Skip to content

Commit

Permalink
Implement changes
Browse files Browse the repository at this point in the history
  • Loading branch information
coutinho21 committed Sep 16, 2023
1 parent 5a18f0b commit 4434c16
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 10 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,11 @@ import org.springframework.web.bind.annotation.RequestMapping
import org.springframework.web.bind.annotation.RestController
import pt.up.fe.ni.website.backend.dto.auth.LoginDto
import pt.up.fe.ni.website.backend.dto.auth.TokenDto
import pt.up.fe.ni.website.backend.model.Project
import pt.up.fe.ni.website.backend.repository.ActivityRepository
import pt.up.fe.ni.website.backend.service.AuthService

@RestController
@RequestMapping("/auth")
class AuthController(val authService: AuthService, val repository: ActivityRepository<Project>) {
class AuthController(val authService: AuthService) {
@PostMapping("/new")
fun getNewToken(@RequestBody loginDto: LoginDto): Map<String, String> {
val account = authService.authenticate(loginDto.email, loginDto.password)
Expand All @@ -42,13 +40,13 @@ class AuthController(val authService: AuthService, val repository: ActivityRepos
)
}

@PreAuthorize("@authService.hasPermission(#permission.trim().toUpperCase())")
@PreAuthorize("@authService.hasPermission(#permission)")
@GetMapping("/hasPermission/{permission}")
fun protectedPermission(@PathVariable permission: String): Map<String, String> {
return mapOf("message" to "You have permission to access this endpoint!")
}

@PreAuthorize("@authService.hasActivityPermission(#activityId, #permission.trim().toUpperCase())")
@PreAuthorize("@authService.hasActivityPermission(#activityId, #permission)")
@GetMapping("/hasPermission/{activityId}/{permission}")
fun protectedPerActivityPermission(
@PathVariable activityId: Long,
Expand Down
2 changes: 1 addition & 1 deletion src/main/kotlin/pt/up/fe/ni/website/backend/model/Role.kt
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,6 @@ class Role(
if (associatedActivities.isEmpty()) {
return permissionsPayload
}
return permissionsPayload + " " + associatedActivities.joinToString(separator = " ").trimEnd()
return "$permissionsPayload ${associatedActivities.joinToString(" ").trimEnd()}"
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ class AuthService(
fun hasPermission(permission: String): Boolean {
val authentication = SecurityContextHolder.getContext().authentication
return authentication.authorities.any {
it.toString() == permission
it.toString() == permission.trim().uppercase(Locale.getDefault())
}
}

Expand All @@ -44,9 +44,13 @@ class AuthService(
val activity = activityService.getActivityById(activityId)
val name = activity.title.filter { it.isLetterOrDigit() }.uppercase(Locale.getDefault())

return authentication.authorities.any { it ->
return authentication.authorities.any {
val payload = it.toString().split(":")
payload.size == 2 && payload[0] == name && payload[1].split("-").any { p -> p == permission }
payload.size == 2 && payload[0] == name && payload[1].split("-").any { p ->
p == permission.trim().uppercase(
Locale.getDefault()
)
}
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -238,7 +238,10 @@ class AuthControllerTest @Autowired constructor(
@DisplayName("POST /auth/hasPermission")
inner class CheckPermissions {
private val testPermissions = listOf(Permission.CREATE_ACCOUNT, Permission.CREATE_ACTIVITY)
private val testActivity = Project("Test Activity", "Test Description", mutableListOf(), mutableListOf())
private val testActivity = Project(
"Test Activity", "Test Description", mutableListOf(), mutableListOf(), "test slug", "test image", false,
emptyList(), null, "test target audience"
)
private val testRole = Role("MEMBER", Permissions(testPermissions), false)
private val testPerActivityRole = PerActivityRole(Permissions(listOf(Permission.EDIT_ACTIVITY)))

Expand Down

0 comments on commit 4434c16

Please sign in to comment.