NIHVIVO-2716 Make rootUser a property on UserAccount. When editing the root user, don't show roles.
This commit is contained in:
j2blake
parent
be3851b15e
commit
8b4b66e024
10 changed files with 43 additions and 94 deletions
|
|
@ -24,7 +24,6 @@ import edu.cornell.mannlib.vitro.webapp.beans.Individual;
|
|||
import edu.cornell.mannlib.vitro.webapp.beans.SelfEditingConfiguration;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.IndividualDao;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.UserAccountsDao;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
|
||||
|
||||
/**
|
||||
|
|
@ -73,7 +72,7 @@ public class CommonIdentifierBundleFactory implements IdentifierBundleFactory {
|
|||
private Collection<? extends Identifier> createRootUserIdentifiers(
|
||||
HttpServletRequest req) {
|
||||
UserAccount user = LoginStatusBean.getCurrentUser(req);
|
||||
if (isRootUser(user)) {
|
||||
if ((user != null) && user.isRootUser()) {
|
||||
return Collections.singleton(new IsRootUser());
|
||||
} else {
|
||||
return Collections.emptySet();
|
||||
|
|
@ -143,25 +142,6 @@ public class CommonIdentifierBundleFactory implements IdentifierBundleFactory {
|
|||
return individuals;
|
||||
}
|
||||
|
||||
/**
|
||||
* Is this user a root user?
|
||||
*/
|
||||
private boolean isRootUser(UserAccount user) {
|
||||
if (user == null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
WebappDaoFactory wdf = (WebappDaoFactory) context
|
||||
.getAttribute("webappDaoFactory");
|
||||
if (wdf == null) {
|
||||
log.error("Could not get a WebappDaoFactory from the ServletContext");
|
||||
return false;
|
||||
}
|
||||
|
||||
UserAccountsDao uaDao = wdf.getUserAccountsDao();
|
||||
return uaDao.isRootUser(user);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return this.getClass().getSimpleName() + " - " + hashCode();
|
||||
|
|
|
|||
|
|
@ -9,11 +9,6 @@ import javax.servlet.ServletContextListener;
|
|||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import com.hp.hpl.jena.ontology.OntModel;
|
||||
import com.hp.hpl.jena.rdf.model.Resource;
|
||||
import com.hp.hpl.jena.shared.Lock;
|
||||
import com.hp.hpl.jena.vocabulary.RDF;
|
||||
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.IsRootUser;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
|
||||
|
|
@ -25,9 +20,7 @@ import edu.cornell.mannlib.vitro.webapp.beans.UserAccount.Status;
|
|||
import edu.cornell.mannlib.vitro.webapp.config.ConfigurationProperties;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.UserAccountsDao;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.jena.ModelContext;
|
||||
import edu.cornell.mannlib.vitro.webapp.servlet.setup.AbortStartup;
|
||||
|
||||
/**
|
||||
|
|
@ -73,12 +66,11 @@ public class RootUserPolicy implements PolicyIface {
|
|||
|
||||
try {
|
||||
UserAccountsDao uaDao = getUserAccountsDao(ctx);
|
||||
OntModel userAccountsModel = getUserAccountsModel(ctx);
|
||||
|
||||
checkForWrongRootUser(ctx, uaDao);
|
||||
|
||||
if (!rootUserExists(uaDao)) {
|
||||
createRootUser(ctx, uaDao, userAccountsModel);
|
||||
createRootUser(ctx, uaDao);
|
||||
}
|
||||
|
||||
ServletPolicyList.addPolicy(ctx, new RootUserPolicy());
|
||||
|
|
@ -100,11 +92,6 @@ public class RootUserPolicy implements PolicyIface {
|
|||
return wadf.getUserAccountsDao();
|
||||
}
|
||||
|
||||
private OntModel getUserAccountsModel(ServletContext ctx) {
|
||||
return ModelContext.getBaseOntModelSelector(ctx)
|
||||
.getUserAccountsModel();
|
||||
}
|
||||
|
||||
private void checkForWrongRootUser(ServletContext ctx,
|
||||
UserAccountsDao uaDao) {
|
||||
UserAccount root = getRootUser(uaDao);
|
||||
|
|
@ -128,7 +115,7 @@ public class RootUserPolicy implements PolicyIface {
|
|||
|
||||
private UserAccount getRootUser(UserAccountsDao uaDao) {
|
||||
for (UserAccount ua : uaDao.getAllUserAccounts()) {
|
||||
if (uaDao.isRootUser(ua)) {
|
||||
if (ua.isRootUser()) {
|
||||
return ua;
|
||||
}
|
||||
}
|
||||
|
|
@ -139,8 +126,7 @@ public class RootUserPolicy implements PolicyIface {
|
|||
* TODO The first and last name should be left blank, so the user will
|
||||
* be forced to edit them. However, that's not in place yet.
|
||||
*/
|
||||
private void createRootUser(ServletContext ctx, UserAccountsDao uaDao,
|
||||
OntModel userAccountsModel) {
|
||||
private void createRootUser(ServletContext ctx, UserAccountsDao uaDao) {
|
||||
String emailAddress = ConfigurationProperties.getBean(ctx)
|
||||
.getProperty(PROPERTY_ROOT_USER_EMAIL);
|
||||
if (emailAddress == null) {
|
||||
|
|
@ -170,19 +156,10 @@ public class RootUserPolicy implements PolicyIface {
|
|||
.applyMd5Encoding(ROOT_USER_INITIAL_PASSWORD));
|
||||
ua.setPasswordChangeRequired(true);
|
||||
ua.setStatus(Status.ACTIVE);
|
||||
ua.setRootUser(true);
|
||||
|
||||
uaDao.insertUserAccount(ua);
|
||||
|
||||
userAccountsModel.enterCriticalSection(Lock.WRITE);
|
||||
try {
|
||||
Resource r = userAccountsModel.getResource(ua.getUri());
|
||||
Resource t = userAccountsModel
|
||||
.getResource(VitroVocabulary.USERACCOUNT_ROOT_USER);
|
||||
userAccountsModel.add(r, RDF.type, t);
|
||||
} finally {
|
||||
userAccountsModel.leaveCriticalSection();
|
||||
}
|
||||
|
||||
log.info("Created root user as '" + emailAddress + "'");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -60,6 +60,8 @@ public class UserAccount {
|
|||
/** This may be empty, but should never be null. */
|
||||
private Set<String> permissionSetUris = Collections.emptySet();
|
||||
|
||||
private boolean rootUser = false;
|
||||
|
||||
public String getUri() {
|
||||
return uri;
|
||||
}
|
||||
|
|
@ -172,10 +174,18 @@ public class UserAccount {
|
|||
this.permissionSetUris = new HashSet<String>(permissionSetUris);
|
||||
}
|
||||
|
||||
public boolean isRootUser() {
|
||||
return rootUser;
|
||||
}
|
||||
|
||||
public void setRootUser(boolean rootUser) {
|
||||
this.rootUser = rootUser;
|
||||
}
|
||||
|
||||
private <T> T nonNull(T value, T defaultValue) {
|
||||
return (value == null) ? defaultValue : value;
|
||||
}
|
||||
|
||||
|
||||
private String limitStringLength(int limit, String s) {
|
||||
if (s == null) {
|
||||
return "";
|
||||
|
|
|
|||
|
|
@ -85,7 +85,7 @@ public class UserAccountsEditPage extends UserAccountsPage {
|
|||
externalAuthId = getStringParameter(PARAMETER_EXTERNAL_AUTH_ID, "");
|
||||
firstName = getStringParameter(PARAMETER_FIRST_NAME, "");
|
||||
lastName = getStringParameter(PARAMETER_LAST_NAME, "");
|
||||
selectedRoleUri = isRootUser() ? "" :getStringParameter(PARAMETER_ROLE, "");
|
||||
selectedRoleUri = getStringParameter(PARAMETER_ROLE, "");
|
||||
associateWithProfile = isParameterAsExpected(
|
||||
PARAMETER_ASSOCIATE_WITH_PROFILE, "yes");
|
||||
|
||||
|
|
@ -158,7 +158,7 @@ public class UserAccountsEditPage extends UserAccountsPage {
|
|||
}
|
||||
|
||||
private boolean isRootUser() {
|
||||
return userAccountsDao.isRootUser(userAccount);
|
||||
return ((userAccount != null) && userAccount.isRootUser());
|
||||
}
|
||||
|
||||
public boolean isValid() {
|
||||
|
|
@ -182,11 +182,10 @@ public class UserAccountsEditPage extends UserAccountsPage {
|
|||
body.put("selectedRole", getExistingRoleUri());
|
||||
}
|
||||
|
||||
if (isRootUser()) {
|
||||
body.put("selectedRole", "");
|
||||
if (!isRootUser()) {
|
||||
body.put("roles", buildRolesList());
|
||||
}
|
||||
|
||||
body.put("roles", buildRolesList());
|
||||
if (associateWithProfile) {
|
||||
body.put("associate", Boolean.TRUE);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -159,7 +159,7 @@ public class BasicAuthenticator extends Authenticator {
|
|||
if (role == RoleLevel.EDITOR || role == RoleLevel.CURATOR
|
||||
|| role == RoleLevel.DB_ADMIN) {
|
||||
session.setMaxInactiveInterval(PRIVILEGED_TIMEOUT_INTERVAL);
|
||||
} else if (getUserAccountsDao().isRootUser(userAccount)) {
|
||||
} else if (userAccount.isRootUser()) {
|
||||
session.setMaxInactiveInterval(PRIVILEGED_TIMEOUT_INTERVAL);
|
||||
} else {
|
||||
session.setMaxInactiveInterval(LOGGED_IN_TIMEOUT_INTERVAL);
|
||||
|
|
|
|||
|
|
@ -40,11 +40,6 @@ public interface UserAccountsDao {
|
|||
*/
|
||||
UserAccount getUserAccountByExternalAuthId(String externalAuthId);
|
||||
|
||||
/**
|
||||
* Is this UserAccount a root user?
|
||||
*/
|
||||
boolean isRootUser(UserAccount userAccount);
|
||||
|
||||
/**
|
||||
* Create a new UserAccount in the model.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -47,11 +47,6 @@ public class UserAccountsDaoFiltering extends BaseFiltering implements
|
|||
return innerDao.getUserAccountByExternalAuthId(externalAuthId);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isRootUser(UserAccount userAccount) {
|
||||
return innerDao.isRootUser(userAccount);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String insertUserAccount(UserAccount userAccount) {
|
||||
return innerDao.insertUserAccount(userAccount);
|
||||
|
|
|
|||
|
|
@ -103,6 +103,7 @@ public class UserAccountsDaoJena extends JenaBaseDao implements UserAccountsDao
|
|||
USERACCOUNT_EXTERNAL_AUTH_ID));
|
||||
u.setPermissionSetUris(getPropertyResourceURIValues(r,
|
||||
USERACCOUNT_HAS_PERMISSION_SET));
|
||||
u.setRootUser(isResourceOfType(r, USERACCOUNT_ROOT_USER));
|
||||
return u;
|
||||
} finally {
|
||||
getOntModel().leaveCriticalSection();
|
||||
|
|
@ -157,21 +158,6 @@ public class UserAccountsDaoJena extends JenaBaseDao implements UserAccountsDao
|
|||
return getUserAccountByUri(userUri);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isRootUser(UserAccount userAccount) {
|
||||
if (userAccount == null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
getOntModel().enterCriticalSection(Lock.READ);
|
||||
try {
|
||||
OntResource r = getOntModel().getOntResource(userAccount.getUri());
|
||||
return isResourceOfType(r, USERACCOUNT_ROOT_USER);
|
||||
} finally {
|
||||
getOntModel().leaveCriticalSection();
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public String insertUserAccount(UserAccount userAccount) {
|
||||
if (userAccount == null) {
|
||||
|
|
@ -214,6 +200,10 @@ public class UserAccountsDaoJena extends JenaBaseDao implements UserAccountsDao
|
|||
USERACCOUNT_HAS_PERMISSION_SET,
|
||||
userAccount.getPermissionSetUris(), model);
|
||||
|
||||
if (userAccount.isRootUser()) {
|
||||
model.add(res, RDF.type, USERACCOUNT_ROOT_USER);
|
||||
}
|
||||
|
||||
userAccount.setUri(userUri);
|
||||
return userUri;
|
||||
} catch (InsertException e) {
|
||||
|
|
@ -268,6 +258,13 @@ public class UserAccountsDaoJena extends JenaBaseDao implements UserAccountsDao
|
|||
updatePropertyResourceURIValues(res,
|
||||
USERACCOUNT_HAS_PERMISSION_SET,
|
||||
userAccount.getPermissionSetUris(), model);
|
||||
|
||||
if (userAccount.isRootUser()) {
|
||||
model.add(res, RDF.type, USERACCOUNT_ROOT_USER);
|
||||
} else {
|
||||
model.remove(res, RDF.type, USERACCOUNT_ROOT_USER);
|
||||
}
|
||||
|
||||
} finally {
|
||||
model.leaveCriticalSection();
|
||||
}
|
||||
|
|
@ -367,7 +364,7 @@ public class UserAccountsDaoJena extends JenaBaseDao implements UserAccountsDao
|
|||
throw new InsertException("Could not create URI for individual: "
|
||||
+ errMsg);
|
||||
}
|
||||
|
||||
|
||||
private boolean isUriUsed(String uri) {
|
||||
return (getOntModel().getOntResource(uri) != null);
|
||||
}
|
||||
|
|
@ -385,7 +382,7 @@ public class UserAccountsDaoJena extends JenaBaseDao implements UserAccountsDao
|
|||
if (type == null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
StmtIterator stmts = getOntModel().listStatements(r, RDF.type, type);
|
||||
if (stmts.hasNext()) {
|
||||
stmts.close();
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue