simplify MeController and setting correct permissions on userCreate b…

…ased on if the user is admin or not
FINTLabs · Aug 9, 2024 · 70df2b7 · 70df2b7
1 parent f667006
commit 70df2b7
Showing 1 changed file with 17 additions and 25 deletions.
diff --git a/src/main/java/no/fintlabs/flyt/authorization/user/controller/MeController.java b/src/main/java/no/fintlabs/flyt/authorization/user/controller/MeController.java
@@ -28,7 +28,6 @@
 public class MeController {
 
     private final TokenParsingUtils tokenParsingUtils;
-
     private final Boolean accessControlEnabled;
     private final UserService userService;
 
@@ -51,8 +50,7 @@ public ResponseEntity<?> checkAuthorization(
             Optional<User> userOptional = getUserFromUserAuthorizationComponent(jwtAuthToken);
 
             if (userOptional.isEmpty() && tokenParsingUtils.hasPermittedRole(jwtAuthToken)) {
-                User newUser = createUserWithAccessToNoApplications(jwtAuthToken);
-                userService.save(newUser);
+                createUserFromToken(authentication);
             }
         }
         return ResponseEntity.ok("User authorized");
@@ -75,38 +73,32 @@ public ResponseEntity<User> get(
             @AuthenticationPrincipal Authentication authentication
     ) {
         JwtAuthenticationToken jwtAuthToken = (JwtAuthenticationToken) authentication;
-        if (tokenParsingUtils.isAdmin(authentication)) {
-            return ResponseEntity.ok(createUserWithAccessToAllApplications(jwtAuthToken));
+        Optional<User> userOptional = getUserFromUserAuthorizationComponent(jwtAuthToken);
+        if (userOptional.isPresent()) {
+            return ResponseEntity.ok(userOptional.get());
         } else {
-            Optional<User> userOptional = getUserFromUserAuthorizationComponent(jwtAuthToken);
-            if (userOptional.isPresent()) {
-                return ResponseEntity.ok(userOptional.get());
-            } else {
-                User newUser = createUserWithAccessToAllApplications(jwtAuthToken);
-                userService.save(newUser);
-                return ResponseEntity.ok(newUser);
-            }
+            User newUser = createUserFromToken(authentication);
+            return ResponseEntity.ok(newUser);
         }
     }
 
     private Optional<User> getUserFromUserAuthorizationComponent(JwtAuthenticationToken token) {
         return userService.find(UUID.fromString(tokenParsingUtils.getObjectIdentifierFromToken(token)));
     }
 
-    private User createUserWithAccessToAllApplications(JwtAuthenticationToken token) {
-        return tokenParsingUtils.getUserFromToken(token)
-                .toBuilder()
-                .sourceApplicationIds(sourceApplicationsWithoutUserPermissionSetup())
-                .build();
-    }
-
-    private User createUserWithAccessToNoApplications(JwtAuthenticationToken token) {
-        return tokenParsingUtils.getUserFromToken(token)
-                .toBuilder()
-                .build();
+    private User createUserFromToken(Authentication authentication) {
+        JwtAuthenticationToken jwtAuthToken = (JwtAuthenticationToken) authentication;
+        User.UserBuilder userBuilder = tokenParsingUtils.getUserFromToken(jwtAuthToken).toBuilder();
+        boolean isAdmin = tokenParsingUtils.isAdmin(authentication);
+        if (isAdmin) {
+            userBuilder.sourceApplicationIds(allSourceApplicationIds());
+        }
+        User newUser = userBuilder.build();
+        userService.save(newUser);
+        return newUser;
     }
 
-    private List<Long> sourceApplicationsWithoutUserPermissionSetup() {
+    private List<Long> allSourceApplicationIds() {
         return List.of(
                 AcosSourceApplication.SOURCE_APPLICATION_ID,
                 DigisakSourceApplication.SOURCE_APPLICATION_ID,