diff --git a/src/main/java/com/commafeed/backend/dao/GenericDAO.java b/src/main/java/com/commafeed/backend/dao/GenericDAO.java index e36db677..b02fa449 100644 --- a/src/main/java/com/commafeed/backend/dao/GenericDAO.java +++ b/src/main/java/com/commafeed/backend/dao/GenericDAO.java @@ -78,6 +78,20 @@ public abstract class GenericDAO implements Serializable { return criteria.getResultList(); } + public List findAll(int startIndex, int count, String orderBy, + boolean asc) { + EasyCriteria criteria = EasyCriteriaFactory.createQueryCriteria(em, + getType()); + criteria.setMaxResults(count); + criteria.setFirstResult(startIndex); + if (asc) { + criteria.orderByAsc(orderBy); + } else { + criteria.orderByDesc(orderBy); + } + return criteria.getResultList(); + } + public long getCount() { CriteriaBuilder builder = em.getCriteriaBuilder(); CriteriaQuery query = builder.createQuery(Long.class); diff --git a/src/main/java/com/commafeed/backend/dao/UserRoleService.java b/src/main/java/com/commafeed/backend/dao/UserRoleService.java index c7fa13a7..837090d2 100644 --- a/src/main/java/com/commafeed/backend/dao/UserRoleService.java +++ b/src/main/java/com/commafeed/backend/dao/UserRoleService.java @@ -1,20 +1,20 @@ package com.commafeed.backend.dao; -import java.util.List; +import java.util.Set; import javax.ejb.Stateless; import com.commafeed.backend.model.User; import com.commafeed.backend.model.UserRole; import com.commafeed.frontend.utils.ModelFactory.MF; -import com.google.common.collect.Lists; +import com.google.common.collect.Sets; @SuppressWarnings("serial") @Stateless public class UserRoleService extends GenericDAO { - public List getRoles(User user) { - List list = Lists.newArrayList(); + public Set getRoles(User user) { + Set list = Sets.newHashSet(); for (UserRole role : findByField(MF.i(proxy().getUser()), user)) { list.add(role.getRole()); } diff --git a/src/main/java/com/commafeed/backend/dao/UserService.java b/src/main/java/com/commafeed/backend/dao/UserService.java index 1e14eafb..20aad70f 100644 --- a/src/main/java/com/commafeed/backend/dao/UserService.java +++ b/src/main/java/com/commafeed/backend/dao/UserService.java @@ -20,7 +20,7 @@ public class UserService extends GenericDAO { public User login(String name, String password) { List users = findByField(MF.i(MF.p(User.class).getName()), name); User user = Iterables.getFirst(users, null); - if (user != null) { + if (user != null && !user.isDisabled()) { boolean authenticated = encryptionService.authenticate(password, user.getPassword(), user.getSalt()); if (authenticated) { diff --git a/src/main/java/com/commafeed/backend/model/User.java b/src/main/java/com/commafeed/backend/model/User.java index 69233810..a42ffc5f 100644 --- a/src/main/java/com/commafeed/backend/model/User.java +++ b/src/main/java/com/commafeed/backend/model/User.java @@ -5,6 +5,7 @@ import java.util.Set; import javax.persistence.CascadeType; import javax.persistence.Column; import javax.persistence.Entity; +import javax.persistence.FetchType; import javax.persistence.OneToMany; import javax.persistence.Table; @@ -27,7 +28,10 @@ public class User extends AbstractModel { @Column(length = 8, nullable = false) private byte[] salt; - @OneToMany(mappedBy = "user", cascade = CascadeType.PERSIST) + @Column(nullable = false) + private boolean disabled; + + @OneToMany(mappedBy = "user", cascade = CascadeType.PERSIST, fetch = FetchType.EAGER) private Set roles = Sets.newHashSet(); public String getName() { @@ -62,4 +66,12 @@ public class User extends AbstractModel { this.roles = roles; } + public boolean isDisabled() { + return disabled; + } + + public void setDisabled(boolean disabled) { + this.disabled = disabled; + } + } diff --git a/src/main/java/com/commafeed/frontend/CommaFeedSession.java b/src/main/java/com/commafeed/frontend/CommaFeedSession.java index f47cd27f..04526e24 100644 --- a/src/main/java/com/commafeed/frontend/CommaFeedSession.java +++ b/src/main/java/com/commafeed/frontend/CommaFeedSession.java @@ -7,9 +7,9 @@ import org.apache.wicket.authroles.authentication.AuthenticatedWebSession; import org.apache.wicket.authroles.authorization.strategies.role.Roles; import org.apache.wicket.request.Request; +import com.commafeed.backend.dao.UserRoleService; import com.commafeed.backend.dao.UserService; import com.commafeed.backend.model.User; -import com.commafeed.backend.security.Role; @SuppressWarnings("serial") public class CommaFeedSession extends AuthenticatedWebSession { @@ -17,7 +17,11 @@ public class CommaFeedSession extends AuthenticatedWebSession { @Inject UserService userService; + @Inject + UserRoleService userRoleService; + private User user; + private Roles roles = new Roles(); public CommaFeedSession(Request request) { super(request); @@ -37,15 +41,20 @@ public class CommaFeedSession extends AuthenticatedWebSession { @Override public Roles getRoles() { - // TODO change this - return isSignedIn() ? new Roles(new String[] { Role.USER, Role.ADMIN }) - : new Roles(); + return roles; } @Override public boolean authenticate(String userName, String password) { User user = userService.login(userName, password); - this.user = user; + if (user == null) { + this.user = null; + this.roles = new Roles(); + } else { + this.user = user; + this.roles = new Roles(userRoleService.getRoles(user).toArray( + new String[0])); + } return user != null; } diff --git a/src/main/java/com/commafeed/frontend/pages/BasePage.java b/src/main/java/com/commafeed/frontend/pages/BasePage.java index cd1f8d61..1331e8d9 100644 --- a/src/main/java/com/commafeed/frontend/pages/BasePage.java +++ b/src/main/java/com/commafeed/frontend/pages/BasePage.java @@ -1,13 +1,48 @@ package com.commafeed.frontend.pages; +import javax.inject.Inject; + import org.apache.wicket.markup.head.IHeaderResponse; import org.apache.wicket.markup.html.WebPage; +import com.commafeed.backend.dao.FeedCategoryService; +import com.commafeed.backend.dao.FeedEntryService; +import com.commafeed.backend.dao.FeedEntryStatusService; +import com.commafeed.backend.dao.FeedService; +import com.commafeed.backend.dao.FeedSubscriptionService; +import com.commafeed.backend.dao.UserRoleService; +import com.commafeed.backend.dao.UserService; +import com.commafeed.backend.dao.UserSettingsService; + import de.agilecoders.wicket.Bootstrap; @SuppressWarnings("serial") public class BasePage extends WebPage { + @Inject + protected FeedService feedService; + + @Inject + protected FeedSubscriptionService feedSubscriptionService; + + @Inject + protected FeedCategoryService feedCategoryService; + + @Inject + protected FeedEntryService feedEntryService; + + @Inject + protected FeedEntryStatusService feedEntryStatusService; + + @Inject + protected UserService userService; + + @Inject + protected UserSettingsService userSettingsService; + + @Inject + protected UserRoleService userRoleService; + @Override public void renderHead(IHeaderResponse response) { super.renderHead(response); diff --git a/src/main/java/com/commafeed/frontend/rest/resources/AbstractREST.java b/src/main/java/com/commafeed/frontend/rest/resources/AbstractREST.java index 945419aa..53906610 100644 --- a/src/main/java/com/commafeed/frontend/rest/resources/AbstractREST.java +++ b/src/main/java/com/commafeed/frontend/rest/resources/AbstractREST.java @@ -1,7 +1,7 @@ package com.commafeed.frontend.rest.resources; import java.lang.reflect.Method; -import java.util.List; +import java.util.Set; import javax.annotation.PostConstruct; import javax.inject.Inject; @@ -129,7 +129,7 @@ public abstract class AbstractREST { } private boolean checkRole(User user, SecurityCheck annotation) { - List roles = userRoleService.getRoles(user); + Set roles = userRoleService.getRoles(user); for (String role : annotation.value()) { if (!roles.contains(role)) { return false;