Skip to content
Snippets Groups Projects
Commit 5135cfa9 authored by Birk Øvstetun Narvhus's avatar Birk Øvstetun Narvhus
Browse files

added authenticaion check on get fridge endpoints

parent bbf72c7c
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/main/java/ntnu/idatt2016/v233/SmartMat/controller/group/FridgeController.java
+ 27
12
View file @ 5135cfa9
...@@ -7,6 +7,7 @@ import ntnu.idatt2016.v233.SmartMat.entity.fridgeProduct.FridgeProductAsso; ...@@ -7,6 +7,7 @@ import ntnu.idatt2016.v233.SmartMat.entity.fridgeProduct.FridgeProductAsso;
import ntnu.idatt2016.v233.SmartMat.entity.group.Fridge; import ntnu.idatt2016.v233.SmartMat.entity.group.Fridge;
import ntnu.idatt2016.v233.SmartMat.entity.product.Product; import ntnu.idatt2016.v233.SmartMat.entity.product.Product;
import ntnu.idatt2016.v233.SmartMat.service.group.FridgeService; import ntnu.idatt2016.v233.SmartMat.service.group.FridgeService;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority;
...@@ -18,9 +19,9 @@ import java.util.Optional; ...@@ -18,9 +19,9 @@ import java.util.Optional;
/** /**
* Controller for fridges API, providing endpoints for fridge management * Controller for fridges API, providing endpoints for fridge management
* *
* @author Anders Austlid * @author Anders Austlid & Birk
* @version 1.0 * @version 2.0
* @since 24.04.2023 * @since 3.05.2023
*/ */
@AllArgsConstructor @AllArgsConstructor
@RestController @RestController
...@@ -32,25 +33,39 @@ public class FridgeController { ...@@ -32,25 +33,39 @@ public class FridgeController {
/** /**
* Gets the fridge of a group * Gets the fridge of a group
* @param groupId the id of the group * @param groupId the id of the group must exist
* group must exist * @return the fridge of the group if it exists, or a 404 if it doesn't exist or the user is not in the group
* @return the fridge of the group if it exists, or a 404 if it doesn't
*/ */
@GetMapping("/group/{groupId}") @GetMapping("/group/{groupId}")
public ResponseEntity<Fridge> getFridgeByGroupId(@PathVariable("groupId") long groupId) { public ResponseEntity<Fridge> getFridgeByGroupId(@PathVariable("groupId") long groupId, Authentication authentication) {
return fridgeService.getFridgeByGroupId(groupId) Optional<Fridge> fridge = fridgeService.getFridgeByGroupId(groupId);
.map(ResponseEntity::ok)
.orElseGet(() -> ResponseEntity.notFound().build()); if (fridge.isEmpty()) {
return ResponseEntity.notFound().build();
}
if (!fridgeService.isUserInFridge(authentication.getName(), fridge.get().getFridgeId())
&& !authentication.getAuthorities().contains(new SimpleGrantedAuthority(Authority.ADMIN.name()))) {
return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
}
return fridge.map(ResponseEntity::ok).get();
} }
/** /**
* Gets the fridge by its fridge id * Gets the fridge by its fridge id
* @param fridgeId the id of the fridge * @param fridgeId the id of the fridge
* @return the fridge if it exists, or a 404 if it doesn't * @return the fridge if it exists, or a 404 if it doesn't, or a 403 if the user is not in the fridge
*/ */
@GetMapping("/fridge/{fridgeId}") @GetMapping("/fridge/{fridgeId}")
public ResponseEntity<Fridge> getFridgeByFridgeId(@PathVariable("fridgeId") long fridgeId) { public ResponseEntity<Fridge> getFridgeByFridgeId(@PathVariable("fridgeId") long fridgeId,
Authentication authentication) {
if (!fridgeService.isUserInFridge(authentication.getName(), fridgeId)
&& !authentication.getAuthorities().contains(new SimpleGrantedAuthority(Authority.ADMIN.name()))) {
return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
}
return fridgeService.getFridgeByFridgeId(fridgeId) return fridgeService.getFridgeByFridgeId(fridgeId)
.map(ResponseEntity::ok) .map(ResponseEntity::ok)
.orElseGet(() -> ResponseEntity.notFound().build()); .orElseGet(() -> ResponseEntity.notFound().build());
......
src/main/java/ntnu/idatt2016/v233/SmartMat/service/group/FridgeService.java
+ 12
0
View file @ 5135cfa9
...@@ -223,4 +223,16 @@ public class FridgeService { ...@@ -223,4 +223,16 @@ public class FridgeService {
return fridge.map(value -> value.getGroup().getUser().stream() return fridge.map(value -> value.getGroup().getUser().stream()
.anyMatch(user -> user.getUser().getUsername().equals(username))).orElse(false); .anyMatch(user -> user.getUser().getUsername().equals(username))).orElse(false);
} }
/**
* check if user has accsess to fridge
* @param username the username of the user
* @param fridgeId the id of the fridge
* @return true if the user is in the group of the fridge
*/
public boolean isUserInFridge(String username, long fridgeId) {
Optional<Fridge> fridge = fridgeRepository.findById(fridgeId);
return fridge.map(value -> value.getGroup().getUser().stream()
.anyMatch(user -> user.getUser().getUsername().equals(username))).orElse(false);
}
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment