diff --git a/src/main/java/com/faendir/acra/service/UserService.java b/src/main/java/com/faendir/acra/service/UserService.java index fcd4515..dfd7763 100644 --- a/src/main/java/com/faendir/acra/service/UserService.java +++ b/src/main/java/com/faendir/acra/service/UserService.java @@ -69,7 +69,7 @@ public class UserService implements Serializable { } @Transactional - @PreAuthorize("hasRole(T(com.faendir.acra.model.User$Role).ADMIN)") + @PreAuthorize("T(com.faendir.acra.security.SecurityUtils).hasRole(T(com.faendir.acra.model.User$Role).ADMIN)") public void createUser(@NonNull String username, @NonNull String password) { if (new JPAQuery<>(entityManager).from(USER).where(USER.username.eq(username)).fetchFirst() != null) { throw new IllegalArgumentException("Username already exists"); @@ -77,6 +77,7 @@ public class UserService implements Serializable { entityManager.persist(new User(username, passwordEncoder.encode(password), Collections.singleton(User.Role.USER))); } + @PreAuthorize("T(com.faendir.acra.security.SecurityUtils).hasRole(T(com.faendir.acra.model.User$Role).ADMIN)") public PlainTextUser createReporterUser() { String username; do { @@ -91,6 +92,7 @@ public class UserService implements Serializable { } @Transactional + @PreAuthorize("authentication.name == #user.username") public boolean changePassword(@NonNull User user, @NonNull String oldPassword, @NonNull String newPassword) { if (checkPassword(user, oldPassword)) { user.setPassword(passwordEncoder.encode(newPassword)); @@ -101,7 +103,7 @@ public class UserService implements Serializable { } @Transactional - @PreAuthorize("hasRole(T(com.faendir.acra.model.User$Role).ADMIN)") + @PreAuthorize("T(com.faendir.acra.security.SecurityUtils).hasRole(T(com.faendir.acra.model.User$Role).ADMIN)") public void setAdmin(@NonNull User user, boolean admin) { if (admin) { user.getRoles().add(User.Role.ADMIN); @@ -112,7 +114,18 @@ public class UserService implements Serializable { } @Transactional - @PreAuthorize("hasRole(T(com.faendir.acra.model.User$Role).ADMIN)") + @PreAuthorize("T(com.faendir.acra.security.SecurityUtils).hasRole(T(com.faendir.acra.model.User$Role).ADMIN)") + public void setApiAccess(@NonNull User user, boolean access) { + if (access) { + user.getRoles().add(User.Role.API); + } else { + user.getRoles().remove(User.Role.API); + } + entityManager.merge(user); + } + + @Transactional + @PreAuthorize("T(com.faendir.acra.security.SecurityUtils).hasRole(T(com.faendir.acra.model.User$Role).ADMIN)") public void setPermission(@NonNull User user, @NonNull App app, @NonNull Permission.Level level) { Optional permission = user.getPermissions().stream().filter(p -> p.getApp().equals(app)).findAny(); if (permission.isPresent()) { @@ -127,9 +140,10 @@ public class UserService implements Serializable { private User getDefaultUser() { return new User(acraConfiguration.getUser().getName(), passwordEncoder.encode(acraConfiguration.getUser().getPassword()), - Arrays.asList(User.Role.USER, User.Role.ADMIN, User.Role.API)); + Arrays.asList(User.Role.USER, User.Role.ADMIN)); } + @PreAuthorize("T(com.faendir.acra.security.SecurityUtils).hasRole(T(com.faendir.acra.model.User$Role).ADMIN)") public QueryDslDataProvider getUserProvider() { return new QueryDslDataProvider<>(new JPAQuery<>(entityManager).from(USER).where(USER.roles.any().eq(User.Role.USER)).select(USER)); } diff --git a/src/main/java/com/faendir/acra/ui/view/user/UserManagerView.java b/src/main/java/com/faendir/acra/ui/view/user/UserManagerView.java index 998a588..005a57a 100644 --- a/src/main/java/com/faendir/acra/ui/view/user/UserManagerView.java +++ b/src/main/java/com/faendir/acra/ui/view/user/UserManagerView.java @@ -81,6 +81,10 @@ public class UserManagerView extends BaseView { userService.setAdmin(user, e.getValue()); userGrid.getDataProvider().refreshAll(); }), new ComponentRenderer(), Messages.ADMIN); + userGrid.addColumn(user -> new MyCheckBox(user.getRoles().contains(User.Role.API), !user.getUsername().equals(SecurityUtils.getUsername()), e -> { + userService.setApiAccess(user, e.getValue()); + userGrid.getDataProvider().refreshAll(); + }), new ComponentRenderer(), Messages.API); for (App app : dataService.findAllApps()) { userGrid.addColumn(user -> { Permission.Level permission = SecurityUtils.getPermission(app, user); diff --git a/src/main/resources/i18n/com/faendir/acra/messages_de.properties b/src/main/resources/i18n/com/faendir/acra/messages_de.properties index b195015..9d2603c 100644 --- a/src/main/resources/i18n/com/faendir/acra/messages_de.properties +++ b/src/main/resources/i18n/com/faendir/acra/messages_de.properties @@ -128,4 +128,5 @@ logout=Logout footer=Acrarium wird entwickelt von F43nd1r. Der Code ist lizensiert unter Apache License v2. blank= login=Login -oneArg={0} \ No newline at end of file +oneArg={0} +api=API-Zugriff \ No newline at end of file diff --git a/src/main/resources/i18n/com/faendir/acra/messages_en.properties b/src/main/resources/i18n/com/faendir/acra/messages_en.properties index 1d366aa..f765a76 100644 --- a/src/main/resources/i18n/com/faendir/acra/messages_en.properties +++ b/src/main/resources/i18n/com/faendir/acra/messages_en.properties @@ -128,4 +128,5 @@ logout=Logout footer=Acrarium is developed by F43nd1r. Code is licensed under Apache License v2. blank= login=Login -oneArg={0} \ No newline at end of file +oneArg={0} +api=API Access \ No newline at end of file