();
final DocumentCodec codec = new DocumentCodec() {
@Override
public void encode(BsonWriter writer,
Document document,
EncoderContext encoderContext) {
super.encode(jwriter, document, encoderContext);
}
};
FindIterable<Document> iter = contacts.find();
try (MongoCursor<Document> cursor = iter.iterator()) {
loop:
while (cursor.hasNext()) {
final Document contact = cursor.next();
if (checkContactAccess(contact, sc)) {
contact.toJson(codec);
}
}
}
} finally {
jwriter.writeEndArray();
jwriter.close();
}
} catch(Exception ex) {
Logger.getLogger(Database.class.getName()).log(Level.SEVERE, null, ex);
}
}
public String getPrivilege(final String id, final SecurityContext sc) {
try {
final MongoDatabase mdb = mc.getDatabase(uri.getDatabase());
......@@ -377,6 +431,15 @@ public class Database {
}
}
private boolean checkContactAccess(final Document contact, final SecurityContext sc) {
if (sc.isUserInRole(Roles.ADMIN)) {
return true;
}
return false;
}
private boolean checkPrivilegeAccess(final Document privilege, final SecurityContext sc) {
if (sc.isUserInRole(Roles.ADMIN)) {
......@@ -440,31 +503,35 @@ public class Database {
final String visibility = dataset.getString("visibility");
if ("public".equals(visibility)) {
return true;
} else {
final List<String> challenge_ids = dataset.get("challenge_ids", List.class);
for (String challenge_id : challenge_ids) {
if (("participant".equals(visibility) &&
sc.isUserInRole(Roles.CONTRIBUTOR + ":" + challenge_id)) ||
sc.isUserInRole(Roles.MANAGER + ":" + challenge_id)) {
return true;
}
final List<String> challenge_ids = dataset.get("challenge_ids", List.class);
for (String challenge_id : challenge_ids) {
if ("participant".equals(visibility) &&
sc.isUserInRole(Roles.CONTRIBUTOR + ":" + challenge_id)) {
return true;
}
if ("challenge".equals(visibility) &&
sc.isUserInRole(Roles.MANAGER + ":" + challenge_id)) {
return true;
}
String community_id = mcommunities.get(challenge_id);
if (community_id == null) {
final Document challenge = challenges.find(Filters.eq("_id", challenge_id)).first();
if (challenge == null) {
continue;
}
String community_id = mcommunities.get(challenge_id);
community_id = getCommunityId(challenge, events);
if (community_id == null) {
final Document challenge = challenges.find(Filters.eq("_id", challenge_id)).first();
if (challenge == null) {
continue;
}
community_id = getCommunityId(challenge, events);
if (community_id == null) {
continue;
}
mcommunities.put(challenge_id, community_id);
}
if (sc.isUserInRole(Roles.OWNER + ":" + community_id)) {
return true;
continue;
}
mcommunities.put(challenge_id, community_id);
}
if (sc.isUserInRole(Roles.OWNER + ":" + community_id)) {
return true;
}
}
return false;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment