1 | package dbnp.authentication |
---|
2 | |
---|
3 | class SecUser implements Serializable { |
---|
4 | String username // for shibboleth this is request header: persistent-id |
---|
5 | String password // for shibboleth this is springSecurityService.encodePassword("myDummyPassword", shibPersistentId) |
---|
6 | String displayName // shibboleth request header: displayName |
---|
7 | String organization // shibboleth request header: schacHomeOrganization |
---|
8 | String uid // shibboleth request header: uid |
---|
9 | String voName // shibboleth request header: coin-vo-name |
---|
10 | String userStatus // shibboleth request header: coin-user-status |
---|
11 | String email |
---|
12 | Date dateCreated |
---|
13 | boolean shibbolethUser = false |
---|
14 | boolean enabled |
---|
15 | boolean accountExpired |
---|
16 | boolean accountLocked |
---|
17 | boolean passwordExpired |
---|
18 | boolean userConfirmed // True if the user has confirmed his subscription using the link in the email |
---|
19 | boolean adminConfirmed // True if the administrator has confirmed this subscription using the link in the email |
---|
20 | |
---|
21 | static constraints = { |
---|
22 | username blank: false, unique: true |
---|
23 | password blank: true |
---|
24 | email blank: false |
---|
25 | displayName nullable: true |
---|
26 | organization nullable: true |
---|
27 | uid nullable: true |
---|
28 | voName nullable: true |
---|
29 | userStatus nullable: true |
---|
30 | } |
---|
31 | |
---|
32 | static mapping = { |
---|
33 | password column: '`password`' |
---|
34 | enabled formula: 'USER_CONFIRMED AND ADMIN_CONFIRMED' |
---|
35 | } |
---|
36 | |
---|
37 | Set<SecRole> getAuthorities() { |
---|
38 | SecUserSecRole.findAllBySecUser(this).collect { it.secRole } as Set |
---|
39 | } |
---|
40 | |
---|
41 | public boolean equals(Object y) { |
---|
42 | if (!(y instanceof SecUser)) { |
---|
43 | return false; |
---|
44 | } |
---|
45 | |
---|
46 | if (y == null) return false; |
---|
47 | |
---|
48 | return this.id == y.id |
---|
49 | } |
---|
50 | |
---|
51 | public boolean hasAdminRights() { |
---|
52 | return getAuthorities().contains(SecRole.findByAuthority('ROLE_ADMIN')); |
---|
53 | } |
---|
54 | |
---|
55 | /** |
---|
56 | * Delete all remote logins for this user as well. |
---|
57 | */ |
---|
58 | def beforeDelete = { |
---|
59 | executeUpdate( "DELETE FROM SessionAuthenticatedUser sau WHERE sau.secUser = :secUser", [ "secUser": this ] ); |
---|
60 | } |
---|
61 | } |
---|