Author: echatellier Date: 2014-06-30 18:35:30 +0200 (Mon, 30 Jun 2014) New Revision: 301 Url: http://forge.codelutin.com/projects/faxtomail/repository/revisions/301 Log: Application de la securit?\195?\169 ?\195?\160 la recherche Modified: trunk/faxtomail-persistence/src/main/java/com/franciaflex/faxtomail/persistence/entities/EmailTopiaDao.java trunk/faxtomail-service/src/main/java/com/franciaflex/faxtomail/services/service/EmailService.java trunk/faxtomail-service/src/main/java/com/franciaflex/faxtomail/services/service/MailFolderService.java trunk/faxtomail-service/src/test/java/com/franciaflex/faxtomail/services/service/AbstractFaxToMailServiceTest.java trunk/faxtomail-service/src/test/java/com/franciaflex/faxtomail/services/service/InitTestData.java trunk/faxtomail-ui-swing/src/main/java/com/franciaflex/faxtomail/ui/swing/content/search/SearchToGroupUI.css trunk/faxtomail-ui-swing/src/main/java/com/franciaflex/faxtomail/ui/swing/content/search/SearchUI.css trunk/faxtomail-ui-swing/src/main/java/com/franciaflex/faxtomail/ui/swing/content/search/SearchUIModel.java trunk/faxtomail-ui-swing/src/main/resources/i18n/faxtomail-ui-swing_fr_FR.properties Modified: trunk/faxtomail-persistence/src/main/java/com/franciaflex/faxtomail/persistence/entities/EmailTopiaDao.java =================================================================== --- trunk/faxtomail-persistence/src/main/java/com/franciaflex/faxtomail/persistence/entities/EmailTopiaDao.java 2014-06-30 15:35:05 UTC (rev 300) +++ trunk/faxtomail-persistence/src/main/java/com/franciaflex/faxtomail/persistence/entities/EmailTopiaDao.java 2014-06-30 16:35:30 UTC (rev 301) @@ -27,6 +27,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Set; import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.lang3.StringUtils; @@ -39,16 +40,20 @@ * Search for email using filter. * * @param emailFilter email filter - * @param user user (for rights compute) + * @param readMailFolders readable mail folders (for rights compute) * @param pagination pagination * @return email list matching query filters */ - public PaginationResult<Email> search(EmailFilter emailFilter, FaxToMailUser user, PaginationParameter pagination) { + public PaginationResult<Email> search(EmailFilter emailFilter, Set<MailFolder> readMailFolders, PaginationParameter pagination) { StringBuilder query = new StringBuilder("FROM " + Email.class.getName() + " E"); - query.append(" WHERE 1 = 1"); Map<String, Object> args = new HashMap<>(); + // apply security + //query.append(" WHERE E." + Email.PROPERTY_MAIL_FOLDER + " in (:readMailFolders)"); + //args.put("readMailFolders", readMailFolders); + query.append(" WHERE 1 = 1"); + // email minReceptionDate if (emailFilter.getMinReceptionDate() != null) { query.append(" AND E." + Email.PROPERTY_RECEPTION_DATE + " >= :" + EmailFilter.PROPERTY_MIN_RECEPTION_DATE); @@ -305,9 +310,9 @@ query.append(")"); } - // email comment + // email message if (StringUtils.isNotBlank(emailFilter.getMessage())) { - query.append(" AND lower(E." + Email.PROPERTY_COMMENT + ") LIKE lower(:" + EmailFilter.PROPERTY_MESSAGE + ")"); + query.append(" AND lower(E." + Email.PROPERTY_ORIGINAL_EMAIL + ") LIKE lower(:" + EmailFilter.PROPERTY_MESSAGE + ")"); args.put(EmailFilter.PROPERTY_MESSAGE, "%" + emailFilter.getMessage() + "%"); } Modified: trunk/faxtomail-service/src/main/java/com/franciaflex/faxtomail/services/service/EmailService.java =================================================================== --- trunk/faxtomail-service/src/main/java/com/franciaflex/faxtomail/services/service/EmailService.java 2014-06-30 15:35:05 UTC (rev 300) +++ trunk/faxtomail-service/src/main/java/com/franciaflex/faxtomail/services/service/EmailService.java 2014-06-30 16:35:30 UTC (rev 301) @@ -47,12 +47,6 @@ import javax.activation.FileDataSource; import javax.mail.MessagingException; -import com.franciaflex.faxtomail.persistence.entities.AttachmentTopiaDao; -import com.franciaflex.faxtomail.persistence.entities.EdiReturn; -import com.franciaflex.faxtomail.persistence.entities.EdiReturnTopiaDao; -import com.franciaflex.faxtomail.persistence.entities.MailField; -import com.google.common.base.Function; - import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.Predicate; import org.apache.commons.io.IOUtils; @@ -75,25 +69,33 @@ import com.franciaflex.faxtomail.persistence.entities.AttachmentFileImpl; import com.franciaflex.faxtomail.persistence.entities.AttachmentFileTopiaDao; import com.franciaflex.faxtomail.persistence.entities.AttachmentImpl; +import com.franciaflex.faxtomail.persistence.entities.AttachmentTopiaDao; import com.franciaflex.faxtomail.persistence.entities.Client; import com.franciaflex.faxtomail.persistence.entities.DemandStatus; +import com.franciaflex.faxtomail.persistence.entities.EdiReturn; +import com.franciaflex.faxtomail.persistence.entities.EdiReturnTopiaDao; import com.franciaflex.faxtomail.persistence.entities.Email; import com.franciaflex.faxtomail.persistence.entities.EmailFilter; import com.franciaflex.faxtomail.persistence.entities.EmailGroup; import com.franciaflex.faxtomail.persistence.entities.EmailGroupTopiaDao; import com.franciaflex.faxtomail.persistence.entities.EmailTopiaDao; import com.franciaflex.faxtomail.persistence.entities.FaxToMailUser; +import com.franciaflex.faxtomail.persistence.entities.FaxToMailUserGroup; import com.franciaflex.faxtomail.persistence.entities.History; import com.franciaflex.faxtomail.persistence.entities.HistoryTopiaDao; import com.franciaflex.faxtomail.persistence.entities.HistoryType; +import com.franciaflex.faxtomail.persistence.entities.MailField; import com.franciaflex.faxtomail.persistence.entities.MailFolder; +import com.franciaflex.faxtomail.persistence.entities.MailFolderTopiaDao; import com.franciaflex.faxtomail.persistence.entities.RangeRow; import com.franciaflex.faxtomail.persistence.entities.RangeRowTopiaDao; import com.franciaflex.faxtomail.persistence.entities.Reply; import com.franciaflex.faxtomail.persistence.entities.ReplyTopiaDao; import com.franciaflex.faxtomail.services.FaxToMailServiceSupport; +import com.google.common.base.Function; import com.google.common.base.Preconditions; import com.google.common.base.Strings; +import com.google.common.collect.Iterables; import com.google.common.collect.Lists; import com.google.common.collect.Maps; import com.google.common.collect.Sets; @@ -484,10 +486,41 @@ return email; } + /** + * Calcule recursivement l'ensemble des répertoires lisible par un utilisateur récursivement. + * + * @param readMailFolders result mail folders + * @param mailFolders mail folder to allow + */ + protected void computeUserReadableFolder(Set<MailFolder> readMailFolders, Iterable<MailFolder> mailFolders) { + if (mailFolders != null) { + for (MailFolder mailFolder : mailFolders) { + readMailFolders.add(mailFolder); + computeUserReadableFolder(readMailFolders, mailFolder.getChildren()); + } + } + } + public PaginationResult<Email> search(EmailFilter emailFilter, FaxToMailUser user, PaginationParameter pagination) { + + // compute rigths + MailFolderTopiaDao mailFolderDao = getPersistenceContext().getMailFolderDao(); + Set<MailFolder> readMailFolders = new HashSet<MailFolder>(); + // read rights for user + Iterable<MailFolder> mailFolders = mailFolderDao.forReadRightUsersContains(user).findAll(); + computeUserReadableFolder(readMailFolders, mailFolders); + // read rigths for groups + if (user.getUserGroups() != null) { + for (FaxToMailUserGroup group : user.getUserGroups()) { + mailFolders = mailFolderDao.forReadRightGroupsContains(group).findAll(); + computeUserReadableFolder(readMailFolders, mailFolders); + } + } - EmailTopiaDao dao = getPersistenceContext().getEmailDao(); - PaginationResult<Email> result = dao.search(emailFilter, user, pagination); + // compute search + EmailTopiaDao emailDao = getPersistenceContext().getEmailDao(); + PaginationResult<Email> result = emailDao.search(emailFilter, readMailFolders, pagination); + return result; } Modified: trunk/faxtomail-service/src/main/java/com/franciaflex/faxtomail/services/service/MailFolderService.java =================================================================== --- trunk/faxtomail-service/src/main/java/com/franciaflex/faxtomail/services/service/MailFolderService.java 2014-06-30 15:35:05 UTC (rev 300) +++ trunk/faxtomail-service/src/main/java/com/franciaflex/faxtomail/services/service/MailFolderService.java 2014-06-30 16:35:30 UTC (rev 301) @@ -32,14 +32,9 @@ import java.util.Map; import com.franciaflex.faxtomail.persistence.entities.FaxToMailUser; -import com.franciaflex.faxtomail.persistence.entities.FaxToMailUserGroup; import org.apache.commons.collections4.CollectionUtils; -import org.apache.commons.lang3.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.nuiton.topia.persistence.TopiaEntities; -import org.nuiton.util.beans.Binder; -import org.nuiton.util.beans.BinderFactory; import org.nuiton.util.pagination.PaginationParameter; import com.franciaflex.faxtomail.persistence.entities.EmailTopiaDao; @@ -47,11 +42,8 @@ import com.franciaflex.faxtomail.persistence.entities.MailFilter; import com.franciaflex.faxtomail.persistence.entities.MailFilterTopiaDao; import com.franciaflex.faxtomail.persistence.entities.MailFolder; -import com.franciaflex.faxtomail.persistence.entities.MailFolderImpl; import com.franciaflex.faxtomail.persistence.entities.MailFolderTopiaDao; import com.franciaflex.faxtomail.services.FaxToMailServiceSupport; -import com.google.common.collect.Lists; -import com.google.common.collect.Maps; /** * @author kmorin <kmorin@codelutin.com> Modified: trunk/faxtomail-service/src/test/java/com/franciaflex/faxtomail/services/service/AbstractFaxToMailServiceTest.java =================================================================== --- trunk/faxtomail-service/src/test/java/com/franciaflex/faxtomail/services/service/AbstractFaxToMailServiceTest.java 2014-06-30 15:35:05 UTC (rev 300) +++ trunk/faxtomail-service/src/test/java/com/franciaflex/faxtomail/services/service/AbstractFaxToMailServiceTest.java 2014-06-30 16:35:30 UTC (rev 301) @@ -26,7 +26,6 @@ import java.io.File; import java.io.IOException; -import java.io.ObjectInputStream.GetField; import java.util.HashMap; import java.util.LinkedList; import java.util.List; Modified: trunk/faxtomail-service/src/test/java/com/franciaflex/faxtomail/services/service/InitTestData.java =================================================================== --- trunk/faxtomail-service/src/test/java/com/franciaflex/faxtomail/services/service/InitTestData.java 2014-06-30 15:35:05 UTC (rev 300) +++ trunk/faxtomail-service/src/test/java/com/franciaflex/faxtomail/services/service/InitTestData.java 2014-06-30 16:35:30 UTC (rev 301) @@ -167,6 +167,10 @@ FaxToMailUser.PROPERTY_LOGIN, "jbourgoin", FaxToMailUser.PROPERTY_TRIGRAPH, "JBO"); + // droits global à marc pour tout + franciaflex.addReadRightUsers(marc); + franciaflex = folderDao.update(franciaflex); + // import test csv List<Range> ranges = null; try (InputStream is = InitTestData.class.getResourceAsStream("/csv/ranges.csv")) { Modified: trunk/faxtomail-ui-swing/src/main/java/com/franciaflex/faxtomail/ui/swing/content/search/SearchToGroupUI.css =================================================================== --- trunk/faxtomail-ui-swing/src/main/java/com/franciaflex/faxtomail/ui/swing/content/search/SearchToGroupUI.css 2014-06-30 15:35:05 UTC (rev 300) +++ trunk/faxtomail-ui-swing/src/main/java/com/franciaflex/faxtomail/ui/swing/content/search/SearchToGroupUI.css 2014-06-30 16:35:30 UTC (rev 301) @@ -206,7 +206,6 @@ #ediCodeNumberField { text: { model.getEdiCodeNumber() }; - editable: false; } #priorityLabel { Modified: trunk/faxtomail-ui-swing/src/main/java/com/franciaflex/faxtomail/ui/swing/content/search/SearchUI.css =================================================================== --- trunk/faxtomail-ui-swing/src/main/java/com/franciaflex/faxtomail/ui/swing/content/search/SearchUI.css 2014-06-30 15:35:05 UTC (rev 300) +++ trunk/faxtomail-ui-swing/src/main/java/com/franciaflex/faxtomail/ui/swing/content/search/SearchUI.css 2014-06-30 16:35:30 UTC (rev 301) @@ -218,7 +218,6 @@ #ediCodeNumberField { text: { model.getEdiCodeNumber() }; - editable: false; } #priorityLabel { Modified: trunk/faxtomail-ui-swing/src/main/java/com/franciaflex/faxtomail/ui/swing/content/search/SearchUIModel.java =================================================================== --- trunk/faxtomail-ui-swing/src/main/java/com/franciaflex/faxtomail/ui/swing/content/search/SearchUIModel.java 2014-06-30 15:35:05 UTC (rev 300) +++ trunk/faxtomail-ui-swing/src/main/java/com/franciaflex/faxtomail/ui/swing/content/search/SearchUIModel.java 2014-06-30 16:35:30 UTC (rev 301) @@ -283,7 +283,6 @@ Object oldValue = getMinReceptionDate(); editObject.setMinReceptionDate(minReceptionDate); firePropertyChanged(EmailFilter.PROPERTY_MIN_RECEPTION_DATE, oldValue, minReceptionDate); - System.out.println(minReceptionDate); } public Date getMaxReceptionDate() { Modified: trunk/faxtomail-ui-swing/src/main/resources/i18n/faxtomail-ui-swing_fr_FR.properties =================================================================== --- trunk/faxtomail-ui-swing/src/main/resources/i18n/faxtomail-ui-swing_fr_FR.properties 2014-06-30 15:35:05 UTC (rev 300) +++ trunk/faxtomail-ui-swing/src/main/resources/i18n/faxtomail-ui-swing_fr_FR.properties 2014-06-30 16:35:30 UTC (rev 301) @@ -106,7 +106,7 @@ faxtomail.demande.demandStatus.label=Statut faxtomail.demande.demandType.label=Type faxtomail.demande.docType.label=Type -faxtomail.demande.ediCodeNumber.label= +faxtomail.demande.ediCodeNumber.label=Code EDI faxtomail.demande.ediError.label=Retour EDI faxtomail.demande.etatAttente.label=État attente faxtomail.demande.fax.label=Fax