avatic/lcc_tool
avatic/lcc_tool
1
0
Fork 0
Code Issues 31 Pull requests 5 Projects Releases Packages Wiki Activity Actions

added right-management to the rights of the first user.

Browse source
This commit is contained in:
Jan 2025-11-18 17:43:10 +01:00
parent c57c2ff19d
commit 47aab96dfa
2 changed files with 25 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
src/main/java/de/avatic/lcc/config/LccOidcUser.java
View file

@ -7,6 +7,7 @@ import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
@ -26,13 +27,27 @@ public class LccOidcUser extends DefaultOidcUser {
public static User createDatabaseUser(String email, String firstName, String lastName, String workdayId, boolean isFirstUser) {
User user = new User();
Group group = new Group();
group.setName(isFirstUser ? "service" : "none");
var groups = new ArrayList<Group>();
if(isFirstUser) {
var g = new Group();
g.setName("service");
groups.add(g);
g = new Group();
g.setName("right-management");
groups.add(g);
} else {
var g = new Group();
g.setName("none");
groups.add(g);
}
user.setEmail(email);
user.setFirstName(firstName == null ? "" : firstName);
user.setLastName(lastName == null ? "" : lastName);
user.setGroups(List.of(group));
user.setGroups(groups);
user.setWorkdayId(workdayId == null ? "" : workdayId);
user.setActive(false);

12
src/main/java/de/avatic/lcc/config/SecurityConfig.java
View file

@ -292,21 +292,23 @@ public class SecurityConfig {
}
if (user != null) {
user.getGroups().forEach(g -> log.debug("Local group: {}", g.getName()));
user.getGroups().forEach(group -> mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + group.getName().toUpperCase())));
userId = user.getId();
} else {
if (email != null && firstName != null && lastName != null && (ignoreWorkdayClaim || workdayId != null)) {
var isFirstUser = userRepository.count() == 0;
userId = userRepository.update(LccOidcUser.createDatabaseUser(email, firstName, lastName, ignoreWorkdayClaim ? generateRandomWorkdayId() : workdayId, isFirstUser));
mappedAuthorities.add(new SimpleGrantedAuthority(isFirstUser ? "ROLE_SERVICE" : "ROLE_NONE"));
user = LccOidcUser.createDatabaseUser(email, firstName, lastName, ignoreWorkdayClaim ? generateRandomWorkdayId() : workdayId, isFirstUser);
userId = userRepository.update(user);
} else {
log.debug("Unable to create user {} / {}", email, workdayId);
mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_NONE"));
}
}
if (user != null) {
user.getGroups().forEach(g -> log.debug("Local group: {}", g.getName()));
user.getGroups().forEach(group -> mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + group.getName().toUpperCase())));
}
return new LccOidcUser(
mappedAuthorities,