feat: add authentication, permission and role directives

GIP-RECIA · Oct 12, 2023 · 198bd12 · 198bd12
1 parent 087ad02
commit 198bd12
Show file tree

Hide file tree

Showing 12 changed files with 123 additions and 38 deletions.
diff --git a/NOTICE b/NOTICE
@@ -72,6 +72,7 @@ This project includes:
   JBoss Logging 3 under Apache License, version 2.0
   JCL 1.2 implemented over SLF4J under Apache License, Version 2.0
   JDT Annotations for Enhanced Null Analysis under Eclipse Public License - v 2.0
+  Joda-Time under Apache License, Version 2.0
   JSON library from Android SDK under Apache License 2.0
   JSON Small and Fast Parser under The Apache Software License, Version 2.0
   JSONassert under The Apache Software License, Version 2.0

diff --git a/src/main/java/fr/recia/glc/ldap/enums/PermissionType.java b/src/main/java/fr/recia/glc/ldap/enums/PermissionType.java
@@ -34,29 +34,29 @@ public enum PermissionType {
   /**
    * Admin.
    */
-  ADMIN(1, "ADMIN", 128, "enum.permission.superAdm.title"),
+  ADMIN(1, "ADMIN", 128),
   /**
    * Manager.
    */
-  MANAGER(2, "MANAGER", 64, "enum.permission.manager.title"),
-  MANAGER_BRANCH(3, "MANAGER_BRANCH", 64, "enum.permission.manager.title"),
+  MANAGER(2, "MANAGER", 64),
+  MANAGER_BRANCH(3, "MANAGER_BRANCH", 64),
   /**
    * No Permission expect to look over the object and go on his childs.
    */
-  LOOKOVER(4, "LOOKOVER", 0, "enum.permission.lookover.title"),
-  LOOKOVER_BRANCH(5, "LOOKOVER_BRANCH", 0, "enum.permission.lookover.title");
+  LOOKOVER(4, "LOOKOVER", 0),
+  LOOKOVER_BRANCH(5, "LOOKOVER_BRANCH", 0);
 //  /**
 //   * User.
 //   */
-//  USER(8, "USER", 8, "permission.user.desc"),
+//  USER(8, "USER", 8),
 //  /**
 //   * Authenticated User And Without Permission.
 //   */
-//  AUTHENTICATED(9, "AUTHENTICATED", 4, "permission.authenticated.desc"),
+//  AUTHENTICATED(9, "AUTHENTICATED", 4),
 //  /**
 //   * UnAuthenticated Users
 //   */
-//  ANONYMOUS(10, "ANONYMOUS", 0, "permission.anonymous.desc");
+//  ANONYMOUS(10, "ANONYMOUS", 0);
 
   /**
    * Identifier.
@@ -70,10 +70,6 @@ public enum PermissionType {
    * Mask.
    */
   private int mask;
-  /**
-   * The I18N key.
-   */
-  private String label;
 
   public static PermissionType fromName(final String name) {
     if (name != null) {

diff --git a/src/main/java/fr/recia/glc/web/rest/ConfigurationController.java b/src/main/java/fr/recia/glc/web/rest/ConfigurationController.java
@@ -18,6 +18,7 @@
 import fr.recia.glc.configuration.GLCProperties;
 import fr.recia.glc.db.enums.CategoriePersonne;
 import fr.recia.glc.db.enums.Etat;
+import fr.recia.glc.ldap.enums.PermissionType;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -70,6 +71,14 @@ public ResponseEntity<Object> getConfiguration() {
     editAllowedStates.add(Etat.Incertain);
     data.put("editAllowedStates", editAllowedStates);
 
+    List<String> permissionTypes = new ArrayList<>();
+    permissionTypes.add(PermissionType.ADMIN.getName());
+    permissionTypes.add(PermissionType.MANAGER.getName());
+    permissionTypes.add(PermissionType.MANAGER_BRANCH.getName());
+    permissionTypes.add(PermissionType.LOOKOVER.getName());
+    permissionTypes.add(PermissionType.LOOKOVER_BRANCH.getName());
+    data.put("permissionTypes", permissionTypes);
+
     return new ResponseEntity<>(data, HttpStatus.OK);
   }
 

diff --git a/src/main/java/fr/recia/glc/web/rest/EtablissementController.java b/src/main/java/fr/recia/glc/web/rest/EtablissementController.java
@@ -35,6 +35,7 @@
 import fr.recia.glc.db.repositories.personne.APersonneRepository;
 import fr.recia.glc.db.repositories.structure.EtablissementRepository;
 import fr.recia.glc.ldap.StructureKey;
+import fr.recia.glc.ldap.enums.PermissionType;
 import fr.recia.glc.security.AuthoritiesConstants;
 import fr.recia.glc.security.CustomUserDetails;
 import fr.recia.glc.security.SecurityUtils;
@@ -159,7 +160,7 @@ public ResponseEntity<EtablissementDto> getEtablissement(@PathVariable Long id)
       etablissement.setPermission(userContextRole.getRoleFromContext(structureKey).getName());
 
       if (!allowedUAI.contains(etablissement.getUai())) return new ResponseEntity<>(HttpStatus.FORBIDDEN);
-    }
+    } else etablissement.setPermission(PermissionType.ADMIN.getName());
     String[] split = etablissement.getNom().split("\\$");
     if (split.length > 1) {
       etablissement.setType(split[0]);

diff --git a/src/main/webapp/src/components/dialogs/PersonneDialog.vue b/src/main/webapp/src/components/dialogs/PersonneDialog.vue
@@ -163,7 +163,7 @@ const resetAddMode = (success?: boolean) => {
             icon="fas fa-xmark"
             color="default"
             variant="plain"
-            @click="isCurrentPersonne = undefined"
+            @click="isCurrentPersonne = false"
           />
         </template>
       </v-toolbar>

diff --git a/src/main/webapp/src/directives/authenticationDirective.ts b/src/main/webapp/src/directives/authenticationDirective.ts
@@ -0,0 +1,20 @@
+import { useConfigurationStore } from '@/stores/configurationStore';
+import { storeToRefs } from 'pinia';
+import { type Directive, watch } from 'vue';
+
+const authenticated: Directive<HTMLElement, null> = (el) => {
+  const configurationStore = useConfigurationStore();
+  const { isAuthenticated } = storeToRefs(configurationStore);
+
+  const checkAuthentication = () => {
+    el.hidden = !isAuthenticated.value;
+  };
+
+  checkAuthentication();
+
+  watch(isAuthenticated, (oldValue, newValue) => {
+    if (oldValue != newValue) checkAuthentication();
+  });
+};
+
+export { authenticated };
diff --git a/src/main/webapp/src/directives/index.ts b/src/main/webapp/src/directives/index.ts
@@ -1,7 +1,11 @@
-import { admin, role } from '@/directives/roles';
+import { authenticated } from '@/directives/authenticationDirective';
+import { permission } from '@/directives/permissionDirective';
+import { admin, role } from '@/directives/roleDirective';
 import type { App } from 'vue';
 
 const register = (app: App) => {
+  app.directive('authenticated', authenticated);
+  app.directive('permission', permission);
   app.directive('admin', admin);
   app.directive('role', role);
 };

diff --git a/src/main/webapp/src/directives/permissionDirective.ts b/src/main/webapp/src/directives/permissionDirective.ts
@@ -0,0 +1,28 @@
+import { useStructureStore } from '@/stores/structureStore';
+import { storeToRefs } from 'pinia';
+import { type Directive, watch } from 'vue';
+
+const permission: Directive<HTMLElement, Array<string>> = (el, binding) => {
+  const structureStore = useStructureStore();
+  const { currentEtab } = storeToRefs(structureStore);
+
+  const checkPermissions = () => {
+    let hasPermission: boolean = false;
+    binding.value.forEach((permission) => {
+      if (currentEtab.value?.permission?.includes(permission)) hasPermission = true;
+    });
+
+    el.hidden = !hasPermission;
+  };
+
+  checkPermissions();
+
+  watch(
+    () => currentEtab.value?.permission,
+    (oldValue, newValue) => {
+      if (newValue != oldValue) checkPermissions();
+    },
+  );
+};
+
+export { permission };
diff --git a/src/main/webapp/src/directives/roleDirective.ts b/src/main/webapp/src/directives/roleDirective.ts
@@ -0,0 +1,47 @@
+import { useConfigurationStore } from '@/stores/configurationStore';
+import { storeToRefs } from 'pinia';
+import { type Directive, watch } from 'vue';
+
+const admin: Directive<HTMLElement, null> = (el) => {
+  const configurationStore = useConfigurationStore();
+  const { identity } = storeToRefs(configurationStore);
+
+  const checkAdmin = () => {
+    let isAdmin: boolean = false;
+    if (identity.value?.roles.includes('ROLE_ADMIN')) isAdmin = true;
+
+    el.hidden = !isAdmin;
+  };
+
+  checkAdmin();
+
+  watch(
+    () => identity.value?.roles,
+    () => checkAdmin(),
+    { deep: true },
+  );
+};
+
+const role: Directive<HTMLElement, Array<string>> = (el, binding) => {
+  const configurationStore = useConfigurationStore();
+  const { identity } = storeToRefs(configurationStore);
+
+  const checkRoles = () => {
+    let hasRole: boolean = false;
+    binding.value.forEach((role) => {
+      if (identity.value?.roles.includes(role)) hasRole = true;
+    });
+
+    el.hidden = !hasRole;
+  };
+
+  checkRoles();
+
+  watch(
+    () => identity.value?.roles,
+    () => checkRoles(),
+    { deep: true },
+  );
+};
+
+export { admin, role };
diff --git a/src/main/webapp/src/directives/roles.ts b/src/main/webapp/src/directives/roles.ts
diff --git a/src/main/webapp/src/types/configurationType.ts b/src/main/webapp/src/types/configurationType.ts
@@ -6,4 +6,5 @@ export type Configuration = {
   externalSources4Login: Array<string>;
   externalSources4LoginCategory: Array<string>;
   editAllowedStates: Array<string>;
+  permissionTypes: Array<string>;
 };
diff --git a/src/main/webapp/src/types/etablissementType.ts b/src/main/webapp/src/types/etablissementType.ts
@@ -21,6 +21,7 @@ export type Etablissement = {
   logo: string;
   personnes: Array<SimplePersonne>;
   filieres: Array<Filiere>;
+  permission?: string;
 };
 
 export type SimpleEtablissement = {