1 | package dbnp.authentication |
---|
2 | |
---|
3 | class SecUser implements Serializable { |
---|
4 | String username // for shibboleth this is request header: persistent-id |
---|
5 | String password // for shibboleth this is springSecurityService.encodePassword("myDummyPassword", shibPersistentId) |
---|
6 | String displayName // shibboleth request header: displayName |
---|
7 | String organization // shibboleth request header: schacHomeOrganization |
---|
8 | String uid // shibboleth request header: uid |
---|
9 | String voName // shibboleth request header: coin-vo-name |
---|
10 | String userStatus // shibboleth request header: coin-user-status |
---|
11 | String email |
---|
12 | String apiKey // api key for clients using the API |
---|
13 | Date dateCreated |
---|
14 | |
---|
15 | boolean shibbolethUser = false |
---|
16 | boolean enabled |
---|
17 | boolean accountExpired |
---|
18 | boolean accountLocked |
---|
19 | boolean passwordExpired |
---|
20 | boolean userConfirmed // True if the user has confirmed his subscription using the link in the email |
---|
21 | boolean adminConfirmed // True if the administrator has confirmed this subscription using the link in the email |
---|
22 | |
---|
23 | static constraints = { |
---|
24 | username blank: false, unique: true |
---|
25 | password blank: true |
---|
26 | email blank: false |
---|
27 | displayName nullable: true |
---|
28 | organization nullable: true |
---|
29 | uid nullable: true |
---|
30 | voName nullable: true |
---|
31 | userStatus nullable: true |
---|
32 | apiKey nullable: true, unique: true |
---|
33 | } |
---|
34 | |
---|
35 | static mapping = { |
---|
36 | password column: '`password`' |
---|
37 | enabled formula: 'USER_CONFIRMED AND ADMIN_CONFIRMED' |
---|
38 | } |
---|
39 | |
---|
40 | Set<SecRole> getAuthorities() { |
---|
41 | SecUserSecRole.findAllBySecUser(this).collect { it.secRole } as Set |
---|
42 | } |
---|
43 | |
---|
44 | public boolean equals(Object y) { |
---|
45 | if (!(y instanceof SecUser)) { |
---|
46 | return false; |
---|
47 | } |
---|
48 | |
---|
49 | if (y == null) return false; |
---|
50 | |
---|
51 | return this.id == y.id |
---|
52 | } |
---|
53 | |
---|
54 | public boolean hasAdminRights() { |
---|
55 | return getAuthorities().contains(SecRole.findByAuthority('ROLE_ADMIN')); |
---|
56 | } |
---|
57 | |
---|
58 | public boolean hasTemplateAdminRights() { |
---|
59 | return getAuthorities().contains(SecRole.findByAuthority('ROLE_TEMPLATEADMIN')); |
---|
60 | } |
---|
61 | |
---|
62 | /** |
---|
63 | * Delete all remote logins for this user as well. |
---|
64 | */ |
---|
65 | def beforeDelete = { |
---|
66 | executeUpdate( "DELETE FROM SessionAuthenticatedUser sau WHERE sau.secUser = :secUser", [ "secUser": this ] ); |
---|
67 | } |
---|
68 | |
---|
69 | /** |
---|
70 | * Generate a shared secret for this user |
---|
71 | * @void |
---|
72 | */ |
---|
73 | def beforeInsert = { |
---|
74 | // generate an apiKey for this user |
---|
75 | apiKey = UUID.randomUUID().toString() |
---|
76 | } |
---|
77 | |
---|
78 | /** |
---|
79 | * Before update |
---|
80 | */ |
---|
81 | def beforeUpdate = { |
---|
82 | // got an api key? |
---|
83 | if (!apiKey) { |
---|
84 | // generate an apiKey for this user |
---|
85 | apiKey = UUID.randomUUID().toString() |
---|
86 | } |
---|
87 | } |
---|
88 | |
---|
89 | /** |
---|
90 | * return the text representation of this user |
---|
91 | * @return |
---|
92 | */ |
---|
93 | def String toString() { |
---|
94 | if (shibbolethUser) { |
---|
95 | return displayName |
---|
96 | } else { |
---|
97 | return username |
---|
98 | } |
---|
99 | } |
---|
100 | } |
---|