From 9a9209f9a2a2da528ab55565e2477c199a80e5a8 Mon Sep 17 00:00:00 2001 From: "k.triantafyllou" Date: Fri, 30 Jun 2023 13:51:55 +0300 Subject: [PATCH] Fix RoleUtils methods --- .../controllers/PageController.java | 12 ++--- .../handlers/utils/RolesUtils.java | 52 ++++++------------- .../services/PageService.java | 6 +-- 3 files changed, 22 insertions(+), 48 deletions(-) diff --git a/src/main/java/eu/dnetlib/uoaadmintoolslibrary/controllers/PageController.java b/src/main/java/eu/dnetlib/uoaadmintoolslibrary/controllers/PageController.java index 15bee24..c734dfa 100644 --- a/src/main/java/eu/dnetlib/uoaadmintoolslibrary/controllers/PageController.java +++ b/src/main/java/eu/dnetlib/uoaadmintoolslibrary/controllers/PageController.java @@ -51,7 +51,6 @@ public class PageController { // @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)") @RequestMapping(value = "/page/update", method = RequestMethod.POST) public PortalPage updatePage(@RequestBody PortalPage portalPage) { - List roles = rolesUtils.getRoles(); if(portalPage == null) { throw new NullPointerException("Update page: portalPage is null"); } @@ -59,8 +58,8 @@ public class PageController { // EXCEPTION - MismatchingContent throw new MismatchingContentException("Update page: Page has no id."); } - if(!rolesUtils.isPortalAdmin(roles) || ( - portalPage.getPortalPid() != null && !rolesUtils.hasUpdateAuthority(roles, portalPage.getPortalType(), portalPage.getPortalPid()))) { + if(!rolesUtils.isPortalAdmin() || ( + portalPage.getPortalPid() != null && !rolesUtils.hasUpdateAuthority(portalPage.getPortalType(), portalPage.getPortalPid()))) { // EXCEPTION - Access denied throw new ForbiddenException("Update page: You are not authorized to update a page for "+portalPage.getPortalType()+ (portalPage.getPortalPid()!=null ? " : "+portalPage.getPortalPid() : "")); @@ -78,7 +77,6 @@ public class PageController { // @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)") @RequestMapping(value = "/page/save", method = RequestMethod.POST) public PortalPage insertPage(@RequestBody PortalPage portalPage) { - List roles = rolesUtils.getRoles(); if(portalPage == null) { throw new NullPointerException("Save page: portalPage is null"); } @@ -86,8 +84,8 @@ public class PageController { // EXCEPTION - MismatchingContent throw new MismatchingContentException("Save page: Page has already an id: "+portalPage.getId()); } - if(!rolesUtils.isPortalAdmin(roles) || ( - portalPage.getPortalPid() != null && !rolesUtils.hasUpdateAuthority(roles, portalPage.getPortalType(), portalPage.getPortalPid()))) { + if(!rolesUtils.isPortalAdmin() || ( + portalPage.getPortalPid() != null && !rolesUtils.hasUpdateAuthority(portalPage.getPortalType(), portalPage.getPortalPid()))) { // EXCEPTION - Access denied throw new ForbiddenException("Save page: You are not authorized to create a page for "+portalPage.getPortalType()+ (portalPage.getPortalPid()!=null ? " : "+portalPage.getPortalPid() : "")); @@ -132,4 +130,4 @@ public class PageController { // public Page togglePageEntity(@PathVariable(value = "id") String id, @RequestParam String entityId, @RequestParam String status) throws Exception { // return pageService.togglePageEntity(id, entityId, status); // } -} \ No newline at end of file +} diff --git a/src/main/java/eu/dnetlib/uoaadmintoolslibrary/handlers/utils/RolesUtils.java b/src/main/java/eu/dnetlib/uoaadmintoolslibrary/handlers/utils/RolesUtils.java index 6ac6080..c09f70f 100644 --- a/src/main/java/eu/dnetlib/uoaadmintoolslibrary/handlers/utils/RolesUtils.java +++ b/src/main/java/eu/dnetlib/uoaadmintoolslibrary/handlers/utils/RolesUtils.java @@ -11,6 +11,7 @@ import org.springframework.stereotype.Component; @Component public class RolesUtils { + @Autowired private AuthorizationService authorizationService; @@ -28,54 +29,31 @@ public class RolesUtils { return authorizationService.getAaiId(); } - public boolean isPortalAdmin(List roles) { - if(roles == null) { - return false; - } -// log.debug(authorizationService.PORTAL_ADMIN); -// log.debug("PortalAdmin: "+roles.contains(authorizationService.PORTAL_ADMIN)); - return roles.contains(authorizationService.PORTAL_ADMIN); + public boolean isPortalAdmin() { + return this.authorizationService.getRoles().contains(authorizationService.PORTAL_ADMIN); } - public boolean isCurator(List roles, String type) { - if(roles == null) { - return false; - } -// log.debug(authorizationService.curator(type)); -// log.debug("Curator in "+type+": "+roles.contains(authorizationService.curator(type))); - return roles.contains(authorizationService.curator(type)); + public boolean isCurator(String type) { + return this.authorizationService.getRoles().contains(authorizationService.curator(type)); } - public boolean isManager(List roles, String type, String id) { - if(roles == null) { - return false; - } -// log.debug(authorizationService.manager(type, id)); -// log.debug("Manager in "+type+" - "+id+": "+roles.contains(authorizationService.manager(type, id))); - return roles.contains(authorizationService.manager(type, id)); + public boolean isManager(String type, String id) { + return this.authorizationService.getRoles().contains(authorizationService.manager(type, id)); } - public boolean isMember(List roles, String type, String id) { - if(roles == null) { - return false; - } -// log.debug(authorizationService.member(type, id)); -// log.debug("Member in "+type+" - "+id+": "+roles.contains(authorizationService.member(type, id))); - return roles.contains(authorizationService.member(type, id)); + public boolean isMember(String type, String id) { + return this.authorizationService.getRoles().contains(authorizationService.member(type, id)); } - public boolean isLoggedIn(List roles) { - if(roles == null || roles.contains(authorizationService.ANONYMOUS_USER)) { - return false; - } - return true; + public boolean isLoggedIn() { + return this.authorizationService.getAaiId() != null; } - public boolean hasUpdateAuthority(List roles, String type, String id) { - return isPortalAdmin(roles) || isCurator(roles, type) || isManager(roles, type, id); + public boolean hasUpdateAuthority(String type, String id) { + return isPortalAdmin() || isCurator(type) || isManager(type, id); } - public boolean hasCreateAndDeleteAuthority(List roles, String type) { - return isPortalAdmin(roles) || isCurator(roles, type); + public boolean hasCreateAndDeleteAuthority(String type) { + return isPortalAdmin() || isCurator(type); } } diff --git a/src/main/java/eu/dnetlib/uoaadmintoolslibrary/services/PageService.java b/src/main/java/eu/dnetlib/uoaadmintoolslibrary/services/PageService.java index d9fb1e0..e3cc528 100644 --- a/src/main/java/eu/dnetlib/uoaadmintoolslibrary/services/PageService.java +++ b/src/main/java/eu/dnetlib/uoaadmintoolslibrary/services/PageService.java @@ -241,8 +241,6 @@ public class PageService { } public Boolean deletePages(List pages) throws Exception { - List roles = rolesUtils.getRoles(); - for (String id: pages) { Page page = pageDAO.findById(id); @@ -250,8 +248,8 @@ public class PageService { throw new NullPointerException("Delete page: no page with id: "+id); } - if(!rolesUtils.isPortalAdmin(roles) || ( - page.getPortalPid() != null && !rolesUtils.hasUpdateAuthority(roles, page.getPortalType(), page.getPortalPid()))) { + if(!rolesUtils.isPortalAdmin() || ( + page.getPortalPid() != null && !rolesUtils.hasUpdateAuthority(page.getPortalType(), page.getPortalPid()))) { // EXCEPTION - Access denied throw new ForbiddenException("Delete page: You are not authorized to delete a page for "+page.getPortalType()+ (page.getPortalPid()!=null ? " : "+page.getPortalPid() : ""));