WIP: Convert user permissions to Java
Signed-off-by: William Brawner <me@wbrawner.com>
This commit is contained in:
parent
fbf9ea68a7
commit
0b729bb34e
3 changed files with 61 additions and 22 deletions
|
@ -9,7 +9,6 @@ import com.wbrawner.budgetserver.user.UserRepository;
|
||||||
import io.swagger.annotations.Api;
|
import io.swagger.annotations.Api;
|
||||||
import io.swagger.annotations.ApiOperation;
|
import io.swagger.annotations.ApiOperation;
|
||||||
import io.swagger.annotations.Authorization;
|
import io.swagger.annotations.Authorization;
|
||||||
import org.hibernate.Hibernate;
|
|
||||||
import org.springframework.data.domain.PageRequest;
|
import org.springframework.data.domain.PageRequest;
|
||||||
import org.springframework.http.MediaType;
|
import org.springframework.http.MediaType;
|
||||||
import org.springframework.http.ResponseEntity;
|
import org.springframework.http.ResponseEntity;
|
||||||
|
@ -160,6 +159,10 @@ public class BudgetController {
|
||||||
return ResponseEntity.notFound().build();
|
return ResponseEntity.notFound().build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (userPermission.getPermission().isNotAtLeast(Permission.MANAGE)) {
|
||||||
|
return ResponseEntity.status(403).build();
|
||||||
|
}
|
||||||
|
|
||||||
var budget = userPermission.getBudget();
|
var budget = userPermission.getBudget();
|
||||||
if (budget == null) {
|
if (budget == null) {
|
||||||
return ResponseEntity.notFound().build();
|
return ResponseEntity.notFound().build();
|
||||||
|
@ -173,30 +176,48 @@ public class BudgetController {
|
||||||
budget.setDescription(request.description);
|
budget.setDescription(request.description);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var users = new ArrayList<UserPermission>();
|
||||||
if (!request.getUsers().isEmpty()) {
|
if (!request.getUsers().isEmpty()) {
|
||||||
request.getUsers().forEach(userPermissionRequest -> {
|
request.getUsers().forEach(userPermissionRequest -> {
|
||||||
var requestedUser = userRepository.findById(userPermissionRequest.getUser()).orElse(null);
|
userRepository.findById(userPermissionRequest.getUser()).ifPresent(requestedUser ->
|
||||||
if (requestedUser != null) {
|
users.add(userPermissionsRepository.save(
|
||||||
userPermissionsRepository.save(new UserPermission(budget, requestedUser, userPermissionRequest.getPermission()));
|
new UserPermission(
|
||||||
}
|
budget,
|
||||||
|
requestedUser,
|
||||||
|
userPermissionRequest.getPermission()
|
||||||
|
)
|
||||||
|
))
|
||||||
|
);
|
||||||
});
|
});
|
||||||
|
} else {
|
||||||
|
users.addAll(userPermissionsRepository.findAllByBudget(budget, null));
|
||||||
}
|
}
|
||||||
userPermissionsRepository.findAllByUserAndBudget(getCurrentUser() !!, budget, null)
|
|
||||||
return ResponseEntity.ok(BudgetResponse(budgetRepository.save(budget), users))
|
return ResponseEntity.ok(new BudgetResponse(budgetRepository.save(budget), users));
|
||||||
}
|
}
|
||||||
|
|
||||||
@DeleteMapping(value = "/{id}", produces = {MediaType.TEXT_PLAIN_VALUE})
|
@DeleteMapping(value = "/{id}", produces = {MediaType.TEXT_PLAIN_VALUE})
|
||||||
@ApiOperation(value = "deleteBudget", nickname = "deleteBudget", tags = {"Budgets"})
|
@ApiOperation(value = "deleteBudget", nickname = "deleteBudget", tags = {"Budgets"})
|
||||||
open fun
|
public ResponseEntity<Void> deleteBudget(@PathVariable long id) {
|
||||||
|
var user = getCurrentUser();
|
||||||
|
if (user == null) {
|
||||||
|
return ResponseEntity.status(401).build();
|
||||||
|
}
|
||||||
|
|
||||||
deleteBudget(@PathVariable id:Long):ResponseEntity<Unit>
|
var userPermission = userPermissionsRepository.findAllByUserAndBudget_Id(user, id, null).get(0);
|
||||||
|
if (userPermission == null) {
|
||||||
|
return ResponseEntity.notFound().build();
|
||||||
|
}
|
||||||
|
|
||||||
{
|
if (userPermission.getPermission().isNotAtLeast(Permission.MANAGE)) {
|
||||||
val budget = userPermissionsRepository.findAllByUserAndBudget_Id(getCurrentUser() !!, id, null)
|
return ResponseEntity.status(403).build();
|
||||||
.firstOrNull()
|
}
|
||||||
?.budget
|
|
||||||
?:return ResponseEntity.notFound().build()
|
var budget = userPermission.getBudget();
|
||||||
budgetRepository.delete(budget)
|
if (budget == null) {
|
||||||
return ResponseEntity.ok().build()
|
return ResponseEntity.notFound().build();
|
||||||
|
}
|
||||||
|
budgetRepository.delete(budget);
|
||||||
|
return ResponseEntity.noContent().build();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,24 @@
|
||||||
|
package com.wbrawner.budgetserver.permission;
|
||||||
|
|
||||||
|
public enum Permission {
|
||||||
|
/**
|
||||||
|
* The user can read the content but cannot make any modifications.
|
||||||
|
*/
|
||||||
|
READ,
|
||||||
|
/**
|
||||||
|
* The user can read and write the content but cannot make any modifications to the container of the content.
|
||||||
|
*/
|
||||||
|
WRITE,
|
||||||
|
/**
|
||||||
|
* The user can read and write the content, and make modifications to the container of the content including things like name, description, and other users' permissions (with the exception of the owner user, whose role can never be removed by a user with only MANAGE permissions).
|
||||||
|
*/
|
||||||
|
MANAGE,
|
||||||
|
/**
|
||||||
|
* The user has complete control over the resource. There can only be a single owner user at any given time.
|
||||||
|
*/
|
||||||
|
OWNER;
|
||||||
|
|
||||||
|
public boolean isNotAtLeast(Permission wanted) {
|
||||||
|
return ordinal() < wanted.ordinal();
|
||||||
|
}
|
||||||
|
}
|
|
@ -31,12 +31,6 @@ data class UserPermissionKey(
|
||||||
var userId: Long? = null
|
var userId: Long? = null
|
||||||
) : Serializable
|
) : Serializable
|
||||||
|
|
||||||
enum class Permission {
|
|
||||||
READ,
|
|
||||||
WRITE,
|
|
||||||
OWNER
|
|
||||||
}
|
|
||||||
|
|
||||||
data class UserPermissionResponse(
|
data class UserPermissionResponse(
|
||||||
val user: UserResponse,
|
val user: UserResponse,
|
||||||
val permission: Permission
|
val permission: Permission
|
||||||
|
|
Loading…
Reference in a new issue