Merge branch 'master' of https://git.bukova.info/repos/git/isspst

2014-08-29 12:40:30 +02:00
parent f6feb001a7 b92c0ddd35
commit a22be88e47
37 changed files with 717 additions and 113 deletions
@@ -11,8 +11,9 @@ import info.bukova.isspst.services.buildings.BuildingService;
 import info.bukova.isspst.services.munits.MUnitService;
 import info.bukova.isspst.services.reqsubjects.MaterialService;
 import info.bukova.isspst.services.reqsubjects.ServiceItemService;
-import info.bukova.isspst.services.requirement.RequirementBaseService;
+import info.bukova.isspst.services.requirement.RequirementService;
 import info.bukova.isspst.services.requirement.RequirementTypeService;
+import info.bukova.isspst.services.requirement.TripRequirementService;
 import info.bukova.isspst.services.tripbill.TripBillService;
 import info.bukova.isspst.services.users.RoleService;
 import info.bukova.isspst.services.users.UserService;
@@ -63,6 +64,7 @@ public class Constants {
 	public final static String MOD_SERVICES = "SERVICES";
 	public final static String MOD_WORKGROUPS = "WORKGROUPS";
 	public final static String MOD_REQUIREMENTS = "REQUIREMENTS";
+	public final static String MOD_TRIPREQUIREMENTS = "TRIPREQUIREMENTS";
 	public final static String MOD_WORKFLOW = "WORKFLOW";
 	public final static String MOD_TRIPBILL = "TRIPBILL";
 	public final static Module MODULES[] = {
@@ -74,7 +76,8 @@ public class Constants {
 		new Module(MOD_MATERIAL, "Materiál", MaterialService.class),
 		new Module(MOD_SERVICES, "Služby", ServiceItemService.class),
 		new Module(MOD_WORKGROUPS, "Pracovní skupiny", WorkgroupService.class),
-		new Module(MOD_REQUIREMENTS, "Požadavky", RequirementBaseService.class),
+		new Module(MOD_REQUIREMENTS, "Požadavky na nákupy", RequirementService.class),
+		new Module(MOD_TRIPREQUIREMENTS, "Pžadavky na služební cesty", TripRequirementService.class),
 		new Module(MOD_WORKFLOW, "Procesy schválení", RequirementTypeService.class),
 		new Module(MOD_TRIPBILL, "Cestovní příkazy", TripBillService.class)
 		};
@@ -89,6 +92,11 @@ public class Constants {
 		new Permission(PERM_SHOW_CENTRE_REQ, "Zobrazení požadavků střediska", MOD_REQUIREMENTS, PermissionType.CENTRE),
 		new Permission(PERM_SHOW_ALL_REQ, "Zobrazení všech požadavků", MOD_REQUIREMENTS, PermissionType.GLOBAL),
 		new Permission(PERM_APPROVE, "Schválení", MOD_REQUIREMENTS, PermissionType.WORKGROUP),
+		
+		new Permission(PERM_SHOW_WORKGROUP_REQ, "Zobrazení požadavků komise", MOD_TRIPREQUIREMENTS, PermissionType.WORKGROUP),
+		new Permission(PERM_SHOW_CENTRE_REQ, "Zobrazení požadavků střediska", MOD_TRIPREQUIREMENTS, PermissionType.CENTRE),
+		new Permission(PERM_SHOW_ALL_REQ, "Zobrazení všech požadavků", MOD_TRIPREQUIREMENTS, PermissionType.GLOBAL),
+		new Permission(PERM_APPROVE, "Schválení", MOD_TRIPREQUIREMENTS, PermissionType.WORKGROUP),
 	};
 	
 	public final static String DYNAMIC_REPORT_NAME = "Tabulková sestava";
@@ -1,5 +1,6 @@
 package info.bukova.isspst.data;

+import java.math.BigDecimal;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
@@ -35,6 +36,10 @@ public class TripRequirement extends RequirementBase {
 	private List<User> passengers;
 	@Embedded
 	private Vehicle vehicle;
+	@Column(name = "REQUIRE_DOWN_PAYMENT")
+	private Boolean requireDownPayment;
+	@Column(name = "DOWN_PAYMENT", precision = 15, scale = 4)
+	private BigDecimal downPayment;

 	public TripRequirement() {
 		this.setOwnedBy(new User());
@@ -97,4 +102,20 @@ public class TripRequirement extends RequirementBase {
 		this.vehicle = vehicle;
 	}

+	public Boolean getRequireDownPayment() {
+		return requireDownPayment;
+	}
+
+	public void setRequireDownPayment(Boolean requireDownPayment) {
+		this.requireDownPayment = requireDownPayment;
+	}
+
+	public BigDecimal getDownPayment() {
+		return downPayment;
+	}
+
+	public void setDownPayment(BigDecimal downPayment) {
+		this.downPayment = downPayment;
+	}
+
 }
@@ -4,6 +4,9 @@ import java.io.File;

 import javax.servlet.ServletContext;

+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import net.sf.jasperreports.engine.JRException;
 import net.sf.jasperreports.engine.JasperReport;
 import net.sf.jasperreports.engine.JasperRunManager;
@@ -16,6 +19,7 @@ public class PredefinedGenerator implements Generator {
 	
 	private ReportDefinition definition;
 	private ServletContext ctx;
+	private final static Logger logger = LoggerFactory.getLogger(PredefinedGenerator.class);
 	
 	public PredefinedGenerator(ReportDefinition definition, ServletContext ctx) {
 		this.definition = definition;
@@ -30,8 +34,10 @@ public class PredefinedGenerator implements Generator {
 			JasperReport report = (JasperReport) JRLoader.loadObject(getReportFile());
 			JRProperties.setProperty("net.sf.jasperreports.default.pdf.encoding", "Cp1250");
 			loadLazyData();
+			definition.setParam("SUBREPORT_DIR", ctx.getRealPath("WEB-INF/reports") + "/");
 			bytes = JasperRunManager.runReportToPdf(report, definition.getParams(), new JRBeanCollectionDataSource(definition.getDataSet()));;
 		} catch (JRException e) {
+			logger.error("Generator error: " + e.getMessage());
 			throw new ReportException(e);
 		}
 		
@@ -0,0 +1,10 @@
+package info.bukova.isspst.security;
+
+import org.springframework.security.core.Authentication;
+
+public interface Evaluator {
+	
+	public boolean evaluate(Authentication authentication,
+			Object targetDomainObject, String permission);
+
+}
@@ -0,0 +1,41 @@
+package info.bukova.isspst.security;
+
+import java.util.Map;
+
+public class EvaluatorsHolder {
+
+	private Map<Class<?>, Evaluator> globalEvaluators;
+	private Map<Class<?>, Evaluator> specialEvaluators;
+
+	public void setGlobalEvaluators(Map<Class<?>, Evaluator> globalEvaluators) {
+		this.globalEvaluators = globalEvaluators;
+	}
+
+	public void setSpecialEvaluators(Map<Class<?>, Evaluator> specialEvaluators) {
+		this.specialEvaluators = specialEvaluators;
+	}
+	
+	public Evaluator getForObject(Object object, boolean special) {
+		Map<Class<?>, Evaluator> evals;
+		
+		if (special) {
+			evals = specialEvaluators;
+		} else {
+			evals = globalEvaluators;
+		}
+		
+		for (Class<?> key : evals.keySet()) {
+			if (key.equals(object.getClass())) {
+				return evals.get(key);
+			}
+		}
+		
+		for (Class<?> key : evals.keySet()) {
+			if (key.isAssignableFrom(object.getClass())) {
+				return evals.get(key);
+			}
+		}
+		
+		return null;
+	}
+}
@@ -0,0 +1,44 @@
+package info.bukova.isspst.security;
+
+import info.bukova.isspst.Constants;
+import info.bukova.isspst.data.Permission;
+import info.bukova.isspst.data.PermissionType;
+
+import java.io.Serializable;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.PermissionEvaluator;
+import org.springframework.security.core.Authentication;
+
+public class IsPermissionEvaluator implements PermissionEvaluator {
+	
+	@Autowired
+	private EvaluatorsHolder evalHolder;
+
+	@Override
+	public boolean hasPermission(Authentication authentication,
+			Object targetDomainObject, Object permission) {
+		
+		Permission appPermission = null;
+		for (Permission p : Constants.SPECIAL_PERMISSIONS) {
+			if (p.getAuthority().equals(permission)) {
+				appPermission = p;
+			}
+		}
+
+		Evaluator eval = evalHolder.getForObject(targetDomainObject, appPermission != null && appPermission.getType() != PermissionType.GLOBAL);
+		
+		if (eval != null) {
+			return eval.evaluate(authentication, targetDomainObject, (String)permission);
+		}
+		
+		return false;
+	}
+
+	@Override
+	public boolean hasPermission(Authentication authentication,
+			Serializable targetId, String targetType, Object permission) {
+		return false;
+	}
+
+}
@@ -17,9 +17,8 @@ import java.util.List;

 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.core.Authentication;
-import org.springframework.transaction.annotation.Transactional;

-@Transactional
+@Deprecated
 public class IsspstPermissionEvaluator implements PermissionEvaluator {
 	
 	private WorkgroupService wgService;
@@ -0,0 +1,68 @@
+package info.bukova.isspst.security;
+
+import info.bukova.isspst.Constants;
+import info.bukova.isspst.data.Permission;
+import info.bukova.isspst.data.PermissionType;
+import info.bukova.isspst.data.RequirementBase;
+import info.bukova.isspst.data.Role;
+import info.bukova.isspst.data.User;
+import info.bukova.isspst.data.Workgroup;
+import info.bukova.isspst.services.workgroups.WorkgroupService;
+
+import java.util.List;
+
+import org.springframework.security.core.Authentication;
+
+public class RequirementFilterEvaluator implements Evaluator {
+	
+	private WorkgroupService wgService;
+	
+	public RequirementFilterEvaluator(WorkgroupService wgService) {
+		this.wgService = wgService;
+	}
+
+	@Override
+	public boolean evaluate(Authentication authentication,
+			Object targetDomainObject, String permission) {
+		
+		RequirementBase req = (RequirementBase) targetDomainObject;
+		Workgroup reqWg;
+		
+		if (!(authentication.getPrincipal() instanceof User)) {
+			return false;
+		}
+		
+		User user = (User)authentication.getPrincipal();
+		
+		Permission appPermission = null;
+		for (Permission p : Constants.SPECIAL_PERMISSIONS) {
+			if (p.getAuthority().equals(permission)) {
+				appPermission = p;
+			}
+		}
+		
+		if (appPermission == null) {
+			return false;
+		}
+		
+		if (appPermission.getType() == PermissionType.CENTRE) {
+			reqWg = req.getCentre();
+		} else {
+			reqWg = req.getWorkgroup();
+		}
+		
+		if (wgService.isMember(reqWg, user)) {
+			List<Role> roles = wgService.getUserWorkgroupRoles(reqWg, user);
+			for (Role r : roles) {
+				for (Permission p : r.getPermissions()) {
+					if (p.getAuthority().equals(appPermission.getAuthority())) {
+						return true;
+					}
+				}
+			}
+		}
+		
+		return false;
+	}
+
+}
@@ -0,0 +1,46 @@
+package info.bukova.isspst.security;
+
+import info.bukova.isspst.Constants;
+import info.bukova.isspst.Module;
+import info.bukova.isspst.data.Role;
+
+import java.util.List;
+
+import org.springframework.security.core.Authentication;
+
+public class ServiceEvaluator implements Evaluator {
+
+	@SuppressWarnings("unchecked")
+	@Override
+	public boolean evaluate(Authentication authentication,
+		Object targetDomainObject, String permission) {
+
+		List<Role> roles = (List<Role>) authentication.getAuthorities();
+		String moduleId = "";
+		String perm = permission;
+		
+		for (Module m : Constants.MODULES) {
+			if (m.getServiceClass() != null && m.getServiceClass().isAssignableFrom(targetDomainObject.getClass())) {
+				moduleId = m.getId();
+				break;
+			}
+		}
+		
+		perm += "_" + moduleId;
+		
+		for (int i = 0; i < roles.size(); i++) {
+			if (!(roles.get(i) instanceof Role)) {
+				return false;
+			}
+			if (roles.get(i).getAuthority().equals(perm)) {
+				return true;
+			}
+			if (roles.get(i).getAuthority().equals(Constants.ROLE_ADMIN)) {
+				return true;
+			}
+		}
+		
+		return false;
+	}
+
+}
@@ -0,0 +1,71 @@
+package info.bukova.isspst.security;
+
+import info.bukova.isspst.Constants;
+import info.bukova.isspst.data.Permission;
+import info.bukova.isspst.data.PermissionType;
+import info.bukova.isspst.data.Role;
+import info.bukova.isspst.data.User;
+import info.bukova.isspst.data.Workgroup;
+import info.bukova.isspst.services.workgroups.WorkgroupService;
+
+import java.util.List;
+
+import org.springframework.security.core.Authentication;
+
+public class WorkgroupAwareServiceEvaluator implements Evaluator {
+
+	private WorkgroupService wgService;
+	
+	public WorkgroupAwareServiceEvaluator(WorkgroupService wgService) {
+		this.wgService = wgService;
+	}
+	
+	@Override
+	public boolean evaluate(Authentication authentication,
+			Object targetDomainObject, String permission) {
+		
+		List<Workgroup> userWorkgroups;
+		
+		if (!(authentication.getPrincipal() instanceof User)) {
+			return false;
+		}
+		
+		User user = (User)authentication.getPrincipal();
+		
+		Permission appPermission = null;
+		for (Permission p : Constants.SPECIAL_PERMISSIONS) {
+			if (p.getAuthority().equals(permission)) {
+				appPermission = p;
+			}
+		}
+
+		if (appPermission == null) {
+			return false;
+		}
+		
+		if (appPermission.getType() == PermissionType.CENTRE) {
+			userWorkgroups = wgService.getUserCentres(user);
+		} else {
+			userWorkgroups = wgService.getUserWorkgroups(user);
+		}
+		
+		for (Workgroup wg : userWorkgroups) {
+			List<Role> wgRoles = wgService.getUserWorkgroupRoles(wg, user);
+			
+			if (wgRoles == null) {
+				continue;
+			}
+			
+			for (Role r : wgRoles) {
+				for (Permission p : r.getPermissions()) {
+					if (p.getAuthority().equals(appPermission.getAuthority())) {
+						return true;
+					}
+				}
+			}
+		}
+		
+		return false;
+	}
+
+}
@@ -1,6 +1,7 @@
 package info.bukova.isspst.services.requirement;

 import info.bukova.isspst.Constants;
+import info.bukova.isspst.data.NumberSeries;
 import info.bukova.isspst.data.RequirementState;
 import info.bukova.isspst.data.TripBill;
 import info.bukova.isspst.data.TripRequirement;
@@ -66,4 +67,22 @@ public class TripRequirementServiceImpl extends RequirementBaseServiceImpl<TripR
 		}
 	}

+	@Override
+	protected String getNumberSerie() {
+		String currentNumber = "";
+		
+		if (getNumberSeriesService() != null)
+		{
+			NumberSeries ns = getNumberSeriesService().getNumberSerie(Constants.MOD_REQUIREMENTS);
+			
+			if (ns != null)
+			{
+				currentNumber = ns.getCurrentNumber();
+				getNumberSeriesService().increase(ns);
+			}
+		}
+		
+		return currentNumber;
+	}
+
 }
@@ -92,6 +92,10 @@ public class TripBillServiceImpl extends AbstractOwnedService<TripBill> implemen
 			calculateItem(item);
 			bill.setTotal(bill.getTotal().add(item.getTotal()));
 		}
+		
+		if (bill.getRequirement().getDownPayment() != null) {
+			bill.setTotal(bill.getTotal().subtract(bill.getRequirement().getDownPayment()));
+		}
 	}
 	
 	private void calculateItem(TripBillItem item) {
@@ -0,0 +1,93 @@
+package info.bukova.isspst.services.users;
+
+import info.bukova.isspst.Constants;
+import info.bukova.isspst.data.Role;
+import info.bukova.isspst.data.User;
+
+import java.util.List;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.openid.OpenIDAttribute;
+import org.springframework.security.openid.OpenIDAuthenticationToken;
+
+public class GmailUserService implements AuthenticationUserDetailsService<OpenIDAuthenticationToken> {
+
+	private static final Logger logger = LoggerFactory.getLogger(GmailUserService.class); 
+	
+	private UserService userService;
+	private RoleService roleService;
+	private String restrictDomain;
+	
+	public GmailUserService(UserService userService, RoleService roleService) {
+		this.userService = userService;
+		this.roleService = roleService;
+	}
+	
+	@Override
+	public UserDetails loadUserDetails(OpenIDAuthenticationToken token)
+			throws UsernameNotFoundException {
+		
+		String email = null;
+		String firstName = null;
+		String lastName = null;
+		List<OpenIDAttribute> attributes = token.getAttributes();
+
+		for (OpenIDAttribute attribute : attributes) {
+			if (attribute.getName().equals("email")) {
+				email = attribute.getValues().get(0);
+			}
+			if (attribute.getName().equals("firstName")) {
+				firstName = attribute.getValues().get(0);
+			}
+			if (attribute.getName().equals("lastName")) {
+				lastName = attribute.getValues().get(0);
+			}
+		}
+		
+		String userAndDomain[] = email.split("@");
+		String username = userAndDomain[0];
+		String domain = userAndDomain[1];
+		
+		if (restrictDomain != null && !restrictDomain.isEmpty() && !restrictDomain.equals(domain)) {
+			logger.warn("Try to login from foreign domain");
+			
+			throw new UsernameNotFoundException("Email from foreign domain");
+		}
+		
+		UserDetails user;
+		
+		try {
+			user = userService.loadUserByUsername(username);
+		} catch (UsernameNotFoundException e) {
+			logger.info("Username not found in database. Creating one");
+			
+			User usr = new User();
+			usr.setUsername(username);
+			usr.setFirstName(firstName);
+			usr.setLastName(lastName);
+			usr.setEmail(email);
+			usr.setEnabled(true);
+			usr.setNotify(true);
+			
+			Role role = roleService.getRoleByAuthority(Constants.ROLE_USER);
+			usr.addAuthority(role);
+			
+			userService.grantAdmin();
+			userService.add(usr);
+			userService.removeAccess();
+			
+			user = userService.loadUserByUsername(username);
+		}
+		
+		return user;
+	}
+
+	public void setRestrictDomain(String restrictDomain) {
+		this.restrictDomain = restrictDomain;
+	}
+
+}
@@ -12,8 +12,8 @@ public interface RoleService extends Service<Role> {
 	public Role getRoleByAuthority(String authority);
 	public List<Role> getWorkgroupRoles();
 	public List<Role> getCentreRoles();
-	public List<Role> getRolesWithPermission(Permission perm, boolean centre);
-	public List<Role> getRolesWithPermission(String authority, boolean centre);
+	public List<Role> getRolesWithPermission(Permission perm, String modileId, boolean centre);
+	public List<Role> getRolesWithPermission(String authority, String modileId, boolean centre);
 	public boolean canChangeCenter(Role role);
 	public boolean canChangeWorkgroup(Role role);
 	public boolean isInWorkflow(Role role);
@@ -35,7 +35,7 @@ public class RoleServiceImpl extends AbstractService<Role> implements RoleServic
 	@SuppressWarnings("unchecked")
 	@Override
 	@Transactional
-	public List<Role> getRolesWithPermission(Permission perm, boolean centre) {
+	public List<Role> getRolesWithPermission(Permission perm, String moduleId, boolean centre) {
 		String wgClausule;
 		if (centre) {
 			wgClausule = "centre";
@@ -44,17 +44,18 @@ public class RoleServiceImpl extends AbstractService<Role> implements RoleServic
 		}
 		Set<Permission> perms = new HashSet<Permission>();
 		perms.add(perm);
-		Query q = dao.getQuery("select r from Role r join r.permissions p where r." + wgClausule + " = true and p in (:perms)");
+		Query q = dao.getQuery("select r from Role r join r.permissions p where r." + wgClausule + " = true and p.module = :module and p in (:perms)");
 		q.setParameterList("perms", perms);
+		q.setParameter("module", moduleId);
 		return q.list();
 	}

 	@Override
 	@Transactional
-	public List<Role> getRolesWithPermission(String authority, boolean centre) {
-		Query q = dao.getQuery("from Permission where authority = '" + authority + "'");
+	public List<Role> getRolesWithPermission(String authority, String moduleId, boolean centre) {
+		Query q = dao.getQuery("from Permission where authority = '" + authority + "' and module = '" + moduleId + "'");
 		Permission p = (Permission) q.uniqueResult(); 
-		return getRolesWithPermission(p, centre);
+		return getRolesWithPermission(p, moduleId, centre);
 	}

 	@Override
@@ -191,6 +191,7 @@ public class ListViewModel<T extends DataModel> {
 										ListViewModel.this, "dataList");
 								BindUtils.postNotifyChange(null, null,
 										ListViewModel.this, "dataBean");
+								BindUtils.postGlobalCommand(null, null, "reloadRelated", null);
 							} catch (DataIntegrityViolationException e) {
 								Messagebox.show(StringUtils.localize("DbCannotDelete"), StringUtils.localize("Error"), Messagebox.OK, Messagebox.ERROR);
 							} catch (AccessDeniedException e) {
@@ -237,9 +238,8 @@ public class ListViewModel<T extends DataModel> {
 			dataList.set(selIndex, editBean);
 		}
 		
-		if (newRec) {
-			BindUtils.postGlobalCommand(null, null, "reloadRelated", null);
-		}
+		BindUtils.postGlobalCommand(null, null, "reloadRelated", null);
+		
 	}

 	@GlobalCommand
@@ -44,8 +44,21 @@ public class RequirementTypesVM {
 	}
 	
 	private void initRoles() {
-		centreRoles = new ArrayList<Role>(roleService.getRolesWithPermission(Constants.PERM_APPROVE, true));
-		workgroupRoles = new ArrayList<Role>(roleService.getRolesWithPermission(Constants.PERM_APPROVE, false));
+		String moduleId;
+		
+		if (selected != null) {
+			if (selected.getType().equals(Constants.REQTYPE_BUSINESSTRIP)) {
+				moduleId = Constants.MOD_TRIPREQUIREMENTS;
+			} else {
+				moduleId = Constants.MOD_REQUIREMENTS;
+			}
+			
+			centreRoles = new ArrayList<Role>(roleService.getRolesWithPermission(Constants.PERM_APPROVE, moduleId, true));
+			workgroupRoles = new ArrayList<Role>(roleService.getRolesWithPermission(Constants.PERM_APPROVE, moduleId, false));
+		} else {
+			centreRoles = null;
+			workgroupRoles = null;
+		}
 	}
 	
 	@Command
@@ -196,6 +209,8 @@ public class RequirementTypesVM {
 			return;
 		}
 		
+		this.selected = selected;
+		
 		initRoles();
 		
 		for (Workflow w : selected.getWorkflow()) {
@@ -205,8 +220,6 @@ public class RequirementTypesVM {
 				workgroupRoles.remove(w.getRole());
 			}
 		}
-		
-		this.selected = selected;
 	}
 	
 	@Command