guest account privileges

model/src/main/java/lcsb/mapviewer/model/security/Privilege.java

@@ -21,6 +21,8 @@ public class Privilege implements Serializable {
 
   private Integer objectId;
 
+  private boolean guestAccountValue;
+
   protected Privilege() {
   }
 
@@ -94,4 +96,12 @@ public class Privilege implements Serializable {
     this.objectId = objectId;
   }
 
+  public boolean isGuestAccountValue() {
+    return guestAccountValue;
+  }
+
+  public void setGuestAccountValue(boolean guestAccountValue) {
+    this.guestAccountValue = guestAccountValue;
+  }
+
 }

persist/src/main/java/lcsb/mapviewer/persist/dao/security/PrivilegeDao.java

 package lcsb.mapviewer.persist.dao.security;
 
+import java.util.*;
+
+import org.springframework.stereotype.Repository;
+
 import lcsb.mapviewer.common.Pair;
-import lcsb.mapviewer.common.exception.NotImplementedException;
 import lcsb.mapviewer.model.security.Privilege;
 import lcsb.mapviewer.model.security.PrivilegeType;
 import lcsb.mapviewer.persist.dao.BaseDao;
-import org.springframework.stereotype.Repository;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
 
 @Repository
 public class PrivilegeDao extends BaseDao<Privilege> {
 
-	public PrivilegeDao() {
-		super(Privilege.class);
-	}
-
-	public Privilege getPrivilegeForTypeAndObjectId(PrivilegeType type, Integer objectId) {
-		List<Privilege> privileges = getElementsByParameters(Arrays.asList(
-			new Pair<>("type", type),
-			new Pair<>("objectId", objectId)
-		));
-		if (privileges.size() > 1) {
-			throw new IllegalStateException("Impossible DB state. Privileges are constrained to be unique.");
-		} else if (privileges.size() == 1) {
+  public PrivilegeDao() {
+    super(Privilege.class);
+  }
+
+  public Privilege getPrivilegeForTypeAndObjectId(PrivilegeType type, Integer objectId) {
+    List<Privilege> privileges = getElementsByParameters(Arrays.asList(
+        new Pair<>("type", type),
+        new Pair<>("objectId", objectId)));
+    if (privileges.size() > 1) {
+      throw new IllegalStateException("Impossible DB state. Privileges are constrained to be unique.");
+    } else if (privileges.size() == 1) {
       return privileges.get(0);
     } else {
-		  return new Privilege(type, objectId);
+      return new Privilege(type, objectId);
     }
-	}
+  }
 
-	public List<Privilege> getDefaultPrivileges() {
-		return new ArrayList<>(); // TODO
-	}
+  public List<Privilege> getDefaultPrivileges() {
+    return new ArrayList<>(); // TODO
+  }
 
+  public List<Privilege> getGuestAccountPrivileges() {
+    return getElementsByParameter("guest_account_value", true);
+  }
 }

persist/src/main/resources/db/migration/14.0.0~alpha.0/V14.0.0.20190618__new_permission_model.sql

 --remove artifacts (privileges to non-existing projects)
 delete from privilege_table where (type = 'VIEW_PROJECT' or type ='EDIT_COMMENTS_PROJECT') and not id_object in (select id from project_table); 
 
-delete from privilege_table where user_id = (select distinct id from user_table where login = 'anonymous');
-delete from user_table where login = 'anonymous';
-
 alter table privilege_table rename column id_object to object_id;
 delete from privilege_table where level = 0;
 alter table privilege_table drop column level;
@@ -72,6 +69,12 @@ where t1.CTID != t2.CTID
   and t1.user_id = t2.user_id
   and t1.privilege_id = t2.privilege_id;
 
+alter table privilege_table add column  guest_account_value boolean default false;
+update privilege_table set guest_account_value = true where id in (select privilege_id from user_privilege_map_table where user_id = (select distinct id from user_table where login = 'anonymous'));
+
+delete from user_privilege_map_table where user_id = (select distinct id from user_table where login = 'anonymous');
+delete from user_table where login = 'anonymous';
+
 alter table privilege_table drop column user_id;
 
 alter table privilege_table add constraint unique_rows unique (type, object_id);

service/src/main/java/lcsb/mapviewer/services/impl/PrivilegeService.java

@@ -29,4 +29,9 @@ public class PrivilegeService implements IPrivilegeService {
     return privilegeDao.getPrivilegeForTypeAndObjectId(type, objectId);
   }
 
+  @Override
+  public void updatePrivilege(Privilege privilege) {
+    privilegeDao.update(privilege);
+  }
+
 }

service/src/main/java/lcsb/mapviewer/services/impl/UserService.java

@@ -94,6 +94,34 @@ public class UserService implements IUserService {
     userDao.update(user);
   }
 
+  @Override
+  public void grantGuestAccountPrivilege(PrivilegeType type) {
+    Privilege privilege =privilegeService.getPrivilege(type); 
+    privilege.setGuestAccountValue(true);
+    privilegeService.updatePrivilege(privilege);
+  }
+
+  @Override
+  public void grantGuestAccountPrivilege(PrivilegeType type, Integer objectId) {
+    Privilege privilege =privilegeService.getPrivilege(type, objectId); 
+    privilege.setGuestAccountValue(true);
+    privilegeService.updatePrivilege(privilege);
+  }
+
+  @Override
+  public void revokeGuestAccountPrivilege(PrivilegeType type) {
+    Privilege privilege =privilegeService.getPrivilege(type); 
+    privilege.setGuestAccountValue(false);
+    privilegeService.updatePrivilege(privilege);
+  }
+
+  @Override
+  public void revokeGuestAccountPrivilege(PrivilegeType type, Integer objectId) {
+    Privilege privilege =privilegeService.getPrivilege(type, objectId); 
+    privilege.setGuestAccountValue(false);
+    privilegeService.updatePrivilege(privilege);
+  }
+
   @Override
   public void revokeObjectDomainPrivilegesForAllUsers(PrivilegeType privilegeType, Integer objectId) {
     userDao.getAll().forEach(user -> revokeUserPrivilege(user, privilegeType, objectId));

service/src/main/java/lcsb/mapviewer/services/interfaces/IPrivilegeService.java

@@ -9,4 +9,6 @@ public interface IPrivilegeService {
 
   Privilege getPrivilege(PrivilegeType type, Integer objectId);
 
+  void updatePrivilege(Privilege privilege);
+
 }

service/src/main/java/lcsb/mapviewer/services/interfaces/IUserService.java

 package lcsb.mapviewer.services.interfaces;
 
-import java.util.Collection;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 
 import lcsb.mapviewer.commands.ColorExtractor;
-import lcsb.mapviewer.model.security.Privilege;
 import lcsb.mapviewer.model.security.PrivilegeType;
 import lcsb.mapviewer.model.user.User;
 
@@ -23,9 +20,13 @@ public interface IUserService {
 
   void grantUserPrivilege(User user, PrivilegeType type);
   void grantUserPrivilege(User user, PrivilegeType type, Integer objectId);
+  void grantGuestAccountPrivilege(PrivilegeType type);
+  void grantGuestAccountPrivilege(PrivilegeType type, Integer objectId);
 
   void revokeUserPrivilege(User user, PrivilegeType type);
   void revokeUserPrivilege(User user, PrivilegeType type, Integer objectId);
+  void revokeGuestAccountPrivilege(PrivilegeType type);
+  void revokeGuestAccountPrivilege(PrivilegeType type, Integer objectId);
 
   /**
    * When an object is deleted we have to manually remove the access rights to it for every user to avoid pollution.

service/src/test/java/lcsb/mapviewer/services/impl/UserServiceTest.java

 package lcsb.mapviewer.services.impl;
 
+import static org.junit.Assert.*;
+
+import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.annotation.Rollback;
+import org.springframework.transaction.annotation.Transactional;
+
 import lcsb.mapviewer.model.security.Privilege;
 import lcsb.mapviewer.model.security.PrivilegeType;
 import lcsb.mapviewer.model.user.User;
 import lcsb.mapviewer.persist.dao.security.PrivilegeDao;
 import lcsb.mapviewer.services.ServiceTestFunctions;
 import lcsb.mapviewer.services.interfaces.IUserService;
-import org.junit.Test;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.test.annotation.Rollback;
-import org.springframework.transaction.annotation.Transactional;
-
-import static org.junit.Assert.*;
 
 @Transactional
 @Rollback
@@ -138,4 +139,37 @@ public class UserServiceTest extends ServiceTestFunctions {
     assertFalse(user2.getPrivileges().contains(privilege));
   }
 
+  @Test
+  public void grantObjectPrivilegeForGuestAccount() {
+    Privilege privilege = new Privilege(PrivilegeType.WRITE_PROJECT, -50);
+    privilegeDao.add(privilege);
+
+    userService.grantGuestAccountPrivilege(PrivilegeType.WRITE_PROJECT, -50);
+
+    assertTrue(privilege.isGuestAccountValue());
+  }
+
+  @Test
+  public void grantGlobalPrivilegeForGuestAccount() {
+    userService.grantGuestAccountPrivilege(PrivilegeType.CAN_CREATE_OVERLAYS);
+    assertTrue(privilegeDao.getPrivilegeForTypeAndObjectId(PrivilegeType.CAN_CREATE_OVERLAYS, null).isGuestAccountValue());
+  }
+
+  @Test
+  public void revokePrivilegeForGuestAccount() {
+    Privilege privilege = new Privilege(PrivilegeType.WRITE_PROJECT, -50);
+    privilegeDao.add(privilege);
+
+    userService.grantGuestAccountPrivilege(PrivilegeType.WRITE_PROJECT, -50);
+    userService.revokeGuestAccountPrivilege(PrivilegeType.WRITE_PROJECT, -50);
+
+    assertFalse(privilege.isGuestAccountValue());
+  }
+  @Test
+  public void revokeGlobalPrivilegeForGuestAccount() {
+    userService.grantGuestAccountPrivilege(PrivilegeType.CAN_CREATE_OVERLAYS);
+    userService.revokeGuestAccountPrivilege(PrivilegeType.CAN_CREATE_OVERLAYS);
+    assertFalse(privilegeDao.getPrivilegeForTypeAndObjectId(PrivilegeType.CAN_CREATE_OVERLAYS, null).isGuestAccountValue());
+  }
+
 }

web/src/main/java/lcsb/mapviewer/web/config/SpringSecurityConfig.java

@@ -3,6 +3,8 @@ package lcsb.mapviewer.web.config;
 import java.util.ArrayList;
 import java.util.List;
 
+import javax.transaction.Transactional;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.*;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
@@ -29,6 +31,7 @@ import lcsb.mapviewer.services.SpringServiceConfig;
 import lcsb.mapviewer.web.bean.utils.*;
 
 
+@Transactional
 @Configuration
 @ComponentScan(basePackages = {"lcsb.mapviewer.web.config"})
 @Import({SpringRestApiConfig.class, SpringServiceConfig.class})
@@ -69,7 +72,7 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
   public AnonymousAuthenticationToken anonymousAuthenticationToken() {
     List<GrantedAuthority> authorities = new ArrayList<>();
     authorities.add(new SimpleGrantedAuthority(PrivilegeType.IS_ANON.name()));
-    for (Privilege privilege : privilegeDao.getDefaultPrivileges()) {
+    for (Privilege privilege : privilegeDao.getGuestAccountPrivileges()) {
       authorities.add(new SimpleGrantedAuthority(privilege.toString()));
     }
     return new AnonymousAuthenticationToken("wRexHF3tChFUHP6h7EYX", "anonymous", authorities);