filipizydorczyk/backend
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request 'scurity-roles' (#13) from scurity-roles into master

Browse Source 
Reviewed-on: http://git.plannaplan.pl/filipizydorczyk/backend/pulls/13
LGMT
This commit is contained in:
Marcin Woźniak
2020-10-24 18:01:29 +02:00
parent 9dba639674 4614a11a8b
commit f71715fd6b
18 changed files with 317 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
restservice/src/main/java/com/plannaplan/App.java
View File

@ -32,7 +32,7 @@ public class App {
filip.setEmail("filizy@st.amu.edu.pl");
filip.setName("Filip");
filip.setSurname("Izydorczyk");
filip.setRole(UserRoles.STUDENT);
filip.setRole(UserRoles.DEANERY);
this.userService.save(filip);
User hub = new User();

5
restservice/src/main/java/com/plannaplan/controllers/ConfigController.java
View File

@ -12,6 +12,8 @@ import com.plannaplan.services.ConfiguratorService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
@ -20,12 +22,15 @@ import org.springframework.web.multipart.MultipartFile;
@RestController
@CrossOrigin
@RequestMapping("/api/" + App.API_VERSION + "/configurator")
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ConfigController {
@Autowired
private ConfiguratorService contrl;
@PostMapping("/config")
@PreAuthorize("hasRole('ROLE_ADMIN')")
public ResponseEntity<String> configApp(@RequestParam("file") MultipartFile file) {
try {
final ConfigData data = new ConfigData(null, null, file.getInputStream());

38
restservice/src/main/java/com/plannaplan/controllers/UsersController.java Executable file
View File

@ -0,0 +1,38 @@
package com.plannaplan.controllers;
import java.util.List;
import com.plannaplan.App;
import com.plannaplan.entities.User;
import com.plannaplan.responses.mappers.UserResponseMappers;
import com.plannaplan.responses.models.SearchForStudentsResponse;
import com.plannaplan.services.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
@RestController
@CrossOrigin
@RequestMapping("/api/" + App.API_VERSION + "/users")
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class UsersController {
@Autowired
private UserService userService;
@GetMapping("/searchForStudents")
@PreAuthorize("hasRole('ROLE_DEANERY')")
public ResponseEntity<List<SearchForStudentsResponse>> configApp(@RequestParam("query") String query) {
final List<User> searches = this.userService.searchForStudents(query);
final List<SearchForStudentsResponse> response = UserResponseMappers.mapToDefaultResponse(searches);
return new ResponseEntity<>(response, HttpStatus.OK);
}
}

15
restservice/src/main/java/com/plannaplan/responses/mappers/UserResponseMappers.java Executable file
View File

@ -0,0 +1,15 @@
package com.plannaplan.responses.mappers;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import com.plannaplan.entities.User;
import com.plannaplan.responses.models.SearchForStudentsResponse;
public class UserResponseMappers {
public static List<SearchForStudentsResponse> mapToDefaultResponse(List<User> groups) {
return groups.stream().filter(Objects::nonNull).map(SearchForStudentsResponse::new)
.collect(Collectors.toList());
}
}

35
restservice/src/main/java/com/plannaplan/responses/models/SearchForStudentsResponse.java Executable file
View File

@ -0,0 +1,35 @@
package com.plannaplan.responses.models;
import com.plannaplan.entities.User;
public class SearchForStudentsResponse {
private Long id;
private String name;
private String surname;
private String email;
public SearchForStudentsResponse(User user) {
this.id = user.getId();
this.name = user.getName();
this.surname = user.getSurname();
this.email = user.getEmail();
}
public String getEmail() {
return email;
}
public String getSurname() {
return surname;
}
public String getName() {
return name;
}
public Long getId() {
return id;
}
}

8
restservice/src/main/java/com/plannaplan/security/AuthenticationProvider.java
View File

@ -1,6 +1,8 @@
package com.plannaplan.security;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import com.plannaplan.entities.User;
import com.plannaplan.services.UserService;
@ -40,8 +42,10 @@ public class AuthenticationProvider extends AbstractUserDetailsAuthenticationPro
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
// is being done in other task
return null;
final AuthorityRoles role = AuthorityRoles.getAuthorityRole(user.getRole())
.orElseThrow(() -> new NullPointerException("Failed to get user role"));
final List<AuthorityRoles> response = Arrays.asList(role);
return response;
}
@Override

38
restservice/src/main/java/com/plannaplan/security/AuthorityRoles.java Executable file
View File

@ -0,0 +1,38 @@
package com.plannaplan.security;
import java.util.Optional;
import com.plannaplan.types.UserRoles;
import org.springframework.security.core.GrantedAuthority;
public enum AuthorityRoles implements GrantedAuthority {
STUDENT("ROLE_STUDENT"), DEANERY("ROLE_DEANERY"), ADMIN("ROLE_ADMIN"), TEST_USER("ROLE_TESTUSER");
private String role;
AuthorityRoles(String role) {
this.role = role;
}
@Override
public String getAuthority() {
return this.role;
}
public static final Optional<AuthorityRoles> getAuthorityRole(UserRoles role) {
switch (role) {
case ADMIN:
return Optional.of(AuthorityRoles.ADMIN);
case DEANERY:
return Optional.of(AuthorityRoles.DEANERY);
case STUDENT:
return Optional.of(AuthorityRoles.STUDENT);
case TEST_USER:
return Optional.of(AuthorityRoles.TEST_USER);
default:
return Optional.empty();
}
}
}

6
restservice/src/main/java/com/plannaplan/security/WebSecurityConfig.java
View File

@ -42,9 +42,9 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().formLogin().disable().httpBasic().disable().logout().disable().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().exceptionHandling().and()
.authenticationProvider(provider)
http.csrf().disable().cors().and().formLogin().disable().httpBasic().disable().logout().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().exceptionHandling()
.and().authenticationProvider(provider)
.addFilterBefore(authenticationFilter(), AnonymousAuthenticationFilter.class).authorizeRequests()
.anyRequest().authenticated();

1
restservice/src/main/resources/application.properties
View File

@ -6,5 +6,6 @@ spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
spring.jpa.open-in-view=true
spring.jpa.hibernate.ddl-auto=create-drop
spring.jackson.serialization.fail-on-empty-beans=false
spring.main.allow-bean-definition-overriding=true
server.port=1285