Control intern user access #45

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

strzebon merged 1 commit into main from intern-role

Dec 15, 2024

slp-backend/src/main/java/agh/edu/pl/slpbackend/config/SecurityConfig.java

-Original file line number
+Diff line change
@@ Expand Up / @@ -4,12 +4,17 @@ @@
     import lombok.AllArgsConstructor;
     import org.springframework.context.annotation.Bean;
     import org.springframework.context.annotation.Configuration;
+    import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
+    import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
+    import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
+    import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
     import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
     import org.springframework.security.config.annotation.web.builders.HttpSecurity;
     import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
     import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
     import org.springframework.security.config.http.SessionCreationPolicy;
     import org.springframework.security.web.SecurityFilterChain;
+    import org.springframework.security.web.access.AccessDeniedHandlerImpl;
     import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
     @Configuration
@@ Expand All @@
                     .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class)
                     .build();
         }
+        @Bean
+        public RoleHierarchy roleHierarchy() {
+            RoleHierarchyImpl roleHierarchy = new RoleHierarchyImpl();
+            roleHierarchy.setHierarchy("ROLE_ADMIN > ROLE_WORKER \n ROLE_WORKER > ROLE_INTERN");
+            return roleHierarchy;
+        }
+        @Bean
+        public MethodSecurityExpressionHandler methodSecurityExpressionHandler(RoleHierarchy roleHierarchy) {
+            DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
+            expressionHandler.setRoleHierarchy(roleHierarchy);
+            return expressionHandler;
+        }
     }

slp-backend/src/main/java/agh/edu/pl/slpbackend/controller/ExaminationController.java

-Original file line number
+Diff line change
@@ Expand Up / @@ -6,6 +6,7 @@ @@
     import lombok.AllArgsConstructor;
     import org.springframework.http.HttpStatus;
     import org.springframework.http.ResponseEntity;
+    import org.springframework.security.access.prepost.PreAuthorize;
     import org.springframework.web.bind.annotation.*;
     import java.util.List;
@@ Expand Down Expand Up @@
             return new ResponseEntity<>(examinationDtos, HttpStatus.OK);
         }
+        @PreAuthorize("hasRole('WORKER')")
         @PutMapping("/update")
         public ResponseEntity<Void> insertExaminationResults(@RequestBody ExaminationDto updatedExaminationDto) {
             return edit(updatedExaminationDto, examinationService);
         }
+        @PreAuthorize("hasRole('WORKER')")
         @DeleteMapping("/delete/{examinationId}")
         public ResponseEntity<Void> deleteExamination(@PathVariable final Long examinationId) {
             return delete(ExaminationDto.builder().id(examinationId).build(), examinationService);
@@ Expand Down @@

slp-backend/src/main/java/agh/edu/pl/slpbackend/controller/MethodController.java

-Original file line number
+Diff line change
@@ Expand Up / @@ -3,6 +3,7 @@ @@
     import agh.edu.pl.slpbackend.service.MethodService;
     import lombok.AllArgsConstructor;
     import org.springframework.http.ResponseEntity;
+    import org.springframework.security.access.prepost.PreAuthorize;
     import org.springframework.web.bind.annotation.*;
     import org.springframework.web.multipart.MultipartFile;
@@ Expand All / @@ -16,6 +17,7 @@ public class MethodController { @@
         private final MethodService methodService;
+        @PreAuthorize("hasRole('WORKER')")
         @PostMapping("/import")
         public ResponseEntity<Void> importMethods(@RequestParam("file") MultipartFile file) {
             try (InputStream inputStream = file.getInputStream()) {
@@ Expand Down @@

slp-backend/src/main/java/agh/edu/pl/slpbackend/controller/ReportDataController.java

-Original file line number
+Diff line change
@@ Expand Up / @@ -6,6 +6,7 @@ @@
     import lombok.AllArgsConstructor;
     import org.springframework.http.HttpStatus;
     import org.springframework.http.ResponseEntity;
+    import org.springframework.security.access.prepost.PreAuthorize;
     import org.springframework.web.bind.annotation.*;
     import java.util.List;
@@ Expand All / @@ -23,16 +24,19 @@ public ResponseEntity<List<ReportDataDto>> list() { @@
             return ResponseEntity.ok(reportDataService.selectAll());
         }
+        @PreAuthorize("hasRole('WORKER')")
         @PostMapping("/save")
         public ResponseEntity<Void> add(@RequestBody final ReportDataDto reportData) {
             return add(reportData, reportDataService);
         }
+        @PreAuthorize("hasRole('WORKER')")
         @DeleteMapping("/{reportDataId}")
         public ResponseEntity<Void> delete(@PathVariable final Long reportDataId) {
             return delete(ReportDataDto.builder().id(reportDataId).build(), reportDataService);
         }
+        @PreAuthorize("hasRole('WORKER')")
         @PutMapping("/")
         public ResponseEntity<Void> update(@RequestBody ReportDataDto reportDataDto) {
             return edit(reportDataDto, reportDataService);
@@ Expand Down @@

slp-backend/src/main/java/agh/edu/pl/slpbackend/controller/SampleController.java

-Original file line number
+Diff line change
@@ Expand Up / @@ -9,6 +9,7 @@ @@
     import agh.edu.pl.slpbackend.service.SampleService;
     import lombok.AllArgsConstructor;
     import org.springframework.http.ResponseEntity;
+    import org.springframework.security.access.prepost.PreAuthorize;
     import org.springframework.web.bind.annotation.*;
     import java.util.List;
@@ Expand Down Expand Up @@
             return ResponseEntity.ok(sampleService.selectOne(sampleId));
         }
+        @PreAuthorize("hasRole('WORKER')")
         @PutMapping("status/{sampleId}/{status}")
         public ResponseEntity<Sample> updateStatus(@PathVariable final Long sampleId, @PathVariable final String status) {
             return ResponseEntity.ok(sampleService.updateStatus(sampleId, ProgressStatus.convertEnum(status)));
         }
+        @PreAuthorize("hasRole('WORKER')")
         @PostMapping("/save")
         public ResponseEntity<Void> add(@RequestBody SampleDto sampleDto) {
             return add(sampleDto, sampleService);
         }
+        @PreAuthorize("hasRole('WORKER')")
         @DeleteMapping("/{sampleId}")
         public ResponseEntity<Void> delete(@PathVariable final Long sampleId) {
             return delete(SampleDto.builder().id(sampleId).build(), sampleService);
         }
+        @PreAuthorize("hasRole('WORKER')")
         @PutMapping("/{sampleId}")
         public ResponseEntity<Void> update(@PathVariable final Long sampleId, @RequestBody SampleDto sampleDto) {
             return edit(sampleDto, sampleService);
@@ Expand Down @@

...ckend/src/main/java/agh/edu/pl/slpbackend/controller/dictionary/AssortmentController.java

-Original file line number
+Diff line change
@@ Expand Up / @@ -6,6 +6,7 @@ @@
     import jakarta.validation.Valid;
     import lombok.AllArgsConstructor;
     import org.springframework.http.ResponseEntity;
+    import org.springframework.security.access.prepost.PreAuthorize;
     import org.springframework.web.bind.annotation.*;
     import java.util.List;
@@ Expand All / @@ -23,16 +24,19 @@ public ResponseEntity<List<AssortmentDto>> list() { @@
             return ResponseEntity.ok(assortmentService.selectAll());
         }
+        @PreAuthorize("hasRole('WORKER')")
         @PostMapping("/save")
         public ResponseEntity<Void> add(@RequestBody @Valid AssortmentDto assortmentDto) {
             return add(assortmentDto, assortmentService);
         }
+        @PreAuthorize("hasRole('WORKER')")
         @PutMapping("/update")
         public ResponseEntity<Void> edit(@RequestBody @Valid AssortmentDto assortmentDto) {
             return edit(assortmentDto, assortmentService);
         }
+        @PreAuthorize("hasRole('WORKER')")
         @DeleteMapping("/delete/{id}")
         public ResponseEntity<Void> delete(@PathVariable Long id) {
             return delete(AssortmentDto.builder().id(id).build(), assortmentService);
@@ Expand Down @@

slp-backend/src/main/java/agh/edu/pl/slpbackend/controller/dictionary/ClientController.java

-Original file line number
+Diff line change
@@ Expand Up / @@ -6,6 +6,7 @@ @@
     import jakarta.validation.Valid;
     import lombok.AllArgsConstructor;
     import org.springframework.http.ResponseEntity;
+    import org.springframework.security.access.prepost.PreAuthorize;
     import org.springframework.web.bind.annotation.*;
     import java.util.List;
@@ Expand All / @@ -23,16 +24,19 @@ public ResponseEntity<List<ClientDto>> list() { @@
             return ResponseEntity.ok(clientService.selectAll());
         }
+        @PreAuthorize("hasRole('WORKER')")
         @PostMapping("/save")
         public ResponseEntity<Void> add(@RequestBody @Valid ClientDto clientDto) {
             return add(clientDto, clientService);
         }
+        @PreAuthorize("hasRole('WORKER')")
         @PutMapping("/update")
         public ResponseEntity<Void> edit(@RequestBody @Valid ClientDto clientDto) {
             return edit(clientDto, clientService);
         }
+        @PreAuthorize("hasRole('WORKER')")
         @DeleteMapping("/delete/{id}")
         public ResponseEntity<Void> delete(@PathVariable Long id) {
             return delete(ClientDto.builder().id(id).build(), clientService);
@@ Expand Down @@

slp-backend/src/main/java/agh/edu/pl/slpbackend/controller/dictionary/CodeController.java

-Original file line number
+Diff line change
@@ Expand Up / @@ -6,6 +6,7 @@ @@
     import jakarta.validation.Valid;
     import lombok.AllArgsConstructor;
     import org.springframework.http.ResponseEntity;
+    import org.springframework.security.access.prepost.PreAuthorize;
     import org.springframework.web.bind.annotation.*;
     import java.util.List;
@@ Expand All / @@ -23,16 +24,19 @@ public ResponseEntity<List<CodeDto>> list() { @@
             return ResponseEntity.ok(codeService.selectAll());
         }
+        @PreAuthorize("hasRole('WORKER')")
         @PostMapping("/save")
         public ResponseEntity<Void> add(@RequestBody @Valid CodeDto codeDto) {
             return add(codeDto, codeService);
         }
+        @PreAuthorize("hasRole('WORKER')")
         @PutMapping("/update")
         public ResponseEntity<Void> edit(@RequestBody @Valid CodeDto codeDto) {
             return edit(codeDto, codeService);
         }
+        @PreAuthorize("hasRole('WORKER')")
         @DeleteMapping("/delete/{id}")
         public ResponseEntity<Void> delete(@PathVariable String id) {
             return delete(CodeDto.builder().id(id).build(), codeService);
@@ Expand Down @@

...ckend/src/main/java/agh/edu/pl/slpbackend/controller/dictionary/IndicationController.java

-Original file line number
+Diff line change
@@ Expand Up / @@ -6,6 +6,7 @@ @@
     import lombok.AllArgsConstructor;
     import org.springframework.http.HttpStatus;
     import org.springframework.http.ResponseEntity;
+    import org.springframework.security.access.prepost.PreAuthorize;
     import org.springframework.web.bind.annotation.*;
     import java.util.List;
@@ Expand Down Expand Up @@
             return new ResponseEntity<>(indicationDtos, HttpStatus.OK);
         }
+        @PreAuthorize("hasRole('WORKER')")
         @PostMapping("/save")
         public ResponseEntity<Void> add(@RequestBody IndicationDto indicationDto) {
             return add(indicationDto, indicationService);
         }
+        @PreAuthorize("hasRole('WORKER')")
         @PutMapping("/update")
         public ResponseEntity<Void> edit(@RequestBody IndicationDto indicationDto) {
             return edit(indicationDto, indicationService);
         }
+        @PreAuthorize("hasRole('WORKER')")
         @DeleteMapping("/delete/{id}")
         public ResponseEntity<Void> delete(@PathVariable Long id) {
             return delete(IndicationDto.builder().id(id).build(), indicationService);
@@ Expand Down @@

...ckend/src/main/java/agh/edu/pl/slpbackend/controller/dictionary/InspectionController.java

-Original file line number
+Diff line change
@@ Expand Up / @@ -6,6 +6,7 @@ @@
     import jakarta.validation.Valid;
     import lombok.AllArgsConstructor;
     import org.springframework.http.ResponseEntity;
+    import org.springframework.security.access.prepost.PreAuthorize;
     import org.springframework.web.bind.annotation.*;
     import java.util.List;
@@ Expand All / @@ -23,16 +24,19 @@ public ResponseEntity<List<InspectionDto>> list() { @@
             return ResponseEntity.ok(inspectionService.selectAll());
         }
+        @PreAuthorize("hasRole('WORKER')")
         @PostMapping("/save")
         public ResponseEntity<Void> add(@RequestBody @Valid InspectionDto inspectionDto) {
             return add(inspectionDto, inspectionService);
         }
+        @PreAuthorize("hasRole('WORKER')")
         @PutMapping("/update")
         public ResponseEntity<Void> edit(@RequestBody @Valid InspectionDto inspectionDto) {
             return edit(inspectionDto, inspectionService);
         }
+        @PreAuthorize("hasRole('WORKER')")
         @DeleteMapping("/delete/{id}")
         public ResponseEntity<Void> delete(@PathVariable Long id) {
             return delete(InspectionDto.builder().id(id).build(), inspectionService);
@@ Expand Down @@

...end/src/main/java/agh/edu/pl/slpbackend/controller/dictionary/ProductGroupController.java

-Original file line number
+Diff line change
@@ Expand Up / @@ -7,6 +7,7 @@ @@
     import jakarta.validation.Valid;
     import lombok.AllArgsConstructor;
     import org.springframework.http.ResponseEntity;
+    import org.springframework.security.access.prepost.PreAuthorize;
     import org.springframework.web.bind.annotation.*;
     import java.util.List;
@@ Expand All / @@ -24,16 +25,19 @@ public ResponseEntity<List<ProductGroupDto>> list() { @@
             return ResponseEntity.ok(productGroupService.selectAll());
         }
+        @PreAuthorize("hasRole('WORKER')")
         @PostMapping("/save")
         public ResponseEntity<Void> add(@RequestBody @Valid ProductGroupSaveDto productGroupSaveDto) {
             return add(productGroupSaveDto, productGroupService);
         }
+        @PreAuthorize("hasRole('WORKER')")
         @PutMapping("/update")
         public ResponseEntity<Void> edit(@RequestBody @Valid ProductGroupSaveDto productGroupSaveDto) {
             return edit(productGroupSaveDto, productGroupService);
         }
+        @PreAuthorize("hasRole('WORKER')")
         @DeleteMapping("/delete/{id}")
         public ResponseEntity<Void> delete(@PathVariable Long id) {
             return delete(ProductGroupDto.builder().id(id).build(), productGroupService);
@@ Expand Down @@

...src/main/java/agh/edu/pl/slpbackend/controller/dictionary/SamplingStandardController.java

-Original file line number
+Diff line change
@@ Expand Up / @@ -6,6 +6,7 @@ @@
     import jakarta.validation.Valid;
     import lombok.AllArgsConstructor;
     import org.springframework.http.ResponseEntity;
+    import org.springframework.security.access.prepost.PreAuthorize;
     import org.springframework.web.bind.annotation.*;
     import java.util.List;
@@ Expand All / @@ -23,17 +24,20 @@ public ResponseEntity<List<SamplingStandardDto>> list() { @@
             return ResponseEntity.ok(samplingStandardService.selectAll());
         }
+        @PreAuthorize("hasRole('WORKER')")
         @PostMapping("/save")
         public ResponseEntity<Void> add(@RequestBody @Valid SamplingStandardDto samplingStandardDto) {
             return add(samplingStandardDto, samplingStandardService);
         }
+        @PreAuthorize("hasRole('WORKER')")
         @PutMapping("/update")
         public ResponseEntity<Void> edit(@RequestBody @Valid SamplingStandardDto samplingStandardDto) {
             return edit(samplingStandardDto, samplingStandardService);
         }
+        @PreAuthorize("hasRole('WORKER')")
         @DeleteMapping("/delete/{id}")
         public ResponseEntity<Void> delete(@PathVariable Long id) {
             return delete(SamplingStandardDto.builder().id(id).build(), samplingStandardService);
@@ Expand Down @@

...ckend/src/main/java/agh/edu/pl/slpbackend/reports/kzwa/KZWAReportGeneratorController.java

-Original file line number
+Diff line change
@@ Expand Up / @@ -4,6 +4,7 @@ @@
     import org.springframework.core.io.InputStreamResource;
     import org.springframework.http.MediaType;
     import org.springframework.http.ResponseEntity;
+    import org.springframework.security.access.prepost.PreAuthorize;
     import org.springframework.web.bind.annotation.*;
     @RestController
@@ Expand All / @@ -14,6 +15,7 @@ public class KZWAReportGeneratorController { @@
         private final KZWAReportGeneratorService kzwaReportGeneratorService;
+        @PreAuthorize("hasRole('WORKER')")
         @GetMapping("/kzwa-report/{sampleId}")
         public ResponseEntity<InputStreamResource> generate(@PathVariable final Long sampleId) {
             InputStreamResource resource = kzwaReportGeneratorService.generateReport(sampleId);
@@ Expand Down @@

...main/java/agh/edu/pl/slpbackend/reports/samplereport/SampleReportGeneratorController.java

-Original file line number
+Diff line change
@@ Expand Up / @@ -4,6 +4,7 @@ @@
     import org.springframework.core.io.InputStreamResource;
     import org.springframework.http.MediaType;
     import org.springframework.http.ResponseEntity;
+    import org.springframework.security.access.prepost.PreAuthorize;
     import org.springframework.web.bind.annotation.*;
     @RestController
@@ Expand All / @@ -14,6 +15,7 @@ public class SampleReportGeneratorController { @@
         private final SampleReportGeneratorService sampleReportGeneratorService;
+        @PreAuthorize("hasRole('WORKER')")
         @GetMapping("/sample-report/{sampleId}/{reportType}")
         public ResponseEntity<InputStreamResource> generate(@PathVariable final Long sampleId, @PathVariable final String reportType) {
             InputStreamResource resource = sampleReportGeneratorService.generateReport(sampleId, reportType);
@@ Expand Down @@

slp-backend/src/test/java/agh/edu/pl/slpbackend/integration/AssortmentTest.java

-Original file line number
+Diff line change
@@ Expand Up / @@ -9,6 +9,7 @@ @@
     import org.springframework.beans.factory.annotation.Autowired;
     import org.springframework.boot.test.context.SpringBootTest;
     import org.springframework.http.HttpStatus;
+    import org.springframework.security.test.context.support.WithMockUser;
     import static org.assertj.core.api.Assertions.assertThat;
@@ Expand All / @@ -34,6 +35,7 @@ void get_all() { @@
         }
         @Test
+        @WithMockUser(roles = "WORKER")
         void add() {
             var count = repository.count();
@@ Expand All / @@ -47,6 +49,7 @@ void add() { @@
         }
         @Test
+        @WithMockUser(roles = "WORKER")
         void update() {
             var assortment = repository.findAll().get(0);
             var request = toDto(assortment);
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Control intern user access #45

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

Uh oh!