diff options
author | vlad <vlad@driver.xyz> | 2017-07-13 02:27:55 -0700 |
---|---|---|
committer | vlad <vlad@driver.xyz> | 2017-07-13 02:27:55 -0700 |
commit | 93eb4829c0d11959709e18a7b489343550633e83 (patch) | |
tree | 49ced7ef72180cbd29e2a8126684dedbd958a00c /src/main/scala/xyz/driver/pdsuicommon | |
parent | 3d902b5197db861c30325c159dc10cfb211ae209 (diff) | |
download | rest-query-93eb4829c0d11959709e18a7b489343550633e83.tar.gz rest-query-93eb4829c0d11959709e18a7b489343550633e83.tar.bz2 rest-query-93eb4829c0d11959709e18a7b489343550633e83.zip |
Updates for authentication
Diffstat (limited to 'src/main/scala/xyz/driver/pdsuicommon')
3 files changed, 18 insertions, 16 deletions
diff --git a/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala b/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala index 6d78ba9..0438dfc 100644 --- a/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala +++ b/src/main/scala/xyz/driver/pdsuicommon/acl/ACL.scala @@ -142,7 +142,7 @@ object ACL extends PhiLogging { extends BaseACL( label = "criterion", create = Set(CriteriaCurator, TrialAdmin), - read = Set(CriteriaCurator, TrialAdmin), + read = Set(CriteriaCurator, TrialAdmin, RoutesCurator, TreatmentMatchingAdmin, ResearchOncologist), update = Set(CriteriaCurator, TrialAdmin), delete = Set(CriteriaCurator, TrialAdmin) ) @@ -227,28 +227,28 @@ object ACL extends PhiLogging { delete: AclCheck = Forbid) { def isCreateAllow()(implicit requestContext: AuthenticatedRequestContext): Boolean = { - check("create", create)(requestContext.executor.role) + check("create", create)(requestContext.executor.roles) } def isReadAllow()(implicit requestContext: AuthenticatedRequestContext): Boolean = { - check("read", read)(requestContext.executor.role) + check("read", read)(requestContext.executor.roles) } def isUpdateAllow()(implicit requestContext: AuthenticatedRequestContext): Boolean = { - check("update", update)(requestContext.executor.role) + check("update", update)(requestContext.executor.roles) } def isDeleteAllow()(implicit requestContext: AuthenticatedRequestContext): Boolean = { - check("delete", delete)(requestContext.executor.role) + check("delete", delete)(requestContext.executor.roles) } - private def check(action: String, isAllowed: AclCheck)(executorRole: Role): Boolean = { - loggedError( - isAllowed(executorRole), - phi"$executorRole has no access to ${Unsafe(action)} a ${Unsafe(label)}" - ) + private def check(action: String, isAllowed: AclCheck)(executorRoles: Set[Role]): Boolean = { + executorRoles.exists { role => + loggedError( + isAllowed(role), + phi"$role has no access to ${Unsafe(action)} a ${Unsafe(label)}" + ) + } } - } - } diff --git a/src/main/scala/xyz/driver/pdsuicommon/auth/AuthenticatedRequestContext.scala b/src/main/scala/xyz/driver/pdsuicommon/auth/AuthenticatedRequestContext.scala index a1f93cd..912061a 100644 --- a/src/main/scala/xyz/driver/pdsuicommon/auth/AuthenticatedRequestContext.scala +++ b/src/main/scala/xyz/driver/pdsuicommon/auth/AuthenticatedRequestContext.scala @@ -1,9 +1,10 @@ package xyz.driver.pdsuicommon.auth +import xyz.driver.entities.users.UserInfo import xyz.driver.pdsuicommon.logging._ import xyz.driver.pdsuicommon.domain.User -class AuthenticatedRequestContext(val executor: User, override val requestId: RequestId) +class AuthenticatedRequestContext(val executor: User, val driverUser: UserInfo, override val requestId: RequestId) extends AnonymousRequestContext(requestId) { override def equals(that: Any): Boolean = { @@ -22,7 +23,8 @@ class AuthenticatedRequestContext(val executor: User, override val requestId: Re object AuthenticatedRequestContext { - def apply(executor: User) = new AuthenticatedRequestContext(executor, RequestId()) + def apply(executor: User, driverUser: UserInfo) = + new AuthenticatedRequestContext(executor, driverUser, RequestId()) implicit def toPhiString(x: AuthenticatedRequestContext): PhiString = { phi"AuthenticatedRequestContext(executor=${x.executor}, requestId=${x.requestId})" diff --git a/src/main/scala/xyz/driver/pdsuicommon/domain/User.scala b/src/main/scala/xyz/driver/pdsuicommon/domain/User.scala index 8d2d86d..ffc4bf9 100644 --- a/src/main/scala/xyz/driver/pdsuicommon/domain/User.scala +++ b/src/main/scala/xyz/driver/pdsuicommon/domain/User.scala @@ -11,7 +11,7 @@ import xyz.driver.pdsuicommon.utils.Utils case class User(id: StringId[User], email: Email, name: String, - role: Role, + roles: Set[Role], passwordHash: PasswordHash, latestActivity: Option[LocalDateTime], deleted: Option[LocalDateTime]) @@ -74,7 +74,7 @@ object User { implicit def toPhiString(x: User): PhiString = { import x._ - phi"User(id=$id, role=$role)" + phi"User(id=$id, roles=${Unsafe(roles.map(_.toString).mkString(", "))})" } // SecureRandom is thread-safe, see the implementation |