Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
IA2
GMS
Commits
e7c7f84d
Commit
e7c7f84d
authored
Mar 19, 2021
by
Sonia Zorba
Browse files
Audit logging improvements
parent
d2408b1a
Changes
14
Hide whitespace changes
Inline
Side-by-side
gms/src/main/java/it/inaf/ia2/gms/authn/JWTFilter.java
View file @
e7c7f84d
...
@@ -3,6 +3,7 @@ package it.inaf.ia2.gms.authn;
...
@@ -3,6 +3,7 @@ package it.inaf.ia2.gms.authn;
import
it.inaf.ia2.aa.UserManager
;
import
it.inaf.ia2.aa.UserManager
;
import
it.inaf.ia2.aa.data.User
;
import
it.inaf.ia2.aa.data.User
;
import
it.inaf.ia2.gms.persistence.LoggingDAO
;
import
it.inaf.ia2.gms.persistence.LoggingDAO
;
import
it.inaf.ia2.gms.persistence.model.ActionType
;
import
java.io.IOException
;
import
java.io.IOException
;
import
java.security.Principal
;
import
java.security.Principal
;
import
java.util.Map
;
import
java.util.Map
;
...
@@ -55,13 +56,13 @@ public class JWTFilter implements Filter {
...
@@ -55,13 +56,13 @@ public class JWTFilter implements Filter {
Map
<
String
,
Object
>
claims
=
userManager
.
parseIdTokenClaims
(
token
);
Map
<
String
,
Object
>
claims
=
userManager
.
parseIdTokenClaims
(
token
);
if
(
claims
.
get
(
"sub"
)
==
null
)
{
if
(
claims
.
get
(
"sub"
)
==
null
)
{
loggingDAO
.
logAction
(
"Attempt to access
WS
with invalid token"
,
request
);
loggingDAO
.
logAction
(
ActionType
.
UNAUTHORIZED_ACCESS_ATTEMPT
,
"Attempt to access
API
with invalid token"
,
request
);
response
.
sendError
(
HttpServletResponse
.
SC_UNAUTHORIZED
,
"Invalid access token: missing sub claim"
);
response
.
sendError
(
HttpServletResponse
.
SC_UNAUTHORIZED
,
"Invalid access token: missing sub claim"
);
return
;
return
;
}
}
ServletRequestWithJWTPrincipal
wrappedRequest
=
new
ServletRequestWithJWTPrincipal
(
request
,
token
,
claims
);
ServletRequestWithJWTPrincipal
wrappedRequest
=
new
ServletRequestWithJWTPrincipal
(
request
,
token
,
claims
);
loggingDAO
.
logAction
(
"WS
access from "
+
wrappedRequest
.
getUserPrincipal
().
getName
(),
request
);
loggingDAO
.
logAction
(
ActionType
.
UNAUTHORIZED_ACCESS_ATTEMPT
,
"API
access from "
+
wrappedRequest
.
getUserPrincipal
().
getName
(),
request
);
fc
.
doFilter
(
wrappedRequest
,
res
);
fc
.
doFilter
(
wrappedRequest
,
res
);
}
}
...
...
gms/src/main/java/it/inaf/ia2/gms/manager/GroupsManager.java
View file @
e7c7f84d
...
@@ -4,6 +4,7 @@ import it.inaf.ia2.gms.exception.BadRequestException;
...
@@ -4,6 +4,7 @@ import it.inaf.ia2.gms.exception.BadRequestException;
import
it.inaf.ia2.gms.exception.UnauthorizedException
;
import
it.inaf.ia2.gms.exception.UnauthorizedException
;
import
it.inaf.ia2.gms.model.Permission
;
import
it.inaf.ia2.gms.model.Permission
;
import
it.inaf.ia2.gms.persistence.LoggingDAO
;
import
it.inaf.ia2.gms.persistence.LoggingDAO
;
import
it.inaf.ia2.gms.persistence.model.ActionType
;
import
it.inaf.ia2.gms.persistence.model.GroupEntity
;
import
it.inaf.ia2.gms.persistence.model.GroupEntity
;
import
it.inaf.ia2.gms.persistence.model.PermissionEntity
;
import
it.inaf.ia2.gms.persistence.model.PermissionEntity
;
import
it.inaf.ia2.gms.service.GroupsService
;
import
it.inaf.ia2.gms.service.GroupsService
;
...
@@ -84,14 +85,14 @@ public class GroupsManager extends UserAwareComponent {
...
@@ -84,14 +85,14 @@ public class GroupsManager extends UserAwareComponent {
public
void
verifyUserCanReadGroup
(
GroupEntity
group
)
{
public
void
verifyUserCanReadGroup
(
GroupEntity
group
)
{
if
(
permissionsManager
.
getCurrentUserPermission
(
group
)
==
null
)
{
if
(
permissionsManager
.
getCurrentUserPermission
(
group
)
==
null
)
{
loggingDAO
.
logAction
(
"Unauthorized group management request, group_id="
+
group
.
getId
());
loggingDAO
.
logAction
(
ActionType
.
UNAUTHORIZED_ACCESS_ATTEMPT
,
"Unauthorized group management request, group_id="
+
group
.
getId
());
throw
new
UnauthorizedException
(
"Missing permission to see this group"
);
throw
new
UnauthorizedException
(
"Missing permission to see this group"
);
}
}
}
}
private
void
verifyUserCanManageGroup
(
GroupEntity
group
)
{
private
void
verifyUserCanManageGroup
(
GroupEntity
group
)
{
if
(
permissionsManager
.
getCurrentUserPermission
(
group
)
!=
Permission
.
ADMIN
)
{
if
(
permissionsManager
.
getCurrentUserPermission
(
group
)
!=
Permission
.
ADMIN
)
{
loggingDAO
.
logAction
(
"Unauthorized group management request, group_id="
+
group
.
getId
());
loggingDAO
.
logAction
(
ActionType
.
UNAUTHORIZED_ACCESS_ATTEMPT
,
"Unauthorized group management request, group_id="
+
group
.
getId
());
throw
new
UnauthorizedException
(
"Missing admin permission"
);
throw
new
UnauthorizedException
(
"Missing admin permission"
);
}
}
}
}
...
...
gms/src/main/java/it/inaf/ia2/gms/manager/InvitedRegistrationManager.java
View file @
e7c7f84d
...
@@ -14,6 +14,7 @@ import it.inaf.ia2.gms.persistence.model.InvitedRegistration;
...
@@ -14,6 +14,7 @@ import it.inaf.ia2.gms.persistence.model.InvitedRegistration;
import
it.inaf.ia2.gms.persistence.model.MembershipEntity
;
import
it.inaf.ia2.gms.persistence.model.MembershipEntity
;
import
it.inaf.ia2.gms.service.PermissionsService
;
import
it.inaf.ia2.gms.service.PermissionsService
;
import
it.inaf.ia2.gms.authn.RapClient
;
import
it.inaf.ia2.gms.authn.RapClient
;
import
static
it
.
inaf
.
ia2
.
gms
.
persistence
.
model
.
ActionType
.*;
import
java.nio.charset.StandardCharsets
;
import
java.nio.charset.StandardCharsets
;
import
java.security.MessageDigest
;
import
java.security.MessageDigest
;
import
java.security.NoSuchAlgorithmException
;
import
java.security.NoSuchAlgorithmException
;
...
@@ -68,6 +69,7 @@ public class InvitedRegistrationManager extends UserAwareComponent {
...
@@ -68,6 +69,7 @@ public class InvitedRegistrationManager extends UserAwareComponent {
for
(
Map
.
Entry
<
GroupEntity
,
Permission
>
entry
:
groupsPermissions
.
entrySet
())
{
for
(
Map
.
Entry
<
GroupEntity
,
Permission
>
entry
:
groupsPermissions
.
entrySet
())
{
GroupEntity
group
=
entry
.
getKey
();
GroupEntity
group
=
entry
.
getKey
();
if
(
permissionsManager
.
getCurrentUserPermission
(
group
)
!=
Permission
.
ADMIN
)
{
if
(
permissionsManager
.
getCurrentUserPermission
(
group
)
!=
Permission
.
ADMIN
)
{
loggingDAO
.
logAction
(
UNAUTHORIZED_ACCESS_ATTEMPT
,
"Attempt to add invited registration for group "
+
group
.
getId
());
throw
new
UnauthorizedException
(
"You don't have the permission to perform invited registrations"
);
throw
new
UnauthorizedException
(
"You don't have the permission to perform invited registrations"
);
}
}
groupIdsPermissions
.
put
(
group
.
getId
(),
entry
.
getValue
());
groupIdsPermissions
.
put
(
group
.
getId
(),
entry
.
getValue
());
...
@@ -80,6 +82,8 @@ public class InvitedRegistrationManager extends UserAwareComponent {
...
@@ -80,6 +82,8 @@ public class InvitedRegistrationManager extends UserAwareComponent {
.
setGroupsPermissions
(
groupIdsPermissions
);
.
setGroupsPermissions
(
groupIdsPermissions
);
invitedRegistrationDAO
.
addInvitedRegistration
(
invitedRegistration
);
invitedRegistrationDAO
.
addInvitedRegistration
(
invitedRegistration
);
loggingDAO
.
logAction
(
INVITED_REGISTRATION_ADDED
,
"Email="
+
email
);
}
}
public
InvitedRegistration
getInvitedRegistrationFromToken
(
String
token
)
{
public
InvitedRegistration
getInvitedRegistrationFromToken
(
String
token
)
{
...
@@ -94,7 +98,7 @@ public class InvitedRegistrationManager extends UserAwareComponent {
...
@@ -94,7 +98,7 @@ public class InvitedRegistrationManager extends UserAwareComponent {
httpSession
.
setAttribute
(
INVITED_REGISTRATION
,
invitedRegistration
);
httpSession
.
setAttribute
(
INVITED_REGISTRATION
,
invitedRegistration
);
loggingDAO
.
logAction
(
"Started invited registration for email "
+
invitedRegistration
.
getEmail
());
loggingDAO
.
logAction
(
INVITED_REGISTRATION_OPENED
,
"Started invited registration for email "
+
invitedRegistration
.
getEmail
());
return
invitedRegistration
;
return
invitedRegistration
;
}
catch
(
NoSuchAlgorithmException
ex
)
{
}
catch
(
NoSuchAlgorithmException
ex
)
{
...
@@ -144,9 +148,11 @@ public class InvitedRegistrationManager extends UserAwareComponent {
...
@@ -144,9 +148,11 @@ public class InvitedRegistrationManager extends UserAwareComponent {
}
}
private
void
completeInvitedRegistration
(
InvitedRegistration
invitedRegistration
)
{
private
void
completeInvitedRegistration
(
InvitedRegistration
invitedRegistration
)
{
String
userId
=
getCurrentUserId
();
for
(
Map
.
Entry
<
String
,
Permission
>
entry
:
invitedRegistration
.
getGroupsPermissions
().
entrySet
())
{
for
(
Map
.
Entry
<
String
,
Permission
>
entry
:
invitedRegistration
.
getGroupsPermissions
().
entrySet
())
{
String
groupId
=
entry
.
getKey
();
String
groupId
=
entry
.
getKey
();
String
userId
=
getCurrentUserId
();
GroupEntity
groupEntity
=
groupsDAO
.
findGroupById
(
groupId
).
get
();
GroupEntity
groupEntity
=
groupsDAO
.
findGroupById
(
groupId
).
get
();
...
@@ -156,11 +162,14 @@ public class InvitedRegistrationManager extends UserAwareComponent {
...
@@ -156,11 +162,14 @@ public class InvitedRegistrationManager extends UserAwareComponent {
membershipEntity
.
setCreatedBy
(
getCurrentUserId
());
membershipEntity
.
setCreatedBy
(
getCurrentUserId
());
membershipsDAO
.
addMember
(
membershipEntity
);
membershipsDAO
.
addMember
(
membershipEntity
);
permissionsService
.
addPermission
(
groupEntity
,
userId
,
entry
.
getValue
(),
getCurrentU
serId
()
);
permissionsService
.
addPermission
(
groupEntity
,
userId
,
entry
.
getValue
(),
u
serId
);
}
}
invitedRegistration
.
setUserId
(
getCurrentU
serId
()
);
invitedRegistration
.
setUserId
(
u
serId
);
invitedRegistrationDAO
.
setRegistrationDone
(
invitedRegistration
);
invitedRegistrationDAO
.
setRegistrationDone
(
invitedRegistration
);
loggingDAO
.
logAction
(
INVITED_REGISTRATION_COMPLETED
,
"user_id="
+
userId
+
" groups=["
+
String
.
join
(
","
,
invitedRegistration
.
getGroupsPermissions
().
keySet
())
+
"]"
);
}
}
public
List
<
InvitedRegistrationItem
>
getInvitedRegistrationsForGroup
(
GroupEntity
group
)
{
public
List
<
InvitedRegistrationItem
>
getInvitedRegistrationsForGroup
(
GroupEntity
group
)
{
...
@@ -201,7 +210,7 @@ public class InvitedRegistrationManager extends UserAwareComponent {
...
@@ -201,7 +210,7 @@ public class InvitedRegistrationManager extends UserAwareComponent {
invitedRegistrationDAO
.
deleteInvitedRegistrationRequest
(
registrationId
,
groupId
);
invitedRegistrationDAO
.
deleteInvitedRegistrationRequest
(
registrationId
,
groupId
);
loggingDAO
.
logAction
(
"Deleted invited registration request. "
loggingDAO
.
logAction
(
INVITED_REGISTRATION_DELETED
,
"Deleted invited registration request. "
+
"[request_id="
+
registrationId
+
", group_id="
+
groupId
+
"[request_id="
+
registrationId
+
", group_id="
+
groupId
+
", group_name="
+
group
.
getName
()
+
"]"
);
+
", group_name="
+
group
.
getName
()
+
"]"
);
}
}
...
...
gms/src/main/java/it/inaf/ia2/gms/manager/MembershipManager.java
View file @
e7c7f84d
...
@@ -10,6 +10,7 @@ import it.inaf.ia2.gms.persistence.model.MembershipEntity;
...
@@ -10,6 +10,7 @@ import it.inaf.ia2.gms.persistence.model.MembershipEntity;
import
it.inaf.ia2.gms.persistence.model.PermissionEntity
;
import
it.inaf.ia2.gms.persistence.model.PermissionEntity
;
import
it.inaf.ia2.gms.service.PermissionUtils
;
import
it.inaf.ia2.gms.service.PermissionUtils
;
import
it.inaf.ia2.gms.authn.RapClient
;
import
it.inaf.ia2.gms.authn.RapClient
;
import
static
it
.
inaf
.
ia2
.
gms
.
persistence
.
model
.
ActionType
.*;
import
it.inaf.ia2.rap.data.RapUser
;
import
it.inaf.ia2.rap.data.RapUser
;
import
java.util.HashSet
;
import
java.util.HashSet
;
import
java.util.List
;
import
java.util.List
;
...
@@ -49,6 +50,7 @@ public class MembershipManager extends UserAwareComponent {
...
@@ -49,6 +50,7 @@ public class MembershipManager extends UserAwareComponent {
Permission
groupPermission
=
permissionsManager
.
getCurrentUserPermission
(
group
);
Permission
groupPermission
=
permissionsManager
.
getCurrentUserPermission
(
group
);
if
(!
Permission
.
includes
(
groupPermission
,
Permission
.
VIEW_MEMBERS
))
{
if
(!
Permission
.
includes
(
groupPermission
,
Permission
.
VIEW_MEMBERS
))
{
loggingDAO
.
logAction
(
UNAUTHORIZED_ACCESS_ATTEMPT
,
"Attempted to view members of group "
+
group
.
getId
());
throw
new
UnauthorizedException
(
"You don't have the permission to view members"
);
throw
new
UnauthorizedException
(
"You don't have the permission to view members"
);
}
}
...
@@ -86,7 +88,7 @@ public class MembershipManager extends UserAwareComponent {
...
@@ -86,7 +88,7 @@ public class MembershipManager extends UserAwareComponent {
membership
.
setCreatedBy
(
getCurrentUserId
());
membership
.
setCreatedBy
(
getCurrentUserId
());
membership
=
membershipsDAO
.
addMember
(
membership
);
membership
=
membershipsDAO
.
addMember
(
membership
);
loggingDAO
.
logAction
(
"Added member, group_id="
+
group
.
getId
()
+
", user_id="
+
userId
);
loggingDAO
.
logAction
(
MEMBER_ADDED
,
"Added member, group_id="
+
group
.
getId
()
+
", user_id="
+
userId
);
return
membership
;
return
membership
;
}
}
...
@@ -94,12 +96,13 @@ public class MembershipManager extends UserAwareComponent {
...
@@ -94,12 +96,13 @@ public class MembershipManager extends UserAwareComponent {
public
void
removeMember
(
GroupEntity
group
,
String
userId
)
{
public
void
removeMember
(
GroupEntity
group
,
String
userId
)
{
verifyUserCanManageMembers
(
group
);
verifyUserCanManageMembers
(
group
);
membershipsDAO
.
removeMembership
(
group
.
getId
(),
userId
);
membershipsDAO
.
removeMembership
(
group
.
getId
(),
userId
);
loggingDAO
.
logAction
(
"Member removed, group_id="
+
group
.
getId
()
+
", user_id="
+
userId
);
loggingDAO
.
logAction
(
MEMBER_REMOVED
,
"Member removed, group_id="
+
group
.
getId
()
+
", user_id="
+
userId
);
}
}
private
Permission
verifyUserCanManageMembers
(
GroupEntity
group
)
{
private
Permission
verifyUserCanManageMembers
(
GroupEntity
group
)
{
Permission
permission
=
permissionsManager
.
getCurrentUserPermission
(
group
);
Permission
permission
=
permissionsManager
.
getCurrentUserPermission
(
group
);
if
(!
Permission
.
includes
(
permission
,
Permission
.
MANAGE_MEMBERS
))
{
if
(!
Permission
.
includes
(
permission
,
Permission
.
MANAGE_MEMBERS
))
{
loggingDAO
.
logAction
(
UNAUTHORIZED_ACCESS_ATTEMPT
,
"Attempted to manage members of group "
+
group
.
getId
());
throw
new
UnauthorizedException
(
"Missing manage members permissions"
);
throw
new
UnauthorizedException
(
"Missing manage members permissions"
);
}
}
return
permission
;
return
permission
;
...
...
gms/src/main/java/it/inaf/ia2/gms/manager/PermissionsManager.java
View file @
e7c7f84d
...
@@ -9,6 +9,7 @@ import it.inaf.ia2.gms.persistence.model.PermissionEntity;
...
@@ -9,6 +9,7 @@ import it.inaf.ia2.gms.persistence.model.PermissionEntity;
import
it.inaf.ia2.gms.service.PermissionUtils
;
import
it.inaf.ia2.gms.service.PermissionUtils
;
import
it.inaf.ia2.gms.service.PermissionsService
;
import
it.inaf.ia2.gms.service.PermissionsService
;
import
it.inaf.ia2.gms.authn.RapClient
;
import
it.inaf.ia2.gms.authn.RapClient
;
import
it.inaf.ia2.gms.persistence.model.ActionType
;
import
it.inaf.ia2.rap.data.RapUser
;
import
it.inaf.ia2.rap.data.RapUser
;
import
java.util.ArrayList
;
import
java.util.ArrayList
;
import
java.util.List
;
import
java.util.List
;
...
@@ -144,7 +145,7 @@ public class PermissionsManager extends UserAwareComponent {
...
@@ -144,7 +145,7 @@ public class PermissionsManager extends UserAwareComponent {
}
}
private
Supplier
<
UnauthorizedException
>
unauthorizedExceptionSupplier
(
GroupEntity
group
)
{
private
Supplier
<
UnauthorizedException
>
unauthorizedExceptionSupplier
(
GroupEntity
group
)
{
loggingDAO
.
logAction
(
"Unauthorized attempt to manage permissions [group_id="
+
group
.
getId
()
+
"]"
);
loggingDAO
.
logAction
(
ActionType
.
UNAUTHORIZED_ACCESS_ATTEMPT
,
"Unauthorized attempt to manage permissions [group_id="
+
group
.
getId
()
+
"]"
);
return
()
->
new
UnauthorizedException
(
"You don't have the privileges for managing the requested permission"
);
return
()
->
new
UnauthorizedException
(
"You don't have the privileges for managing the requested permission"
);
}
}
...
...
gms/src/main/java/it/inaf/ia2/gms/persistence/LoggingDAO.java
View file @
e7c7f84d
package
it.inaf.ia2.gms.persistence
;
package
it.inaf.ia2.gms.persistence
;
import
it.inaf.ia2.gms.persistence.model.ActionType
;
import
java.io.PrintWriter
;
import
java.io.PrintWriter
;
import
java.io.StringWriter
;
import
java.io.StringWriter
;
import
java.sql.PreparedStatement
;
import
java.sql.PreparedStatement
;
...
@@ -52,19 +53,20 @@ public class LoggingDAO {
...
@@ -52,19 +53,20 @@ public class LoggingDAO {
return
sw
.
toString
();
return
sw
.
toString
();
}
}
public
void
logAction
(
String
action
)
{
public
void
logAction
(
ActionType
type
,
String
action
)
{
logAction
(
action
,
request
);
logAction
(
type
,
action
,
request
);
}
}
public
void
logAction
(
String
ac
tion
,
HttpServletRequest
request
)
{
public
void
logAction
(
ActionType
type
,
String
descrip
tion
,
HttpServletRequest
request
)
{
try
{
try
{
String
sql
=
"INSERT INTO audit_log (\"user\", action, ip_address) VALUES (?, ?, ?)"
;
String
sql
=
"INSERT INTO audit_log (\"user\", action
_type, description
, ip_address) VALUES (?, ?,
?,
?)"
;
jdbcTemplate
.
update
(
conn
->
{
jdbcTemplate
.
update
(
conn
->
{
PreparedStatement
ps
=
conn
.
prepareStatement
(
sql
);
PreparedStatement
ps
=
conn
.
prepareStatement
(
sql
);
int
i
=
0
;
int
i
=
0
;
ps
.
setString
(++
i
,
getUser
(
request
));
ps
.
setString
(++
i
,
getUser
(
request
));
ps
.
setString
(++
i
,
action
);
ps
.
setString
(++
i
,
type
.
toString
());
ps
.
setString
(++
i
,
description
);
ps
.
setString
(++
i
,
getIPAddress
(
request
));
ps
.
setString
(++
i
,
getIPAddress
(
request
));
return
ps
;
return
ps
;
});
});
...
...
gms/src/main/java/it/inaf/ia2/gms/persistence/model/ActionType.java
0 → 100644
View file @
e7c7f84d
package
it.inaf.ia2.gms.persistence.model
;
public
enum
ActionType
{
GROUP_CREATED
,
GROUP_DELETED
,
GROUP_UPDATED
,
MEMBER_ADDED
,
MEMBER_REMOVED
,
PERMISSION_ADDED
,
PERMISSION_UPDATED
,
PERMISSION_REMOVED
,
JOIN
,
INVITED_REGISTRATION_ADDED
,
INVITED_REGISTRATION_OPENED
,
INVITED_REGISTRATION_DELETED
,
INVITED_REGISTRATION_COMPLETED
,
UNAUTHORIZED_ACCESS_ATTEMPT
}
gms/src/main/java/it/inaf/ia2/gms/service/GroupsService.java
View file @
e7c7f84d
...
@@ -10,6 +10,7 @@ import it.inaf.ia2.gms.persistence.InvitedRegistrationDAO;
...
@@ -10,6 +10,7 @@ import it.inaf.ia2.gms.persistence.InvitedRegistrationDAO;
import
it.inaf.ia2.gms.persistence.LoggingDAO
;
import
it.inaf.ia2.gms.persistence.LoggingDAO
;
import
it.inaf.ia2.gms.persistence.MembershipsDAO
;
import
it.inaf.ia2.gms.persistence.MembershipsDAO
;
import
it.inaf.ia2.gms.persistence.PermissionsDAO
;
import
it.inaf.ia2.gms.persistence.PermissionsDAO
;
import
static
it
.
inaf
.
ia2
.
gms
.
persistence
.
model
.
ActionType
.*;
import
it.inaf.ia2.gms.persistence.model.GroupEntity
;
import
it.inaf.ia2.gms.persistence.model.GroupEntity
;
import
java.util.Date
;
import
java.util.Date
;
import
java.util.List
;
import
java.util.List
;
...
@@ -74,7 +75,7 @@ public class GroupsService {
...
@@ -74,7 +75,7 @@ public class GroupsService {
group
.
setCreationTime
(
new
Date
());
group
.
setCreationTime
(
new
Date
());
groupsDAO
.
createGroup
(
group
);
groupsDAO
.
createGroup
(
group
);
loggingDAO
.
logAction
(
"Added group: parent_path="
+
parent
.
getPath
()
+
", group_name="
+
groupName
);
loggingDAO
.
logAction
(
GROUP_CREATED
,
"Added group: parent_path="
+
parent
.
getPath
()
+
", group_name="
+
groupName
);
return
group
;
return
group
;
}
}
...
@@ -90,7 +91,7 @@ public class GroupsService {
...
@@ -90,7 +91,7 @@ public class GroupsService {
group
.
setLeaf
(
leaf
);
group
.
setLeaf
(
leaf
);
GroupEntity
entity
=
groupsDAO
.
updateGroup
(
group
);
GroupEntity
entity
=
groupsDAO
.
updateGroup
(
group
);
loggingDAO
.
logAction
(
"Group updated, group_id="
+
group
.
getId
()
loggingDAO
.
logAction
(
GROUP_UPDATED
,
"Group updated, group_id="
+
group
.
getId
()
+
", new name: "
+
newGroupName
+
", leaf: "
+
leaf
);
+
", new name: "
+
newGroupName
+
", leaf: "
+
leaf
);
return
entity
;
return
entity
;
...
@@ -124,7 +125,7 @@ public class GroupsService {
...
@@ -124,7 +125,7 @@ public class GroupsService {
groupsDAO
.
deleteGroup
(
g
);
groupsDAO
.
deleteGroup
(
g
);
}
}
loggingDAO
.
logAction
(
"Group deleted [group_id="
+
group
.
getId
()
+
", group_name="
+
group
.
getName
()
+
"]"
);
loggingDAO
.
logAction
(
GROUP_DELETED
,
"Group deleted [group_id="
+
group
.
getId
()
+
", group_name="
+
group
.
getName
()
+
"]"
);
return
parent
;
return
parent
;
}
}
...
...
gms/src/main/java/it/inaf/ia2/gms/service/JoinService.java
View file @
e7c7f84d
...
@@ -2,11 +2,14 @@ package it.inaf.ia2.gms.service;
...
@@ -2,11 +2,14 @@ package it.inaf.ia2.gms.service;
import
it.inaf.ia2.gms.model.Permission
;
import
it.inaf.ia2.gms.model.Permission
;
import
it.inaf.ia2.gms.persistence.JoinDAO
;
import
it.inaf.ia2.gms.persistence.JoinDAO
;
import
it.inaf.ia2.gms.persistence.LoggingDAO
;
import
it.inaf.ia2.gms.persistence.MembershipsDAO
;
import
it.inaf.ia2.gms.persistence.MembershipsDAO
;
import
it.inaf.ia2.gms.persistence.PermissionsDAO
;
import
it.inaf.ia2.gms.persistence.PermissionsDAO
;
import
it.inaf.ia2.gms.persistence.model.ActionType
;
import
it.inaf.ia2.gms.persistence.model.GroupEntity
;
import
it.inaf.ia2.gms.persistence.model.GroupEntity
;
import
it.inaf.ia2.gms.persistence.model.MembershipEntity
;
import
it.inaf.ia2.gms.persistence.model.MembershipEntity
;
import
it.inaf.ia2.gms.persistence.model.PermissionEntity
;
import
it.inaf.ia2.gms.persistence.model.PermissionEntity
;
import
java.util.ArrayList
;
import
java.util.List
;
import
java.util.List
;
import
java.util.Set
;
import
java.util.Set
;
import
java.util.stream.Collectors
;
import
java.util.stream.Collectors
;
...
@@ -25,6 +28,9 @@ public class JoinService {
...
@@ -25,6 +28,9 @@ public class JoinService {
@Autowired
@Autowired
private
JoinDAO
joinDAO
;
private
JoinDAO
joinDAO
;
@Autowired
private
LoggingDAO
loggingDAO
;
public
String
join
(
String
userId1
,
String
userId2
)
{
public
String
join
(
String
userId1
,
String
userId2
)
{
List
<
GroupEntity
>
user1Groups
=
membershipsDAO
.
getUserMemberships
(
userId1
);
List
<
GroupEntity
>
user1Groups
=
membershipsDAO
.
getUserMemberships
(
userId1
);
...
@@ -61,9 +67,22 @@ public class JoinService {
...
@@ -61,9 +67,22 @@ public class JoinService {
joinDAO
.
join
(
membershipsToAdd
,
permissionsToAdd
,
deletingUserId
);
joinDAO
.
join
(
membershipsToAdd
,
permissionsToAdd
,
deletingUserId
);
loggingDAO
.
logAction
(
ActionType
.
JOIN
,
"removed_user="
+
deletingUserId
+
" added_memberships: "
+
String
.
join
(
", "
,
getAddedGroups
(
membershipsToAdd
))
+
" added_permissions: "
+
String
.
join
(
", "
,
getAddedPermissions
(
permissionsToAdd
))
);
return
remainingUserId
;
return
remainingUserId
;
}
}
private
List
<
String
>
getAddedGroups
(
Set
<
MembershipEntity
>
membershipsToAdd
)
{
return
membershipsToAdd
.
stream
().
map
(
m
->
m
.
getGroupId
()).
collect
(
Collectors
.
toList
());
}
private
List
<
String
>
getAddedPermissions
(
Set
<
PermissionEntity
>
permissionsToAdd
)
{
return
permissionsToAdd
.
stream
().
map
(
m
->
"("
+
m
.
getGroupId
()
+
","
+
m
.
getPermission
()
+
")"
).
collect
(
Collectors
.
toList
());
}
private
MembershipEntity
getMembershipEntity
(
String
groupId
,
String
userId
)
{
private
MembershipEntity
getMembershipEntity
(
String
groupId
,
String
userId
)
{
MembershipEntity
entity
=
new
MembershipEntity
();
MembershipEntity
entity
=
new
MembershipEntity
();
entity
.
setGroupId
(
groupId
);
entity
.
setGroupId
(
groupId
);
...
...
gms/src/main/java/it/inaf/ia2/gms/service/PermissionsService.java
View file @
e7c7f84d
...
@@ -4,6 +4,7 @@ import it.inaf.ia2.gms.model.Permission;
...
@@ -4,6 +4,7 @@ import it.inaf.ia2.gms.model.Permission;
import
it.inaf.ia2.gms.persistence.LoggingDAO
;
import
it.inaf.ia2.gms.persistence.LoggingDAO
;
import
it.inaf.ia2.gms.persistence.model.PermissionEntity
;
import
it.inaf.ia2.gms.persistence.model.PermissionEntity
;
import
it.inaf.ia2.gms.persistence.PermissionsDAO
;
import
it.inaf.ia2.gms.persistence.PermissionsDAO
;
import
static
it
.
inaf
.
ia2
.
gms
.
persistence
.
model
.
ActionType
.*;
import
it.inaf.ia2.gms.persistence.model.GroupEntity
;
import
it.inaf.ia2.gms.persistence.model.GroupEntity
;
import
java.util.List
;
import
java.util.List
;
import
java.util.Optional
;
import
java.util.Optional
;
...
@@ -36,7 +37,7 @@ public class PermissionsService {
...
@@ -36,7 +37,7 @@ public class PermissionsService {
public
void
removePermission
(
GroupEntity
group
,
String
userId
)
{
public
void
removePermission
(
GroupEntity
group
,
String
userId
)
{
permissionsDAO
.
deletePermission
(
group
.
getId
(),
userId
);
permissionsDAO
.
deletePermission
(
group
.
getId
(),
userId
);
loggingDAO
.
logAction
(
"Removed permission for "
+
userId
+
"in group "
+
group
.
getId
());
loggingDAO
.
logAction
(
PERMISSION_REMOVED
,
"Removed permission for "
+
userId
+
"
in group "
+
group
.
getId
());
}
}
public
PermissionEntity
addPermission
(
GroupEntity
group
,
String
userId
,
Permission
permission
,
String
setBy
)
{
public
PermissionEntity
addPermission
(
GroupEntity
group
,
String
userId
,
Permission
permission
,
String
setBy
)
{
...
@@ -62,7 +63,7 @@ public class PermissionsService {
...
@@ -62,7 +63,7 @@ public class PermissionsService {
}
}
permissionEntity
=
permissionsDAO
.
createOrUpdatePermission
(
permissionEntity
);
permissionEntity
=
permissionsDAO
.
createOrUpdatePermission
(
permissionEntity
);
loggingDAO
.
logAction
(
"Added "
+
permission
+
" permission for "
+
userId
+
"in group "
+
group
.
getId
());
loggingDAO
.
logAction
(
PERMISSION_ADDED
,
"Added "
+
permission
+
" permission for "
+
userId
+
"
in group "
+
group
.
getId
());
return
permissionEntity
;
return
permissionEntity
;
}
}
...
@@ -76,7 +77,10 @@ public class PermissionsService {
...
@@ -76,7 +77,10 @@ public class PermissionsService {
permissionEntity
.
setGroupPath
(
group
.
getPath
());
permissionEntity
.
setGroupPath
(
group
.
getPath
());
permissionEntity
.
setSetBy
(
setBy
);
permissionEntity
.
setSetBy
(
setBy
);
return
permissionsDAO
.
createOrUpdatePermission
(
permissionEntity
);
permissionEntity
=
permissionsDAO
.
createOrUpdatePermission
(
permissionEntity
);
loggingDAO
.
logAction
(
PERMISSION_ADDED
,
"Added "
+
permission
+
" permission for "
+
userId
+
" in group "
+
group
.
getId
());
return
permissionEntity
;
}
}
public
PermissionEntity
updatePermission
(
GroupEntity
group
,
String
userId
,
Permission
permission
,
String
setBy
)
{
public
PermissionEntity
updatePermission
(
GroupEntity
group
,
String
userId
,
Permission
permission
,
String
setBy
)
{
...
@@ -87,6 +91,9 @@ public class PermissionsService {
...
@@ -87,6 +91,9 @@ public class PermissionsService {
permissionEntity
.
setSetBy
(
setBy
);
permissionEntity
.
setSetBy
(
setBy
);
permissionEntity
.
setPermission
(
permission
);
permissionEntity
.
setPermission
(
permission
);
return
permissionsDAO
.
updatePermission
(
permissionEntity
);
permissionEntity
=
permissionsDAO
.
updatePermission
(
permissionEntity
);
loggingDAO
.
logAction
(
PERMISSION_UPDATED
,
"Updated permission for "
+
userId
+
" in group "
+
group
.
getId
()
+
" to "
+
permission
);
return
permissionEntity
;
}
}
}
}
gms/src/main/resources/sql/init.sql
View file @
e7c7f84d
...
@@ -48,7 +48,8 @@ CREATE TABLE audit_log (
...
@@ -48,7 +48,8 @@ CREATE TABLE audit_log (
"date"
timestamp
DEFAULT
NOW
(),
"date"
timestamp
DEFAULT
NOW
(),
"user"
varchar
,
"user"
varchar
,
"ip_address"
varchar
,
"ip_address"
varchar
,
"action"
TEXT
"action_type"
varchar
,
"description"
TEXT
);
);
CREATE
TABLE
invited_registration_request
(
CREATE
TABLE
invited_registration_request
(
...
...
gms/src/main/resources/sql/upgrade.sql
View file @
e7c7f84d
...
@@ -5,3 +5,7 @@ ALTER TABLE gms_membership ADD COLUMN creation_time timestamp DEFAULT NOW();
...
@@ -5,3 +5,7 @@ ALTER TABLE gms_membership ADD COLUMN creation_time timestamp DEFAULT NOW();
ALTER
TABLE
gms_membership
ADD
COLUMN
created_by
varchar
;
ALTER
TABLE
gms_membership
ADD
COLUMN
created_by
varchar
;
ALTER
TABLE
gms_permission
ADD
COLUMN
update_time
timestamp
DEFAULT
NOW
();
ALTER
TABLE
gms_permission
ADD
COLUMN
update_time
timestamp
DEFAULT
NOW
();
ALTER
TABLE
gms_permission
ADD
COLUMN
set_by
varchar
;
ALTER
TABLE
gms_permission
ADD
COLUMN
set_by
varchar
;
--- 2021-03-19
ALTER
TABLE
audit_log
ADD
COLUMN
action_type
varchar
;
ALTER
TABLE
audit_log
RENAME
COLUMN
action
TO
description
;
gms/src/test/java/it/inaf/ia2/gms/persistence/LoggingDAOTest.java
0 → 100644
View file @
e7c7f84d
package
it.inaf.ia2.gms.persistence
;
import
it.inaf.ia2.gms.DataSourceConfig
;
import
it.inaf.ia2.gms.persistence.model.ActionType
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.sql.DataSource
;
import
org.junit.Before
;