Add authorization by user authority processing in controllers

2a043984 · Filip Piták · 4a25ccb9 · 2a043984 · 2a043984 · 2a043984
Commit 2a043984 authored 11 months ago by Filip Piták
--- a/account-management/src/main/java/cz/muni/pa165/banking/application/controller/AccountController.java
+++ b/account-management/src/main/java/cz/muni/pa165/banking/application/controller/AccountController.java
@@ -5,6 +5,7 @@ import cz.muni.pa165.banking.account.management.dto.*;
 import cz.muni.pa165.banking.application.facade.AccountFacade;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.RestController;

 import java.time.LocalDate;
@@ -19,33 +20,39 @@ public class AccountController implements AccountApi {
    }

    @Override
+    @PreAuthorize("hasAnyAuthority('SCOPE_test_2', 'SCOPE_test_3')")
    public ResponseEntity<AccountDto> createAccount(NewAccountDto newAccountDto) {
        return new ResponseEntity<>(accountFacade.createAccount(newAccountDto), HttpStatus.CREATED);
    }

    @Override
+    @PreAuthorize("hasAnyAuthority('SCOPE_test_2', 'SCOPE_test_3')")
    public ResponseEntity<AccountDto> findAccountById (Long accountId) {
        return ResponseEntity.ok(accountFacade.findById(accountId));
    }

    @Override
+    @PreAuthorize("hasAnyAuthority('SCOPE_test_2', 'SCOPE_test_3')")
    public ResponseEntity<AccountDto> findByAccountNumber(String accountNumber) {
        return ResponseEntity.ok(accountFacade.findByAccountNumber(accountNumber));
    }

    @Override
+    @PreAuthorize("hasAnyAuthority('SCOPE_test_1', 'SCOPE_test_2', 'SCOPE_test_3')")
    public ResponseEntity<ScheduledPaymentsDto> getScheduledPayments(String accountNumber) {
        ScheduledPaymentsDto payments = accountFacade.findScheduledPaymentsByNumber(accountNumber);
        return ResponseEntity.ok(payments);
    }

    @Override
+    @PreAuthorize("hasAnyAuthority('SCOPE_test_2', 'SCOPE_test_3')")
    public ResponseEntity<ScheduledPaymentsDto> getScheduledPaymentsOf(LocalDate date) {
        ScheduledPaymentsDto payments = accountFacade.scheduledPaymentsOfDay(date);
        return ResponseEntity.ok(payments);
    }

    @Override
+    @PreAuthorize("hasAnyAuthority('SCOPE_test_1', 'SCOPE_test_2', 'SCOPE_test_3')")
    public ResponseEntity<ScheduledPaymentDto> schedulePayment(ScheduledPaymentDto scheduledPaymentDto) {
        return new ResponseEntity<>(accountFacade.schedulePayment(scheduledPaymentDto), HttpStatus.CREATED);
    }

--- a/account-management/src/main/java/cz/muni/pa165/banking/application/controller/UserController.java
+++ b/account-management/src/main/java/cz/muni/pa165/banking/application/controller/UserController.java
@@ -6,6 +6,7 @@ import cz.muni.pa165.banking.account.management.dto.UserDto;
 import cz.muni.pa165.banking.application.facade.UserFacade;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.RestController;

 @RestController
@@ -18,11 +19,13 @@ public class UserController implements UserApi{
    }

    @Override
+    @PreAuthorize("hasAnyAuthority('SCOPE_test_2', 'SCOPE_test_3')")
    public ResponseEntity<UserDto> createUser(NewUserDto newUserDto) {
        return new ResponseEntity<>(userFacade.createUser(newUserDto), HttpStatus.CREATED);
    }

    @Override
+    @PreAuthorize("hasAnyAuthority('SCOPE_test_2', 'SCOPE_test_3')")
    public ResponseEntity<UserDto> findUserById(Long userId) {
        UserDto user = userFacade.findById(userId);
        return ResponseEntity.ok(user);

--- a/account-query/src/main/java/cz/muni/pa165/banking/application/controller/BalanceController.java
+++ b/account-query/src/main/java/cz/muni/pa165/banking/application/controller/BalanceController.java
@@ -7,6 +7,7 @@ import cz.muni.pa165.banking.account.query.dto.TransactionType;
 import cz.muni.pa165.banking.application.facade.BalanceFacade;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.RestController;

 import java.math.BigDecimal;
@@ -27,30 +28,35 @@ public class BalanceController implements CustomerServiceApi, SystemServiceApi {
    }

    @Override
+    @PreAuthorize("hasAnyAuthority('SCOPE_test_1', 'SCOPE_test_2', 'SCOPE_test_3')")
    public ResponseEntity<BigDecimal> getBalance(String id) {
        BigDecimal result = balanceFacade.getBalance(id);
        return ResponseEntity.ok(result);
    }

    @Override
+    @PreAuthorize("hasAnyAuthority('SCOPE_test_1', 'SCOPE_test_2', 'SCOPE_test_3')")
    public ResponseEntity<List<Transaction>> getTransactions(String id, LocalDate beginning, LocalDate end, BigDecimal minAmount, BigDecimal maxAmount, TransactionType type) {
        List<Transaction> toReturn = balanceFacade.getTransactions(id, beginning, end, minAmount, maxAmount, type);
        return ResponseEntity.ok(toReturn);
    }

    @Override
+    @PreAuthorize("hasAnyAuthority('SCOPE_test_1', 'SCOPE_test_2', 'SCOPE_test_3')")
    public ResponseEntity<Void> addTransactionToBalance(String id, BigDecimal amount, UUID processId, TransactionType type) {
        balanceFacade.addToBalance(id, processId, amount, type);
        return ResponseEntity.ok().build();
    }

    @Override
+    @PreAuthorize("hasAnyAuthority('SCOPE_test_2', 'SCOPE_test_3')")
    public ResponseEntity<Void> createBalance(String id) {
        balanceFacade.createNewBalance(id);
        return new ResponseEntity<>(HttpStatus.CREATED);
    }

    @Override
+    @PreAuthorize("hasAnyAuthority('SCOPE_test_2', 'SCOPE_test_3')")
    public ResponseEntity<Void> deleteBalance(String id) {
        balanceFacade.deleteBalance(id);
        return new ResponseEntity<>(HttpStatus.OK);

--- a/account-query/src/main/java/cz/muni/pa165/banking/application/controller/BalanceControllerEmployee.java
+++ b/account-query/src/main/java/cz/muni/pa165/banking/application/controller/BalanceControllerEmployee.java
@@ -6,6 +6,7 @@ import cz.muni.pa165.banking.account.query.dto.TransactionType;
 import cz.muni.pa165.banking.account.query.dto.TransactionsReport;
 import cz.muni.pa165.banking.application.facade.BalanceFacade;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.RestController;

 import java.math.BigDecimal;
@@ -25,12 +26,14 @@ public class BalanceControllerEmployee implements EmployeeServiceApi {
    }

    @Override
+    @PreAuthorize("hasAnyAuthority('SCOPE_test_2', 'SCOPE_test_3')")
    public ResponseEntity<TransactionsReport> createReport(String id, LocalDate beginning, LocalDate end) {
        TransactionsReport result = balanceFacade.getReport(id, beginning, end);
        return ResponseEntity.ok(result);
    }

    @Override
+    @PreAuthorize("hasAnyAuthority('SCOPE_test_2', 'SCOPE_test_3')")
    public ResponseEntity<List<Transaction>> getAllTransactions(LocalDate beginning, LocalDate end,
                                                                BigDecimal minAmount, BigDecimal maxAmount, TransactionType type) {
        List<Transaction> result = balanceFacade.getAllTransactions(beginning, end, minAmount, maxAmount, type);

--- a/infrastructure/src/main/java/cz/muni/pa165/banking/security/SwaggerConfiguration.java
+++ b/infrastructure/src/main/java/cz/muni/pa165/banking/security/SwaggerConfiguration.java
@@ -9,7 +9,6 @@ import org.springframework.context.annotation.Configuration;
 @Configuration
 public class SwaggerConfiguration {

-    private static final String SECURITY_SCHEME_OAUTH2 = "MUNI";
    private static final String SECURITY_SCHEME_BEARER = "Bearer";

    /**
@@ -30,5 +29,4 @@ public class SwaggerConfiguration {
        };
    }

-
 }