Commit 60b82558 authored by Daniel Puchala's avatar Daniel Puchala
Browse files

Merge remote-tracking branch 'origin/devel' into devel

parents 56e5f7a2 e2e5cd2e
......@@ -50,7 +50,7 @@ public interface UserFacade extends GenericFacade<UserDto, UserCreateDto, UserUp
*
* @return UserDto dto about currently authenticated user
*/
UserDto getLoggedInInfo();
UserDto getAuthenticatedUser();
/**
* Logs in with the given {@code username} and {@code password}.
......@@ -73,11 +73,4 @@ public interface UserFacade extends GenericFacade<UserDto, UserCreateDto, UserUp
*/
void logout(UserDto user);
/**
* Checks if the given user is admin.
*
* @param user to be checked
*/
boolean isAdmin(UserDto user);
}
......@@ -165,4 +165,8 @@ public class User extends GenericEntity implements UserDetails {
public boolean isEnabled() {
return true;
}
public boolean isAdmin() {
return userType.equals(UserType.ADMIN);
}
}
......@@ -5,6 +5,7 @@ import cz.fi.muni.pa165.movierecommender.api.dto.account.UserCreateDto;
import cz.fi.muni.pa165.movierecommender.api.dto.account.UserDto;
import cz.fi.muni.pa165.movierecommender.api.dto.account.UserUpdateDto;
import cz.fi.muni.pa165.movierecommender.rest.core.RoutesHolder;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PatchMapping;
......@@ -45,10 +46,22 @@ public interface UserController {
@ResponseBody
UserDto create(@RequestBody UserCreateDto createDto);
@PreAuthorize("hasAuthority('TYPE_ADMIN')")
@DeleteMapping("{id}")
@ResponseBody
void delete(@PathVariable Long id);
@PreAuthorize("isAuthenticated()")
@DeleteMapping("/me")
@ResponseBody
void deleteMe();
@PreAuthorize("isAuthenticated()")
@GetMapping("/me")
@ResponseBody
UserDto getMyInfo();
@PreAuthorize("isAuthenticated()")
@PatchMapping
@ResponseBody
UserDto update(@RequestBody UserUpdateDto user);
......
......@@ -6,9 +6,11 @@ import cz.fi.muni.pa165.movierecommender.api.dto.account.UserDto;
import cz.fi.muni.pa165.movierecommender.api.dto.account.UserUpdateDto;
import cz.fi.muni.pa165.movierecommender.api.facade.ReviewFacade;
import cz.fi.muni.pa165.movierecommender.api.facade.UserFacade;
import cz.fi.muni.pa165.movierecommender.persistence.entity.User;
import cz.fi.muni.pa165.movierecommender.rest.core.RoutesHolder;
import cz.fi.muni.pa165.movierecommender.service.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PatchMapping;
......@@ -71,16 +73,38 @@ public class UserControllerProvider implements UserController {
return userFacade.create(createDto);
}
@PreAuthorize("hasAuthority('TYPE_ADMIN')")
@DeleteMapping("{id}")
@ResponseBody
public void delete(@PathVariable Long id) {
userFacade.delete(id);
}
@PreAuthorize("isAuthenticated()")
@DeleteMapping("/me")
@ResponseBody
public void deleteMe() {
userFacade.delete(userFacade.getAuthenticatedUser().getId());
}
@PreAuthorize("isAuthenticated()")
@GetMapping("/me")
@ResponseBody
public UserDto getMyInfo() {
return userFacade.getAuthenticatedUser();
}
@PreAuthorize("isAuthenticated()")
@PatchMapping
@ResponseBody
public UserDto update(@RequestBody UserUpdateDto user) {
return userFacade.update(user);
final User authUser = userService.getAuthenticatedUser();
if (user.getId().equals(authUser.getId()) || authUser.isAdmin()) {
return userFacade.update(user);
} else {
throw new IllegalArgumentException("Cannot update this user.");
}
}
@GetMapping("{id}/reviews")
......
......@@ -68,7 +68,7 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
final UserDetails details = userService.findById(Long.parseLong(map.get("sub")));
final Authentication auth = new UsernamePasswordAuthenticationToken(token, "", details.getAuthorities());
final Authentication auth = new UsernamePasswordAuthenticationToken(details, "", details.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(auth);
filterChain.doFilter(request, response);
......
......@@ -124,9 +124,9 @@ public class UserFacadeImpl extends GenericFacadeImpl<User, UserDto, UserCreateD
@Override
@Transactional(readOnly = true)
public UserDto getLoggedInInfo() {
public UserDto getAuthenticatedUser() {
User authenticatedUser = userService.getAuthenticatedUser();
return mapper.toDto(userService.findById(authenticatedUser.getId()));
return mapper.toDto(authenticatedUser);
}
@Override
......@@ -149,10 +149,4 @@ public class UserFacadeImpl extends GenericFacadeImpl<User, UserDto, UserCreateD
public void logout(UserDto user) {
}
@Override
@Transactional(readOnly = true)
public boolean isAdmin(UserDto user) {
return userService.isAdmin(mapToEntity(user));
}
}
......@@ -52,14 +52,6 @@ public interface UserService extends GenericService<User> {
*/
void updateUser(User user, String changedUnencryptedPassword);
/**
* Check if the given user is admin.
*
* @param user to be checked for admin privileges
*/
boolean isAdmin(User user);
/**
* Logs in with the given {@code username} and {@code password}.
*
......@@ -81,11 +73,17 @@ public interface UserService extends GenericService<User> {
/**
* Retrieves currently authenticated user.
*
* @return user from security context, never null.
* @throws ForbiddenOperationException if no authenticated user is found
* @return user from security context, null if the user is not authenticated
*/
User getAuthenticatedUser();
/**
* Check whether the user is authenticated or not
*
* @return true if the user is authenticated
*/
boolean isUserAuthenticated();
/**
* Logs out the given input {@code user}.
*
......
......@@ -7,7 +7,6 @@ import cz.fi.muni.pa165.movierecommender.persistence.dao.UserDao;
import cz.fi.muni.pa165.movierecommender.persistence.entity.User;
import cz.fi.muni.pa165.movierecommender.persistence.enums.UserType;
import cz.fi.muni.pa165.movierecommender.service.service.exception.BadArgumentException;
import cz.fi.muni.pa165.movierecommender.service.service.exception.ForbiddenOperationException;
import cz.fi.muni.pa165.movierecommender.service.service.exception.LoginFailedException;
import cz.fi.muni.pa165.movierecommender.service.service.security.TokenService;
import org.springframework.beans.factory.annotation.Autowired;
......@@ -78,11 +77,6 @@ public class UserServiceImpl extends GenericServiceImpl<User> implements UserSer
userDao.update(user);
}
@Override
public boolean isAdmin(User user) {
return findById(user.getId()).getUserType().equals(UserType.ADMIN);
}
@Override
public EntityDao<User> getEntityDao() {
return userDao;
......@@ -114,16 +108,15 @@ public class UserServiceImpl extends GenericServiceImpl<User> implements UserSer
.map(userName -> new UserDto(token, userName));
}
@Override
public User getAuthenticatedUser() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && authentication.getPrincipal() instanceof User) {
return (User) authentication.getPrincipal();
}
return isUserAuthenticated() ? (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal() : null;
}
throw new ForbiddenOperationException("No authenticated user is found.");
@Override
public boolean isUserAuthenticated() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
return authentication != null && authentication.getPrincipal() instanceof User;
}
@Override
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment