From 1c019d376d23b69d31be98955770fcee0baddab5 Mon Sep 17 00:00:00 2001 From: pierre-maraval Date: Thu, 30 May 2024 10:56:06 +0200 Subject: [PATCH] =?UTF-8?q?Fix=20:=20Fusion=20des=20controllers=20r=C3=A9c?= =?UTF-8?q?up=C3=A9rant=20l'ensemble=20des=20demandes=20en=20fonction=20du?= =?UTF-8?q?=20role=20et=20du=20param=C3=A8tre=20d'archive?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../security/CustomAuthenticationManager.java | 1 + .../main/java/fr/abes/item/security/User.java | 102 +++++++++--------- .../fr/abes/item/web/DemandeRestService.java | 54 ++++------ .../item/web/impl/DemandeRestServiceTest.java | 28 +++-- 4 files changed, 86 insertions(+), 99 deletions(-) diff --git a/web/src/main/java/fr/abes/item/security/CustomAuthenticationManager.java b/web/src/main/java/fr/abes/item/security/CustomAuthenticationManager.java index e76914d7..7c614a4c 100644 --- a/web/src/main/java/fr/abes/item/security/CustomAuthenticationManager.java +++ b/web/src/main/java/fr/abes/item/security/CustomAuthenticationManager.java @@ -65,6 +65,7 @@ public Authentication authenticate(Authentication authentication) } else { authorities = Collections.emptyList(); } + u.setAuthorities(authorities); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(u, null, authorities); SecurityContextHolder.getContext().setAuthentication(auth); authenticationEventPublisher.publishAuthenticationSuccess(auth); diff --git a/web/src/main/java/fr/abes/item/security/User.java b/web/src/main/java/fr/abes/item/security/User.java index 4f50193c..5b884bf1 100644 --- a/web/src/main/java/fr/abes/item/security/User.java +++ b/web/src/main/java/fr/abes/item/security/User.java @@ -1,76 +1,57 @@ package fr.abes.item.security; -public class User -{ +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.userdetails.UserDetails; + +import java.util.Collection; + +@NoArgsConstructor +public class User implements UserDetails { + @Getter @Setter + private Collection authorities; + + @Getter @Setter private String userNum; + @Getter @Setter private String userKey; + @Getter @Setter private String userGroup; + @Setter private String role; + @Getter @Setter private String library; + @Getter @Setter private String shortName; + @Getter @Setter private String loginAllowed; + @Getter @Setter private String iln; + @Getter @Setter private String libRcr; + @Getter @Setter private String mail; - public void setUserNum(String userNum){ - this.userNum = userNum; - } + @Getter @Setter + private String password; - public String getUserNum(){ - return this.userNum; - } - public void setUserKey(String userKey){ + public User(String userNum, String userKey, String userGroup) { + this.userNum = userNum; this.userKey = userKey; - } - public String getUserKey(){ - return this.userKey; - } - public void setUserGroup(String userGroup){ this.userGroup = userGroup; } - public String getUserGroup(){ - return this.userGroup; - } - public void setLibrary(String library){ - this.library = library; - } - public String getLibrary(){ - return this.library; - } - public void setShortName(String shortName){ - this.shortName = shortName; - } - public String getShortName(){ - return this.shortName; - } - public void setLoginAllowed(String loginAllowed){ - this.loginAllowed = loginAllowed; - } - public String getLoginAllowed(){ - return this.loginAllowed; - } - public void setIln(String iln){ - this.iln = iln; - } - public String getIln(){ - return this.iln; - } - public void setLibRcr(String libRcr){ - this.libRcr = libRcr; - } - public String getLibRcr(){ - return this.libRcr; - } + public String getRole() { if (role == null || role.isEmpty()) { if (this.userGroup.toLowerCase().trim().equals("coordinateur")) @@ -80,15 +61,30 @@ public String getRole() { } return this.role; } - public void setRole(String role) { - this.role = role; + + @Override + public String getUsername() { + return this.userKey; + } + + @Override + public boolean isAccountNonExpired() { + return false; } - public String getMail() { - return mail; + + @Override + public boolean isAccountNonLocked() { + return false; + } + + @Override + public boolean isCredentialsNonExpired() { + return false; } - public void setMail(String mail) { - this.mail = mail; + @Override + public boolean isEnabled() { + return false; } } diff --git a/web/src/main/java/fr/abes/item/web/DemandeRestService.java b/web/src/main/java/fr/abes/item/web/DemandeRestService.java index 4e4af8fa..ae2348ba 100644 --- a/web/src/main/java/fr/abes/item/web/DemandeRestService.java +++ b/web/src/main/java/fr/abes/item/web/DemandeRestService.java @@ -18,6 +18,9 @@ import jakarta.servlet.http.HttpServletRequest; import lombok.extern.slf4j.Slf4j; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; @@ -50,44 +53,25 @@ public DemandeRestService(DemandeExempService demandeExempService, CheckAccessTo * @return Une liste de demandes */ @GetMapping(value = "/demandes") - @PreAuthorize("hasAuthority('ADMIN')") - @Operation(summary = "renvoie les demandes pour les administrateurs", - description = "renvoie les demande terminées et en erreur de tout le monde et toutes les demandeModifs créées par cet iln") - public List getAllActiveDemandes(@RequestParam("type") TYPE_DEMANDE type, @RequestParam("extension") boolean extension, HttpServletRequest request) { + @PreAuthorize("hasAnyAuthority('USER','ADMIN')") + @Operation(summary = "renvoie les demandes en fonction du rôle de l'utilisateur", + description = "renvoie les demande terminées et en erreur de tout le monde et toutes les demande créées par cet iln") + public List getAllActiveDemandes(@RequestParam("type") TYPE_DEMANDE type, @RequestParam("archive") boolean archive, @RequestParam("extension") boolean extension, HttpServletRequest request) { String iln = request.getAttribute("iln").toString(); - IDemandeService service = strategy.getStrategy(IDemandeService.class, type); - return (!extension) ? service.getAllActiveDemandesForAdmin(iln).stream().map(element -> builder.buildDto(element, type)).collect(Collectors.toList()) : service.getAllActiveDemandesForAdminExtended().stream().map(element -> builder.buildDto(element, type)).collect(Collectors.toList()); - } + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + String role = ((UserDetails)authentication.getPrincipal()).getAuthorities().stream().findFirst().get().toString(); - /** - * Webservice : retour de l'ensemble des demandes pour un utilisateur - * - * @return liste des demandeModifs non archivées de l'utilisateur - */ - @GetMapping(value = "/chercherDemandes") - @PreAuthorize("hasAuthority('USER')") - @Operation(summary = "renvoie les demandes de modif pour ce usernum", - description = "renvoie toutes les demandes créées par cet iln") - public List chercher(@RequestParam("type") TYPE_DEMANDE type, HttpServletRequest request) { - String iln = request.getAttribute("iln").toString(); IDemandeService service = strategy.getStrategy(IDemandeService.class, type); - return service.getActiveDemandesForUser(iln).stream().map(element -> builder.buildDto(element, type)).collect(Collectors.toList()); - } - - /** - * Webservices : retour des demandes archivées - * - * @param type type de demande concernée par le webservice - * @return liste des demandes archivées de l'utilisateur - */ - @GetMapping(value = "/chercherArchives") - @PreAuthorize("hasAnyAuthority('USER', 'ADMIN')") - @Operation(summary = "renvoie les demandes archivées pour cet iln", - description = "renvoie les demandeModifs archivées créées par cet iln") - public List getAllArchivedDemandes(@RequestParam("type") TYPE_DEMANDE type, @RequestParam("extension") boolean extension, HttpServletRequest request) { - String iln = request.getAttribute("iln").toString(); - IDemandeService service = strategy.getStrategy(IDemandeService.class, type); - return (!extension) ? service.getAllArchivedDemandes(iln).stream().map(element -> builder.buildDto(element, type)).collect(Collectors.toList()) : service.getAllArchivedDemandesAllIln().stream().map(element -> builder.buildDto(element, type)).collect(Collectors.toList()); + if (role.equals("ADMIN")) { + if (archive) { + return (!extension) ? service.getAllArchivedDemandes(iln).stream().map(element -> builder.buildDto(element, type)).collect(Collectors.toList()) : service.getAllArchivedDemandesAllIln().stream().map(element -> builder.buildDto(element, type)).collect(Collectors.toList()); + } + else { + return (!extension) ? service.getAllActiveDemandesForAdmin(iln).stream().map(element -> builder.buildDto(element, type)).collect(Collectors.toList()) : service.getAllActiveDemandesForAdminExtended().stream().map(element -> builder.buildDto(element, type)).collect(Collectors.toList()); + } + } + //role USER + return (archive) ? service.getAllArchivedDemandes(iln).stream().map(element -> builder.buildDto(element, type)).collect(Collectors.toList()) : service.getActiveDemandesForUser(iln).stream().map(element -> builder.buildDto(element, type)).collect(Collectors.toList()); } /** diff --git a/web/src/test/java/fr/abes/item/web/impl/DemandeRestServiceTest.java b/web/src/test/java/fr/abes/item/web/impl/DemandeRestServiceTest.java index de28ab5d..48ca53fb 100644 --- a/web/src/test/java/fr/abes/item/web/impl/DemandeRestServiceTest.java +++ b/web/src/test/java/fr/abes/item/web/impl/DemandeRestServiceTest.java @@ -13,7 +13,6 @@ import fr.abes.item.web.DemandeRestService; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; import org.mockito.InjectMocks; import org.mockito.Mockito; import org.springframework.beans.factory.annotation.Autowired; @@ -21,7 +20,6 @@ import org.springframework.boot.test.mock.mockito.MockBean; import org.springframework.mock.web.MockMultipartFile; import org.springframework.security.test.context.support.WithMockUser; -import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.web.context.WebApplicationContext; @@ -35,7 +33,6 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; @SpringBootTest(classes = {DemandeRestService.class, StrategyFactory.class, DtoBuilder.class, ObjectMapper.class}) -@ExtendWith({SpringExtension.class}) class DemandeRestServiceTest { @Autowired WebApplicationContext context; @@ -55,6 +52,7 @@ class DemandeRestServiceTest { ObjectMapper mapper; List demandeExemps = new ArrayList<>(); + MockMvc mockMvc; @BeforeEach @@ -80,9 +78,9 @@ void init() { @Test @WithMockUser(authorities = {"ADMIN"}) - void testGetAllActiveDemandes() throws Exception { + void testGetAllActiveDemandesForAdmin() throws Exception { Mockito.when(demandeExempService.getAllActiveDemandesForAdminExtended()).thenReturn(this.demandeExemps); - this.mockMvc.perform(get("/api/v1/demandes?type=EXEMP&extension=true").requestAttr("iln", "1")) + this.mockMvc.perform(get("/api/v1/demandes?type=EXEMP&archive=false&extension=true").requestAttr("iln", "1")) .andExpect(status().isOk()) .andExpect(jsonPath("$[0].id").value("1")) .andExpect(jsonPath("$[0].rcr").value("111111111")) @@ -91,9 +89,13 @@ void testGetAllActiveDemandes() throws Exception { .andExpect(jsonPath("$[1].rcr").value("222222222")) .andExpect(jsonPath("$[1].typeExemp").value("Monographies")); + } + @Test + @WithMockUser(authorities = {"ADMIN"}) + void testGetAllActiveDemandesForAdminExtender() throws Exception { Mockito.when(demandeExempService.getAllActiveDemandesForAdmin("1")).thenReturn(this.demandeExemps); - this.mockMvc.perform(get("/api/v1/demandes?type=EXEMP&extension=false").requestAttr("iln", "1")) + this.mockMvc.perform(get("/api/v1/demandes?type=EXEMP&archive=false&extension=false").requestAttr("iln", "1")) .andExpect(status().isOk()) .andExpect(jsonPath("$[0].id").value("1")) .andExpect(jsonPath("$[0].rcr").value("111111111")) @@ -105,7 +107,7 @@ void testGetAllActiveDemandes() throws Exception { @WithMockUser(authorities = {"USER"}) void testChercher() throws Exception { Mockito.when(demandeExempService.getActiveDemandesForUser("1")).thenReturn(this.demandeExemps); - this.mockMvc.perform(get("/api/v1/chercherDemandes?type=EXEMP&extension=true").requestAttr("iln", "1")) + this.mockMvc.perform(get("/api/v1/demandes?type=EXEMP&archive=false&extension=true").requestAttr("iln", "1")) .andExpect(status().isOk()) .andExpect(jsonPath("$[0].id").value("1")) .andExpect(jsonPath("$[0].rcr").value("111111111")) @@ -115,17 +117,21 @@ void testChercher() throws Exception { @Test @WithMockUser(authorities = {"USER"}) - void testGetAllArchivedDemandes() throws Exception { - Mockito.when(demandeExempService.getAllArchivedDemandesAllIln()).thenReturn(this.demandeExemps); - this.mockMvc.perform(get("/api/v1/chercherArchives?type=EXEMP&extension=true").requestAttr("iln", "1")) + void testGetAllArtiveDemandes() throws Exception { + Mockito.when(demandeExempService.getActiveDemandesForUser("1")).thenReturn(this.demandeExemps); + this.mockMvc.perform(get("/api/v1/demandes?type=EXEMP&archive=false&extension=true").requestAttr("iln", "1")) .andExpect(status().isOk()) .andExpect(jsonPath("$[0].id").value("1")) .andExpect(jsonPath("$[0].rcr").value("111111111")) .andExpect(jsonPath("$[1].id").value("2")) .andExpect(jsonPath("$[1].rcr").value("222222222")); + } + @Test + @WithMockUser(authorities = {"USER"}) + void testGetAllArchivedDemandes() throws Exception { Mockito.when(demandeExempService.getAllArchivedDemandes("1")).thenReturn(this.demandeExemps); - this.mockMvc.perform(get("/api/v1/chercherArchives?type=EXEMP&extension=false").requestAttr("iln", "1")) + this.mockMvc.perform(get("/api/v1/demandes?type=EXEMP&archive=true&extension=false").requestAttr("iln", "1")) .andExpect(status().isOk()) .andExpect(jsonPath("$[0].id").value("1")) .andExpect(jsonPath("$[0].rcr").value("111111111"))