Archives/Athou_commafeed
1
0
Fork 1
mirror of https://github.com/Athou/commafeed.git synced 2026-03-21 21:37:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

security revamp

Browse Source
This commit is contained in:
Athou
2014-08-08 21:57:16 +02:00
parent 9d070bd33c
commit c56c213da7
17 changed files with 209 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/main/java/com/commafeed/backend/dao/UserDAO.java
View File

@@ -3,6 +3,7 @@ package com.commafeed.backend.dao;
import org.hibernate.SessionFactory;
import com.commafeed.backend.model.QUser;
import com.commafeed.backend.model.QUserRole;
import com.commafeed.backend.model.User;
public class UserDAO extends GenericDAO<User> {
@@ -14,14 +15,17 @@ public class UserDAO extends GenericDAO<User> {
}
public User findByName(String name) {
return newQuery().from(user).where(user.name.equalsIgnoreCase(name)).uniqueResult(user);
return newQuery().from(user).where(user.name.equalsIgnoreCase(name)).leftJoin(user.roles, QUserRole.userRole).fetch()
.uniqueResult(user);
}
public User findByApiKey(String key) {
return newQuery().from(user).where(user.apiKey.equalsIgnoreCase(key)).uniqueResult(user);
return newQuery().from(user).where(user.apiKey.equalsIgnoreCase(key)).leftJoin(user.roles, QUserRole.userRole).fetch()
.uniqueResult(user);
}
public User findByEmail(String email) {
return newQuery().from(user).where(user.email.equalsIgnoreCase(email)).uniqueResult(user);
return newQuery().from(user).where(user.email.equalsIgnoreCase(email)).leftJoin(user.roles, QUserRole.userRole).fetch()
.uniqueResult(user);
}
}

10
src/main/java/com/commafeed/backend/model/User.java
View File

@@ -17,6 +17,7 @@ import lombok.Setter;
import org.hibernate.annotations.Cascade;
import com.commafeed.backend.model.UserRole.Role;
import com.google.common.collect.Sets;
@Entity
@@ -68,4 +69,13 @@ public class User extends AbstractModel {
@Temporal(TemporalType.TIMESTAMP)
private Date lastFullRefresh;
public boolean hasRole(Role role) {
for (UserRole userRole : getRoles()) {
if (userRole.getRole() == role) {
return true;
}
}
return false;
}
}

2
src/main/java/com/commafeed/backend/model/UserRole.java
View File

@@ -20,7 +20,7 @@ import lombok.Setter;
public class UserRole extends AbstractModel {
public static enum Role {
USER, ADMIN, NONE
USER, ADMIN
}
@OneToOne(fetch = FetchType.LAZY)

12
src/main/java/com/commafeed/backend/service/UserService.java
View File

@@ -64,6 +64,18 @@ public class UserService {
return null;
}
public User login(String apiKey) {
if (apiKey == null) {
return null;
}
User user = userDAO.findByApiKey(apiKey);
if (user != null && !user.isDisabled()) {
return user;
}
return null;
}
public User register(String name, String password, String email, Collection<Role> roles) {
return register(name, password, email, roles, false);
}