From: Vásáry Dániel <daniel.vasary@userrendszerhaz.hu>
Date: Mon, 2 Jul 2018 14:41:23 +0000 (+0000)
Subject: git-tfs-id: [http://tfs.userrendszerhaz.hu:8080/tfs/DefaultCollection]$/MediaCube... 
X-Git-Url: http://git.useribm.hu/?a=commitdiff_plain;h=457fb9e8ed031526ee7dabac232de773603bd13f;p=mediacube.git

git-tfs-id: [tfs.userrendszerhaz.hu:8080/tfs/DefaultCollection]$/MediaCube;C31140
---

diff --git a/server/-configuration/mediacube-auth.properties b/server/-configuration/mediacube-auth.properties
index c7032743..ec52ed5a 100644
--- a/server/-configuration/mediacube-auth.properties
+++ b/server/-configuration/mediacube-auth.properties
@@ -4,6 +4,10 @@ ad_host=10.10.254.11
 ad_nonsecureport=3268
 ad_base_dn=DC=intra,DC=echotv,DC=hu
 ad_admin_map=G_ECH_U_INFORMATIKUSOK,G_ECH_U_MUSZAKVEZETOK,ECH-ISILON-ADMINS
-local_users=user:password;kuka:kuka
-local_admins=root:password:vasary@elgekko.net
-local_jobsubmitters=lebony:lebony
\ No newline at end of file
+ad_submitter_map=G_ECH_U_INFORMATIKUSOK,G_ECH_U_MUSZAKVEZETOK,ECH-ISILON-ADMINS
+ad_editor_map=G_ECH_U_INFORMATIKUSOK,G_ECH_U_MUSZAKVEZETOK,ECH-ISILON-ADMINS
+#Helyi felhasználók
+local_accounts=user:password,kuka:kuka,lebony:lebony,root:password:vasary@elgekko.net
+local_admins=root
+local_submitters=lebony
+local_editors=editor
\ No newline at end of file
diff --git a/server/-configuration/scheduledjobs.json b/server/-configuration/scheduledjobs.json
index abd4df80..60a7180f 100644
--- a/server/-configuration/scheduledjobs.json
+++ b/server/-configuration/scheduledjobs.json
@@ -65,7 +65,7 @@
       "active": false,
       "executeimmediate": false,
 	  "name" : "MORPHEUS 'missing materials' importÃ¡lÃ¡sa",
-      "template": "import-morpheus-missing-materials.xml",
+      "template": "sys-import-morpheus-missing-materials.xml",
       "cronexpression": "0 0 0/1 1/1 * ? *",
       "parameters": [ 
       	{"name": "csvFilePath", "value": "/mnt/MORPHEUS", "type": "java.lang.String"},
diff --git a/server/user.jobengine.osgi.server/pages/menu.zul b/server/user.jobengine.osgi.server/pages/menu.zul
index 1d21559f..19917374 100644
--- a/server/user.jobengine.osgi.server/pages/menu.zul
+++ b/server/user.jobengine.osgi.server/pages/menu.zul
@@ -56,7 +56,7 @@
 			<menupopup>
 				<menuitem sclass="rozsda" label="KeresÃ©s" onClick='includeContent.src="/pages/searchitems.zul"' disabled="false" />
  				<menuitem sclass="rozsda" label="Folyamatok" onClick='includeContent.src="/pages/joblist.zul"' disabled="${not sessionScope.userPrincipal.admin or sessionScope.userPrincipal.anonymous}" />
- 				<menuitem sclass="rozsda" label="HiÃ¡nyzÃ³ anyagok" onClick='includeContent.src="/pages/missingmaterials.zul"' disabled="${not sessionScope.userPrincipal.jobSubmitter or sessionScope.userPrincipal.anonymous}" />
+ 				<menuitem sclass="rozsda" label="HiÃ¡nyzÃ³ anyagok" onClick='includeContent.src="/pages/missingmaterials.zul"' disabled="${not sessionScope.userPrincipal.submitter or sessionScope.userPrincipal.anonymous}" />
 <!--  				<menuitem sclass="rozsda" label="Test" onClick='includeContent.src="/pages/database.zul"' disabled="${not sessionScope.userPrincipal.jobSubmitter or sessionScope.userPrincipal.anonymous}" /> -->
 			</menupopup>
 		</menu>
diff --git a/server/user.jobengine.osgi.server/pages/missingmaterials.zul b/server/user.jobengine.osgi.server/pages/missingmaterials.zul
index d8c90252..8d670675 100644
--- a/server/user.jobengine.osgi.server/pages/missingmaterials.zul
+++ b/server/user.jobengine.osgi.server/pages/missingmaterials.zul
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <?taglib uri="http://www.zkoss.org/dsp/web/core" prefix="c" ?>
-<?init class="user.jobengine.zk.util.AdminAuthInitiator"?>
+<?init class="user.jobengine.zk.util.SubmitterAuthInitiator"?>
 <zk xmlns:w="http://www.zkoss.org/2005/zk/client" xmlns:ca="client/attribute">
 	<custom-attributes org.zkoss.zul.listbox.rod="true" />
 	<custom-attributes org.zkoss.zul.listbox.initRodSize="50" />
diff --git a/server/user.jobengine.osgi.server/src/user/jobengine/zk/util/LDAPHandler.java b/server/user.jobengine.osgi.server/src/user/jobengine/zk/util/LDAPUserHandler.java
similarity index 84%
rename from server/user.jobengine.osgi.server/src/user/jobengine/zk/util/LDAPHandler.java
rename to server/user.jobengine.osgi.server/src/user/jobengine/zk/util/LDAPUserHandler.java
index 7f2a40b1..6f3c21a7 100644
--- a/server/user.jobengine.osgi.server/src/user/jobengine/zk/util/LDAPHandler.java
+++ b/server/user.jobengine.osgi.server/src/user/jobengine/zk/util/LDAPUserHandler.java
@@ -4,6 +4,7 @@ import java.io.FileInputStream;
 import java.lang.invoke.MethodHandles;
 import java.net.URL;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Hashtable;
 import java.util.LinkedHashSet;
 import java.util.List;
@@ -25,7 +26,7 @@ import org.apache.logging.log4j.Logger;
 
 import user.commons.ListUtils;
 
-public class LDAPHandler {
+public class LDAPUserHandler {
 	private static final String OTHER_MAILBOX = "otherMailbox";
 	private static final Logger logger = LogManager.getLogger();
 	private static final String LDAP_ADDRESS = "ldap://%s:%s";
@@ -40,6 +41,9 @@ public class LDAPHandler {
 	private static final String DISPLAY_NAME = "displayName";
 	private static final String MEMBER_OF = "memberOf";
 	private static final String AD_BASE_DN = "ad_base_dn";
+	private static final String AD_ADMIN_MAP = "ad_admin_map";
+	private static final String AD_SUBMITTER_MAP = "ad_submitter_map";
+	private static final String AD_EDITOR_MAP = "ad_editor_map";
 
 	public static void main(String[] args) throws Exception {
 		//		Properties cfg = new Properties();
@@ -54,7 +58,7 @@ public class LDAPHandler {
 
 		//LDAPHandler h = new LDAPHandler("echotest", "aA123456+", cfg);
 		//LDAPHandler h = new LDAPHandler("stibor.adm", "Qwer1234", cfg);
-		LDAPHandler h = new LDAPHandler("nagy.ilona", "k0rianDER", cfg);
+		LDAPUserHandler h = new LDAPUserHandler("nagy.ilona", "k0rianDER", cfg);
 
 		UserPrincipal user = h.getUserPrincipal();
 		System.out.println(user);
@@ -66,7 +70,7 @@ public class LDAPHandler {
 	private String password;
 	private String domain;
 
-	public LDAPHandler(String account, String password, Properties cfg) {
+	public LDAPUserHandler(String account, String password, Properties cfg) {
 		this.account = account;
 		this.password = password;
 		this.domain = cfg.getProperty(AD_BASE_DN);
@@ -75,6 +79,15 @@ public class LDAPHandler {
 		this.cfg = cfg;
 	}
 
+	private boolean checkMembership(Properties cfg, String property, List<String> memberOf) {
+		String groupMap = cfg.getProperty(property);
+		if (groupMap == null)
+			return false;
+		List<String> remains = ListUtils.intersect(Arrays.asList(groupMap.split(",")), memberOf);
+		return (remains.size() > 0);
+
+	}
+
 	public List<String> getAllGroups() {
 		List<String> result = new ArrayList<>();
 		LdapContext ctx = null;
@@ -231,7 +244,22 @@ public class LDAPHandler {
 				memberOf = ListUtils.distinctUnion(memberOf, parentGroups);
 			}
 		}
-		userPrincipal.setMemberOf(memberOf, cfg);
+		updateMembership(userPrincipal, memberOf, cfg);
+	}
+
+	public void updateMembership(UserPrincipal userPrincipal, List<String> memberOf, Properties cfg) {
+		if (memberOf == null)
+			return;
+
+		if (checkMembership(cfg, AD_ADMIN_MAP, memberOf)) {
+			userPrincipal.setAdmin(true);
+			userPrincipal.setSubmitter(true);
+			userPrincipal.setEditor(true);
+		}
+		if (checkMembership(cfg, AD_SUBMITTER_MAP, memberOf))
+			userPrincipal.setSubmitter(true);
+		if (checkMembership(cfg, AD_EDITOR_MAP, memberOf))
+			userPrincipal.setEditor(true);
 	}
 
 }
\ No newline at end of file
diff --git a/server/user.jobengine.osgi.server/src/user/jobengine/zk/util/LocalUserHandler.java b/server/user.jobengine.osgi.server/src/user/jobengine/zk/util/LocalUserHandler.java
new file mode 100644
index 00000000..8967cd35
--- /dev/null
+++ b/server/user.jobengine.osgi.server/src/user/jobengine/zk/util/LocalUserHandler.java
@@ -0,0 +1,65 @@
+package user.jobengine.zk.util;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.Properties;
+
+import org.apache.commons.lang.StringUtils;
+
+public class LocalUserHandler {
+	private static final String LOCAL_ACCOUNTS = "local_accounts";
+	private static final String LOCAL_ADMINS = "local_admins";
+	private static final String LOCAL_SUBMITTERS = "local_submitters";
+	private static final String LOCAL_EDITORS = "local_submitters";
+	private String account;
+	private String password;
+	private Properties cfg;
+
+	public LocalUserHandler(String account, String password, Properties cfg) {
+		this.account = account;
+		this.password = password;
+		this.cfg = cfg;
+	}
+
+	private boolean authenticateLocal(String account, String password, String users) {
+		if (StringUtils.isBlank(account) || account.length() < 3)
+			return false;
+		if (StringUtils.isBlank(password) || password.length() < 3)
+			return false;
+		if (StringUtils.isBlank(users) || users.length() < 7)
+			return false;
+
+		return users.contains(String.format("%s:%s", account, password));
+	}
+
+	public UserPrincipal getUserPrincipal() {
+		String users = cfg.getProperty(LOCAL_ACCOUNTS);
+		UserPrincipal result = new UserPrincipal(account);
+		String[] userList = users.split(",");
+		for (String user : userList) {
+			if (!authenticateLocal(account, password, user))
+				continue;
+			String[] userInfo = user.split(":");
+			if (userInfo.length > 2)
+				result.setEmail(userInfo[2]);
+		}
+
+		if (result != null) {
+			boolean isAdmin = isMemberOf(account, cfg.getProperty(LOCAL_ADMINS));
+			boolean isSubmitter = isMemberOf(account, cfg.getProperty(LOCAL_SUBMITTERS));
+			boolean isEditor = isMemberOf(account, cfg.getProperty(LOCAL_EDITORS));
+			result.setAdmin(isAdmin);
+			if (isAdmin || isSubmitter)
+				result.setSubmitter(true);
+			if (isAdmin || isEditor)
+				result.setEditor(true);
+		}
+		return result;
+	}
+
+	private boolean isMemberOf(String account, String groupMembers) {
+		List<String> groupMemberList = Arrays.asList(groupMembers.split(","));
+		return groupMemberList.contains(account);
+	}
+
+}
diff --git a/server/user.jobengine.osgi.server/src/user/jobengine/zk/util/SessionUtil.java b/server/user.jobengine.osgi.server/src/user/jobengine/zk/util/SessionUtil.java
index fdc333d9..5ab21734 100644
--- a/server/user.jobengine.osgi.server/src/user/jobengine/zk/util/SessionUtil.java
+++ b/server/user.jobengine.osgi.server/src/user/jobengine/zk/util/SessionUtil.java
@@ -6,7 +6,6 @@ import java.util.Properties;
 
 import javax.servlet.http.HttpSession;
 
-import org.apache.commons.lang.StringUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.zkoss.zk.ui.Session;
@@ -16,12 +15,8 @@ import user.jobengine.server.IJobChangedListener;
 import user.jobengine.server.JobEngine;
 
 public class SessionUtil {
-	private static final String SELECTED_ARCHIVED_MEDIAS = "selectedArchivedMedias";
 	private static Logger logger = LogManager.getLogger();
 	private static final String AUTH_ENABLED = "auth_enabled";
-	private static final String LOCAL_USERS = "local_users";
-	private static final String LOCAL_ADMINS = "local_admins";
-	private static final String LOCAL_JOBSUBMITTERS = "local_jobsubmitters";
 	private static final String USERPRINCIPAL = "userPrincipal";
 	private static final String AUTH_LOCATION = "mediacube.auth.location";
 	public static final String JOBLISTENER = "joblistener";
@@ -29,23 +24,11 @@ public class SessionUtil {
 
 	public static boolean authenticate(String account, String password) {
 		Properties cfg = getConfiguration();
-		UserPrincipal userPrincipal = null;
-		String localUsers = cfg.getProperty(LOCAL_ADMINS);
-		if (authenticateLocal(account, password, localUsers)) {
-			userPrincipal = createLocalPrincipal(account, password, true, true, false, localUsers);
-		} else {
-			localUsers = cfg.getProperty(LOCAL_JOBSUBMITTERS);
-			if (authenticateLocal(account, password, localUsers)) {
-				userPrincipal = createLocalPrincipal(account, password, false, true, false, localUsers);
-			} else {
-				localUsers = cfg.getProperty(LOCAL_USERS);
-				if (authenticateLocal(account, password, localUsers)) {
-					userPrincipal = createLocalPrincipal(account, password, false, false, false, localUsers);
-				} else {
-					LDAPHandler h = new LDAPHandler(account, password, cfg);
-					userPrincipal = h.getUserPrincipal();
-				}
-			}
+		LocalUserHandler localUserHandler = new LocalUserHandler(account, password, cfg);
+		UserPrincipal userPrincipal = localUserHandler.getUserPrincipal();
+		if (userPrincipal == null) {
+			LDAPUserHandler ldapUserHandler = new LDAPUserHandler(account, password, cfg);
+			userPrincipal = ldapUserHandler.getUserPrincipal();
 		}
 
 		if (userPrincipal == null)
@@ -55,18 +38,6 @@ public class SessionUtil {
 		return true;
 	}
 
-	private static boolean authenticateLocal(String account, String password, String users) {
-		if (StringUtils.isBlank(account) || account.length() < 3)
-			return false;
-		if (StringUtils.isBlank(password) || password.length() < 3)
-			return false;
-
-		if (StringUtils.isBlank(users) || users.length() < 7)
-			return false;
-
-		return users.contains(String.format("%s:%s", account, password));
-	}
-
 	static public void cleanup() {
 		IJobChangedListener listener = (IJobChangedListener) getAttribute(SessionUtil.JOBLISTENER);
 		if (listener != null) {
@@ -77,20 +48,6 @@ public class SessionUtil {
 		//setAttribute(SessionUtil.USERPRINCIPAL, null);
 	}
 
-	private static UserPrincipal createLocalPrincipal(String account, String password, boolean isAdmin, boolean isJobSubmitter, boolean isAnonymous,
-			String users) {
-		UserPrincipal result = new UserPrincipal(account, isAdmin, isJobSubmitter, isAnonymous);
-		String[] userList = users.split(";");
-		for (String user : userList) {
-			if (!authenticateLocal(account, password, user))
-				continue;
-			String[] userInfo = user.split(":");
-			if (userInfo.length > 2)
-				result.setEmail(userInfo[2]);
-		}
-		return result;
-	}
-
 	static public Object getAttribute(String name) {
 		//HttpSession session = (HttpSession) (Executions.getCurrent()).getDesktop().getSession().getNativeSession();
 		Session zkSession = Sessions.getCurrent();
@@ -137,6 +94,16 @@ public class SessionUtil {
 		return result;
 	}
 
+	static public boolean isEditor() {
+		UserPrincipal userPrincipal = getUserPrincipal();
+		return userPrincipal != null && userPrincipal.isEditor();
+	}
+
+	static public boolean isSubmitter() {
+		UserPrincipal userPrincipal = getUserPrincipal();
+		return userPrincipal != null && userPrincipal.isSubmitter();
+	}
+
 	public static void logout() {
 		setAttribute(SessionUtil.USERPRINCIPAL, null);
 	}
diff --git a/server/user.jobengine.osgi.server/src/user/jobengine/zk/util/SubmitterAuthInitiator.java b/server/user.jobengine.osgi.server/src/user/jobengine/zk/util/SubmitterAuthInitiator.java
new file mode 100644
index 00000000..016ee584
--- /dev/null
+++ b/server/user.jobengine.osgi.server/src/user/jobengine/zk/util/SubmitterAuthInitiator.java
@@ -0,0 +1,20 @@
+package user.jobengine.zk.util;
+
+import java.util.Map;
+
+import org.zkoss.zk.ui.Executions;
+import org.zkoss.zk.ui.Page;
+import org.zkoss.zk.ui.util.Initiator;
+
+public class SubmitterAuthInitiator implements Initiator {
+
+	@Override
+	public void doInit(Page page, Map<String, Object> args) throws Exception {
+		if (!SessionUtil.isAuthenticated())
+			Executions.sendRedirect("/pages/login.jsp");
+
+		if (!SessionUtil.isSubmitter())
+			Executions.sendRedirect("/");
+	}
+
+}
\ No newline at end of file
diff --git a/server/user.jobengine.osgi.server/src/user/jobengine/zk/util/UserPrincipal.java b/server/user.jobengine.osgi.server/src/user/jobengine/zk/util/UserPrincipal.java
index b2d5c562..9b489e85 100644
--- a/server/user.jobengine.osgi.server/src/user/jobengine/zk/util/UserPrincipal.java
+++ b/server/user.jobengine.osgi.server/src/user/jobengine/zk/util/UserPrincipal.java
@@ -1,14 +1,8 @@
 package user.jobengine.zk.util;
 
-import java.util.Arrays;
 import java.util.List;
-import java.util.Properties;
-
-import user.commons.ListUtils;
 
 public class UserPrincipal implements java.io.Serializable {
-
-	private static final String AD_ADMIN_MAP = "ad_admin_map";
 	public final static String unknownUser = "";
 
 	public static boolean isValid(UserPrincipal userPrincipal) {
@@ -18,7 +12,8 @@ public class UserPrincipal implements java.io.Serializable {
 	private List<String> memberOf;
 	private boolean admin;
 	private boolean anonymous;
-	private boolean jobSubmitter;
+	private boolean submitter;
+	private boolean editor;
 	private String account;
 	private String displayName;
 	private String email;
@@ -27,11 +22,11 @@ public class UserPrincipal implements java.io.Serializable {
 		this(account, false, false, false);
 	}
 
-	public UserPrincipal(String account, boolean isAdmin, boolean isJobSubmitter, boolean isAnonymous) {
+	public UserPrincipal(String account, boolean isAdmin, boolean isSubmitter, boolean isAnonymous) {
 		this.account = account;
 		this.displayName = account;
 		this.admin = isAdmin;
-		this.jobSubmitter = isJobSubmitter;
+		this.submitter = isSubmitter;
 		this.anonymous = isAnonymous;
 	}
 
@@ -55,8 +50,12 @@ public class UserPrincipal implements java.io.Serializable {
 		return anonymous;
 	}
 
-	public boolean isJobSubmitter() {
-		return jobSubmitter;
+	public boolean isEditor() {
+		return editor;
+	}
+
+	public boolean isSubmitter() {
+		return submitter;
 	}
 
 	public void setAdmin(boolean admin) {
@@ -71,26 +70,16 @@ public class UserPrincipal implements java.io.Serializable {
 		this.displayName = displayName;
 	}
 
-	public void setEmail(String email) {
-		this.email = email;
+	public void setEditor(boolean editor) {
+		this.editor = editor;
 	}
 
-	public void setJobSubmitter(boolean jobSubmitter) {
-		this.jobSubmitter = jobSubmitter;
+	public void setEmail(String email) {
+		this.email = email;
 	}
 
-	public void setMemberOf(List<String> memberOf, Properties cfg) {
-		this.memberOf = memberOf;
-		if (memberOf == null)
-			return;
-		String adminMap = cfg.getProperty(AD_ADMIN_MAP);
-		if (adminMap == null)
-			return;
-		List<String> remains = ListUtils.intersect(Arrays.asList(adminMap.split(",")), memberOf);
-		if (remains.size() > 0) {
-			setAdmin(true);
-			setJobSubmitter(true);
-		}
+	public void setSubmitter(boolean submitter) {
+		this.submitter = submitter;
 	}
 
 	@Override
