Merge pull request #54 from dnlkoch/add-permission-controller

Add endpoints to read, create, update and delete entity permissions

shogun-boot/src/main/resources/db/migration/V0.12.0__rename_permissions_column.sql

@@ -0,0 +1,13 @@
+ALTER TABLE IF EXISTS shogun.userinstancepermissions RENAME COLUMN permissions_id TO permission_id;
+ALTER TABLE IF EXISTS shogun.userclasspermissions RENAME COLUMN permissions_id TO permission_id;
+ALTER TABLE IF EXISTS shogun.groupinstancepermissions RENAME COLUMN permissions_id TO permission_id;
+ALTER TABLE IF EXISTS shogun.groupclasspermissions RENAME COLUMN permissions_id TO permission_id;
+
+ALTER TABLE IF EXISTS shogun_rev.userinstancepermissions_rev RENAME COLUMN permissions_id TO permission_id;
+ALTER TABLE IF EXISTS shogun_rev.userclasspermissions_rev RENAME COLUMN permissions_id TO permission_id;
+ALTER TABLE IF EXISTS shogun_rev.groupinstancepermissions_rev RENAME COLUMN permissions_id TO permission_id;
+ALTER TABLE IF EXISTS shogun_rev.groupclasspermissions_rev RENAME COLUMN permissions_id TO permission_id;
+ALTER TABLE IF EXISTS shogun_rev.userinstancepermissions_rev RENAME COLUMN permissions_mod TO permission_mod;
+ALTER TABLE IF EXISTS shogun_rev.userclasspermissions_rev RENAME COLUMN permissions_mod TO permission_mod;
+ALTER TABLE IF EXISTS shogun_rev.groupinstancepermissions_rev RENAME COLUMN permissions_mod TO permission_mod;
+ALTER TABLE IF EXISTS shogun_rev.groupclasspermissions_rev RENAME COLUMN permissions_mod TO permission_mod;

shogun-boot/src/test/java/de/terrestris/shogun/boot/architecture/DependencyRulesTest.java

@@ -16,20 +16,22 @@
  */
 package de.terrestris.shogun.boot.architecture;
 
+import com.tngtech.archunit.base.DescribedPredicate;
 import com.tngtech.archunit.core.importer.ImportOption;
 import com.tngtech.archunit.junit.AnalyzeClasses;
 import com.tngtech.archunit.junit.ArchTest;
 import com.tngtech.archunit.lang.ArchRule;
 import de.terrestris.shogun.lib.security.access.entity.EntityPermissionEvaluator;
 import de.terrestris.shogun.lib.service.security.provider.GroupProviderService;
 import de.terrestris.shogun.lib.service.security.provider.UserProviderService;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Component;
 import org.springframework.stereotype.Controller;
 import org.springframework.stereotype.Repository;
 import org.springframework.stereotype.Service;
 import org.springframework.web.bind.annotation.RestController;
 
-import static com.tngtech.archunit.lang.syntax.ArchRuleDefinition.noClasses;
+import static com.tngtech.archunit.lang.syntax.ArchRuleDefinition.*;
 
 @AnalyzeClasses(packages = "de.terrestris", importOptions = { ImportOption.DoNotIncludeTests.class })
 public class DependencyRulesTest {
@@ -93,6 +95,13 @@ public class DependencyRulesTest {
             .and().doNotHaveFullyQualifiedName("de.terrestris.shogun.lib.security.access.entity.BaseEntityPermissionEvaluator")
             .should().dependOnClassesThat().areAnnotatedWith(Service.class);
 
+    @ArchTest
+    static final ArchRule permission_evaluators_should_not_access_secured_services =
+        noClasses()
+            .that().implement(EntityPermissionEvaluator.class)
+            .should().accessClassesThat().areAnnotatedWith(PreAuthorize.class)
+            .orShould().accessClassesThat().haveSimpleNameEndingWith("Secured");
+
     @ArchTest
     static final ArchRule group_provider_services_should_not_access_services =
         noClasses()

shogun-boot/src/test/java/de/terrestris/shogun/boot/architecture/NamingConventionsTest.java

@@ -35,7 +35,8 @@ public class NamingConventionsTest {
     static final ArchRule services_should_be_named_correctly =
         classes()
             .that().areAnnotatedWith(Service.class)
-            .should().haveSimpleNameEndingWith("Service");
+            // allow names such as UserInstancePermissionServiceSecured
+            .should().haveSimpleNameContaining("Service");
 
     @ArchTest
     static final ArchRule controllers_should_be_named_correctly =

shogun-lib/src/main/java/de/terrestris/shogun/lib/controller/BaseController.java

@@ -16,9 +16,15 @@
  */
 package de.terrestris.shogun.lib.controller;
 
+import de.terrestris.shogun.lib.controller.security.permission.BasePermissionController;
 import de.terrestris.shogun.lib.model.BaseEntity;
 import de.terrestris.shogun.lib.service.BaseService;
 import lombok.extern.log4j.Log4j2;
+
+import java.time.OffsetDateTime;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.MessageSource;
 import org.springframework.context.i18n.LocaleContextHolder;
@@ -31,14 +37,8 @@
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.server.ResponseStatusException;
 
-import java.time.OffsetDateTime;
-import java.util.List;
-import java.util.Map;
-import java.util.Optional;
-
-// TODO Specify and type extension of BaseService
 @Log4j2
-public abstract class BaseController<T extends BaseService<?, S>, S extends BaseEntity> {
+public abstract class BaseController<T extends BaseService<?, S>, S extends BaseEntity> extends BasePermissionController<T, S> {
 
     @Autowired
     protected T service;

shogun-lib/src/main/java/de/terrestris/shogun/lib/controller/BaseFileController.java

@@ -16,6 +16,7 @@
  */
 package de.terrestris.shogun.lib.controller;
 
+import de.terrestris.shogun.lib.controller.security.permission.BasePermissionController;
 import de.terrestris.shogun.lib.model.File;
 import de.terrestris.shogun.lib.service.BaseFileService;
 import lombok.extern.log4j.Log4j2;
@@ -35,7 +36,7 @@
 import java.util.UUID;
 
 @Log4j2
-public abstract class BaseFileController<T extends BaseFileService<?, S>, S extends File> {
+public abstract class BaseFileController<T extends BaseFileService<?, S>, S extends File> extends BasePermissionController<T, S> {
 
     @Value("${upload.basePath}")
     protected String uploadBasePath;