Fix RoleUtils methods

2023-06-30 13:51:55 +03:00 · 2023-06-30 13:51:55 +03:00 · 9a9209f9a2
parent 02169daeb7
commit 9a9209f9a2
3 changed files with 22 additions and 48 deletions
--- a/src/main/java/eu/dnetlib/uoaadmintoolslibrary/controllers/PageController.java
+++ b/src/main/java/eu/dnetlib/uoaadmintoolslibrary/controllers/PageController.java
@ -51,7 +51,6 @@ public class PageController {
 //    @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
    @RequestMapping(value = "/page/update", method = RequestMethod.POST)
    public PortalPage updatePage(@RequestBody PortalPage portalPage) {
-        List<String> roles = rolesUtils.getRoles();
        if(portalPage == null) {
            throw new NullPointerException("Update page: portalPage is null");
        }
@ -59,8 +58,8 @@ public class PageController {
            // EXCEPTION - MismatchingContent
            throw new MismatchingContentException("Update page: Page has no id.");
        }
-        if(!rolesUtils.isPortalAdmin(roles) || (
-                portalPage.getPortalPid() != null && !rolesUtils.hasUpdateAuthority(roles, portalPage.getPortalType(), portalPage.getPortalPid()))) {
+        if(!rolesUtils.isPortalAdmin() || (
+                portalPage.getPortalPid() != null && !rolesUtils.hasUpdateAuthority(portalPage.getPortalType(), portalPage.getPortalPid()))) {
            // EXCEPTION - Access denied
            throw new ForbiddenException("Update page: You are not authorized to update  a page for "+portalPage.getPortalType()+
                    (portalPage.getPortalPid()!=null ? " : "+portalPage.getPortalPid() : ""));
@ -78,7 +77,6 @@ public class PageController {
 //    @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
    @RequestMapping(value = "/page/save", method = RequestMethod.POST)
    public PortalPage insertPage(@RequestBody PortalPage portalPage) {
-        List<String> roles = rolesUtils.getRoles();
        if(portalPage == null) {
            throw new NullPointerException("Save page: portalPage is null");
        }
@ -86,8 +84,8 @@ public class PageController {
            // EXCEPTION - MismatchingContent
            throw new MismatchingContentException("Save page: Page has already an id: "+portalPage.getId());
        }
-        if(!rolesUtils.isPortalAdmin(roles) || (
-                portalPage.getPortalPid() != null && !rolesUtils.hasUpdateAuthority(roles, portalPage.getPortalType(), portalPage.getPortalPid()))) {
+        if(!rolesUtils.isPortalAdmin() || (
+                portalPage.getPortalPid() != null && !rolesUtils.hasUpdateAuthority(portalPage.getPortalType(), portalPage.getPortalPid()))) {
            // EXCEPTION - Access denied
            throw new ForbiddenException("Save page: You are not authorized to create a page for "+portalPage.getPortalType()+
                    (portalPage.getPortalPid()!=null ? " : "+portalPage.getPortalPid() : ""));
@ -132,4 +130,4 @@ public class PageController {
 //    public Page togglePageEntity(@PathVariable(value = "id") String id, @RequestParam String entityId, @RequestParam String status) throws Exception {
 //        return pageService.togglePageEntity(id, entityId, status);
 //    }
-}
+}
--- a/src/main/java/eu/dnetlib/uoaadmintoolslibrary/handlers/utils/RolesUtils.java
+++ b/src/main/java/eu/dnetlib/uoaadmintoolslibrary/handlers/utils/RolesUtils.java
@ -11,6 +11,7 @@ import org.springframework.stereotype.Component;

@Component
 public class RolesUtils {
+
    @Autowired
    private AuthorizationService authorizationService;

@ -28,54 +29,31 @@ public class RolesUtils {
        return authorizationService.getAaiId();
    }

-    public boolean isPortalAdmin(List<String> roles) {
-        if(roles == null) {
-            return false;
-        }
-//        log.debug(authorizationService.PORTAL_ADMIN);
-//        log.debug("PortalAdmin: "+roles.contains(authorizationService.PORTAL_ADMIN));
-        return roles.contains(authorizationService.PORTAL_ADMIN);
+    public boolean isPortalAdmin() {
+        return this.authorizationService.getRoles().contains(authorizationService.PORTAL_ADMIN);
    }

-    public boolean isCurator(List<String> roles, String type) {
-        if(roles == null) {
-            return false;
-        }
-//        log.debug(authorizationService.curator(type));
-//        log.debug("Curator in "+type+": "+roles.contains(authorizationService.curator(type)));
-        return roles.contains(authorizationService.curator(type));
+    public boolean isCurator(String type) {
+        return this.authorizationService.getRoles().contains(authorizationService.curator(type));
    }

-    public boolean isManager(List<String> roles, String type, String id) {
-        if(roles == null) {
-            return false;
-        }
-//        log.debug(authorizationService.manager(type, id));
-//        log.debug("Manager in "+type+" - "+id+": "+roles.contains(authorizationService.manager(type, id)));
-        return roles.contains(authorizationService.manager(type, id));
+    public boolean isManager(String type, String id) {
+        return this.authorizationService.getRoles().contains(authorizationService.manager(type, id));
    }

-    public boolean isMember(List<String> roles, String type, String id) {
-        if(roles == null) {
-            return false;
-        }
-//        log.debug(authorizationService.member(type, id));
-//        log.debug("Member in "+type+" - "+id+": "+roles.contains(authorizationService.member(type, id)));
-        return roles.contains(authorizationService.member(type, id));
+    public boolean isMember(String type, String id) {
+        return this.authorizationService.getRoles().contains(authorizationService.member(type, id));
    }

-    public boolean isLoggedIn(List<String> roles) {
-        if(roles == null || roles.contains(authorizationService.ANONYMOUS_USER)) {
-            return false;
-        }
-        return true;
+    public boolean isLoggedIn() {
+        return this.authorizationService.getAaiId() != null;
    }

-    public boolean hasUpdateAuthority(List<String> roles, String type, String id) {
-        return isPortalAdmin(roles) || isCurator(roles, type) || isManager(roles, type, id);
+    public boolean hasUpdateAuthority(String type, String id) {
+        return isPortalAdmin() || isCurator(type) || isManager(type, id);
    }

-    public boolean hasCreateAndDeleteAuthority(List<String> roles, String type) {
-        return isPortalAdmin(roles) || isCurator(roles, type);
+    public boolean hasCreateAndDeleteAuthority(String type) {
+        return isPortalAdmin() || isCurator(type);
    }
 }
--- a/src/main/java/eu/dnetlib/uoaadmintoolslibrary/services/PageService.java
+++ b/src/main/java/eu/dnetlib/uoaadmintoolslibrary/services/PageService.java
@ -241,8 +241,6 @@ public class PageService {
    }

    public Boolean deletePages(List<String> pages) throws Exception {
-        List<String> roles = rolesUtils.getRoles();
-
        for (String id: pages) {
            Page page = pageDAO.findById(id);

@ -250,8 +248,8 @@ public class PageService {
                throw new NullPointerException("Delete page: no page with id: "+id);
            }

-            if(!rolesUtils.isPortalAdmin(roles) || (
-                    page.getPortalPid() != null && !rolesUtils.hasUpdateAuthority(roles, page.getPortalType(), page.getPortalPid()))) {
+            if(!rolesUtils.isPortalAdmin() || (
+                    page.getPortalPid() != null && !rolesUtils.hasUpdateAuthority(page.getPortalType(), page.getPortalPid()))) {
                // EXCEPTION - Access denied
                throw new ForbiddenException("Delete page: You are not authorized to delete a page for "+page.getPortalType()+
                        (page.getPortalPid()!=null ? " : "+page.getPortalPid() : ""));