root/trunk/grails-app/domain/dbnp/authentication/SecUser.groovy @ 2225

Revision 2225, 2.3 KB (checked in by work@…, 2 years ago)

- changed application wide secret into a user specific api key which is automatically generated when a user is created. The key is available in the user's profile or through the user administration pages

  • Property svn:keywords set to Rev Author Date
Line 
1package dbnp.authentication
2
3class SecUser implements Serializable {
4        String username         // for shibboleth this is request header: persistent-id
5        String password         // for shibboleth this is springSecurityService.encodePassword("myDummyPassword", shibPersistentId)
6        String displayName              // shibboleth request header: displayName
7        String organization             // shibboleth request header: schacHomeOrganization
8        String uid                              // shibboleth request header: uid
9        String voName                   // shibboleth request header: coin-vo-name
10        String userStatus               // shibboleth request header: coin-user-status
11        String email
12    String apiKey           // api key for clients using the API
13        Date dateCreated
14
15        boolean shibbolethUser = false
16        boolean enabled
17        boolean accountExpired
18        boolean accountLocked
19        boolean passwordExpired
20        boolean userConfirmed   // True if the user has confirmed his subscription using the link in the email
21        boolean adminConfirmed  // True if the administrator has confirmed this subscription using the link in the email
22
23        static constraints = {
24                username blank: false, unique: true
25                password blank: true
26                email blank: false
27                displayName nullable: true
28                organization nullable: true
29                uid nullable: true
30                voName nullable: true
31                userStatus nullable: true
32        apiKey nullable: true, unique: true
33        }
34
35        static mapping = {
36                password column: '`password`'
37                enabled formula: 'USER_CONFIRMED AND ADMIN_CONFIRMED'
38        }
39
40        Set<SecRole> getAuthorities() {
41                SecUserSecRole.findAllBySecUser(this).collect { it.secRole } as Set
42        }
43
44        public boolean equals(Object y) {
45                if (!(y instanceof SecUser)) {
46                        return false;
47                }
48
49                if (y == null) return false;
50
51                return this.id == y.id
52        }
53
54        public boolean hasAdminRights() {
55                return getAuthorities().contains(SecRole.findByAuthority('ROLE_ADMIN'));
56        }
57       
58        /**
59         * Delete all remote logins for this user as well.
60         */
61        def beforeDelete = {
62                executeUpdate( "DELETE FROM SessionAuthenticatedUser sau WHERE sau.secUser = :secUser", [ "secUser": this ] );
63        }
64
65    /**
66     * Generate a shared secret for this user
67     * @void
68     */
69    def beforeInsert = {
70        // generate an apiKey for this user
71        apiKey = UUID.randomUUID().toString()
72    }
73
74        /**
75         * return the text representation of this user
76         * @return
77         */
78        def String toString() {
79                if (shibbolethUser) {
80                        return displayName
81                } else {
82                        return username
83                }
84        }
85}
Note: See TracBrowser for help on using the browser.