diff --git a/src/main/java/com/commafeed/backend/dao/UserDAO.java b/src/main/java/com/commafeed/backend/dao/UserDAO.java index 6159392f..3bc94cb2 100644 --- a/src/main/java/com/commafeed/backend/dao/UserDAO.java +++ b/src/main/java/com/commafeed/backend/dao/UserDAO.java @@ -6,7 +6,6 @@ import javax.inject.Singleton; import org.hibernate.SessionFactory; import com.commafeed.backend.model.QUser; -import com.commafeed.backend.model.QUserRole; import com.commafeed.backend.model.User; @Singleton @@ -20,18 +19,15 @@ public class UserDAO extends GenericDAO { } public User findByName(String name) { - return newQuery().from(user).where(user.name.equalsIgnoreCase(name)).leftJoin(user.roles, QUserRole.userRole).fetch() - .uniqueResult(user); + return newQuery().from(user).where(user.name.equalsIgnoreCase(name)).uniqueResult(user); } public User findByApiKey(String key) { - return newQuery().from(user).where(user.apiKey.equalsIgnoreCase(key)).leftJoin(user.roles, QUserRole.userRole).fetch() - .uniqueResult(user); + return newQuery().from(user).where(user.apiKey.equalsIgnoreCase(key)).uniqueResult(user); } public User findByEmail(String email) { - return newQuery().from(user).where(user.email.equalsIgnoreCase(email)).leftJoin(user.roles, QUserRole.userRole).fetch() - .uniqueResult(user); + return newQuery().from(user).where(user.email.equalsIgnoreCase(email)).uniqueResult(user); } public long count() { diff --git a/src/main/java/com/commafeed/backend/model/User.java b/src/main/java/com/commafeed/backend/model/User.java index aa2229ab..b97d6c7d 100644 --- a/src/main/java/com/commafeed/backend/model/User.java +++ b/src/main/java/com/commafeed/backend/model/User.java @@ -1,7 +1,6 @@ package com.commafeed.backend.model; import java.util.Date; -import java.util.HashSet; import java.util.Set; import javax.persistence.CascadeType; @@ -18,8 +17,6 @@ import lombok.Setter; import org.apache.commons.lang3.time.DateUtils; -import com.commafeed.backend.model.UserRole.Role; - @Entity @Table(name = "USERS") @SuppressWarnings("serial") @@ -57,9 +54,6 @@ public class User extends AbstractModel { @Temporal(TemporalType.TIMESTAMP) private Date recoverPasswordTokenDate; - @OneToMany(mappedBy = "user", cascade = CascadeType.REMOVE) - private Set roles = new HashSet<>(); - @OneToMany(mappedBy = "user", fetch = FetchType.LAZY, cascade = CascadeType.REMOVE) private Set subscriptions; @@ -67,10 +61,6 @@ public class User extends AbstractModel { @Temporal(TemporalType.TIMESTAMP) private Date lastFullRefresh; - public boolean hasRole(Role role) { - return getRoles().stream().anyMatch(r -> r.getRole() == role); - } - public boolean shouldRefreshFeedsAt(Date when) { return (lastFullRefresh == null || lastFullRefreshMoreThan30MinutesBefore(when)); } diff --git a/src/main/java/com/commafeed/backend/service/UserService.java b/src/main/java/com/commafeed/backend/service/UserService.java index 980a81a5..66692189 100644 --- a/src/main/java/com/commafeed/backend/service/UserService.java +++ b/src/main/java/com/commafeed/backend/service/UserService.java @@ -3,6 +3,7 @@ package com.commafeed.backend.service; import java.util.Collection; import java.util.Date; import java.util.Optional; +import java.util.Set; import java.util.UUID; import javax.inject.Inject; @@ -133,4 +134,8 @@ public class UserService { byte[] key = encryptionService.getEncryptedPassword(UUID.randomUUID().toString(), user.getSalt()); return DigestUtils.sha1Hex(key); } + + public Set getRoles(User user) { + return userRoleDAO.findRoles(user); + } } diff --git a/src/main/java/com/commafeed/frontend/auth/SecurityCheckFactory.java b/src/main/java/com/commafeed/frontend/auth/SecurityCheckFactory.java index 673790f8..469a2e9c 100644 --- a/src/main/java/com/commafeed/frontend/auth/SecurityCheckFactory.java +++ b/src/main/java/com/commafeed/frontend/auth/SecurityCheckFactory.java @@ -1,6 +1,7 @@ package com.commafeed.frontend.auth; import java.util.Optional; +import java.util.Set; import javax.inject.Inject; import javax.servlet.http.HttpServletRequest; @@ -46,7 +47,8 @@ public class SecurityCheckFactory extends AbstractContainerRequestValueFactory roles = userService.getRoles(user.get()); + if (roles.contains(role)) { return user.get(); } else { throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN)