audit door

gaetancollaud · Sep 1, 2015 · 582d6b5 · 582d6b5
1 parent 55cafcb
commit 582d6b5
Show file tree

Hide file tree

Showing 10 changed files with 131 additions and 16 deletions.
diff --git a/src/main/java/net/collaud/fablab/manager/audit/AuditAspect.java b/src/main/java/net/collaud/fablab/manager/audit/AuditAspect.java
@@ -21,6 +21,8 @@
 import org.aspectj.lang.reflect.MethodSignature;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
+import org.springframework.transaction.annotation.Propagation;
+import org.springframework.transaction.annotation.Transactional;
 
 /**
  *
@@ -29,11 +31,12 @@
 @Aspect
 @Slf4j
 @Component
+@Transactional(propagation = Propagation.NOT_SUPPORTED)
 public class AuditAspect {
-
+	
 	@Autowired
 	private AuditService auditService;
-
+	
 	@Autowired
 	private SecurityService securityService;
 
@@ -48,15 +51,19 @@ public Object serviceAction(ProceedingJoinPoint pjp) throws Throwable {
 		}
 		return pjp.proceed();
 	}
-
+	
 	protected Object aroudAudit(ProceedingJoinPoint pjp, Method method) throws Throwable {
 		log.info("Intercepted method " + method.getName());
 		Audit ann = method.getAnnotation(Audit.class);
 		try {
 			Object result = pjp.proceed();
-			Object object = getObjectOutOfResultAndParameters(ann, result, pjp.getArgs());
-			Integer id = getIdOfObject(object);
-			addEntry(ann.action(), ann.object(), id, true, getReadableMessage(ann.object(), ann.action(), object, pjp.getArgs()), null);
+			try {
+				Object object = getObjectOutOfResultAndParameters(ann, result, pjp.getArgs());
+				Integer id = getIdOfObject(object);
+				addEntry(ann.action(), ann.object(), id, true, getReadableMessage(ann.object(), ann.action(), object, pjp.getArgs()), null);
+			} catch (Exception ex) {
+				log.error("Cannot add login for themod " + method.getName(), ex);
+			}
 			return result;
 		} catch (Exception ex) {
 			Object entity = getObjectOutOfResultAndParameters(ann, null, pjp.getArgs());
@@ -65,14 +72,14 @@ protected Object aroudAudit(ProceedingJoinPoint pjp, Method method) throws Throw
 			throw ex;
 		}
 	}
-
+	
 	private void addEntry(AuditAction action, AuditObject object, Integer objectId, boolean success, String content, String detail) throws FablabException {
 		if (detail != null && detail.isEmpty()) {
 			detail = null;
 		}
 		auditService.addEntry(new AuditEO(securityService.getCurrentUser().orElse(null), action, object, objectId, new Date(), success, content, detail));
 	}
-
+	
 	private Object getObjectOutOfResultAndParameters(Audit ann, Object result, Object[] parameters) {
 		if (ann.action().equals(AuditAction.INSERT)
 				|| ann.action().equals(AuditAction.UPDATE)) {
@@ -90,14 +97,14 @@ private Object getObjectOutOfResultAndParameters(Audit ann, Object result, Objec
 		}
 		return null;
 	}
-
+	
 	private Integer getIdOfObject(Object entity) {
 		if (entity instanceof AbstractDataEO) {
 			return (Integer) ((AbstractDataEO) entity).getId();
 		}
 		return null;
 	}
-
+	
 	private String getReadableMessage(AuditObject obj, AuditAction action, Object res, Object[] args) {
 		switch (obj) {
 			case USAGE:
@@ -151,7 +158,7 @@ private String getReadableMessage(AuditAction action, PaymentEO payment) {
 		}
 		return sb.toString();
 	}
-
+	
 	private String getReadableMessage(AuditAction action, UserEO user) {
 		StringBuilder sb = new StringBuilder();
 		sb.append("User ");
@@ -178,7 +185,7 @@ private String getReadableMessage(AuditAction action, UserEO user) {
 		sb.append("]");
 		return sb.toString();
 	}
-
+	
 	private String getReadableMessageForSecurity(AuditAction action, Object result, Object[] args) {
 		StringBuilder sb = new StringBuilder();
 		if (action == AuditAction.LOGIN) {
@@ -216,5 +223,5 @@ private String getReadableMessage(AuditAction action, SubscriptionEO subscriptio
 		sb.append(" confirmed his subscription");
 		return sb.toString();
 	}
-
+	
 }
diff --git a/src/main/java/net/collaud/fablab/manager/dao/UserRepository.java b/src/main/java/net/collaud/fablab/manager/dao/UserRepository.java
@@ -49,5 +49,10 @@ public interface UserRepository extends JpaRepository<UserEO, Integer>{
 			+ " FROM UserBalanceEO ub "
 			+ " WHERE ub.userId=:userId ")
 	Optional<UserBalanceEO> getUserBalanceFromUserId(@Param("userId")Integer userId);
+
+	@Query("SELECT u "
+			+ " FROM UserEO u "
+			+ " WHERE u.rfid=:rfid")
+	Optional<UserEO> findByRFID(@Param("rfid") String rfid);
 
 }
diff --git a/src/main/java/net/collaud/fablab/manager/data/type/DoorAction.java b/src/main/java/net/collaud/fablab/manager/data/type/DoorAction.java
@@ -0,0 +1,11 @@
+package net.collaud.fablab.manager.data.type;
+
+/**
+ *
+ * @author Gaetan Collaud
+ */
+public enum DoorAction {
+	OPEN,
+	CLOSE,
+	TRY_OPEN_BUT_FAIL
+}
diff --git a/src/main/java/net/collaud/fablab/manager/rest/legacy/DoorWS.java b/src/main/java/net/collaud/fablab/manager/rest/legacy/DoorWS.java
@@ -0,0 +1,85 @@
+package net.collaud.fablab.manager.rest.legacy;
+
+import java.util.Optional;
+import javax.annotation.security.RunAs;
+import lombok.extern.slf4j.Slf4j;
+import net.collaud.fablab.manager.annotation.JavascriptAPIConstant;
+import net.collaud.fablab.manager.audit.AuditUtils;
+import net.collaud.fablab.manager.data.UserEO;
+import net.collaud.fablab.manager.data.type.AuditAction;
+import net.collaud.fablab.manager.data.type.AuditObject;
+import net.collaud.fablab.manager.data.type.DoorAction;
+import net.collaud.fablab.manager.exceptions.FablabException;
+import net.collaud.fablab.manager.security.Roles;
+import net.collaud.fablab.manager.service.AuditService;
+import net.collaud.fablab.manager.service.ConfigurationService;
+import net.collaud.fablab.manager.service.UserService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ *
+ * @author Gaetan Collaud <[email protected]> Collaud <[email protected]>
+ */
+@RestController()
+@RequestMapping("/door")
+@JavascriptAPIConstant("DOOR_API")
+@RunAs(Roles.SYSTEM)
+@Slf4j
+public class DoorWS {
+
+	@Autowired
+	private ConfigurationService configurationService;
+
+	@Autowired
+	private UserService userService;
+
+	@Autowired
+	private AuditService auditService;
+
+	@RequestMapping(value = "event", method = RequestMethod.GET)
+	public void getallMembershipType(
+			@RequestParam("eventAction") DoorAction action,
+			@RequestParam("rfid") String rfid,
+			@RequestParam("token") String token) {
+		StringBuilder sb = new StringBuilder();
+
+		Optional<UserEO> user = Optional.empty();
+		if (rfid != null) {
+			user = userService.findByRFID(rfid);
+			sb.append(user.map(u -> u.getFirstLastName()).orElse("Anonymous"));
+			sb.append(" with RFID ").append(rfid).append(" ");
+		} else {
+			sb.append("Someone ");
+		}
+		boolean success = true;
+		if (action
+				!= null) {
+			switch (action) {
+				case OPEN:
+					sb.append("opened the door");
+					break;
+				case CLOSE:
+					sb.append("closed the door");
+					break;
+				case TRY_OPEN_BUT_FAIL:
+					sb.append("tried to open the door but failed");
+					success = false;
+					break;
+			}
+		} else {
+			sb.append("did something with the door");
+		}
+
+		log.info(sb.toString());
+		try {
+			AuditUtils.addAudit(auditService, user.orElse(null), AuditObject.ACCESS_DOOR, AuditAction.UPDATE, success, sb.toString());
+		} catch (FablabException ex) {
+			log.error("Cannot add audit entry");
+		}
+	}
+
+}
diff --git a/src/main/java/net/collaud/fablab/manager/security/Roles.java b/src/main/java/net/collaud/fablab/manager/security/Roles.java
@@ -6,6 +6,7 @@
  */
 public interface Roles {
 
+	public static final String SYSTEM = "ROLE_SYSTEM";
 	public static final String ADMIN = "ROLE_USER_VIEW";
 	public static final String USER_VIEW = "ROLE_USER_VIEW";
 	public static final String USER_MANAGE = "ROLE_USER_MANAGE";

diff --git a/src/main/java/net/collaud/fablab/manager/service/UserService.java b/src/main/java/net/collaud/fablab/manager/service/UserService.java
@@ -29,4 +29,6 @@ public interface UserService extends ReadWriteService<UserEO>{
 	@Override
 	@Audit(object = AuditObject.USER, action = AuditAction.SAVE)
 	public UserEO save(UserEO entity);
+
+	Optional<UserEO> findByRFID(String rfid);
 }
diff --git a/src/main/java/net/collaud/fablab/manager/service/impl/AuditServiceImpl.java b/src/main/java/net/collaud/fablab/manager/service/impl/AuditServiceImpl.java
@@ -19,7 +19,6 @@
  */
 @Service
 @Transactional
-@Secured({Roles.ADMIN})
 public class AuditServiceImpl extends AbstractServiceImpl implements AuditService {
 
 	@Autowired

diff --git a/src/main/java/net/collaud/fablab/manager/service/impl/UserServiceImpl.java b/src/main/java/net/collaud/fablab/manager/service/impl/UserServiceImpl.java
@@ -168,4 +168,9 @@ public void updateMailingList() {
 		mailService.sendPlainTextMail("Update mailing list", sb.toString(), "[email protected]");
 	}
 
+	@Override
+	public Optional<UserEO> findByRFID(String rfid) {
+		return userDao.findByRFID(rfid);
+	}
+
 }
diff --git a/src/main/webapp/META-INF/context.xml b/src/main/webapp/META-INF/context.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<Context antiJARLocking="true" path="/fablab-manager-2.0.1-SNAPSHOT"/>
+<Context antiJARLocking="true" path="/fablab-manager"/>
diff --git a/src/main/webapp/components/auth/login-view.html b/src/main/webapp/components/auth/login-view.html
@@ -16,7 +16,7 @@ <h2 class="form-signin-heading" translate="auth.pleaseSignIn"></h2>
 		   required>
 	<button 
 		class="btn btn-lg btn-primary btn-block" 
-		type="submit" 
+		type="button" 
 		ng-click="login()"
 		translate="auth.signIn"></button>