From 70df2b7b4a85ad4d4bbc5a565eb4ade139a6fb95 Mon Sep 17 00:00:00 2001 From: Egil Ballestad Date: Fri, 9 Aug 2024 12:09:16 +0200 Subject: [PATCH] simplify MeController and setting correct permissions on userCreate based on if the user is admin or not --- .../user/controller/MeController.java | 42 ++++++++----------- 1 file changed, 17 insertions(+), 25 deletions(-) diff --git a/src/main/java/no/fintlabs/flyt/authorization/user/controller/MeController.java b/src/main/java/no/fintlabs/flyt/authorization/user/controller/MeController.java index 08e374b..1279e12 100644 --- a/src/main/java/no/fintlabs/flyt/authorization/user/controller/MeController.java +++ b/src/main/java/no/fintlabs/flyt/authorization/user/controller/MeController.java @@ -28,7 +28,6 @@ public class MeController { private final TokenParsingUtils tokenParsingUtils; - private final Boolean accessControlEnabled; private final UserService userService; @@ -51,8 +50,7 @@ public ResponseEntity checkAuthorization( Optional userOptional = getUserFromUserAuthorizationComponent(jwtAuthToken); if (userOptional.isEmpty() && tokenParsingUtils.hasPermittedRole(jwtAuthToken)) { - User newUser = createUserWithAccessToNoApplications(jwtAuthToken); - userService.save(newUser); + createUserFromToken(authentication); } } return ResponseEntity.ok("User authorized"); @@ -75,17 +73,12 @@ public ResponseEntity get( @AuthenticationPrincipal Authentication authentication ) { JwtAuthenticationToken jwtAuthToken = (JwtAuthenticationToken) authentication; - if (tokenParsingUtils.isAdmin(authentication)) { - return ResponseEntity.ok(createUserWithAccessToAllApplications(jwtAuthToken)); + Optional userOptional = getUserFromUserAuthorizationComponent(jwtAuthToken); + if (userOptional.isPresent()) { + return ResponseEntity.ok(userOptional.get()); } else { - Optional userOptional = getUserFromUserAuthorizationComponent(jwtAuthToken); - if (userOptional.isPresent()) { - return ResponseEntity.ok(userOptional.get()); - } else { - User newUser = createUserWithAccessToAllApplications(jwtAuthToken); - userService.save(newUser); - return ResponseEntity.ok(newUser); - } + User newUser = createUserFromToken(authentication); + return ResponseEntity.ok(newUser); } } @@ -93,20 +86,19 @@ private Optional getUserFromUserAuthorizationComponent(JwtAuthenticationTo return userService.find(UUID.fromString(tokenParsingUtils.getObjectIdentifierFromToken(token))); } - private User createUserWithAccessToAllApplications(JwtAuthenticationToken token) { - return tokenParsingUtils.getUserFromToken(token) - .toBuilder() - .sourceApplicationIds(sourceApplicationsWithoutUserPermissionSetup()) - .build(); - } - - private User createUserWithAccessToNoApplications(JwtAuthenticationToken token) { - return tokenParsingUtils.getUserFromToken(token) - .toBuilder() - .build(); + private User createUserFromToken(Authentication authentication) { + JwtAuthenticationToken jwtAuthToken = (JwtAuthenticationToken) authentication; + User.UserBuilder userBuilder = tokenParsingUtils.getUserFromToken(jwtAuthToken).toBuilder(); + boolean isAdmin = tokenParsingUtils.isAdmin(authentication); + if (isAdmin) { + userBuilder.sourceApplicationIds(allSourceApplicationIds()); + } + User newUser = userBuilder.build(); + userService.save(newUser); + return newUser; } - private List sourceApplicationsWithoutUserPermissionSetup() { + private List allSourceApplicationIds() { return List.of( AcosSourceApplication.SOURCE_APPLICATION_ID, DigisakSourceApplication.SOURCE_APPLICATION_ID,